@sesamy/sesamy-js 1.121.0 → 1.122.0

package/dist/auth0-plugin.mjs

@@ -409,12 +409,12 @@ function S(e) {
 	return typeof e == "string" ? ce.encode(e) : le.decode(e);
 }
 function ue(e) {
-	if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new pe(`${e.name} modulusLength must be at least 2048 bits`);
+	if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new fe(`${e.name} modulusLength must be at least 2048 bits`);
 }
 async function de(e, t, n) {
 	if (!1 === n.usages.includes("sign")) throw TypeError("private CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"");
-	let r = `${C(S(JSON.stringify(e)))}.${C(S(JSON.stringify(t)))}`;
-	return `${r}.${C(await crypto.subtle.sign(function(e) {
+	let r = `${w(S(JSON.stringify(e)))}.${w(S(JSON.stringify(t)))}`;
+	return `${r}.${w(await crypto.subtle.sign(function(e) {
 		switch (e.algorithm.name) {
 			case "ECDSA": return {
 				name: e.algorithm.name,
@@ -427,66 +427,66 @@ async function de(e, t, n) {
 			case "RSASSA-PKCS1-v1_5": return ue(e.algorithm), { name: e.algorithm.name };
 			case "Ed25519": return { name: e.algorithm.name };
 		}
-		throw new w();
+		throw new T();
 	}(n), n, S(r)))}`;
 }
-var fe;
-if (Uint8Array.prototype.toBase64) fe = (e) => (e instanceof ArrayBuffer && (e = new Uint8Array(e)), e.toBase64({
+var C;
+if (Uint8Array.prototype.toBase64) C = (e) => (e instanceof ArrayBuffer && (e = new Uint8Array(e)), e.toBase64({
 	alphabet: "base64url",
 	omitPadding: !0
 }));
 else {
 	let e = 32768;
-	fe = (t) => {
+	C = (t) => {
 		t instanceof ArrayBuffer && (t = new Uint8Array(t));
 		let n = [];
 		for (let r = 0; r < t.byteLength; r += e) n.push(String.fromCharCode.apply(null, t.subarray(r, r + e)));
 		return btoa(n.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 	};
 }
-function C(e) {
-	return fe(e);
+function w(e) {
+	return C(e);
 }
-var w = class extends Error {
+var T = class extends Error {
 	constructor(e) {
 		var t;
 		super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
 	}
-}, pe = class extends Error {
+}, fe = class extends Error {
 	constructor(e) {
 		var t;
 		super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
 	}
 };
-function me(e) {
+function pe(e) {
 	switch (e.algorithm.name) {
 		case "RSA-PSS": return function(e) {
 			if (e.algorithm.hash.name === "SHA-256") return "PS256";
-			throw new w("unsupported RsaHashedKeyAlgorithm hash name");
+			throw new T("unsupported RsaHashedKeyAlgorithm hash name");
 		}(e);
 		case "RSASSA-PKCS1-v1_5": return function(e) {
 			if (e.algorithm.hash.name === "SHA-256") return "RS256";
-			throw new w("unsupported RsaHashedKeyAlgorithm hash name");
+			throw new T("unsupported RsaHashedKeyAlgorithm hash name");
 		}(e);
 		case "ECDSA": return function(e) {
 			if (e.algorithm.namedCurve === "P-256") return "ES256";
-			throw new w("unsupported EcKeyAlgorithm namedCurve");
+			throw new T("unsupported EcKeyAlgorithm namedCurve");
 		}(e);
 		case "Ed25519": return "Ed25519";
-		default: throw new w("unsupported CryptoKey algorithm name");
+		default: throw new T("unsupported CryptoKey algorithm name");
 	}
 }
-function he(e) {
+function me(e) {
 	return e instanceof CryptoKey;
 }
-function ge(e) {
-	return he(e) && e.type === "public";
+function he(e) {
+	return me(e) && e.type === "public";
 }
-async function _e(e, t, n, r, i, a) {
+async function ge(e, t, n, r, i, a) {
 	let o = e?.privateKey, s = e?.publicKey;
-	if (!he(c = o) || c.type !== "private") throw TypeError("\"keypair.privateKey\" must be a private CryptoKey");
+	if (!me(c = o) || c.type !== "private") throw TypeError("\"keypair.privateKey\" must be a private CryptoKey");
 	var c;
-	if (!ge(s)) throw TypeError("\"keypair.publicKey\" must be a public CryptoKey");
+	if (!he(s)) throw TypeError("\"keypair.publicKey\" must be a public CryptoKey");
 	if (!0 !== s.extractable) throw TypeError("\"keypair.publicKey.extractable\" must be true");
 	if (typeof t != "string") throw TypeError("\"htu\" must be a string");
 	if (typeof n != "string") throw TypeError("\"htm\" must be a string");
@@ -494,19 +494,19 @@ async function _e(e, t, n, r, i, a) {
 	if (i !== void 0 && typeof i != "string") throw TypeError("\"accessToken\" must be a string or undefined");
 	if (a !== void 0 && (typeof a != "object" || !a || Array.isArray(a))) throw TypeError("\"additional\" must be an object");
 	return de({
-		alg: me(o),
+		alg: pe(o),
 		typ: "dpop+jwt",
-		jwk: await ve(s)
+		jwk: await _e(s)
 	}, Object.assign(Object.assign({}, a), {
 		iat: Math.floor(Date.now() / 1e3),
 		jti: crypto.randomUUID(),
 		htm: n,
 		nonce: r,
 		htu: t,
-		ath: i ? C(await crypto.subtle.digest("SHA-256", S(i))) : void 0
+		ath: i ? w(await crypto.subtle.digest("SHA-256", S(i))) : void 0
 	}), o);
 }
-async function ve(e) {
+async function _e(e) {
 	let { kty: t, e: n, n: r, x: i, y: a, crv: o } = await crypto.subtle.exportKey("jwk", e);
 	return {
 		kty: t,
@@ -517,12 +517,12 @@ async function ve(e) {
 		y: a
 	};
 }
-var ye = [
+var ve = [
 	"authorization_code",
 	"refresh_token",
 	"urn:ietf:params:oauth:grant-type:token-exchange"
 ];
-function be() {
+function ye() {
 	return async function(e, t) {
 		var n;
 		let r;
@@ -561,16 +561,16 @@ function be() {
 			case "Ed25519":
 				r = { name: "Ed25519" };
 				break;
-			default: throw new w();
+			default: throw new T();
 		}
 		return crypto.subtle.generateKey(r, (n = t?.extractable) != null && n, ["sign", "verify"]);
 	}("ES256", { extractable: !1 });
 }
-function xe(e) {
+function be(e) {
 	return async function(e) {
-		if (!ge(e)) throw TypeError("\"publicKey\" must be a public CryptoKey");
+		if (!he(e)) throw TypeError("\"publicKey\" must be a public CryptoKey");
 		if (!0 !== e.extractable) throw TypeError("\"publicKey.extractable\" must be true");
-		let t = await ve(e), n;
+		let t = await _e(e), n;
 		switch (t.kty) {
 			case "EC":
 				n = {
@@ -594,18 +594,18 @@ function xe(e) {
 					n: t.n
 				};
 				break;
-			default: throw new w("unsupported JWK kty");
+			default: throw new T("unsupported JWK kty");
 		}
-		return C(await crypto.subtle.digest({ name: "SHA-256" }, S(JSON.stringify(n))));
+		return w(await crypto.subtle.digest({ name: "SHA-256" }, S(JSON.stringify(n))));
 	}(e.publicKey);
 }
-function Se({ keyPair: e, url: t, method: n, nonce: r, accessToken: i }) {
-	return _e(e, function(e) {
+function xe({ keyPair: e, url: t, method: n, nonce: r, accessToken: i }) {
+	return ge(e, function(e) {
 		let t = new URL(e);
 		return t.search = "", t.hash = "", t.href;
 	}(t), n, r, i);
 }
-var Ce = async (e, t) => {
+var Se = async (e, t) => {
 	let n = await fetch(e, t);
 	return {
 		ok: n.ok,
@@ -613,16 +613,16 @@ var Ce = async (e, t) => {
 		headers: (r = n.headers, [...r].reduce(((e, [t, n]) => (e[t] = n, e)), {}))
 	};
 	var r;
-}, we = async (e, t, n) => {
+}, Ce = async (e, t, n) => {
 	let r = new AbortController(), i;
-	return t.signal = r.signal, Promise.race([Ce(e, t), new Promise(((e, t) => {
+	return t.signal = r.signal, Promise.race([Se(e, t), new Promise(((e, t) => {
 		i = setTimeout((() => {
 			r.abort(), t(/* @__PURE__ */ Error("Timeout when executing 'fetch'"));
 		}), n);
 	}))]).finally((() => {
 		clearTimeout(i);
 	}));
-}, Te = async (e, t, n, r, i, a, o, s) => {
+}, we = async (e, t, n, r, i, a, o, s) => {
 	return c = {
 		auth: {
 			audience: t,
@@ -640,8 +640,8 @@ var Ce = async (e, t) => {
 		}, l.postMessage(c, [n.port2]);
 	}));
 	var c, l;
-}, Ee = async (e, t, n, r, i, a, o = 1e4, s) => i ? Te(e, t, n, r, o, i, a, s) : we(e, r, o);
-async function De(t, n, r, i, a, o, s, c, u, d) {
+}, Te = async (e, t, n, r, i, a, o = 1e4, s) => i ? we(e, t, n, r, o, i, a, s) : Ce(e, r, o);
+async function Ee(t, n, r, i, a, o, s, c, u, d) {
 	if (u) {
 		let e = await u.generateProof({
 			url: t,
@@ -652,7 +652,7 @@ async function De(t, n, r, i, a, o, s, c, u, d) {
 	}
 	let f, p = null;
 	for (let e = 0; e < 3; e++) try {
-		f = await Ee(t, r, i, a, o, s, n, c), p = null;
+		f = await Te(t, r, i, a, o, s, n, c), p = null;
 		break;
 	} catch (e) {
 		p = e;
@@ -665,13 +665,13 @@ async function De(t, n, r, i, a, o, s, c, u, d) {
 		if (h === "missing_refresh_token") throw new te(r, i);
 		if (h === "use_dpop_nonce") {
 			if (!u || !b || d) throw new ne(b);
-			return De(t, n, r, i, a, o, s, c, u, !0);
+			return Ee(t, n, r, i, a, o, s, c, u, !0);
 		}
 		throw new l(h || "request_error", e);
 	}
 	return _;
 }
-async function Oe(t, n) {
+async function De(t, n) {
 	var { baseUrl: r, timeout: i, audience: a, scope: o, auth0Client: c, useFormData: l, useMrrt: u, dpop: d } = t, f = e(t, [
 		"baseUrl",
 		"timeout",
@@ -685,9 +685,9 @@ async function Oe(t, n) {
 	let p = f.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", m = f.grant_type === "refresh_token" && u, h = Object.assign(Object.assign(Object.assign(Object.assign({}, f), p && a && { audience: a }), p && o && { scope: o }), m && {
 		audience: a,
 		scope: o
-	}), ee = l ? x(h) : JSON.stringify(h), te = (g = f.grant_type, ye.includes(g));
+	}), ee = l ? x(h) : JSON.stringify(h), te = (g = f.grant_type, ve.includes(g));
 	var g;
-	return await De(`${r}/oauth/token`, i, a || "default", o, {
+	return await Ee(`${r}/oauth/token`, i, a || "default", o, {
 		method: "POST",
 		body: ee,
 		headers: {
@@ -696,13 +696,13 @@ async function Oe(t, n) {
 		}
 	}, n, l, u, te ? d : void 0);
 }
-var T = (...e) => {
+var E = (...e) => {
 	return (t = e.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(t))).join(" ");
 	var t;
-}, E = (e, t, n) => {
+}, D = (e, t, n) => {
 	let r;
-	return n && (r = e[n]), r ||= e.default, T(r, t);
-}, D = class e {
+	return n && (r = e[n]), r ||= e.default, E(r, t);
+}, O = class e {
 	constructor(e, t = "@@auth0spajs@@", n) {
 		this.prefix = t, this.suffix = n, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
 	}
@@ -731,7 +731,7 @@ var T = (...e) => {
 			clientId: i
 		});
 	}
-}, ke = class {
+}, Oe = class {
 	set(e, t) {
 		localStorage.setItem(e, JSON.stringify(t));
 	}
@@ -749,7 +749,7 @@ var T = (...e) => {
 	allKeys() {
 		return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
 	}
-}, Ae = class {
+}, ke = class {
 	constructor() {
 		this.enclosedCache = function() {
 			let e = {};
@@ -768,7 +768,7 @@ var T = (...e) => {
 			};
 		}();
 	}
-}, je = class {
+}, Ae = class {
 	constructor(e, t, n) {
 		this.cache = e, this.keyManifest = t, this.nowProvider = n || c;
 	}
@@ -817,7 +817,7 @@ var T = (...e) => {
 		};
 	}
 	async set(e) {
-		let t = new D({
+		let t = new O({
 			clientId: e.client_id,
 			scope: e.scope,
 			audience: e.audience
@@ -825,7 +825,7 @@ var T = (...e) => {
 		await this.cache.set(t.toKey(), n), await this.keyManifest?.add(t.toKey());
 	}
 	async remove(e, t, n) {
-		let r = new D({
+		let r = new O({
 			clientId: e,
 			scope: n,
 			audience: t
@@ -849,17 +849,17 @@ var T = (...e) => {
 		return this.keyManifest ? (await this.keyManifest.get())?.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
 	}
 	getIdTokenCacheKey(e) {
-		return new D({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
+		return new O({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
 	}
 	matchExistingCacheKey(e, t) {
 		return t.filter(((t) => {
-			let n = D.fromKey(t), r = new Set(n.scope && n.scope.split(" ")), i = e.scope?.split(" ") || [], a = n.scope && i.reduce(((e, t) => e && r.has(t)), !0);
+			let n = O.fromKey(t), r = new Set(n.scope && n.scope.split(" ")), i = e.scope?.split(" ") || [], a = n.scope && i.reduce(((e, t) => e && r.has(t)), !0);
 			return n.prefix === "@@auth0spajs@@" && n.clientId === e.clientId && n.audience === e.audience && a;
 		}))[0];
 	}
 	async getEntryWithRefreshToken(e, t) {
 		for (let n of t) {
-			let t = D.fromKey(n);
+			let t = O.fromKey(n);
 			if (t.prefix === "@@auth0spajs@@" && t.clientId === e.clientId) {
 				let t = await this.cache.get(n);
 				if (t?.body?.refresh_token) return this.modifiedCachedEntry(t, e);
@@ -876,7 +876,7 @@ var T = (...e) => {
 			}
 		}
 	}
-}, Me = class {
+}, je = class {
 	constructor(e, t, n) {
 		this.storage = e, this.clientId = t, this.cookieDomain = n, this.storageKey = `a0.spajs.txs.${this.clientId}`;
 	}
@@ -892,14 +892,14 @@ var T = (...e) => {
 	remove() {
 		this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
 	}
-}, O = (e) => typeof e == "number", Ne = /* @__PURE__ */ "iss.aud.exp.nbf.iat.jti.azp.nonce.auth_time.at_hash.c_hash.acr.amr.sub_jwk.cnf.sip_from_tag.sip_date.sip_callid.sip_cseq_num.sip_via_branch.orig.dest.mky.events.toe.txn.rph.sid.vot.vtm".split("."), Pe = (e) => {
+}, k = (e) => typeof e == "number", Me = /* @__PURE__ */ "iss.aud.exp.nbf.iat.jti.azp.nonce.auth_time.at_hash.c_hash.acr.amr.sub_jwk.cnf.sip_from_tag.sip_date.sip_callid.sip_cseq_num.sip_via_branch.orig.dest.mky.events.toe.txn.rph.sid.vot.vtm".split("."), Ne = (e) => {
 	if (!e.id_token) throw Error("ID token is required but missing");
 	let t = ((e) => {
 		let t = e.split("."), [n, r, i] = t;
 		if (t.length !== 3 || !n || !r || !i) throw Error("ID token could not be decoded");
 		let a = JSON.parse(oe(r)), o = { __raw: e }, s = {};
 		return Object.keys(a).forEach(((e) => {
-			o[e] = a[e], Ne.includes(e) || (s[e] = a[e]);
+			o[e] = a[e], Me.includes(e) || (s[e] = a[e]);
 		})), {
 			encoded: {
 				header: n,
@@ -927,16 +927,16 @@ var T = (...e) => {
 		if (!t.claims.nonce) throw Error("Nonce (nonce) claim must be a string present in the ID token");
 		if (t.claims.nonce !== e.nonce) throw Error(`Nonce (nonce) claim mismatch in the ID token; expected "${e.nonce}", found "${t.claims.nonce}"`);
 	}
-	if (e.max_age && !O(t.claims.auth_time)) throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
-	if (t.claims.exp == null || !O(t.claims.exp)) throw Error("Expiration Time (exp) claim must be a number present in the ID token");
-	if (!O(t.claims.iat)) throw Error("Issued At (iat) claim must be a number present in the ID token");
+	if (e.max_age && !k(t.claims.auth_time)) throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
+	if (t.claims.exp == null || !k(t.claims.exp)) throw Error("Expiration Time (exp) claim must be a number present in the ID token");
+	if (!k(t.claims.iat)) throw Error("Issued At (iat) claim must be a number present in the ID token");
 	let n = e.leeway || 60, r = new Date(e.now || Date.now()), i = /* @__PURE__ */ new Date(0);
 	if (i.setUTCSeconds(t.claims.exp + n), r > i) throw Error(`Expiration Time (exp) claim error in the ID token; current time (${r}) is after expiration time (${i})`);
-	if (t.claims.nbf != null && O(t.claims.nbf)) {
+	if (t.claims.nbf != null && k(t.claims.nbf)) {
 		let e = /* @__PURE__ */ new Date(0);
 		if (e.setUTCSeconds(t.claims.nbf - n), r < e) throw Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${r}) is before ${e}`);
 	}
-	if (t.claims.auth_time != null && O(t.claims.auth_time)) {
+	if (t.claims.auth_time != null && k(t.claims.auth_time)) {
 		let i = /* @__PURE__ */ new Date(0);
 		if (i.setUTCSeconds(parseInt(t.claims.auth_time) + e.max_age + n), r > i) throw Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${r}) is after last auth at ${i}`);
 	}
@@ -953,7 +953,7 @@ var T = (...e) => {
 		}
 	}
 	return t;
-}, k = r((function(e, n) {
+}, A = r((function(e, n) {
 	var r = t && t.__assign || function() {
 		return r = Object.assign || function(e) {
 			for (var t, n = 1, r = arguments.length; n < r; n++) for (var i in t = arguments[n]) Object.prototype.hasOwnProperty.call(t, i) && (e[i] = t[i]);
@@ -996,10 +996,10 @@ var T = (...e) => {
 		c(e, "", r(r({}, t), { expires: -1 }));
 	};
 }));
-n(k), k.encode, k.parse, k.getAll;
-var Fe = k.get, Ie = k.set, Le = k.remove, A = {
+n(A), A.encode, A.parse, A.getAll;
+var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
 	get(e) {
-		let t = Fe(e);
+		let t = Pe(e);
 		if (t !== void 0) return JSON.parse(t);
 	},
 	save(e, t, n) {
@@ -1007,25 +1007,25 @@ var Fe = k.get, Ie = k.set, Le = k.remove, A = {
 		window.location.protocol === "https:" && (r = {
 			secure: !0,
 			sameSite: "none"
-		}), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Ie(e, JSON.stringify(t), r);
+		}), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Fe(e, JSON.stringify(t), r);
 	},
 	remove(e, t) {
 		let n = {};
-		t != null && t.cookieDomain && (n.domain = t.cookieDomain), Le(e, n);
+		t != null && t.cookieDomain && (n.domain = t.cookieDomain), Ie(e, n);
 	}
-}, Re = {
+}, Le = {
 	get(e) {
-		return A.get(e) || A.get(`_legacy_${e}`);
+		return j.get(e) || j.get(`_legacy_${e}`);
 	},
 	save(e, t, n) {
 		let r = {};
-		window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Ie(`_legacy_${e}`, JSON.stringify(t), r), A.save(e, t, n);
+		window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Fe(`_legacy_${e}`, JSON.stringify(t), r), j.save(e, t, n);
 	},
 	remove(e, t) {
 		let n = {};
-		t != null && t.cookieDomain && (n.domain = t.cookieDomain), Le(e, n), A.remove(e, t), A.remove(`_legacy_${e}`, t);
+		t != null && t.cookieDomain && (n.domain = t.cookieDomain), Ie(e, n), j.remove(e, t), j.remove(`_legacy_${e}`, t);
 	}
-}, ze = {
+}, Re = {
 	get(e) {
 		if (typeof sessionStorage > "u") return;
 		let t = sessionStorage.getItem(e);
@@ -1037,11 +1037,11 @@ var Fe = k.get, Ie = k.set, Le = k.remove, A = {
 	remove(e) {
 		sessionStorage.removeItem(e);
 	}
-}, j;
+}, M;
 (function(e) {
 	e.Code = "code", e.ConnectCode = "connect_code";
-})(j ||= {});
-function Be(e, t, n) {
+})(M ||= {});
+function ze(e, t, n) {
 	var r = t === void 0 ? null : t, i = function(e, t) {
 		var n = atob(e);
 		if (t) {
@@ -1052,12 +1052,12 @@ function Be(e, t, n) {
 	}(e, n !== void 0 && n), a = i.indexOf("\n", 10) + 1, o = i.substring(a) + (r ? "//# sourceMappingURL=" + r : ""), s = new Blob([o], { type: "application/javascript" });
 	return URL.createObjectURL(s);
 }
-var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", He = null, Ue = !1, function(e) {
-	return We ||= Be(Ve, He, Ue), new Worker(We, e);
-}), M = {}, Ke = async (e, t = 3) => {
+var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", Ve = null, He = !1, function(e) {
+	return Ue ||= ze(Be, Ve, He), new Worker(Ue, e);
+}), N = {}, Ge = async (e, t = 3) => {
 	for (let n = 0; n < t; n++) if (await e()) return !0;
 	return !1;
-}, qe = class {
+}, Ke = class {
 	constructor(e, t) {
 		this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
 	}
@@ -1081,19 +1081,19 @@ var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
 	createManifestKeyFrom(e) {
 		return `@@auth0spajs@@::${e}`;
 	}
-}, Je = {
-	memory: () => new Ae().enclosedCache,
-	localstorage: () => new ke()
-}, Ye = (e) => Je[e], Xe = (t) => {
+}, qe = {
+	memory: () => new ke().enclosedCache,
+	localstorage: () => new Oe()
+}, Je = (e) => qe[e], Ye = (t) => {
 	let { openUrl: n, onRedirect: r } = t, i = e(t, ["openUrl", "onRedirect"]);
 	return Object.assign(Object.assign({}, i), { openUrl: !1 === n || n ? n : r });
-}, Ze = (e, t) => {
+}, Xe = (e, t) => {
 	let n = t?.split(" ") || [];
 	return (e?.split(" ") || []).every(((e) => n.includes(e)));
-}, N = {
+}, P = {
 	NONCE: "nonce",
 	KEYPAIR: "keypair"
-}, Qe = class {
+}, Ze = class {
 	constructor(e) {
 		this.clientId = e;
 	}
@@ -1103,7 +1103,7 @@ var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
 	createDbHandle() {
 		let e = window.indexedDB.open("auth0-spa-js", this.getVersion());
 		return new Promise(((t, n) => {
-			e.onupgradeneeded = () => Object.values(N).forEach(((t) => e.result.createObjectStore(t))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
+			e.onupgradeneeded = () => Object.values(P).forEach(((t) => e.result.createObjectStore(t))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
 		}));
 	}
 	async getDbHandle() {
@@ -1120,19 +1120,19 @@ var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
 		return `${this.clientId}::${t}`;
 	}
 	setNonce(e, t) {
-		return this.save(N.NONCE, this.buildKey(t), e);
+		return this.save(P.NONCE, this.buildKey(t), e);
 	}
 	setKeyPair(e) {
-		return this.save(N.KEYPAIR, this.buildKey(), e);
+		return this.save(P.KEYPAIR, this.buildKey(), e);
 	}
 	async save(e, t, n) {
 		await this.executeDbRequest(e, "readwrite", ((e) => e.put(n, t)));
 	}
 	findNonce(e) {
-		return this.find(N.NONCE, this.buildKey(e));
+		return this.find(P.NONCE, this.buildKey(e));
 	}
 	findKeyPair() {
-		return this.find(N.KEYPAIR, this.buildKey());
+		return this.find(P.KEYPAIR, this.buildKey());
 	}
 	find(e, t) {
 		return this.executeDbRequest(e, "readonly", ((e) => e.get(t)));
@@ -1144,14 +1144,14 @@ var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
 		return this.deleteBy(e, ((e) => typeof e == "string" && e.startsWith(`${t}::`)));
 	}
 	clearNonces() {
-		return this.deleteByClientId(N.NONCE, this.clientId);
+		return this.deleteByClientId(P.NONCE, this.clientId);
 	}
 	clearKeyPairs() {
-		return this.deleteByClientId(N.KEYPAIR, this.clientId);
+		return this.deleteByClientId(P.KEYPAIR, this.clientId);
 	}
-}, $e = class {
+}, Qe = class {
 	constructor(e) {
-		this.storage = new Qe(e);
+		this.storage = new Ze(e);
 	}
 	getNonce(e) {
 		return this.storage.findNonce(e);
@@ -1161,23 +1161,23 @@ var Ve, He, Ue, We, Ge = (Ve = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
 	}
 	async getOrGenerateKeyPair() {
 		let e = await this.storage.findKeyPair();
-		return e || (e = await be(), await this.storage.setKeyPair(e)), e;
+		return e || (e = await ye(), await this.storage.setKeyPair(e)), e;
 	}
 	async generateProof(e) {
 		let t = await this.getOrGenerateKeyPair();
-		return Se(Object.assign({ keyPair: t }, e));
+		return xe(Object.assign({ keyPair: t }, e));
 	}
 	async calculateThumbprint() {
-		return xe(await this.getOrGenerateKeyPair());
+		return be(await this.getOrGenerateKeyPair());
 	}
 	async clear() {
 		await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
 	}
-}, P;
+}, F;
 (function(e) {
 	e.Bearer = "Bearer", e.DPoP = "DPoP";
-})(P ||= {});
-var et = class {
+})(F ||= {});
+var $e = class {
 	constructor(e, t) {
 		this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
 	}
@@ -1202,7 +1202,7 @@ var et = class {
 		let n = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), r = e instanceof Request ? new Request(n, e) : n;
 		return new Request(r, t);
 	}
-	setAuthorizationHeader(e, t, n = P.Bearer) {
+	setAuthorizationHeader(e, t, n = F.Bearer) {
 		e.headers.set("authorization", `${n} ${t}`);
 	}
 	async setDpopProofHeader(e, t) {
@@ -1217,7 +1217,7 @@ var et = class {
 	}
 	async prepareRequest(e, t) {
 		let n = await this.getAccessToken(t), r, i;
-		typeof n == "string" ? (r = this.config.dpopNonceId ? P.DPoP : P.Bearer, i = n) : (r = n.token_type, i = n.access_token), this.setAuthorizationHeader(e, i, r), r === P.DPoP && await this.setDpopProofHeader(e, i);
+		typeof n == "string" ? (r = this.config.dpopNonceId ? F.DPoP : F.Bearer, i = n) : (r = n.token_type, i = n.access_token), this.setAuthorizationHeader(e, i, r), r === F.DPoP && await this.setDpopProofHeader(e, i);
 	}
 	getHeader(e, t) {
 		return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
@@ -1243,7 +1243,7 @@ var et = class {
 		let r = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, r), { onUseDpopNonceError: void 0 }), n) };
 		return this.internalFetchWithAuth(e, t, r, n);
 	}
-}, tt = class {
+}, et = class {
 	constructor(e, t) {
 		this.myAccountFetcher = e, this.apiBase = t;
 	}
@@ -1268,7 +1268,7 @@ var et = class {
 		try {
 			t = await e.text(), t = JSON.parse(t);
 		} catch (n) {
-			throw new nt({
+			throw new tt({
 				type: "invalid_json",
 				status: e.status,
 				title: "Invalid JSON response",
@@ -1276,50 +1276,50 @@ var et = class {
 			});
 		}
 		if (e.ok) return t;
-		throw new nt(t);
+		throw new tt(t);
 	}
-}, nt = class e extends Error {
+}, tt = class e extends Error {
 	constructor({ type: t, status: n, title: r, detail: i, validation_errors: a }) {
 		super(i), this.name = "MyAccountApiError", this.type = t, this.status = n, this.title = r, this.detail = i, this.validation_errors = a, Object.setPrototypeOf(this, e.prototype);
 	}
-}, F = new a(), rt = class {
+}, I = new a(), nt = class {
 	constructor(e) {
 		let t, n;
-		if (this.userCache = new Ae().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = {
+		if (this.userCache = new ke().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = {
 			authorizationParams: { scope: "openid profile email" },
 			useRefreshTokensFallback: !1,
 			useFormData: !0
 		}, this._releaseLockOnPageHide = async () => {
 			let e = Array.from(this.activeLockKeys);
-			for (let t of e) await F.releaseLock(t);
+			for (let t of e) await I.releaseLock(t);
 			this.activeLockKeys.clear(), window.removeEventListener("pagehide", this._releaseLockOnPageHide);
 		}, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
 			if (!v()) throw Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
 			if (v().subtle === void 0) throw Error("\n      auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n    ");
 		})(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) n = e.cache;
 		else {
-			if (t = e.cacheLocation || "memory", !Ye(t)) throw Error(`Invalid cache location "${t}"`);
-			n = Ye(t)();
+			if (t = e.cacheLocation || "memory", !Je(t)) throw Error(`Invalid cache location "${t}"`);
+			n = Je(t)();
 		}
-		this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ? A : Re, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((e) => `auth0.${e}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
-		let r = e.useCookiesForTransactions ? this.cookieStorage : ze;
+		this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ? j : Le, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((e) => `auth0.${e}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
+		let r = e.useCookiesForTransactions ? this.cookieStorage : Re;
 		var i;
 		this.scope = ((e, t, ...n) => {
-			if (typeof e != "object") return { default: T(t, e, ...n) };
-			let r = { default: T(t, ...n) };
+			if (typeof e != "object") return { default: E(t, e, ...n) };
+			let r = { default: E(t, ...n) };
 			return Object.keys(e).forEach(((i) => {
 				let a = e[i];
-				r[i] = T(t, a, ...n);
+				r[i] = E(t, a, ...n);
 			})), r;
-		})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new Me(r, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || c, this.cacheManager = new je(n, n.allKeys ? void 0 : new qe(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new $e(this.options.clientId) : void 0, this.domainUrl = (i = this.options.domain, /^https?:\/\//.test(i) ? i : `https://${i}`), this.tokenIssuer = ((e, t) => e ? e.startsWith("https://") ? e : `https://${e}/` : `${t}/`)(this.options.issuer, this.domainUrl);
+		})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new je(r, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || c, this.cacheManager = new Ae(n, n.allKeys ? void 0 : new Ke(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Qe(this.options.clientId) : void 0, this.domainUrl = (i = this.options.domain, /^https?:\/\//.test(i) ? i : `https://${i}`), this.tokenIssuer = ((e, t) => e ? e.startsWith("https://") ? e : `https://${e}/` : `${t}/`)(this.options.issuer, this.domainUrl);
 		let a = `${this.domainUrl}/me/`;
-		this.myAccountApi = new tt(this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({
+		this.myAccountApi = new et(this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({
 			authorizationParams: {
 				scope: "create:me:connected_accounts",
 				audience: a
 			},
 			detailedResponse: !0
-		}) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new Ge());
+		}) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new We());
 	}
 	_url(e) {
 		let t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client || s)));
@@ -1330,7 +1330,7 @@ var et = class {
 	}
 	async _verifyIdToken(e, t, n) {
 		let r = await this.nowProvider();
-		return Pe({
+		return Ne({
 			iss: this.tokenIssuer,
 			aud: this.options.clientId,
 			id_token: e,
@@ -1350,7 +1350,7 @@ var et = class {
 	}
 	async _prepareAuthorizeUrl(e, t, n) {
 		let r = b(y()), i = b(y()), a = y(), o = se(await ae(a)), s = await this.dpop?.calculateThumbprint(), c = ((e, t, n, r, i, a, o, s, c) => Object.assign(Object.assign(Object.assign({ client_id: e.clientId }, e.authorizationParams), n), {
-			scope: E(t, n.scope, n.audience),
+			scope: D(t, n.scope, n.audience),
 			response_type: "code",
 			response_mode: s || "query",
 			state: r,
@@ -1411,14 +1411,14 @@ var et = class {
 		return (await this._getIdTokenFromCache())?.decodedToken?.claims;
 	}
 	async loginWithRedirect(t = {}) {
-		let n = Xe(t), { openUrl: r, fragment: i, appState: a } = n, o = e(n, [
+		let n = Ye(t), { openUrl: r, fragment: i, appState: a } = n, o = e(n, [
 			"openUrl",
 			"fragment",
 			"appState"
 		]), s = o.authorizationParams?.organization || this.options.authorizationParams.organization, c = await this._prepareAuthorizeUrl(o.authorizationParams || {}), { url: l } = c, u = e(c, ["url"]);
 		this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, u), {
 			appState: a,
-			response_type: j.Code
+			response_type: M.Code
 		}), s && { organization: s }));
 		let d = i ? `${l}#${i}` : l;
 		r ? await r(d) : window.location.assign(d);
@@ -1440,7 +1440,7 @@ var et = class {
 				error_description: t.get("error_description") || void 0
 			};
 		})(t.join(""));
-		return n.response_type === j.ConnectCode ? this._handleConnectAccountRedirectCallback(r, n) : this._handleLoginRedirectCallback(r, n);
+		return n.response_type === M.ConnectCode ? this._handleConnectAccountRedirectCallback(r, n) : this._handleLoginRedirectCallback(r, n);
 	}
 	async _handleLoginRedirectCallback(e, t) {
 		let { code: n, state: r, error: i, error_description: a } = e;
@@ -1458,7 +1458,7 @@ var et = class {
 			organization: o
 		}), {
 			appState: t.appState,
-			response_type: j.Code
+			response_type: M.Code
 		};
 	}
 	async _handleConnectAccountRedirectCallback(e, t) {
@@ -1474,7 +1474,7 @@ var et = class {
 		});
 		return Object.assign(Object.assign({}, o), {
 			appState: t.appState,
-			response_type: j.ConnectCode
+			response_type: M.ConnectCode
 		});
 	}
 	async checkSession(e) {
@@ -1490,11 +1490,11 @@ var et = class {
 		} catch {}
 	}
 	async getTokenSilently(e = {}) {
-		let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: E(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) }), n = await ((e, t) => {
-			let n = M[t];
+		let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: D(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) }), n = await ((e, t) => {
+			let n = N[t];
 			return n || (n = e().finally((() => {
-				delete M[t], n = null;
-			})), M[t] = n), n;
+				delete N[t], n = null;
+			})), N[t] = n), n;
 		})((() => this._getTokenSilently(t)), `${this.options.clientId}::${t.authorizationParams.audience}::${t.authorizationParams.scope}`);
 		return e.detailedResponse ? n : n?.access_token;
 	}
@@ -1512,7 +1512,7 @@ var et = class {
 		if (n === "cache-only") return;
 		let i = (a = this.options.clientId, o = r.authorizationParams.audience || "default", `auth0.lock.getTokenSilently.${a}.${o}`);
 		var a, o;
-		if (!await Ke((() => F.acquireLock(i, 5e3)), 10)) throw new f();
+		if (!await Ge((() => I.acquireLock(i, 5e3)), 10)) throw new f();
 		this.activeLockKeys.add(i), this.activeLockKeys.size === 1 && window.addEventListener("pagehide", this._releaseLockOnPageHide);
 		try {
 			if (n !== "off") {
@@ -1530,12 +1530,12 @@ var et = class {
 				access_token: i
 			}, a ? { scope: a } : null), { expires_in: o });
 		} finally {
-			await F.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
+			await I.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
 		}
 	}
 	async getTokenWithPopup(e = {}, t = {}) {
-		let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: E(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) });
-		return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new D({
+		let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: D(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) });
+		return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new O({
 			scope: n.authorizationParams.scope,
 			audience: n.authorizationParams.audience || "default",
 			clientId: this.options.clientId
@@ -1550,14 +1550,14 @@ var et = class {
 		return this._url(`/v2/logout?${x(Object.assign({ clientId: t.clientId }, i))}`) + a;
 	}
 	async logout(t = {}) {
-		let n = Xe(t), { openUrl: r } = n, i = e(n, ["openUrl"]);
+		let n = Ye(t), { openUrl: r } = n, i = e(n, ["openUrl"]);
 		t.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(t.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await this.dpop?.clear();
 		let a = this._buildLogoutUrl(i);
 		r ? await r(a) : !1 !== r && window.location.assign(a);
 	}
 	async _getTokenFromIFrame(e) {
 		let t = `auth0.lock.getTokenFromIFrame.${this.options.clientId}`;
-		if (!await Ke((() => F.acquireLock(t, 5e3)), 10)) throw new f();
+		if (!await Ge((() => I.acquireLock(t, 5e3)), 10)) throw new f();
 		try {
 			let t = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), n = this.cookieStorage.get(this.orgHintCookieName);
 			n && !t.organization && (t.organization = n);
@@ -1602,11 +1602,11 @@ var et = class {
 		} catch (e) {
 			throw e.error === "login_required" && this.logout({ openUrl: !1 }), e;
 		} finally {
-			await F.releaseLock(t);
+			await I.releaseLock(t);
 		}
 	}
 	async _getTokenUsingRefreshToken(e) {
-		let t = await this.cacheManager.get(new D({
+		let t = await this.cacheManager.get(new O({
 			scope: e.authorizationParams.scope,
 			audience: e.authorizationParams.audience || "default",
 			clientId: this.options.clientId
@@ -1629,7 +1629,7 @@ var et = class {
 				refresh_token: t && t.refresh_token,
 				redirect_uri: n
 			}), r && { timeout: r }), { scopesToRequest: i });
-			if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !Ze(c, o)) && !Ze(i, l.scope))) {
+			if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !Xe(c, o)) && !Xe(i, l.scope))) {
 				if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
 				await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
 				let t = ((e, t) => {
@@ -1657,7 +1657,7 @@ var et = class {
 		}), await this.cacheManager.setIdToken(this.options.clientId, t.id_token, t.decodedToken), await this.cacheManager.set(i);
 	}
 	async _getIdTokenFromCache() {
-		let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new D({
+		let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new O({
 			clientId: this.options.clientId,
 			audience: e,
 			scope: t
@@ -1665,7 +1665,7 @@ var et = class {
 		return n && n.id_token === r?.id_token ? r : (this.userCache.set("@@user@@", n), n);
 	}
 	async _getEntryFromCache({ scope: e, audience: t, clientId: n, cacheMode: r }) {
-		let i = await this.cacheManager.get(new D({
+		let i = await this.cacheManager.get(new O({
 			scope: e,
 			audience: t,
 			clientId: n
@@ -1681,7 +1681,7 @@ var et = class {
 	}
 	async _requestToken(e, t) {
 		var n;
-		let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await Oe(Object.assign(Object.assign({
+		let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await De(Object.assign(Object.assign({
 			baseUrl: this.domainUrl,
 			client_id: this.options.clientId,
 			auth0Client: this.options.auth0Client,
@@ -1708,7 +1708,7 @@ var et = class {
 			grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
 			subject_token: e.subject_token,
 			subject_token_type: e.subject_token_type,
-			scope: E(this.scope, e.scope, e.audience || this.options.authorizationParams.audience),
+			scope: D(this.scope, e.scope, e.audience || this.options.authorizationParams.audience),
 			audience: e.audience || this.options.authorizationParams.audience,
 			organization: e.organization || this.options.authorizationParams.organization
 		});
@@ -1726,7 +1726,7 @@ var et = class {
 		return this._assertDpop(this.dpop), this.dpop.generateProof(e);
 	}
 	createFetcher(e = {}) {
-		return new et(e, {
+		return new $e(e, {
 			isDpopEnabled: () => !!this.options.useDpop,
 			getAccessToken: (e) => this.getTokenSilently({
 				authorizationParams: {
@@ -1759,20 +1759,20 @@ var et = class {
 			redirect_uri: o,
 			appState: n,
 			connection: r,
-			response_type: j.ConnectCode
+			response_type: M.ConnectCode
 		});
 		let p = new URL(u);
 		p.searchParams.set("ticket", d.ticket), t ? await t(p.toString()) : window.location.assign(p);
 	}
 };
-async function it(e) {
-	let t = new rt(e);
+async function rt(e) {
+	let t = new nt(e);
 	return await t.checkSession(), t;
 }
 //#endregion
 //#region src/controllers/debug.ts
-var at = "sesamy-debug";
-function ot(e) {
+var it = "sesamy-debug";
+function at(e) {
 	if (typeof document > "u") return null;
 	let t = e + "=", n = document.cookie.split(";");
 	for (let e = 0; e < n.length; e++) {
@@ -1782,62 +1782,62 @@ function ot(e) {
 	}
 	return null;
 }
-function st() {
-	return ot(at) === "true";
+function ot() {
+	return at(it) === "true";
 }
 //#endregion
 //#region src/controllers/logger.ts
-function I(e) {
-	st() && console.log(e);
+function L(e) {
+	ot() && console.log(e);
 }
 //#endregion
 //#region src/types/Events.ts
-var L = /* @__PURE__ */ function(e) {
+var R = /* @__PURE__ */ function(e) {
 	return e.AUTH_INITIALIZED = "sesamyJsAuthInitialized", e.READY = "sesamyJsReady", e.AUTHENTICATED = "sesamyJsAuthenticated", e.LOGOUT = "sesamyJsLogout", e.CLEAR_CACHE = "sesamyJsClearCache", e.USER_ATTRIBUTE_CHANGED = "sesamyUserAttributeChanged", e.PURCHASE = "sesamyJsPurchase", e.CONSENT_CHANGED = "sesamyJsConsentChanged", e;
 }({});
 //#endregion
 //#region src/events/ready.ts
-function ct(e, t) {
+function st(e, t) {
 	let n = new CustomEvent(e, {
 		detail: t,
 		bubbles: !0,
 		composed: !0
 	});
-	I(`Triggering event: ${e}`), dispatchEvent(n);
+	L(`Triggering event: ${e}`), dispatchEvent(n);
 }
-function R(e, t) {
-	typeof window > "u" || (e === L.READY && document.readyState === "loading" ? document.addEventListener("DOMContentLoaded", () => ct(e, t), { once: !0 }) : ct(e, t));
+function z(e, t) {
+	typeof window > "u" || (e === R.READY && document.readyState === "loading" ? document.addEventListener("DOMContentLoaded", () => st(e, t), { once: !0 }) : st(e, t));
 }
 //#endregion
 //#region src/constants.ts
-var lt = "sesamy.com", ut = "sesamy.dev";
+var ct = "sesamy.com", lt = "sesamy.dev";
 //#endregion
 //#region src/services/config/index.ts
-function dt(e, t) {
-	return `${e}.${t === "dev" ? ut : lt}`;
+function ut(e, t) {
+	return `${e}.${t === "dev" ? lt : ct}`;
 }
 //#endregion
 //#region src/utils/language.ts
-function ft() {
+function dt() {
 	let e = (document.documentElement.getAttribute("lang") ?? navigator.language ?? "en").split("-")[0]?.toLowerCase() ?? "en";
 	return e === "nn" && (e = "nb"), e;
 }
 //#endregion
 //#region ../../node_modules/.pnpm/detectincognitojs@1.6.2/node_modules/detectincognitojs/dist/detectIncognito.esm.js
-var z = {
+var B = {
 	d: (e, t) => {
-		for (var n in t) z.o(t, n) && !z.o(e, n) && Object.defineProperty(e, n, {
+		for (var n in t) B.o(t, n) && !B.o(e, n) && Object.defineProperty(e, n, {
 			enumerable: !0,
 			get: t[n]
 		});
 	},
 	o: (e, t) => Object.prototype.hasOwnProperty.call(e, t)
-}, B = {};
-z.d(B, {
-	A: () => pt,
-	k: () => U
+}, V = {};
+B.d(V, {
+	A: () => ft,
+	k: () => W
 });
-var V = function(e, t, n, r) {
+var H = function(e, t, n, r) {
 	return new (n ||= Promise)(function(i, a) {
 		function o(e) {
 			try {
@@ -1861,7 +1861,7 @@ var V = function(e, t, n, r) {
 		}
 		c((r = r.apply(e, t || [])).next());
 	});
-}, H = function(e, t) {
+}, U = function(e, t) {
 	var n, r, i, a, o = {
 		label: 0,
 		sent: function() {
@@ -1934,9 +1934,9 @@ var V = function(e, t, n, r) {
 		};
 	}
 };
-function U() {
-	return V(this, void 0, Promise, function() {
-		return H(this, function(e) {
+function W() {
+	return H(this, void 0, Promise, function() {
+		return U(this, function(e) {
 			switch (e.label) {
 				case 0: return [4, new Promise(function(e, t) {
 					var n = "Unknown", r = !1;
@@ -1956,9 +1956,9 @@ function U() {
 						return e;
 					}
 					function o() {
-						return V(this, void 0, void 0, function() {
+						return H(this, void 0, void 0, function() {
 							var e, t;
-							return H(this, function(n) {
+							return U(this, function(n) {
 								switch (n.label) {
 									case 0: return n.trys.push([
 										0,
@@ -1974,8 +1974,8 @@ function U() {
 						});
 					}
 					function s() {
-						return V(this, void 0, Promise, function() {
-							return H(this, function(e) {
+						return H(this, void 0, Promise, function() {
+							return U(this, function(e) {
 								switch (e.label) {
 									case 0: return typeof navigator.storage?.getDirectory == "function" ? [4, o()] : [3, 2];
 									case 1: return e.sent(), [3, 3];
@@ -2038,9 +2038,9 @@ function U() {
 						});
 					}
 					function u() {
-						return V(this, void 0, Promise, function() {
+						return H(this, void 0, Promise, function() {
 							var e, t, n;
-							return H(this, function(r) {
+							return U(this, function(r) {
 								switch (r.label) {
 									case 0:
 										if (typeof navigator.storage?.getDirectory != "function") return [3, 5];
@@ -2065,8 +2065,8 @@ function U() {
 						});
 					}
 					(function() {
-						return V(this, void 0, Promise, function() {
-							return H(this, function(e) {
+						return H(this, void 0, Promise, function() {
+							return U(this, function(e) {
 								switch (e.label) {
 									case 0: return a() !== 44 && a() !== 43 ? [3, 2] : (n = "Safari", [4, s()]);
 									case 1: return e.sent(), [3, 6];
@@ -2086,15 +2086,15 @@ function U() {
 		});
 	});
 }
-typeof window < "u" && (window.detectIncognito = U);
-var pt = U;
-B.A, B.k;
+typeof window < "u" && (window.detectIncognito = W);
+var ft = W;
+V.A, V.k;
 //#endregion
 //#region src/services/browser/detect-incognito.ts
-var mt = "sesamy_incognito_mode";
-function ht() {
+var pt = "sesamy_incognito_mode";
+function mt() {
 	try {
-		let e = sessionStorage.getItem(mt);
+		let e = sessionStorage.getItem(pt);
 		return e === null ? void 0 : e === "true";
 	} catch {
 		return;
@@ -2102,19 +2102,19 @@ function ht() {
 }
 //#endregion
 //#region src/utils/browser.ts
-function gt() {
+function G() {
 	return typeof window < "u";
 }
 //#endregion
 //#region src/utils/domain.ts
-var _t = /* @__PURE__ */ "co.uk,com.au,co.nz,co.za,com.br,co.jp,gov.uk,ac.uk,org.uk,net.uk,com.sg,com.my,co.in,co.id,co.th,co.kr,com.mx,com.ar,com.co,com.pe,com.ph,com.pk,com.sa,com.eg,com.ng,co.ke,co.tz,co.zw,co.bw,co.mz,gov.au,edu.au,org.au,net.au,asn.au,id.au".split(",");
-function W(e) {
+var ht = /* @__PURE__ */ "co.uk,com.au,co.nz,co.za,com.br,co.jp,gov.uk,ac.uk,org.uk,net.uk,com.sg,com.my,co.in,co.id,co.th,co.kr,com.mx,com.ar,com.co,com.pe,com.ph,com.pk,com.sa,com.eg,com.ng,co.ke,co.tz,co.zw,co.bw,co.mz,gov.au,edu.au,org.au,net.au,asn.au,id.au".split(",");
+function K(e) {
 	try {
 		let t = new URL(e).hostname;
 		if (t.startsWith("[") || /^\d{1,3}(\.\d{1,3}){3}$/.test(t)) return t;
 		let n = t.split(".");
 		if (n.length <= 1) return t;
-		for (let e of _t) if (t.endsWith(`.${e}`)) {
+		for (let e of ht) if (t.endsWith(`.${e}`)) {
 			let t = e.split(".").length + 1;
 			return n.slice(-t).join(".");
 		}
@@ -2125,76 +2125,60 @@ function W(e) {
 }
 //#endregion
 //#region src/services/browser/detect-safari.ts
-function vt() {
+function gt() {
 	return /^((?!chrome|android).)*safari/i.test(navigator.userAgent);
 }
-function yt() {
+function _t() {
 	return /android/i.test(navigator.userAgent);
 }
 //#endregion
 //#region src/auth0-plugin.ts
-var G = "sesamyAccessToken", K = "sesamyRefreshToken", q = "sesamySilentAuthThrottle", bt = "sesamy_is_authenticated", J = "sesamySilentRedirectState", xt = 300 * 1e3, St = 60, Ct = [
+var q = "sesamyAccessToken", J = "sesamyRefreshToken", Y = "sesamySilentAuthThrottle", vt = "sesamy_is_authenticated", yt = 300 * 1e3, bt = 60, xt = [
 	"login_required",
 	"consent_required",
 	"interaction_required",
-	"timeout",
-	"Timeout",
 	"access_denied"
-], wt = 64;
-function Tt(e) {
+], St = ["timeout", "Timeout"], Ct = 64;
+function wt(e) {
 	let t = e.split(".");
 	if (t.length !== 3) return null;
 	let n = t[1].replace(/-/g, "+").replace(/_/g, "/"), r = decodeURIComponent(atob(n).split("").map((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join(""));
 	return JSON.parse(r);
 }
-function Et() {
-	if (!gt()) return !1;
+function Tt() {
+	if (!G()) return !1;
 	try {
-		let e = document.cookie.split(";").map((e) => e.trim());
-		if (e.some((e) => e.startsWith("sesamy_is_authenticated=true")) || e.some((e) => e.startsWith("auth0.is.authenticated=true"))) return !0;
-		let t = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
-		for (let e of t) try {
-			let t = JSON.parse(localStorage.getItem(e) || "{}");
-			if (t?.body?.access_token || t?.body?.refresh_token) return !0;
+		if (document.cookie.split(";").map((e) => e.trim()).some((e) => e.startsWith("sesamy_is_authenticated=true"))) return !0;
+		let e = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
+		for (let t of e) try {
+			let e = JSON.parse(localStorage.getItem(t) || "{}");
+			if (e?.body?.access_token || e?.body?.refresh_token) return !0;
 		} catch {}
 		return !1;
 	} catch (e) {
-		return I(`Error checking session hint cookie: ${e.message}`), !1;
+		return L(`Error checking session hint cookie: ${e.message}`), !1;
 	}
 }
-function Y(e) {
-	if (gt()) try {
+function X(e) {
+	if (G()) try {
 		let t = e ? 720 * 60 * 60 : 0, n = window.location.protocol === "https:" ? "; Secure" : "";
-		document.cookie = `${bt}=${e}; path=/; max-age=${t}; SameSite=Lax${n}`;
+		document.cookie = `${vt}=${e}; path=/; max-age=${t}; SameSite=Lax${n}`;
 	} catch (e) {
-		I(`Error setting session hint cookie: ${e.message}`);
-	}
-}
-function X() {
-	Y(!1);
-}
-function Dt() {
-	try {
-		sessionStorage.setItem(J, JSON.stringify({ timestamp: Date.now() }));
-	} catch {
-		I("Failed to set silent redirect state");
+		L(`Error setting session hint cookie: ${e.message}`);
 	}
 }
 function Z() {
-	try {
-		let e = sessionStorage.getItem(J);
-		if (e) return JSON.parse(e);
-	} catch {}
-	return null;
+	X(!1);
 }
-function Q() {
-	try {
-		sessionStorage.removeItem(J);
-	} catch {}
+function Et(e, t) {
+	let n = e.message || "";
+	return t.some((t) => n.includes(t) || e.error === t);
+}
+function Dt(e) {
+	return Et(e, St);
 }
 function Ot(e) {
-	let t = e.message || "";
-	return Ct.some((n) => t.includes(n) || e.error === n);
+	return Et(e, xt);
 }
 function kt(e) {
 	try {
@@ -2204,59 +2188,59 @@ function kt(e) {
 		return e.split("#")[0];
 	}
 }
-function At() {
+function Q() {
 	try {
-		let e = sessionStorage.getItem(q);
+		let e = sessionStorage.getItem(Y);
 		if (!e) return !1;
 		let { timestamp: t } = JSON.parse(e);
-		return Date.now() - t < xt;
+		return Date.now() - t < yt;
 	} catch {
-		return sessionStorage.removeItem(q), !1;
+		return sessionStorage.removeItem(Y), !1;
 	}
 }
-function jt() {
+function At() {
 	try {
-		sessionStorage.setItem(q, JSON.stringify({ timestamp: Date.now() }));
+		sessionStorage.setItem(Y, JSON.stringify({ timestamp: Date.now() }));
 	} catch {
-		I("Failed to set silent auth throttle in sessionStorage");
+		L("Failed to set silent auth throttle in sessionStorage");
 	}
 }
 function $() {
 	try {
-		sessionStorage.removeItem(q);
+		sessionStorage.removeItem(Y);
 	} catch {}
 }
-function Mt(e) {
+function jt(e) {
 	if (e.domains && e.domains.length > 0) {
-		let t = W(window.location.href);
+		let t = K(window.location.href);
 		if (t) {
-			for (let n of e.domains) if (W(`https://${n}`) === t) return I(`Found matching domain in domains array: ${n} for TLD: ${t}`), n;
-			I(`No matching domain found in domains array for TLD: ${t}`);
+			for (let n of e.domains) if (K(`https://${n}`) === t) return L(`Found matching domain in domains array: ${n} for TLD: ${t}`), n;
+			L(`No matching domain found in domains array for TLD: ${t}`);
 		}
 	}
-	if (e.domain) return I(`Using fallback domain property: ${e.domain}`), e.domain;
+	if (e.domain) return L(`Using fallback domain property: ${e.domain}`), e.domain;
 }
-function Nt() {
+function Mt() {
 	try {
 		let e = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
 		for (let t of e) {
 			let e = JSON.parse(localStorage.getItem(t) || "{}"), n;
-			if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length === wt) return !0;
+			if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length === Ct) return !0;
 		}
 	} catch (e) {
-		I(`Error checking for existing auth0 tokens: ${e.message}`);
+		L(`Error checking for existing auth0 tokens: ${e.message}`);
 	}
 	return !1;
 }
-function Pt() {
-	let e, t, n, r = !1, i = !1, a = !1;
-	gt() && window.addEventListener("pageshow", () => {
+function Nt() {
+	let e, t, n, r = !1, i = !1, a = !1, o = !1;
+	G() && window.addEventListener("pageshow", () => {
 		i = !1, a = !1;
 	});
-	async function o(e) {
+	async function s(e) {
 		if (!e) return null;
-		let t = localStorage.getItem(K);
-		if (!t) return I("No refresh token found in localstorage"), null;
+		let t = localStorage.getItem(J);
+		if (!t) return L("No refresh token found in localstorage"), null;
 		let n = new URLSearchParams();
 		n.set("client_id", e.iss), n.set("refresh_token", t), n.set("grant_type", "refresh_token");
 		let r = new URL(e.iss);
@@ -2269,36 +2253,27 @@ function Pt() {
 			});
 			if (!e.ok) {
 				let t = await e.text().catch(() => "Unknown error");
-				throw I(`Token refresh failed with status ${e.status}: ${t}`), localStorage.removeItem(K), Error(`Renew token failed: ${e.status}`);
+				throw L(`Token refresh failed with status ${e.status}: ${t}`), localStorage.removeItem(J), Error(`Renew token failed: ${e.status}`);
 			}
 			let t = await e.json();
-			if (!t.access_token) throw I("Token refresh response missing access_token"), Error("Invalid token response");
-			return t.refresh_token && localStorage.setItem(K, t.refresh_token), localStorage.setItem(G, t.access_token), t.access_token;
+			if (!t.access_token) throw L("Token refresh response missing access_token"), Error("Invalid token response");
+			return t.refresh_token && localStorage.setItem(J, t.refresh_token), localStorage.setItem(q, t.access_token), t.access_token;
 		} catch (e) {
-			return I(`Token refresh error: ${e.message}`), localStorage.removeItem(K), localStorage.removeItem(G), await d.logout(), null;
+			return L(`Token refresh error: ${e.message}`), localStorage.removeItem(J), localStorage.removeItem(q), await f.logout(), null;
 		}
 	}
-	async function s() {
-		let e = localStorage.getItem(G);
+	async function c() {
+		let e = localStorage.getItem(q);
 		if (!e) return null;
-		let t = Tt(e), n = Date.now() / 1e3;
-		return !t || !t.exp || t.exp < n + St ? await o(t) || (localStorage.removeItem(G), null) : e;
+		let t = wt(e), n = Date.now() / 1e3;
+		return !t || !t.exp || t.exp < n + bt ? await s(t) || (localStorage.removeItem(q), null) : e;
 	}
-	async function c() {
+	async function l() {
 		if (a) {
-			I("Silent redirect already in progress");
-			return;
-		}
-		if (!Et()) {
-			I("No session hint cookie - skipping prompt=none redirect for anonymous user");
-			return;
-		}
-		let n = Z();
-		if (n && Date.now() - n.timestamp < 3e4) {
-			I("Recently attempted silent redirect, skipping to prevent loop");
+			L("Silent redirect already in progress");
 			return;
 		}
-		I("Attempting prompt=none redirect to recover session"), a = !0, Dt();
+		L("Attempting prompt=none redirect to recover session"), a = !0;
 		try {
 			await e.loginWithRedirect({ authorizationParams: {
 				prompt: "none",
@@ -2306,36 +2281,36 @@ function Pt() {
 				organization: t
 			} });
 		} catch (e) {
-			I(`Prompt=none redirect failed: ${e.message}`), a = !1, Q();
+			L(`Prompt=none redirect failed: ${e.message}`), a = !1;
 		}
 	}
-	function l() {
-		return n ? W(window.location.href) !== W(`https://${n}`) : !1;
+	function u() {
+		return n ? K(window.location.href) !== K(`https://${n}`) : !1;
 	}
-	function u(n) {
-		if (i) return I("Login already in progress"), null;
+	function d(n) {
+		if (i) return L("Login already in progress"), null;
 		if (i = !0, setTimeout(() => {
 			i = !1;
-		}, 3e3), localStorage.removeItem(G), !e) throw Error("Auth0 client not initialized");
+		}, 3e3), localStorage.removeItem(q), !e) throw Error("Auth0 client not initialized");
 		let r = n?.authorizationParams || {};
 		return {
 			...n,
 			authorizationParams: {
 				organization: t,
 				redirect_uri: kt(window.location.href),
-				ui_locales: ft(),
-				incognito: ht(),
+				ui_locales: dt(),
+				incognito: mt(),
 				...r
 			}
 		};
 	}
-	let d = {
+	let f = {
 		async init(i) {
 			if (i.enabled === !1) return;
 			t = i.organization;
-			let a = Mt(i);
-			n = a && !Nt() ? a : dt("token", i.environment);
-			let o = W(window.location.href) !== W(`https://${n}`), s = W(window.location.href), c = s ? `.${s}` : void 0, l = {
+			let a = jt(i);
+			n = a && !Mt() ? a : ut("token", i.environment), o = K(window.location.href) !== K(`https://${n}`);
+			let s = K(window.location.href), c = s ? `.${s}` : void 0, l = {
 				domain: n,
 				clientId: i.clientId,
 				useCookiesForTransactions: !0,
@@ -2343,24 +2318,24 @@ function Pt() {
 				...c && { cookieDomain: c },
 				cacheLocation: "localstorage"
 			};
-			(o || i.useRefreshTokens) && (l.useRefreshTokens = !0), I(`Initializing auth0 client: ${JSON.stringify(l)}`), e = await it(l);
+			(o || i.useRefreshTokens) && (l.useRefreshTokens = !0), L(`Initializing auth0 client: ${JSON.stringify(l)}`), e = await rt(l);
 			let u = new URLSearchParams(window.location.search), d = u.get("code"), f = u.get("state"), p = u.get("error");
 			if (p) {
 				let e = u.get("error_description");
-				I(`Auth error in URL: ${p}${e ? ` - ${e}` : ""}`);
+				L(`Auth error in URL: ${p}${e ? ` - ${e}` : ""}`);
 				let t = new URL(location.href);
 				t.searchParams.delete("error"), t.searchParams.delete("error_description"), t.searchParams.delete("state"), window.history.replaceState({}, document.title, t.toString());
-				let n = Z();
-				if (n && Q(), p === "login_required") I("Silent redirect returned login_required - user is not authenticated"), X();
-				else if (n) I(`Silent redirect returned ${p} - treating as unauthenticated`), X();
+				let n = Q();
+				if (xt.includes(p)) L("Silent redirect returned no-session - user is not authenticated"), Z();
+				else if (n) L(`Silent redirect returned ${p} - treating as unauthenticated`), Z();
 				else {
 					let t = e || `Authentication failed: ${p}`;
-					I(`Non-silent auth error, alerting user: ${t}`), setTimeout(() => {
+					L(`Non-silent auth error, alerting user: ${t}`), setTimeout(() => {
 						alert(t);
 					}, 0);
 				}
 			}
-			if (d) if (window.opener) I("Code found in URL, posting to opener"), window.opener.postMessage({
+			if (d) if (window.opener) L("Code found in URL, posting to opener"), window.opener.postMessage({
 				type: "authorization_response",
 				response: {
 					code: d,
@@ -2368,73 +2343,74 @@ function Pt() {
 				}
 			}, window.location.origin);
 			else {
-				I("Code found in URL, handling redirect");
+				L("Code found in URL, handling redirect");
 				let t = window.location.href, n = new URL(location.href), r = n.searchParams;
-				r.delete("code"), r.delete("state"), n.search = r.toString(), window.history.replaceState({}, document.title, n.toString()), I("Rewrote url to remove code and state");
+				r.delete("code"), r.delete("state"), n.search = r.toString(), window.history.replaceState({}, document.title, n.toString()), L("Rewrote url to remove code and state");
 				try {
 					let n = await e.handleRedirectCallback(t);
-					I(`Login result: ${JSON.stringify(n)}`);
+					L(`Login result: ${JSON.stringify(n)}`);
 					let r = await e.getUser();
 					if (!r) throw Error("No user found");
-					I(`User found ${JSON.stringify(r)}`), $(), Z() && (I("Successfully recovered session via prompt=none redirect"), Q()), Y(!0), I(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(n.appState)}`), R(L.AUTHENTICATED, {
+					L(`User found ${JSON.stringify(r)}`), $(), X(!0), L(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(n.appState)}`), z(R.AUTHENTICATED, {
 						...r,
 						appState: n.appState
 					});
 				} catch (e) {
-					I(`Error handling redirect: ${e.message}`), Z() ? (Q(), X(), I("Silent redirect failed, cleared session hints")) : alert("There was an error logging in"), console.error(e);
+					L(`Error handling redirect: ${e.message}`), Q() ? (Z(), L("Silent redirect callback failed, cleared session hints")) : alert("There was an error logging in"), console.error(e);
 				}
 			}
-			r = !0, R(L.AUTH_INITIALIZED, {});
+			r = !0, z(R.AUTH_INITIALIZED, {});
 		},
 		async isAuthenticated() {
 			if (!r) return !1;
-			if (await s()) return !0;
+			if (await c()) return !0;
 			if (!e) return !1;
 			let t = await e.isAuthenticated();
-			return t && Y(!0), t;
+			return t && X(!0), t;
 		},
 		async getTokenSilently(t = !0, n = !1) {
 			if (!r) return null;
-			let i = await s();
+			let i = await c();
 			if (i) return i;
-			if (!n && At()) {
-				if (I("Silent auth is throttled due to recent failures, skipping request"), t) throw Error("Silent auth throttled");
+			if (!n && Q()) {
+				if (L("Silent auth is throttled due to recent failures, skipping request"), t) throw Error("Silent auth throttled");
 				return null;
 			}
 			try {
-				if (!e) return I("Auth client not initialized"), null;
-				let t = await e.getTokenSilently(), r = Tt(t), i = Date.now() / 1e3;
-				return n && r?.exp && r.exp - i < 3600 + St && (t = await e.getTokenSilently({ cacheMode: "off" })), $(), Y(!0), t;
+				if (!e) return L("Auth client not initialized"), null;
+				let t = await e.getTokenSilently(), r = wt(t), i = Date.now() / 1e3;
+				return n && r?.exp && r.exp - i < 3600 + bt && (t = await e.getTokenSilently({ cacheMode: "off" })), $(), X(!0), t;
 			} catch (n) {
 				let r = n;
-				if (I(`Failed to get token silently: ${r.message}`), Ot(r)) {
-					if (I("Iframe-based auth blocked by browser privacy restrictions"), Et()) return I("Session hint present - attempting prompt=none redirect recovery"), await c(), null;
-					I("No session hint - user is likely anonymous, not attempting redirect");
+				if (L(`Failed to get token silently: ${r.message}`), Ot(r) && !o) {
+					if (L("Silent auth returned authoritative no-session - treating user as anonymous"), Z(), At(), t) throw n;
+					return null;
 				}
-				if (jt(), await e.isAuthenticated() && (r.message === "Invalid refresh token" || r.message.includes("Missing Refresh Token")) && await d.logout(), t) throw n;
+				if ((Dt(r) || Ot(r) && o) && Tt()) return L("Recoverable silent-auth failure with session hint - attempting prompt=none redirect"), At(), await l(), null;
+				if (At(), await e.isAuthenticated() && (r.message === "Invalid refresh token" || r.message.includes("Missing Refresh Token")) && await f.logout(), t) throw n;
 				return null;
 			}
 		},
 		async getUser() {
-			return r ? await s() ? {
+			return r ? await c() ? {
 				sub: "local",
 				name: "Local User"
 			} : e ? await e.getUser() : null : null;
 		},
 		async login(e) {
-			return l() && (vt() || yt() || ht()) ? (I("Using popup login for cross-domain auth on Safari/Android/Incognito"), d.loginWithPopup(e)) : (I("Using redirect login"), d.loginWithRedirect(e));
+			return u() && (gt() || _t() || mt()) ? (L("Using popup login for cross-domain auth on Safari/Android/Incognito"), f.loginWithPopup(e)) : (L("Using redirect login"), f.loginWithRedirect(e));
 		},
 		async loginWithRedirect(t) {
-			let n = u(t);
+			let n = d(t);
 			if (n) return e.loginWithRedirect(n);
 		},
 		async loginWithPopup(t) {
-			let n = u(t);
+			let n = d(t);
 			if (!n) return;
-			await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(), Y(!0);
+			await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(), X(!0);
 			let r = await e.getUser();
 			if (!r) throw Error("No user found after popup login");
-			let i = new CustomEvent(L.AUTHENTICATED, {
+			let i = new CustomEvent(R.AUTHENTICATED, {
 				detail: {
 					...r,
 					appState: t?.appState
@@ -2445,7 +2421,7 @@ function Pt() {
 			window.dispatchEvent(i) && window.location.reload();
 		},
 		async logout(t = {}) {
-			if (r && (localStorage.removeItem(G), localStorage.removeItem(K), X(), Q(), $(), R(L.LOGOUT, {}), e)) return I(`Logout with options: ${JSON.stringify(t)}`), e.logout({
+			if (r && (localStorage.removeItem(q), localStorage.removeItem(J), Z(), $(), z(R.LOGOUT, {}), e)) return L(`Logout with options: ${JSON.stringify(t)}`), e.logout({
 				...t,
 				logoutParams: {
 					returnTo: window.location.href,
@@ -2454,7 +2430,7 @@ function Pt() {
 			});
 		}
 	};
-	return d;
+	return f;
 }
 //#endregion
-export { G as ACCESS_TOKEN_KEY, K as REFRESH_TOKEN_KEY, bt as SESSION_HINT_COOKIE, q as SILENT_AUTH_THROTTLE_KEY, J as SILENT_REDIRECT_STATE_KEY, Pt as createAuth0Plugin };
+export { q as ACCESS_TOKEN_KEY, J as REFRESH_TOKEN_KEY, vt as SESSION_HINT_COOKIE, Y as SILENT_AUTH_THROTTLE_KEY, Nt as createAuth0Plugin };