@sesamy/sesamy-js 1.123.2 → 1.125.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -356,26 +356,26 @@ var a = n(r((function(e, n) {
356
356
  constructor(t, n, r) {
357
357
  super(t, n), this.mfa_token = r, Object.setPrototypeOf(this, e.prototype);
358
358
  }
359
- }, te = class e extends l {
359
+ }, g = class e extends l {
360
360
  constructor(t, n) {
361
- super("missing_refresh_token", `Missing Refresh Token (audience: '${_(t, ["default"])}', scope: '${_(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
361
+ super("missing_refresh_token", `Missing Refresh Token (audience: '${v(t, ["default"])}', scope: '${v(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
362
362
  }
363
- }, g = class e extends l {
363
+ }, _ = class e extends l {
364
364
  constructor(t, n) {
365
- super("missing_scopes", `Missing requested scopes after refresh (audience: '${_(t, ["default"])}', missing scope: '${_(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
365
+ super("missing_scopes", `Missing requested scopes after refresh (audience: '${v(t, ["default"])}', missing scope: '${v(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
366
366
  }
367
- }, ne = class e extends l {
367
+ }, te = class e extends l {
368
368
  constructor(t) {
369
369
  super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = t, Object.setPrototypeOf(this, e.prototype);
370
370
  }
371
371
  };
372
- function _(e, t = []) {
372
+ function v(e, t = []) {
373
373
  return e && !t.includes(e) ? e : "";
374
374
  }
375
- var v = () => window.crypto, y = () => {
375
+ var y = () => window.crypto, b = () => {
376
376
  let e = "";
377
- return Array.from(v().getRandomValues(new Uint8Array(43))).forEach(((t) => e += "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~."[t % 66])), e;
378
- }, b = (e) => btoa(e), re = [
377
+ return Array.from(y().getRandomValues(new Uint8Array(43))).forEach(((t) => e += "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~."[t % 66])), e;
378
+ }, x = (e) => btoa(e), ne = [
379
379
  {
380
380
  key: "name",
381
381
  type: ["string"]
@@ -388,13 +388,13 @@ var v = () => window.crypto, y = () => {
388
388
  key: "env",
389
389
  type: ["object"]
390
390
  }
391
- ], ie = (e) => Object.keys(e).reduce(((t, n) => {
392
- let r = re.find(((e) => e.key === n));
391
+ ], re = (e) => Object.keys(e).reduce(((t, n) => {
392
+ let r = ne.find(((e) => e.key === n));
393
393
  return r && r.type.includes(typeof e[n]) && (t[n] = e[n]), t;
394
- }), {}), x = (t) => {
394
+ }), {}), S = (t) => {
395
395
  var { clientId: n } = t, r = e(t, ["clientId"]);
396
396
  return new URLSearchParams(((e) => Object.keys(e).filter(((t) => e[t] !== void 0)).reduce(((t, n) => Object.assign(Object.assign({}, t), { [n]: e[n] })), {}))(Object.assign({ client_id: n }, r))).toString();
397
- }, ae = async (e) => await v().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(e)), oe = (e) => ((e) => decodeURIComponent(atob(e).split("").map(((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2))).join("")))(e.replace(/_/g, "/").replace(/-/g, "+")), se = (e) => {
397
+ }, ie = async (e) => await y().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(e)), ae = (e) => ((e) => decodeURIComponent(atob(e).split("").map(((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2))).join("")))(e.replace(/_/g, "/").replace(/-/g, "+")), oe = (e) => {
398
398
  let t = new Uint8Array(e);
399
399
  return ((e) => {
400
400
  let t = {
@@ -404,109 +404,109 @@ var v = () => window.crypto, y = () => {
404
404
  };
405
405
  return e.replace(/[+/=]/g, ((e) => t[e]));
406
406
  })(window.btoa(String.fromCharCode(...Array.from(t))));
407
- }, ce = new TextEncoder(), le = new TextDecoder();
408
- function S(e) {
409
- return typeof e == "string" ? ce.encode(e) : le.decode(e);
407
+ }, se = new TextEncoder(), ce = new TextDecoder();
408
+ function C(e) {
409
+ return typeof e == "string" ? se.encode(e) : ce.decode(e);
410
410
  }
411
- function ue(e) {
412
- if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new fe(`${e.name} modulusLength must be at least 2048 bits`);
411
+ function le(e) {
412
+ if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new de(`${e.name} modulusLength must be at least 2048 bits`);
413
413
  }
414
- async function de(e, t, n) {
414
+ async function ue(e, t, n) {
415
415
  if (!1 === n.usages.includes("sign")) throw TypeError("private CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"");
416
- let r = `${w(S(JSON.stringify(e)))}.${w(S(JSON.stringify(t)))}`;
417
- return `${r}.${w(await crypto.subtle.sign(function(e) {
416
+ let r = `${T(C(JSON.stringify(e)))}.${T(C(JSON.stringify(t)))}`;
417
+ return `${r}.${T(await crypto.subtle.sign(function(e) {
418
418
  switch (e.algorithm.name) {
419
419
  case "ECDSA": return {
420
420
  name: e.algorithm.name,
421
421
  hash: "SHA-256"
422
422
  };
423
- case "RSA-PSS": return ue(e.algorithm), {
423
+ case "RSA-PSS": return le(e.algorithm), {
424
424
  name: e.algorithm.name,
425
425
  saltLength: 32
426
426
  };
427
- case "RSASSA-PKCS1-v1_5": return ue(e.algorithm), { name: e.algorithm.name };
427
+ case "RSASSA-PKCS1-v1_5": return le(e.algorithm), { name: e.algorithm.name };
428
428
  case "Ed25519": return { name: e.algorithm.name };
429
429
  }
430
- throw new T();
431
- }(n), n, S(r)))}`;
430
+ throw new E();
431
+ }(n), n, C(r)))}`;
432
432
  }
433
- var C;
434
- if (Uint8Array.prototype.toBase64) C = (e) => (e instanceof ArrayBuffer && (e = new Uint8Array(e)), e.toBase64({
433
+ var w;
434
+ if (Uint8Array.prototype.toBase64) w = (e) => (e instanceof ArrayBuffer && (e = new Uint8Array(e)), e.toBase64({
435
435
  alphabet: "base64url",
436
436
  omitPadding: !0
437
437
  }));
438
438
  else {
439
439
  let e = 32768;
440
- C = (t) => {
440
+ w = (t) => {
441
441
  t instanceof ArrayBuffer && (t = new Uint8Array(t));
442
442
  let n = [];
443
443
  for (let r = 0; r < t.byteLength; r += e) n.push(String.fromCharCode.apply(null, t.subarray(r, r + e)));
444
444
  return btoa(n.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
445
445
  };
446
446
  }
447
- function w(e) {
448
- return C(e);
447
+ function T(e) {
448
+ return w(e);
449
449
  }
450
- var T = class extends Error {
450
+ var E = class extends Error {
451
451
  constructor(e) {
452
452
  var t;
453
453
  super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
454
454
  }
455
- }, fe = class extends Error {
455
+ }, de = class extends Error {
456
456
  constructor(e) {
457
457
  var t;
458
458
  super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
459
459
  }
460
460
  };
461
- function pe(e) {
461
+ function fe(e) {
462
462
  switch (e.algorithm.name) {
463
463
  case "RSA-PSS": return function(e) {
464
464
  if (e.algorithm.hash.name === "SHA-256") return "PS256";
465
- throw new T("unsupported RsaHashedKeyAlgorithm hash name");
465
+ throw new E("unsupported RsaHashedKeyAlgorithm hash name");
466
466
  }(e);
467
467
  case "RSASSA-PKCS1-v1_5": return function(e) {
468
468
  if (e.algorithm.hash.name === "SHA-256") return "RS256";
469
- throw new T("unsupported RsaHashedKeyAlgorithm hash name");
469
+ throw new E("unsupported RsaHashedKeyAlgorithm hash name");
470
470
  }(e);
471
471
  case "ECDSA": return function(e) {
472
472
  if (e.algorithm.namedCurve === "P-256") return "ES256";
473
- throw new T("unsupported EcKeyAlgorithm namedCurve");
473
+ throw new E("unsupported EcKeyAlgorithm namedCurve");
474
474
  }(e);
475
475
  case "Ed25519": return "Ed25519";
476
- default: throw new T("unsupported CryptoKey algorithm name");
476
+ default: throw new E("unsupported CryptoKey algorithm name");
477
477
  }
478
478
  }
479
- function me(e) {
479
+ function pe(e) {
480
480
  return e instanceof CryptoKey;
481
481
  }
482
- function he(e) {
483
- return me(e) && e.type === "public";
482
+ function me(e) {
483
+ return pe(e) && e.type === "public";
484
484
  }
485
- async function ge(e, t, n, r, i, a) {
485
+ async function he(e, t, n, r, i, a) {
486
486
  let o = e?.privateKey, s = e?.publicKey;
487
- if (!me(c = o) || c.type !== "private") throw TypeError("\"keypair.privateKey\" must be a private CryptoKey");
487
+ if (!pe(c = o) || c.type !== "private") throw TypeError("\"keypair.privateKey\" must be a private CryptoKey");
488
488
  var c;
489
- if (!he(s)) throw TypeError("\"keypair.publicKey\" must be a public CryptoKey");
489
+ if (!me(s)) throw TypeError("\"keypair.publicKey\" must be a public CryptoKey");
490
490
  if (!0 !== s.extractable) throw TypeError("\"keypair.publicKey.extractable\" must be true");
491
491
  if (typeof t != "string") throw TypeError("\"htu\" must be a string");
492
492
  if (typeof n != "string") throw TypeError("\"htm\" must be a string");
493
493
  if (r !== void 0 && typeof r != "string") throw TypeError("\"nonce\" must be a string or undefined");
494
494
  if (i !== void 0 && typeof i != "string") throw TypeError("\"accessToken\" must be a string or undefined");
495
495
  if (a !== void 0 && (typeof a != "object" || !a || Array.isArray(a))) throw TypeError("\"additional\" must be an object");
496
- return de({
497
- alg: pe(o),
496
+ return ue({
497
+ alg: fe(o),
498
498
  typ: "dpop+jwt",
499
- jwk: await _e(s)
499
+ jwk: await ge(s)
500
500
  }, Object.assign(Object.assign({}, a), {
501
501
  iat: Math.floor(Date.now() / 1e3),
502
502
  jti: crypto.randomUUID(),
503
503
  htm: n,
504
504
  nonce: r,
505
505
  htu: t,
506
- ath: i ? w(await crypto.subtle.digest("SHA-256", S(i))) : void 0
506
+ ath: i ? T(await crypto.subtle.digest("SHA-256", C(i))) : void 0
507
507
  }), o);
508
508
  }
509
- async function _e(e) {
509
+ async function ge(e) {
510
510
  let { kty: t, e: n, n: r, x: i, y: a, crv: o } = await crypto.subtle.exportKey("jwk", e);
511
511
  return {
512
512
  kty: t,
@@ -517,12 +517,12 @@ async function _e(e) {
517
517
  y: a
518
518
  };
519
519
  }
520
- var ve = [
520
+ var _e = [
521
521
  "authorization_code",
522
522
  "refresh_token",
523
523
  "urn:ietf:params:oauth:grant-type:token-exchange"
524
524
  ];
525
- function ye() {
525
+ function ve() {
526
526
  return async function(e, t) {
527
527
  var n;
528
528
  let r;
@@ -561,16 +561,16 @@ function ye() {
561
561
  case "Ed25519":
562
562
  r = { name: "Ed25519" };
563
563
  break;
564
- default: throw new T();
564
+ default: throw new E();
565
565
  }
566
566
  return crypto.subtle.generateKey(r, (n = t?.extractable) != null && n, ["sign", "verify"]);
567
567
  }("ES256", { extractable: !1 });
568
568
  }
569
- function be(e) {
569
+ function ye(e) {
570
570
  return async function(e) {
571
- if (!he(e)) throw TypeError("\"publicKey\" must be a public CryptoKey");
571
+ if (!me(e)) throw TypeError("\"publicKey\" must be a public CryptoKey");
572
572
  if (!0 !== e.extractable) throw TypeError("\"publicKey.extractable\" must be true");
573
- let t = await _e(e), n;
573
+ let t = await ge(e), n;
574
574
  switch (t.kty) {
575
575
  case "EC":
576
576
  n = {
@@ -594,18 +594,18 @@ function be(e) {
594
594
  n: t.n
595
595
  };
596
596
  break;
597
- default: throw new T("unsupported JWK kty");
597
+ default: throw new E("unsupported JWK kty");
598
598
  }
599
- return w(await crypto.subtle.digest({ name: "SHA-256" }, S(JSON.stringify(n))));
599
+ return T(await crypto.subtle.digest({ name: "SHA-256" }, C(JSON.stringify(n))));
600
600
  }(e.publicKey);
601
601
  }
602
- function xe({ keyPair: e, url: t, method: n, nonce: r, accessToken: i }) {
603
- return ge(e, function(e) {
602
+ function be({ keyPair: e, url: t, method: n, nonce: r, accessToken: i }) {
603
+ return he(e, function(e) {
604
604
  let t = new URL(e);
605
605
  return t.search = "", t.hash = "", t.href;
606
606
  }(t), n, r, i);
607
607
  }
608
- var Se = async (e, t) => {
608
+ var xe = async (e, t) => {
609
609
  let n = await fetch(e, t);
610
610
  return {
611
611
  ok: n.ok,
@@ -613,16 +613,16 @@ var Se = async (e, t) => {
613
613
  headers: (r = n.headers, [...r].reduce(((e, [t, n]) => (e[t] = n, e)), {}))
614
614
  };
615
615
  var r;
616
- }, Ce = async (e, t, n) => {
616
+ }, Se = async (e, t, n) => {
617
617
  let r = new AbortController(), i;
618
- return t.signal = r.signal, Promise.race([Se(e, t), new Promise(((e, t) => {
618
+ return t.signal = r.signal, Promise.race([xe(e, t), new Promise(((e, t) => {
619
619
  i = setTimeout((() => {
620
620
  r.abort(), t(/* @__PURE__ */ Error("Timeout when executing 'fetch'"));
621
621
  }), n);
622
622
  }))]).finally((() => {
623
623
  clearTimeout(i);
624
624
  }));
625
- }, we = async (e, t, n, r, i, a, o, s) => {
625
+ }, Ce = async (e, t, n, r, i, a, o, s) => {
626
626
  return c = {
627
627
  auth: {
628
628
  audience: t,
@@ -640,8 +640,8 @@ var Se = async (e, t) => {
640
640
  }, l.postMessage(c, [n.port2]);
641
641
  }));
642
642
  var c, l;
643
- }, Te = async (e, t, n, r, i, a, o = 1e4, s) => i ? we(e, t, n, r, o, i, a, s) : Ce(e, r, o);
644
- async function Ee(t, n, r, i, a, o, s, c, u, d) {
643
+ }, we = async (e, t, n, r, i, a, o = 1e4, s) => i ? Ce(e, t, n, r, o, i, a, s) : Se(e, r, o);
644
+ async function Te(t, n, r, i, a, o, s, c, u, d) {
645
645
  if (u) {
646
646
  let e = await u.generateProof({
647
647
  url: t,
@@ -652,26 +652,26 @@ async function Ee(t, n, r, i, a, o, s, c, u, d) {
652
652
  }
653
653
  let f, p = null;
654
654
  for (let e = 0; e < 3; e++) try {
655
- f = await Te(t, r, i, a, o, s, n, c), p = null;
655
+ f = await we(t, r, i, a, o, s, n, c), p = null;
656
656
  break;
657
657
  } catch (e) {
658
658
  p = e;
659
659
  }
660
660
  if (p) throw p;
661
- let m = f.json, { error: h, error_description: g } = m, _ = e(m, ["error", "error_description"]), { headers: v, ok: y } = f, b;
662
- if (u && (b = v["dpop-nonce"], b && await u.setNonce(b)), !y) {
663
- let e = g || `HTTP error. Unable to fetch ${t}`;
664
- if (h === "mfa_required") throw new ee(h, e, _.mfa_token);
665
- if (h === "missing_refresh_token") throw new te(r, i);
661
+ let m = f.json, { error: h, error_description: _ } = m, v = e(m, ["error", "error_description"]), { headers: y, ok: b } = f, x;
662
+ if (u && (x = y["dpop-nonce"], x && await u.setNonce(x)), !b) {
663
+ let e = _ || `HTTP error. Unable to fetch ${t}`;
664
+ if (h === "mfa_required") throw new ee(h, e, v.mfa_token);
665
+ if (h === "missing_refresh_token") throw new g(r, i);
666
666
  if (h === "use_dpop_nonce") {
667
- if (!u || !b || d) throw new ne(b);
668
- return Ee(t, n, r, i, a, o, s, c, u, !0);
667
+ if (!u || !x || d) throw new te(x);
668
+ return Te(t, n, r, i, a, o, s, c, u, !0);
669
669
  }
670
670
  throw new l(h || "request_error", e);
671
671
  }
672
- return _;
672
+ return v;
673
673
  }
674
- async function De(t, n) {
674
+ async function Ee(t, n) {
675
675
  var { baseUrl: r, timeout: i, audience: a, scope: o, auth0Client: c, useFormData: l, useMrrt: u, dpop: d } = t, f = e(t, [
676
676
  "baseUrl",
677
677
  "timeout",
@@ -685,24 +685,24 @@ async function De(t, n) {
685
685
  let p = f.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", m = f.grant_type === "refresh_token" && u, h = Object.assign(Object.assign(Object.assign(Object.assign({}, f), p && a && { audience: a }), p && o && { scope: o }), m && {
686
686
  audience: a,
687
687
  scope: o
688
- }), ee = l ? x(h) : JSON.stringify(h), te = (g = f.grant_type, ve.includes(g));
689
- var g;
690
- return await Ee(`${r}/oauth/token`, i, a || "default", o, {
688
+ }), ee = l ? S(h) : JSON.stringify(h), g = (_ = f.grant_type, _e.includes(_));
689
+ var _;
690
+ return await Te(`${r}/oauth/token`, i, a || "default", o, {
691
691
  method: "POST",
692
692
  body: ee,
693
693
  headers: {
694
694
  "Content-Type": l ? "application/x-www-form-urlencoded" : "application/json",
695
- "Auth0-Client": btoa(JSON.stringify(ie(c || s)))
695
+ "Auth0-Client": btoa(JSON.stringify(re(c || s)))
696
696
  }
697
- }, n, l, u, te ? d : void 0);
697
+ }, n, l, u, g ? d : void 0);
698
698
  }
699
- var E = (...e) => {
699
+ var D = (...e) => {
700
700
  return (t = e.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(t))).join(" ");
701
701
  var t;
702
- }, D = (e, t, n) => {
702
+ }, O = (e, t, n) => {
703
703
  let r;
704
- return n && (r = e[n]), r ||= e.default, E(r, t);
705
- }, O = class e {
704
+ return n && (r = e[n]), r ||= e.default, D(r, t);
705
+ }, k = class e {
706
706
  constructor(e, t = "@@auth0spajs@@", n) {
707
707
  this.prefix = t, this.suffix = n, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
708
708
  }
@@ -731,7 +731,7 @@ var E = (...e) => {
731
731
  clientId: i
732
732
  });
733
733
  }
734
- }, Oe = class {
734
+ }, De = class {
735
735
  set(e, t) {
736
736
  localStorage.setItem(e, JSON.stringify(t));
737
737
  }
@@ -749,7 +749,7 @@ var E = (...e) => {
749
749
  allKeys() {
750
750
  return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
751
751
  }
752
- }, ke = class {
752
+ }, Oe = class {
753
753
  constructor() {
754
754
  this.enclosedCache = function() {
755
755
  let e = {};
@@ -768,7 +768,7 @@ var E = (...e) => {
768
768
  };
769
769
  }();
770
770
  }
771
- }, Ae = class {
771
+ }, ke = class {
772
772
  constructor(e, t, n) {
773
773
  this.cache = e, this.keyManifest = t, this.nowProvider = n || c;
774
774
  }
@@ -817,7 +817,7 @@ var E = (...e) => {
817
817
  };
818
818
  }
819
819
  async set(e) {
820
- let t = new O({
820
+ let t = new k({
821
821
  clientId: e.client_id,
822
822
  scope: e.scope,
823
823
  audience: e.audience
@@ -825,7 +825,7 @@ var E = (...e) => {
825
825
  await this.cache.set(t.toKey(), n), await this.keyManifest?.add(t.toKey());
826
826
  }
827
827
  async remove(e, t, n) {
828
- let r = new O({
828
+ let r = new k({
829
829
  clientId: e,
830
830
  scope: n,
831
831
  audience: t
@@ -849,17 +849,17 @@ var E = (...e) => {
849
849
  return this.keyManifest ? (await this.keyManifest.get())?.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
850
850
  }
851
851
  getIdTokenCacheKey(e) {
852
- return new O({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
852
+ return new k({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
853
853
  }
854
854
  matchExistingCacheKey(e, t) {
855
855
  return t.filter(((t) => {
856
- let n = O.fromKey(t), r = new Set(n.scope && n.scope.split(" ")), i = e.scope?.split(" ") || [], a = n.scope && i.reduce(((e, t) => e && r.has(t)), !0);
856
+ let n = k.fromKey(t), r = new Set(n.scope && n.scope.split(" ")), i = e.scope?.split(" ") || [], a = n.scope && i.reduce(((e, t) => e && r.has(t)), !0);
857
857
  return n.prefix === "@@auth0spajs@@" && n.clientId === e.clientId && n.audience === e.audience && a;
858
858
  }))[0];
859
859
  }
860
860
  async getEntryWithRefreshToken(e, t) {
861
861
  for (let n of t) {
862
- let t = O.fromKey(n);
862
+ let t = k.fromKey(n);
863
863
  if (t.prefix === "@@auth0spajs@@" && t.clientId === e.clientId) {
864
864
  let t = await this.cache.get(n);
865
865
  if (t?.body?.refresh_token) return this.modifiedCachedEntry(t, e);
@@ -876,7 +876,7 @@ var E = (...e) => {
876
876
  }
877
877
  }
878
878
  }
879
- }, je = class {
879
+ }, Ae = class {
880
880
  constructor(e, t, n) {
881
881
  this.storage = e, this.clientId = t, this.cookieDomain = n, this.storageKey = `a0.spajs.txs.${this.clientId}`;
882
882
  }
@@ -892,21 +892,21 @@ var E = (...e) => {
892
892
  remove() {
893
893
  this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
894
894
  }
895
- }, k = (e) => typeof e == "number", Me = /* @__PURE__ */ "iss.aud.exp.nbf.iat.jti.azp.nonce.auth_time.at_hash.c_hash.acr.amr.sub_jwk.cnf.sip_from_tag.sip_date.sip_callid.sip_cseq_num.sip_via_branch.orig.dest.mky.events.toe.txn.rph.sid.vot.vtm".split("."), Ne = (e) => {
895
+ }, A = (e) => typeof e == "number", je = /* @__PURE__ */ "iss.aud.exp.nbf.iat.jti.azp.nonce.auth_time.at_hash.c_hash.acr.amr.sub_jwk.cnf.sip_from_tag.sip_date.sip_callid.sip_cseq_num.sip_via_branch.orig.dest.mky.events.toe.txn.rph.sid.vot.vtm".split("."), Me = (e) => {
896
896
  if (!e.id_token) throw Error("ID token is required but missing");
897
897
  let t = ((e) => {
898
898
  let t = e.split("."), [n, r, i] = t;
899
899
  if (t.length !== 3 || !n || !r || !i) throw Error("ID token could not be decoded");
900
- let a = JSON.parse(oe(r)), o = { __raw: e }, s = {};
900
+ let a = JSON.parse(ae(r)), o = { __raw: e }, s = {};
901
901
  return Object.keys(a).forEach(((e) => {
902
- o[e] = a[e], Me.includes(e) || (s[e] = a[e]);
902
+ o[e] = a[e], je.includes(e) || (s[e] = a[e]);
903
903
  })), {
904
904
  encoded: {
905
905
  header: n,
906
906
  payload: r,
907
907
  signature: i
908
908
  },
909
- header: JSON.parse(oe(n)),
909
+ header: JSON.parse(ae(n)),
910
910
  claims: o,
911
911
  user: s
912
912
  };
@@ -927,16 +927,16 @@ var E = (...e) => {
927
927
  if (!t.claims.nonce) throw Error("Nonce (nonce) claim must be a string present in the ID token");
928
928
  if (t.claims.nonce !== e.nonce) throw Error(`Nonce (nonce) claim mismatch in the ID token; expected "${e.nonce}", found "${t.claims.nonce}"`);
929
929
  }
930
- if (e.max_age && !k(t.claims.auth_time)) throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
931
- if (t.claims.exp == null || !k(t.claims.exp)) throw Error("Expiration Time (exp) claim must be a number present in the ID token");
932
- if (!k(t.claims.iat)) throw Error("Issued At (iat) claim must be a number present in the ID token");
930
+ if (e.max_age && !A(t.claims.auth_time)) throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
931
+ if (t.claims.exp == null || !A(t.claims.exp)) throw Error("Expiration Time (exp) claim must be a number present in the ID token");
932
+ if (!A(t.claims.iat)) throw Error("Issued At (iat) claim must be a number present in the ID token");
933
933
  let n = e.leeway || 60, r = new Date(e.now || Date.now()), i = /* @__PURE__ */ new Date(0);
934
934
  if (i.setUTCSeconds(t.claims.exp + n), r > i) throw Error(`Expiration Time (exp) claim error in the ID token; current time (${r}) is after expiration time (${i})`);
935
- if (t.claims.nbf != null && k(t.claims.nbf)) {
935
+ if (t.claims.nbf != null && A(t.claims.nbf)) {
936
936
  let e = /* @__PURE__ */ new Date(0);
937
937
  if (e.setUTCSeconds(t.claims.nbf - n), r < e) throw Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${r}) is before ${e}`);
938
938
  }
939
- if (t.claims.auth_time != null && k(t.claims.auth_time)) {
939
+ if (t.claims.auth_time != null && A(t.claims.auth_time)) {
940
940
  let i = /* @__PURE__ */ new Date(0);
941
941
  if (i.setUTCSeconds(parseInt(t.claims.auth_time) + e.max_age + n), r > i) throw Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${r}) is after last auth at ${i}`);
942
942
  }
@@ -953,7 +953,7 @@ var E = (...e) => {
953
953
  }
954
954
  }
955
955
  return t;
956
- }, A = r((function(e, n) {
956
+ }, j = r((function(e, n) {
957
957
  var r = t && t.__assign || function() {
958
958
  return r = Object.assign || function(e) {
959
959
  for (var t, n = 1, r = arguments.length; n < r; n++) for (var i in t = arguments[n]) Object.prototype.hasOwnProperty.call(t, i) && (e[i] = t[i]);
@@ -996,10 +996,10 @@ var E = (...e) => {
996
996
  c(e, "", r(r({}, t), { expires: -1 }));
997
997
  };
998
998
  }));
999
- n(A), A.encode, A.parse, A.getAll;
1000
- var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
999
+ n(j), j.encode, j.parse, j.getAll;
1000
+ var Ne = j.get, Pe = j.set, Fe = j.remove, M = {
1001
1001
  get(e) {
1002
- let t = Pe(e);
1002
+ let t = Ne(e);
1003
1003
  if (t !== void 0) return JSON.parse(t);
1004
1004
  },
1005
1005
  save(e, t, n) {
@@ -1007,25 +1007,25 @@ var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
1007
1007
  window.location.protocol === "https:" && (r = {
1008
1008
  secure: !0,
1009
1009
  sameSite: "none"
1010
- }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Fe(e, JSON.stringify(t), r);
1010
+ }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Pe(e, JSON.stringify(t), r);
1011
1011
  },
1012
1012
  remove(e, t) {
1013
1013
  let n = {};
1014
- t != null && t.cookieDomain && (n.domain = t.cookieDomain), Ie(e, n);
1014
+ t != null && t.cookieDomain && (n.domain = t.cookieDomain), Fe(e, n);
1015
1015
  }
1016
- }, Le = {
1016
+ }, Ie = {
1017
1017
  get(e) {
1018
- return j.get(e) || j.get(`_legacy_${e}`);
1018
+ return M.get(e) || M.get(`_legacy_${e}`);
1019
1019
  },
1020
1020
  save(e, t, n) {
1021
1021
  let r = {};
1022
- window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Fe(`_legacy_${e}`, JSON.stringify(t), r), j.save(e, t, n);
1022
+ window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Pe(`_legacy_${e}`, JSON.stringify(t), r), M.save(e, t, n);
1023
1023
  },
1024
1024
  remove(e, t) {
1025
1025
  let n = {};
1026
- t != null && t.cookieDomain && (n.domain = t.cookieDomain), Ie(e, n), j.remove(e, t), j.remove(`_legacy_${e}`, t);
1026
+ t != null && t.cookieDomain && (n.domain = t.cookieDomain), Fe(e, n), M.remove(e, t), M.remove(`_legacy_${e}`, t);
1027
1027
  }
1028
- }, Re = {
1028
+ }, Le = {
1029
1029
  get(e) {
1030
1030
  if (typeof sessionStorage > "u") return;
1031
1031
  let t = sessionStorage.getItem(e);
@@ -1037,11 +1037,11 @@ var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
1037
1037
  remove(e) {
1038
1038
  sessionStorage.removeItem(e);
1039
1039
  }
1040
- }, M;
1040
+ }, N;
1041
1041
  (function(e) {
1042
1042
  e.Code = "code", e.ConnectCode = "connect_code";
1043
- })(M ||= {});
1044
- function ze(e, t, n) {
1043
+ })(N ||= {});
1044
+ function Re(e, t, n) {
1045
1045
  var r = t === void 0 ? null : t, i = function(e, t) {
1046
1046
  var n = atob(e);
1047
1047
  if (t) {
@@ -1052,12 +1052,12 @@ function ze(e, t, n) {
1052
1052
  }(e, n !== void 0 && n), a = i.indexOf("\n", 10) + 1, o = i.substring(a) + (r ? "//# sourceMappingURL=" + r : ""), s = new Blob([o], { type: "application/javascript" });
1053
1053
  return URL.createObjectURL(s);
1054
1054
  }
1055
- var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", Ve = null, He = !1, function(e) {
1056
- return Ue ||= ze(Be, Ve, He), new Worker(Ue, e);
1057
- }), N = {}, Ge = async (e, t = 3) => {
1055
+ var ze, Be, Ve, He, Ue = (ze = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", Be = null, Ve = !1, function(e) {
1056
+ return He ||= Re(ze, Be, Ve), new Worker(He, e);
1057
+ }), P = {}, We = async (e, t = 3) => {
1058
1058
  for (let n = 0; n < t; n++) if (await e()) return !0;
1059
1059
  return !1;
1060
- }, Ke = class {
1060
+ }, Ge = class {
1061
1061
  constructor(e, t) {
1062
1062
  this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
1063
1063
  }
@@ -1081,19 +1081,19 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
1081
1081
  createManifestKeyFrom(e) {
1082
1082
  return `@@auth0spajs@@::${e}`;
1083
1083
  }
1084
- }, qe = {
1085
- memory: () => new ke().enclosedCache,
1086
- localstorage: () => new Oe()
1087
- }, Je = (e) => qe[e], Ye = (t) => {
1084
+ }, Ke = {
1085
+ memory: () => new Oe().enclosedCache,
1086
+ localstorage: () => new De()
1087
+ }, qe = (e) => Ke[e], Je = (t) => {
1088
1088
  let { openUrl: n, onRedirect: r } = t, i = e(t, ["openUrl", "onRedirect"]);
1089
1089
  return Object.assign(Object.assign({}, i), { openUrl: !1 === n || n ? n : r });
1090
- }, Xe = (e, t) => {
1090
+ }, Ye = (e, t) => {
1091
1091
  let n = t?.split(" ") || [];
1092
1092
  return (e?.split(" ") || []).every(((e) => n.includes(e)));
1093
- }, P = {
1093
+ }, F = {
1094
1094
  NONCE: "nonce",
1095
1095
  KEYPAIR: "keypair"
1096
- }, Ze = class {
1096
+ }, Xe = class {
1097
1097
  constructor(e) {
1098
1098
  this.clientId = e;
1099
1099
  }
@@ -1103,7 +1103,7 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
1103
1103
  createDbHandle() {
1104
1104
  let e = window.indexedDB.open("auth0-spa-js", this.getVersion());
1105
1105
  return new Promise(((t, n) => {
1106
- e.onupgradeneeded = () => Object.values(P).forEach(((t) => e.result.createObjectStore(t))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
1106
+ e.onupgradeneeded = () => Object.values(F).forEach(((t) => e.result.createObjectStore(t))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
1107
1107
  }));
1108
1108
  }
1109
1109
  async getDbHandle() {
@@ -1120,19 +1120,19 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
1120
1120
  return `${this.clientId}::${t}`;
1121
1121
  }
1122
1122
  setNonce(e, t) {
1123
- return this.save(P.NONCE, this.buildKey(t), e);
1123
+ return this.save(F.NONCE, this.buildKey(t), e);
1124
1124
  }
1125
1125
  setKeyPair(e) {
1126
- return this.save(P.KEYPAIR, this.buildKey(), e);
1126
+ return this.save(F.KEYPAIR, this.buildKey(), e);
1127
1127
  }
1128
1128
  async save(e, t, n) {
1129
1129
  await this.executeDbRequest(e, "readwrite", ((e) => e.put(n, t)));
1130
1130
  }
1131
1131
  findNonce(e) {
1132
- return this.find(P.NONCE, this.buildKey(e));
1132
+ return this.find(F.NONCE, this.buildKey(e));
1133
1133
  }
1134
1134
  findKeyPair() {
1135
- return this.find(P.KEYPAIR, this.buildKey());
1135
+ return this.find(F.KEYPAIR, this.buildKey());
1136
1136
  }
1137
1137
  find(e, t) {
1138
1138
  return this.executeDbRequest(e, "readonly", ((e) => e.get(t)));
@@ -1144,14 +1144,14 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
1144
1144
  return this.deleteBy(e, ((e) => typeof e == "string" && e.startsWith(`${t}::`)));
1145
1145
  }
1146
1146
  clearNonces() {
1147
- return this.deleteByClientId(P.NONCE, this.clientId);
1147
+ return this.deleteByClientId(F.NONCE, this.clientId);
1148
1148
  }
1149
1149
  clearKeyPairs() {
1150
- return this.deleteByClientId(P.KEYPAIR, this.clientId);
1150
+ return this.deleteByClientId(F.KEYPAIR, this.clientId);
1151
1151
  }
1152
- }, Qe = class {
1152
+ }, Ze = class {
1153
1153
  constructor(e) {
1154
- this.storage = new Ze(e);
1154
+ this.storage = new Xe(e);
1155
1155
  }
1156
1156
  getNonce(e) {
1157
1157
  return this.storage.findNonce(e);
@@ -1161,23 +1161,23 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
1161
1161
  }
1162
1162
  async getOrGenerateKeyPair() {
1163
1163
  let e = await this.storage.findKeyPair();
1164
- return e || (e = await ye(), await this.storage.setKeyPair(e)), e;
1164
+ return e || (e = await ve(), await this.storage.setKeyPair(e)), e;
1165
1165
  }
1166
1166
  async generateProof(e) {
1167
1167
  let t = await this.getOrGenerateKeyPair();
1168
- return xe(Object.assign({ keyPair: t }, e));
1168
+ return be(Object.assign({ keyPair: t }, e));
1169
1169
  }
1170
1170
  async calculateThumbprint() {
1171
- return be(await this.getOrGenerateKeyPair());
1171
+ return ye(await this.getOrGenerateKeyPair());
1172
1172
  }
1173
1173
  async clear() {
1174
1174
  await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
1175
1175
  }
1176
- }, F;
1176
+ }, I;
1177
1177
  (function(e) {
1178
1178
  e.Bearer = "Bearer", e.DPoP = "DPoP";
1179
- })(F ||= {});
1180
- var $e = class {
1179
+ })(I ||= {});
1180
+ var Qe = class {
1181
1181
  constructor(e, t) {
1182
1182
  this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
1183
1183
  }
@@ -1202,7 +1202,7 @@ var $e = class {
1202
1202
  let n = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), r = e instanceof Request ? new Request(n, e) : n;
1203
1203
  return new Request(r, t);
1204
1204
  }
1205
- setAuthorizationHeader(e, t, n = F.Bearer) {
1205
+ setAuthorizationHeader(e, t, n = I.Bearer) {
1206
1206
  e.headers.set("authorization", `${n} ${t}`);
1207
1207
  }
1208
1208
  async setDpopProofHeader(e, t) {
@@ -1217,7 +1217,7 @@ var $e = class {
1217
1217
  }
1218
1218
  async prepareRequest(e, t) {
1219
1219
  let n = await this.getAccessToken(t), r, i;
1220
- typeof n == "string" ? (r = this.config.dpopNonceId ? F.DPoP : F.Bearer, i = n) : (r = n.token_type, i = n.access_token), this.setAuthorizationHeader(e, i, r), r === F.DPoP && await this.setDpopProofHeader(e, i);
1220
+ typeof n == "string" ? (r = this.config.dpopNonceId ? I.DPoP : I.Bearer, i = n) : (r = n.token_type, i = n.access_token), this.setAuthorizationHeader(e, i, r), r === I.DPoP && await this.setDpopProofHeader(e, i);
1221
1221
  }
1222
1222
  getHeader(e, t) {
1223
1223
  return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
@@ -1230,7 +1230,7 @@ var $e = class {
1230
1230
  async handleResponse(e, t) {
1231
1231
  let n = this.getHeader(e.headers, "dpop-nonce");
1232
1232
  if (n && await this.hooks.setDpopNonce(n), !this.hasUseDpopNonceError(e)) return e;
1233
- if (!n || !t.onUseDpopNonceError) throw new ne(n);
1233
+ if (!n || !t.onUseDpopNonceError) throw new te(n);
1234
1234
  return t.onUseDpopNonceError();
1235
1235
  }
1236
1236
  async internalFetchWithAuth(e, t, n, r) {
@@ -1243,7 +1243,7 @@ var $e = class {
1243
1243
  let r = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, r), { onUseDpopNonceError: void 0 }), n) };
1244
1244
  return this.internalFetchWithAuth(e, t, r, n);
1245
1245
  }
1246
- }, et = class {
1246
+ }, $e = class {
1247
1247
  constructor(e, t) {
1248
1248
  this.myAccountFetcher = e, this.apiBase = t;
1249
1249
  }
@@ -1268,7 +1268,7 @@ var $e = class {
1268
1268
  try {
1269
1269
  t = await e.text(), t = JSON.parse(t);
1270
1270
  } catch (n) {
1271
- throw new tt({
1271
+ throw new et({
1272
1272
  type: "invalid_json",
1273
1273
  status: e.status,
1274
1274
  title: "Invalid JSON response",
@@ -1276,61 +1276,61 @@ var $e = class {
1276
1276
  });
1277
1277
  }
1278
1278
  if (e.ok) return t;
1279
- throw new tt(t);
1279
+ throw new et(t);
1280
1280
  }
1281
- }, tt = class e extends Error {
1281
+ }, et = class e extends Error {
1282
1282
  constructor({ type: t, status: n, title: r, detail: i, validation_errors: a }) {
1283
1283
  super(i), this.name = "MyAccountApiError", this.type = t, this.status = n, this.title = r, this.detail = i, this.validation_errors = a, Object.setPrototypeOf(this, e.prototype);
1284
1284
  }
1285
- }, I = new a(), nt = class {
1285
+ }, L = new a(), tt = class {
1286
1286
  constructor(e) {
1287
1287
  let t, n;
1288
- if (this.userCache = new ke().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = {
1288
+ if (this.userCache = new Oe().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = {
1289
1289
  authorizationParams: { scope: "openid profile email" },
1290
1290
  useRefreshTokensFallback: !1,
1291
1291
  useFormData: !0
1292
1292
  }, this._releaseLockOnPageHide = async () => {
1293
1293
  let e = Array.from(this.activeLockKeys);
1294
- for (let t of e) await I.releaseLock(t);
1294
+ for (let t of e) await L.releaseLock(t);
1295
1295
  this.activeLockKeys.clear(), window.removeEventListener("pagehide", this._releaseLockOnPageHide);
1296
1296
  }, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
1297
- if (!v()) throw Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
1298
- if (v().subtle === void 0) throw Error("\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n ");
1297
+ if (!y()) throw Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
1298
+ if (y().subtle === void 0) throw Error("\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n ");
1299
1299
  })(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) n = e.cache;
1300
1300
  else {
1301
- if (t = e.cacheLocation || "memory", !Je(t)) throw Error(`Invalid cache location "${t}"`);
1302
- n = Je(t)();
1301
+ if (t = e.cacheLocation || "memory", !qe(t)) throw Error(`Invalid cache location "${t}"`);
1302
+ n = qe(t)();
1303
1303
  }
1304
- this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ? j : Le, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((e) => `auth0.${e}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
1305
- let r = e.useCookiesForTransactions ? this.cookieStorage : Re;
1304
+ this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ? M : Ie, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((e) => `auth0.${e}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
1305
+ let r = e.useCookiesForTransactions ? this.cookieStorage : Le;
1306
1306
  var i;
1307
1307
  this.scope = ((e, t, ...n) => {
1308
- if (typeof e != "object") return { default: E(t, e, ...n) };
1309
- let r = { default: E(t, ...n) };
1308
+ if (typeof e != "object") return { default: D(t, e, ...n) };
1309
+ let r = { default: D(t, ...n) };
1310
1310
  return Object.keys(e).forEach(((i) => {
1311
1311
  let a = e[i];
1312
- r[i] = E(t, a, ...n);
1312
+ r[i] = D(t, a, ...n);
1313
1313
  })), r;
1314
- })(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new je(r, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || c, this.cacheManager = new Ae(n, n.allKeys ? void 0 : new Ke(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Qe(this.options.clientId) : void 0, this.domainUrl = (i = this.options.domain, /^https?:\/\//.test(i) ? i : `https://${i}`), this.tokenIssuer = ((e, t) => e ? e.startsWith("https://") ? e : `https://${e}/` : `${t}/`)(this.options.issuer, this.domainUrl);
1314
+ })(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new Ae(r, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || c, this.cacheManager = new ke(n, n.allKeys ? void 0 : new Ge(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Ze(this.options.clientId) : void 0, this.domainUrl = (i = this.options.domain, /^https?:\/\//.test(i) ? i : `https://${i}`), this.tokenIssuer = ((e, t) => e ? e.startsWith("https://") ? e : `https://${e}/` : `${t}/`)(this.options.issuer, this.domainUrl);
1315
1315
  let a = `${this.domainUrl}/me/`;
1316
- this.myAccountApi = new et(this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({
1316
+ this.myAccountApi = new $e(this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({
1317
1317
  authorizationParams: {
1318
1318
  scope: "create:me:connected_accounts",
1319
1319
  audience: a
1320
1320
  },
1321
1321
  detailedResponse: !0
1322
- }) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new We());
1322
+ }) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new Ue());
1323
1323
  }
1324
1324
  _url(e) {
1325
1325
  let t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client || s)));
1326
1326
  return `${this.domainUrl}${e}&auth0Client=${t}`;
1327
1327
  }
1328
1328
  _authorizeUrl(e) {
1329
- return this._url(`/authorize?${x(e)}`);
1329
+ return this._url(`/authorize?${S(e)}`);
1330
1330
  }
1331
1331
  async _verifyIdToken(e, t, n) {
1332
1332
  let r = await this.nowProvider();
1333
- return Ne({
1333
+ return Me({
1334
1334
  iss: this.tokenIssuer,
1335
1335
  aud: this.options.clientId,
1336
1336
  id_token: e,
@@ -1349,8 +1349,8 @@ var $e = class {
1349
1349
  }) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
1350
1350
  }
1351
1351
  async _prepareAuthorizeUrl(e, t, n) {
1352
- let r = b(y()), i = b(y()), a = y(), o = se(await ae(a)), s = await this.dpop?.calculateThumbprint(), c = ((e, t, n, r, i, a, o, s, c) => Object.assign(Object.assign(Object.assign({ client_id: e.clientId }, e.authorizationParams), n), {
1353
- scope: D(t, n.scope, n.audience),
1352
+ let r = x(b()), i = x(b()), a = b(), o = oe(await ie(a)), s = await this.dpop?.calculateThumbprint(), c = ((e, t, n, r, i, a, o, s, c) => Object.assign(Object.assign(Object.assign({ client_id: e.clientId }, e.authorizationParams), n), {
1353
+ scope: O(t, n.scope, n.audience),
1354
1354
  response_type: "code",
1355
1355
  response_mode: s || "query",
1356
1356
  state: r,
@@ -1411,14 +1411,14 @@ var $e = class {
1411
1411
  return (await this._getIdTokenFromCache())?.decodedToken?.claims;
1412
1412
  }
1413
1413
  async loginWithRedirect(t = {}) {
1414
- let n = Ye(t), { openUrl: r, fragment: i, appState: a } = n, o = e(n, [
1414
+ let n = Je(t), { openUrl: r, fragment: i, appState: a } = n, o = e(n, [
1415
1415
  "openUrl",
1416
1416
  "fragment",
1417
1417
  "appState"
1418
1418
  ]), s = o.authorizationParams?.organization || this.options.authorizationParams.organization, c = await this._prepareAuthorizeUrl(o.authorizationParams || {}), { url: l } = c, u = e(c, ["url"]);
1419
1419
  this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, u), {
1420
1420
  appState: a,
1421
- response_type: M.Code
1421
+ response_type: N.Code
1422
1422
  }), s && { organization: s }));
1423
1423
  let d = i ? `${l}#${i}` : l;
1424
1424
  r ? await r(d) : window.location.assign(d);
@@ -1440,7 +1440,7 @@ var $e = class {
1440
1440
  error_description: t.get("error_description") || void 0
1441
1441
  };
1442
1442
  })(t.join(""));
1443
- return n.response_type === M.ConnectCode ? this._handleConnectAccountRedirectCallback(r, n) : this._handleLoginRedirectCallback(r, n);
1443
+ return n.response_type === N.ConnectCode ? this._handleConnectAccountRedirectCallback(r, n) : this._handleLoginRedirectCallback(r, n);
1444
1444
  }
1445
1445
  async _handleLoginRedirectCallback(e, t) {
1446
1446
  let { code: n, state: r, error: i, error_description: a } = e;
@@ -1458,7 +1458,7 @@ var $e = class {
1458
1458
  organization: o
1459
1459
  }), {
1460
1460
  appState: t.appState,
1461
- response_type: M.Code
1461
+ response_type: N.Code
1462
1462
  };
1463
1463
  }
1464
1464
  async _handleConnectAccountRedirectCallback(e, t) {
@@ -1474,7 +1474,7 @@ var $e = class {
1474
1474
  });
1475
1475
  return Object.assign(Object.assign({}, o), {
1476
1476
  appState: t.appState,
1477
- response_type: M.ConnectCode
1477
+ response_type: N.ConnectCode
1478
1478
  });
1479
1479
  }
1480
1480
  async checkSession(e) {
@@ -1490,11 +1490,11 @@ var $e = class {
1490
1490
  } catch {}
1491
1491
  }
1492
1492
  async getTokenSilently(e = {}) {
1493
- let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: D(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) }), n = await ((e, t) => {
1494
- let n = N[t];
1493
+ let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: O(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) }), n = await ((e, t) => {
1494
+ let n = P[t];
1495
1495
  return n || (n = e().finally((() => {
1496
- delete N[t], n = null;
1497
- })), N[t] = n), n;
1496
+ delete P[t], n = null;
1497
+ })), P[t] = n), n;
1498
1498
  })((() => this._getTokenSilently(t)), `${this.options.clientId}::${t.authorizationParams.audience}::${t.authorizationParams.scope}`);
1499
1499
  return e.detailedResponse ? n : n?.access_token;
1500
1500
  }
@@ -1512,7 +1512,7 @@ var $e = class {
1512
1512
  if (n === "cache-only") return;
1513
1513
  let i = (a = this.options.clientId, o = r.authorizationParams.audience || "default", `auth0.lock.getTokenSilently.${a}.${o}`);
1514
1514
  var a, o;
1515
- if (!await Ge((() => I.acquireLock(i, 5e3)), 10)) throw new f();
1515
+ if (!await We((() => L.acquireLock(i, 5e3)), 10)) throw new f();
1516
1516
  this.activeLockKeys.add(i), this.activeLockKeys.size === 1 && window.addEventListener("pagehide", this._releaseLockOnPageHide);
1517
1517
  try {
1518
1518
  if (n !== "off") {
@@ -1530,12 +1530,12 @@ var $e = class {
1530
1530
  access_token: i
1531
1531
  }, a ? { scope: a } : null), { expires_in: o });
1532
1532
  } finally {
1533
- await I.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
1533
+ await L.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
1534
1534
  }
1535
1535
  }
1536
1536
  async getTokenWithPopup(e = {}, t = {}) {
1537
- let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: D(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) });
1538
- return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new O({
1537
+ let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: O(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) });
1538
+ return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new k({
1539
1539
  scope: n.authorizationParams.scope,
1540
1540
  audience: n.authorizationParams.audience || "default",
1541
1541
  clientId: this.options.clientId
@@ -1547,17 +1547,17 @@ var $e = class {
1547
1547
  _buildLogoutUrl(t) {
1548
1548
  t.clientId === null ? delete t.clientId : t.clientId = t.clientId || this.options.clientId;
1549
1549
  let n = t.logoutParams || {}, { federated: r } = n, i = e(n, ["federated"]), a = r ? "&federated" : "";
1550
- return this._url(`/v2/logout?${x(Object.assign({ clientId: t.clientId }, i))}`) + a;
1550
+ return this._url(`/v2/logout?${S(Object.assign({ clientId: t.clientId }, i))}`) + a;
1551
1551
  }
1552
1552
  async logout(t = {}) {
1553
- let n = Ye(t), { openUrl: r } = n, i = e(n, ["openUrl"]);
1553
+ let n = Je(t), { openUrl: r } = n, i = e(n, ["openUrl"]);
1554
1554
  t.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(t.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await this.dpop?.clear();
1555
1555
  let a = this._buildLogoutUrl(i);
1556
1556
  r ? await r(a) : !1 !== r && window.location.assign(a);
1557
1557
  }
1558
1558
  async _getTokenFromIFrame(e) {
1559
1559
  let t = `auth0.lock.getTokenFromIFrame.${this.options.clientId}`;
1560
- if (!await Ge((() => I.acquireLock(t, 5e3)), 10)) throw new f();
1560
+ if (!await We((() => L.acquireLock(t, 5e3)), 10)) throw new f();
1561
1561
  try {
1562
1562
  let t = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), n = this.cookieStorage.get(this.orgHintCookieName);
1563
1563
  n && !t.organization && (t.organization = n);
@@ -1602,18 +1602,18 @@ var $e = class {
1602
1602
  } catch (e) {
1603
1603
  throw e.error === "login_required" && this.logout({ openUrl: !1 }), e;
1604
1604
  } finally {
1605
- await I.releaseLock(t);
1605
+ await L.releaseLock(t);
1606
1606
  }
1607
1607
  }
1608
1608
  async _getTokenUsingRefreshToken(e) {
1609
- let t = await this.cacheManager.get(new O({
1609
+ let t = await this.cacheManager.get(new k({
1610
1610
  scope: e.authorizationParams.scope,
1611
1611
  audience: e.authorizationParams.audience || "default",
1612
1612
  clientId: this.options.clientId
1613
1613
  }), void 0, this.options.useMrrt);
1614
1614
  if (!(t && t.refresh_token || this.worker)) {
1615
1615
  if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
1616
- throw new te(e.authorizationParams.audience || "default", e.authorizationParams.scope);
1616
+ throw new g(e.authorizationParams.audience || "default", e.authorizationParams.scope);
1617
1617
  }
1618
1618
  let n = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, r = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, i = ((e, t, n, r) => {
1619
1619
  if (e && n && r) {
@@ -1629,14 +1629,14 @@ var $e = class {
1629
1629
  refresh_token: t && t.refresh_token,
1630
1630
  redirect_uri: n
1631
1631
  }), r && { timeout: r }), { scopesToRequest: i });
1632
- if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !Xe(c, o)) && !Xe(i, l.scope))) {
1632
+ if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !Ye(c, o)) && !Ye(i, l.scope))) {
1633
1633
  if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
1634
1634
  await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
1635
1635
  let t = ((e, t) => {
1636
1636
  let n = e?.split(" ") || [], r = t?.split(" ") || [];
1637
1637
  return n.filter(((e) => r.indexOf(e) == -1)).join(",");
1638
1638
  })(i, l.scope);
1639
- throw new g(e.authorizationParams.audience || "default", t);
1639
+ throw new _(e.authorizationParams.audience || "default", t);
1640
1640
  }
1641
1641
  return Object.assign(Object.assign({}, l), {
1642
1642
  scope: e.authorizationParams.scope,
@@ -1657,7 +1657,7 @@ var $e = class {
1657
1657
  }), await this.cacheManager.setIdToken(this.options.clientId, t.id_token, t.decodedToken), await this.cacheManager.set(i);
1658
1658
  }
1659
1659
  async _getIdTokenFromCache() {
1660
- let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new O({
1660
+ let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new k({
1661
1661
  clientId: this.options.clientId,
1662
1662
  audience: e,
1663
1663
  scope: t
@@ -1665,7 +1665,7 @@ var $e = class {
1665
1665
  return n && n.id_token === r?.id_token ? r : (this.userCache.set("@@user@@", n), n);
1666
1666
  }
1667
1667
  async _getEntryFromCache({ scope: e, audience: t, clientId: n, cacheMode: r }) {
1668
- let i = await this.cacheManager.get(new O({
1668
+ let i = await this.cacheManager.get(new k({
1669
1669
  scope: e,
1670
1670
  audience: t,
1671
1671
  clientId: n
@@ -1681,7 +1681,7 @@ var $e = class {
1681
1681
  }
1682
1682
  async _requestToken(e, t) {
1683
1683
  var n;
1684
- let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await De(Object.assign(Object.assign({
1684
+ let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await Ee(Object.assign(Object.assign({
1685
1685
  baseUrl: this.domainUrl,
1686
1686
  client_id: this.options.clientId,
1687
1687
  auth0Client: this.options.auth0Client,
@@ -1708,7 +1708,7 @@ var $e = class {
1708
1708
  grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
1709
1709
  subject_token: e.subject_token,
1710
1710
  subject_token_type: e.subject_token_type,
1711
- scope: D(this.scope, e.scope, e.audience || this.options.authorizationParams.audience),
1711
+ scope: O(this.scope, e.scope, e.audience || this.options.authorizationParams.audience),
1712
1712
  audience: e.audience || this.options.authorizationParams.audience,
1713
1713
  organization: e.organization || this.options.authorizationParams.organization
1714
1714
  });
@@ -1726,7 +1726,7 @@ var $e = class {
1726
1726
  return this._assertDpop(this.dpop), this.dpop.generateProof(e);
1727
1727
  }
1728
1728
  createFetcher(e = {}) {
1729
- return new $e(e, {
1729
+ return new Qe(e, {
1730
1730
  isDpopEnabled: () => !!this.options.useDpop,
1731
1731
  getAccessToken: (e) => this.getTokenSilently({
1732
1732
  authorizationParams: {
@@ -1743,7 +1743,7 @@ var $e = class {
1743
1743
  async connectAccountWithRedirect(e) {
1744
1744
  let { openUrl: t, appState: n, connection: r, scopes: i, authorization_params: a, redirectUri: o = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
1745
1745
  if (!r) throw Error("connection is required");
1746
- let s = b(y()), c = y(), l = se(await ae(c)), { connect_uri: u, connect_params: d, auth_session: f } = await this.myAccountApi.connectAccount({
1746
+ let s = x(b()), c = b(), l = oe(await ie(c)), { connect_uri: u, connect_params: d, auth_session: f } = await this.myAccountApi.connectAccount({
1747
1747
  connection: r,
1748
1748
  scopes: i,
1749
1749
  redirect_uri: o,
@@ -1759,20 +1759,20 @@ var $e = class {
1759
1759
  redirect_uri: o,
1760
1760
  appState: n,
1761
1761
  connection: r,
1762
- response_type: M.ConnectCode
1762
+ response_type: N.ConnectCode
1763
1763
  });
1764
1764
  let p = new URL(u);
1765
1765
  p.searchParams.set("ticket", d.ticket), t ? await t(p.toString()) : window.location.assign(p);
1766
1766
  }
1767
1767
  };
1768
- async function rt(e) {
1769
- let t = new nt(e);
1768
+ async function nt(e) {
1769
+ let t = new tt(e);
1770
1770
  return await t.checkSession(), t;
1771
1771
  }
1772
1772
  //#endregion
1773
1773
  //#region src/controllers/debug.ts
1774
- var it = "sesamy-debug";
1775
- function at(e) {
1774
+ var rt = "sesamy-debug";
1775
+ function it(e) {
1776
1776
  if (typeof document > "u") return null;
1777
1777
  let t = e + "=", n = document.cookie.split(";");
1778
1778
  for (let e = 0; e < n.length; e++) {
@@ -1782,62 +1782,62 @@ function at(e) {
1782
1782
  }
1783
1783
  return null;
1784
1784
  }
1785
- function ot() {
1786
- return at(it) === "true";
1785
+ function at() {
1786
+ return it(rt) === "true";
1787
1787
  }
1788
1788
  //#endregion
1789
1789
  //#region src/controllers/logger.ts
1790
- function L(e) {
1791
- ot() && console.log(e);
1790
+ function R(e) {
1791
+ at() && console.log(e);
1792
1792
  }
1793
1793
  //#endregion
1794
1794
  //#region src/types/Events.ts
1795
- var R = /* @__PURE__ */ function(e) {
1795
+ var z = /* @__PURE__ */ function(e) {
1796
1796
  return e.AUTH_INITIALIZED = "sesamyJsAuthInitialized", e.READY = "sesamyJsReady", e.AUTHENTICATED = "sesamyJsAuthenticated", e.LOGOUT = "sesamyJsLogout", e.CLEAR_CACHE = "sesamyJsClearCache", e.USER_ATTRIBUTE_CHANGED = "sesamyUserAttributeChanged", e.PURCHASE = "sesamyJsPurchase", e.CONSENT_CHANGED = "sesamyJsConsentChanged", e;
1797
1797
  }({});
1798
1798
  //#endregion
1799
1799
  //#region src/events/ready.ts
1800
- function st(e, t) {
1800
+ function ot(e, t) {
1801
1801
  let n = new CustomEvent(e, {
1802
1802
  detail: t,
1803
1803
  bubbles: !0,
1804
1804
  composed: !0
1805
1805
  });
1806
- L(`Triggering event: ${e}`), dispatchEvent(n);
1806
+ R(`Triggering event: ${e}`), dispatchEvent(n);
1807
1807
  }
1808
- function z(e, t) {
1809
- typeof window > "u" || (e === R.READY && document.readyState === "loading" ? document.addEventListener("DOMContentLoaded", () => st(e, t), { once: !0 }) : st(e, t));
1808
+ function B(e, t) {
1809
+ typeof window > "u" || (e === z.READY && document.readyState === "loading" ? document.addEventListener("DOMContentLoaded", () => ot(e, t), { once: !0 }) : ot(e, t));
1810
1810
  }
1811
1811
  //#endregion
1812
1812
  //#region src/constants.ts
1813
- var ct = "sesamy.com", lt = "sesamy.dev";
1813
+ var st = "sesamy.com", ct = "sesamy.dev";
1814
1814
  //#endregion
1815
1815
  //#region src/services/config/index.ts
1816
- function ut(e, t) {
1817
- return `${e}.${t === "dev" ? lt : ct}`;
1816
+ function lt(e, t) {
1817
+ return `${e}.${t === "dev" ? ct : st}`;
1818
1818
  }
1819
1819
  //#endregion
1820
1820
  //#region src/utils/language.ts
1821
- function dt() {
1821
+ function ut() {
1822
1822
  let e = (document.documentElement.getAttribute("lang") ?? navigator.language ?? "en").split("-")[0]?.toLowerCase() ?? "en";
1823
1823
  return e === "nn" && (e = "nb"), e;
1824
1824
  }
1825
1825
  //#endregion
1826
1826
  //#region ../../node_modules/.pnpm/detectincognitojs@1.6.2/node_modules/detectincognitojs/dist/detectIncognito.esm.js
1827
- var B = {
1827
+ var V = {
1828
1828
  d: (e, t) => {
1829
- for (var n in t) B.o(t, n) && !B.o(e, n) && Object.defineProperty(e, n, {
1829
+ for (var n in t) V.o(t, n) && !V.o(e, n) && Object.defineProperty(e, n, {
1830
1830
  enumerable: !0,
1831
1831
  get: t[n]
1832
1832
  });
1833
1833
  },
1834
1834
  o: (e, t) => Object.prototype.hasOwnProperty.call(e, t)
1835
- }, V = {};
1836
- B.d(V, {
1837
- A: () => ft,
1838
- k: () => W
1835
+ }, H = {};
1836
+ V.d(H, {
1837
+ A: () => dt,
1838
+ k: () => G
1839
1839
  });
1840
- var H = function(e, t, n, r) {
1840
+ var U = function(e, t, n, r) {
1841
1841
  return new (n ||= Promise)(function(i, a) {
1842
1842
  function o(e) {
1843
1843
  try {
@@ -1861,7 +1861,7 @@ var H = function(e, t, n, r) {
1861
1861
  }
1862
1862
  c((r = r.apply(e, t || [])).next());
1863
1863
  });
1864
- }, U = function(e, t) {
1864
+ }, W = function(e, t) {
1865
1865
  var n, r, i, a, o = {
1866
1866
  label: 0,
1867
1867
  sent: function() {
@@ -1934,9 +1934,9 @@ var H = function(e, t, n, r) {
1934
1934
  };
1935
1935
  }
1936
1936
  };
1937
- function W() {
1938
- return H(this, void 0, Promise, function() {
1939
- return U(this, function(e) {
1937
+ function G() {
1938
+ return U(this, void 0, Promise, function() {
1939
+ return W(this, function(e) {
1940
1940
  switch (e.label) {
1941
1941
  case 0: return [4, new Promise(function(e, t) {
1942
1942
  var n = "Unknown", r = !1;
@@ -1956,9 +1956,9 @@ function W() {
1956
1956
  return e;
1957
1957
  }
1958
1958
  function o() {
1959
- return H(this, void 0, void 0, function() {
1959
+ return U(this, void 0, void 0, function() {
1960
1960
  var e, t;
1961
- return U(this, function(n) {
1961
+ return W(this, function(n) {
1962
1962
  switch (n.label) {
1963
1963
  case 0: return n.trys.push([
1964
1964
  0,
@@ -1974,8 +1974,8 @@ function W() {
1974
1974
  });
1975
1975
  }
1976
1976
  function s() {
1977
- return H(this, void 0, Promise, function() {
1978
- return U(this, function(e) {
1977
+ return U(this, void 0, Promise, function() {
1978
+ return W(this, function(e) {
1979
1979
  switch (e.label) {
1980
1980
  case 0: return typeof navigator.storage?.getDirectory == "function" ? [4, o()] : [3, 2];
1981
1981
  case 1: return e.sent(), [3, 3];
@@ -2038,9 +2038,9 @@ function W() {
2038
2038
  });
2039
2039
  }
2040
2040
  function u() {
2041
- return H(this, void 0, Promise, function() {
2041
+ return U(this, void 0, Promise, function() {
2042
2042
  var e, t, n;
2043
- return U(this, function(r) {
2043
+ return W(this, function(r) {
2044
2044
  switch (r.label) {
2045
2045
  case 0:
2046
2046
  if (typeof navigator.storage?.getDirectory != "function") return [3, 5];
@@ -2065,8 +2065,8 @@ function W() {
2065
2065
  });
2066
2066
  }
2067
2067
  (function() {
2068
- return H(this, void 0, Promise, function() {
2069
- return U(this, function(e) {
2068
+ return U(this, void 0, Promise, function() {
2069
+ return W(this, function(e) {
2070
2070
  switch (e.label) {
2071
2071
  case 0: return a() !== 44 && a() !== 43 ? [3, 2] : (n = "Safari", [4, s()]);
2072
2072
  case 1: return e.sent(), [3, 6];
@@ -2086,15 +2086,15 @@ function W() {
2086
2086
  });
2087
2087
  });
2088
2088
  }
2089
- typeof window < "u" && (window.detectIncognito = W);
2090
- var ft = W;
2091
- V.A, V.k;
2089
+ typeof window < "u" && (window.detectIncognito = G);
2090
+ var dt = G;
2091
+ H.A, H.k;
2092
2092
  //#endregion
2093
2093
  //#region src/services/browser/detect-incognito.ts
2094
- var pt = "sesamy_incognito_mode";
2095
- function mt() {
2094
+ var ft = "sesamy_incognito_mode";
2095
+ function pt() {
2096
2096
  try {
2097
- let e = sessionStorage.getItem(pt);
2097
+ let e = sessionStorage.getItem(ft);
2098
2098
  return e === null ? void 0 : e === "true";
2099
2099
  } catch {
2100
2100
  return;
@@ -2102,7 +2102,7 @@ function mt() {
2102
2102
  }
2103
2103
  //#endregion
2104
2104
  //#region src/utils/browser.ts
2105
- function G() {
2105
+ function mt() {
2106
2106
  return typeof window < "u";
2107
2107
  }
2108
2108
  //#endregion
@@ -2132,55 +2132,69 @@ function _t() {
2132
2132
  return /android/i.test(navigator.userAgent);
2133
2133
  }
2134
2134
  //#endregion
2135
+ //#region src/services/auth/namespace.ts
2136
+ function vt(e) {
2137
+ return e.vendorId || e.clientId || "";
2138
+ }
2139
+ function yt(e) {
2140
+ return e ? `sesamy_is_authenticated_${e}` : "sesamy_is_authenticated";
2141
+ }
2142
+ function bt(e) {
2143
+ if (typeof document > "u") return !1;
2144
+ let t = yt(e);
2145
+ try {
2146
+ return document.cookie.split(";").some((e) => e.trim().startsWith(`${t}=true`));
2147
+ } catch {
2148
+ return !1;
2149
+ }
2150
+ }
2151
+ function q(e, t) {
2152
+ if (typeof document > "u" || typeof window > "u") return;
2153
+ let n = yt(e);
2154
+ try {
2155
+ let e = t ? 720 * 60 * 60 : 0, r = window.location.protocol === "https:" ? "; Secure" : "";
2156
+ document.cookie = `${n}=${t}; path=/; max-age=${e}; SameSite=Lax${r}`;
2157
+ } catch {}
2158
+ }
2159
+ //#endregion
2135
2160
  //#region src/auth0-plugin.ts
2136
- var q = "sesamyAccessToken", J = "sesamyRefreshToken", Y = "sesamySilentAuthThrottle", vt = "sesamy_is_authenticated", yt = 300 * 1e3, bt = 60, xt = [
2161
+ var J = "sesamyAccessToken", Y = "sesamyRefreshToken", X = "sesamySilentAuthThrottle", xt = 300 * 1e3, St = 60, Ct = [
2137
2162
  "login_required",
2138
2163
  "consent_required",
2139
2164
  "interaction_required",
2140
2165
  "access_denied"
2141
- ], St = ["timeout", "Timeout"], Ct = 64;
2142
- function wt(e) {
2166
+ ], wt = ["timeout", "Timeout"], Tt = 64;
2167
+ function Et(e) {
2143
2168
  let t = e.split(".");
2144
2169
  if (t.length !== 3) return null;
2145
2170
  let n = t[1].replace(/-/g, "+").replace(/_/g, "/"), r = decodeURIComponent(atob(n).split("").map((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join(""));
2146
2171
  return JSON.parse(r);
2147
2172
  }
2148
- function Tt() {
2149
- if (!G()) return !1;
2173
+ function Dt(e, t) {
2174
+ if (!mt()) return !1;
2150
2175
  try {
2151
- if (document.cookie.split(";").map((e) => e.trim()).some((e) => e.startsWith("sesamy_is_authenticated=true"))) return !0;
2152
- let e = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
2153
- for (let t of e) try {
2154
- let e = JSON.parse(localStorage.getItem(t) || "{}");
2155
- if (e?.body?.access_token || e?.body?.refresh_token) return !0;
2176
+ if (bt(e)) return !0;
2177
+ let n = t ? `@@auth0spajs@@::${t}::` : "@@auth0spajs@@", r = Object.keys(localStorage).filter((e) => e.startsWith(n));
2178
+ for (let e of r) try {
2179
+ let t = JSON.parse(localStorage.getItem(e) || "{}");
2180
+ if (t?.body?.access_token || t?.body?.refresh_token) return !0;
2156
2181
  } catch {}
2157
2182
  return !1;
2158
2183
  } catch (e) {
2159
- return L(`Error checking session hint cookie: ${e.message}`), !1;
2160
- }
2161
- }
2162
- function X(e) {
2163
- if (G()) try {
2164
- let t = e ? 720 * 60 * 60 : 0, n = window.location.protocol === "https:" ? "; Secure" : "";
2165
- document.cookie = `${vt}=${e}; path=/; max-age=${t}; SameSite=Lax${n}`;
2166
- } catch (e) {
2167
- L(`Error setting session hint cookie: ${e.message}`);
2184
+ return R(`Error checking session hint cookie: ${e.message}`), !1;
2168
2185
  }
2169
2186
  }
2170
- function Z() {
2171
- X(!1);
2172
- }
2173
- function Et(e, t) {
2187
+ function Ot(e, t) {
2174
2188
  let n = e.message || "";
2175
2189
  return t.some((t) => n.includes(t) || e.error === t);
2176
2190
  }
2177
- function Dt(e) {
2178
- return Et(e, St);
2191
+ function kt(e) {
2192
+ return Ot(e, wt);
2179
2193
  }
2180
- function Ot(e) {
2181
- return Et(e, xt);
2194
+ function At(e) {
2195
+ return Ot(e, Ct);
2182
2196
  }
2183
- function kt(e) {
2197
+ function jt(e) {
2184
2198
  try {
2185
2199
  let t = new URL(e);
2186
2200
  return t.hash = "", t.toString();
@@ -2188,59 +2202,59 @@ function kt(e) {
2188
2202
  return e.split("#")[0];
2189
2203
  }
2190
2204
  }
2191
- function Q() {
2205
+ function Z() {
2192
2206
  try {
2193
- let e = sessionStorage.getItem(Y);
2207
+ let e = sessionStorage.getItem(X);
2194
2208
  if (!e) return !1;
2195
2209
  let { timestamp: t } = JSON.parse(e);
2196
- return Date.now() - t < yt;
2210
+ return Date.now() - t < xt;
2197
2211
  } catch {
2198
- return sessionStorage.removeItem(Y), !1;
2212
+ return sessionStorage.removeItem(X), !1;
2199
2213
  }
2200
2214
  }
2201
- function At() {
2215
+ function Q() {
2202
2216
  try {
2203
- sessionStorage.setItem(Y, JSON.stringify({ timestamp: Date.now() }));
2217
+ sessionStorage.setItem(X, JSON.stringify({ timestamp: Date.now() }));
2204
2218
  } catch {
2205
- L("Failed to set silent auth throttle in sessionStorage");
2219
+ R("Failed to set silent auth throttle in sessionStorage");
2206
2220
  }
2207
2221
  }
2208
2222
  function $() {
2209
2223
  try {
2210
- sessionStorage.removeItem(Y);
2224
+ sessionStorage.removeItem(X);
2211
2225
  } catch {}
2212
2226
  }
2213
- function jt(e) {
2227
+ function Mt(e) {
2214
2228
  if (e.domains && e.domains.length > 0) {
2215
2229
  let t = K(window.location.href);
2216
2230
  if (t) {
2217
- for (let n of e.domains) if (K(`https://${n}`) === t) return L(`Found matching domain in domains array: ${n} for TLD: ${t}`), n;
2218
- L(`No matching domain found in domains array for TLD: ${t}`);
2231
+ for (let n of e.domains) if (K(`https://${n}`) === t) return R(`Found matching domain in domains array: ${n} for TLD: ${t}`), n;
2232
+ R(`No matching domain found in domains array for TLD: ${t}`);
2219
2233
  }
2220
2234
  }
2221
- if (e.domain) return L(`Using fallback domain property: ${e.domain}`), e.domain;
2235
+ if (e.domain) return R(`Using fallback domain property: ${e.domain}`), e.domain;
2222
2236
  }
2223
- function Mt() {
2237
+ function Nt() {
2224
2238
  try {
2225
2239
  let e = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
2226
2240
  for (let t of e) {
2227
2241
  let e = JSON.parse(localStorage.getItem(t) || "{}"), n;
2228
- if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length === Ct) return !0;
2242
+ if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length === Tt) return !0;
2229
2243
  }
2230
2244
  } catch (e) {
2231
- L(`Error checking for existing auth0 tokens: ${e.message}`);
2245
+ R(`Error checking for existing auth0 tokens: ${e.message}`);
2232
2246
  }
2233
2247
  return !1;
2234
2248
  }
2235
- function Nt() {
2236
- let e, t, n, r = !1, i = !1, a = !1, o = !1;
2237
- G() && window.addEventListener("pageshow", () => {
2238
- i = !1, a = !1;
2249
+ function Pt() {
2250
+ let e, t, n, r = "", i = "", a = !1, o = !1, s = !1, c = !1;
2251
+ mt() && window.addEventListener("pageshow", () => {
2252
+ o = !1, s = !1;
2239
2253
  });
2240
- async function s(e) {
2254
+ async function l(e) {
2241
2255
  if (!e) return null;
2242
- let t = localStorage.getItem(J);
2243
- if (!t) return L("No refresh token found in localstorage"), null;
2256
+ let t = localStorage.getItem(Y);
2257
+ if (!t) return R("No refresh token found in localstorage"), null;
2244
2258
  let n = new URLSearchParams();
2245
2259
  n.set("client_id", e.iss), n.set("refresh_token", t), n.set("grant_type", "refresh_token");
2246
2260
  let r = new URL(e.iss);
@@ -2253,175 +2267,177 @@ function Nt() {
2253
2267
  });
2254
2268
  if (!e.ok) {
2255
2269
  let t = await e.text().catch(() => "Unknown error");
2256
- throw L(`Token refresh failed with status ${e.status}: ${t}`), localStorage.removeItem(J), Error(`Renew token failed: ${e.status}`);
2270
+ throw R(`Token refresh failed with status ${e.status}: ${t}`), localStorage.removeItem(Y), Error(`Renew token failed: ${e.status}`);
2257
2271
  }
2258
2272
  let t = await e.json();
2259
- if (!t.access_token) throw L("Token refresh response missing access_token"), Error("Invalid token response");
2260
- return t.refresh_token && localStorage.setItem(J, t.refresh_token), localStorage.setItem(q, t.access_token), t.access_token;
2273
+ if (!t.access_token) throw R("Token refresh response missing access_token"), Error("Invalid token response");
2274
+ return t.refresh_token && localStorage.setItem(Y, t.refresh_token), localStorage.setItem(J, t.access_token), t.access_token;
2261
2275
  } catch (e) {
2262
- return L(`Token refresh error: ${e.message}`), localStorage.removeItem(J), localStorage.removeItem(q), await f.logout(), null;
2276
+ return R(`Token refresh error: ${e.message}`), localStorage.removeItem(Y), localStorage.removeItem(J), await m.logout(), null;
2263
2277
  }
2264
2278
  }
2265
- async function c() {
2266
- let e = localStorage.getItem(q);
2279
+ async function u() {
2280
+ let e = localStorage.getItem(J);
2267
2281
  if (!e) return null;
2268
- let t = wt(e), n = Date.now() / 1e3;
2269
- return !t || !t.exp || t.exp < n + bt ? await s(t) || (localStorage.removeItem(q), null) : e;
2270
- }
2271
- async function l() {
2272
- if (a) {
2273
- L("Silent redirect already in progress");
2282
+ let t = Et(e);
2283
+ if (t?.vendor_id && r && t.vendor_id !== r) return R("Ignoring local access token belonging to a different vendor"), null;
2284
+ let n = Date.now() / 1e3;
2285
+ return !t || !t.exp || t.exp < n + St ? await l(t) || (localStorage.removeItem(J), null) : e;
2286
+ }
2287
+ async function d() {
2288
+ if (s) {
2289
+ R("Silent redirect already in progress");
2274
2290
  return;
2275
2291
  }
2276
- L("Attempting prompt=none redirect to recover session"), a = !0;
2292
+ R("Attempting prompt=none redirect to recover session"), s = !0;
2277
2293
  try {
2278
2294
  await e.loginWithRedirect({ authorizationParams: {
2279
2295
  prompt: "none",
2280
- redirect_uri: kt(window.location.href),
2296
+ redirect_uri: jt(window.location.href),
2281
2297
  organization: t
2282
2298
  } });
2283
2299
  } catch (e) {
2284
- L(`Prompt=none redirect failed: ${e.message}`), a = !1;
2300
+ R(`Prompt=none redirect failed: ${e.message}`), s = !1;
2285
2301
  }
2286
2302
  }
2287
- function u() {
2303
+ function f() {
2288
2304
  return n ? K(window.location.href) !== K(`https://${n}`) : !1;
2289
2305
  }
2290
- function d(n) {
2291
- if (i) return L("Login already in progress"), null;
2292
- if (i = !0, setTimeout(() => {
2293
- i = !1;
2294
- }, 3e3), localStorage.removeItem(q), !e) throw Error("Auth0 client not initialized");
2306
+ function p(n) {
2307
+ if (o) return R("Login already in progress"), null;
2308
+ if (o = !0, setTimeout(() => {
2309
+ o = !1;
2310
+ }, 3e3), localStorage.removeItem(J), !e) throw Error("Auth0 client not initialized");
2295
2311
  let r = n?.authorizationParams || {};
2296
2312
  return {
2297
2313
  ...n,
2298
2314
  authorizationParams: {
2299
2315
  organization: t,
2300
- redirect_uri: kt(window.location.href),
2301
- ui_locales: dt(),
2302
- incognito: mt(),
2316
+ redirect_uri: jt(window.location.href),
2317
+ ui_locales: ut(),
2318
+ incognito: pt(),
2303
2319
  ...r
2304
2320
  }
2305
2321
  };
2306
2322
  }
2307
- let f = {
2308
- async init(i) {
2309
- if (i.enabled === !1) return;
2310
- t = i.organization;
2311
- let a = jt(i);
2312
- n = a && !Mt() ? a : ut("token", i.environment), o = K(window.location.href) !== K(`https://${n}`);
2313
- let s = K(window.location.href), c = s ? `.${s}` : void 0, l = {
2323
+ let m = {
2324
+ async init(o) {
2325
+ if (o.enabled === !1) return;
2326
+ t = o.organization, r = vt(o), i = o.clientId;
2327
+ let s = Mt(o);
2328
+ n = s && !Nt() ? s : lt("token", o.environment), c = K(window.location.href) !== K(`https://${n}`);
2329
+ let l = K(window.location.href), u = l ? `.${l}` : void 0, d = {
2314
2330
  domain: n,
2315
- clientId: i.clientId,
2331
+ clientId: o.clientId,
2316
2332
  useCookiesForTransactions: !0,
2317
2333
  legacySameSiteCookie: !1,
2318
- ...c && { cookieDomain: c },
2334
+ ...u && { cookieDomain: u },
2319
2335
  cacheLocation: "localstorage"
2320
2336
  };
2321
- (o || i.useRefreshTokens) && (l.useRefreshTokens = !0), L(`Initializing auth0 client: ${JSON.stringify(l)}`), e = await rt(l);
2322
- let u = new URLSearchParams(window.location.search), d = u.get("code"), f = u.get("state"), p = u.get("error");
2323
- if (p) {
2324
- let e = u.get("error_description");
2325
- L(`Auth error in URL: ${p}${e ? ` - ${e}` : ""}`);
2337
+ (c || o.useRefreshTokens) && (d.useRefreshTokens = !0), R(`Initializing auth0 client: ${JSON.stringify(d)}`), e = await nt(d);
2338
+ let f = new URLSearchParams(window.location.search), p = f.get("code"), m = f.get("state"), h = f.get("error");
2339
+ if (h) {
2340
+ let e = f.get("error_description");
2341
+ R(`Auth error in URL: ${h}${e ? ` - ${e}` : ""}`);
2326
2342
  let t = new URL(location.href);
2327
2343
  t.searchParams.delete("error"), t.searchParams.delete("error_description"), t.searchParams.delete("state"), window.history.replaceState({}, document.title, t.toString());
2328
- let n = Q();
2329
- if (xt.includes(p)) L("Silent redirect returned no-session - user is not authenticated"), Z();
2330
- else if (n) L(`Silent redirect returned ${p} - treating as unauthenticated`), Z();
2344
+ let n = Z();
2345
+ if (Ct.includes(h)) R("Silent redirect returned no-session - user is not authenticated"), q(r, !1);
2346
+ else if (n) R(`Silent redirect returned ${h} - treating as unauthenticated`), q(r, !1);
2331
2347
  else {
2332
- let t = e || `Authentication failed: ${p}`;
2333
- L(`Non-silent auth error, alerting user: ${t}`), setTimeout(() => {
2348
+ let t = e || `Authentication failed: ${h}`;
2349
+ R(`Non-silent auth error, alerting user: ${t}`), setTimeout(() => {
2334
2350
  alert(t);
2335
2351
  }, 0);
2336
2352
  }
2337
2353
  }
2338
- if (d) if (window.opener) L("Code found in URL, posting to opener"), window.opener.postMessage({
2354
+ if (p) if (window.opener) R("Code found in URL, posting to opener"), window.opener.postMessage({
2339
2355
  type: "authorization_response",
2340
2356
  response: {
2341
- code: d,
2342
- state: f
2357
+ code: p,
2358
+ state: m
2343
2359
  }
2344
2360
  }, window.location.origin);
2345
2361
  else {
2346
- L("Code found in URL, handling redirect");
2347
- let t = window.location.href, n = new URL(location.href), r = n.searchParams;
2348
- r.delete("code"), r.delete("state"), n.search = r.toString(), window.history.replaceState({}, document.title, n.toString()), L("Rewrote url to remove code and state");
2362
+ R("Code found in URL, handling redirect");
2363
+ let t = window.location.href, n = new URL(location.href), i = n.searchParams;
2364
+ i.delete("code"), i.delete("state"), n.search = i.toString(), window.history.replaceState({}, document.title, n.toString()), R("Rewrote url to remove code and state");
2349
2365
  try {
2350
2366
  let n = await e.handleRedirectCallback(t);
2351
- L(`Login result: ${JSON.stringify(n)}`);
2352
- let r = await e.getUser();
2353
- if (!r) throw Error("No user found");
2354
- L(`User found ${JSON.stringify(r)}`), $(), X(!0), L(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(n.appState)}`), z(R.AUTHENTICATED, {
2355
- ...r,
2367
+ R(`Login result: ${JSON.stringify(n)}`);
2368
+ let i = await e.getUser();
2369
+ if (!i) throw Error("No user found");
2370
+ R(`User found ${JSON.stringify(i)}`), $(), q(r, !0), R(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(n.appState)}`), B(z.AUTHENTICATED, {
2371
+ ...i,
2356
2372
  appState: n.appState
2357
2373
  });
2358
2374
  } catch (e) {
2359
- L(`Error handling redirect: ${e.message}`), Q() ? (Z(), L("Silent redirect callback failed, cleared session hints")) : alert("There was an error logging in"), console.error(e);
2375
+ R(`Error handling redirect: ${e.message}`), Z() ? (q(r, !1), R("Silent redirect callback failed, cleared session hints")) : alert("There was an error logging in"), console.error(e);
2360
2376
  }
2361
2377
  }
2362
- r = !0, z(R.AUTH_INITIALIZED, {});
2378
+ a = !0, B(z.AUTH_INITIALIZED, {});
2363
2379
  },
2364
2380
  async isAuthenticated() {
2365
- if (!r) return !1;
2366
- if (await c()) return !0;
2381
+ if (!a) return !1;
2382
+ if (await u()) return !0;
2367
2383
  if (!e) return !1;
2368
2384
  let t = await e.isAuthenticated();
2369
- return t && X(!0), t;
2385
+ return t && q(r, !0), t;
2370
2386
  },
2371
2387
  async getTokenSilently(t = !0, n = !1) {
2372
- if (!r) return null;
2373
- let i = await c();
2374
- if (i) return i;
2375
- if (!n && Q()) {
2376
- if (L("Silent auth is throttled due to recent failures, skipping request"), t) throw Error("Silent auth throttled");
2388
+ if (!a) return null;
2389
+ let o = await u();
2390
+ if (o) return o;
2391
+ if (!n && Z()) {
2392
+ if (R("Silent auth is throttled due to recent failures, skipping request"), t) throw Error("Silent auth throttled");
2377
2393
  return null;
2378
2394
  }
2379
2395
  try {
2380
- if (!e) return L("Auth client not initialized"), null;
2381
- let t = await e.getTokenSilently(), r = wt(t), i = Date.now() / 1e3;
2382
- return n && r?.exp && r.exp - i < 3600 + bt && (t = await e.getTokenSilently({ cacheMode: "off" })), $(), X(!0), t;
2396
+ if (!e) return R("Auth client not initialized"), null;
2397
+ let t = await e.getTokenSilently(), i = Et(t), a = Date.now() / 1e3;
2398
+ return n && i?.exp && i.exp - a < 3600 + St && (t = await e.getTokenSilently({ cacheMode: "off" })), $(), q(r, !0), t;
2383
2399
  } catch (n) {
2384
- let r = n;
2385
- if (L(`Failed to get token silently: ${r.message}`), Ot(r) && !o) {
2386
- if (L("Silent auth returned authoritative no-session - treating user as anonymous"), Z(), At(), t) throw n;
2400
+ let a = n;
2401
+ if (R(`Failed to get token silently: ${a.message}`), At(a) && !c) {
2402
+ if (R("Silent auth returned authoritative no-session - treating user as anonymous"), q(r, !1), Q(), t) throw n;
2387
2403
  return null;
2388
2404
  }
2389
- if ((Dt(r) || Ot(r) && o) && Tt()) return L("Recoverable silent-auth failure with session hint - attempting prompt=none redirect"), At(), await l(), null;
2390
- if (At(), await e.isAuthenticated() && (r.message === "Invalid refresh token" || r.message.includes("Missing Refresh Token")) && await f.logout(), t) throw n;
2405
+ if ((kt(a) || At(a) && c) && Dt(r, i)) return R("Recoverable silent-auth failure with session hint - attempting prompt=none redirect"), Q(), await d(), null;
2406
+ if (Q(), await e.isAuthenticated() && (a.message === "Invalid refresh token" || a.message.includes("Missing Refresh Token")) && await m.logout(), t) throw n;
2391
2407
  return null;
2392
2408
  }
2393
2409
  },
2394
2410
  async getUser() {
2395
- return r ? await c() ? {
2411
+ return a ? await u() ? {
2396
2412
  sub: "local",
2397
2413
  name: "Local User"
2398
2414
  } : e ? await e.getUser() : null : null;
2399
2415
  },
2400
2416
  async login(e) {
2401
- return u() && (gt() || _t() || mt()) ? (L("Using popup login for cross-domain auth on Safari/Android/Incognito"), f.loginWithPopup(e)) : (L("Using redirect login"), f.loginWithRedirect(e));
2417
+ return f() && (gt() || _t() || pt()) ? (R("Using popup login for cross-domain auth on Safari/Android/Incognito"), m.loginWithPopup(e)) : (R("Using redirect login"), m.loginWithRedirect(e));
2402
2418
  },
2403
2419
  async loginWithRedirect(t) {
2404
- let n = d(t);
2420
+ let n = p(t);
2405
2421
  if (n) return e.loginWithRedirect(n);
2406
2422
  },
2407
2423
  async loginWithPopup(t) {
2408
- let n = d(t);
2424
+ let n = p(t);
2409
2425
  if (!n) return;
2410
- await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(), X(!0);
2411
- let r = await e.getUser();
2412
- if (!r) throw Error("No user found after popup login");
2413
- let i = new CustomEvent(R.AUTHENTICATED, {
2426
+ await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(), q(r, !0);
2427
+ let i = await e.getUser();
2428
+ if (!i) throw Error("No user found after popup login");
2429
+ let a = new CustomEvent(z.AUTHENTICATED, {
2414
2430
  detail: {
2415
- ...r,
2431
+ ...i,
2416
2432
  appState: t?.appState
2417
2433
  },
2418
2434
  composed: !0,
2419
2435
  bubbles: !0
2420
2436
  });
2421
- window.dispatchEvent(i) && window.location.reload();
2437
+ window.dispatchEvent(a) && window.location.reload();
2422
2438
  },
2423
2439
  async logout(t = {}) {
2424
- if (r && (localStorage.removeItem(q), localStorage.removeItem(J), Z(), $(), z(R.LOGOUT, {}), e)) return L(`Logout with options: ${JSON.stringify(t)}`), e.logout({
2440
+ if (a && (localStorage.removeItem(J), localStorage.removeItem(Y), q(r, !1), $(), B(z.LOGOUT, {}), e)) return R(`Logout with options: ${JSON.stringify(t)}`), e.logout({
2425
2441
  ...t,
2426
2442
  logoutParams: {
2427
2443
  returnTo: window.location.href,
@@ -2430,7 +2446,7 @@ function Nt() {
2430
2446
  });
2431
2447
  }
2432
2448
  };
2433
- return f;
2449
+ return m;
2434
2450
  }
2435
2451
  //#endregion
2436
- export { q as ACCESS_TOKEN_KEY, J as REFRESH_TOKEN_KEY, vt as SESSION_HINT_COOKIE, Y as SILENT_AUTH_THROTTLE_KEY, Nt as createAuth0Plugin };
2452
+ export { J as ACCESS_TOKEN_KEY, Y as REFRESH_TOKEN_KEY, X as SILENT_AUTH_THROTTLE_KEY, Pt as createAuth0Plugin };