@sesamy/sesamy-js 1.101.0 → 1.103.0

package/dist/auth0-plugin.iife.js

@@ -1,7 +1,7 @@
-var auth0Plugin=(function(E){"use strict";function P(o,e){var t={};for(var n in o)Object.prototype.hasOwnProperty.call(o,n)&&e.indexOf(n)<0&&(t[n]=o[n]);if(o!=null&&typeof Object.getOwnPropertySymbols=="function"){var i=0;for(n=Object.getOwnPropertySymbols(o);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(o,n[i])&&(t[n[i]]=o[n[i]])}return t}typeof SuppressedError=="function"&&SuppressedError;var R=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function he(o){return o&&o.__esModule&&Object.prototype.hasOwnProperty.call(o,"default")?o.default:o}function pe(o,e){return o(e={exports:{}},e.exports),e.exports}var N=pe((function(o,e){Object.defineProperty(e,"__esModule",{value:!0});var t=(function(){function n(){var i=this;this.locked=new Map,this.addToLocked=function(r,c){var h=i.locked.get(r);h===void 0?c===void 0?i.locked.set(r,[]):i.locked.set(r,[c]):c!==void 0&&(h.unshift(c),i.locked.set(r,h))},this.isLocked=function(r){return i.locked.has(r)},this.lock=function(r){return new Promise((function(c,h){i.isLocked(r)?i.addToLocked(r,c):(i.addToLocked(r),c())}))},this.unlock=function(r){var c=i.locked.get(r);if(c!==void 0&&c.length!==0){var h=c.pop();i.locked.set(r,c),h!==void 0&&setTimeout(h,0)}else i.locked.delete(r)}}return n.getInstance=function(){return n.instance===void 0&&(n.instance=new n),n.instance},n})();e.default=function(){return t.getInstance()}}));he(N);var ot=he(pe((function(o,e){var t=R&&R.__awaiter||function(s,l,a,u){return new(a||(a=Promise))((function(p,g){function f(v){try{b(u.next(v))}catch(y){g(y)}}function w(v){try{b(u.throw(v))}catch(y){g(y)}}function b(v){v.done?p(v.value):new a((function(y){y(v.value)})).then(f,w)}b((u=u.apply(s,l||[])).next())}))},n=R&&R.__generator||function(s,l){var a,u,p,g,f={label:0,sent:function(){if(1&p[0])throw p[1];return p[1]},trys:[],ops:[]};return g={next:w(0),throw:w(1),return:w(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function w(b){return function(v){return(function(y){if(a)throw new TypeError("Generator is already executing.");for(;f;)try{if(a=1,u&&(p=2&y[0]?u.return:y[0]?u.throw||((p=u.return)&&p.call(u),0):u.next)&&!(p=p.call(u,y[1])).done)return p;switch(u=0,p&&(y=[2&y[0],p.value]),y[0]){case 0:case 1:p=y;break;case 4:return f.label++,{value:y[1],done:!1};case 5:f.label++,u=y[1],y=[0];continue;case 7:y=f.ops.pop(),f.trys.pop();continue;default:if(p=f.trys,!((p=p.length>0&&p[p.length-1])||y[0]!==6&&y[0]!==2)){f=0;continue}if(y[0]===3&&(!p||y[1]>p[0]&&y[1]<p[3])){f.label=y[1];break}if(y[0]===6&&f.label<p[1]){f.label=p[1],p=y;break}if(p&&f.label<p[2]){f.label=p[2],f.ops.push(y);break}p[2]&&f.ops.pop(),f.trys.pop();continue}y=l.call(s,f)}catch(_){y=[6,_],u=0}finally{a=p=0}if(5&y[0])throw y[1];return{value:y[0]?y[1]:void 0,done:!0}})([b,v])}}},i=R;Object.defineProperty(e,"__esModule",{value:!0});var r="browser-tabs-lock-key",c={key:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},getItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},clear:function(){return t(i,void 0,void 0,(function(){return n(this,(function(s){return[2,window.localStorage.clear()]}))}))},removeItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},setItem:function(s,l){return t(i,void 0,void 0,(function(){return n(this,(function(a){throw new Error("Unsupported")}))}))},keySync:function(s){return window.localStorage.key(s)},getItemSync:function(s){return window.localStorage.getItem(s)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(s){return window.localStorage.removeItem(s)},setItemSync:function(s,l){return window.localStorage.setItem(s,l)}};function h(s){return new Promise((function(l){return setTimeout(l,s)}))}function d(s){for(var l="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",a="",u=0;u<s;u++)a+=l[Math.floor(Math.random()*l.length)];return a}var m=(function(){function s(l){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+d(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=l,s.waiters===void 0&&(s.waiters=[])}return s.prototype.acquireLock=function(l,a){return a===void 0&&(a=5e3),t(this,void 0,void 0,(function(){var u,p,g,f,w,b,v;return n(this,(function(y){switch(y.label){case 0:u=Date.now()+d(4),p=Date.now()+a,g=r+"-"+l,f=this.storageHandler===void 0?c:this.storageHandler,y.label=1;case 1:return Date.now()<p?[4,h(30)]:[3,8];case 2:return y.sent(),f.getItemSync(g)!==null?[3,5]:(w=this.id+"-"+l+"-"+u,[4,h(Math.floor(25*Math.random()))]);case 3:return y.sent(),f.setItemSync(g,JSON.stringify({id:this.id,iat:u,timeoutKey:w,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,h(30)];case 4:return y.sent(),(b=f.getItemSync(g))!==null&&(v=JSON.parse(b)).id===this.id&&v.iat===u?(this.acquiredIatSet.add(u),this.refreshLockWhileAcquired(g,u),[2,!0]):[3,7];case 5:return s.lockCorrector(this.storageHandler===void 0?c:this.storageHandler),[4,this.waitForSomethingToChange(p)];case 6:y.sent(),y.label=7;case 7:return u=Date.now()+d(4),[3,1];case 8:return[2,!1]}}))}))},s.prototype.refreshLockWhileAcquired=function(l,a){return t(this,void 0,void 0,(function(){var u=this;return n(this,(function(p){return setTimeout((function(){return t(u,void 0,void 0,(function(){var g,f,w;return n(this,(function(b){switch(b.label){case 0:return[4,N.default().lock(a)];case 1:return b.sent(),this.acquiredIatSet.has(a)?(g=this.storageHandler===void 0?c:this.storageHandler,(f=g.getItemSync(l))===null?(N.default().unlock(a),[2]):((w=JSON.parse(f)).timeRefreshed=Date.now(),g.setItemSync(l,JSON.stringify(w)),N.default().unlock(a),this.refreshLockWhileAcquired(l,a),[2])):(N.default().unlock(a),[2])}}))}))}),1e3),[2]}))}))},s.prototype.waitForSomethingToChange=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,new Promise((function(u){var p=!1,g=Date.now(),f=!1;function w(){if(f||(window.removeEventListener("storage",w),s.removeFromWaiting(w),clearTimeout(b),f=!0),!p){p=!0;var v=50-(Date.now()-g);v>0?setTimeout(u,v):u(null)}}window.addEventListener("storage",w),s.addToWaiting(w);var b=setTimeout(w,Math.max(0,l-Date.now()))}))];case 1:return a.sent(),[2]}}))}))},s.addToWaiting=function(l){this.removeFromWaiting(l),s.waiters!==void 0&&s.waiters.push(l)},s.removeFromWaiting=function(l){s.waiters!==void 0&&(s.waiters=s.waiters.filter((function(a){return a!==l})))},s.notifyWaiters=function(){s.waiters!==void 0&&s.waiters.slice().forEach((function(l){return l()}))},s.prototype.releaseLock=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,this.releaseLock__private__(l)];case 1:return[2,a.sent()]}}))}))},s.prototype.releaseLock__private__=function(l){return t(this,void 0,void 0,(function(){var a,u,p,g;return n(this,(function(f){switch(f.label){case 0:return a=this.storageHandler===void 0?c:this.storageHandler,u=r+"-"+l,(p=a.getItemSync(u))===null?[2]:(g=JSON.parse(p)).id!==this.id?[3,2]:[4,N.default().lock(g.iat)];case 1:f.sent(),this.acquiredIatSet.delete(g.iat),a.removeItemSync(u),N.default().unlock(g.iat),s.notifyWaiters(),f.label=2;case 2:return[2]}}))}))},s.lockCorrector=function(l){for(var a=Date.now()-5e3,u=l,p=[],g=0;;){var f=u.keySync(g);if(f===null)break;p.push(f),g++}for(var w=!1,b=0;b<p.length;b++){var v=p[b];if(v.includes(r)){var y=u.getItemSync(v);if(y!==null){var _=JSON.parse(y);(_.timeRefreshed===void 0&&_.timeAcquired<a||_.timeRefreshed!==void 0&&_.timeRefreshed<a)&&(u.removeItemSync(v),w=!0)}}}w&&s.notifyWaiters()},s.waiters=void 0,s})();e.default=m})));const it={timeoutInSeconds:60},Ne={name:"auth0-spa-js",version:"2.11.3"},je=()=>Date.now();class S extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,S.prototype)}static fromPayload({error:e,error_description:t}){return new S(e,t)}}class me extends S{constructor(e,t,n,i=null){super(e,t),this.state=n,this.appState=i,Object.setPrototypeOf(this,me.prototype)}}class fe extends S{constructor(e,t,n,i,r=null){super(e,t),this.connection=n,this.state=i,this.appState=r,Object.setPrototypeOf(this,fe.prototype)}}class H extends S{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,H.prototype)}}class ge extends H{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,ge.prototype)}}class ye extends S{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,ye.prototype)}}class we extends S{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,we.prototype)}}class be extends S{constructor(e,t,n){super(e,t),this.mfa_token=n,Object.setPrototypeOf(this,be.prototype)}}class te extends S{constructor(e,t){super("missing_refresh_token",`Missing Refresh Token (audience: '${oe(e,["default"])}', scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,te.prototype)}}class ve extends S{constructor(e,t){super("missing_scopes",`Missing requested scopes after refresh (audience: '${oe(e,["default"])}', missing scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,ve.prototype)}}class ne extends S{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,ne.prototype)}}function oe(o,e=[]){return o&&!e.includes(o)?o:""}const ie=()=>window.crypto,F=()=>{const o="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";let e="";return Array.from(ie().getRandomValues(new Uint8Array(43))).forEach((t=>e+=o[t%o.length])),e},ke=o=>btoa(o),rt=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],st=o=>Object.keys(o).reduce(((e,t)=>{const n=rt.find((i=>i.key===t));return n&&n.type.includes(typeof o[t])&&(e[t]=o[t]),e}),{}),Se=o=>{var{clientId:e}=o,t=P(o,["clientId"]);return new URLSearchParams((n=>Object.keys(n).filter((i=>n[i]!==void 0)).reduce(((i,r)=>Object.assign(Object.assign({},i),{[r]:n[r]})),{}))(Object.assign({client_id:e},t))).toString()},Ke=async o=>await ie().subtle.digest({name:"SHA-256"},new TextEncoder().encode(o)),De=o=>(e=>decodeURIComponent(atob(e).split("").map((t=>"%"+("00"+t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g,"/").replace(/-/g,"+")),xe=o=>{const e=new Uint8Array(o);return(t=>{const n={"+":"-","/":"_","=":""};return t.replace(/[+/=]/g,(i=>n[i]))})(window.btoa(String.fromCharCode(...Array.from(e))))},at=new TextEncoder,ct=new TextDecoder;function $(o){return typeof o=="string"?at.encode(o):ct.decode(o)}function ze(o){if(typeof o.modulusLength!="number"||o.modulusLength<2048)throw new lt(`${o.name} modulusLength must be at least 2048 bits`)}async function ut(o,e,t){if(t.usages.includes("sign")===!1)throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const n=`${X($(JSON.stringify(o)))}.${X($(JSON.stringify(e)))}`;return`${n}.${X(await crypto.subtle.sign((function(i){switch(i.algorithm.name){case"ECDSA":return{name:i.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return ze(i.algorithm),{name:i.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return ze(i.algorithm),{name:i.algorithm.name};case"Ed25519":return{name:i.algorithm.name}}throw new j})(t),t,$(n)))}`}let _e;Uint8Array.prototype.toBase64?_e=o=>(o instanceof ArrayBuffer&&(o=new Uint8Array(o)),o.toBase64({alphabet:"base64url",omitPadding:!0})):_e=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function X(o){return _e(o)}class j extends Error{constructor(e){var t;super(e??"operation not supported"),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}class lt extends Error{constructor(e){var t;super(e),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}function dt(o){switch(o.algorithm.name){case"RSA-PSS":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"PS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"RSASSA-PKCS1-v1_5":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"RS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"ECDSA":return(function(e){if(e.algorithm.namedCurve==="P-256")return"ES256";throw new j("unsupported EcKeyAlgorithm namedCurve")})(o);case"Ed25519":return"Ed25519";default:throw new j("unsupported CryptoKey algorithm name")}}function Ue(o){return o instanceof CryptoKey}function Le(o){return Ue(o)&&o.type==="public"}async function ht(o,e,t,n,i,r){const c=o?.privateKey,h=o?.publicKey;if(!Ue(d=c)||d.type!=="private")throw new TypeError('"keypair.privateKey" must be a private CryptoKey');var d;if(!Le(h))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(h.extractable!==!0)throw new TypeError('"keypair.publicKey.extractable" must be true');if(typeof e!="string")throw new TypeError('"htu" must be a string');if(typeof t!="string")throw new TypeError('"htm" must be a string');if(n!==void 0&&typeof n!="string")throw new TypeError('"nonce" must be a string or undefined');if(i!==void 0&&typeof i!="string")throw new TypeError('"accessToken" must be a string or undefined');return ut({alg:dt(c),typ:"dpop+jwt",jwk:await He(h)},Object.assign(Object.assign({},r),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:t,nonce:n,htu:e,ath:i?X(await crypto.subtle.digest("SHA-256",$(i))):void 0}),c)}async function He(o){const{kty:e,e:t,n,x:i,y:r,crv:c}=await crypto.subtle.exportKey("jwk",o);return{kty:e,crv:c,e:t,n,x:i,y:r}}const pt=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange"];function mt(){return(async function(o,e){var t;let n;if(o.length===0)throw new TypeError('"alg" must be a non-empty string');switch(o){case"PS256":n={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":n={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":n={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":n={name:"Ed25519"};break;default:throw new j}return crypto.subtle.generateKey(n,(t=e?.extractable)!==null&&t!==void 0&&t,["sign","verify"])})("ES256",{extractable:!1})}function ft(o){return(async function(e){if(!Le(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(e.extractable!==!0)throw new TypeError('"publicKey.extractable" must be true');const t=await He(e);let n;switch(t.kty){case"EC":n={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":n={crv:t.crv,kty:t.kty,x:t.x};break;case"RSA":n={e:t.e,kty:t.kty,n:t.n};break;default:throw new j("unsupported JWK kty")}return X(await crypto.subtle.digest({name:"SHA-256"},$(JSON.stringify(n))))})(o.publicKey)}function gt({keyPair:o,url:e,method:t,nonce:n,accessToken:i}){const r=(function(c){const h=new URL(c);return h.search="",h.hash="",h.href})(e);return ht(o,r,t,n,i)}const yt=async(o,e)=>{const t=await fetch(o,e);return{ok:t.ok,json:await t.json(),headers:(n=t.headers,[...n].reduce(((i,[r,c])=>(i[r]=c,i)),{}))};var n},wt=async(o,e,t)=>{const n=new AbortController;let i;return e.signal=n.signal,Promise.race([yt(o,e),new Promise(((r,c)=>{i=setTimeout((()=>{n.abort(),c(new Error("Timeout when executing 'fetch'"))}),t)}))]).finally((()=>{clearTimeout(i)}))},bt=async(o,e,t,n,i,r,c,h)=>{return d={auth:{audience:e,scope:t},timeout:i,fetchUrl:o,fetchOptions:n,useFormData:c,useMrrt:h},m=r,new Promise((function(s,l){const a=new MessageChannel;a.port1.onmessage=function(u){u.data.error?l(new Error(u.data.error)):s(u.data),a.port1.close()},m.postMessage(d,[a.port2])}));var d,m},vt=async(o,e,t,n,i,r,c=1e4,h)=>i?bt(o,e,t,n,c,i,r,h):wt(o,n,c);async function Ze(o,e,t,n,i,r,c,h,d,m){if(d){const v=await d.generateProof({url:o,method:i.method||"GET",nonce:await d.getNonce()});i.headers=Object.assign(Object.assign({},i.headers),{dpop:v})}let s,l=null;for(let v=0;v<3;v++)try{s=await vt(o,t,n,i,r,c,e,h),l=null;break}catch(y){l=y}if(l)throw l;const a=s.json,{error:u,error_description:p}=a,g=P(a,["error","error_description"]),{headers:f,ok:w}=s;let b;if(d&&(b=f["dpop-nonce"],b&&await d.setNonce(b)),!w){const v=p||`HTTP error. Unable to fetch ${o}`;if(u==="mfa_required")throw new be(u,v,g.mfa_token);if(u==="missing_refresh_token")throw new te(t,n);if(u==="use_dpop_nonce"){if(!d||!b||m)throw new ne(b);return Ze(o,e,t,n,i,r,c,h,d,!0)}throw new S(u||"request_error",v)}return g}async function kt(o,e){var{baseUrl:t,timeout:n,audience:i,scope:r,auth0Client:c,useFormData:h,useMrrt:d,dpop:m}=o,s=P(o,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);const l=s.grant_type==="urn:ietf:params:oauth:grant-type:token-exchange",a=s.grant_type==="refresh_token"&&d,u=Object.assign(Object.assign(Object.assign(Object.assign({},s),l&&i&&{audience:i}),l&&r&&{scope:r}),a&&{audience:i,scope:r}),p=h?Se(u):JSON.stringify(u),g=(f=s.grant_type,pt.includes(f));var f;return await Ze(`${t}/oauth/token`,n,i||"default",r,{method:"POST",body:p,headers:{"Content-Type":h?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(st(c||Ne)))}},e,h,d,g?m:void 0)}const re=(...o)=>{return(e=o.filter(Boolean).join(" ").trim().split(/\s+/),Array.from(new Set(e))).join(" ");var e},se=(o,e,t)=>{let n;return t&&(n=o[t]),n||(n=o.default),re(n,e)};class O{constructor(e,t="@@auth0spajs@@",n){this.prefix=t,this.suffix=n,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){const[t,n,i,r]=e.split("::");return new O({clientId:n,scope:r,audience:i},t)}static fromCacheEntry(e){const{scope:t,audience:n,client_id:i}=e;return new O({scope:t,audience:n,clientId:i})}}class St{set(e,t){localStorage.setItem(e,JSON.stringify(t))}get(e){const t=window.localStorage.getItem(e);if(t)try{return JSON.parse(t)}catch{return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter((e=>e.startsWith("@@auth0spajs@@")))}}class We{constructor(){this.enclosedCache=(function(){let e={};return{set(t,n){e[t]=n},get(t){const n=e[t];if(n)return n},remove(t){delete e[t]},allKeys:()=>Object.keys(e)}})()}}class _t{constructor(e,t,n){this.cache=e,this.keyManifest=t,this.nowProvider=n||je}async setIdToken(e,t,n){var i;const r=this.getIdTokenCacheKey(e);await this.cache.set(r,{id_token:t,decodedToken:n}),await((i=this.keyManifest)===null||i===void 0?void 0:i.add(r))}async getIdToken(e){const t=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!t&&e.scope&&e.audience){const n=await this.get(e);return!n||!n.id_token||!n.decodedToken?void 0:{id_token:n.id_token,decodedToken:n.decodedToken}}if(t)return{id_token:t.id_token,decodedToken:t.decodedToken}}async get(e,t=0,n=!1,i){var r;let c=await this.cache.get(e.toKey());if(!c){const m=await this.getCacheKeys();if(!m)return;const s=this.matchExistingCacheKey(e,m);if(s&&(c=await this.cache.get(s)),!c&&n&&i!=="cache-only")return this.getEntryWithRefreshToken(e,m)}if(!c)return;const h=await this.nowProvider(),d=Math.floor(h/1e3);return c.expiresAt-t<d?c.body.refresh_token?this.modifiedCachedEntry(c,e):(await this.cache.remove(e.toKey()),void await((r=this.keyManifest)===null||r===void 0?void 0:r.remove(e.toKey()))):c.body}async modifiedCachedEntry(e,t){return e.body={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},await this.cache.set(t.toKey(),e),{refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope}}async set(e){var t;const n=new O({clientId:e.client_id,scope:e.scope,audience:e.audience}),i=await this.wrapCacheEntry(e);await this.cache.set(n.toKey(),i),await((t=this.keyManifest)===null||t===void 0?void 0:t.add(n.toKey()))}async remove(e,t,n){const i=new O({clientId:e,scope:n,audience:t});await this.cache.remove(i.toKey())}async clear(e){var t;const n=await this.getCacheKeys();n&&(await n.filter((i=>!e||i.includes(e))).reduce((async(i,r)=>{await i,await this.cache.remove(r)}),Promise.resolve()),await((t=this.keyManifest)===null||t===void 0?void 0:t.clear()))}async wrapCacheEntry(e){const t=await this.nowProvider();return{body:e,expiresAt:Math.floor(t/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?(e=await this.keyManifest.get())===null||e===void 0?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new O({clientId:e},"@@auth0spajs@@","@@user@@").toKey()}matchExistingCacheKey(e,t){return t.filter((n=>{var i;const r=O.fromKey(n),c=new Set(r.scope&&r.scope.split(" ")),h=((i=e.scope)===null||i===void 0?void 0:i.split(" "))||[],d=r.scope&&h.reduce(((m,s)=>m&&c.has(s)),!0);return r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId&&r.audience===e.audience&&d}))[0]}async getEntryWithRefreshToken(e,t){var n;for(const i of t){const r=O.fromKey(i);if(r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId){const c=await this.cache.get(i);if(!((n=c?.body)===null||n===void 0)&&n.refresh_token)return this.modifiedCachedEntry(c,e)}}}async updateEntry(e,t){var n;const i=await this.getCacheKeys();if(i)for(const r of i){const c=await this.cache.get(r);if(((n=c?.body)===null||n===void 0?void 0:n.refresh_token)===e){const h=Object.assign(Object.assign({},c.body),{refresh_token:t});await this.set(h)}}}}class It{constructor(e,t,n){this.storage=e,this.clientId=t,this.cookieDomain=n,this.storageKey=`a0.spajs.txs.${this.clientId}`}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}const V=o=>typeof o=="number",Tt=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"],Ot=o=>{if(!o.id_token)throw new Error("ID token is required but missing");const e=(r=>{const c=r.split("."),[h,d,m]=c;if(c.length!==3||!h||!d||!m)throw new Error("ID token could not be decoded");const s=JSON.parse(De(d)),l={__raw:r},a={};return Object.keys(s).forEach((u=>{l[u]=s[u],Tt.includes(u)||(a[u]=s[u])})),{encoded:{header:h,payload:d,signature:m},header:JSON.parse(De(h)),claims:l,user:a}})(o.id_token);if(!e.claims.iss)throw new Error("Issuer (iss) claim must be a string present in the ID token");if(e.claims.iss!==o.iss)throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${o.iss}", found "${e.claims.iss}"`);if(!e.user.sub)throw new Error("Subject (sub) claim must be a string present in the ID token");if(e.header.alg!=="RS256")throw new Error(`Signature algorithm of "${e.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);if(!e.claims.aud||typeof e.claims.aud!="string"&&!Array.isArray(e.claims.aud))throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(o.aud))throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but was not one of "${e.claims.aud.join(", ")}"`);if(e.claims.aud.length>1){if(!e.claims.azp)throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(e.claims.azp!==o.aud)throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${o.aud}", found "${e.claims.azp}"`)}}else if(e.claims.aud!==o.aud)throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but found "${e.claims.aud}"`);if(o.nonce){if(!e.claims.nonce)throw new Error("Nonce (nonce) claim must be a string present in the ID token");if(e.claims.nonce!==o.nonce)throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${o.nonce}", found "${e.claims.nonce}"`)}if(o.max_age&&!V(e.claims.auth_time))throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(e.claims.exp==null||!V(e.claims.exp))throw new Error("Expiration Time (exp) claim must be a number present in the ID token");if(!V(e.claims.iat))throw new Error("Issued At (iat) claim must be a number present in the ID token");const t=o.leeway||60,n=new Date(o.now||Date.now()),i=new Date(0);if(i.setUTCSeconds(e.claims.exp+t),n>i)throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${n}) is after expiration time (${i})`);if(e.claims.nbf!=null&&V(e.claims.nbf)){const r=new Date(0);if(r.setUTCSeconds(e.claims.nbf-t),n<r)throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${n}) is before ${r}`)}if(e.claims.auth_time!=null&&V(e.claims.auth_time)){const r=new Date(0);if(r.setUTCSeconds(parseInt(e.claims.auth_time)+o.max_age+t),n>r)throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${n}) is after last auth at ${r}`)}if(o.organization){const r=o.organization.trim();if(r.startsWith("org_")){const c=r;if(!e.claims.org_id)throw new Error("Organization ID (org_id) claim must be a string present in the ID token");if(c!==e.claims.org_id)throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_id}"`)}else{const c=r.toLowerCase();if(!e.claims.org_name)throw new Error("Organization Name (org_name) claim must be a string present in the ID token");if(c!==e.claims.org_name)throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_name}"`)}}return e};var K=pe((function(o,e){var t=R&&R.__assign||function(){return t=Object.assign||function(d){for(var m,s=1,l=arguments.length;s<l;s++)for(var a in m=arguments[s])Object.prototype.hasOwnProperty.call(m,a)&&(d[a]=m[a]);return d},t.apply(this,arguments)};function n(d,m){if(!m)return"";var s="; "+d;return m===!0?s:s+"="+m}function i(d,m,s){return encodeURIComponent(d).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(m).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+(function(l){if(typeof l.expires=="number"){var a=new Date;a.setMilliseconds(a.getMilliseconds()+864e5*l.expires),l.expires=a}return n("Expires",l.expires?l.expires.toUTCString():"")+n("Domain",l.domain)+n("Path",l.path)+n("Secure",l.secure)+n("SameSite",l.sameSite)})(s)}function r(d){for(var m={},s=d?d.split("; "):[],l=/(%[\dA-F]{2})+/gi,a=0;a<s.length;a++){var u=s[a].split("="),p=u.slice(1).join("=");p.charAt(0)==='"'&&(p=p.slice(1,-1));try{m[u[0].replace(l,decodeURIComponent)]=p.replace(l,decodeURIComponent)}catch{}}return m}function c(){return r(document.cookie)}function h(d,m,s){document.cookie=i(d,m,t({path:"/"},s))}e.__esModule=!0,e.encode=i,e.parse=r,e.getAll=c,e.get=function(d){return c()[d]},e.set=h,e.remove=function(d,m){h(d,"",t(t({},m),{expires:-1}))}}));he(K),K.encode,K.parse,K.getAll;var Pt=K.get,Je=K.set,Fe=K.remove;const Z={get(o){const e=Pt(o);if(e!==void 0)return JSON.parse(e)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0,sameSite:"none"}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(o,JSON.stringify(e),n)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t)}},Et={get(o){return Z.get(o)||Z.get(`_legacy_${o}`)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(`_legacy_${o}`,JSON.stringify(e),n),Z.save(o,e,t)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t),Z.remove(o,e),Z.remove(`_legacy_${o}`,e)}},Ct={get(o){if(typeof sessionStorage>"u")return;const e=sessionStorage.getItem(o);return e!=null?JSON.parse(e):void 0},save(o,e){sessionStorage.setItem(o,JSON.stringify(e))},remove(o){sessionStorage.removeItem(o)}};var D;(function(o){o.Code="code",o.ConnectCode="connect_code"})(D||(D={}));function At(o,e,t){var n=e===void 0?null:e,i=(function(d,m){var s=atob(d);if(m){for(var l=new Uint8Array(s.length),a=0,u=s.length;a<u;++a)l[a]=s.charCodeAt(a);return String.fromCharCode.apply(null,new Uint16Array(l.buffer))}return s})(o,t!==void 0&&t),r=i.indexOf(`
-`,10)+1,c=i.substring(r)+(n?"//# sourceMappingURL="+n:""),h=new Blob([c],{type:"application/javascript"});return URL.createObjectURL(h)}var $e,Xe,Ve,Ie,Rt=($e="Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==",Xe=null,Ve=!1,function(o){return Ie=Ie||At($e,Xe,Ve),new Worker(Ie,o)});const Te={},Ge=async(o,e=3)=>{for(let t=0;t<e;t++)if(await o())return!0;return!1};class Nt{constructor(e,t){this.cache=e,this.clientId=t,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var t;const n=new Set(((t=await this.cache.get(this.manifestKey))===null||t===void 0?void 0:t.keys)||[]);n.add(e),await this.cache.set(this.manifestKey,{keys:[...n]})}async remove(e){const t=await this.cache.get(this.manifestKey);if(t){const n=new Set(t.keys);return n.delete(e),n.size>0?await this.cache.set(this.manifestKey,{keys:[...n]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return`@@auth0spajs@@::${e}`}}const jt={memory:()=>new We().enclosedCache,localstorage:()=>new St},Me=o=>jt[o],Ye=o=>{const{openUrl:e,onRedirect:t}=o,n=P(o,["openUrl","onRedirect"]);return Object.assign(Object.assign({},n),{openUrl:e===!1||e?e:t})},Be=(o,e)=>{const t=e?.split(" ")||[];return(o?.split(" ")||[]).every((n=>t.includes(n)))},x={NONCE:"nonce",KEYPAIR:"keypair"};class Kt{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){const e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise(((t,n)=>{e.onupgradeneeded=()=>Object.values(x).forEach((i=>e.result.createObjectStore(i))),e.onerror=()=>n(e.error),e.onsuccess=()=>t(e.result)}))}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,t,n){const i=n((await this.getDbHandle()).transaction(e,t).objectStore(e));return new Promise(((r,c)=>{i.onsuccess=()=>r(i.result),i.onerror=()=>c(i.error)}))}buildKey(e){const t=e?`_${e}`:"auth0";return`${this.clientId}::${t}`}setNonce(e,t){return this.save(x.NONCE,this.buildKey(t),e)}setKeyPair(e){return this.save(x.KEYPAIR,this.buildKey(),e)}async save(e,t,n){await this.executeDbRequest(e,"readwrite",(i=>i.put(n,t)))}findNonce(e){return this.find(x.NONCE,this.buildKey(e))}findKeyPair(){return this.find(x.KEYPAIR,this.buildKey())}find(e,t){return this.executeDbRequest(e,"readonly",(n=>n.get(t)))}async deleteBy(e,t){const n=await this.executeDbRequest(e,"readonly",(i=>i.getAllKeys()));n?.filter(t).map((i=>this.executeDbRequest(e,"readwrite",(r=>r.delete(i)))))}deleteByClientId(e,t){return this.deleteBy(e,(n=>typeof n=="string"&&n.startsWith(`${t}::`)))}clearNonces(){return this.deleteByClientId(x.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(x.KEYPAIR,this.clientId)}}class Dt{constructor(e){this.storage=new Kt(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,t){return this.storage.setNonce(e,t)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await mt(),await this.storage.setKeyPair(e)),e}async generateProof(e){const t=await this.getOrGenerateKeyPair();return gt(Object.assign({keyPair:t},e))}async calculateThumbprint(){return ft(await this.getOrGenerateKeyPair())}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}var W;(function(o){o.Bearer="Bearer",o.DPoP="DPoP"})(W||(W={}));class xt{constructor(e,t){this.hooks=t,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||(typeof window>"u"?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,t){if(t){if(this.isAbsoluteUrl(t))return t;if(e)return`${e.replace(/\/?\/$/,"")}/${t.replace(/^\/+/,"")}`}throw new TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return typeof e=="string"?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,t){if(!this.config.baseUrl)return new Request(e,t);const n=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),i=e instanceof Request?new Request(n,e):n;return new Request(i,t)}setAuthorizationHeader(e,t,n=W.Bearer){e.headers.set("authorization",`${n} ${t}`)}async setDpopProofHeader(e,t){if(!this.config.dpopNonceId)return;const n=await this.hooks.getDpopNonce(),i=await this.hooks.generateDpopProof({accessToken:t,method:e.method,nonce:n,url:e.url});e.headers.set("dpop",i)}async prepareRequest(e,t){const n=await this.getAccessToken(t);let i,r;typeof n=="string"?(i=this.config.dpopNonceId?W.DPoP:W.Bearer,r=n):(i=n.token_type,r=n.access_token),this.setAuthorizationHeader(e,r,i),i===W.DPoP&&await this.setDpopProofHeader(e,r)}getHeader(e,t){return Array.isArray(e)?new Headers(e).get(t)||"":typeof e.get=="function"?e.get(t)||"":e[t]||""}hasUseDpopNonceError(e){if(e.status!==401)return!1;const t=this.getHeader(e.headers,"www-authenticate");return t.includes("invalid_dpop_nonce")||t.includes("use_dpop_nonce")}async handleResponse(e,t){const n=this.getHeader(e.headers,"dpop-nonce");if(n&&await this.hooks.setDpopNonce(n),!this.hasUseDpopNonceError(e))return e;if(!n||!t.onUseDpopNonceError)throw new ne(n);return t.onUseDpopNonceError()}async internalFetchWithAuth(e,t,n,i){const r=this.buildBaseRequest(e,t);await this.prepareRequest(r,i);const c=await this.config.fetch(r);return this.handleResponse(c,n)}fetchWithAuth(e,t,n){const i={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,t,Object.assign(Object.assign({},i),{onUseDpopNonceError:void 0}),n)};return this.internalFetchWithAuth(e,t,i,n)}}class zt{constructor(e,t){this.myAccountFetcher=e,this.apiBase=t}async connectAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async completeAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async _handleResponse(e){let t;try{t=await e.text(),t=JSON.parse(t)}catch(n){throw new ae({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:t||String(n)})}if(e.ok)return t;throw new ae(t)}}class ae extends Error{constructor({type:e,status:t,title:n,detail:i,validation_errors:r}){super(i),this.name="MyAccountApiError",this.type=e,this.status=t,this.title=n,this.detail=i,this.validation_errors=r,Object.setPrototypeOf(this,ae.prototype)}}const G=new ot;class Ut{constructor(e){let t,n;if(this.userCache=new We().enclosedCache,this.activeLockKeys=new Set,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this._releaseLockOnPageHide=async()=>{const d=Array.from(this.activeLockKeys);for(const m of d)await G.releaseLock(m);this.activeLockKeys.clear(),window.removeEventListener("pagehide",this._releaseLockOnPageHide)},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),typeof window<"u"&&(()=>{if(!ie())throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(ie().subtle===void 0)throw new Error(`
+var auth0Plugin=(function(P){"use strict";function E(o,e){var t={};for(var n in o)Object.prototype.hasOwnProperty.call(o,n)&&e.indexOf(n)<0&&(t[n]=o[n]);if(o!=null&&typeof Object.getOwnPropertySymbols=="function"){var i=0;for(n=Object.getOwnPropertySymbols(o);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(o,n[i])&&(t[n[i]]=o[n[i]])}return t}typeof SuppressedError=="function"&&SuppressedError;var R=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function he(o){return o&&o.__esModule&&Object.prototype.hasOwnProperty.call(o,"default")?o.default:o}function pe(o,e){return o(e={exports:{}},e.exports),e.exports}var N=pe((function(o,e){Object.defineProperty(e,"__esModule",{value:!0});var t=(function(){function n(){var i=this;this.locked=new Map,this.addToLocked=function(r,c){var h=i.locked.get(r);h===void 0?c===void 0?i.locked.set(r,[]):i.locked.set(r,[c]):c!==void 0&&(h.unshift(c),i.locked.set(r,h))},this.isLocked=function(r){return i.locked.has(r)},this.lock=function(r){return new Promise((function(c,h){i.isLocked(r)?i.addToLocked(r,c):(i.addToLocked(r),c())}))},this.unlock=function(r){var c=i.locked.get(r);if(c!==void 0&&c.length!==0){var h=c.pop();i.locked.set(r,c),h!==void 0&&setTimeout(h,0)}else i.locked.delete(r)}}return n.getInstance=function(){return n.instance===void 0&&(n.instance=new n),n.instance},n})();e.default=function(){return t.getInstance()}}));he(N);var it=he(pe((function(o,e){var t=R&&R.__awaiter||function(s,l,a,u){return new(a||(a=Promise))((function(p,g){function f(k){try{b(u.next(k))}catch(y){g(y)}}function w(k){try{b(u.throw(k))}catch(y){g(y)}}function b(k){k.done?p(k.value):new a((function(y){y(k.value)})).then(f,w)}b((u=u.apply(s,l||[])).next())}))},n=R&&R.__generator||function(s,l){var a,u,p,g,f={label:0,sent:function(){if(1&p[0])throw p[1];return p[1]},trys:[],ops:[]};return g={next:w(0),throw:w(1),return:w(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function w(b){return function(k){return(function(y){if(a)throw new TypeError("Generator is already executing.");for(;f;)try{if(a=1,u&&(p=2&y[0]?u.return:y[0]?u.throw||((p=u.return)&&p.call(u),0):u.next)&&!(p=p.call(u,y[1])).done)return p;switch(u=0,p&&(y=[2&y[0],p.value]),y[0]){case 0:case 1:p=y;break;case 4:return f.label++,{value:y[1],done:!1};case 5:f.label++,u=y[1],y=[0];continue;case 7:y=f.ops.pop(),f.trys.pop();continue;default:if(p=f.trys,!((p=p.length>0&&p[p.length-1])||y[0]!==6&&y[0]!==2)){f=0;continue}if(y[0]===3&&(!p||y[1]>p[0]&&y[1]<p[3])){f.label=y[1];break}if(y[0]===6&&f.label<p[1]){f.label=p[1],p=y;break}if(p&&f.label<p[2]){f.label=p[2],f.ops.push(y);break}p[2]&&f.ops.pop(),f.trys.pop();continue}y=l.call(s,f)}catch(_){y=[6,_],u=0}finally{a=p=0}if(5&y[0])throw y[1];return{value:y[0]?y[1]:void 0,done:!0}})([b,k])}}},i=R;Object.defineProperty(e,"__esModule",{value:!0});var r="browser-tabs-lock-key",c={key:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},getItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},clear:function(){return t(i,void 0,void 0,(function(){return n(this,(function(s){return[2,window.localStorage.clear()]}))}))},removeItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},setItem:function(s,l){return t(i,void 0,void 0,(function(){return n(this,(function(a){throw new Error("Unsupported")}))}))},keySync:function(s){return window.localStorage.key(s)},getItemSync:function(s){return window.localStorage.getItem(s)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(s){return window.localStorage.removeItem(s)},setItemSync:function(s,l){return window.localStorage.setItem(s,l)}};function h(s){return new Promise((function(l){return setTimeout(l,s)}))}function d(s){for(var l="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",a="",u=0;u<s;u++)a+=l[Math.floor(Math.random()*l.length)];return a}var m=(function(){function s(l){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+d(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=l,s.waiters===void 0&&(s.waiters=[])}return s.prototype.acquireLock=function(l,a){return a===void 0&&(a=5e3),t(this,void 0,void 0,(function(){var u,p,g,f,w,b,k;return n(this,(function(y){switch(y.label){case 0:u=Date.now()+d(4),p=Date.now()+a,g=r+"-"+l,f=this.storageHandler===void 0?c:this.storageHandler,y.label=1;case 1:return Date.now()<p?[4,h(30)]:[3,8];case 2:return y.sent(),f.getItemSync(g)!==null?[3,5]:(w=this.id+"-"+l+"-"+u,[4,h(Math.floor(25*Math.random()))]);case 3:return y.sent(),f.setItemSync(g,JSON.stringify({id:this.id,iat:u,timeoutKey:w,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,h(30)];case 4:return y.sent(),(b=f.getItemSync(g))!==null&&(k=JSON.parse(b)).id===this.id&&k.iat===u?(this.acquiredIatSet.add(u),this.refreshLockWhileAcquired(g,u),[2,!0]):[3,7];case 5:return s.lockCorrector(this.storageHandler===void 0?c:this.storageHandler),[4,this.waitForSomethingToChange(p)];case 6:y.sent(),y.label=7;case 7:return u=Date.now()+d(4),[3,1];case 8:return[2,!1]}}))}))},s.prototype.refreshLockWhileAcquired=function(l,a){return t(this,void 0,void 0,(function(){var u=this;return n(this,(function(p){return setTimeout((function(){return t(u,void 0,void 0,(function(){var g,f,w;return n(this,(function(b){switch(b.label){case 0:return[4,N.default().lock(a)];case 1:return b.sent(),this.acquiredIatSet.has(a)?(g=this.storageHandler===void 0?c:this.storageHandler,(f=g.getItemSync(l))===null?(N.default().unlock(a),[2]):((w=JSON.parse(f)).timeRefreshed=Date.now(),g.setItemSync(l,JSON.stringify(w)),N.default().unlock(a),this.refreshLockWhileAcquired(l,a),[2])):(N.default().unlock(a),[2])}}))}))}),1e3),[2]}))}))},s.prototype.waitForSomethingToChange=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,new Promise((function(u){var p=!1,g=Date.now(),f=!1;function w(){if(f||(window.removeEventListener("storage",w),s.removeFromWaiting(w),clearTimeout(b),f=!0),!p){p=!0;var k=50-(Date.now()-g);k>0?setTimeout(u,k):u(null)}}window.addEventListener("storage",w),s.addToWaiting(w);var b=setTimeout(w,Math.max(0,l-Date.now()))}))];case 1:return a.sent(),[2]}}))}))},s.addToWaiting=function(l){this.removeFromWaiting(l),s.waiters!==void 0&&s.waiters.push(l)},s.removeFromWaiting=function(l){s.waiters!==void 0&&(s.waiters=s.waiters.filter((function(a){return a!==l})))},s.notifyWaiters=function(){s.waiters!==void 0&&s.waiters.slice().forEach((function(l){return l()}))},s.prototype.releaseLock=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,this.releaseLock__private__(l)];case 1:return[2,a.sent()]}}))}))},s.prototype.releaseLock__private__=function(l){return t(this,void 0,void 0,(function(){var a,u,p,g;return n(this,(function(f){switch(f.label){case 0:return a=this.storageHandler===void 0?c:this.storageHandler,u=r+"-"+l,(p=a.getItemSync(u))===null?[2]:(g=JSON.parse(p)).id!==this.id?[3,2]:[4,N.default().lock(g.iat)];case 1:f.sent(),this.acquiredIatSet.delete(g.iat),a.removeItemSync(u),N.default().unlock(g.iat),s.notifyWaiters(),f.label=2;case 2:return[2]}}))}))},s.lockCorrector=function(l){for(var a=Date.now()-5e3,u=l,p=[],g=0;;){var f=u.keySync(g);if(f===null)break;p.push(f),g++}for(var w=!1,b=0;b<p.length;b++){var k=p[b];if(k.includes(r)){var y=u.getItemSync(k);if(y!==null){var _=JSON.parse(y);(_.timeRefreshed===void 0&&_.timeAcquired<a||_.timeRefreshed!==void 0&&_.timeRefreshed<a)&&(u.removeItemSync(k),w=!0)}}}w&&s.notifyWaiters()},s.waiters=void 0,s})();e.default=m})));const rt={timeoutInSeconds:60},Ne={name:"auth0-spa-js",version:"2.11.3"},je=()=>Date.now();class S extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,S.prototype)}static fromPayload({error:e,error_description:t}){return new S(e,t)}}class me extends S{constructor(e,t,n,i=null){super(e,t),this.state=n,this.appState=i,Object.setPrototypeOf(this,me.prototype)}}class fe extends S{constructor(e,t,n,i,r=null){super(e,t),this.connection=n,this.state=i,this.appState=r,Object.setPrototypeOf(this,fe.prototype)}}class H extends S{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,H.prototype)}}class ge extends H{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,ge.prototype)}}class ye extends S{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,ye.prototype)}}class we extends S{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,we.prototype)}}class be extends S{constructor(e,t,n){super(e,t),this.mfa_token=n,Object.setPrototypeOf(this,be.prototype)}}class te extends S{constructor(e,t){super("missing_refresh_token",`Missing Refresh Token (audience: '${oe(e,["default"])}', scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,te.prototype)}}class ke extends S{constructor(e,t){super("missing_scopes",`Missing requested scopes after refresh (audience: '${oe(e,["default"])}', missing scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,ke.prototype)}}class ne extends S{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,ne.prototype)}}function oe(o,e=[]){return o&&!e.includes(o)?o:""}const ie=()=>window.crypto,$=()=>{const o="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";let e="";return Array.from(ie().getRandomValues(new Uint8Array(43))).forEach((t=>e+=o[t%o.length])),e},ve=o=>btoa(o),st=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],at=o=>Object.keys(o).reduce(((e,t)=>{const n=st.find((i=>i.key===t));return n&&n.type.includes(typeof o[t])&&(e[t]=o[t]),e}),{}),Se=o=>{var{clientId:e}=o,t=E(o,["clientId"]);return new URLSearchParams((n=>Object.keys(n).filter((i=>n[i]!==void 0)).reduce(((i,r)=>Object.assign(Object.assign({},i),{[r]:n[r]})),{}))(Object.assign({client_id:e},t))).toString()},Ke=async o=>await ie().subtle.digest({name:"SHA-256"},new TextEncoder().encode(o)),De=o=>(e=>decodeURIComponent(atob(e).split("").map((t=>"%"+("00"+t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g,"/").replace(/-/g,"+")),xe=o=>{const e=new Uint8Array(o);return(t=>{const n={"+":"-","/":"_","=":""};return t.replace(/[+/=]/g,(i=>n[i]))})(window.btoa(String.fromCharCode(...Array.from(e))))},ct=new TextEncoder,ut=new TextDecoder;function X(o){return typeof o=="string"?ct.encode(o):ut.decode(o)}function ze(o){if(typeof o.modulusLength!="number"||o.modulusLength<2048)throw new dt(`${o.name} modulusLength must be at least 2048 bits`)}async function lt(o,e,t){if(t.usages.includes("sign")===!1)throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const n=`${M(X(JSON.stringify(o)))}.${M(X(JSON.stringify(e)))}`;return`${n}.${M(await crypto.subtle.sign((function(i){switch(i.algorithm.name){case"ECDSA":return{name:i.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return ze(i.algorithm),{name:i.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return ze(i.algorithm),{name:i.algorithm.name};case"Ed25519":return{name:i.algorithm.name}}throw new j})(t),t,X(n)))}`}let _e;Uint8Array.prototype.toBase64?_e=o=>(o instanceof ArrayBuffer&&(o=new Uint8Array(o)),o.toBase64({alphabet:"base64url",omitPadding:!0})):_e=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function M(o){return _e(o)}class j extends Error{constructor(e){var t;super(e??"operation not supported"),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}class dt extends Error{constructor(e){var t;super(e),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}function ht(o){switch(o.algorithm.name){case"RSA-PSS":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"PS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"RSASSA-PKCS1-v1_5":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"RS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"ECDSA":return(function(e){if(e.algorithm.namedCurve==="P-256")return"ES256";throw new j("unsupported EcKeyAlgorithm namedCurve")})(o);case"Ed25519":return"Ed25519";default:throw new j("unsupported CryptoKey algorithm name")}}function Ue(o){return o instanceof CryptoKey}function Le(o){return Ue(o)&&o.type==="public"}async function pt(o,e,t,n,i,r){const c=o?.privateKey,h=o?.publicKey;if(!Ue(d=c)||d.type!=="private")throw new TypeError('"keypair.privateKey" must be a private CryptoKey');var d;if(!Le(h))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(h.extractable!==!0)throw new TypeError('"keypair.publicKey.extractable" must be true');if(typeof e!="string")throw new TypeError('"htu" must be a string');if(typeof t!="string")throw new TypeError('"htm" must be a string');if(n!==void 0&&typeof n!="string")throw new TypeError('"nonce" must be a string or undefined');if(i!==void 0&&typeof i!="string")throw new TypeError('"accessToken" must be a string or undefined');return lt({alg:ht(c),typ:"dpop+jwt",jwk:await He(h)},Object.assign(Object.assign({},r),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:t,nonce:n,htu:e,ath:i?M(await crypto.subtle.digest("SHA-256",X(i))):void 0}),c)}async function He(o){const{kty:e,e:t,n,x:i,y:r,crv:c}=await crypto.subtle.exportKey("jwk",o);return{kty:e,crv:c,e:t,n,x:i,y:r}}const mt=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange"];function ft(){return(async function(o,e){var t;let n;if(o.length===0)throw new TypeError('"alg" must be a non-empty string');switch(o){case"PS256":n={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":n={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":n={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":n={name:"Ed25519"};break;default:throw new j}return crypto.subtle.generateKey(n,(t=e?.extractable)!==null&&t!==void 0&&t,["sign","verify"])})("ES256",{extractable:!1})}function gt(o){return(async function(e){if(!Le(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(e.extractable!==!0)throw new TypeError('"publicKey.extractable" must be true');const t=await He(e);let n;switch(t.kty){case"EC":n={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":n={crv:t.crv,kty:t.kty,x:t.x};break;case"RSA":n={e:t.e,kty:t.kty,n:t.n};break;default:throw new j("unsupported JWK kty")}return M(await crypto.subtle.digest({name:"SHA-256"},X(JSON.stringify(n))))})(o.publicKey)}function yt({keyPair:o,url:e,method:t,nonce:n,accessToken:i}){const r=(function(c){const h=new URL(c);return h.search="",h.hash="",h.href})(e);return pt(o,r,t,n,i)}const wt=async(o,e)=>{const t=await fetch(o,e);return{ok:t.ok,json:await t.json(),headers:(n=t.headers,[...n].reduce(((i,[r,c])=>(i[r]=c,i)),{}))};var n},bt=async(o,e,t)=>{const n=new AbortController;let i;return e.signal=n.signal,Promise.race([wt(o,e),new Promise(((r,c)=>{i=setTimeout((()=>{n.abort(),c(new Error("Timeout when executing 'fetch'"))}),t)}))]).finally((()=>{clearTimeout(i)}))},kt=async(o,e,t,n,i,r,c,h)=>{return d={auth:{audience:e,scope:t},timeout:i,fetchUrl:o,fetchOptions:n,useFormData:c,useMrrt:h},m=r,new Promise((function(s,l){const a=new MessageChannel;a.port1.onmessage=function(u){u.data.error?l(new Error(u.data.error)):s(u.data),a.port1.close()},m.postMessage(d,[a.port2])}));var d,m},vt=async(o,e,t,n,i,r,c=1e4,h)=>i?kt(o,e,t,n,c,i,r,h):bt(o,n,c);async function Ze(o,e,t,n,i,r,c,h,d,m){if(d){const k=await d.generateProof({url:o,method:i.method||"GET",nonce:await d.getNonce()});i.headers=Object.assign(Object.assign({},i.headers),{dpop:k})}let s,l=null;for(let k=0;k<3;k++)try{s=await vt(o,t,n,i,r,c,e,h),l=null;break}catch(y){l=y}if(l)throw l;const a=s.json,{error:u,error_description:p}=a,g=E(a,["error","error_description"]),{headers:f,ok:w}=s;let b;if(d&&(b=f["dpop-nonce"],b&&await d.setNonce(b)),!w){const k=p||`HTTP error. Unable to fetch ${o}`;if(u==="mfa_required")throw new be(u,k,g.mfa_token);if(u==="missing_refresh_token")throw new te(t,n);if(u==="use_dpop_nonce"){if(!d||!b||m)throw new ne(b);return Ze(o,e,t,n,i,r,c,h,d,!0)}throw new S(u||"request_error",k)}return g}async function St(o,e){var{baseUrl:t,timeout:n,audience:i,scope:r,auth0Client:c,useFormData:h,useMrrt:d,dpop:m}=o,s=E(o,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);const l=s.grant_type==="urn:ietf:params:oauth:grant-type:token-exchange",a=s.grant_type==="refresh_token"&&d,u=Object.assign(Object.assign(Object.assign(Object.assign({},s),l&&i&&{audience:i}),l&&r&&{scope:r}),a&&{audience:i,scope:r}),p=h?Se(u):JSON.stringify(u),g=(f=s.grant_type,mt.includes(f));var f;return await Ze(`${t}/oauth/token`,n,i||"default",r,{method:"POST",body:p,headers:{"Content-Type":h?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(at(c||Ne)))}},e,h,d,g?m:void 0)}const re=(...o)=>{return(e=o.filter(Boolean).join(" ").trim().split(/\s+/),Array.from(new Set(e))).join(" ");var e},se=(o,e,t)=>{let n;return t&&(n=o[t]),n||(n=o.default),re(n,e)};class O{constructor(e,t="@@auth0spajs@@",n){this.prefix=t,this.suffix=n,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){const[t,n,i,r]=e.split("::");return new O({clientId:n,scope:r,audience:i},t)}static fromCacheEntry(e){const{scope:t,audience:n,client_id:i}=e;return new O({scope:t,audience:n,clientId:i})}}class _t{set(e,t){localStorage.setItem(e,JSON.stringify(t))}get(e){const t=window.localStorage.getItem(e);if(t)try{return JSON.parse(t)}catch{return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter((e=>e.startsWith("@@auth0spajs@@")))}}class We{constructor(){this.enclosedCache=(function(){let e={};return{set(t,n){e[t]=n},get(t){const n=e[t];if(n)return n},remove(t){delete e[t]},allKeys:()=>Object.keys(e)}})()}}class It{constructor(e,t,n){this.cache=e,this.keyManifest=t,this.nowProvider=n||je}async setIdToken(e,t,n){var i;const r=this.getIdTokenCacheKey(e);await this.cache.set(r,{id_token:t,decodedToken:n}),await((i=this.keyManifest)===null||i===void 0?void 0:i.add(r))}async getIdToken(e){const t=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!t&&e.scope&&e.audience){const n=await this.get(e);return!n||!n.id_token||!n.decodedToken?void 0:{id_token:n.id_token,decodedToken:n.decodedToken}}if(t)return{id_token:t.id_token,decodedToken:t.decodedToken}}async get(e,t=0,n=!1,i){var r;let c=await this.cache.get(e.toKey());if(!c){const m=await this.getCacheKeys();if(!m)return;const s=this.matchExistingCacheKey(e,m);if(s&&(c=await this.cache.get(s)),!c&&n&&i!=="cache-only")return this.getEntryWithRefreshToken(e,m)}if(!c)return;const h=await this.nowProvider(),d=Math.floor(h/1e3);return c.expiresAt-t<d?c.body.refresh_token?this.modifiedCachedEntry(c,e):(await this.cache.remove(e.toKey()),void await((r=this.keyManifest)===null||r===void 0?void 0:r.remove(e.toKey()))):c.body}async modifiedCachedEntry(e,t){return e.body={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},await this.cache.set(t.toKey(),e),{refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope}}async set(e){var t;const n=new O({clientId:e.client_id,scope:e.scope,audience:e.audience}),i=await this.wrapCacheEntry(e);await this.cache.set(n.toKey(),i),await((t=this.keyManifest)===null||t===void 0?void 0:t.add(n.toKey()))}async remove(e,t,n){const i=new O({clientId:e,scope:n,audience:t});await this.cache.remove(i.toKey())}async clear(e){var t;const n=await this.getCacheKeys();n&&(await n.filter((i=>!e||i.includes(e))).reduce((async(i,r)=>{await i,await this.cache.remove(r)}),Promise.resolve()),await((t=this.keyManifest)===null||t===void 0?void 0:t.clear()))}async wrapCacheEntry(e){const t=await this.nowProvider();return{body:e,expiresAt:Math.floor(t/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?(e=await this.keyManifest.get())===null||e===void 0?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new O({clientId:e},"@@auth0spajs@@","@@user@@").toKey()}matchExistingCacheKey(e,t){return t.filter((n=>{var i;const r=O.fromKey(n),c=new Set(r.scope&&r.scope.split(" ")),h=((i=e.scope)===null||i===void 0?void 0:i.split(" "))||[],d=r.scope&&h.reduce(((m,s)=>m&&c.has(s)),!0);return r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId&&r.audience===e.audience&&d}))[0]}async getEntryWithRefreshToken(e,t){var n;for(const i of t){const r=O.fromKey(i);if(r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId){const c=await this.cache.get(i);if(!((n=c?.body)===null||n===void 0)&&n.refresh_token)return this.modifiedCachedEntry(c,e)}}}async updateEntry(e,t){var n;const i=await this.getCacheKeys();if(i)for(const r of i){const c=await this.cache.get(r);if(((n=c?.body)===null||n===void 0?void 0:n.refresh_token)===e){const h=Object.assign(Object.assign({},c.body),{refresh_token:t});await this.set(h)}}}}class Tt{constructor(e,t,n){this.storage=e,this.clientId=t,this.cookieDomain=n,this.storageKey=`a0.spajs.txs.${this.clientId}`}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}const V=o=>typeof o=="number",Ot=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"],Et=o=>{if(!o.id_token)throw new Error("ID token is required but missing");const e=(r=>{const c=r.split("."),[h,d,m]=c;if(c.length!==3||!h||!d||!m)throw new Error("ID token could not be decoded");const s=JSON.parse(De(d)),l={__raw:r},a={};return Object.keys(s).forEach((u=>{l[u]=s[u],Ot.includes(u)||(a[u]=s[u])})),{encoded:{header:h,payload:d,signature:m},header:JSON.parse(De(h)),claims:l,user:a}})(o.id_token);if(!e.claims.iss)throw new Error("Issuer (iss) claim must be a string present in the ID token");if(e.claims.iss!==o.iss)throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${o.iss}", found "${e.claims.iss}"`);if(!e.user.sub)throw new Error("Subject (sub) claim must be a string present in the ID token");if(e.header.alg!=="RS256")throw new Error(`Signature algorithm of "${e.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);if(!e.claims.aud||typeof e.claims.aud!="string"&&!Array.isArray(e.claims.aud))throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(o.aud))throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but was not one of "${e.claims.aud.join(", ")}"`);if(e.claims.aud.length>1){if(!e.claims.azp)throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(e.claims.azp!==o.aud)throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${o.aud}", found "${e.claims.azp}"`)}}else if(e.claims.aud!==o.aud)throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but found "${e.claims.aud}"`);if(o.nonce){if(!e.claims.nonce)throw new Error("Nonce (nonce) claim must be a string present in the ID token");if(e.claims.nonce!==o.nonce)throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${o.nonce}", found "${e.claims.nonce}"`)}if(o.max_age&&!V(e.claims.auth_time))throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(e.claims.exp==null||!V(e.claims.exp))throw new Error("Expiration Time (exp) claim must be a number present in the ID token");if(!V(e.claims.iat))throw new Error("Issued At (iat) claim must be a number present in the ID token");const t=o.leeway||60,n=new Date(o.now||Date.now()),i=new Date(0);if(i.setUTCSeconds(e.claims.exp+t),n>i)throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${n}) is after expiration time (${i})`);if(e.claims.nbf!=null&&V(e.claims.nbf)){const r=new Date(0);if(r.setUTCSeconds(e.claims.nbf-t),n<r)throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${n}) is before ${r}`)}if(e.claims.auth_time!=null&&V(e.claims.auth_time)){const r=new Date(0);if(r.setUTCSeconds(parseInt(e.claims.auth_time)+o.max_age+t),n>r)throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${n}) is after last auth at ${r}`)}if(o.organization){const r=o.organization.trim();if(r.startsWith("org_")){const c=r;if(!e.claims.org_id)throw new Error("Organization ID (org_id) claim must be a string present in the ID token");if(c!==e.claims.org_id)throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_id}"`)}else{const c=r.toLowerCase();if(!e.claims.org_name)throw new Error("Organization Name (org_name) claim must be a string present in the ID token");if(c!==e.claims.org_name)throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_name}"`)}}return e};var K=pe((function(o,e){var t=R&&R.__assign||function(){return t=Object.assign||function(d){for(var m,s=1,l=arguments.length;s<l;s++)for(var a in m=arguments[s])Object.prototype.hasOwnProperty.call(m,a)&&(d[a]=m[a]);return d},t.apply(this,arguments)};function n(d,m){if(!m)return"";var s="; "+d;return m===!0?s:s+"="+m}function i(d,m,s){return encodeURIComponent(d).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(m).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+(function(l){if(typeof l.expires=="number"){var a=new Date;a.setMilliseconds(a.getMilliseconds()+864e5*l.expires),l.expires=a}return n("Expires",l.expires?l.expires.toUTCString():"")+n("Domain",l.domain)+n("Path",l.path)+n("Secure",l.secure)+n("SameSite",l.sameSite)})(s)}function r(d){for(var m={},s=d?d.split("; "):[],l=/(%[\dA-F]{2})+/gi,a=0;a<s.length;a++){var u=s[a].split("="),p=u.slice(1).join("=");p.charAt(0)==='"'&&(p=p.slice(1,-1));try{m[u[0].replace(l,decodeURIComponent)]=p.replace(l,decodeURIComponent)}catch{}}return m}function c(){return r(document.cookie)}function h(d,m,s){document.cookie=i(d,m,t({path:"/"},s))}e.__esModule=!0,e.encode=i,e.parse=r,e.getAll=c,e.get=function(d){return c()[d]},e.set=h,e.remove=function(d,m){h(d,"",t(t({},m),{expires:-1}))}}));he(K),K.encode,K.parse,K.getAll;var Pt=K.get,Je=K.set,Fe=K.remove;const Z={get(o){const e=Pt(o);if(e!==void 0)return JSON.parse(e)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0,sameSite:"none"}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(o,JSON.stringify(e),n)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t)}},Ct={get(o){return Z.get(o)||Z.get(`_legacy_${o}`)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(`_legacy_${o}`,JSON.stringify(e),n),Z.save(o,e,t)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t),Z.remove(o,e),Z.remove(`_legacy_${o}`,e)}},At={get(o){if(typeof sessionStorage>"u")return;const e=sessionStorage.getItem(o);return e!=null?JSON.parse(e):void 0},save(o,e){sessionStorage.setItem(o,JSON.stringify(e))},remove(o){sessionStorage.removeItem(o)}};var D;(function(o){o.Code="code",o.ConnectCode="connect_code"})(D||(D={}));function Rt(o,e,t){var n=e===void 0?null:e,i=(function(d,m){var s=atob(d);if(m){for(var l=new Uint8Array(s.length),a=0,u=s.length;a<u;++a)l[a]=s.charCodeAt(a);return String.fromCharCode.apply(null,new Uint16Array(l.buffer))}return s})(o,t!==void 0&&t),r=i.indexOf(`
+`,10)+1,c=i.substring(r)+(n?"//# sourceMappingURL="+n:""),h=new Blob([c],{type:"application/javascript"});return URL.createObjectURL(h)}var $e,Xe,Me,Ie,Nt=($e="Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==",Xe=null,Me=!1,function(o){return Ie=Ie||Rt($e,Xe,Me),new Worker(Ie,o)});const Te={},Ve=async(o,e=3)=>{for(let t=0;t<e;t++)if(await o())return!0;return!1};class jt{constructor(e,t){this.cache=e,this.clientId=t,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var t;const n=new Set(((t=await this.cache.get(this.manifestKey))===null||t===void 0?void 0:t.keys)||[]);n.add(e),await this.cache.set(this.manifestKey,{keys:[...n]})}async remove(e){const t=await this.cache.get(this.manifestKey);if(t){const n=new Set(t.keys);return n.delete(e),n.size>0?await this.cache.set(this.manifestKey,{keys:[...n]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return`@@auth0spajs@@::${e}`}}const Kt={memory:()=>new We().enclosedCache,localstorage:()=>new _t},Ge=o=>Kt[o],Ye=o=>{const{openUrl:e,onRedirect:t}=o,n=E(o,["openUrl","onRedirect"]);return Object.assign(Object.assign({},n),{openUrl:e===!1||e?e:t})},Be=(o,e)=>{const t=e?.split(" ")||[];return(o?.split(" ")||[]).every((n=>t.includes(n)))},x={NONCE:"nonce",KEYPAIR:"keypair"};class Dt{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){const e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise(((t,n)=>{e.onupgradeneeded=()=>Object.values(x).forEach((i=>e.result.createObjectStore(i))),e.onerror=()=>n(e.error),e.onsuccess=()=>t(e.result)}))}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,t,n){const i=n((await this.getDbHandle()).transaction(e,t).objectStore(e));return new Promise(((r,c)=>{i.onsuccess=()=>r(i.result),i.onerror=()=>c(i.error)}))}buildKey(e){const t=e?`_${e}`:"auth0";return`${this.clientId}::${t}`}setNonce(e,t){return this.save(x.NONCE,this.buildKey(t),e)}setKeyPair(e){return this.save(x.KEYPAIR,this.buildKey(),e)}async save(e,t,n){await this.executeDbRequest(e,"readwrite",(i=>i.put(n,t)))}findNonce(e){return this.find(x.NONCE,this.buildKey(e))}findKeyPair(){return this.find(x.KEYPAIR,this.buildKey())}find(e,t){return this.executeDbRequest(e,"readonly",(n=>n.get(t)))}async deleteBy(e,t){const n=await this.executeDbRequest(e,"readonly",(i=>i.getAllKeys()));n?.filter(t).map((i=>this.executeDbRequest(e,"readwrite",(r=>r.delete(i)))))}deleteByClientId(e,t){return this.deleteBy(e,(n=>typeof n=="string"&&n.startsWith(`${t}::`)))}clearNonces(){return this.deleteByClientId(x.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(x.KEYPAIR,this.clientId)}}class xt{constructor(e){this.storage=new Dt(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,t){return this.storage.setNonce(e,t)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await ft(),await this.storage.setKeyPair(e)),e}async generateProof(e){const t=await this.getOrGenerateKeyPair();return yt(Object.assign({keyPair:t},e))}async calculateThumbprint(){return gt(await this.getOrGenerateKeyPair())}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}var W;(function(o){o.Bearer="Bearer",o.DPoP="DPoP"})(W||(W={}));class zt{constructor(e,t){this.hooks=t,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||(typeof window>"u"?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,t){if(t){if(this.isAbsoluteUrl(t))return t;if(e)return`${e.replace(/\/?\/$/,"")}/${t.replace(/^\/+/,"")}`}throw new TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return typeof e=="string"?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,t){if(!this.config.baseUrl)return new Request(e,t);const n=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),i=e instanceof Request?new Request(n,e):n;return new Request(i,t)}setAuthorizationHeader(e,t,n=W.Bearer){e.headers.set("authorization",`${n} ${t}`)}async setDpopProofHeader(e,t){if(!this.config.dpopNonceId)return;const n=await this.hooks.getDpopNonce(),i=await this.hooks.generateDpopProof({accessToken:t,method:e.method,nonce:n,url:e.url});e.headers.set("dpop",i)}async prepareRequest(e,t){const n=await this.getAccessToken(t);let i,r;typeof n=="string"?(i=this.config.dpopNonceId?W.DPoP:W.Bearer,r=n):(i=n.token_type,r=n.access_token),this.setAuthorizationHeader(e,r,i),i===W.DPoP&&await this.setDpopProofHeader(e,r)}getHeader(e,t){return Array.isArray(e)?new Headers(e).get(t)||"":typeof e.get=="function"?e.get(t)||"":e[t]||""}hasUseDpopNonceError(e){if(e.status!==401)return!1;const t=this.getHeader(e.headers,"www-authenticate");return t.includes("invalid_dpop_nonce")||t.includes("use_dpop_nonce")}async handleResponse(e,t){const n=this.getHeader(e.headers,"dpop-nonce");if(n&&await this.hooks.setDpopNonce(n),!this.hasUseDpopNonceError(e))return e;if(!n||!t.onUseDpopNonceError)throw new ne(n);return t.onUseDpopNonceError()}async internalFetchWithAuth(e,t,n,i){const r=this.buildBaseRequest(e,t);await this.prepareRequest(r,i);const c=await this.config.fetch(r);return this.handleResponse(c,n)}fetchWithAuth(e,t,n){const i={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,t,Object.assign(Object.assign({},i),{onUseDpopNonceError:void 0}),n)};return this.internalFetchWithAuth(e,t,i,n)}}class Ut{constructor(e,t){this.myAccountFetcher=e,this.apiBase=t}async connectAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async completeAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async _handleResponse(e){let t;try{t=await e.text(),t=JSON.parse(t)}catch(n){throw new ae({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:t||String(n)})}if(e.ok)return t;throw new ae(t)}}class ae extends Error{constructor({type:e,status:t,title:n,detail:i,validation_errors:r}){super(i),this.name="MyAccountApiError",this.type=e,this.status=t,this.title=n,this.detail=i,this.validation_errors=r,Object.setPrototypeOf(this,ae.prototype)}}const G=new it;class Lt{constructor(e){let t,n;if(this.userCache=new We().enclosedCache,this.activeLockKeys=new Set,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this._releaseLockOnPageHide=async()=>{const d=Array.from(this.activeLockKeys);for(const m of d)await G.releaseLock(m);this.activeLockKeys.clear(),window.removeEventListener("pagehide",this._releaseLockOnPageHide)},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),typeof window<"u"&&(()=>{if(!ie())throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(ie().subtle===void 0)throw new Error(`
       auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
-    `)})(),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)n=e.cache;else{if(t=e.cacheLocation||"memory",!Me(t))throw new Error(`Invalid cache location "${t}"`);n=Me(t)()}this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:1e4,this.cookieStorage=e.legacySameSiteCookie===!1?Z:Et,this.orgHintCookieName=`auth0.${this.options.clientId}.organization_hint`,this.isAuthenticatedCookieName=(d=>`auth0.${d}.is.authenticated`)(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:Ct;var r;this.scope=((d,m,...s)=>{if(typeof d!="object")return{default:re(m,d,...s)};let l={default:re(m,...s)};return Object.keys(d).forEach((a=>{const u=d[a];l[a]=re(m,u,...s)})),l})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new It(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||je,this.cacheManager=new _t(n,n.allKeys?void 0:new Nt(n,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new Dt(this.options.clientId):void 0,this.domainUrl=(r=this.options.domain,/^https?:\/\//.test(r)?r:`https://${r}`),this.tokenIssuer=((d,m)=>d?d.startsWith("https://")?d:`https://${d}/`:`${m}/`)(this.options.issuer,this.domainUrl);const c=`${this.domainUrl}/me/`,h=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:()=>this.getTokenSilently({authorizationParams:{scope:"create:me:connected_accounts",audience:c},detailedResponse:!0})}));this.myAccountApi=new zt(h,c),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&t==="memory"&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new Rt)}_url(e){const t=encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client||Ne)));return`${this.domainUrl}${e}&auth0Client=${t}`}_authorizeUrl(e){return this._url(`/authorize?${Se(e)}`)}async _verifyIdToken(e,t,n){const i=await this.nowProvider();return Ot({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:(r=this.options.authorizationParams.max_age,typeof r!="string"?r:parseInt(r,10)||void 0),now:i});var r}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}async _prepareAuthorizeUrl(e,t,n){var i;const r=ke(F()),c=ke(F()),h=F(),d=await Ke(h),m=xe(d),s=await((i=this.dpop)===null||i===void 0?void 0:i.calculateThumbprint()),l=((u,p,g,f,w,b,v,y,_)=>Object.assign(Object.assign(Object.assign({client_id:u.clientId},u.authorizationParams),g),{scope:se(p,g.scope,g.audience),response_type:"code",response_mode:y||"query",state:f,nonce:w,redirect_uri:v||u.authorizationParams.redirect_uri,code_challenge:b,code_challenge_method:"S256",dpop_jkt:_}))(this.options,this.scope,e,r,c,m,e.redirect_uri||this.options.authorizationParams.redirect_uri||n,t?.response_mode,s),a=this._authorizeUrl(l);return{nonce:c,code_verifier:h,scope:l.scope,audience:l.audience||"default",redirect_uri:l.redirect_uri,state:r,url:a}}async loginWithPopup(e,t){var n;if(e=e||{},!(t=t||{}).popup&&(t.popup=(h=>{const d=window.screenX+(window.innerWidth-400)/2,m=window.screenY+(window.innerHeight-600)/2;return window.open(h,"auth0:authorize:popup",`left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`)})(""),!t.popup))throw new we;const i=await this._prepareAuthorizeUrl(e.authorizationParams||{},{response_mode:"web_message"},window.location.origin);t.popup.location.href=i.url;const r=await(h=>new Promise(((d,m)=>{let s;const l=setInterval((()=>{h.popup&&h.popup.closed&&(clearInterval(l),clearTimeout(a),window.removeEventListener("message",s,!1),m(new ye(h.popup)))}),1e3),a=setTimeout((()=>{clearInterval(l),m(new ge(h.popup)),window.removeEventListener("message",s,!1)}),1e3*(h.timeoutInSeconds||60));s=function(u){if(u.data&&u.data.type==="authorization_response"){if(clearTimeout(a),clearInterval(l),window.removeEventListener("message",s,!1),h.closePopup!==!1&&h.popup.close(),u.data.response.error)return m(S.fromPayload(u.data.response));d(u.data.response)}},window.addEventListener("message",s)})))(Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}));if(i.state!==r.state)throw new S("state_mismatch","Invalid state");const c=((n=e.authorizationParams)===null||n===void 0?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:i.audience,scope:i.scope,code_verifier:i.code_verifier,grant_type:"authorization_code",code:r.code,redirect_uri:i.redirect_uri},{nonceIn:i.nonce,organization:c})}async getUser(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(e={}){var t;const n=Ye(e),{openUrl:i,fragment:r,appState:c}=n,h=P(n,["openUrl","fragment","appState"]),d=((t=h.authorizationParams)===null||t===void 0?void 0:t.organization)||this.options.authorizationParams.organization,m=await this._prepareAuthorizeUrl(h.authorizationParams||{}),{url:s}=m,l=P(m,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},l),{appState:c,response_type:D.Code}),d&&{organization:d}));const a=r?`${s}#${r}`:s;i?await i(a):window.location.assign(a)}async handleRedirectCallback(e=window.location.href){const t=e.split("?").slice(1);if(t.length===0)throw new Error("There are no query params available for parsing.");const n=this.transactionManager.get();if(!n)throw new S("missing_transaction","Invalid state");this.transactionManager.remove();const i=(r=>{r.indexOf("#")>-1&&(r=r.substring(0,r.indexOf("#")));const c=new URLSearchParams(r);return{state:c.get("state"),code:c.get("code")||void 0,connect_code:c.get("connect_code")||void 0,error:c.get("error")||void 0,error_description:c.get("error_description")||void 0}})(t.join(""));return n.response_type===D.ConnectCode?this._handleConnectAccountRedirectCallback(i,n):this._handleLoginRedirectCallback(i,n)}async _handleLoginRedirectCallback(e,t){const{code:n,state:i,error:r,error_description:c}=e;if(r)throw new me(r,c||r,i,t.appState);if(!t.code_verifier||t.state&&t.state!==i)throw new S("state_mismatch","Invalid state");const h=t.organization,d=t.nonce,m=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},m?{redirect_uri:m}:{}),{nonceIn:d,organization:h}),{appState:t.appState,response_type:D.Code}}async _handleConnectAccountRedirectCallback(e,t){const{connect_code:n,state:i,error:r,error_description:c}=e;if(r)throw new fe(r,c||r,t.connection,i,t.appState);if(!n)throw new S("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===i))throw new S("state_mismatch","Invalid state");const h=await this.myAccountApi.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier});return Object.assign(Object.assign({},h),{appState:t.appState,response_type:D.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get("auth0.is.authenticated"))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove("auth0.is.authenticated")}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(e={}){var t,n;const i=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(t=e.authorizationParams)===null||t===void 0?void 0:t.scope,((n=e.authorizationParams)===null||n===void 0?void 0:n.audience)||this.options.authorizationParams.audience)})}),r=await((c,h)=>{let d=Te[h];return d||(d=c().finally((()=>{delete Te[h],d=null})),Te[h]=d),d})((()=>this._getTokenSilently(i)),`${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);return e.detailedResponse?r:r?.access_token}async _getTokenSilently(e){const{cacheMode:t}=e,n=P(e,["cacheMode"]);if(t!=="off"){const h=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId,cacheMode:t});if(h)return h}if(t==="cache-only")return;const i=(r=this.options.clientId,c=n.authorizationParams.audience||"default",`auth0.lock.getTokenSilently.${r}.${c}`);var r,c;if(!await Ge((()=>G.acquireLock(i,5e3)),10))throw new H;this.activeLockKeys.add(i),this.activeLockKeys.size===1&&window.addEventListener("pagehide",this._releaseLockOnPageHide);try{if(t!=="off"){const u=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId});if(u)return u}const h=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(n):await this._getTokenFromIFrame(n),{id_token:d,token_type:m,access_token:s,oauthTokenScope:l,expires_in:a}=h;return Object.assign(Object.assign({id_token:d,token_type:m,access_token:s},l?{scope:l}:null),{expires_in:a})}finally{await G.releaseLock(i),this.activeLockKeys.delete(i),this.activeLockKeys.size===0&&window.removeEventListener("pagehide",this._releaseLockOnPageHide)}}async getTokenWithPopup(e={},t={}){var n,i;const r=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((i=e.authorizationParams)===null||i===void 0?void 0:i.audience)||this.options.authorizationParams.audience)})});return t=Object.assign(Object.assign({},it),t),await this.loginWithPopup(r,t),(await this.cacheManager.get(new O({scope:r.authorizationParams.scope,audience:r.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const t=e.logoutParams||{},{federated:n}=t,i=P(t,["federated"]),r=n?"&federated":"";return this._url(`/v2/logout?${Se(Object.assign({clientId:e.clientId},i))}`)+r}async logout(e={}){var t;const n=Ye(e),{openUrl:i}=n,r=P(n,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove("@@user@@"),await((t=this.dpop)===null||t===void 0?void 0:t.clear());const c=this._buildLogoutUrl(r);i?await i(c):i!==!1&&window.location.assign(c)}async _getTokenFromIFrame(e){const t=`auth0.lock.getTokenFromIFrame.${this.options.clientId}`;if(!await Ge((()=>G.acquireLock(t,5e3)),10))throw new H;try{const n=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!n.organization&&(n.organization=i);const{url:r,state:c,nonce:h,code_verifier:d,redirect_uri:m,scope:s,audience:l}=await this._prepareAuthorizeUrl(n,{response_mode:"web_message"},window.location.origin);if(window.crossOriginIsolated)throw new S("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const a=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let u;try{u=new URL(this.domainUrl).origin}catch{u=this.domainUrl}const p=await((f,w,b=60)=>new Promise(((v,y)=>{const _=window.document.createElement("iframe");_.setAttribute("width","0"),_.setAttribute("height","0"),_.style.display="none";const C=()=>{window.document.body.contains(_)&&(window.document.body.removeChild(_),window.removeEventListener("message",T,!1))};let T;const A=setTimeout((()=>{y(new H),C()}),1e3*b);T=function(I){if(I.origin!=w||!I.data||I.data.type!=="authorization_response")return;const L=I.source;L&&L.close(),I.data.response.error?y(S.fromPayload(I.data.response)):v(I.data.response),clearTimeout(A),window.removeEventListener("message",T,!1),setTimeout(C,2e3)},window.addEventListener("message",T,!1),window.document.body.appendChild(_),_.setAttribute("src",f)})))(r,u,a);if(c!==p.state)throw new S("state_mismatch","Invalid state");const g=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:d,code:p.code,grant_type:"authorization_code",redirect_uri:m,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:h,organization:n.organization});return Object.assign(Object.assign({},g),{scope:s,oauthTokenScope:g.scope,audience:l})}catch(n){throw n.error==="login_required"&&this.logout({openUrl:!1}),n}finally{await G.releaseLock(t)}}async _getTokenUsingRefreshToken(e){const t=await this.cacheManager.get(new O({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(t&&t.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new te(e.authorizationParams.audience||"default",e.authorizationParams.scope)}const n=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,i=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,r=((s,l,a,u)=>{var p;if(s&&a&&u){if(l.audience!==a)return l.scope;const g=u.split(" "),f=((p=l.scope)===null||p===void 0?void 0:p.split(" "))||[],w=f.every((b=>g.includes(b)));return g.length>=f.length&&w?u:l.scope}return l.scope})(this.options.useMrrt,e.authorizationParams,t?.audience,t?.scope);try{const s=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:t&&t.refresh_token,redirect_uri:n}),i&&{timeout:i}),{scopesToRequest:r});if(s.refresh_token&&t?.refresh_token&&await this.cacheManager.updateEntry(t.refresh_token,s.refresh_token),this.options.useMrrt&&(c=t?.audience,h=t?.scope,d=e.authorizationParams.audience,m=e.authorizationParams.scope,(c!==d||!Be(m,h))&&!Be(r,s.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const l=((a,u)=>{const p=a?.split(" ")||[],g=u?.split(" ")||[];return p.filter((f=>g.indexOf(f)==-1)).join(",")})(r,s.scope);throw new ve(e.authorizationParams.audience||"default",l)}return Object.assign(Object.assign({},s),{scope:e.authorizationParams.scope,oauthTokenScope:s.scope,audience:e.authorizationParams.audience||"default"})}catch(s){if((s.message.indexOf("Missing Refresh Token")>-1||s.message&&s.message.indexOf("invalid refresh token")>-1)&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw s}var c,h,d,m}async _saveEntryInCache(e){const{id_token:t,decodedToken:n}=e,i=P(e,["id_token","decodedToken"]);this.userCache.set("@@user@@",{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(i)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||"default",t=this.scope[e],n=await this.cacheManager.getIdToken(new O({clientId:this.options.clientId,audience:e,scope:t})),i=this.userCache.get("@@user@@");return n&&n.id_token===i?.id_token?i:(this.userCache.set("@@user@@",n),n)}async _getEntryFromCache({scope:e,audience:t,clientId:n,cacheMode:i}){const r=await this.cacheManager.get(new O({scope:e,audience:t,clientId:n}),60,this.options.useMrrt,i);if(r&&r.access_token){const{token_type:c,access_token:h,oauthTokenScope:d,expires_in:m}=r,s=await this._getIdTokenFromCache();return s&&Object.assign(Object.assign({id_token:s.id_token,token_type:c||"Bearer",access_token:h},d?{scope:d}:null),{expires_in:m})}}async _requestToken(e,t){var n,i;const{nonceIn:r,organization:c,scopesToRequest:h}=t||{},d=await kt(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:h||e.scope}),this.worker),m=await this._verifyIdToken(d.id_token,r,c);if(e.grant_type==="authorization_code"){const s=await this._getIdTokenFromCache();!((i=(n=s?.decodedToken)===null||n===void 0?void 0:n.claims)===null||i===void 0)&&i.sub&&s.decodedToken.claims.sub!==m.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove("@@user@@"))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},d),{decodedToken:m,scope:e.scope,audience:e.audience||"default"}),d.scope?{oauthTokenScope:d.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(c||m.claims.org_id),Object.assign(Object.assign({},d),{decodedToken:m})}async exchangeToken(e){return this._requestToken({grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type,scope:se(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(e={}){return new xt(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:t=>{var n;return this.getTokenSilently({authorizationParams:{scope:(n=t?.scope)===null||n===void 0?void 0:n.join(" "),audience:t?.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:t=>this.generateDpopProof(t)})}async connectAccountWithRedirect(e){const{openUrl:t,appState:n,connection:i,scopes:r,authorization_params:c,redirectUri:h=this.options.authorizationParams.redirect_uri||window.location.origin}=e;if(!i)throw new Error("connection is required");const d=ke(F()),m=F(),s=await Ke(m),l=xe(s),{connect_uri:a,connect_params:u,auth_session:p}=await this.myAccountApi.connectAccount({connection:i,scopes:r,redirect_uri:h,state:d,code_challenge:l,code_challenge_method:"S256",authorization_params:c});this.transactionManager.create({state:d,code_verifier:m,auth_session:p,redirect_uri:h,appState:n,connection:i,response_type:D.ConnectCode});const g=new URL(a);g.searchParams.set("ticket",u.ticket),t?await t(g.toString()):window.location.assign(g)}}async function Lt(o){const e=new Ut(o);return await e.checkSession(),e}const Ht="sesamy-debug";function Zt(o){if(typeof document>"u")return null;const e=o+"=",t=document.cookie.split(";");for(let n=0;n<t.length;n++){let i=t[n];for(;i.charAt(0)===" ";)i=i.substring(1);if(i.indexOf(e)===0)return i.substring(e.length,i.length)}return null}function Wt(){return Zt(Ht)==="true"}function k(o){Wt()&&console.log(o)}function Oe(o,e){if(typeof window>"u")return;const t=new CustomEvent(o,{detail:e,bubbles:!0,composed:!0});k(`Triggering event: ${o}`),dispatchEvent(t)}var M=(o=>(o.AUTH_INITIALIZED="sesamyJsAuthInitialized",o.READY="sesamyJsReady",o.AUTHENTICATED="sesamyJsAuthenticated",o.LOGOUT="sesamyJsLogout",o.CLEAR_CACHE="sesamyJsClearCache",o.USER_ATTRIBUTE_CHANGED="sesamyUserAttributeChanged",o.PURCHASE="sesamyJsPurchase",o))(M||{});const Jt="sesamy.com",Ft="sesamy.dev";function $t(o,e){return`${o}.${e==="dev"?Ft:Jt}`}function Xt(){let e=(document.documentElement.getAttribute("lang")??navigator.language??"en").split("-")[0]?.toLowerCase()??"en";return e==="nn"&&(e="nb"),e}/*!
+    `)})(),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)n=e.cache;else{if(t=e.cacheLocation||"memory",!Ge(t))throw new Error(`Invalid cache location "${t}"`);n=Ge(t)()}this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:1e4,this.cookieStorage=e.legacySameSiteCookie===!1?Z:Ct,this.orgHintCookieName=`auth0.${this.options.clientId}.organization_hint`,this.isAuthenticatedCookieName=(d=>`auth0.${d}.is.authenticated`)(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:At;var r;this.scope=((d,m,...s)=>{if(typeof d!="object")return{default:re(m,d,...s)};let l={default:re(m,...s)};return Object.keys(d).forEach((a=>{const u=d[a];l[a]=re(m,u,...s)})),l})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new Tt(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||je,this.cacheManager=new It(n,n.allKeys?void 0:new jt(n,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new xt(this.options.clientId):void 0,this.domainUrl=(r=this.options.domain,/^https?:\/\//.test(r)?r:`https://${r}`),this.tokenIssuer=((d,m)=>d?d.startsWith("https://")?d:`https://${d}/`:`${m}/`)(this.options.issuer,this.domainUrl);const c=`${this.domainUrl}/me/`,h=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:()=>this.getTokenSilently({authorizationParams:{scope:"create:me:connected_accounts",audience:c},detailedResponse:!0})}));this.myAccountApi=new Ut(h,c),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&t==="memory"&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new Nt)}_url(e){const t=encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client||Ne)));return`${this.domainUrl}${e}&auth0Client=${t}`}_authorizeUrl(e){return this._url(`/authorize?${Se(e)}`)}async _verifyIdToken(e,t,n){const i=await this.nowProvider();return Et({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:(r=this.options.authorizationParams.max_age,typeof r!="string"?r:parseInt(r,10)||void 0),now:i});var r}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}async _prepareAuthorizeUrl(e,t,n){var i;const r=ve($()),c=ve($()),h=$(),d=await Ke(h),m=xe(d),s=await((i=this.dpop)===null||i===void 0?void 0:i.calculateThumbprint()),l=((u,p,g,f,w,b,k,y,_)=>Object.assign(Object.assign(Object.assign({client_id:u.clientId},u.authorizationParams),g),{scope:se(p,g.scope,g.audience),response_type:"code",response_mode:y||"query",state:f,nonce:w,redirect_uri:k||u.authorizationParams.redirect_uri,code_challenge:b,code_challenge_method:"S256",dpop_jkt:_}))(this.options,this.scope,e,r,c,m,e.redirect_uri||this.options.authorizationParams.redirect_uri||n,t?.response_mode,s),a=this._authorizeUrl(l);return{nonce:c,code_verifier:h,scope:l.scope,audience:l.audience||"default",redirect_uri:l.redirect_uri,state:r,url:a}}async loginWithPopup(e,t){var n;if(e=e||{},!(t=t||{}).popup&&(t.popup=(h=>{const d=window.screenX+(window.innerWidth-400)/2,m=window.screenY+(window.innerHeight-600)/2;return window.open(h,"auth0:authorize:popup",`left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`)})(""),!t.popup))throw new we;const i=await this._prepareAuthorizeUrl(e.authorizationParams||{},{response_mode:"web_message"},window.location.origin);t.popup.location.href=i.url;const r=await(h=>new Promise(((d,m)=>{let s;const l=setInterval((()=>{h.popup&&h.popup.closed&&(clearInterval(l),clearTimeout(a),window.removeEventListener("message",s,!1),m(new ye(h.popup)))}),1e3),a=setTimeout((()=>{clearInterval(l),m(new ge(h.popup)),window.removeEventListener("message",s,!1)}),1e3*(h.timeoutInSeconds||60));s=function(u){if(u.data&&u.data.type==="authorization_response"){if(clearTimeout(a),clearInterval(l),window.removeEventListener("message",s,!1),h.closePopup!==!1&&h.popup.close(),u.data.response.error)return m(S.fromPayload(u.data.response));d(u.data.response)}},window.addEventListener("message",s)})))(Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}));if(i.state!==r.state)throw new S("state_mismatch","Invalid state");const c=((n=e.authorizationParams)===null||n===void 0?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:i.audience,scope:i.scope,code_verifier:i.code_verifier,grant_type:"authorization_code",code:r.code,redirect_uri:i.redirect_uri},{nonceIn:i.nonce,organization:c})}async getUser(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(e={}){var t;const n=Ye(e),{openUrl:i,fragment:r,appState:c}=n,h=E(n,["openUrl","fragment","appState"]),d=((t=h.authorizationParams)===null||t===void 0?void 0:t.organization)||this.options.authorizationParams.organization,m=await this._prepareAuthorizeUrl(h.authorizationParams||{}),{url:s}=m,l=E(m,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},l),{appState:c,response_type:D.Code}),d&&{organization:d}));const a=r?`${s}#${r}`:s;i?await i(a):window.location.assign(a)}async handleRedirectCallback(e=window.location.href){const t=e.split("?").slice(1);if(t.length===0)throw new Error("There are no query params available for parsing.");const n=this.transactionManager.get();if(!n)throw new S("missing_transaction","Invalid state");this.transactionManager.remove();const i=(r=>{r.indexOf("#")>-1&&(r=r.substring(0,r.indexOf("#")));const c=new URLSearchParams(r);return{state:c.get("state"),code:c.get("code")||void 0,connect_code:c.get("connect_code")||void 0,error:c.get("error")||void 0,error_description:c.get("error_description")||void 0}})(t.join(""));return n.response_type===D.ConnectCode?this._handleConnectAccountRedirectCallback(i,n):this._handleLoginRedirectCallback(i,n)}async _handleLoginRedirectCallback(e,t){const{code:n,state:i,error:r,error_description:c}=e;if(r)throw new me(r,c||r,i,t.appState);if(!t.code_verifier||t.state&&t.state!==i)throw new S("state_mismatch","Invalid state");const h=t.organization,d=t.nonce,m=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},m?{redirect_uri:m}:{}),{nonceIn:d,organization:h}),{appState:t.appState,response_type:D.Code}}async _handleConnectAccountRedirectCallback(e,t){const{connect_code:n,state:i,error:r,error_description:c}=e;if(r)throw new fe(r,c||r,t.connection,i,t.appState);if(!n)throw new S("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===i))throw new S("state_mismatch","Invalid state");const h=await this.myAccountApi.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier});return Object.assign(Object.assign({},h),{appState:t.appState,response_type:D.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get("auth0.is.authenticated"))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove("auth0.is.authenticated")}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(e={}){var t,n;const i=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(t=e.authorizationParams)===null||t===void 0?void 0:t.scope,((n=e.authorizationParams)===null||n===void 0?void 0:n.audience)||this.options.authorizationParams.audience)})}),r=await((c,h)=>{let d=Te[h];return d||(d=c().finally((()=>{delete Te[h],d=null})),Te[h]=d),d})((()=>this._getTokenSilently(i)),`${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);return e.detailedResponse?r:r?.access_token}async _getTokenSilently(e){const{cacheMode:t}=e,n=E(e,["cacheMode"]);if(t!=="off"){const h=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId,cacheMode:t});if(h)return h}if(t==="cache-only")return;const i=(r=this.options.clientId,c=n.authorizationParams.audience||"default",`auth0.lock.getTokenSilently.${r}.${c}`);var r,c;if(!await Ve((()=>G.acquireLock(i,5e3)),10))throw new H;this.activeLockKeys.add(i),this.activeLockKeys.size===1&&window.addEventListener("pagehide",this._releaseLockOnPageHide);try{if(t!=="off"){const u=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId});if(u)return u}const h=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(n):await this._getTokenFromIFrame(n),{id_token:d,token_type:m,access_token:s,oauthTokenScope:l,expires_in:a}=h;return Object.assign(Object.assign({id_token:d,token_type:m,access_token:s},l?{scope:l}:null),{expires_in:a})}finally{await G.releaseLock(i),this.activeLockKeys.delete(i),this.activeLockKeys.size===0&&window.removeEventListener("pagehide",this._releaseLockOnPageHide)}}async getTokenWithPopup(e={},t={}){var n,i;const r=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((i=e.authorizationParams)===null||i===void 0?void 0:i.audience)||this.options.authorizationParams.audience)})});return t=Object.assign(Object.assign({},rt),t),await this.loginWithPopup(r,t),(await this.cacheManager.get(new O({scope:r.authorizationParams.scope,audience:r.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const t=e.logoutParams||{},{federated:n}=t,i=E(t,["federated"]),r=n?"&federated":"";return this._url(`/v2/logout?${Se(Object.assign({clientId:e.clientId},i))}`)+r}async logout(e={}){var t;const n=Ye(e),{openUrl:i}=n,r=E(n,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove("@@user@@"),await((t=this.dpop)===null||t===void 0?void 0:t.clear());const c=this._buildLogoutUrl(r);i?await i(c):i!==!1&&window.location.assign(c)}async _getTokenFromIFrame(e){const t=`auth0.lock.getTokenFromIFrame.${this.options.clientId}`;if(!await Ve((()=>G.acquireLock(t,5e3)),10))throw new H;try{const n=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!n.organization&&(n.organization=i);const{url:r,state:c,nonce:h,code_verifier:d,redirect_uri:m,scope:s,audience:l}=await this._prepareAuthorizeUrl(n,{response_mode:"web_message"},window.location.origin);if(window.crossOriginIsolated)throw new S("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const a=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let u;try{u=new URL(this.domainUrl).origin}catch{u=this.domainUrl}const p=await((f,w,b=60)=>new Promise(((k,y)=>{const _=window.document.createElement("iframe");_.setAttribute("width","0"),_.setAttribute("height","0"),_.style.display="none";const C=()=>{window.document.body.contains(_)&&(window.document.body.removeChild(_),window.removeEventListener("message",T,!1))};let T;const A=setTimeout((()=>{y(new H),C()}),1e3*b);T=function(I){if(I.origin!=w||!I.data||I.data.type!=="authorization_response")return;const L=I.source;L&&L.close(),I.data.response.error?y(S.fromPayload(I.data.response)):k(I.data.response),clearTimeout(A),window.removeEventListener("message",T,!1),setTimeout(C,2e3)},window.addEventListener("message",T,!1),window.document.body.appendChild(_),_.setAttribute("src",f)})))(r,u,a);if(c!==p.state)throw new S("state_mismatch","Invalid state");const g=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:d,code:p.code,grant_type:"authorization_code",redirect_uri:m,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:h,organization:n.organization});return Object.assign(Object.assign({},g),{scope:s,oauthTokenScope:g.scope,audience:l})}catch(n){throw n.error==="login_required"&&this.logout({openUrl:!1}),n}finally{await G.releaseLock(t)}}async _getTokenUsingRefreshToken(e){const t=await this.cacheManager.get(new O({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(t&&t.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new te(e.authorizationParams.audience||"default",e.authorizationParams.scope)}const n=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,i=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,r=((s,l,a,u)=>{var p;if(s&&a&&u){if(l.audience!==a)return l.scope;const g=u.split(" "),f=((p=l.scope)===null||p===void 0?void 0:p.split(" "))||[],w=f.every((b=>g.includes(b)));return g.length>=f.length&&w?u:l.scope}return l.scope})(this.options.useMrrt,e.authorizationParams,t?.audience,t?.scope);try{const s=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:t&&t.refresh_token,redirect_uri:n}),i&&{timeout:i}),{scopesToRequest:r});if(s.refresh_token&&t?.refresh_token&&await this.cacheManager.updateEntry(t.refresh_token,s.refresh_token),this.options.useMrrt&&(c=t?.audience,h=t?.scope,d=e.authorizationParams.audience,m=e.authorizationParams.scope,(c!==d||!Be(m,h))&&!Be(r,s.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const l=((a,u)=>{const p=a?.split(" ")||[],g=u?.split(" ")||[];return p.filter((f=>g.indexOf(f)==-1)).join(",")})(r,s.scope);throw new ke(e.authorizationParams.audience||"default",l)}return Object.assign(Object.assign({},s),{scope:e.authorizationParams.scope,oauthTokenScope:s.scope,audience:e.authorizationParams.audience||"default"})}catch(s){if((s.message.indexOf("Missing Refresh Token")>-1||s.message&&s.message.indexOf("invalid refresh token")>-1)&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw s}var c,h,d,m}async _saveEntryInCache(e){const{id_token:t,decodedToken:n}=e,i=E(e,["id_token","decodedToken"]);this.userCache.set("@@user@@",{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(i)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||"default",t=this.scope[e],n=await this.cacheManager.getIdToken(new O({clientId:this.options.clientId,audience:e,scope:t})),i=this.userCache.get("@@user@@");return n&&n.id_token===i?.id_token?i:(this.userCache.set("@@user@@",n),n)}async _getEntryFromCache({scope:e,audience:t,clientId:n,cacheMode:i}){const r=await this.cacheManager.get(new O({scope:e,audience:t,clientId:n}),60,this.options.useMrrt,i);if(r&&r.access_token){const{token_type:c,access_token:h,oauthTokenScope:d,expires_in:m}=r,s=await this._getIdTokenFromCache();return s&&Object.assign(Object.assign({id_token:s.id_token,token_type:c||"Bearer",access_token:h},d?{scope:d}:null),{expires_in:m})}}async _requestToken(e,t){var n,i;const{nonceIn:r,organization:c,scopesToRequest:h}=t||{},d=await St(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:h||e.scope}),this.worker),m=await this._verifyIdToken(d.id_token,r,c);if(e.grant_type==="authorization_code"){const s=await this._getIdTokenFromCache();!((i=(n=s?.decodedToken)===null||n===void 0?void 0:n.claims)===null||i===void 0)&&i.sub&&s.decodedToken.claims.sub!==m.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove("@@user@@"))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},d),{decodedToken:m,scope:e.scope,audience:e.audience||"default"}),d.scope?{oauthTokenScope:d.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(c||m.claims.org_id),Object.assign(Object.assign({},d),{decodedToken:m})}async exchangeToken(e){return this._requestToken({grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type,scope:se(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(e={}){return new zt(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:t=>{var n;return this.getTokenSilently({authorizationParams:{scope:(n=t?.scope)===null||n===void 0?void 0:n.join(" "),audience:t?.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:t=>this.generateDpopProof(t)})}async connectAccountWithRedirect(e){const{openUrl:t,appState:n,connection:i,scopes:r,authorization_params:c,redirectUri:h=this.options.authorizationParams.redirect_uri||window.location.origin}=e;if(!i)throw new Error("connection is required");const d=ve($()),m=$(),s=await Ke(m),l=xe(s),{connect_uri:a,connect_params:u,auth_session:p}=await this.myAccountApi.connectAccount({connection:i,scopes:r,redirect_uri:h,state:d,code_challenge:l,code_challenge_method:"S256",authorization_params:c});this.transactionManager.create({state:d,code_verifier:m,auth_session:p,redirect_uri:h,appState:n,connection:i,response_type:D.ConnectCode});const g=new URL(a);g.searchParams.set("ticket",u.ticket),t?await t(g.toString()):window.location.assign(g)}}async function Ht(o){const e=new Lt(o);return await e.checkSession(),e}const Zt="sesamy-debug";function Wt(o){if(typeof document>"u")return null;const e=o+"=",t=document.cookie.split(";");for(let n=0;n<t.length;n++){let i=t[n];for(;i.charAt(0)===" ";)i=i.substring(1);if(i.indexOf(e)===0)return i.substring(e.length,i.length)}return null}function Jt(){return Wt(Zt)==="true"}function v(o){Jt()&&console.log(o)}var J=(o=>(o.AUTH_INITIALIZED="sesamyJsAuthInitialized",o.READY="sesamyJsReady",o.AUTHENTICATED="sesamyJsAuthenticated",o.LOGOUT="sesamyJsLogout",o.CLEAR_CACHE="sesamyJsClearCache",o.USER_ATTRIBUTE_CHANGED="sesamyUserAttributeChanged",o.PURCHASE="sesamyJsPurchase",o))(J||{});function qe(o,e){const t=new CustomEvent(o,{detail:e,bubbles:!0,composed:!0});v(`Triggering event: ${o}`),dispatchEvent(t)}function Oe(o,e){typeof window>"u"||(o===J.READY&&document.readyState==="loading"?document.addEventListener("DOMContentLoaded",()=>qe(o,e),{once:!0}):qe(o,e))}const Ft="sesamy.com",$t="sesamy.dev";function Xt(o,e){return`${o}.${e==="dev"?$t:Ft}`}function Mt(){let e=(document.documentElement.getAttribute("lang")??navigator.language??"en").split("-")[0]?.toLowerCase()??"en";return e==="nn"&&(e="nb"),e}/*!
  *
  * detectIncognito v1.6.2
  *
@@ -31,4 +31,4 @@ var auth0Plugin=(function(E){"use strict";function P(o,e){var t={};for(var n in
  *
  * Please keep this comment intact in order to properly abide by the MIT License.
  *
- **/var Pe={d:(o,e)=>{for(var t in e)Pe.o(e,t)&&!Pe.o(o,t)&&Object.defineProperty(o,t,{enumerable:!0,get:e[t]})},o:(o,e)=>Object.prototype.hasOwnProperty.call(o,e)},Ee={};Pe.d(Ee,{A:()=>Vt,k:()=>Ce});var Y=function(o,e,t,n){return new(t||(t=Promise))(function(i,r){function c(m){try{d(n.next(m))}catch(s){r(s)}}function h(m){try{d(n.throw(m))}catch(s){r(s)}}function d(m){var s;m.done?i(m.value):(s=m.value,s instanceof t?s:new t(function(l){l(s)})).then(c,h)}d((n=n.apply(o,[])).next())})},B=function(o,e){var t,n,i,r,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(r[Symbol.iterator]=function(){return this}),r;function h(d){return function(m){return(function(s){if(t)throw new TypeError("Generator is already executing.");for(;r&&(r=0,s[0]&&(c=0)),c;)try{if(t=1,n&&(i=2&s[0]?n.return:s[0]?n.throw||((i=n.return)&&i.call(n),0):n.next)&&!(i=i.call(n,s[1])).done)return i;switch(n=0,i&&(s=[2&s[0],i.value]),s[0]){case 0:case 1:i=s;break;case 4:return c.label++,{value:s[1],done:!1};case 5:c.label++,n=s[1],s=[0];continue;case 7:s=c.ops.pop(),c.trys.pop();continue;default:if(i=c.trys,!((i=i.length>0&&i[i.length-1])||s[0]!==6&&s[0]!==2)){c=0;continue}if(s[0]===3&&(!i||s[1]>i[0]&&s[1]<i[3])){c.label=s[1];break}if(s[0]===6&&c.label<i[1]){c.label=i[1],i=s;break}if(i&&c.label<i[2]){c.label=i[2],c.ops.push(s);break}i[2]&&c.ops.pop(),c.trys.pop();continue}s=e.call(o,c)}catch(l){s=[6,l],n=0}finally{t=i=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}})([d,m])}}};function Ce(){return Y(this,void 0,Promise,function(){return B(this,function(o){switch(o.label){case 0:return[4,new Promise(function(e,t){var n="Unknown",i=!1;function r(a){i||(i=!0,e({isPrivate:a,browserName:n}))}function c(){var a=0,u=parseInt("-1");try{u.toFixed(u)}catch(p){a=p.message.length}return a}function h(){return Y(this,void 0,void 0,function(){var a,u;return B(this,function(p){switch(p.label){case 0:return p.trys.push([0,2,,3]),[4,navigator.storage.getDirectory()];case 1:return p.sent(),r(!1),[3,3];case 2:return a=p.sent(),u=a instanceof Error&&typeof a.message=="string"?a.message:String(a),r(u.includes("unknown transient reason")),[3,3];case 3:return[2]}})})}function d(){var a;return Y(this,void 0,Promise,function(){return B(this,function(u){switch(u.label){case 0:return typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function"?[3,2]:[4,h()];case 1:return u.sent(),[3,3];case 2:navigator.maxTouchPoints!==void 0?(function(){var p=String(Math.random());try{var g=indexedDB.open(p,1);g.onupgradeneeded=function(f){var w=f.target.result,b=function(v){r(v)};try{w.createObjectStore("t",{autoIncrement:!0}).put(new Blob),b(!1)}catch(v){(v instanceof Error&&typeof v.message=="string"?v.message:String(v)).includes("are not yet supported")?b(!0):b(!1)}finally{w.close(),indexedDB.deleteDatabase(p)}},g.onerror=function(){return r(!1)}}catch{r(!1)}})():(function(){var p=window.openDatabase,g=window.localStorage;try{p(null,null,null,null)}catch{return void r(!0)}try{g.setItem("test","1"),g.removeItem("test")}catch{return void r(!0)}r(!1)})(),u.label=3;case 3:return[2]}})})}function m(){navigator.webkitTemporaryStorage.queryUsageAndQuota(function(a,u){var p=Math.round(u/1048576),g=2*Math.round((function(){var f,w,b,v=window;return(b=(w=(f=v?.performance)===null||f===void 0?void 0:f.memory)===null||w===void 0?void 0:w.jsHeapSizeLimit)!==null&&b!==void 0?b:1073741824})()/1048576);r(p<g)},function(a){t(new Error("detectIncognito somehow failed to query storage quota: "+a.message))})}function s(){self.Promise!==void 0&&self.Promise.allSettled!==void 0?m():(0,window.webkitRequestFileSystem)(0,1,function(){r(!1)},function(){r(!0)})}function l(){var a;return Y(this,void 0,Promise,function(){var u,p,g;return B(this,function(f){switch(f.label){case 0:if(typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function")return[3,5];f.label=1;case 1:return f.trys.push([1,3,,4]),[4,navigator.storage.getDirectory()];case 2:return f.sent(),r(!1),[3,4];case 3:return u=f.sent(),p=u instanceof Error&&typeof u.message=="string"?u.message:String(u),r(p.includes("Security error")),[2];case 4:return[3,6];case 5:(g=indexedDB.open("inPrivate")).onerror=function(w){g.error&&g.error.name==="InvalidStateError"&&w.preventDefault(),r(!0)},g.onsuccess=function(){indexedDB.deleteDatabase("inPrivate"),r(!1)},f.label=6;case 6:return[2]}})})}(function(){return Y(this,void 0,Promise,function(){return B(this,function(a){switch(a.label){case 0:return c()!==44&&c()!==43?[3,2]:(n="Safari",[4,d()]);case 1:return a.sent(),[3,6];case 2:return c()!==51?[3,3]:(u=navigator.userAgent,n=u.match(/Chrome/)?navigator.brave!==void 0?"Brave":u.match(/Edg/)?"Edge":u.match(/OPR/)?"Opera":"Chrome":"Chromium",s(),[3,6]);case 3:return c()!==25?[3,5]:(n="Firefox",[4,l()]);case 4:return a.sent(),[3,6];case 5:navigator.msSaveBlob!==void 0?(n="Internet Explorer",r(window.indexedDB===void 0)):t(new Error("detectIncognito cannot determine the browser")),a.label=6;case 6:return[2]}var u})})})().catch(t)})];case 1:return[2,o.sent()]}})})}typeof window<"u"&&(window.detectIncognito=Ce);const Vt=Ce;Ee.A,Ee.k;const Gt="sesamy_incognito_mode";function qe(){try{const o=sessionStorage.getItem(Gt);return o===null?void 0:o==="true"}catch{return}}function Ae(){return typeof window<"u"}function Mt(){return/^((?!chrome|android).)*safari/i.test(navigator.userAgent)}function Yt(){return/android/i.test(navigator.userAgent)}const z="sesamyAccessToken",J="sesamyRefreshToken",q="sesamySilentAuthThrottle",Re="sesamy_is_authenticated",ce="sesamySilentRedirectState",Bt=300*1e3,Qe=60,qt=["login_required","consent_required","interaction_required","timeout","Timeout","access_denied"],Qt=64;function et(o){const e=o.split(".");if(e.length!==3)return null;const n=e[1].replace(/-/g,"+").replace(/_/g,"/"),i=decodeURIComponent(atob(n).split("").map(r=>"%"+("00"+r.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(i)}function tt(){if(!Ae())return!1;try{const o=document.cookie.split(";").map(t=>t.trim());if(o.some(t=>t.startsWith(`${Re}=true`))||o.some(t=>t.startsWith("auth0.is.authenticated=true")))return!0;const e=Object.keys(localStorage).filter(t=>t.startsWith("@@auth0spajs@@"));for(const t of e)try{const n=JSON.parse(localStorage.getItem(t)||"{}");if(n?.body?.access_token||n?.body?.refresh_token)return!0}catch{}return!1}catch(o){return k(`Error checking session hint cookie: ${o.message}`),!1}}function Q(o){if(Ae())try{const e=o?2592e3:0,t=window.location.protocol==="https:"?"; Secure":"";document.cookie=`${Re}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`}catch(e){k(`Error setting session hint cookie: ${e.message}`)}}function ue(){Q(!1)}function en(){try{sessionStorage.setItem(ce,JSON.stringify({timestamp:Date.now()}))}catch{k("Failed to set silent redirect state")}}function le(){try{const o=sessionStorage.getItem(ce);if(o)return JSON.parse(o)}catch{}return null}function ee(){try{sessionStorage.removeItem(ce)}catch{}}function tn(o){const e=o.message||"";return qt.some(t=>e.includes(t)||o.error===t)}function nt(o){try{const e=new URL(o);return e.hash="",e.toString()}catch{return o.split("#")[0]}}function nn(){try{const o=sessionStorage.getItem(q);if(!o)return!1;const{timestamp:e}=JSON.parse(o);return Date.now()-e<Bt}catch{return sessionStorage.removeItem(q),!1}}function on(){try{sessionStorage.setItem(q,JSON.stringify({timestamp:Date.now()}))}catch{k("Failed to set silent auth throttle in sessionStorage")}}function de(){try{sessionStorage.removeItem(q)}catch{}}function U(o){try{const e=new URL(o).hostname,t=e.split(".");if(t.length<=1)return e;const n=["co.uk","com.au","co.nz","co.za","com.br","co.jp","gov.uk","ac.uk","org.uk","net.uk","com.sg","com.my","co.in","co.id","co.th","co.kr","com.mx","com.ar","com.co","com.pe","com.ph","com.pk","com.sa","com.eg","com.ng","co.ke","co.tz","co.zw","co.bw","co.mz","gov.au","edu.au","org.au","net.au","asn.au","id.au"];for(const i of n)if(e.endsWith(`.${i}`)){const r=i.split(".").length+1;return t.slice(-r).join(".")}return t.slice(-2).join(".")}catch{return null}}function rn(o){if(o.domains&&o.domains.length>0){const e=U(window.location.href);if(e){for(const t of o.domains)if(U(`https://${t}`)===e)return k(`Found matching domain in domains array: ${t} for TLD: ${e}`),t;k(`No matching domain found in domains array for TLD: ${e}`)}}if(o.domain)return k(`Using fallback domain property: ${o.domain}`),o.domain}function sn(){try{const o=Object.keys(localStorage).filter(e=>e.startsWith("@@auth0spajs@@"));for(const e of o){const t=JSON.parse(localStorage.getItem(e)||"{}");let n;if(typeof t=="object"&&(t.body&&typeof t.body=="object"&&"refresh_token"in t.body?n=t.body.refresh_token:"refresh_token"in t&&(n=t.refresh_token)),n&&typeof n=="string"&&n.length===Qt)return!0}}catch(o){k(`Error checking for existing auth0 tokens: ${o.message}`)}return!1}function an(){let o,e,t,n=!1,i=!1,r=!1;Ae()&&window.addEventListener("pageshow",()=>{i=!1,r=!1});async function c(a){if(!a)return null;const u=localStorage.getItem(J);if(!u)return k("No refresh token found in localstorage"),null;const p=new URLSearchParams;p.set("client_id",a.iss),p.set("refresh_token",u),p.set("grant_type","refresh_token");const g=new URL(a.iss);g.pathname="/oauth/token",g.searchParams.set("user_id",a.sub);try{const f=await fetch(g.href,{body:p.toString(),method:"POST",headers:{"content-type":"application/x-www-form-urlencoded"}});if(!f.ok){const b=await f.text().catch(()=>"Unknown error");throw k(`Token refresh failed with status ${f.status}: ${b}`),localStorage.removeItem(J),new Error(`Renew token failed: ${f.status}`)}const w=await f.json();if(!w.access_token)throw k("Token refresh response missing access_token"),new Error("Invalid token response");return w.refresh_token&&localStorage.setItem(J,w.refresh_token),localStorage.setItem(z,w.access_token),w.access_token}catch(f){return k(`Token refresh error: ${f.message}`),localStorage.removeItem(J),localStorage.removeItem(z),await l.logout(),null}}async function h(){const a=localStorage.getItem(z);if(!a)return null;const u=et(a),p=Date.now()/1e3;if(!u||!u.exp||u.exp<p+Qe){const g=await c(u);return g||(localStorage.removeItem(z),null)}return a}async function d(){if(r){k("Silent redirect already in progress");return}if(!tt()){k("No session hint cookie - skipping prompt=none redirect for anonymous user");return}const a=le();if(a&&Date.now()-a.timestamp<3e4){k("Recently attempted silent redirect, skipping to prevent loop");return}k("Attempting prompt=none redirect to recover session"),r=!0,en();try{await o.loginWithRedirect({authorizationParams:{prompt:"none",redirect_uri:nt(window.location.href),organization:e}})}catch(u){k(`Prompt=none redirect failed: ${u.message}`),r=!1,ee()}}function m(){return t?U(window.location.href)!==U(`https://${t}`):!1}function s(a){if(i)return k("Login already in progress"),null;if(i=!0,setTimeout(()=>{i=!1},3e3),localStorage.removeItem(z),!o)throw new Error("Auth0 client not initialized");const u=a?.authorizationParams||{};return{...a,authorizationParams:{organization:e,redirect_uri:nt(window.location.href),ui_locales:Xt(),incognito:qe(),...u}}}const l={async init(a){if(a.enabled===!1)return;e=a.organization;const u=rn(a);t=u&&!sn()?u:$t("token",a.environment);const p=U(window.location.href)!==U(`https://${t}`),g=U(window.location.href),f=g?`.${g}`:void 0,w={domain:t,clientId:a.clientId,useCookiesForTransactions:!0,legacySameSiteCookie:!1,...f&&{cookieDomain:f},cacheLocation:"localstorage"};(p||a.useRefreshTokens)&&(w.useRefreshTokens=!0),k(`Initializing auth0 client: ${JSON.stringify(w)}`),o=await Lt(w);const b=new URLSearchParams(window.location.search),v=b.get("code"),y=b.get("state"),_=b.get("error");if(_){const C=b.get("error_description");k(`Auth error in URL: ${_}${C?` - ${C}`:""}`);const T=new URL(location.href);T.searchParams.delete("error"),T.searchParams.delete("error_description"),T.searchParams.delete("state"),window.history.replaceState({},document.title,T.toString());const A=le();if(A&&ee(),_==="login_required")k("Silent redirect returned login_required - user is not authenticated"),ue();else if(A)k(`Silent redirect returned ${_} - treating as unauthenticated`),ue();else{const I=C||`Authentication failed: ${_}`;k(`Non-silent auth error, alerting user: ${I}`),setTimeout(()=>{alert(I)},0)}}if(v)if(window.opener)k("Code found in URL, posting to opener"),window.opener.postMessage({type:"authorization_response",response:{code:v,state:y}},window.location.origin);else{k("Code found in URL, handling redirect");const C=window.location.href,T=new URL(location.href),A=T.searchParams;A.delete("code"),A.delete("state"),T.search=A.toString(),window.history.replaceState({},document.title,T.toString()),k("Rewrote url to remove code and state");try{const I=await o.handleRedirectCallback(C);k(`Login result: ${JSON.stringify(I)}`);const L=await o.getUser();if(!L)throw new Error("No user found");k(`User found ${JSON.stringify(L)}`),de(),le()&&(k("Successfully recovered session via prompt=none redirect"),ee()),Q(!0),k(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`),Oe(M.AUTHENTICATED,{...L,appState:I.appState})}catch(I){k(`Error handling redirect: ${I.message}`),le()?(ee(),ue(),k("Silent redirect failed, cleared session hints")):alert("There was an error logging in"),console.error(I)}}n=!0,Oe(M.AUTH_INITIALIZED,{})},async isAuthenticated(){if(!n)return!1;if(await h())return!0;if(!o)return!1;const u=await o.isAuthenticated();return u&&Q(!0),u},async getTokenSilently(a=!0,u=!1){if(!n)return null;const p=await h();if(p)return p;if(!u&&nn()){if(k("Silent auth is throttled due to recent failures, skipping request"),a)throw new Error("Silent auth throttled");return null}try{if(!o)return k("Auth client not initialized"),null;let g=await o.getTokenSilently();const f=et(g),w=Date.now()/1e3;return u&&f?.exp&&f.exp-w<3600+Qe&&(g=await o.getTokenSilently({cacheMode:"off"})),de(),Q(!0),g}catch(g){const f=g;if(k(`Failed to get token silently: ${f.message}`),tn(f)){if(k("Iframe-based auth blocked by browser privacy restrictions"),tt())return k("Session hint present - attempting prompt=none redirect recovery"),await d(),null;k("No session hint - user is likely anonymous, not attempting redirect")}if(on(),await o.isAuthenticated()&&(f.message==="Invalid refresh token"||f.message.includes("Missing Refresh Token"))&&await l.logout(),a)throw g;return null}},async getUser(){return n?await h()?{sub:"local",name:"Local User"}:o?await o.getUser():null:null},async login(a){return m()&&(Mt()||Yt()||qe())?(k("Using popup login for cross-domain auth on Safari/Android/Incognito"),l.loginWithPopup(a)):(k("Using redirect login"),l.loginWithRedirect(a))},async loginWithRedirect(a){const u=s(a);if(u)return o.loginWithRedirect(u)},async loginWithPopup(a){const u=s(a);if(!u)return;await o.loginWithPopup(u,{timeoutInSeconds:1800}),de(),Q(!0);const p=await o.getUser();if(!p)throw new Error("No user found after popup login");const g=new CustomEvent(M.AUTHENTICATED,{detail:{...p,appState:a?.appState},composed:!0,bubbles:!0});window.dispatchEvent(g)&&window.location.reload()},async logout(a={}){if(n&&(localStorage.removeItem(z),localStorage.removeItem(J),ue(),ee(),de(),Oe(M.LOGOUT,{}),!!o))return k(`Logout with options: ${JSON.stringify(a)}`),o.logout({...a,logoutParams:{returnTo:window.location.href,...a.logoutParams||{}}})}};return l}return E.ACCESS_TOKEN_KEY=z,E.REFRESH_TOKEN_KEY=J,E.SESSION_HINT_COOKIE=Re,E.SILENT_AUTH_THROTTLE_KEY=q,E.SILENT_REDIRECT_STATE_KEY=ce,E.createAuth0Plugin=an,Object.defineProperty(E,Symbol.toStringTag,{value:"Module"}),E})({});
+ **/var Ee={d:(o,e)=>{for(var t in e)Ee.o(e,t)&&!Ee.o(o,t)&&Object.defineProperty(o,t,{enumerable:!0,get:e[t]})},o:(o,e)=>Object.prototype.hasOwnProperty.call(o,e)},Pe={};Ee.d(Pe,{A:()=>Vt,k:()=>Ce});var Y=function(o,e,t,n){return new(t||(t=Promise))(function(i,r){function c(m){try{d(n.next(m))}catch(s){r(s)}}function h(m){try{d(n.throw(m))}catch(s){r(s)}}function d(m){var s;m.done?i(m.value):(s=m.value,s instanceof t?s:new t(function(l){l(s)})).then(c,h)}d((n=n.apply(o,[])).next())})},B=function(o,e){var t,n,i,r,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(r[Symbol.iterator]=function(){return this}),r;function h(d){return function(m){return(function(s){if(t)throw new TypeError("Generator is already executing.");for(;r&&(r=0,s[0]&&(c=0)),c;)try{if(t=1,n&&(i=2&s[0]?n.return:s[0]?n.throw||((i=n.return)&&i.call(n),0):n.next)&&!(i=i.call(n,s[1])).done)return i;switch(n=0,i&&(s=[2&s[0],i.value]),s[0]){case 0:case 1:i=s;break;case 4:return c.label++,{value:s[1],done:!1};case 5:c.label++,n=s[1],s=[0];continue;case 7:s=c.ops.pop(),c.trys.pop();continue;default:if(i=c.trys,!((i=i.length>0&&i[i.length-1])||s[0]!==6&&s[0]!==2)){c=0;continue}if(s[0]===3&&(!i||s[1]>i[0]&&s[1]<i[3])){c.label=s[1];break}if(s[0]===6&&c.label<i[1]){c.label=i[1],i=s;break}if(i&&c.label<i[2]){c.label=i[2],c.ops.push(s);break}i[2]&&c.ops.pop(),c.trys.pop();continue}s=e.call(o,c)}catch(l){s=[6,l],n=0}finally{t=i=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}})([d,m])}}};function Ce(){return Y(this,void 0,Promise,function(){return B(this,function(o){switch(o.label){case 0:return[4,new Promise(function(e,t){var n="Unknown",i=!1;function r(a){i||(i=!0,e({isPrivate:a,browserName:n}))}function c(){var a=0,u=parseInt("-1");try{u.toFixed(u)}catch(p){a=p.message.length}return a}function h(){return Y(this,void 0,void 0,function(){var a,u;return B(this,function(p){switch(p.label){case 0:return p.trys.push([0,2,,3]),[4,navigator.storage.getDirectory()];case 1:return p.sent(),r(!1),[3,3];case 2:return a=p.sent(),u=a instanceof Error&&typeof a.message=="string"?a.message:String(a),r(u.includes("unknown transient reason")),[3,3];case 3:return[2]}})})}function d(){var a;return Y(this,void 0,Promise,function(){return B(this,function(u){switch(u.label){case 0:return typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function"?[3,2]:[4,h()];case 1:return u.sent(),[3,3];case 2:navigator.maxTouchPoints!==void 0?(function(){var p=String(Math.random());try{var g=indexedDB.open(p,1);g.onupgradeneeded=function(f){var w=f.target.result,b=function(k){r(k)};try{w.createObjectStore("t",{autoIncrement:!0}).put(new Blob),b(!1)}catch(k){(k instanceof Error&&typeof k.message=="string"?k.message:String(k)).includes("are not yet supported")?b(!0):b(!1)}finally{w.close(),indexedDB.deleteDatabase(p)}},g.onerror=function(){return r(!1)}}catch{r(!1)}})():(function(){var p=window.openDatabase,g=window.localStorage;try{p(null,null,null,null)}catch{return void r(!0)}try{g.setItem("test","1"),g.removeItem("test")}catch{return void r(!0)}r(!1)})(),u.label=3;case 3:return[2]}})})}function m(){navigator.webkitTemporaryStorage.queryUsageAndQuota(function(a,u){var p=Math.round(u/1048576),g=2*Math.round((function(){var f,w,b,k=window;return(b=(w=(f=k?.performance)===null||f===void 0?void 0:f.memory)===null||w===void 0?void 0:w.jsHeapSizeLimit)!==null&&b!==void 0?b:1073741824})()/1048576);r(p<g)},function(a){t(new Error("detectIncognito somehow failed to query storage quota: "+a.message))})}function s(){self.Promise!==void 0&&self.Promise.allSettled!==void 0?m():(0,window.webkitRequestFileSystem)(0,1,function(){r(!1)},function(){r(!0)})}function l(){var a;return Y(this,void 0,Promise,function(){var u,p,g;return B(this,function(f){switch(f.label){case 0:if(typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function")return[3,5];f.label=1;case 1:return f.trys.push([1,3,,4]),[4,navigator.storage.getDirectory()];case 2:return f.sent(),r(!1),[3,4];case 3:return u=f.sent(),p=u instanceof Error&&typeof u.message=="string"?u.message:String(u),r(p.includes("Security error")),[2];case 4:return[3,6];case 5:(g=indexedDB.open("inPrivate")).onerror=function(w){g.error&&g.error.name==="InvalidStateError"&&w.preventDefault(),r(!0)},g.onsuccess=function(){indexedDB.deleteDatabase("inPrivate"),r(!1)},f.label=6;case 6:return[2]}})})}(function(){return Y(this,void 0,Promise,function(){return B(this,function(a){switch(a.label){case 0:return c()!==44&&c()!==43?[3,2]:(n="Safari",[4,d()]);case 1:return a.sent(),[3,6];case 2:return c()!==51?[3,3]:(u=navigator.userAgent,n=u.match(/Chrome/)?navigator.brave!==void 0?"Brave":u.match(/Edg/)?"Edge":u.match(/OPR/)?"Opera":"Chrome":"Chromium",s(),[3,6]);case 3:return c()!==25?[3,5]:(n="Firefox",[4,l()]);case 4:return a.sent(),[3,6];case 5:navigator.msSaveBlob!==void 0?(n="Internet Explorer",r(window.indexedDB===void 0)):t(new Error("detectIncognito cannot determine the browser")),a.label=6;case 6:return[2]}var u})})})().catch(t)})];case 1:return[2,o.sent()]}})})}typeof window<"u"&&(window.detectIncognito=Ce);const Vt=Ce;Pe.A,Pe.k;const Gt="sesamy_incognito_mode";function Qe(){try{const o=sessionStorage.getItem(Gt);return o===null?void 0:o==="true"}catch{return}}function Ae(){return typeof window<"u"}function Yt(){return/^((?!chrome|android).)*safari/i.test(navigator.userAgent)}function Bt(){return/android/i.test(navigator.userAgent)}const z="sesamyAccessToken",F="sesamyRefreshToken",q="sesamySilentAuthThrottle",Re="sesamy_is_authenticated",ce="sesamySilentRedirectState",qt=300*1e3,et=60,Qt=["login_required","consent_required","interaction_required","timeout","Timeout","access_denied"],en=64;function tt(o){const e=o.split(".");if(e.length!==3)return null;const n=e[1].replace(/-/g,"+").replace(/_/g,"/"),i=decodeURIComponent(atob(n).split("").map(r=>"%"+("00"+r.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(i)}function nt(){if(!Ae())return!1;try{const o=document.cookie.split(";").map(t=>t.trim());if(o.some(t=>t.startsWith(`${Re}=true`))||o.some(t=>t.startsWith("auth0.is.authenticated=true")))return!0;const e=Object.keys(localStorage).filter(t=>t.startsWith("@@auth0spajs@@"));for(const t of e)try{const n=JSON.parse(localStorage.getItem(t)||"{}");if(n?.body?.access_token||n?.body?.refresh_token)return!0}catch{}return!1}catch(o){return v(`Error checking session hint cookie: ${o.message}`),!1}}function Q(o){if(Ae())try{const e=o?2592e3:0,t=window.location.protocol==="https:"?"; Secure":"";document.cookie=`${Re}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`}catch(e){v(`Error setting session hint cookie: ${e.message}`)}}function ue(){Q(!1)}function tn(){try{sessionStorage.setItem(ce,JSON.stringify({timestamp:Date.now()}))}catch{v("Failed to set silent redirect state")}}function le(){try{const o=sessionStorage.getItem(ce);if(o)return JSON.parse(o)}catch{}return null}function ee(){try{sessionStorage.removeItem(ce)}catch{}}function nn(o){const e=o.message||"";return Qt.some(t=>e.includes(t)||o.error===t)}function ot(o){try{const e=new URL(o);return e.hash="",e.toString()}catch{return o.split("#")[0]}}function on(){try{const o=sessionStorage.getItem(q);if(!o)return!1;const{timestamp:e}=JSON.parse(o);return Date.now()-e<qt}catch{return sessionStorage.removeItem(q),!1}}function rn(){try{sessionStorage.setItem(q,JSON.stringify({timestamp:Date.now()}))}catch{v("Failed to set silent auth throttle in sessionStorage")}}function de(){try{sessionStorage.removeItem(q)}catch{}}function U(o){try{const e=new URL(o).hostname,t=e.split(".");if(t.length<=1)return e;const n=["co.uk","com.au","co.nz","co.za","com.br","co.jp","gov.uk","ac.uk","org.uk","net.uk","com.sg","com.my","co.in","co.id","co.th","co.kr","com.mx","com.ar","com.co","com.pe","com.ph","com.pk","com.sa","com.eg","com.ng","co.ke","co.tz","co.zw","co.bw","co.mz","gov.au","edu.au","org.au","net.au","asn.au","id.au"];for(const i of n)if(e.endsWith(`.${i}`)){const r=i.split(".").length+1;return t.slice(-r).join(".")}return t.slice(-2).join(".")}catch{return null}}function sn(o){if(o.domains&&o.domains.length>0){const e=U(window.location.href);if(e){for(const t of o.domains)if(U(`https://${t}`)===e)return v(`Found matching domain in domains array: ${t} for TLD: ${e}`),t;v(`No matching domain found in domains array for TLD: ${e}`)}}if(o.domain)return v(`Using fallback domain property: ${o.domain}`),o.domain}function an(){try{const o=Object.keys(localStorage).filter(e=>e.startsWith("@@auth0spajs@@"));for(const e of o){const t=JSON.parse(localStorage.getItem(e)||"{}");let n;if(typeof t=="object"&&(t.body&&typeof t.body=="object"&&"refresh_token"in t.body?n=t.body.refresh_token:"refresh_token"in t&&(n=t.refresh_token)),n&&typeof n=="string"&&n.length===en)return!0}}catch(o){v(`Error checking for existing auth0 tokens: ${o.message}`)}return!1}function cn(){let o,e,t,n=!1,i=!1,r=!1;Ae()&&window.addEventListener("pageshow",()=>{i=!1,r=!1});async function c(a){if(!a)return null;const u=localStorage.getItem(F);if(!u)return v("No refresh token found in localstorage"),null;const p=new URLSearchParams;p.set("client_id",a.iss),p.set("refresh_token",u),p.set("grant_type","refresh_token");const g=new URL(a.iss);g.pathname="/oauth/token",g.searchParams.set("user_id",a.sub);try{const f=await fetch(g.href,{body:p.toString(),method:"POST",headers:{"content-type":"application/x-www-form-urlencoded"}});if(!f.ok){const b=await f.text().catch(()=>"Unknown error");throw v(`Token refresh failed with status ${f.status}: ${b}`),localStorage.removeItem(F),new Error(`Renew token failed: ${f.status}`)}const w=await f.json();if(!w.access_token)throw v("Token refresh response missing access_token"),new Error("Invalid token response");return w.refresh_token&&localStorage.setItem(F,w.refresh_token),localStorage.setItem(z,w.access_token),w.access_token}catch(f){return v(`Token refresh error: ${f.message}`),localStorage.removeItem(F),localStorage.removeItem(z),await l.logout(),null}}async function h(){const a=localStorage.getItem(z);if(!a)return null;const u=tt(a),p=Date.now()/1e3;if(!u||!u.exp||u.exp<p+et){const g=await c(u);return g||(localStorage.removeItem(z),null)}return a}async function d(){if(r){v("Silent redirect already in progress");return}if(!nt()){v("No session hint cookie - skipping prompt=none redirect for anonymous user");return}const a=le();if(a&&Date.now()-a.timestamp<3e4){v("Recently attempted silent redirect, skipping to prevent loop");return}v("Attempting prompt=none redirect to recover session"),r=!0,tn();try{await o.loginWithRedirect({authorizationParams:{prompt:"none",redirect_uri:ot(window.location.href),organization:e}})}catch(u){v(`Prompt=none redirect failed: ${u.message}`),r=!1,ee()}}function m(){return t?U(window.location.href)!==U(`https://${t}`):!1}function s(a){if(i)return v("Login already in progress"),null;if(i=!0,setTimeout(()=>{i=!1},3e3),localStorage.removeItem(z),!o)throw new Error("Auth0 client not initialized");const u=a?.authorizationParams||{};return{...a,authorizationParams:{organization:e,redirect_uri:ot(window.location.href),ui_locales:Mt(),incognito:Qe(),...u}}}const l={async init(a){if(a.enabled===!1)return;e=a.organization;const u=sn(a);t=u&&!an()?u:Xt("token",a.environment);const p=U(window.location.href)!==U(`https://${t}`),g=U(window.location.href),f=g?`.${g}`:void 0,w={domain:t,clientId:a.clientId,useCookiesForTransactions:!0,legacySameSiteCookie:!1,...f&&{cookieDomain:f},cacheLocation:"localstorage"};(p||a.useRefreshTokens)&&(w.useRefreshTokens=!0),v(`Initializing auth0 client: ${JSON.stringify(w)}`),o=await Ht(w);const b=new URLSearchParams(window.location.search),k=b.get("code"),y=b.get("state"),_=b.get("error");if(_){const C=b.get("error_description");v(`Auth error in URL: ${_}${C?` - ${C}`:""}`);const T=new URL(location.href);T.searchParams.delete("error"),T.searchParams.delete("error_description"),T.searchParams.delete("state"),window.history.replaceState({},document.title,T.toString());const A=le();if(A&&ee(),_==="login_required")v("Silent redirect returned login_required - user is not authenticated"),ue();else if(A)v(`Silent redirect returned ${_} - treating as unauthenticated`),ue();else{const I=C||`Authentication failed: ${_}`;v(`Non-silent auth error, alerting user: ${I}`),setTimeout(()=>{alert(I)},0)}}if(k)if(window.opener)v("Code found in URL, posting to opener"),window.opener.postMessage({type:"authorization_response",response:{code:k,state:y}},window.location.origin);else{v("Code found in URL, handling redirect");const C=window.location.href,T=new URL(location.href),A=T.searchParams;A.delete("code"),A.delete("state"),T.search=A.toString(),window.history.replaceState({},document.title,T.toString()),v("Rewrote url to remove code and state");try{const I=await o.handleRedirectCallback(C);v(`Login result: ${JSON.stringify(I)}`);const L=await o.getUser();if(!L)throw new Error("No user found");v(`User found ${JSON.stringify(L)}`),de(),le()&&(v("Successfully recovered session via prompt=none redirect"),ee()),Q(!0),v(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`),Oe(J.AUTHENTICATED,{...L,appState:I.appState})}catch(I){v(`Error handling redirect: ${I.message}`),le()?(ee(),ue(),v("Silent redirect failed, cleared session hints")):alert("There was an error logging in"),console.error(I)}}n=!0,Oe(J.AUTH_INITIALIZED,{})},async isAuthenticated(){if(!n)return!1;if(await h())return!0;if(!o)return!1;const u=await o.isAuthenticated();return u&&Q(!0),u},async getTokenSilently(a=!0,u=!1){if(!n)return null;const p=await h();if(p)return p;if(!u&&on()){if(v("Silent auth is throttled due to recent failures, skipping request"),a)throw new Error("Silent auth throttled");return null}try{if(!o)return v("Auth client not initialized"),null;let g=await o.getTokenSilently();const f=tt(g),w=Date.now()/1e3;return u&&f?.exp&&f.exp-w<3600+et&&(g=await o.getTokenSilently({cacheMode:"off"})),de(),Q(!0),g}catch(g){const f=g;if(v(`Failed to get token silently: ${f.message}`),nn(f)){if(v("Iframe-based auth blocked by browser privacy restrictions"),nt())return v("Session hint present - attempting prompt=none redirect recovery"),await d(),null;v("No session hint - user is likely anonymous, not attempting redirect")}if(rn(),await o.isAuthenticated()&&(f.message==="Invalid refresh token"||f.message.includes("Missing Refresh Token"))&&await l.logout(),a)throw g;return null}},async getUser(){return n?await h()?{sub:"local",name:"Local User"}:o?await o.getUser():null:null},async login(a){return m()&&(Yt()||Bt()||Qe())?(v("Using popup login for cross-domain auth on Safari/Android/Incognito"),l.loginWithPopup(a)):(v("Using redirect login"),l.loginWithRedirect(a))},async loginWithRedirect(a){const u=s(a);if(u)return o.loginWithRedirect(u)},async loginWithPopup(a){const u=s(a);if(!u)return;await o.loginWithPopup(u,{timeoutInSeconds:1800}),de(),Q(!0);const p=await o.getUser();if(!p)throw new Error("No user found after popup login");const g=new CustomEvent(J.AUTHENTICATED,{detail:{...p,appState:a?.appState},composed:!0,bubbles:!0});window.dispatchEvent(g)&&window.location.reload()},async logout(a={}){if(n&&(localStorage.removeItem(z),localStorage.removeItem(F),ue(),ee(),de(),Oe(J.LOGOUT,{}),!!o))return v(`Logout with options: ${JSON.stringify(a)}`),o.logout({...a,logoutParams:{returnTo:window.location.href,...a.logoutParams||{}}})}};return l}return P.ACCESS_TOKEN_KEY=z,P.REFRESH_TOKEN_KEY=F,P.SESSION_HINT_COOKIE=Re,P.SILENT_AUTH_THROTTLE_KEY=q,P.SILENT_REDIRECT_STATE_KEY=ce,P.createAuth0Plugin=cn,Object.defineProperty(P,Symbol.toStringTag,{value:"Module"}),P})({});