npm - @pod-os/core - Versions diffs - 0.12.1-7d2693a.0 → 0.12.1-b3f906d.0 - Mend

@pod-os/core 0.12.1-7d2693a.0 → 0.12.1-b3f906d.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -41,22 +41,22 @@ var require_events = __commonJS({
     var NumberIsNaN = Number.isNaN || function NumberIsNaN2(value6) {
       return value6 !== value6;
     };
-    function EventEmitter2() {
-      EventEmitter2.init.call(this);
+    function EventEmitter3() {
+      EventEmitter3.init.call(this);
     }
-    module2.exports = EventEmitter2;
+    module2.exports = EventEmitter3;
     module2.exports.once = once;
-    EventEmitter2.EventEmitter = EventEmitter2;
-    EventEmitter2.prototype._events = void 0;
-    EventEmitter2.prototype._eventsCount = 0;
-    EventEmitter2.prototype._maxListeners = void 0;
+    EventEmitter3.EventEmitter = EventEmitter3;
+    EventEmitter3.prototype._events = void 0;
+    EventEmitter3.prototype._eventsCount = 0;
+    EventEmitter3.prototype._maxListeners = void 0;
     var defaultMaxListeners = 10;
     function checkListener(listener) {
       if (typeof listener !== "function") {
         throw new TypeError('The "listener" argument must be of type Function. Received type ' + typeof listener);
       }
     }
-    Object.defineProperty(EventEmitter2, "defaultMaxListeners", {
+    Object.defineProperty(EventEmitter3, "defaultMaxListeners", {
       enumerable: true,
       get: function() {
         return defaultMaxListeners;
@@ -68,14 +68,14 @@ var require_events = __commonJS({
         defaultMaxListeners = arg2;
       }
     });
-    EventEmitter2.init = function() {
+    EventEmitter3.init = function() {
       if (this._events === void 0 || this._events === Object.getPrototypeOf(this)._events) {
         this._events = /* @__PURE__ */ Object.create(null);
         this._eventsCount = 0;
       }
       this._maxListeners = this._maxListeners || void 0;
     };
-    EventEmitter2.prototype.setMaxListeners = function setMaxListeners(n2) {
+    EventEmitter3.prototype.setMaxListeners = function setMaxListeners(n2) {
       if (typeof n2 !== "number" || n2 < 0 || NumberIsNaN(n2)) {
         throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received ' + n2 + ".");
       }
@@ -84,13 +84,13 @@ var require_events = __commonJS({
     };
     function _getMaxListeners(that) {
       if (that._maxListeners === void 0)
-        return EventEmitter2.defaultMaxListeners;
+        return EventEmitter3.defaultMaxListeners;
       return that._maxListeners;
     }
-    EventEmitter2.prototype.getMaxListeners = function getMaxListeners() {
+    EventEmitter3.prototype.getMaxListeners = function getMaxListeners() {
       return _getMaxListeners(this);
     };
-    EventEmitter2.prototype.emit = function emit(type5) {
+    EventEmitter3.prototype.emit = function emit(type5) {
       var args = [];
       for (var i = 1; i < arguments.length; i++) args.push(arguments[i]);
       var doError = type5 === "error";
@@ -167,11 +167,11 @@ var require_events = __commonJS({
       }
       return target5;
     }
-    EventEmitter2.prototype.addListener = function addListener(type5, listener) {
+    EventEmitter3.prototype.addListener = function addListener(type5, listener) {
       return _addListener(this, type5, listener, false);
     };
-    EventEmitter2.prototype.on = EventEmitter2.prototype.addListener;
-    EventEmitter2.prototype.prependListener = function prependListener(type5, listener) {
+    EventEmitter3.prototype.on = EventEmitter3.prototype.addListener;
+    EventEmitter3.prototype.prependListener = function prependListener(type5, listener) {
       return _addListener(this, type5, listener, true);
     };
     function onceWrapper() {
@@ -190,17 +190,17 @@ var require_events = __commonJS({
       state2.wrapFn = wrapped;
       return wrapped;
     }
-    EventEmitter2.prototype.once = function once2(type5, listener) {
+    EventEmitter3.prototype.once = function once2(type5, listener) {
       checkListener(listener);
       this.on(type5, _onceWrap(this, type5, listener));
       return this;
     };
-    EventEmitter2.prototype.prependOnceListener = function prependOnceListener(type5, listener) {
+    EventEmitter3.prototype.prependOnceListener = function prependOnceListener(type5, listener) {
       checkListener(listener);
       this.prependListener(type5, _onceWrap(this, type5, listener));
       return this;
     };
-    EventEmitter2.prototype.removeListener = function removeListener(type5, listener) {
+    EventEmitter3.prototype.removeListener = function removeListener(type5, listener) {
       var list, events3, position4, i, originalListener;
       checkListener(listener);
       events3 = this._events;
@@ -240,8 +240,8 @@ var require_events = __commonJS({
       }
       return this;
     };
-    EventEmitter2.prototype.off = EventEmitter2.prototype.removeListener;
-    EventEmitter2.prototype.removeAllListeners = function removeAllListeners(type5) {
+    EventEmitter3.prototype.off = EventEmitter3.prototype.removeListener;
+    EventEmitter3.prototype.removeAllListeners = function removeAllListeners(type5) {
       var listeners, events3, i;
       events3 = this._events;
       if (events3 === void 0)
@@ -292,20 +292,20 @@ var require_events = __commonJS({
         return unwrap3 ? [evlistener.listener || evlistener] : [evlistener];
       return unwrap3 ? unwrapListeners(evlistener) : arrayClone(evlistener, evlistener.length);
     }
-    EventEmitter2.prototype.listeners = function listeners(type5) {
+    EventEmitter3.prototype.listeners = function listeners(type5) {
       return _listeners(this, type5, true);
     };
-    EventEmitter2.prototype.rawListeners = function rawListeners(type5) {
+    EventEmitter3.prototype.rawListeners = function rawListeners(type5) {
       return _listeners(this, type5, false);
     };
-    EventEmitter2.listenerCount = function(emitter, type5) {
+    EventEmitter3.listenerCount = function(emitter, type5) {
       if (typeof emitter.listenerCount === "function") {
         return emitter.listenerCount(type5);
       } else {
         return listenerCount.call(emitter, type5);
       }
     };
-    EventEmitter2.prototype.listenerCount = listenerCount;
+    EventEmitter3.prototype.listenerCount = listenerCount;
     function listenerCount(type5) {
       var events3 = this._events;
       if (events3 !== void 0) {
@@ -318,7 +318,7 @@ var require_events = __commonJS({
       }
       return 0;
     }
-    EventEmitter2.prototype.eventNames = function eventNames() {
+    EventEmitter3.prototype.eventNames = function eventNames() {
       return this._eventsCount > 0 ? ReflectOwnKeys(this._events) : [];
     };
     function arrayClone(arr, n2) {
@@ -6741,20 +6741,20 @@ var require_lunr = __commonJS({
         if (obj === null || obj === void 0) {
           return obj;
         }
-        var clone2 = /* @__PURE__ */ Object.create(null), keys = Object.keys(obj);
+        var clone = /* @__PURE__ */ Object.create(null), keys = Object.keys(obj);
         for (var i = 0; i < keys.length; i++) {
           var key3 = keys[i], val = obj[key3];
           if (Array.isArray(val)) {
-            clone2[key3] = val.slice();
+            clone[key3] = val.slice();
             continue;
           }
           if (typeof val === "string" || typeof val === "number" || typeof val === "boolean") {
-            clone2[key3] = val;
+            clone[key3] = val;
             continue;
           }
           throw new TypeError("clone is not deep and does not support nested objects");
         }
-        return clone2;
+        return clone;
       };
       lunr2.FieldRef = function(docRef, fieldName, stringValue) {
         this.docRef = docRef;
@@ -10119,11 +10119,18 @@ function tap(observerOrNext, error4, complete2) {
   }) : identity;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/webcrypto.js
+// ../node_modules/@inrupt/solid-client-authn-core/dist/index.mjs
+var import_events = __toESM(require_events(), 1);
+// ../node_modules/@inrupt/universal-fetch/dist/index-browser.mjs
+var indexBrowser = globalThis.fetch;
+var { fetch: fetch2, Response, Request, Headers } = globalThis;
+// ../node_modules/jose/dist/browser/runtime/webcrypto.js
 var webcrypto_default = crypto;
 var isCryptoKey = (key3) => key3 instanceof CryptoKey;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/buffer_utils.js
+// ../node_modules/jose/dist/browser/lib/buffer_utils.js
 var encoder = new TextEncoder();
 var decoder = new TextDecoder();
 var MAX_INT32 = 2 ** 32;
@@ -10131,14 +10138,14 @@ function concat(...buffers) {
   const size4 = buffers.reduce((acc, { length: length2 }) => acc + length2, 0);
   const buf = new Uint8Array(size4);
   let i = 0;
-  for (const buffer of buffers) {
+  buffers.forEach((buffer) => {
     buf.set(buffer, i);
     i += buffer.length;
-  }
+  });
   return buf;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/base64url.js
+// ../node_modules/jose/dist/browser/runtime/base64url.js
 var encodeBase64 = (input2) => {
   let unencoded = input2;
   if (typeof unencoded === "string") {
@@ -10170,21 +10177,22 @@ var decode = (input2) => {
   encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
     return decodeBase64(encoded);
-  } catch {
+  } catch (_a) {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/util/errors.js
+// ../node_modules/jose/dist/browser/util/errors.js
 var JOSEError = class extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
   constructor(message4) {
+    var _a;
     super(message4);
     this.code = "ERR_JOSE_GENERIC";
     this.name = this.constructor.name;
-    Error.captureStackTrace?.(this, this.constructor);
+    (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);
   }
 };
 var JWTClaimValidationFailed = class extends JOSEError {
@@ -10245,45 +10253,6 @@ var JWTInvalid = class extends JOSEError {
     return "ERR_JWT_INVALID";
   }
 };
-var JWKSInvalid = class extends JOSEError {
-  constructor() {
-    super(...arguments);
-    this.code = "ERR_JWKS_INVALID";
-  }
-  static get code() {
-    return "ERR_JWKS_INVALID";
-  }
-};
-var JWKSNoMatchingKey = class extends JOSEError {
-  constructor() {
-    super(...arguments);
-    this.code = "ERR_JWKS_NO_MATCHING_KEY";
-    this.message = "no applicable key found in the JSON Web Key Set";
-  }
-  static get code() {
-    return "ERR_JWKS_NO_MATCHING_KEY";
-  }
-};
-var JWKSMultipleMatchingKeys = class extends JOSEError {
-  constructor() {
-    super(...arguments);
-    this.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
-    this.message = "multiple matching keys found in the JSON Web Key Set";
-  }
-  static get code() {
-    return "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
-  }
-};
-var JWKSTimeout = class extends JOSEError {
-  constructor() {
-    super(...arguments);
-    this.code = "ERR_JWKS_TIMEOUT";
-    this.message = "request timed out";
-  }
-  static get code() {
-    return "ERR_JWKS_TIMEOUT";
-  }
-};
 var JWSSignatureVerificationFailed = class extends JOSEError {
   constructor() {
     super(...arguments);
@@ -10295,10 +10264,10 @@ var JWSSignatureVerificationFailed = class extends JOSEError {
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/random.js
+// ../node_modules/jose/dist/browser/runtime/random.js
 var random_default = webcrypto_default.getRandomValues.bind(webcrypto_default);
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/crypto_key.js
+// ../node_modules/jose/dist/browser/lib/crypto_key.js
 function unusable(name7, prop = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name7}`);
 }
@@ -10392,7 +10361,7 @@ function checkSigCryptoKey(key3, alg, ...usages) {
   checkUsage(key3, usages);
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/invalid_key_input.js
+// ../node_modules/jose/dist/browser/lib/invalid_key_input.js
 function message(msg, actual2, ...types2) {
   if (types2.length > 2) {
     const last3 = types2.pop();
@@ -10407,7 +10376,7 @@ function message(msg, actual2, ...types2) {
   } else if (typeof actual2 === "function" && actual2.name) {
     msg += ` Received function ${actual2.name}`;
   } else if (typeof actual2 === "object" && actual2 != null) {
-    if (actual2.constructor?.name) {
+    if (actual2.constructor && actual2.constructor.name) {
       msg += ` Received an instance of ${actual2.constructor.name}`;
     }
   }
@@ -10420,13 +10389,13 @@ function withAlg(alg, actual2, ...types2) {
   return message(`Key for the ${alg} algorithm must be `, actual2, ...types2);
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/is_key_like.js
+// ../node_modules/jose/dist/browser/runtime/is_key_like.js
 var is_key_like_default = (key3) => {
   return isCryptoKey(key3);
 };
 var types = ["CryptoKey"];
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/is_disjoint.js
+// ../node_modules/jose/dist/browser/lib/is_disjoint.js
 var isDisjoint = (...headers) => {
   const sources = headers.filter(Boolean);
   if (sources.length === 0 || sources.length === 1) {
@@ -10450,7 +10419,7 @@ var isDisjoint = (...headers) => {
 };
 var is_disjoint_default = isDisjoint;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/is_object.js
+// ../node_modules/jose/dist/browser/lib/is_object.js
 function isObjectLike(value6) {
   return typeof value6 === "object" && value6 !== null;
 }
@@ -10468,7 +10437,7 @@ function isObject(input2) {
   return Object.getPrototypeOf(input2) === proto;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/check_key_length.js
+// ../node_modules/jose/dist/browser/runtime/check_key_length.js
 var check_key_length_default = (alg, key3) => {
   if (alg.startsWith("RS") || alg.startsWith("PS")) {
     const { modulusLength } = key3.algorithm;
@@ -10478,11 +10447,49 @@ var check_key_length_default = (alg, key3) => {
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/jwk_to_key.js
+// ../node_modules/jose/dist/browser/runtime/jwk_to_key.js
 function subtleMapping(jwk) {
   let algorithm3;
   let keyUsages;
   switch (jwk.kty) {
+    case "oct": {
+      switch (jwk.alg) {
+        case "HS256":
+        case "HS384":
+        case "HS512":
+          algorithm3 = { name: "HMAC", hash: `SHA-${jwk.alg.slice(-3)}` };
+          keyUsages = ["sign", "verify"];
+          break;
+        case "A128CBC-HS256":
+        case "A192CBC-HS384":
+        case "A256CBC-HS512":
+          throw new JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`);
+        case "A128GCM":
+        case "A192GCM":
+        case "A256GCM":
+        case "A128GCMKW":
+        case "A192GCMKW":
+        case "A256GCMKW":
+          algorithm3 = { name: "AES-GCM" };
+          keyUsages = ["encrypt", "decrypt"];
+          break;
+        case "A128KW":
+        case "A192KW":
+        case "A256KW":
+          algorithm3 = { name: "AES-KW" };
+          keyUsages = ["wrapKey", "unwrapKey"];
+          break;
+        case "PBES2-HS256+A128KW":
+        case "PBES2-HS384+A192KW":
+        case "PBES2-HS512+A256KW":
+          algorithm3 = { name: "PBKDF2" };
+          keyUsages = ["deriveBits"];
+          break;
+        default:
+          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
     case "RSA": {
       switch (jwk.alg) {
         case "PS256":
@@ -10562,15 +10569,19 @@ function subtleMapping(jwk) {
   return { algorithm: algorithm3, keyUsages };
 }
 var parse = async (jwk) => {
+  var _a, _b;
   if (!jwk.alg) {
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
   }
   const { algorithm: algorithm3, keyUsages } = subtleMapping(jwk);
   const rest3 = [
     algorithm3,
-    jwk.ext ?? false,
-    jwk.key_ops ?? keyUsages
+    (_a = jwk.ext) !== null && _a !== void 0 ? _a : false,
+    (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages
   ];
+  if (algorithm3.name === "PBKDF2") {
+    return webcrypto_default.subtle.importKey("raw", decode(jwk.k), ...rest3);
+  }
   const keyData = { ...jwk };
   delete keyData.alg;
   delete keyData.use;
@@ -10578,8 +10589,9 @@ var parse = async (jwk) => {
 };
 var jwk_to_key_default = parse;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/import.js
-async function importJWK(jwk, alg) {
+// ../node_modules/jose/dist/browser/key/import.js
+async function importJWK(jwk, alg, octAsKeyObject) {
+  var _a;
   if (!isObject(jwk)) {
     throw new TypeError("JWK must be an object");
   }
@@ -10589,6 +10601,10 @@ async function importJWK(jwk, alg) {
       if (typeof jwk.k !== "string" || !jwk.k) {
         throw new TypeError('missing "k" (Key Value) Parameter value');
       }
+      octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : octAsKeyObject = jwk.ext !== true;
+      if (octAsKeyObject) {
+        return jwk_to_key_default({ ...jwk, alg, ext: (_a = jwk.ext) !== null && _a !== void 0 ? _a : false });
+      }
       return decode(jwk.k);
     case "RSA":
       if (jwk.oth !== void 0) {
@@ -10602,7 +10618,7 @@ async function importJWK(jwk, alg) {
   }
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/check_key_type.js
+// ../node_modules/jose/dist/browser/lib/check_key_type.js
 var symmetricTypeCheck = (alg, key3) => {
   if (key3 instanceof Uint8Array)
     return;
@@ -10643,9 +10659,9 @@ var checkKeyType = (alg, key3, usage2) => {
 };
 var check_key_type_default = checkKeyType;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/validate_crit.js
+// ../node_modules/jose/dist/browser/lib/validate_crit.js
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
-  if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) {
+  if (joseHeader.crit !== void 0 && protectedHeader.crit === void 0) {
     throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
   }
   if (!protectedHeader || protectedHeader.crit === void 0) {
@@ -10666,8 +10682,7 @@ function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader,
     }
     if (joseHeader[parameter2] === void 0) {
       throw new Err(`Extension Header Parameter "${parameter2}" is missing`);
-    }
-    if (recognized.get(parameter2) && protectedHeader[parameter2] === void 0) {
+    } else if (recognized.get(parameter2) && protectedHeader[parameter2] === void 0) {
       throw new Err(`Extension Header Parameter "${parameter2}" MUST be integrity protected`);
     }
   }
@@ -10675,7 +10690,7 @@ function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader,
 }
 var validate_crit_default = validateCrit;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/validate_algorithms.js
+// ../node_modules/jose/dist/browser/lib/validate_algorithms.js
 var validateAlgorithms = (option5, algorithms) => {
   if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) {
     throw new TypeError(`"${option5}" option must be an array of strings`);
@@ -10687,7 +10702,7 @@ var validateAlgorithms = (option5, algorithms) => {
 };
 var validate_algorithms_default = validateAlgorithms;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/key_to_jwk.js
+// ../node_modules/jose/dist/browser/runtime/key_to_jwk.js
 var keyToJWK = async (key3) => {
   if (key3 instanceof Uint8Array) {
     return {
@@ -10706,15 +10721,15 @@ var keyToJWK = async (key3) => {
 };
 var key_to_jwk_default = keyToJWK;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/export.js
+// ../node_modules/jose/dist/browser/key/export.js
 async function exportJWK(key3) {
   return key_to_jwk_default(key3);
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwe/flattened/encrypt.js
+// ../node_modules/jose/dist/browser/jwe/flattened/encrypt.js
 var unprotected = Symbol();
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/subtle_dsa.js
+// ../node_modules/jose/dist/browser/runtime/subtle_dsa.js
 function subtleDsa(alg, algorithm3) {
   const hash2 = `SHA-${alg.slice(-3)}`;
   switch (alg) {
@@ -10741,7 +10756,7 @@ function subtleDsa(alg, algorithm3) {
   }
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/get_sign_verify_key.js
+// ../node_modules/jose/dist/browser/runtime/get_sign_verify_key.js
 function getCryptoKey(alg, key3, usage2) {
   if (isCryptoKey(key3)) {
     checkSigCryptoKey(key3, alg, usage2);
@@ -10756,21 +10771,22 @@ function getCryptoKey(alg, key3, usage2) {
   throw new TypeError(invalid_key_input_default(key3, ...types, "Uint8Array"));
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/verify.js
+// ../node_modules/jose/dist/browser/runtime/verify.js
 var verify = async (alg, key3, signature2, data2) => {
   const cryptoKey = await getCryptoKey(alg, key3, "verify");
   check_key_length_default(alg, cryptoKey);
   const algorithm3 = subtleDsa(alg, cryptoKey.algorithm);
   try {
     return await webcrypto_default.subtle.verify(algorithm3, cryptoKey, signature2, data2);
-  } catch {
+  } catch (_a) {
     return false;
   }
 };
 var verify_default = verify;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/flattened/verify.js
+// ../node_modules/jose/dist/browser/jws/flattened/verify.js
 async function flattenedVerify(jws2, key3, options) {
+  var _a;
   if (!isObject(jws2)) {
     throw new JWSInvalid("Flattened JWS must be an object");
   }
@@ -10794,7 +10810,7 @@ async function flattenedVerify(jws2, key3, options) {
     try {
       const protectedHeader = decode(jws2.protected);
       parsedProt = JSON.parse(decoder.decode(protectedHeader));
-    } catch {
+    } catch (_b) {
       throw new JWSInvalid("JWS Protected Header is invalid");
     }
   }
@@ -10805,7 +10821,7 @@ async function flattenedVerify(jws2, key3, options) {
     ...parsedProt,
     ...jws2.header
   };
-  const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
+  const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
   let b64 = true;
   if (extensions.has("b64")) {
     b64 = parsedProt.b64;
@@ -10819,7 +10835,7 @@ async function flattenedVerify(jws2, key3, options) {
   }
   const algorithms = options && validate_algorithms_default("algorithms", options.algorithms);
   if (algorithms && !algorithms.has(alg)) {
-    throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed');
   }
   if (b64) {
     if (typeof jws2.payload !== "string") {
@@ -10834,11 +10850,11 @@ async function flattenedVerify(jws2, key3, options) {
     resolvedKey = true;
   }
   check_key_type_default(alg, key3, "verify");
-  const data2 = concat(encoder.encode(jws2.protected ?? ""), encoder.encode("."), typeof jws2.payload === "string" ? encoder.encode(jws2.payload) : jws2.payload);
+  const data2 = concat(encoder.encode((_a = jws2.protected) !== null && _a !== void 0 ? _a : ""), encoder.encode("."), typeof jws2.payload === "string" ? encoder.encode(jws2.payload) : jws2.payload);
   let signature2;
   try {
     signature2 = decode(jws2.signature);
-  } catch {
+  } catch (_c) {
     throw new JWSInvalid("Failed to base64url decode the signature");
   }
   const verified2 = await verify_default(alg, key3, signature2, data2);
@@ -10849,7 +10865,7 @@ async function flattenedVerify(jws2, key3, options) {
   if (b64) {
     try {
       payload4 = decode(jws2.payload);
-    } catch {
+    } catch (_d) {
       throw new JWSInvalid("Failed to base64url decode the payload");
     }
   } else if (typeof jws2.payload === "string") {
@@ -10870,7 +10886,7 @@ async function flattenedVerify(jws2, key3, options) {
   return result5;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/compact/verify.js
+// ../node_modules/jose/dist/browser/jws/compact/verify.js
 async function compactVerify(jws2, key3, options) {
   if (jws2 instanceof Uint8Array) {
     jws2 = decoder.decode(jws2);
@@ -10890,67 +10906,56 @@ async function compactVerify(jws2, key3, options) {
   return result5;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/epoch.js
+// ../node_modules/jose/dist/browser/lib/epoch.js
 var epoch_default = (date5) => Math.floor(date5.getTime() / 1e3);
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/secs.js
+// ../node_modules/jose/dist/browser/lib/secs.js
 var minute = 60;
 var hour = minute * 60;
 var day = hour * 24;
 var week = day * 7;
 var year = day * 365.25;
-var REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+var REGEX = /^(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i;
 var secs_default = (str) => {
   const matched = REGEX.exec(str);
-  if (!matched || matched[4] && matched[1]) {
+  if (!matched) {
     throw new TypeError("Invalid time period format");
   }
-  const value6 = parseFloat(matched[2]);
-  const unit2 = matched[3].toLowerCase();
-  let numericDate;
+  const value6 = parseFloat(matched[1]);
+  const unit2 = matched[2].toLowerCase();
   switch (unit2) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      numericDate = Math.round(value6);
-      break;
+      return Math.round(value6);
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      numericDate = Math.round(value6 * minute);
-      break;
+      return Math.round(value6 * minute);
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      numericDate = Math.round(value6 * hour);
-      break;
+      return Math.round(value6 * hour);
     case "day":
     case "days":
     case "d":
-      numericDate = Math.round(value6 * day);
-      break;
+      return Math.round(value6 * day);
     case "week":
     case "weeks":
     case "w":
-      numericDate = Math.round(value6 * week);
-      break;
+      return Math.round(value6 * week);
     default:
-      numericDate = Math.round(value6 * year);
-      break;
-  }
-  if (matched[1] === "-" || matched[4] === "ago") {
-    return -numericDate;
+      return Math.round(value6 * year);
   }
-  return numericDate;
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/jwt_claims_set.js
+// ../node_modules/jose/dist/browser/lib/jwt_claims_set.js
 var normalizeTyp = (value6) => value6.toLowerCase().replace(/^application\//, "");
 var checkAudiencePresence = (audPayload, audOption) => {
   if (typeof audPayload === "string") {
@@ -10969,22 +10974,21 @@ var jwt_claims_set_default = (protectedHeader, encodedPayload, options = {}) =>
   let payload4;
   try {
     payload4 = JSON.parse(decoder.decode(encodedPayload));
-  } catch {
+  } catch (_a) {
   }
   if (!isObject(payload4)) {
     throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
   }
   const { requiredClaims = [], issuer: issuer2, subject: subject5, audience: audience5, maxTokenAge } = options;
-  const presenceCheck = [...requiredClaims];
   if (maxTokenAge !== void 0)
-    presenceCheck.push("iat");
+    requiredClaims.push("iat");
   if (audience5 !== void 0)
-    presenceCheck.push("aud");
+    requiredClaims.push("aud");
   if (subject5 !== void 0)
-    presenceCheck.push("sub");
+    requiredClaims.push("sub");
   if (issuer2 !== void 0)
-    presenceCheck.push("iss");
-  for (const claim2 of new Set(presenceCheck.reverse())) {
+    requiredClaims.push("iss");
+  for (const claim2 of new Set(requiredClaims.reverse())) {
     if (!(claim2 in payload4)) {
       throw new JWTClaimValidationFailed(`missing required "${claim2}" claim`, claim2, "missing");
     }
@@ -11046,10 +11050,11 @@ var jwt_claims_set_default = (protectedHeader, encodedPayload, options = {}) =>
   return payload4;
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/verify.js
+// ../node_modules/jose/dist/browser/jwt/verify.js
 async function jwtVerify(jwt, key3, options) {
+  var _a;
   const verified2 = await compactVerify(jwt, key3, options);
-  if (verified2.protectedHeader.crit?.includes("b64") && verified2.protectedHeader.b64 === false) {
+  if (((_a = verified2.protectedHeader.crit) === null || _a === void 0 ? void 0 : _a.includes("b64")) && verified2.protectedHeader.b64 === false) {
     throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
   }
   const payload4 = jwt_claims_set_default(verified2.protectedHeader, verified2.payload, options);
@@ -11060,7 +11065,7 @@ async function jwtVerify(jwt, key3, options) {
   return result5;
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/sign.js
+// ../node_modules/jose/dist/browser/runtime/sign.js
 var sign = async (alg, key3, data2) => {
   const cryptoKey = await getCryptoKey(alg, key3, "sign");
   check_key_length_default(alg, cryptoKey);
@@ -11069,7 +11074,7 @@ var sign = async (alg, key3, data2) => {
 };
 var sign_default = sign;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/flattened/sign.js
+// ../node_modules/jose/dist/browser/jws/flattened/sign.js
 var FlattenedSign = class {
   constructor(payload4) {
     if (!(payload4 instanceof Uint8Array)) {
@@ -11102,7 +11107,7 @@ var FlattenedSign = class {
       ...this._protectedHeader,
       ...this._unprotectedHeader
     };
-    const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, this._protectedHeader, joseHeader);
+    const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);
     let b64 = true;
     if (extensions.has("b64")) {
       b64 = this._protectedHeader.b64;
@@ -11144,7 +11149,7 @@ var FlattenedSign = class {
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/compact/sign.js
+// ../node_modules/jose/dist/browser/jws/compact/sign.js
 var CompactSign = class {
   constructor(payload4) {
     this._flattened = new FlattenedSign(payload4);
@@ -11162,15 +11167,9 @@ var CompactSign = class {
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/produce.js
-function validateInput(label4, input2) {
-  if (!Number.isFinite(input2)) {
-    throw new TypeError(`Invalid ${label4} input`);
-  }
-  return input2;
-}
+// ../node_modules/jose/dist/browser/jwt/produce.js
 var ProduceJWT = class {
-  constructor(payload4 = {}) {
+  constructor(payload4) {
     if (!isObject(payload4)) {
       throw new TypeError("JWT Claims Set MUST be an object");
     }
@@ -11194,9 +11193,7 @@ var ProduceJWT = class {
   }
   setNotBefore(input2) {
     if (typeof input2 === "number") {
-      this._payload = { ...this._payload, nbf: validateInput("setNotBefore", input2) };
-    } else if (input2 instanceof Date) {
-      this._payload = { ...this._payload, nbf: validateInput("setNotBefore", epoch_default(input2)) };
+      this._payload = { ...this._payload, nbf: input2 };
     } else {
       this._payload = { ...this._payload, nbf: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2) };
     }
@@ -11204,9 +11201,7 @@ var ProduceJWT = class {
   }
   setExpirationTime(input2) {
     if (typeof input2 === "number") {
-      this._payload = { ...this._payload, exp: validateInput("setExpirationTime", input2) };
-    } else if (input2 instanceof Date) {
-      this._payload = { ...this._payload, exp: validateInput("setExpirationTime", epoch_default(input2)) };
+      this._payload = { ...this._payload, exp: input2 };
     } else {
       this._payload = { ...this._payload, exp: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2) };
     }
@@ -11215,294 +11210,41 @@ var ProduceJWT = class {
   setIssuedAt(input2) {
     if (typeof input2 === "undefined") {
       this._payload = { ...this._payload, iat: epoch_default(/* @__PURE__ */ new Date()) };
-    } else if (input2 instanceof Date) {
-      this._payload = { ...this._payload, iat: validateInput("setIssuedAt", epoch_default(input2)) };
-    } else if (typeof input2 === "string") {
-      this._payload = {
-        ...this._payload,
-        iat: validateInput("setIssuedAt", epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2))
-      };
     } else {
-      this._payload = { ...this._payload, iat: validateInput("setIssuedAt", input2) };
+      this._payload = { ...this._payload, iat: input2 };
     }
     return this;
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/sign.js
+// ../node_modules/jose/dist/browser/jwt/sign.js
 var SignJWT = class extends ProduceJWT {
   setProtectedHeader(protectedHeader) {
     this._protectedHeader = protectedHeader;
     return this;
   }
   async sign(key3, options) {
+    var _a;
     const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));
     sig.setProtectedHeader(this._protectedHeader);
-    if (Array.isArray(this._protectedHeader?.crit) && this._protectedHeader.crit.includes("b64") && this._protectedHeader.b64 === false) {
+    if (Array.isArray((_a = this._protectedHeader) === null || _a === void 0 ? void 0 : _a.crit) && this._protectedHeader.crit.includes("b64") && this._protectedHeader.b64 === false) {
       throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
     }
     return sig.sign(key3, options);
   }
 };
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwks/local.js
-function getKtyFromAlg(alg) {
-  switch (typeof alg === "string" && alg.slice(0, 2)) {
-    case "RS":
-    case "PS":
-      return "RSA";
-    case "ES":
-      return "EC";
-    case "Ed":
-      return "OKP";
-    default:
-      throw new JOSENotSupported('Unsupported "alg" value for a JSON Web Key Set');
-  }
-}
-function isJWKSLike(jwks) {
-  return jwks && typeof jwks === "object" && Array.isArray(jwks.keys) && jwks.keys.every(isJWKLike);
-}
-function isJWKLike(key3) {
-  return isObject(key3);
-}
-function clone(obj) {
-  if (typeof structuredClone === "function") {
-    return structuredClone(obj);
-  }
-  return JSON.parse(JSON.stringify(obj));
-}
-var LocalJWKSet = class {
-  constructor(jwks) {
-    this._cached = /* @__PURE__ */ new WeakMap();
-    if (!isJWKSLike(jwks)) {
-      throw new JWKSInvalid("JSON Web Key Set malformed");
-    }
-    this._jwks = clone(jwks);
-  }
-  async getKey(protectedHeader, token) {
-    const { alg, kid } = { ...protectedHeader, ...token?.header };
-    const kty = getKtyFromAlg(alg);
-    const candidates = this._jwks.keys.filter((jwk2) => {
-      let candidate4 = kty === jwk2.kty;
-      if (candidate4 && typeof kid === "string") {
-        candidate4 = kid === jwk2.kid;
-      }
-      if (candidate4 && typeof jwk2.alg === "string") {
-        candidate4 = alg === jwk2.alg;
-      }
-      if (candidate4 && typeof jwk2.use === "string") {
-        candidate4 = jwk2.use === "sig";
-      }
-      if (candidate4 && Array.isArray(jwk2.key_ops)) {
-        candidate4 = jwk2.key_ops.includes("verify");
-      }
-      if (candidate4 && alg === "EdDSA") {
-        candidate4 = jwk2.crv === "Ed25519" || jwk2.crv === "Ed448";
-      }
-      if (candidate4) {
-        switch (alg) {
-          case "ES256":
-            candidate4 = jwk2.crv === "P-256";
-            break;
-          case "ES256K":
-            candidate4 = jwk2.crv === "secp256k1";
-            break;
-          case "ES384":
-            candidate4 = jwk2.crv === "P-384";
-            break;
-          case "ES512":
-            candidate4 = jwk2.crv === "P-521";
-            break;
-        }
-      }
-      return candidate4;
-    });
-    const { 0: jwk, length: length2 } = candidates;
-    if (length2 === 0) {
-      throw new JWKSNoMatchingKey();
-    }
-    if (length2 !== 1) {
-      const error4 = new JWKSMultipleMatchingKeys();
-      const { _cached } = this;
-      error4[Symbol.asyncIterator] = async function* () {
-        for (const jwk2 of candidates) {
-          try {
-            yield await importWithAlgCache(_cached, jwk2, alg);
-          } catch {
-          }
-        }
-      };
-      throw error4;
-    }
-    return importWithAlgCache(this._cached, jwk, alg);
-  }
-};
-async function importWithAlgCache(cache, jwk, alg) {
-  const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);
-  if (cached[alg] === void 0) {
-    const key3 = await importJWK({ ...jwk, ext: true }, alg);
-    if (key3 instanceof Uint8Array || key3.type !== "public") {
-      throw new JWKSInvalid("JSON Web Key Set members must be public keys");
-    }
-    cached[alg] = key3;
-  }
-  return cached[alg];
-}
-function createLocalJWKSet(jwks) {
-  const set = new LocalJWKSet(jwks);
-  const localJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);
-  Object.defineProperties(localJWKSet, {
-    jwks: {
-      value: () => clone(set._jwks),
-      enumerable: true,
-      configurable: false,
-      writable: false
-    }
-  });
-  return localJWKSet;
-}
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/fetch_jwks.js
-var fetchJwks = async (url7, timeout2, options) => {
-  let controller2;
-  let id4;
-  let timedOut = false;
-  if (typeof AbortController === "function") {
-    controller2 = new AbortController();
-    id4 = setTimeout(() => {
-      timedOut = true;
-      controller2.abort();
-    }, timeout2);
-  }
-  const response6 = await fetch(url7.href, {
-    signal: controller2 ? controller2.signal : void 0,
-    redirect: "manual",
-    headers: options.headers
-  }).catch((err) => {
-    if (timedOut)
-      throw new JWKSTimeout();
-    throw err;
-  });
-  if (id4 !== void 0)
-    clearTimeout(id4);
-  if (response6.status !== 200) {
-    throw new JOSEError("Expected 200 OK from the JSON Web Key Set HTTP response");
-  }
-  try {
-    return await response6.json();
-  } catch {
-    throw new JOSEError("Failed to parse the JSON Web Key Set HTTP response as JSON");
-  }
-};
-var fetch_jwks_default = fetchJwks;
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwks/remote.js
-function isCloudflareWorkers() {
-  return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
-}
-var USER_AGENT;
-if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) {
-  const NAME = "jose";
-  const VERSION = "v5.3.0";
-  USER_AGENT = `${NAME}/${VERSION}`;
-}
-var RemoteJWKSet = class {
-  constructor(url7, options) {
-    if (!(url7 instanceof URL)) {
-      throw new TypeError("url must be an instance of URL");
-    }
-    this._url = new URL(url7.href);
-    this._options = { agent: options?.agent, headers: options?.headers };
-    this._timeoutDuration = typeof options?.timeoutDuration === "number" ? options?.timeoutDuration : 5e3;
-    this._cooldownDuration = typeof options?.cooldownDuration === "number" ? options?.cooldownDuration : 3e4;
-    this._cacheMaxAge = typeof options?.cacheMaxAge === "number" ? options?.cacheMaxAge : 6e5;
-  }
-  coolingDown() {
-    return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cooldownDuration : false;
-  }
-  fresh() {
-    return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cacheMaxAge : false;
-  }
-  async getKey(protectedHeader, token) {
-    if (!this._local || !this.fresh()) {
-      await this.reload();
-    }
-    try {
-      return await this._local(protectedHeader, token);
-    } catch (err) {
-      if (err instanceof JWKSNoMatchingKey) {
-        if (this.coolingDown() === false) {
-          await this.reload();
-          return this._local(protectedHeader, token);
-        }
-      }
-      throw err;
-    }
-  }
-  async reload() {
-    if (this._pendingFetch && isCloudflareWorkers()) {
-      this._pendingFetch = void 0;
-    }
-    const headers = new Headers(this._options.headers);
-    if (USER_AGENT && !headers.has("User-Agent")) {
-      headers.set("User-Agent", USER_AGENT);
-      this._options.headers = Object.fromEntries(headers.entries());
-    }
-    this._pendingFetch || (this._pendingFetch = fetch_jwks_default(this._url, this._timeoutDuration, this._options).then((json) => {
-      this._local = createLocalJWKSet(json);
-      this._jwksTimestamp = Date.now();
-      this._pendingFetch = void 0;
-    }).catch((err) => {
-      this._pendingFetch = void 0;
-      throw err;
-    }));
-    await this._pendingFetch;
-  }
-};
-function createRemoteJWKSet(url7, options) {
-  const set = new RemoteJWKSet(url7, options);
-  const remoteJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);
-  Object.defineProperties(remoteJWKSet, {
-    coolingDown: {
-      get: () => set.coolingDown(),
-      enumerable: true,
-      configurable: false
-    },
-    fresh: {
-      get: () => set.fresh(),
-      enumerable: true,
-      configurable: false
-    },
-    reload: {
-      value: () => set.reload(),
-      enumerable: true,
-      configurable: false,
-      writable: false
-    },
-    reloading: {
-      get: () => !!set._pendingFetch,
-      enumerable: true,
-      configurable: false
-    },
-    jwks: {
-      value: () => set._local?.jwks(),
-      enumerable: true,
-      configurable: false,
-      writable: false
-    }
-  });
-  return remoteJWKSet;
-}
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/generate.js
+// ../node_modules/jose/dist/browser/runtime/generate.js
 function getModulusLengthOption(options) {
-  const modulusLength = options?.modulusLength ?? 2048;
+  var _a;
+  const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;
   if (typeof modulusLength !== "number" || modulusLength < 2048) {
     throw new JOSENotSupported("Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used");
   }
   return modulusLength;
 }
 async function generateKeyPair(alg, options) {
+  var _a, _b, _c;
   let algorithm3;
   let keyUsages;
   switch (alg) {
@@ -11552,9 +11294,9 @@ async function generateKeyPair(alg, options) {
       algorithm3 = { name: "ECDSA", namedCurve: "P-521" };
       keyUsages = ["sign", "verify"];
       break;
-    case "EdDSA": {
+    case "EdDSA":
       keyUsages = ["sign", "verify"];
-      const crv = options?.crv ?? "Ed25519";
+      const crv = (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "Ed25519";
       switch (crv) {
         case "Ed25519":
         case "Ed448":
@@ -11564,23 +11306,22 @@ async function generateKeyPair(alg, options) {
           throw new JOSENotSupported("Invalid or unsupported crv option provided");
       }
       break;
-    }
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
       keyUsages = ["deriveKey", "deriveBits"];
-      const crv = options?.crv ?? "P-256";
-      switch (crv) {
+      const crv2 = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : "P-256";
+      switch (crv2) {
         case "P-256":
         case "P-384":
         case "P-521": {
-          algorithm3 = { name: "ECDH", namedCurve: crv };
+          algorithm3 = { name: "ECDH", namedCurve: crv2 };
           break;
         }
         case "X25519":
         case "X448":
-          algorithm3 = { name: crv };
+          algorithm3 = { name: crv2 };
           break;
         default:
           throw new JOSENotSupported("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448");
@@ -11590,10 +11331,10 @@ async function generateKeyPair(alg, options) {
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
   }
-  return webcrypto_default.subtle.generateKey(algorithm3, options?.extractable ?? false, keyUsages);
+  return webcrypto_default.subtle.generateKey(algorithm3, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages);
 }
-// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/generate_key_pair.js
+// ../node_modules/jose/dist/browser/key/generate_key_pair.js
 async function generateKeyPair2(alg, options) {
   return generateKeyPair(alg, options);
 }
@@ -11665,6 +11406,17 @@ var SCOPE_OPENID = "openid";
 var SCOPE_OFFLINE = "offline_access";
 var SCOPE_WEBID = "webid";
 var DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(" ");
+var buildProxyHandler = (toExclude, errorMessage) => ({
+  // This proxy is only a temporary measure until Session no longer extends
+  // SessionEventEmitter, and the proxying is no longer necessary.
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  get(target5, prop, receiver2) {
+    if (!Object.getOwnPropertyNames(import_events.EventEmitter).includes(prop) && Object.getOwnPropertyNames(toExclude).includes(prop)) {
+      throw new Error(`${errorMessage}: [${prop}] is not supported`);
+    }
+    return Reflect.get(target5, prop, receiver2);
+  }
+});
 var AggregateHandler = class {
   constructor(handleables) {
     this.handleables = handleables;
@@ -11701,10 +11453,24 @@ var AggregateHandler = class {
     }).join(", ")}`);
   }
 };
+async function fetchJwks(jwksIri, issuerIri) {
+  const jwksResponse = await fetch2.call(globalThis, jwksIri);
+  if (jwksResponse.status !== 200) {
+    throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
+  }
+  let jwk;
+  try {
+    jwk = (await jwksResponse.json()).keys[0];
+  } catch (e) {
+    throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
+  }
+  return jwk;
+}
 async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
+  const jwk = await fetchJwks(jwksIri, issuerIri);
   let payload4;
   try {
-    const { payload: verifiedPayload } = await jwtVerify(idToken, createRemoteJWKSet(new URL(jwksIri)), {
+    const { payload: verifiedPayload } = await jwtVerify(idToken, await importJWK(jwk), {
       issuer: issuerIri,
       audience: clientId
     });
@@ -11744,29 +11510,17 @@ function removeOpenIdParams(redirectUrl) {
   cleanedUpUrl.searchParams.delete("iss");
   return cleanedUpUrl;
 }
-function booleanWithFallback(value6, fallback) {
-  if (typeof value6 === "boolean") {
-    return Boolean(value6);
-  }
-  return Boolean(fallback);
-}
 var AuthorizationCodeWithPkceOidcHandlerBase = class {
   constructor(storageUtility, redirector) {
     this.storageUtility = storageUtility;
     this.redirector = redirector;
-    this.parametersGuard = (oidcLoginOptions) => {
-      return oidcLoginOptions.issuerConfiguration.grantTypesSupported !== void 0 && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1 && oidcLoginOptions.redirectUrl !== void 0;
-    };
     this.storageUtility = storageUtility;
     this.redirector = redirector;
   }
   async canHandle(oidcLoginOptions) {
-    return this.parametersGuard(oidcLoginOptions);
+    return !!(oidcLoginOptions.issuerConfiguration.grantTypesSupported && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1);
   }
   async handleRedirect({ oidcLoginOptions, state: state2, codeVerifier, targetUrl: targetUrl3 }) {
-    if (!this.parametersGuard(oidcLoginOptions)) {
-      throw new Error("The authorization code grant requires a redirectUrl.");
-    }
     await Promise.all([
       // We use the OAuth 'state' value (which should be crypto-random) as
       // the key in our storage to store our actual SessionID. We do this
@@ -11777,6 +11531,7 @@ var AuthorizationCodeWithPkceOidcHandlerBase = class {
       // that session ID can be any developer-specified value, and therefore
       // may not be appropriate (since the OAuth 'state' value should really
       // be an unguessable crypto-random value).
+      // eslint-disable-next-line no-underscore-dangle
       this.storageUtility.setForUser(state2, {
         sessionId: oidcLoginOptions.sessionId
       }),
@@ -11785,12 +11540,12 @@ var AuthorizationCodeWithPkceOidcHandlerBase = class {
       // our session ID is unnecessary, but it provides a slightly cleaner
       // separation of concerns.
       this.storageUtility.setForUser(oidcLoginOptions.sessionId, {
+        // eslint-disable-next-line no-underscore-dangle
         codeVerifier,
         issuer: oidcLoginOptions.issuer.toString(),
         // The redirect URL is read after redirect, so it must be stored now.
         redirectUrl: oidcLoginOptions.redirectUrl,
-        dpop: Boolean(oidcLoginOptions.dpop).toString(),
-        keepAlive: booleanWithFallback(oidcLoginOptions.keepAlive, true).toString()
+        dpop: oidcLoginOptions.dpop ? "true" : "false"
       })
     ]);
     this.redirector.redirect(targetUrl3, {
@@ -11852,7 +11607,7 @@ function getUnauthenticatedSession() {
   return {
     isLoggedIn: false,
     sessionId: v4_default(),
-    fetch: (...args) => fetch(...args)
+    fetch: (...args) => fetch2.call(globalThis, ...args)
   };
 }
 async function clear(sessionId, storage2) {
@@ -11946,51 +11701,48 @@ function determineSigningAlg(supported, preferred2) {
     return supported.includes(signingAlg);
   })) !== null && _a !== void 0 ? _a : null;
 }
-function isStaticClient(options) {
-  return options.clientId !== void 0 && !isValidUrl(options.clientId);
-}
-function isSolidOidcClient(options, issuerConfig) {
-  return issuerConfig.scopesSupported.includes("webid") && options.clientId !== void 0 && isValidUrl(options.clientId);
-}
-function isKnownClientType(clientType) {
-  return typeof clientType === "string" && ["dynamic", "static", "solid-oidc"].includes(clientType);
+function determineClientType(options, issuerConfig) {
+  if (options.clientId !== void 0 && !isValidUrl(options.clientId)) {
+    return "static";
+  }
+  if (issuerConfig.scopesSupported.includes("webid") && options.clientId !== void 0 && isValidUrl(options.clientId)) {
+    return "solid-oidc";
+  }
+  return "dynamic";
 }
 async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
-  let clientInfo;
-  if (isSolidOidcClient(options, issuerConfig)) {
-    clientInfo = {
-      clientId: options.clientId,
-      clientName: options.clientName,
-      clientType: "solid-oidc"
-    };
-  } else if (isStaticClient(options)) {
-    clientInfo = {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      clientName: options.clientName,
-      clientType: "static"
-    };
-  } else {
+  const clientType = determineClientType(options, issuerConfig);
+  if (clientType === "dynamic") {
     return clientRegistrar.getClient({
       sessionId: options.sessionId,
       clientName: options.clientName,
       redirectUrl: options.redirectUrl
     }, issuerConfig);
   }
-  const infoToSave = {
-    clientId: clientInfo.clientId,
-    clientType: clientInfo.clientType
-  };
-  if (clientInfo.clientType === "static") {
-    infoToSave.clientSecret = clientInfo.clientSecret;
+  await storageUtility.setForUser(options.sessionId, {
+    // If the client is either static or solid-oidc compliant, its client ID cannot be undefined.
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    clientId: options.clientId
+  });
+  if (options.clientSecret) {
+    await storageUtility.setForUser(options.sessionId, {
+      clientSecret: options.clientSecret
+    });
   }
-  if (clientInfo.clientName) {
-    infoToSave.clientName = clientInfo.clientName;
+  if (options.clientName) {
+    await storageUtility.setForUser(options.sessionId, {
+      clientName: options.clientName
+    });
   }
-  await storageUtility.setForUser(options.sessionId, infoToSave);
-  return clientInfo;
+  return {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    clientId: options.clientId,
+    clientSecret: options.clientSecret,
+    clientName: options.clientName,
+    clientType
+  };
 }
-var boundFetch = (request2, init) => fetch(request2, init);
+var globalFetch = (request2, init) => fetch2.call(globalThis, request2, init);
 var ClientAuthentication = class {
   constructor(loginHandler, redirectHandler, logoutHandler, sessionInfoManager, issuerConfigFetcher) {
     this.loginHandler = loginHandler;
@@ -11998,13 +11750,13 @@ var ClientAuthentication = class {
     this.logoutHandler = logoutHandler;
     this.sessionInfoManager = sessionInfoManager;
     this.issuerConfigFetcher = issuerConfigFetcher;
-    this.fetch = boundFetch;
+    this.fetch = globalFetch;
     this.logout = async (sessionId, options) => {
       await this.logoutHandler.handle(sessionId, (options === null || options === void 0 ? void 0 : options.logoutType) === "idp" ? {
         ...options,
         toLogoutUrl: this.boundLogout
       } : options);
-      this.fetch = boundFetch;
+      this.fetch = globalFetch;
       delete this.boundLogout;
     };
     this.getSessionInfo = async (sessionId) => {
@@ -12022,14 +11774,13 @@ var ClientAuthentication = class {
 };
 async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
   try {
-    const [issuerIri, codeVerifier, storedRedirectIri, dpop, keepAlive] = await Promise.all([
+    const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
       storageUtility.getForUser(sessionId, "issuer", {
         errorIfNull: true
       }),
       storageUtility.getForUser(sessionId, "codeVerifier"),
       storageUtility.getForUser(sessionId, "redirectUrl"),
-      storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
-      storageUtility.getForUser(sessionId, "keepAlive")
+      storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true })
     ]);
     await storageUtility.deleteForUser(sessionId, "codeVerifier");
     const issuerConfig = await configFetcher.fetchConfig(issuerIri);
@@ -12037,9 +11788,7 @@ async function loadOidcContextFromStorage(sessionId, storageUtility, configFetch
       codeVerifier,
       redirectUrl: storedRedirectIri,
       issuerConfig,
-      dpop: dpop === "true",
-      // Default keepAlive to true if not found in storage.
-      keepAlive: typeof keepAlive === "string" ? keepAlive === "true" : true
+      dpop: dpop === "true"
     };
   } catch (e) {
     throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
@@ -12196,8 +11945,8 @@ async function buildAuthenticatedHeaders(targetUrl3, authToken, dpopKey, default
     headers
   };
 }
-async function makeAuthenticatedRequest(accessToken, url7, defaultRequestInit, dpopKey) {
-  return fetch(url7, await buildAuthenticatedHeaders(url7.toString(), accessToken, dpopKey, defaultRequestInit));
+async function makeAuthenticatedRequest(unauthFetch, accessToken, url7, defaultRequestInit, dpopKey) {
+  return unauthFetch(url7, await buildAuthenticatedHeaders(url7.toString(), accessToken, dpopKey, defaultRequestInit));
 }
 async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
   var _a;
@@ -12221,7 +11970,7 @@ var computeRefreshDelay = (expiresIn) => {
   }
   return DEFAULT_EXPIRATION_TIME_SECONDS;
 };
-async function buildAuthenticatedFetch(accessToken, options) {
+async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
   var _a;
   let currentAccessToken = accessToken;
   let latestTimeout;
@@ -12269,7 +12018,7 @@ async function buildAuthenticatedFetch(accessToken, options) {
     options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
   }
   return async (url7, requestInit) => {
-    let response6 = await makeAuthenticatedRequest(currentAccessToken, url7, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
+    let response6 = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url7, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
     const failedButNotExpectedAuthError = !response6.ok && !isExpectedAuthError(response6.status);
     if (response6.ok || failedButNotExpectedAuthError) {
       return response6;
@@ -12277,6 +12026,7 @@ async function buildAuthenticatedFetch(accessToken, options) {
     const hasBeenRedirected = response6.url !== url7;
     if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== void 0) {
       response6 = await makeAuthenticatedRequest(
+        unauthFetch,
         currentAccessToken,
         // Replace the original target IRI (`url`) by the redirection target
         response6.url,
@@ -12289,7 +12039,7 @@ async function buildAuthenticatedFetch(accessToken, options) {
 }
 // ../node_modules/@inrupt/solid-client-authn-browser/dist/index.mjs
-var import_events = __toESM(require_events(), 1);
+var import_events2 = __toESM(require_events(), 1);
 // ../node_modules/@inrupt/oidc-client-ext/dist/index.es.js
 var import_oidc_client = __toESM(require_oidc_client_min());
@@ -12437,7 +12187,7 @@ async function getTokens(issuer2, client, data2, dpop) {
     headers,
     body: new URLSearchParams(requestBody).toString()
   };
-  const rawTokenResponse = await fetch(issuer2.tokenEndpoint, tokenRequestInit);
+  const rawTokenResponse = await fetch2(issuer2.tokenEndpoint, tokenRequestInit);
   const jsonTokenResponse = await rawTokenResponse.json();
   const tokenResponse = validateTokenEndpointResponse(jsonTokenResponse, dpop);
   const webId = await getWebidFromTokenPayload(tokenResponse.id_token, issuer2.jwksUri, issuer2.issuer, client.clientId);
@@ -12450,6 +12200,66 @@ async function getTokens(issuer2, client, data2, dpop) {
     expiresIn: tokenResponse.expires_in
   };
 }
+async function getBearerToken(redirectUrl) {
+  let signinResponse;
+  try {
+    const client = new import_oidc_client.OidcClient({
+      // TODO: We should look at the various interfaces being used for storage,
+      //  i.e. between oidc-client-js (WebStorageStoreState), localStorage
+      //  (which has an interface Storage), and our own proprietary interface
+      //  IStorage - i.e. we should really just be using the browser Web Storage
+      //  API, e.g. "stateStore: window.localStorage,".
+      // We are instantiating a new instance here, so the only value we need to
+      // explicitly provide is the response mode (default otherwise will look
+      // for a hash '#' fragment!).
+      // eslint-disable-next-line camelcase
+      response_mode: "query",
+      // The userinfo endpoint on NSS fails, so disable this for now
+      // Note that in Solid, information should be retrieved from the
+      // profile referenced by the WebId.
+      // TODO: Note that this is heavy-handed, and that this userinfo check
+      //  verifies that the `sub` claim in the id token you get along with the
+      //  access token matches the sub claim associated with the access token at
+      //  the userinfo endpoint.
+      // That is a useful check, and in the future it should be only disabled
+      // against NSS, and not in general.
+      // Issue tracker: https://github.com/solid/node-solid-server/issues/1490
+      loadUserInfo: false
+    });
+    signinResponse = await client.processSigninResponse(redirectUrl);
+    if (client.settings.metadata === void 0) {
+      throw new Error("Cannot retrieve issuer metadata from client information in storage.");
+    }
+    if (client.settings.metadata.jwks_uri === void 0) {
+      throw new Error("Missing some issuer metadata from client information in storage: 'jwks_uri' is undefined");
+    }
+    if (client.settings.metadata.issuer === void 0) {
+      throw new Error("Missing some issuer metadata from client information in storage: 'issuer' is undefined");
+    }
+    if (client.settings.client_id === void 0) {
+      throw new Error("Missing some client information in storage: 'client_id' is undefined");
+    }
+    const webId = await getWebidFromTokenPayload(signinResponse.id_token, client.settings.metadata.jwks_uri, client.settings.metadata.issuer, client.settings.client_id);
+    return {
+      accessToken: signinResponse.access_token,
+      idToken: signinResponse.id_token,
+      webId,
+      // Although not a field in the TypeScript response interface, the refresh
+      // token (which can optionally come back with the access token (if, as per
+      // the OAuth2 spec, we requested one using the scope of 'offline_access')
+      // will be included in the signin response object.
+      // eslint-disable-next-line camelcase
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      refreshToken: signinResponse.refresh_token
+    };
+  } catch (err) {
+    throw new Error(`Problem handling Auth Code Grant (Flow) redirect - URL [${redirectUrl}]: ${err}`);
+  }
+}
+async function getDpopToken(issuer2, client, data2) {
+  return getTokens(issuer2, client, data2, true);
+}
 var isValidUrl2 = (url7) => {
   try {
     new URL(url7);
@@ -12483,7 +12293,7 @@ async function refresh(refreshToken, issuer2, client, dpopKey) {
   } else if (isValidUrl2(client.clientId)) {
     requestBody.client_id = client.clientId;
   }
-  const rawResponse = await fetch(issuer2.tokenEndpoint, {
+  const rawResponse = await fetch2(issuer2.tokenEndpoint, {
     method: "POST",
     body: new URLSearchParams(requestBody).toString(),
     headers: {
@@ -12581,7 +12391,7 @@ var ClientAuthentication2 = class extends ClientAuthentication {
     };
     this.handleIncomingRedirect = async (url7, eventEmitter) => {
       try {
-        const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter, void 0);
+        const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter);
         this.fetch = redirectInfo.fetch.bind(window);
         this.boundLogout = redirectInfo.getLogoutUrl;
         await this.cleanUrlAfterRedirect(url7);
@@ -12660,7 +12470,8 @@ var AuthorizationCodeWithPkceOidcHandler = class extends AuthorizationCodeWithPk
       authority: oidcLoginOptions.issuer.toString(),
       client_id: oidcLoginOptions.client.clientId,
       client_secret: oidcLoginOptions.client.clientSecret,
-      redirect_uri: oidcLoginOptions.redirectUrl,
+      redirect_uri: oidcLoginOptions.redirectUrl.toString(),
+      post_logout_redirect_uri: oidcLoginOptions.redirectUrl.toString(),
       response_type: "code",
       scope: DEFAULT_SCOPES,
       filterProtocolClaims: true,
@@ -12806,7 +12617,7 @@ var IssuerConfigFetcher = class _IssuerConfigFetcher {
       // includes the full issuer path. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.
       issuer2.endsWith("/") ? issuer2 : `${issuer2}/`
     ).href;
-    const issuerConfigRequestBody = await fetch(openIdConfigUrl);
+    const issuerConfigRequestBody = await fetch2.call(globalThis, openIdConfigUrl);
     try {
       issuerConfig = processConfig(await issuerConfigRequestBody.json());
     } catch (err) {
@@ -12897,6 +12708,7 @@ var FallbackRedirectHandler = class {
     return getUnauthenticatedSession();
   }
 };
+var globalFetch2 = (...args) => fetch2.call(globalThis, ...args);
 var AuthCodeRedirectHandler = class {
   constructor(storageUtility, sessionInfoManager, issuerConfigFetcher, clientRegistrar, tokerRefresher) {
     this.storageUtility = storageUtility;
@@ -12939,16 +12751,21 @@ var AuthCodeRedirectHandler = class {
       throw new Error(`The redirect URL for session ${storedSessionId} is missing from storage.`);
     }
     const client = await this.clientRegistrar.getClient({ sessionId: storedSessionId }, issuerConfig);
+    let tokens;
     const tokenCreatedAt = Date.now();
-    const tokens = await getTokens(issuerConfig, client, {
-      grantType: "authorization_code",
-      // We rely on our 'canHandle' function checking that the OAuth 'code'
-      // parameter is present in our query string.
-      code: url7.searchParams.get("code"),
-      codeVerifier,
-      redirectUrl: storedRedirectIri
-    }, isDpop);
-    window.localStorage.removeItem(`oidc.${oauthState}`);
+    if (isDpop) {
+      tokens = await getDpopToken(issuerConfig, client, {
+        grantType: "authorization_code",
+        // We rely on our 'canHandle' function checking that the OAuth 'code'
+        // parameter is present in our query string.
+        code: url7.searchParams.get("code"),
+        codeVerifier,
+        redirectUrl: storedRedirectIri
+      });
+      window.localStorage.removeItem(`oidc.${oauthState}`);
+    } else {
+      tokens = await getBearerToken(url7.toString());
+    }
     let refreshOptions;
     if (tokens.refreshToken !== void 0) {
       refreshOptions = {
@@ -12957,7 +12774,7 @@ var AuthCodeRedirectHandler = class {
         tokenRefresher: this.tokerRefresher
       };
     }
-    const authFetch = await buildAuthenticatedFetch(tokens.accessToken, {
+    const authFetch = await buildAuthenticatedFetch(globalFetch2, tokens.accessToken, {
       dpopKey: tokens.dpopKey,
       refreshOptions,
       eventEmitter,
@@ -13017,34 +12834,33 @@ var ClientRegistrar = class {
     this.storageUtility = storageUtility;
   }
   async getClient(options, issuerConfig) {
-    const [storedClientId, storedClientSecret, storedClientName, storedClientType] = await Promise.all([
+    const [
+      storedClientId,
+      storedClientSecret
+      // storedClientName,
+    ] = await Promise.all([
       this.storageUtility.getForUser(options.sessionId, "clientId", {
         secure: false
       }),
       this.storageUtility.getForUser(options.sessionId, "clientSecret", {
         secure: false
-      }),
-      this.storageUtility.getForUser(options.sessionId, "clientName", {
-        secure: false
-      }),
-      this.storageUtility.getForUser(options.sessionId, "clientType", {
-        secure: false
       })
+      // this.storageUtility.getForUser(options.sessionId, "clientName", {
+      //   // FIXME: figure out how to persist secure storage at reload
+      //   secure: false,
+      // }),
     ]);
-    if (storedClientId && isKnownClientType(storedClientType)) {
+    if (storedClientId) {
       return {
         clientId: storedClientId,
         clientSecret: storedClientSecret,
-        clientName: storedClientName,
-        // Note: static clients are not applicable in a browser context.
-        clientType: storedClientType
+        clientType: "dynamic"
       };
     }
     try {
       const registeredClient = await registerClient(options, issuerConfig);
       const infoToSave = {
-        clientId: registeredClient.clientId,
-        clientType: "dynamic"
+        clientId: registeredClient.clientId
       };
       if (registeredClient.clientSecret) {
         infoToSave.clientSecret = registeredClient.clientSecret;
@@ -13153,7 +12969,7 @@ async function silentlyAuthenticate(sessionId, clientAuthn, session4) {
 function isLoggedIn(sessionInfo) {
   return !!(sessionInfo === null || sessionInfo === void 0 ? void 0 : sessionInfo.isLoggedIn);
 }
-var Session = class {
+var Session = class _Session extends import_events2.default {
   /**
    * Session object constructor. Typically called as follows:
    *
@@ -13170,6 +12986,7 @@ var Session = class {
    *
    */
   constructor(sessionOptions = {}, sessionId = void 0) {
+    super();
     this.tokenRequestInProgress = false;
     this.login = async (options) => {
       var _a;
@@ -13226,7 +13043,7 @@ var Session = class {
       this.tokenRequestInProgress = false;
       return sessionInfo;
     };
-    this.events = new import_events.default();
+    this.events = new Proxy(this, buildProxyHandler(_Session.prototype, "events only implements ISessionEventListener"));
     if (sessionOptions.clientAuthentication) {
       this.clientAuthentication = sessionOptions.clientAuthentication;
     } else if (sessionOptions.secureStorage && sessionOptions.insecureStorage) {
@@ -13253,6 +13070,58 @@ var Session = class {
     this.events.on(EVENTS.SESSION_EXPIRED, () => this.internalLogout(false));
     this.events.on(EVENTS.ERROR, () => this.internalLogout(false));
   }
+  /**
+   * Register a callback function to be called when a user completes login.
+   *
+   * The callback is called when {@link handleIncomingRedirect} completes successfully.
+   *
+   * @param callback The function called when a user completes login.
+   * @deprecated Prefer session.events.on(EVENTS.LOGIN, callback)
+   */
+  onLogin(callback) {
+    this.events.on(EVENTS.LOGIN, callback);
+  }
+  /**
+   * Register a callback function to be called when a user logs out:
+   *
+   * @param callback The function called when a user completes logout.
+   * @deprecated Prefer session.events.on(EVENTS.LOGOUT, callback)
+   */
+  onLogout(callback) {
+    this.events.on(EVENTS.LOGOUT, callback);
+  }
+  /**
+   * Register a callback function to be called when a user logs out:
+   *
+   * @param callback The function called when an error occurs.
+   * @since 1.11.0
+   * @deprecated Prefer session.events.on(EVENTS.ERROR, callback)
+   */
+  onError(callback) {
+    this.events.on(EVENTS.ERROR, callback);
+  }
+  /**
+   * Register a callback function to be called when a session is restored.
+   *
+   * Note: the callback will be called with the saved value of the 'current URL'
+   * at the time the session was restored.
+   *
+   * @param callback The function called when a user's already logged-in session is restored, e.g., after a silent authentication is completed after a page refresh.
+   * @deprecated Prefer session.events.on(EVENTS.SESSION_RESTORED, callback)
+   */
+  onSessionRestore(callback) {
+    this.events.on(EVENTS.SESSION_RESTORED, callback);
+  }
+  /**
+   * Register a callback that runs when the session expires and can no longer
+   * make authenticated requests, but following a user logout.
+   * @param callback The function that runs on session expiration.
+   * @since 1.11.0
+   * @deprecated Prefer session.events.on(EVENTS.SESSION_EXPIRED, callback)
+   */
+  onSessionExpiration(callback) {
+    this.events.on(EVENTS.SESSION_EXPIRED, callback);
+  }
   setSessionInfo(sessionInfo) {
     this.info.isLoggedIn = sessionInfo.isLoggedIn;
     this.info.webId = sessionInfo.webId;
@@ -13303,19 +13172,16 @@ var BrowserSession = class {
    * @deprecated use observeSession instead
    */
   trackSession(callback) {
-    this.session.events.on(EVENTS.LOGIN, () => callback(this.session.info));
-    this.session.events.on(EVENTS.LOGOUT, () => callback(this.session.info));
-    this.session.events.on(
-      EVENTS.SESSION_RESTORED,
-      () => callback(this.session.info)
-    );
+    this.session.on(EVENTS.LOGIN, () => callback(this.session.info));
+    this.session.on(EVENTS.LOGOUT, () => callback(this.session.info));
+    this.session.on(EVENTS.SESSION_RESTORED, () => callback(this.session.info));
     callback(this.session.info);
   }
   observeSession() {
     return this.sessionInfo$;
   }
   onSessionRestore(callback) {
-    this.session.events.on(EVENTS.SESSION_RESTORED, callback);
+    this.session.on(EVENTS.SESSION_RESTORED, callback);
   }
 };
@@ -23297,7 +23163,7 @@ var Document3 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response = "http://www.w3.org/2007/ont/link#Response";
+var Response2 = "http://www.w3.org/2007/ont/link#Response";
 var Session3 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -23317,7 +23183,7 @@ var linkImport = /* @__PURE__ */ Object.freeze({
   Mailbox,
   ProtocolEvent,
   RDFDocument,
-  Response,
+  Response: Response2,
   Session: Session3,
   isMentionedIn,
   mentionsClass,
@@ -33583,7 +33449,7 @@ var Document4 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox2 = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent2 = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument2 = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response2 = "http://www.w3.org/2007/ont/link#Response";
+var Response3 = "http://www.w3.org/2007/ont/link#Response";
 var Session4 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn2 = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass2 = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -33603,7 +33469,7 @@ var tabImport = /* @__PURE__ */ Object.freeze({
   Mailbox: Mailbox2,
   ProtocolEvent: ProtocolEvent2,
   RDFDocument: RDFDocument2,
-  Response: Response2,
+  Response: Response3,
   Session: Session4,
   isMentionedIn: isMentionedIn2,
   mentionsClass: mentionsClass2,
@@ -33625,7 +33491,7 @@ var Document5 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox3 = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent3 = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument3 = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response3 = "http://www.w3.org/2007/ont/link#Response";
+var Response4 = "http://www.w3.org/2007/ont/link#Response";
 var Session5 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn3 = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass3 = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -33645,7 +33511,7 @@ var tabontImport = /* @__PURE__ */ Object.freeze({
   Mailbox: Mailbox3,
   ProtocolEvent: ProtocolEvent3,
   RDFDocument: RDFDocument3,
-  Response: Response3,
+  Response: Response4,
   Session: Session5,
   isMentionedIn: isMentionedIn3,
   mentionsClass: mentionsClass3,