@sesamy/sesamy-js 1.88.0 → 1.90.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/auth0-plugin.mjs +2164 -0
  2. package/dist/sesamy-js.cjs +9 -12
  3. package/dist/sesamy-js.d.ts +62 -17
  4. package/dist/sesamy-js.iife.js +9 -12
  5. package/dist/sesamy-js.mjs +5297 -6999
  6. package/package.json +11 -4
package/dist/auth0-plugin.mjs ADDED
@@ -0,0 +1,2164 @@
1
+ function O(o, e) {
2
+ var t = {};
3
+ for (var n in o) Object.prototype.hasOwnProperty.call(o, n) && e.indexOf(n) < 0 && (t[n] = o[n]);
4
+ if (o != null && typeof Object.getOwnPropertySymbols == "function") {
5
+ var i = 0;
6
+ for (n = Object.getOwnPropertySymbols(o); i < n.length; i++) e.indexOf(n[i]) < 0 && Object.prototype.propertyIsEnumerable.call(o, n[i]) && (t[n[i]] = o[n[i]]);
7
+ }
8
+ return t;
9
+ }
10
+ var j = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {};
11
+ function we(o) {
12
+ return o && o.__esModule && Object.prototype.hasOwnProperty.call(o, "default") ? o.default : o;
13
+ }
14
+ function be(o, e) {
15
+ return o(e = { exports: {} }, e.exports), e.exports;
16
+ }
17
+ var R = be((function(o, e) {
18
+ Object.defineProperty(e, "__esModule", { value: !0 });
19
+ var t = (function() {
20
+ function n() {
21
+ var i = this;
22
+ this.locked = /* @__PURE__ */ new Map(), this.addToLocked = function(r, c) {
23
+ var h = i.locked.get(r);
24
+ h === void 0 ? c === void 0 ? i.locked.set(r, []) : i.locked.set(r, [c]) : c !== void 0 && (h.unshift(c), i.locked.set(r, h));
25
+ }, this.isLocked = function(r) {
26
+ return i.locked.has(r);
27
+ }, this.lock = function(r) {
28
+ return new Promise((function(c, h) {
29
+ i.isLocked(r) ? i.addToLocked(r, c) : (i.addToLocked(r), c());
30
+ }));
31
+ }, this.unlock = function(r) {
32
+ var c = i.locked.get(r);
33
+ if (c !== void 0 && c.length !== 0) {
34
+ var h = c.pop();
35
+ i.locked.set(r, c), h !== void 0 && setTimeout(h, 0);
36
+ } else i.locked.delete(r);
37
+ };
38
+ }
39
+ return n.getInstance = function() {
40
+ return n.instance === void 0 && (n.instance = new n()), n.instance;
41
+ }, n;
42
+ })();
43
+ e.default = function() {
44
+ return t.getInstance();
45
+ };
46
+ }));
47
+ we(R);
48
+ var nt = we(be((function(o, e) {
49
+ var t = j && j.__awaiter || function(s, l, a, u) {
50
+ return new (a || (a = Promise))((function(p, g) {
51
+ function f(k) {
52
+ try {
53
+ b(u.next(k));
54
+ } catch (y) {
55
+ g(y);
56
+ }
57
+ }
58
+ function w(k) {
59
+ try {
60
+ b(u.throw(k));
61
+ } catch (y) {
62
+ g(y);
63
+ }
64
+ }
65
+ function b(k) {
66
+ k.done ? p(k.value) : new a((function(y) {
67
+ y(k.value);
68
+ })).then(f, w);
69
+ }
70
+ b((u = u.apply(s, l || [])).next());
71
+ }));
72
+ }, n = j && j.__generator || function(s, l) {
73
+ var a, u, p, g, f = { label: 0, sent: function() {
74
+ if (1 & p[0]) throw p[1];
75
+ return p[1];
76
+ }, trys: [], ops: [] };
77
+ return g = { next: w(0), throw: w(1), return: w(2) }, typeof Symbol == "function" && (g[Symbol.iterator] = function() {
78
+ return this;
79
+ }), g;
80
+ function w(b) {
81
+ return function(k) {
82
+ return (function(y) {
83
+ if (a) throw new TypeError("Generator is already executing.");
84
+ for (; f; ) try {
85
+ if (a = 1, u && (p = 2 & y[0] ? u.return : y[0] ? u.throw || ((p = u.return) && p.call(u), 0) : u.next) && !(p = p.call(u, y[1])).done) return p;
86
+ switch (u = 0, p && (y = [2 & y[0], p.value]), y[0]) {
87
+ case 0:
88
+ case 1:
89
+ p = y;
90
+ break;
91
+ case 4:
92
+ return f.label++, { value: y[1], done: !1 };
93
+ case 5:
94
+ f.label++, u = y[1], y = [0];
95
+ continue;
96
+ case 7:
97
+ y = f.ops.pop(), f.trys.pop();
98
+ continue;
99
+ default:
100
+ if (p = f.trys, !((p = p.length > 0 && p[p.length - 1]) || y[0] !== 6 && y[0] !== 2)) {
101
+ f = 0;
102
+ continue;
103
+ }
104
+ if (y[0] === 3 && (!p || y[1] > p[0] && y[1] < p[3])) {
105
+ f.label = y[1];
106
+ break;
107
+ }
108
+ if (y[0] === 6 && f.label < p[1]) {
109
+ f.label = p[1], p = y;
110
+ break;
111
+ }
112
+ if (p && f.label < p[2]) {
113
+ f.label = p[2], f.ops.push(y);
114
+ break;
115
+ }
116
+ p[2] && f.ops.pop(), f.trys.pop();
117
+ continue;
118
+ }
119
+ y = l.call(s, f);
120
+ } catch (S) {
121
+ y = [6, S], u = 0;
122
+ } finally {
123
+ a = p = 0;
124
+ }
125
+ if (5 & y[0]) throw y[1];
126
+ return { value: y[0] ? y[1] : void 0, done: !0 };
127
+ })([b, k]);
128
+ };
129
+ }
130
+ }, i = j;
131
+ Object.defineProperty(e, "__esModule", { value: !0 });
132
+ var r = "browser-tabs-lock-key", c = { key: function(s) {
133
+ return t(i, void 0, void 0, (function() {
134
+ return n(this, (function(l) {
135
+ throw new Error("Unsupported");
136
+ }));
137
+ }));
138
+ }, getItem: function(s) {
139
+ return t(i, void 0, void 0, (function() {
140
+ return n(this, (function(l) {
141
+ throw new Error("Unsupported");
142
+ }));
143
+ }));
144
+ }, clear: function() {
145
+ return t(i, void 0, void 0, (function() {
146
+ return n(this, (function(s) {
147
+ return [2, window.localStorage.clear()];
148
+ }));
149
+ }));
150
+ }, removeItem: function(s) {
151
+ return t(i, void 0, void 0, (function() {
152
+ return n(this, (function(l) {
153
+ throw new Error("Unsupported");
154
+ }));
155
+ }));
156
+ }, setItem: function(s, l) {
157
+ return t(i, void 0, void 0, (function() {
158
+ return n(this, (function(a) {
159
+ throw new Error("Unsupported");
160
+ }));
161
+ }));
162
+ }, keySync: function(s) {
163
+ return window.localStorage.key(s);
164
+ }, getItemSync: function(s) {
165
+ return window.localStorage.getItem(s);
166
+ }, clearSync: function() {
167
+ return window.localStorage.clear();
168
+ }, removeItemSync: function(s) {
169
+ return window.localStorage.removeItem(s);
170
+ }, setItemSync: function(s, l) {
171
+ return window.localStorage.setItem(s, l);
172
+ } };
173
+ function h(s) {
174
+ return new Promise((function(l) {
175
+ return setTimeout(l, s);
176
+ }));
177
+ }
178
+ function d(s) {
179
+ for (var l = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz", a = "", u = 0; u < s; u++)
180
+ a += l[Math.floor(Math.random() * l.length)];
181
+ return a;
182
+ }
183
+ var m = (function() {
184
+ function s(l) {
185
+ this.acquiredIatSet = /* @__PURE__ */ new Set(), this.storageHandler = void 0, this.id = Date.now().toString() + d(15), this.acquireLock = this.acquireLock.bind(this), this.releaseLock = this.releaseLock.bind(this), this.releaseLock__private__ = this.releaseLock__private__.bind(this), this.waitForSomethingToChange = this.waitForSomethingToChange.bind(this), this.refreshLockWhileAcquired = this.refreshLockWhileAcquired.bind(this), this.storageHandler = l, s.waiters === void 0 && (s.waiters = []);
186
+ }
187
+ return s.prototype.acquireLock = function(l, a) {
188
+ return a === void 0 && (a = 5e3), t(this, void 0, void 0, (function() {
189
+ var u, p, g, f, w, b, k;
190
+ return n(this, (function(y) {
191
+ switch (y.label) {
192
+ case 0:
193
+ u = Date.now() + d(4), p = Date.now() + a, g = r + "-" + l, f = this.storageHandler === void 0 ? c : this.storageHandler, y.label = 1;
194
+ case 1:
195
+ return Date.now() < p ? [4, h(30)] : [3, 8];
196
+ case 2:
197
+ return y.sent(), f.getItemSync(g) !== null ? [3, 5] : (w = this.id + "-" + l + "-" + u, [4, h(Math.floor(25 * Math.random()))]);
198
+ case 3:
199
+ return y.sent(), f.setItemSync(g, JSON.stringify({ id: this.id, iat: u, timeoutKey: w, timeAcquired: Date.now(), timeRefreshed: Date.now() })), [4, h(30)];
200
+ case 4:
201
+ return y.sent(), (b = f.getItemSync(g)) !== null && (k = JSON.parse(b)).id === this.id && k.iat === u ? (this.acquiredIatSet.add(u), this.refreshLockWhileAcquired(g, u), [2, !0]) : [3, 7];
202
+ case 5:
203
+ return s.lockCorrector(this.storageHandler === void 0 ? c : this.storageHandler), [4, this.waitForSomethingToChange(p)];
204
+ case 6:
205
+ y.sent(), y.label = 7;
206
+ case 7:
207
+ return u = Date.now() + d(4), [3, 1];
208
+ case 8:
209
+ return [2, !1];
210
+ }
211
+ }));
212
+ }));
213
+ }, s.prototype.refreshLockWhileAcquired = function(l, a) {
214
+ return t(this, void 0, void 0, (function() {
215
+ var u = this;
216
+ return n(this, (function(p) {
217
+ return setTimeout((function() {
218
+ return t(u, void 0, void 0, (function() {
219
+ var g, f, w;
220
+ return n(this, (function(b) {
221
+ switch (b.label) {
222
+ case 0:
223
+ return [4, R.default().lock(a)];
224
+ case 1:
225
+ return b.sent(), this.acquiredIatSet.has(a) ? (g = this.storageHandler === void 0 ? c : this.storageHandler, (f = g.getItemSync(l)) === null ? (R.default().unlock(a), [2]) : ((w = JSON.parse(f)).timeRefreshed = Date.now(), g.setItemSync(l, JSON.stringify(w)), R.default().unlock(a), this.refreshLockWhileAcquired(l, a), [2])) : (R.default().unlock(a), [2]);
226
+ }
227
+ }));
228
+ }));
229
+ }), 1e3), [2];
230
+ }));
231
+ }));
232
+ }, s.prototype.waitForSomethingToChange = function(l) {
233
+ return t(this, void 0, void 0, (function() {
234
+ return n(this, (function(a) {
235
+ switch (a.label) {
236
+ case 0:
237
+ return [4, new Promise((function(u) {
238
+ var p = !1, g = Date.now(), f = !1;
239
+ function w() {
240
+ if (f || (window.removeEventListener("storage", w), s.removeFromWaiting(w), clearTimeout(b), f = !0), !p) {
241
+ p = !0;
242
+ var k = 50 - (Date.now() - g);
243
+ k > 0 ? setTimeout(u, k) : u(null);
244
+ }
245
+ }
246
+ window.addEventListener("storage", w), s.addToWaiting(w);
247
+ var b = setTimeout(w, Math.max(0, l - Date.now()));
248
+ }))];
249
+ case 1:
250
+ return a.sent(), [2];
251
+ }
252
+ }));
253
+ }));
254
+ }, s.addToWaiting = function(l) {
255
+ this.removeFromWaiting(l), s.waiters !== void 0 && s.waiters.push(l);
256
+ }, s.removeFromWaiting = function(l) {
257
+ s.waiters !== void 0 && (s.waiters = s.waiters.filter((function(a) {
258
+ return a !== l;
259
+ })));
260
+ }, s.notifyWaiters = function() {
261
+ s.waiters !== void 0 && s.waiters.slice().forEach((function(l) {
262
+ return l();
263
+ }));
264
+ }, s.prototype.releaseLock = function(l) {
265
+ return t(this, void 0, void 0, (function() {
266
+ return n(this, (function(a) {
267
+ switch (a.label) {
268
+ case 0:
269
+ return [4, this.releaseLock__private__(l)];
270
+ case 1:
271
+ return [2, a.sent()];
272
+ }
273
+ }));
274
+ }));
275
+ }, s.prototype.releaseLock__private__ = function(l) {
276
+ return t(this, void 0, void 0, (function() {
277
+ var a, u, p, g;
278
+ return n(this, (function(f) {
279
+ switch (f.label) {
280
+ case 0:
281
+ return a = this.storageHandler === void 0 ? c : this.storageHandler, u = r + "-" + l, (p = a.getItemSync(u)) === null ? [2] : (g = JSON.parse(p)).id !== this.id ? [3, 2] : [4, R.default().lock(g.iat)];
282
+ case 1:
283
+ f.sent(), this.acquiredIatSet.delete(g.iat), a.removeItemSync(u), R.default().unlock(g.iat), s.notifyWaiters(), f.label = 2;
284
+ case 2:
285
+ return [2];
286
+ }
287
+ }));
288
+ }));
289
+ }, s.lockCorrector = function(l) {
290
+ for (var a = Date.now() - 5e3, u = l, p = [], g = 0; ; ) {
291
+ var f = u.keySync(g);
292
+ if (f === null) break;
293
+ p.push(f), g++;
294
+ }
295
+ for (var w = !1, b = 0; b < p.length; b++) {
296
+ var k = p[b];
297
+ if (k.includes(r)) {
298
+ var y = u.getItemSync(k);
299
+ if (y !== null) {
300
+ var S = JSON.parse(y);
301
+ (S.timeRefreshed === void 0 && S.timeAcquired < a || S.timeRefreshed !== void 0 && S.timeRefreshed < a) && (u.removeItemSync(k), w = !0);
302
+ }
303
+ }
304
+ }
305
+ w && s.notifyWaiters();
306
+ }, s.waiters = void 0, s;
307
+ })();
308
+ e.default = m;
309
+ })));
310
+ const ot = { timeoutInSeconds: 60 }, $e = { name: "auth0-spa-js", version: "2.11.3" }, Xe = () => Date.now();
311
+ class _ extends Error {
312
+ constructor(e, t) {
313
+ super(t), this.error = e, this.error_description = t, Object.setPrototypeOf(this, _.prototype);
314
+ }
315
+ static fromPayload({ error: e, error_description: t }) {
316
+ return new _(e, t);
317
+ }
318
+ }
319
+ class ke extends _ {
320
+ constructor(e, t, n, i = null) {
321
+ super(e, t), this.state = n, this.appState = i, Object.setPrototypeOf(this, ke.prototype);
322
+ }
323
+ }
324
+ class ve extends _ {
325
+ constructor(e, t, n, i, r = null) {
326
+ super(e, t), this.connection = n, this.state = i, this.appState = r, Object.setPrototypeOf(this, ve.prototype);
327
+ }
328
+ }
329
+ class Z extends _ {
330
+ constructor() {
331
+ super("timeout", "Timeout"), Object.setPrototypeOf(this, Z.prototype);
332
+ }
333
+ }
334
+ class Se extends Z {
335
+ constructor(e) {
336
+ super(), this.popup = e, Object.setPrototypeOf(this, Se.prototype);
337
+ }
338
+ }
339
+ class _e extends _ {
340
+ constructor(e) {
341
+ super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, _e.prototype);
342
+ }
343
+ }
344
+ class Ie extends _ {
345
+ constructor() {
346
+ super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, Ie.prototype);
347
+ }
348
+ }
349
+ class Te extends _ {
350
+ constructor(e, t, n) {
351
+ super(e, t), this.mfa_token = n, Object.setPrototypeOf(this, Te.prototype);
352
+ }
353
+ }
354
+ class ce extends _ {
355
+ constructor(e, t) {
356
+ super("missing_refresh_token", `Missing Refresh Token (audience: '${ie(e, ["default"])}', scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, ce.prototype);
357
+ }
358
+ }
359
+ class Pe extends _ {
360
+ constructor(e, t) {
361
+ super("missing_scopes", `Missing requested scopes after refresh (audience: '${ie(e, ["default"])}', missing scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Pe.prototype);
362
+ }
363
+ }
364
+ class ue extends _ {
365
+ constructor(e) {
366
+ super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = e, Object.setPrototypeOf(this, ue.prototype);
367
+ }
368
+ }
369
+ function ie(o, e = []) {
370
+ return o && !e.includes(o) ? o : "";
371
+ }
372
+ const re = () => window.crypto, W = () => {
373
+ const o = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";
374
+ let e = "";
375
+ return Array.from(re().getRandomValues(new Uint8Array(43))).forEach(((t) => e += o[t % o.length])), e;
376
+ }, de = (o) => btoa(o), it = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], rt = (o) => Object.keys(o).reduce(((e, t) => {
377
+ const n = it.find(((i) => i.key === t));
378
+ return n && n.type.includes(typeof o[t]) && (e[t] = o[t]), e;
379
+ }), {}), fe = (o) => {
380
+ var { clientId: e } = o, t = O(o, ["clientId"]);
381
+ return new URLSearchParams(((n) => Object.keys(n).filter(((i) => n[i] !== void 0)).reduce(((i, r) => Object.assign(Object.assign({}, i), { [r]: n[r] })), {}))(Object.assign({ client_id: e }, t))).toString();
382
+ }, Ae = async (o) => await re().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(o)), xe = (o) => ((e) => decodeURIComponent(atob(e).split("").map(((t) => "%" + ("00" + t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g, "/").replace(/-/g, "+")), Re = (o) => {
383
+ const e = new Uint8Array(o);
384
+ return ((t) => {
385
+ const n = { "+": "-", "/": "_", "=": "" };
386
+ return t.replace(/[+/=]/g, ((i) => n[i]));
387
+ })(window.btoa(String.fromCharCode(...Array.from(e))));
388
+ }, st = new TextEncoder(), at = new TextDecoder();
389
+ function B(o) {
390
+ return typeof o == "string" ? st.encode(o) : at.decode(o);
391
+ }
392
+ function je(o) {
393
+ if (typeof o.modulusLength != "number" || o.modulusLength < 2048) throw new ut(`${o.name} modulusLength must be at least 2048 bits`);
394
+ }
395
+ async function ct(o, e, t) {
396
+ if (t.usages.includes("sign") === !1) throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');
397
+ const n = `${q(B(JSON.stringify(o)))}.${q(B(JSON.stringify(e)))}`;
398
+ return `${n}.${q(await crypto.subtle.sign((function(i) {
399
+ switch (i.algorithm.name) {
400
+ case "ECDSA":
401
+ return { name: i.algorithm.name, hash: "SHA-256" };
402
+ case "RSA-PSS":
403
+ return je(i.algorithm), { name: i.algorithm.name, saltLength: 32 };
404
+ case "RSASSA-PKCS1-v1_5":
405
+ return je(i.algorithm), { name: i.algorithm.name };
406
+ case "Ed25519":
407
+ return { name: i.algorithm.name };
408
+ }
409
+ throw new K();
410
+ })(t), t, B(n)))}`;
411
+ }
412
+ let ge;
413
+ Uint8Array.prototype.toBase64 ? ge = (o) => (o instanceof ArrayBuffer && (o = new Uint8Array(o)), o.toBase64({ alphabet: "base64url", omitPadding: !0 })) : ge = (e) => {
414
+ e instanceof ArrayBuffer && (e = new Uint8Array(e));
415
+ const t = [];
416
+ for (let n = 0; n < e.byteLength; n += 32768) t.push(String.fromCharCode.apply(null, e.subarray(n, n + 32768)));
417
+ return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
418
+ };
419
+ function q(o) {
420
+ return ge(o);
421
+ }
422
+ class K extends Error {
423
+ constructor(e) {
424
+ var t;
425
+ super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
426
+ }
427
+ }
428
+ class ut extends Error {
429
+ constructor(e) {
430
+ var t;
431
+ super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
432
+ }
433
+ }
434
+ function lt(o) {
435
+ switch (o.algorithm.name) {
436
+ case "RSA-PSS":
437
+ return (function(e) {
438
+ if (e.algorithm.hash.name === "SHA-256") return "PS256";
439
+ throw new K("unsupported RsaHashedKeyAlgorithm hash name");
440
+ })(o);
441
+ case "RSASSA-PKCS1-v1_5":
442
+ return (function(e) {
443
+ if (e.algorithm.hash.name === "SHA-256") return "RS256";
444
+ throw new K("unsupported RsaHashedKeyAlgorithm hash name");
445
+ })(o);
446
+ case "ECDSA":
447
+ return (function(e) {
448
+ if (e.algorithm.namedCurve === "P-256") return "ES256";
449
+ throw new K("unsupported EcKeyAlgorithm namedCurve");
450
+ })(o);
451
+ case "Ed25519":
452
+ return "Ed25519";
453
+ default:
454
+ throw new K("unsupported CryptoKey algorithm name");
455
+ }
456
+ }
457
+ function Ve(o) {
458
+ return o instanceof CryptoKey;
459
+ }
460
+ function Ge(o) {
461
+ return Ve(o) && o.type === "public";
462
+ }
463
+ async function dt(o, e, t, n, i, r) {
464
+ const c = o?.privateKey, h = o?.publicKey;
465
+ if (!Ve(d = c) || d.type !== "private") throw new TypeError('"keypair.privateKey" must be a private CryptoKey');
466
+ var d;
467
+ if (!Ge(h)) throw new TypeError('"keypair.publicKey" must be a public CryptoKey');
468
+ if (h.extractable !== !0) throw new TypeError('"keypair.publicKey.extractable" must be true');
469
+ if (typeof e != "string") throw new TypeError('"htu" must be a string');
470
+ if (typeof t != "string") throw new TypeError('"htm" must be a string');
471
+ if (n !== void 0 && typeof n != "string") throw new TypeError('"nonce" must be a string or undefined');
472
+ if (i !== void 0 && typeof i != "string") throw new TypeError('"accessToken" must be a string or undefined');
473
+ return ct({ alg: lt(c), typ: "dpop+jwt", jwk: await Me(h) }, Object.assign(Object.assign({}, r), { iat: Math.floor(Date.now() / 1e3), jti: crypto.randomUUID(), htm: t, nonce: n, htu: e, ath: i ? q(await crypto.subtle.digest("SHA-256", B(i))) : void 0 }), c);
474
+ }
475
+ async function Me(o) {
476
+ const { kty: e, e: t, n, x: i, y: r, crv: c } = await crypto.subtle.exportKey("jwk", o);
477
+ return { kty: e, crv: c, e: t, n, x: i, y: r };
478
+ }
479
+ const ht = ["authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:token-exchange"];
480
+ function pt() {
481
+ return (async function(o, e) {
482
+ var t;
483
+ let n;
484
+ if (o.length === 0) throw new TypeError('"alg" must be a non-empty string');
485
+ switch (o) {
486
+ case "PS256":
487
+ n = { name: "RSA-PSS", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
488
+ break;
489
+ case "RS256":
490
+ n = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
491
+ break;
492
+ case "ES256":
493
+ n = { name: "ECDSA", namedCurve: "P-256" };
494
+ break;
495
+ case "Ed25519":
496
+ n = { name: "Ed25519" };
497
+ break;
498
+ default:
499
+ throw new K();
500
+ }
501
+ return crypto.subtle.generateKey(n, (t = e?.extractable) !== null && t !== void 0 && t, ["sign", "verify"]);
502
+ })("ES256", { extractable: !1 });
503
+ }
504
+ function mt(o) {
505
+ return (async function(e) {
506
+ if (!Ge(e)) throw new TypeError('"publicKey" must be a public CryptoKey');
507
+ if (e.extractable !== !0) throw new TypeError('"publicKey.extractable" must be true');
508
+ const t = await Me(e);
509
+ let n;
510
+ switch (t.kty) {
511
+ case "EC":
512
+ n = { crv: t.crv, kty: t.kty, x: t.x, y: t.y };
513
+ break;
514
+ case "OKP":
515
+ n = { crv: t.crv, kty: t.kty, x: t.x };
516
+ break;
517
+ case "RSA":
518
+ n = { e: t.e, kty: t.kty, n: t.n };
519
+ break;
520
+ default:
521
+ throw new K("unsupported JWK kty");
522
+ }
523
+ return q(await crypto.subtle.digest({ name: "SHA-256" }, B(JSON.stringify(n))));
524
+ })(o.publicKey);
525
+ }
526
+ function ft({ keyPair: o, url: e, method: t, nonce: n, accessToken: i }) {
527
+ const r = (function(c) {
528
+ const h = new URL(c);
529
+ return h.search = "", h.hash = "", h.href;
530
+ })(e);
531
+ return dt(o, r, t, n, i);
532
+ }
533
+ const gt = async (o, e) => {
534
+ const t = await fetch(o, e);
535
+ return { ok: t.ok, json: await t.json(), headers: (n = t.headers, [...n].reduce(((i, [r, c]) => (i[r] = c, i)), {})) };
536
+ var n;
537
+ }, yt = async (o, e, t) => {
538
+ const n = new AbortController();
539
+ let i;
540
+ return e.signal = n.signal, Promise.race([gt(o, e), new Promise(((r, c) => {
541
+ i = setTimeout((() => {
542
+ n.abort(), c(new Error("Timeout when executing 'fetch'"));
543
+ }), t);
544
+ }))]).finally((() => {
545
+ clearTimeout(i);
546
+ }));
547
+ }, wt = async (o, e, t, n, i, r, c, h) => {
548
+ return d = { auth: { audience: e, scope: t }, timeout: i, fetchUrl: o, fetchOptions: n, useFormData: c, useMrrt: h }, m = r, new Promise((function(s, l) {
549
+ const a = new MessageChannel();
550
+ a.port1.onmessage = function(u) {
551
+ u.data.error ? l(new Error(u.data.error)) : s(u.data), a.port1.close();
552
+ }, m.postMessage(d, [a.port2]);
553
+ }));
554
+ var d, m;
555
+ }, bt = async (o, e, t, n, i, r, c = 1e4, h) => i ? wt(o, e, t, n, c, i, r, h) : yt(o, n, c);
556
+ async function Ye(o, e, t, n, i, r, c, h, d, m) {
557
+ if (d) {
558
+ const k = await d.generateProof({ url: o, method: i.method || "GET", nonce: await d.getNonce() });
559
+ i.headers = Object.assign(Object.assign({}, i.headers), { dpop: k });
560
+ }
561
+ let s, l = null;
562
+ for (let k = 0; k < 3; k++) try {
563
+ s = await bt(o, t, n, i, r, c, e, h), l = null;
564
+ break;
565
+ } catch (y) {
566
+ l = y;
567
+ }
568
+ if (l) throw l;
569
+ const a = s.json, { error: u, error_description: p } = a, g = O(a, ["error", "error_description"]), { headers: f, ok: w } = s;
570
+ let b;
571
+ if (d && (b = f["dpop-nonce"], b && await d.setNonce(b)), !w) {
572
+ const k = p || `HTTP error. Unable to fetch ${o}`;
573
+ if (u === "mfa_required") throw new Te(u, k, g.mfa_token);
574
+ if (u === "missing_refresh_token") throw new ce(t, n);
575
+ if (u === "use_dpop_nonce") {
576
+ if (!d || !b || m) throw new ue(b);
577
+ return Ye(o, e, t, n, i, r, c, h, d, !0);
578
+ }
579
+ throw new _(u || "request_error", k);
580
+ }
581
+ return g;
582
+ }
583
+ async function kt(o, e) {
584
+ var { baseUrl: t, timeout: n, audience: i, scope: r, auth0Client: c, useFormData: h, useMrrt: d, dpop: m } = o, s = O(o, ["baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop"]);
585
+ const l = s.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", a = s.grant_type === "refresh_token" && d, u = Object.assign(Object.assign(Object.assign(Object.assign({}, s), l && i && { audience: i }), l && r && { scope: r }), a && { audience: i, scope: r }), p = h ? fe(u) : JSON.stringify(u), g = (f = s.grant_type, ht.includes(f));
586
+ var f;
587
+ return await Ye(`${t}/oauth/token`, n, i || "default", r, { method: "POST", body: p, headers: { "Content-Type": h ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(rt(c || $e))) } }, e, h, d, g ? m : void 0);
588
+ }
589
+ const oe = (...o) => {
590
+ return (e = o.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(e))).join(" ");
591
+ var e;
592
+ }, Q = (o, e, t) => {
593
+ let n;
594
+ return t && (n = o[t]), n || (n = o.default), oe(n, e);
595
+ };
596
+ class P {
597
+ constructor(e, t = "@@auth0spajs@@", n) {
598
+ this.prefix = t, this.suffix = n, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
599
+ }
600
+ toKey() {
601
+ return [this.prefix, this.clientId, this.audience, this.scope, this.suffix].filter(Boolean).join("::");
602
+ }
603
+ static fromKey(e) {
604
+ const [t, n, i, r] = e.split("::");
605
+ return new P({ clientId: n, scope: r, audience: i }, t);
606
+ }
607
+ static fromCacheEntry(e) {
608
+ const { scope: t, audience: n, client_id: i } = e;
609
+ return new P({ scope: t, audience: n, clientId: i });
610
+ }
611
+ }
612
+ class vt {
613
+ set(e, t) {
614
+ localStorage.setItem(e, JSON.stringify(t));
615
+ }
616
+ get(e) {
617
+ const t = window.localStorage.getItem(e);
618
+ if (t) try {
619
+ return JSON.parse(t);
620
+ } catch {
621
+ return;
622
+ }
623
+ }
624
+ remove(e) {
625
+ localStorage.removeItem(e);
626
+ }
627
+ allKeys() {
628
+ return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
629
+ }
630
+ }
631
+ class Be {
632
+ constructor() {
633
+ this.enclosedCache = /* @__PURE__ */ (function() {
634
+ let e = {};
635
+ return { set(t, n) {
636
+ e[t] = n;
637
+ }, get(t) {
638
+ const n = e[t];
639
+ if (n) return n;
640
+ }, remove(t) {
641
+ delete e[t];
642
+ }, allKeys: () => Object.keys(e) };
643
+ })();
644
+ }
645
+ }
646
+ class St {
647
+ constructor(e, t, n) {
648
+ this.cache = e, this.keyManifest = t, this.nowProvider = n || Xe;
649
+ }
650
+ async setIdToken(e, t, n) {
651
+ var i;
652
+ const r = this.getIdTokenCacheKey(e);
653
+ await this.cache.set(r, { id_token: t, decodedToken: n }), await ((i = this.keyManifest) === null || i === void 0 ? void 0 : i.add(r));
654
+ }
655
+ async getIdToken(e) {
656
+ const t = await this.cache.get(this.getIdTokenCacheKey(e.clientId));
657
+ if (!t && e.scope && e.audience) {
658
+ const n = await this.get(e);
659
+ return !n || !n.id_token || !n.decodedToken ? void 0 : { id_token: n.id_token, decodedToken: n.decodedToken };
660
+ }
661
+ if (t) return { id_token: t.id_token, decodedToken: t.decodedToken };
662
+ }
663
+ async get(e, t = 0, n = !1, i) {
664
+ var r;
665
+ let c = await this.cache.get(e.toKey());
666
+ if (!c) {
667
+ const m = await this.getCacheKeys();
668
+ if (!m) return;
669
+ const s = this.matchExistingCacheKey(e, m);
670
+ if (s && (c = await this.cache.get(s)), !c && n && i !== "cache-only") return this.getEntryWithRefreshToken(e, m);
671
+ }
672
+ if (!c) return;
673
+ const h = await this.nowProvider(), d = Math.floor(h / 1e3);
674
+ return c.expiresAt - t < d ? c.body.refresh_token ? this.modifiedCachedEntry(c, e) : (await this.cache.remove(e.toKey()), void await ((r = this.keyManifest) === null || r === void 0 ? void 0 : r.remove(e.toKey()))) : c.body;
675
+ }
676
+ async modifiedCachedEntry(e, t) {
677
+ return e.body = { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope }, await this.cache.set(t.toKey(), e), { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope };
678
+ }
679
+ async set(e) {
680
+ var t;
681
+ const n = new P({ clientId: e.client_id, scope: e.scope, audience: e.audience }), i = await this.wrapCacheEntry(e);
682
+ await this.cache.set(n.toKey(), i), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.add(n.toKey()));
683
+ }
684
+ async remove(e, t, n) {
685
+ const i = new P({ clientId: e, scope: n, audience: t });
686
+ await this.cache.remove(i.toKey());
687
+ }
688
+ async clear(e) {
689
+ var t;
690
+ const n = await this.getCacheKeys();
691
+ n && (await n.filter(((i) => !e || i.includes(e))).reduce((async (i, r) => {
692
+ await i, await this.cache.remove(r);
693
+ }), Promise.resolve()), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.clear()));
694
+ }
695
+ async wrapCacheEntry(e) {
696
+ const t = await this.nowProvider();
697
+ return { body: e, expiresAt: Math.floor(t / 1e3) + e.expires_in };
698
+ }
699
+ async getCacheKeys() {
700
+ var e;
701
+ return this.keyManifest ? (e = await this.keyManifest.get()) === null || e === void 0 ? void 0 : e.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
702
+ }
703
+ getIdTokenCacheKey(e) {
704
+ return new P({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
705
+ }
706
+ matchExistingCacheKey(e, t) {
707
+ return t.filter(((n) => {
708
+ var i;
709
+ const r = P.fromKey(n), c = new Set(r.scope && r.scope.split(" ")), h = ((i = e.scope) === null || i === void 0 ? void 0 : i.split(" ")) || [], d = r.scope && h.reduce(((m, s) => m && c.has(s)), !0);
710
+ return r.prefix === "@@auth0spajs@@" && r.clientId === e.clientId && r.audience === e.audience && d;
711
+ }))[0];
712
+ }
713
+ async getEntryWithRefreshToken(e, t) {
714
+ var n;
715
+ for (const i of t) {
716
+ const r = P.fromKey(i);
717
+ if (r.prefix === "@@auth0spajs@@" && r.clientId === e.clientId) {
718
+ const c = await this.cache.get(i);
719
+ if (!((n = c?.body) === null || n === void 0) && n.refresh_token) return this.modifiedCachedEntry(c, e);
720
+ }
721
+ }
722
+ }
723
+ async updateEntry(e, t) {
724
+ var n;
725
+ const i = await this.getCacheKeys();
726
+ if (i) for (const r of i) {
727
+ const c = await this.cache.get(r);
728
+ if (((n = c?.body) === null || n === void 0 ? void 0 : n.refresh_token) === e) {
729
+ const h = Object.assign(Object.assign({}, c.body), { refresh_token: t });
730
+ await this.set(h);
731
+ }
732
+ }
733
+ }
734
+ }
735
+ class _t {
736
+ constructor(e, t, n) {
737
+ this.storage = e, this.clientId = t, this.cookieDomain = n, this.storageKey = `a0.spajs.txs.${this.clientId}`;
738
+ }
739
+ create(e) {
740
+ this.storage.save(this.storageKey, e, { daysUntilExpire: 1, cookieDomain: this.cookieDomain });
741
+ }
742
+ get() {
743
+ return this.storage.get(this.storageKey);
744
+ }
745
+ remove() {
746
+ this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
747
+ }
748
+ }
749
+ const J = (o) => typeof o == "number", It = ["iss", "aud", "exp", "nbf", "iat", "jti", "azp", "nonce", "auth_time", "at_hash", "c_hash", "acr", "amr", "sub_jwk", "cnf", "sip_from_tag", "sip_date", "sip_callid", "sip_cseq_num", "sip_via_branch", "orig", "dest", "mky", "events", "toe", "txn", "rph", "sid", "vot", "vtm"], Tt = (o) => {
750
+ if (!o.id_token) throw new Error("ID token is required but missing");
751
+ const e = ((r) => {
752
+ const c = r.split("."), [h, d, m] = c;
753
+ if (c.length !== 3 || !h || !d || !m) throw new Error("ID token could not be decoded");
754
+ const s = JSON.parse(xe(d)), l = { __raw: r }, a = {};
755
+ return Object.keys(s).forEach(((u) => {
756
+ l[u] = s[u], It.includes(u) || (a[u] = s[u]);
757
+ })), { encoded: { header: h, payload: d, signature: m }, header: JSON.parse(xe(h)), claims: l, user: a };
758
+ })(o.id_token);
759
+ if (!e.claims.iss) throw new Error("Issuer (iss) claim must be a string present in the ID token");
760
+ if (e.claims.iss !== o.iss) throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${o.iss}", found "${e.claims.iss}"`);
761
+ if (!e.user.sub) throw new Error("Subject (sub) claim must be a string present in the ID token");
762
+ if (e.header.alg !== "RS256") throw new Error(`Signature algorithm of "${e.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);
763
+ if (!e.claims.aud || typeof e.claims.aud != "string" && !Array.isArray(e.claims.aud)) throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");
764
+ if (Array.isArray(e.claims.aud)) {
765
+ if (!e.claims.aud.includes(o.aud)) throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but was not one of "${e.claims.aud.join(", ")}"`);
766
+ if (e.claims.aud.length > 1) {
767
+ if (!e.claims.azp) throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
768
+ if (e.claims.azp !== o.aud) throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${o.aud}", found "${e.claims.azp}"`);
769
+ }
770
+ } else if (e.claims.aud !== o.aud) throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but found "${e.claims.aud}"`);
771
+ if (o.nonce) {
772
+ if (!e.claims.nonce) throw new Error("Nonce (nonce) claim must be a string present in the ID token");
773
+ if (e.claims.nonce !== o.nonce) throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${o.nonce}", found "${e.claims.nonce}"`);
774
+ }
775
+ if (o.max_age && !J(e.claims.auth_time)) throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
776
+ if (e.claims.exp == null || !J(e.claims.exp)) throw new Error("Expiration Time (exp) claim must be a number present in the ID token");
777
+ if (!J(e.claims.iat)) throw new Error("Issued At (iat) claim must be a number present in the ID token");
778
+ const t = o.leeway || 60, n = new Date(o.now || Date.now()), i = /* @__PURE__ */ new Date(0);
779
+ if (i.setUTCSeconds(e.claims.exp + t), n > i) throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${n}) is after expiration time (${i})`);
780
+ if (e.claims.nbf != null && J(e.claims.nbf)) {
781
+ const r = /* @__PURE__ */ new Date(0);
782
+ if (r.setUTCSeconds(e.claims.nbf - t), n < r) throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${n}) is before ${r}`);
783
+ }
784
+ if (e.claims.auth_time != null && J(e.claims.auth_time)) {
785
+ const r = /* @__PURE__ */ new Date(0);
786
+ if (r.setUTCSeconds(parseInt(e.claims.auth_time) + o.max_age + t), n > r) throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${n}) is after last auth at ${r}`);
787
+ }
788
+ if (o.organization) {
789
+ const r = o.organization.trim();
790
+ if (r.startsWith("org_")) {
791
+ const c = r;
792
+ if (!e.claims.org_id) throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
793
+ if (c !== e.claims.org_id) throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_id}"`);
794
+ } else {
795
+ const c = r.toLowerCase();
796
+ if (!e.claims.org_name) throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
797
+ if (c !== e.claims.org_name) throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_name}"`);
798
+ }
799
+ }
800
+ return e;
801
+ };
802
+ var z = be((function(o, e) {
803
+ var t = j && j.__assign || function() {
804
+ return t = Object.assign || function(d) {
805
+ for (var m, s = 1, l = arguments.length; s < l; s++) for (var a in m = arguments[s]) Object.prototype.hasOwnProperty.call(m, a) && (d[a] = m[a]);
806
+ return d;
807
+ }, t.apply(this, arguments);
808
+ };
809
+ function n(d, m) {
810
+ if (!m) return "";
811
+ var s = "; " + d;
812
+ return m === !0 ? s : s + "=" + m;
813
+ }
814
+ function i(d, m, s) {
815
+ return encodeURIComponent(d).replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent).replace(/\(/g, "%28").replace(/\)/g, "%29") + "=" + encodeURIComponent(m).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent) + (function(l) {
816
+ if (typeof l.expires == "number") {
817
+ var a = /* @__PURE__ */ new Date();
818
+ a.setMilliseconds(a.getMilliseconds() + 864e5 * l.expires), l.expires = a;
819
+ }
820
+ return n("Expires", l.expires ? l.expires.toUTCString() : "") + n("Domain", l.domain) + n("Path", l.path) + n("Secure", l.secure) + n("SameSite", l.sameSite);
821
+ })(s);
822
+ }
823
+ function r(d) {
824
+ for (var m = {}, s = d ? d.split("; ") : [], l = /(%[\dA-F]{2})+/gi, a = 0; a < s.length; a++) {
825
+ var u = s[a].split("="), p = u.slice(1).join("=");
826
+ p.charAt(0) === '"' && (p = p.slice(1, -1));
827
+ try {
828
+ m[u[0].replace(l, decodeURIComponent)] = p.replace(l, decodeURIComponent);
829
+ } catch {
830
+ }
831
+ }
832
+ return m;
833
+ }
834
+ function c() {
835
+ return r(document.cookie);
836
+ }
837
+ function h(d, m, s) {
838
+ document.cookie = i(d, m, t({ path: "/" }, s));
839
+ }
840
+ e.__esModule = !0, e.encode = i, e.parse = r, e.getAll = c, e.get = function(d) {
841
+ return c()[d];
842
+ }, e.set = h, e.remove = function(d, m) {
843
+ h(d, "", t(t({}, m), { expires: -1 }));
844
+ };
845
+ }));
846
+ we(z), z.encode, z.parse, z.getAll;
847
+ var Pt = z.get, qe = z.set, Qe = z.remove;
848
+ const L = { get(o) {
849
+ const e = Pt(o);
850
+ if (e !== void 0) return JSON.parse(e);
851
+ }, save(o, e, t) {
852
+ let n = {};
853
+ window.location.protocol === "https:" && (n = { secure: !0, sameSite: "none" }), t?.daysUntilExpire && (n.expires = t.daysUntilExpire), t?.cookieDomain && (n.domain = t.cookieDomain), qe(o, JSON.stringify(e), n);
854
+ }, remove(o, e) {
855
+ let t = {};
856
+ e?.cookieDomain && (t.domain = e.cookieDomain), Qe(o, t);
857
+ } }, Ot = { get(o) {
858
+ return L.get(o) || L.get(`_legacy_${o}`);
859
+ }, save(o, e, t) {
860
+ let n = {};
861
+ window.location.protocol === "https:" && (n = { secure: !0 }), t?.daysUntilExpire && (n.expires = t.daysUntilExpire), t?.cookieDomain && (n.domain = t.cookieDomain), qe(`_legacy_${o}`, JSON.stringify(e), n), L.save(o, e, t);
862
+ }, remove(o, e) {
863
+ let t = {};
864
+ e?.cookieDomain && (t.domain = e.cookieDomain), Qe(o, t), L.remove(o, e), L.remove(`_legacy_${o}`, e);
865
+ } }, Et = { get(o) {
866
+ if (typeof sessionStorage > "u") return;
867
+ const e = sessionStorage.getItem(o);
868
+ return e != null ? JSON.parse(e) : void 0;
869
+ }, save(o, e) {
870
+ sessionStorage.setItem(o, JSON.stringify(e));
871
+ }, remove(o) {
872
+ sessionStorage.removeItem(o);
873
+ } };
874
+ var N;
875
+ (function(o) {
876
+ o.Code = "code", o.ConnectCode = "connect_code";
877
+ })(N || (N = {}));
878
+ function Ct(o, e, t) {
879
+ var n = e === void 0 ? null : e, i = (function(d, m) {
880
+ var s = atob(d);
881
+ if (m) {
882
+ for (var l = new Uint8Array(s.length), a = 0, u = s.length; a < u; ++a) l[a] = s.charCodeAt(a);
883
+ return String.fromCharCode.apply(null, new Uint16Array(l.buffer));
884
+ }
885
+ return s;
886
+ })(o, t !== void 0 && t), r = i.indexOf(`
887
+ `, 10) + 1, c = i.substring(r) + (n ? "//# sourceMappingURL=" + n : ""), h = new Blob([c], { type: "application/javascript" });
888
+ return URL.createObjectURL(h);
889
+ }
890
+ var Ne, De, Ke, he, At = (Ne = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", De = null, Ke = !1, function(o) {
891
+ return he = he || Ct(Ne, De, Ke), new Worker(he, o);
892
+ });
893
+ const pe = {}, ze = async (o, e = 3) => {
894
+ for (let t = 0; t < e; t++) if (await o()) return !0;
895
+ return !1;
896
+ };
897
+ class xt {
898
+ constructor(e, t) {
899
+ this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
900
+ }
901
+ async add(e) {
902
+ var t;
903
+ const n = new Set(((t = await this.cache.get(this.manifestKey)) === null || t === void 0 ? void 0 : t.keys) || []);
904
+ n.add(e), await this.cache.set(this.manifestKey, { keys: [...n] });
905
+ }
906
+ async remove(e) {
907
+ const t = await this.cache.get(this.manifestKey);
908
+ if (t) {
909
+ const n = new Set(t.keys);
910
+ return n.delete(e), n.size > 0 ? await this.cache.set(this.manifestKey, { keys: [...n] }) : await this.cache.remove(this.manifestKey);
911
+ }
912
+ }
913
+ get() {
914
+ return this.cache.get(this.manifestKey);
915
+ }
916
+ clear() {
917
+ return this.cache.remove(this.manifestKey);
918
+ }
919
+ createManifestKeyFrom(e) {
920
+ return `@@auth0spajs@@::${e}`;
921
+ }
922
+ }
923
+ const Rt = { memory: () => new Be().enclosedCache, localstorage: () => new vt() }, Ue = (o) => Rt[o], Le = (o) => {
924
+ const { openUrl: e, onRedirect: t } = o, n = O(o, ["openUrl", "onRedirect"]);
925
+ return Object.assign(Object.assign({}, n), { openUrl: e === !1 || e ? e : t });
926
+ }, He = (o, e) => {
927
+ const t = e?.split(" ") || [];
928
+ return (o?.split(" ") || []).every(((n) => t.includes(n)));
929
+ }, x = { NONCE: "nonce", KEYPAIR: "keypair" };
930
+ class jt {
931
+ constructor(e) {
932
+ this.clientId = e;
933
+ }
934
+ getVersion() {
935
+ return 1;
936
+ }
937
+ createDbHandle() {
938
+ const e = window.indexedDB.open("auth0-spa-js", this.getVersion());
939
+ return new Promise(((t, n) => {
940
+ e.onupgradeneeded = () => Object.values(x).forEach(((i) => e.result.createObjectStore(i))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
941
+ }));
942
+ }
943
+ async getDbHandle() {
944
+ return this.dbHandle || (this.dbHandle = await this.createDbHandle()), this.dbHandle;
945
+ }
946
+ async executeDbRequest(e, t, n) {
947
+ const i = n((await this.getDbHandle()).transaction(e, t).objectStore(e));
948
+ return new Promise(((r, c) => {
949
+ i.onsuccess = () => r(i.result), i.onerror = () => c(i.error);
950
+ }));
951
+ }
952
+ buildKey(e) {
953
+ const t = e ? `_${e}` : "auth0";
954
+ return `${this.clientId}::${t}`;
955
+ }
956
+ setNonce(e, t) {
957
+ return this.save(x.NONCE, this.buildKey(t), e);
958
+ }
959
+ setKeyPair(e) {
960
+ return this.save(x.KEYPAIR, this.buildKey(), e);
961
+ }
962
+ async save(e, t, n) {
963
+ await this.executeDbRequest(e, "readwrite", ((i) => i.put(n, t)));
964
+ }
965
+ findNonce(e) {
966
+ return this.find(x.NONCE, this.buildKey(e));
967
+ }
968
+ findKeyPair() {
969
+ return this.find(x.KEYPAIR, this.buildKey());
970
+ }
971
+ find(e, t) {
972
+ return this.executeDbRequest(e, "readonly", ((n) => n.get(t)));
973
+ }
974
+ async deleteBy(e, t) {
975
+ const n = await this.executeDbRequest(e, "readonly", ((i) => i.getAllKeys()));
976
+ n?.filter(t).map(((i) => this.executeDbRequest(e, "readwrite", ((r) => r.delete(i)))));
977
+ }
978
+ deleteByClientId(e, t) {
979
+ return this.deleteBy(e, ((n) => typeof n == "string" && n.startsWith(`${t}::`)));
980
+ }
981
+ clearNonces() {
982
+ return this.deleteByClientId(x.NONCE, this.clientId);
983
+ }
984
+ clearKeyPairs() {
985
+ return this.deleteByClientId(x.KEYPAIR, this.clientId);
986
+ }
987
+ }
988
+ class Nt {
989
+ constructor(e) {
990
+ this.storage = new jt(e);
991
+ }
992
+ getNonce(e) {
993
+ return this.storage.findNonce(e);
994
+ }
995
+ setNonce(e, t) {
996
+ return this.storage.setNonce(e, t);
997
+ }
998
+ async getOrGenerateKeyPair() {
999
+ let e = await this.storage.findKeyPair();
1000
+ return e || (e = await pt(), await this.storage.setKeyPair(e)), e;
1001
+ }
1002
+ async generateProof(e) {
1003
+ const t = await this.getOrGenerateKeyPair();
1004
+ return ft(Object.assign({ keyPair: t }, e));
1005
+ }
1006
+ async calculateThumbprint() {
1007
+ return mt(await this.getOrGenerateKeyPair());
1008
+ }
1009
+ async clear() {
1010
+ await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
1011
+ }
1012
+ }
1013
+ var H;
1014
+ (function(o) {
1015
+ o.Bearer = "Bearer", o.DPoP = "DPoP";
1016
+ })(H || (H = {}));
1017
+ class Dt {
1018
+ constructor(e, t) {
1019
+ this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
1020
+ }
1021
+ isAbsoluteUrl(e) {
1022
+ return /^(https?:)?\/\//i.test(e);
1023
+ }
1024
+ buildUrl(e, t) {
1025
+ if (t) {
1026
+ if (this.isAbsoluteUrl(t)) return t;
1027
+ if (e) return `${e.replace(/\/?\/$/, "")}/${t.replace(/^\/+/, "")}`;
1028
+ }
1029
+ throw new TypeError("`url` must be absolute or `baseUrl` non-empty.");
1030
+ }
1031
+ getAccessToken(e) {
1032
+ return this.config.getAccessToken ? this.config.getAccessToken(e) : this.hooks.getAccessToken(e);
1033
+ }
1034
+ extractUrl(e) {
1035
+ return typeof e == "string" ? e : e instanceof URL ? e.href : e.url;
1036
+ }
1037
+ buildBaseRequest(e, t) {
1038
+ if (!this.config.baseUrl) return new Request(e, t);
1039
+ const n = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), i = e instanceof Request ? new Request(n, e) : n;
1040
+ return new Request(i, t);
1041
+ }
1042
+ setAuthorizationHeader(e, t, n = H.Bearer) {
1043
+ e.headers.set("authorization", `${n} ${t}`);
1044
+ }
1045
+ async setDpopProofHeader(e, t) {
1046
+ if (!this.config.dpopNonceId) return;
1047
+ const n = await this.hooks.getDpopNonce(), i = await this.hooks.generateDpopProof({ accessToken: t, method: e.method, nonce: n, url: e.url });
1048
+ e.headers.set("dpop", i);
1049
+ }
1050
+ async prepareRequest(e, t) {
1051
+ const n = await this.getAccessToken(t);
1052
+ let i, r;
1053
+ typeof n == "string" ? (i = this.config.dpopNonceId ? H.DPoP : H.Bearer, r = n) : (i = n.token_type, r = n.access_token), this.setAuthorizationHeader(e, r, i), i === H.DPoP && await this.setDpopProofHeader(e, r);
1054
+ }
1055
+ getHeader(e, t) {
1056
+ return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
1057
+ }
1058
+ hasUseDpopNonceError(e) {
1059
+ if (e.status !== 401) return !1;
1060
+ const t = this.getHeader(e.headers, "www-authenticate");
1061
+ return t.includes("invalid_dpop_nonce") || t.includes("use_dpop_nonce");
1062
+ }
1063
+ async handleResponse(e, t) {
1064
+ const n = this.getHeader(e.headers, "dpop-nonce");
1065
+ if (n && await this.hooks.setDpopNonce(n), !this.hasUseDpopNonceError(e)) return e;
1066
+ if (!n || !t.onUseDpopNonceError) throw new ue(n);
1067
+ return t.onUseDpopNonceError();
1068
+ }
1069
+ async internalFetchWithAuth(e, t, n, i) {
1070
+ const r = this.buildBaseRequest(e, t);
1071
+ await this.prepareRequest(r, i);
1072
+ const c = await this.config.fetch(r);
1073
+ return this.handleResponse(c, n);
1074
+ }
1075
+ fetchWithAuth(e, t, n) {
1076
+ const i = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, i), { onUseDpopNonceError: void 0 }), n) };
1077
+ return this.internalFetchWithAuth(e, t, i, n);
1078
+ }
1079
+ }
1080
+ class Kt {
1081
+ constructor(e, t) {
1082
+ this.myAccountFetcher = e, this.apiBase = t;
1083
+ }
1084
+ async connectAccount(e) {
1085
+ const t = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
1086
+ return this._handleResponse(t);
1087
+ }
1088
+ async completeAccount(e) {
1089
+ const t = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
1090
+ return this._handleResponse(t);
1091
+ }
1092
+ async _handleResponse(e) {
1093
+ let t;
1094
+ try {
1095
+ t = await e.text(), t = JSON.parse(t);
1096
+ } catch (n) {
1097
+ throw new se({ type: "invalid_json", status: e.status, title: "Invalid JSON response", detail: t || String(n) });
1098
+ }
1099
+ if (e.ok) return t;
1100
+ throw new se(t);
1101
+ }
1102
+ }
1103
+ class se extends Error {
1104
+ constructor({ type: e, status: t, title: n, detail: i, validation_errors: r }) {
1105
+ super(i), this.name = "MyAccountApiError", this.type = e, this.status = t, this.title = n, this.detail = i, this.validation_errors = r, Object.setPrototypeOf(this, se.prototype);
1106
+ }
1107
+ }
1108
+ const F = new nt();
1109
+ class zt {
1110
+ constructor(e) {
1111
+ let t, n;
1112
+ if (this.userCache = new Be().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = { authorizationParams: { scope: "openid profile email" }, useRefreshTokensFallback: !1, useFormData: !0 }, this._releaseLockOnPageHide = async () => {
1113
+ const d = Array.from(this.activeLockKeys);
1114
+ for (const m of d) await F.releaseLock(m);
1115
+ this.activeLockKeys.clear(), window.removeEventListener("pagehide", this._releaseLockOnPageHide);
1116
+ }, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
1117
+ if (!re()) throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
1118
+ if (re().subtle === void 0) throw new Error(`
1119
+ auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
1120
+ `);
1121
+ })(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) n = e.cache;
1122
+ else {
1123
+ if (t = e.cacheLocation || "memory", !Ue(t)) throw new Error(`Invalid cache location "${t}"`);
1124
+ n = Ue(t)();
1125
+ }
1126
+ this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = e.legacySameSiteCookie === !1 ? L : Ot, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((d) => `auth0.${d}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
1127
+ const i = e.useCookiesForTransactions ? this.cookieStorage : Et;
1128
+ var r;
1129
+ this.scope = ((d, m, ...s) => {
1130
+ if (typeof d != "object") return { default: oe(m, d, ...s) };
1131
+ let l = { default: oe(m, ...s) };
1132
+ return Object.keys(d).forEach(((a) => {
1133
+ const u = d[a];
1134
+ l[a] = oe(m, u, ...s);
1135
+ })), l;
1136
+ })(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new _t(i, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || Xe, this.cacheManager = new St(n, n.allKeys ? void 0 : new xt(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Nt(this.options.clientId) : void 0, this.domainUrl = (r = this.options.domain, /^https?:\/\//.test(r) ? r : `https://${r}`), this.tokenIssuer = ((d, m) => d ? d.startsWith("https://") ? d : `https://${d}/` : `${m}/`)(this.options.issuer, this.domainUrl);
1137
+ const c = `${this.domainUrl}/me/`, h = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({ authorizationParams: { scope: "create:me:connected_accounts", audience: c }, detailedResponse: !0 }) }));
1138
+ this.myAccountApi = new Kt(h, c), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new At());
1139
+ }
1140
+ _url(e) {
1141
+ const t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client || $e)));
1142
+ return `${this.domainUrl}${e}&auth0Client=${t}`;
1143
+ }
1144
+ _authorizeUrl(e) {
1145
+ return this._url(`/authorize?${fe(e)}`);
1146
+ }
1147
+ async _verifyIdToken(e, t, n) {
1148
+ const i = await this.nowProvider();
1149
+ return Tt({ iss: this.tokenIssuer, aud: this.options.clientId, id_token: e, nonce: t, organization: n, leeway: this.options.leeway, max_age: (r = this.options.authorizationParams.max_age, typeof r != "string" ? r : parseInt(r, 10) || void 0), now: i });
1150
+ var r;
1151
+ }
1152
+ _processOrgHint(e) {
1153
+ e ? this.cookieStorage.save(this.orgHintCookieName, e, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
1154
+ }
1155
+ async _prepareAuthorizeUrl(e, t, n) {
1156
+ var i;
1157
+ const r = de(W()), c = de(W()), h = W(), d = await Ae(h), m = Re(d), s = await ((i = this.dpop) === null || i === void 0 ? void 0 : i.calculateThumbprint()), l = ((u, p, g, f, w, b, k, y, S) => Object.assign(Object.assign(Object.assign({ client_id: u.clientId }, u.authorizationParams), g), { scope: Q(p, g.scope, g.audience), response_type: "code", response_mode: y || "query", state: f, nonce: w, redirect_uri: k || u.authorizationParams.redirect_uri, code_challenge: b, code_challenge_method: "S256", dpop_jkt: S }))(this.options, this.scope, e, r, c, m, e.redirect_uri || this.options.authorizationParams.redirect_uri || n, t?.response_mode, s), a = this._authorizeUrl(l);
1158
+ return { nonce: c, code_verifier: h, scope: l.scope, audience: l.audience || "default", redirect_uri: l.redirect_uri, state: r, url: a };
1159
+ }
1160
+ async loginWithPopup(e, t) {
1161
+ var n;
1162
+ if (e = e || {}, !(t = t || {}).popup && (t.popup = ((h) => {
1163
+ const d = window.screenX + (window.innerWidth - 400) / 2, m = window.screenY + (window.innerHeight - 600) / 2;
1164
+ return window.open(h, "auth0:authorize:popup", `left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`);
1165
+ })(""), !t.popup)) throw new Ie();
1166
+ const i = await this._prepareAuthorizeUrl(e.authorizationParams || {}, { response_mode: "web_message" }, window.location.origin);
1167
+ t.popup.location.href = i.url;
1168
+ const r = await ((h) => new Promise(((d, m) => {
1169
+ let s;
1170
+ const l = setInterval((() => {
1171
+ h.popup && h.popup.closed && (clearInterval(l), clearTimeout(a), window.removeEventListener("message", s, !1), m(new _e(h.popup)));
1172
+ }), 1e3), a = setTimeout((() => {
1173
+ clearInterval(l), m(new Se(h.popup)), window.removeEventListener("message", s, !1);
1174
+ }), 1e3 * (h.timeoutInSeconds || 60));
1175
+ s = function(u) {
1176
+ if (u.data && u.data.type === "authorization_response") {
1177
+ if (clearTimeout(a), clearInterval(l), window.removeEventListener("message", s, !1), h.closePopup !== !1 && h.popup.close(), u.data.response.error) return m(_.fromPayload(u.data.response));
1178
+ d(u.data.response);
1179
+ }
1180
+ }, window.addEventListener("message", s);
1181
+ })))(Object.assign(Object.assign({}, t), { timeoutInSeconds: t.timeoutInSeconds || this.options.authorizeTimeoutInSeconds || 60 }));
1182
+ if (i.state !== r.state) throw new _("state_mismatch", "Invalid state");
1183
+ const c = ((n = e.authorizationParams) === null || n === void 0 ? void 0 : n.organization) || this.options.authorizationParams.organization;
1184
+ await this._requestToken({ audience: i.audience, scope: i.scope, code_verifier: i.code_verifier, grant_type: "authorization_code", code: r.code, redirect_uri: i.redirect_uri }, { nonceIn: i.nonce, organization: c });
1185
+ }
1186
+ async getUser() {
1187
+ var e;
1188
+ const t = await this._getIdTokenFromCache();
1189
+ return (e = t?.decodedToken) === null || e === void 0 ? void 0 : e.user;
1190
+ }
1191
+ async getIdTokenClaims() {
1192
+ var e;
1193
+ const t = await this._getIdTokenFromCache();
1194
+ return (e = t?.decodedToken) === null || e === void 0 ? void 0 : e.claims;
1195
+ }
1196
+ async loginWithRedirect(e = {}) {
1197
+ var t;
1198
+ const n = Le(e), { openUrl: i, fragment: r, appState: c } = n, h = O(n, ["openUrl", "fragment", "appState"]), d = ((t = h.authorizationParams) === null || t === void 0 ? void 0 : t.organization) || this.options.authorizationParams.organization, m = await this._prepareAuthorizeUrl(h.authorizationParams || {}), { url: s } = m, l = O(m, ["url"]);
1199
+ this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, l), { appState: c, response_type: N.Code }), d && { organization: d }));
1200
+ const a = r ? `${s}#${r}` : s;
1201
+ i ? await i(a) : window.location.assign(a);
1202
+ }
1203
+ async handleRedirectCallback(e = window.location.href) {
1204
+ const t = e.split("?").slice(1);
1205
+ if (t.length === 0) throw new Error("There are no query params available for parsing.");
1206
+ const n = this.transactionManager.get();
1207
+ if (!n) throw new _("missing_transaction", "Invalid state");
1208
+ this.transactionManager.remove();
1209
+ const i = ((r) => {
1210
+ r.indexOf("#") > -1 && (r = r.substring(0, r.indexOf("#")));
1211
+ const c = new URLSearchParams(r);
1212
+ return { state: c.get("state"), code: c.get("code") || void 0, connect_code: c.get("connect_code") || void 0, error: c.get("error") || void 0, error_description: c.get("error_description") || void 0 };
1213
+ })(t.join(""));
1214
+ return n.response_type === N.ConnectCode ? this._handleConnectAccountRedirectCallback(i, n) : this._handleLoginRedirectCallback(i, n);
1215
+ }
1216
+ async _handleLoginRedirectCallback(e, t) {
1217
+ const { code: n, state: i, error: r, error_description: c } = e;
1218
+ if (r) throw new ke(r, c || r, i, t.appState);
1219
+ if (!t.code_verifier || t.state && t.state !== i) throw new _("state_mismatch", "Invalid state");
1220
+ const h = t.organization, d = t.nonce, m = t.redirect_uri;
1221
+ return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code: n }, m ? { redirect_uri: m } : {}), { nonceIn: d, organization: h }), { appState: t.appState, response_type: N.Code };
1222
+ }
1223
+ async _handleConnectAccountRedirectCallback(e, t) {
1224
+ const { connect_code: n, state: i, error: r, error_description: c } = e;
1225
+ if (r) throw new ve(r, c || r, t.connection, i, t.appState);
1226
+ if (!n) throw new _("missing_connect_code", "Missing connect code");
1227
+ if (!(t.code_verifier && t.state && t.auth_session && t.redirect_uri && t.state === i)) throw new _("state_mismatch", "Invalid state");
1228
+ const h = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code: n, redirect_uri: t.redirect_uri, code_verifier: t.code_verifier });
1229
+ return Object.assign(Object.assign({}, h), { appState: t.appState, response_type: N.ConnectCode });
1230
+ }
1231
+ async checkSession(e) {
1232
+ if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
1233
+ if (!this.cookieStorage.get("auth0.is.authenticated")) return;
1234
+ this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove("auth0.is.authenticated");
1235
+ }
1236
+ try {
1237
+ await this.getTokenSilently(e);
1238
+ } catch {
1239
+ }
1240
+ }
1241
+ async getTokenSilently(e = {}) {
1242
+ var t, n;
1243
+ const i = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Q(this.scope, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, ((n = e.authorizationParams) === null || n === void 0 ? void 0 : n.audience) || this.options.authorizationParams.audience) }) }), r = await ((c, h) => {
1244
+ let d = pe[h];
1245
+ return d || (d = c().finally((() => {
1246
+ delete pe[h], d = null;
1247
+ })), pe[h] = d), d;
1248
+ })((() => this._getTokenSilently(i)), `${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);
1249
+ return e.detailedResponse ? r : r?.access_token;
1250
+ }
1251
+ async _getTokenSilently(e) {
1252
+ const { cacheMode: t } = e, n = O(e, ["cacheMode"]);
1253
+ if (t !== "off") {
1254
+ const h = await this._getEntryFromCache({ scope: n.authorizationParams.scope, audience: n.authorizationParams.audience || "default", clientId: this.options.clientId, cacheMode: t });
1255
+ if (h) return h;
1256
+ }
1257
+ if (t === "cache-only") return;
1258
+ const i = (r = this.options.clientId, c = n.authorizationParams.audience || "default", `auth0.lock.getTokenSilently.${r}.${c}`);
1259
+ var r, c;
1260
+ if (!await ze((() => F.acquireLock(i, 5e3)), 10)) throw new Z();
1261
+ this.activeLockKeys.add(i), this.activeLockKeys.size === 1 && window.addEventListener("pagehide", this._releaseLockOnPageHide);
1262
+ try {
1263
+ if (t !== "off") {
1264
+ const u = await this._getEntryFromCache({ scope: n.authorizationParams.scope, audience: n.authorizationParams.audience || "default", clientId: this.options.clientId });
1265
+ if (u) return u;
1266
+ }
1267
+ const h = this.options.useRefreshTokens ? await this._getTokenUsingRefreshToken(n) : await this._getTokenFromIFrame(n), { id_token: d, token_type: m, access_token: s, oauthTokenScope: l, expires_in: a } = h;
1268
+ return Object.assign(Object.assign({ id_token: d, token_type: m, access_token: s }, l ? { scope: l } : null), { expires_in: a });
1269
+ } finally {
1270
+ await F.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
1271
+ }
1272
+ }
1273
+ async getTokenWithPopup(e = {}, t = {}) {
1274
+ var n, i;
1275
+ const r = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Q(this.scope, (n = e.authorizationParams) === null || n === void 0 ? void 0 : n.scope, ((i = e.authorizationParams) === null || i === void 0 ? void 0 : i.audience) || this.options.authorizationParams.audience) }) });
1276
+ return t = Object.assign(Object.assign({}, ot), t), await this.loginWithPopup(r, t), (await this.cacheManager.get(new P({ scope: r.authorizationParams.scope, audience: r.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt)).access_token;
1277
+ }
1278
+ async isAuthenticated() {
1279
+ return !!await this.getUser();
1280
+ }
1281
+ _buildLogoutUrl(e) {
1282
+ e.clientId !== null ? e.clientId = e.clientId || this.options.clientId : delete e.clientId;
1283
+ const t = e.logoutParams || {}, { federated: n } = t, i = O(t, ["federated"]), r = n ? "&federated" : "";
1284
+ return this._url(`/v2/logout?${fe(Object.assign({ clientId: e.clientId }, i))}`) + r;
1285
+ }
1286
+ async logout(e = {}) {
1287
+ var t;
1288
+ const n = Le(e), { openUrl: i } = n, r = O(n, ["openUrl"]);
1289
+ e.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(e.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await ((t = this.dpop) === null || t === void 0 ? void 0 : t.clear());
1290
+ const c = this._buildLogoutUrl(r);
1291
+ i ? await i(c) : i !== !1 && window.location.assign(c);
1292
+ }
1293
+ async _getTokenFromIFrame(e) {
1294
+ const t = `auth0.lock.getTokenFromIFrame.${this.options.clientId}`;
1295
+ if (!await ze((() => F.acquireLock(t, 5e3)), 10)) throw new Z();
1296
+ try {
1297
+ const n = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), i = this.cookieStorage.get(this.orgHintCookieName);
1298
+ i && !n.organization && (n.organization = i);
1299
+ const { url: r, state: c, nonce: h, code_verifier: d, redirect_uri: m, scope: s, audience: l } = await this._prepareAuthorizeUrl(n, { response_mode: "web_message" }, window.location.origin);
1300
+ if (window.crossOriginIsolated) throw new _("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
1301
+ const a = e.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
1302
+ let u;
1303
+ try {
1304
+ u = new URL(this.domainUrl).origin;
1305
+ } catch {
1306
+ u = this.domainUrl;
1307
+ }
1308
+ const p = await ((f, w, b = 60) => new Promise(((k, y) => {
1309
+ const S = window.document.createElement("iframe");
1310
+ S.setAttribute("width", "0"), S.setAttribute("height", "0"), S.style.display = "none";
1311
+ const E = () => {
1312
+ window.document.body.contains(S) && (window.document.body.removeChild(S), window.removeEventListener("message", T, !1));
1313
+ };
1314
+ let T;
1315
+ const C = setTimeout((() => {
1316
+ y(new Z()), E();
1317
+ }), 1e3 * b);
1318
+ T = function(I) {
1319
+ if (I.origin != w || !I.data || I.data.type !== "authorization_response") return;
1320
+ const A = I.source;
1321
+ A && A.close(), I.data.response.error ? y(_.fromPayload(I.data.response)) : k(I.data.response), clearTimeout(C), window.removeEventListener("message", T, !1), setTimeout(E, 2e3);
1322
+ }, window.addEventListener("message", T, !1), window.document.body.appendChild(S), S.setAttribute("src", f);
1323
+ })))(r, u, a);
1324
+ if (c !== p.state) throw new _("state_mismatch", "Invalid state");
1325
+ const g = await this._requestToken(Object.assign(Object.assign({}, e.authorizationParams), { code_verifier: d, code: p.code, grant_type: "authorization_code", redirect_uri: m, timeout: e.authorizationParams.timeout || this.httpTimeoutMs }), { nonceIn: h, organization: n.organization });
1326
+ return Object.assign(Object.assign({}, g), { scope: s, oauthTokenScope: g.scope, audience: l });
1327
+ } catch (n) {
1328
+ throw n.error === "login_required" && this.logout({ openUrl: !1 }), n;
1329
+ } finally {
1330
+ await F.releaseLock(t);
1331
+ }
1332
+ }
1333
+ async _getTokenUsingRefreshToken(e) {
1334
+ const t = await this.cacheManager.get(new P({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt);
1335
+ if (!(t && t.refresh_token || this.worker)) {
1336
+ if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
1337
+ throw new ce(e.authorizationParams.audience || "default", e.authorizationParams.scope);
1338
+ }
1339
+ const n = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, i = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, r = ((s, l, a, u) => {
1340
+ var p;
1341
+ if (s && a && u) {
1342
+ if (l.audience !== a) return l.scope;
1343
+ const g = u.split(" "), f = ((p = l.scope) === null || p === void 0 ? void 0 : p.split(" ")) || [], w = f.every(((b) => g.includes(b)));
1344
+ return g.length >= f.length && w ? u : l.scope;
1345
+ }
1346
+ return l.scope;
1347
+ })(this.options.useMrrt, e.authorizationParams, t?.audience, t?.scope);
1348
+ try {
1349
+ const s = await this._requestToken(Object.assign(Object.assign(Object.assign({}, e.authorizationParams), { grant_type: "refresh_token", refresh_token: t && t.refresh_token, redirect_uri: n }), i && { timeout: i }), { scopesToRequest: r });
1350
+ if (s.refresh_token && t?.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, s.refresh_token), this.options.useMrrt && (c = t?.audience, h = t?.scope, d = e.authorizationParams.audience, m = e.authorizationParams.scope, (c !== d || !He(m, h)) && !He(r, s.scope))) {
1351
+ if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
1352
+ await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
1353
+ const l = ((a, u) => {
1354
+ const p = a?.split(" ") || [], g = u?.split(" ") || [];
1355
+ return p.filter(((f) => g.indexOf(f) == -1)).join(",");
1356
+ })(r, s.scope);
1357
+ throw new Pe(e.authorizationParams.audience || "default", l);
1358
+ }
1359
+ return Object.assign(Object.assign({}, s), { scope: e.authorizationParams.scope, oauthTokenScope: s.scope, audience: e.authorizationParams.audience || "default" });
1360
+ } catch (s) {
1361
+ if ((s.message.indexOf("Missing Refresh Token") > -1 || s.message && s.message.indexOf("invalid refresh token") > -1) && this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
1362
+ throw s;
1363
+ }
1364
+ var c, h, d, m;
1365
+ }
1366
+ async _saveEntryInCache(e) {
1367
+ const { id_token: t, decodedToken: n } = e, i = O(e, ["id_token", "decodedToken"]);
1368
+ this.userCache.set("@@user@@", { id_token: t, decodedToken: n }), await this.cacheManager.setIdToken(this.options.clientId, e.id_token, e.decodedToken), await this.cacheManager.set(i);
1369
+ }
1370
+ async _getIdTokenFromCache() {
1371
+ const e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new P({ clientId: this.options.clientId, audience: e, scope: t })), i = this.userCache.get("@@user@@");
1372
+ return n && n.id_token === i?.id_token ? i : (this.userCache.set("@@user@@", n), n);
1373
+ }
1374
+ async _getEntryFromCache({ scope: e, audience: t, clientId: n, cacheMode: i }) {
1375
+ const r = await this.cacheManager.get(new P({ scope: e, audience: t, clientId: n }), 60, this.options.useMrrt, i);
1376
+ if (r && r.access_token) {
1377
+ const { token_type: c, access_token: h, oauthTokenScope: d, expires_in: m } = r, s = await this._getIdTokenFromCache();
1378
+ return s && Object.assign(Object.assign({ id_token: s.id_token, token_type: c || "Bearer", access_token: h }, d ? { scope: d } : null), { expires_in: m });
1379
+ }
1380
+ }
1381
+ async _requestToken(e, t) {
1382
+ var n, i;
1383
+ const { nonceIn: r, organization: c, scopesToRequest: h } = t || {}, d = await kt(Object.assign(Object.assign({ baseUrl: this.domainUrl, client_id: this.options.clientId, auth0Client: this.options.auth0Client, useFormData: this.options.useFormData, timeout: this.httpTimeoutMs, useMrrt: this.options.useMrrt, dpop: this.dpop }, e), { scope: h || e.scope }), this.worker), m = await this._verifyIdToken(d.id_token, r, c);
1384
+ if (e.grant_type === "authorization_code") {
1385
+ const s = await this._getIdTokenFromCache();
1386
+ !((i = (n = s?.decodedToken) === null || n === void 0 ? void 0 : n.claims) === null || i === void 0) && i.sub && s.decodedToken.claims.sub !== m.claims.sub && (await this.cacheManager.clear(this.options.clientId), this.userCache.remove("@@user@@"));
1387
+ }
1388
+ return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, d), { decodedToken: m, scope: e.scope, audience: e.audience || "default" }), d.scope ? { oauthTokenScope: d.scope } : null), { client_id: this.options.clientId })), this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this._processOrgHint(c || m.claims.org_id), Object.assign(Object.assign({}, d), { decodedToken: m });
1389
+ }
1390
+ async exchangeToken(e) {
1391
+ return this._requestToken({ grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", subject_token: e.subject_token, subject_token_type: e.subject_token_type, scope: Q(this.scope, e.scope, e.audience || this.options.authorizationParams.audience), audience: e.audience || this.options.authorizationParams.audience, organization: e.organization || this.options.authorizationParams.organization });
1392
+ }
1393
+ _assertDpop(e) {
1394
+ if (!e) throw new Error("`useDpop` option must be enabled before using DPoP.");
1395
+ }
1396
+ getDpopNonce(e) {
1397
+ return this._assertDpop(this.dpop), this.dpop.getNonce(e);
1398
+ }
1399
+ setDpopNonce(e, t) {
1400
+ return this._assertDpop(this.dpop), this.dpop.setNonce(e, t);
1401
+ }
1402
+ generateDpopProof(e) {
1403
+ return this._assertDpop(this.dpop), this.dpop.generateProof(e);
1404
+ }
1405
+ createFetcher(e = {}) {
1406
+ return new Dt(e, { isDpopEnabled: () => !!this.options.useDpop, getAccessToken: (t) => {
1407
+ var n;
1408
+ return this.getTokenSilently({ authorizationParams: { scope: (n = t?.scope) === null || n === void 0 ? void 0 : n.join(" "), audience: t?.audience }, detailedResponse: !0 });
1409
+ }, getDpopNonce: () => this.getDpopNonce(e.dpopNonceId), setDpopNonce: (t) => this.setDpopNonce(t, e.dpopNonceId), generateDpopProof: (t) => this.generateDpopProof(t) });
1410
+ }
1411
+ async connectAccountWithRedirect(e) {
1412
+ const { openUrl: t, appState: n, connection: i, scopes: r, authorization_params: c, redirectUri: h = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
1413
+ if (!i) throw new Error("connection is required");
1414
+ const d = de(W()), m = W(), s = await Ae(m), l = Re(s), { connect_uri: a, connect_params: u, auth_session: p } = await this.myAccountApi.connectAccount({ connection: i, scopes: r, redirect_uri: h, state: d, code_challenge: l, code_challenge_method: "S256", authorization_params: c });
1415
+ this.transactionManager.create({ state: d, code_verifier: m, auth_session: p, redirect_uri: h, appState: n, connection: i, response_type: N.ConnectCode });
1416
+ const g = new URL(a);
1417
+ g.searchParams.set("ticket", u.ticket), t ? await t(g.toString()) : window.location.assign(g);
1418
+ }
1419
+ }
1420
+ async function Ut(o) {
1421
+ const e = new zt(o);
1422
+ return await e.checkSession(), e;
1423
+ }
1424
+ const Lt = "sesamy-debug";
1425
+ function Ht(o) {
1426
+ if (typeof document > "u")
1427
+ return null;
1428
+ const e = o + "=", t = document.cookie.split(";");
1429
+ for (let n = 0; n < t.length; n++) {
1430
+ let i = t[n];
1431
+ for (; i.charAt(0) === " "; )
1432
+ i = i.substring(1);
1433
+ if (i.indexOf(e) === 0)
1434
+ return i.substring(e.length, i.length);
1435
+ }
1436
+ return null;
1437
+ }
1438
+ function Zt() {
1439
+ return Ht(Lt) === "true";
1440
+ }
1441
+ function v(o) {
1442
+ Zt() && console.log(o);
1443
+ }
1444
+ function me(o, e) {
1445
+ if (typeof window > "u")
1446
+ return;
1447
+ const t = new CustomEvent(o, {
1448
+ detail: e,
1449
+ bubbles: !0,
1450
+ composed: !0
1451
+ });
1452
+ v(`Triggering event: ${o}`), dispatchEvent(t);
1453
+ }
1454
+ var M = /* @__PURE__ */ ((o) => (o.AUTH_INITIALIZED = "sesamyJsAuthInitialized", o.READY = "sesamyJsReady", o.AUTHENTICATED = "sesamyJsAuthenticated", o.LOGOUT = "sesamyJsLogout", o.CLEAR_CACHE = "sesamyJsClearCache", o.USER_ATTRIBUTE_CHANGED = "sesamyUserAttributeChanged", o.PURCHASE = "sesamyJsPurchase", o))(M || {});
1455
+ const Wt = "sesamy.com", Jt = "sesamy.dev";
1456
+ function Ft(o, e) {
1457
+ return `${o}.${e === "dev" ? Jt : Wt}`;
1458
+ }
1459
+ function $t() {
1460
+ let e = (document.documentElement.getAttribute("lang") ?? navigator.language ?? "en").split("-")[0]?.toLowerCase() ?? "en";
1461
+ return e === "nn" && (e = "nb"), e;
1462
+ }
1463
+ /*!
1464
+ *
1465
+ * detectIncognito v1.6.2
1466
+ *
1467
+ * https://github.com/Joe12387/detectIncognito
1468
+ *
1469
+ * MIT License
1470
+ *
1471
+ * Copyright (c) 2021 - 2025 Joe Rutkowski <Joe@dreggle.com>
1472
+ *
1473
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
1474
+ * of this software and associated documentation files (the "Software"), to deal
1475
+ * in the Software without restriction, including without limitation the rights
1476
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
1477
+ * copies of the Software, and to permit persons to whom the Software is
1478
+ * furnished to do so, subject to the following conditions:
1479
+ *
1480
+ * The above copyright notice and this permission notice shall be included in all
1481
+ * copies or substantial portions of the Software.
1482
+ *
1483
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1484
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1485
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
1486
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
1487
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
1488
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
1489
+ * SOFTWARE.
1490
+ *
1491
+ * Please keep this comment intact in order to properly abide by the MIT License.
1492
+ *
1493
+ **/
1494
+ var ye = { d: (o, e) => {
1495
+ for (var t in e) ye.o(e, t) && !ye.o(o, t) && Object.defineProperty(o, t, { enumerable: !0, get: e[t] });
1496
+ }, o: (o, e) => Object.prototype.hasOwnProperty.call(o, e) }, Oe = {};
1497
+ ye.d(Oe, { A: () => Xt, k: () => Ee });
1498
+ var $ = function(o, e, t, n) {
1499
+ return new (t || (t = Promise))(function(i, r) {
1500
+ function c(m) {
1501
+ try {
1502
+ d(n.next(m));
1503
+ } catch (s) {
1504
+ r(s);
1505
+ }
1506
+ }
1507
+ function h(m) {
1508
+ try {
1509
+ d(n.throw(m));
1510
+ } catch (s) {
1511
+ r(s);
1512
+ }
1513
+ }
1514
+ function d(m) {
1515
+ var s;
1516
+ m.done ? i(m.value) : (s = m.value, s instanceof t ? s : new t(function(l) {
1517
+ l(s);
1518
+ })).then(c, h);
1519
+ }
1520
+ d((n = n.apply(o, [])).next());
1521
+ });
1522
+ }, X = function(o, e) {
1523
+ var t, n, i, r, c = { label: 0, sent: function() {
1524
+ if (1 & i[0]) throw i[1];
1525
+ return i[1];
1526
+ }, trys: [], ops: [] };
1527
+ return r = { next: h(0), throw: h(1), return: h(2) }, typeof Symbol == "function" && (r[Symbol.iterator] = function() {
1528
+ return this;
1529
+ }), r;
1530
+ function h(d) {
1531
+ return function(m) {
1532
+ return (function(s) {
1533
+ if (t) throw new TypeError("Generator is already executing.");
1534
+ for (; r && (r = 0, s[0] && (c = 0)), c; ) try {
1535
+ if (t = 1, n && (i = 2 & s[0] ? n.return : s[0] ? n.throw || ((i = n.return) && i.call(n), 0) : n.next) && !(i = i.call(n, s[1])).done) return i;
1536
+ switch (n = 0, i && (s = [2 & s[0], i.value]), s[0]) {
1537
+ case 0:
1538
+ case 1:
1539
+ i = s;
1540
+ break;
1541
+ case 4:
1542
+ return c.label++, { value: s[1], done: !1 };
1543
+ case 5:
1544
+ c.label++, n = s[1], s = [0];
1545
+ continue;
1546
+ case 7:
1547
+ s = c.ops.pop(), c.trys.pop();
1548
+ continue;
1549
+ default:
1550
+ if (i = c.trys, !((i = i.length > 0 && i[i.length - 1]) || s[0] !== 6 && s[0] !== 2)) {
1551
+ c = 0;
1552
+ continue;
1553
+ }
1554
+ if (s[0] === 3 && (!i || s[1] > i[0] && s[1] < i[3])) {
1555
+ c.label = s[1];
1556
+ break;
1557
+ }
1558
+ if (s[0] === 6 && c.label < i[1]) {
1559
+ c.label = i[1], i = s;
1560
+ break;
1561
+ }
1562
+ if (i && c.label < i[2]) {
1563
+ c.label = i[2], c.ops.push(s);
1564
+ break;
1565
+ }
1566
+ i[2] && c.ops.pop(), c.trys.pop();
1567
+ continue;
1568
+ }
1569
+ s = e.call(o, c);
1570
+ } catch (l) {
1571
+ s = [6, l], n = 0;
1572
+ } finally {
1573
+ t = i = 0;
1574
+ }
1575
+ if (5 & s[0]) throw s[1];
1576
+ return { value: s[0] ? s[1] : void 0, done: !0 };
1577
+ })([d, m]);
1578
+ };
1579
+ }
1580
+ };
1581
+ function Ee() {
1582
+ return $(this, void 0, Promise, function() {
1583
+ return X(this, function(o) {
1584
+ switch (o.label) {
1585
+ case 0:
1586
+ return [4, new Promise(function(e, t) {
1587
+ var n = "Unknown", i = !1;
1588
+ function r(a) {
1589
+ i || (i = !0, e({ isPrivate: a, browserName: n }));
1590
+ }
1591
+ function c() {
1592
+ var a = 0, u = parseInt("-1");
1593
+ try {
1594
+ u.toFixed(u);
1595
+ } catch (p) {
1596
+ a = p.message.length;
1597
+ }
1598
+ return a;
1599
+ }
1600
+ function h() {
1601
+ return $(this, void 0, void 0, function() {
1602
+ var a, u;
1603
+ return X(this, function(p) {
1604
+ switch (p.label) {
1605
+ case 0:
1606
+ return p.trys.push([0, 2, , 3]), [4, navigator.storage.getDirectory()];
1607
+ case 1:
1608
+ return p.sent(), r(!1), [3, 3];
1609
+ case 2:
1610
+ return a = p.sent(), u = a instanceof Error && typeof a.message == "string" ? a.message : String(a), r(u.includes("unknown transient reason")), [3, 3];
1611
+ case 3:
1612
+ return [2];
1613
+ }
1614
+ });
1615
+ });
1616
+ }
1617
+ function d() {
1618
+ var a;
1619
+ return $(this, void 0, Promise, function() {
1620
+ return X(this, function(u) {
1621
+ switch (u.label) {
1622
+ case 0:
1623
+ return typeof ((a = navigator.storage) === null || a === void 0 ? void 0 : a.getDirectory) != "function" ? [3, 2] : [4, h()];
1624
+ case 1:
1625
+ return u.sent(), [3, 3];
1626
+ case 2:
1627
+ navigator.maxTouchPoints !== void 0 ? (function() {
1628
+ var p = String(Math.random());
1629
+ try {
1630
+ var g = indexedDB.open(p, 1);
1631
+ g.onupgradeneeded = function(f) {
1632
+ var w = f.target.result, b = function(k) {
1633
+ r(k);
1634
+ };
1635
+ try {
1636
+ w.createObjectStore("t", { autoIncrement: !0 }).put(new Blob()), b(!1);
1637
+ } catch (k) {
1638
+ (k instanceof Error && typeof k.message == "string" ? k.message : String(k)).includes("are not yet supported") ? b(!0) : b(!1);
1639
+ } finally {
1640
+ w.close(), indexedDB.deleteDatabase(p);
1641
+ }
1642
+ }, g.onerror = function() {
1643
+ return r(!1);
1644
+ };
1645
+ } catch {
1646
+ r(!1);
1647
+ }
1648
+ })() : (function() {
1649
+ var p = window.openDatabase, g = window.localStorage;
1650
+ try {
1651
+ p(null, null, null, null);
1652
+ } catch {
1653
+ return void r(!0);
1654
+ }
1655
+ try {
1656
+ g.setItem("test", "1"), g.removeItem("test");
1657
+ } catch {
1658
+ return void r(!0);
1659
+ }
1660
+ r(!1);
1661
+ })(), u.label = 3;
1662
+ case 3:
1663
+ return [2];
1664
+ }
1665
+ });
1666
+ });
1667
+ }
1668
+ function m() {
1669
+ navigator.webkitTemporaryStorage.queryUsageAndQuota(function(a, u) {
1670
+ var p = Math.round(u / 1048576), g = 2 * Math.round((function() {
1671
+ var f, w, b, k = window;
1672
+ return (b = (w = (f = k?.performance) === null || f === void 0 ? void 0 : f.memory) === null || w === void 0 ? void 0 : w.jsHeapSizeLimit) !== null && b !== void 0 ? b : 1073741824;
1673
+ })() / 1048576);
1674
+ r(p < g);
1675
+ }, function(a) {
1676
+ t(new Error("detectIncognito somehow failed to query storage quota: " + a.message));
1677
+ });
1678
+ }
1679
+ function s() {
1680
+ self.Promise !== void 0 && self.Promise.allSettled !== void 0 ? m() : (0, window.webkitRequestFileSystem)(0, 1, function() {
1681
+ r(!1);
1682
+ }, function() {
1683
+ r(!0);
1684
+ });
1685
+ }
1686
+ function l() {
1687
+ var a;
1688
+ return $(this, void 0, Promise, function() {
1689
+ var u, p, g;
1690
+ return X(this, function(f) {
1691
+ switch (f.label) {
1692
+ case 0:
1693
+ if (typeof ((a = navigator.storage) === null || a === void 0 ? void 0 : a.getDirectory) != "function") return [3, 5];
1694
+ f.label = 1;
1695
+ case 1:
1696
+ return f.trys.push([1, 3, , 4]), [4, navigator.storage.getDirectory()];
1697
+ case 2:
1698
+ return f.sent(), r(!1), [3, 4];
1699
+ case 3:
1700
+ return u = f.sent(), p = u instanceof Error && typeof u.message == "string" ? u.message : String(u), r(p.includes("Security error")), [2];
1701
+ case 4:
1702
+ return [3, 6];
1703
+ case 5:
1704
+ (g = indexedDB.open("inPrivate")).onerror = function(w) {
1705
+ g.error && g.error.name === "InvalidStateError" && w.preventDefault(), r(!0);
1706
+ }, g.onsuccess = function() {
1707
+ indexedDB.deleteDatabase("inPrivate"), r(!1);
1708
+ }, f.label = 6;
1709
+ case 6:
1710
+ return [2];
1711
+ }
1712
+ });
1713
+ });
1714
+ }
1715
+ (function() {
1716
+ return $(this, void 0, Promise, function() {
1717
+ return X(this, function(a) {
1718
+ switch (a.label) {
1719
+ case 0:
1720
+ return c() !== 44 && c() !== 43 ? [3, 2] : (n = "Safari", [4, d()]);
1721
+ case 1:
1722
+ return a.sent(), [3, 6];
1723
+ case 2:
1724
+ return c() !== 51 ? [3, 3] : (u = navigator.userAgent, n = u.match(/Chrome/) ? navigator.brave !== void 0 ? "Brave" : u.match(/Edg/) ? "Edge" : u.match(/OPR/) ? "Opera" : "Chrome" : "Chromium", s(), [3, 6]);
1725
+ case 3:
1726
+ return c() !== 25 ? [3, 5] : (n = "Firefox", [4, l()]);
1727
+ case 4:
1728
+ return a.sent(), [3, 6];
1729
+ case 5:
1730
+ navigator.msSaveBlob !== void 0 ? (n = "Internet Explorer", r(window.indexedDB === void 0)) : t(new Error("detectIncognito cannot determine the browser")), a.label = 6;
1731
+ case 6:
1732
+ return [2];
1733
+ }
1734
+ var u;
1735
+ });
1736
+ });
1737
+ })().catch(t);
1738
+ })];
1739
+ case 1:
1740
+ return [2, o.sent()];
1741
+ }
1742
+ });
1743
+ });
1744
+ }
1745
+ typeof window < "u" && (window.detectIncognito = Ee);
1746
+ const Xt = Ee;
1747
+ Oe.A;
1748
+ Oe.k;
1749
+ const Vt = "sesamy_incognito_mode";
1750
+ function Ze() {
1751
+ try {
1752
+ const o = sessionStorage.getItem(Vt);
1753
+ return o === null ? void 0 : o === "true";
1754
+ } catch {
1755
+ return;
1756
+ }
1757
+ }
1758
+ function le() {
1759
+ return typeof window < "u";
1760
+ }
1761
+ function Gt() {
1762
+ return /^((?!chrome|android).)*safari/i.test(navigator.userAgent);
1763
+ }
1764
+ function Mt() {
1765
+ return /android/i.test(navigator.userAgent);
1766
+ }
1767
+ const U = "sesamyAccessToken", V = "sesamyRefreshToken", ae = "sesamySilentAuthThrottle", et = "sesamy_is_authenticated", Ce = "sesamySilentRedirectState", Yt = 300 * 1e3, We = 60, Bt = [
1768
+ "login_required",
1769
+ "consent_required",
1770
+ "interaction_required",
1771
+ "timeout",
1772
+ "Timeout",
1773
+ "access_denied"
1774
+ ], qt = 64;
1775
+ function Je(o) {
1776
+ const e = o.split(".");
1777
+ if (e.length !== 3) return null;
1778
+ const n = e[1].replace(/-/g, "+").replace(/_/g, "/"), i = decodeURIComponent(
1779
+ atob(n).split("").map((r) => "%" + ("00" + r.charCodeAt(0).toString(16)).slice(-2)).join("")
1780
+ );
1781
+ return JSON.parse(i);
1782
+ }
1783
+ function Fe() {
1784
+ if (!le()) return !1;
1785
+ try {
1786
+ const o = document.cookie.split(";").map((t) => t.trim());
1787
+ if (o.some((t) => t.startsWith(`${et}=true`)) || o.some((t) => t.startsWith("auth0.is.authenticated=true"))) return !0;
1788
+ const e = Object.keys(localStorage).filter((t) => t.startsWith("@@auth0spajs@@"));
1789
+ for (const t of e)
1790
+ try {
1791
+ const n = JSON.parse(localStorage.getItem(t) || "{}");
1792
+ if (n?.body?.access_token || n?.body?.refresh_token) return !0;
1793
+ } catch {
1794
+ }
1795
+ return !1;
1796
+ } catch (o) {
1797
+ return v(`Error checking session hint cookie: ${o.message}`), !1;
1798
+ }
1799
+ }
1800
+ function Y(o) {
1801
+ if (le())
1802
+ try {
1803
+ const e = o ? 2592e3 : 0, t = window.location.protocol === "https:" ? "; Secure" : "";
1804
+ document.cookie = `${et}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`;
1805
+ } catch (e) {
1806
+ v(`Error setting session hint cookie: ${e.message}`);
1807
+ }
1808
+ }
1809
+ function ee() {
1810
+ Y(!1);
1811
+ }
1812
+ function Qt() {
1813
+ try {
1814
+ sessionStorage.setItem(Ce, JSON.stringify({ timestamp: Date.now() }));
1815
+ } catch {
1816
+ v("Failed to set silent redirect state");
1817
+ }
1818
+ }
1819
+ function te() {
1820
+ try {
1821
+ const o = sessionStorage.getItem(Ce);
1822
+ if (o) return JSON.parse(o);
1823
+ } catch {
1824
+ }
1825
+ return null;
1826
+ }
1827
+ function G() {
1828
+ try {
1829
+ sessionStorage.removeItem(Ce);
1830
+ } catch {
1831
+ }
1832
+ }
1833
+ function en(o) {
1834
+ const e = o.message || "";
1835
+ return Bt.some(
1836
+ (t) => e.includes(t) || o.error === t
1837
+ );
1838
+ }
1839
+ function tn() {
1840
+ try {
1841
+ const o = sessionStorage.getItem(ae);
1842
+ if (!o) return !1;
1843
+ const { timestamp: e } = JSON.parse(o);
1844
+ return Date.now() - e < Yt;
1845
+ } catch {
1846
+ return sessionStorage.removeItem(ae), !1;
1847
+ }
1848
+ }
1849
+ function nn() {
1850
+ try {
1851
+ sessionStorage.setItem(ae, JSON.stringify({ timestamp: Date.now() }));
1852
+ } catch {
1853
+ v("Failed to set silent auth throttle in sessionStorage");
1854
+ }
1855
+ }
1856
+ function ne() {
1857
+ try {
1858
+ sessionStorage.removeItem(ae);
1859
+ } catch {
1860
+ }
1861
+ }
1862
+ function D(o) {
1863
+ try {
1864
+ const e = new URL(o).hostname, t = e.split(".");
1865
+ if (t.length <= 1) return e;
1866
+ const n = [
1867
+ "co.uk",
1868
+ "com.au",
1869
+ "co.nz",
1870
+ "co.za",
1871
+ "com.br",
1872
+ "co.jp",
1873
+ "gov.uk",
1874
+ "ac.uk",
1875
+ "org.uk",
1876
+ "net.uk",
1877
+ "com.sg",
1878
+ "com.my",
1879
+ "co.in",
1880
+ "co.id",
1881
+ "co.th",
1882
+ "co.kr",
1883
+ "com.mx",
1884
+ "com.ar",
1885
+ "com.co",
1886
+ "com.pe",
1887
+ "com.ph",
1888
+ "com.pk",
1889
+ "com.sa",
1890
+ "com.eg",
1891
+ "com.ng",
1892
+ "co.ke",
1893
+ "co.tz",
1894
+ "co.zw",
1895
+ "co.bw",
1896
+ "co.mz",
1897
+ "gov.au",
1898
+ "edu.au",
1899
+ "org.au",
1900
+ "net.au",
1901
+ "asn.au",
1902
+ "id.au"
1903
+ ];
1904
+ for (const i of n)
1905
+ if (e.endsWith(`.${i}`)) {
1906
+ const r = i.split(".").length + 1;
1907
+ return t.slice(-r).join(".");
1908
+ }
1909
+ return t.slice(-2).join(".");
1910
+ } catch {
1911
+ return null;
1912
+ }
1913
+ }
1914
+ function on(o) {
1915
+ if (o.domains && o.domains.length > 0) {
1916
+ const e = D(window.location.href);
1917
+ if (e) {
1918
+ for (const t of o.domains)
1919
+ if (D(`https://${t}`) === e)
1920
+ return v(`Found matching domain in domains array: ${t} for TLD: ${e}`), t;
1921
+ v(`No matching domain found in domains array for TLD: ${e}`);
1922
+ }
1923
+ }
1924
+ if (o.domain)
1925
+ return v(`Using fallback domain property: ${o.domain}`), o.domain;
1926
+ }
1927
+ function rn() {
1928
+ try {
1929
+ const o = Object.keys(localStorage).filter(
1930
+ (e) => e.startsWith("@@auth0spajs@@")
1931
+ );
1932
+ for (const e of o) {
1933
+ const t = JSON.parse(localStorage.getItem(e) || "{}");
1934
+ let n;
1935
+ if (typeof t == "object" && (t.body && typeof t.body == "object" && "refresh_token" in t.body ? n = t.body.refresh_token : "refresh_token" in t && (n = t.refresh_token)), n && typeof n == "string" && n.length === qt)
1936
+ return !0;
1937
+ }
1938
+ } catch (o) {
1939
+ v(`Error checking for existing auth0 tokens: ${o.message}`);
1940
+ }
1941
+ return !1;
1942
+ }
1943
+ function sn() {
1944
+ let o, e, t, n = !1, i = !1, r = !1;
1945
+ le() && window.addEventListener("pageshow", () => {
1946
+ i = !1, r = !1;
1947
+ });
1948
+ async function c(a) {
1949
+ if (!a) return null;
1950
+ const u = localStorage.getItem(V);
1951
+ if (!u)
1952
+ return v("No refresh token found in localstorage"), null;
1953
+ const p = new URLSearchParams();
1954
+ p.set("client_id", a.iss), p.set("refresh_token", u), p.set("grant_type", "refresh_token");
1955
+ const g = new URL(a.iss);
1956
+ g.pathname = "/oauth/token", g.searchParams.set("user_id", a.sub);
1957
+ try {
1958
+ const f = await fetch(g.href, {
1959
+ body: p.toString(),
1960
+ method: "POST",
1961
+ headers: { "content-type": "application/x-www-form-urlencoded" }
1962
+ });
1963
+ if (!f.ok) {
1964
+ const b = await f.text().catch(() => "Unknown error");
1965
+ throw v(`Token refresh failed with status ${f.status}: ${b}`), localStorage.removeItem(V), new Error(`Renew token failed: ${f.status}`);
1966
+ }
1967
+ const w = await f.json();
1968
+ if (!w.access_token)
1969
+ throw v("Token refresh response missing access_token"), new Error("Invalid token response");
1970
+ return w.refresh_token && localStorage.setItem(V, w.refresh_token), localStorage.setItem(U, w.access_token), w.access_token;
1971
+ } catch (f) {
1972
+ return v(`Token refresh error: ${f.message}`), localStorage.removeItem(V), localStorage.removeItem(U), await l.logout(), null;
1973
+ }
1974
+ }
1975
+ async function h() {
1976
+ const a = localStorage.getItem(U);
1977
+ if (!a) return null;
1978
+ const u = Je(a), p = Date.now() / 1e3;
1979
+ if (!u || !u.exp || u.exp < p + We) {
1980
+ const g = await c(u);
1981
+ return g || (localStorage.removeItem(U), null);
1982
+ }
1983
+ return a;
1984
+ }
1985
+ async function d() {
1986
+ if (r) {
1987
+ v("Silent redirect already in progress");
1988
+ return;
1989
+ }
1990
+ if (!Fe()) {
1991
+ v("No session hint cookie - skipping prompt=none redirect for anonymous user");
1992
+ return;
1993
+ }
1994
+ const a = te();
1995
+ if (a && Date.now() - a.timestamp < 3e4) {
1996
+ v("Recently attempted silent redirect, skipping to prevent loop");
1997
+ return;
1998
+ }
1999
+ v("Attempting prompt=none redirect to recover session"), r = !0, Qt();
2000
+ try {
2001
+ await o.loginWithRedirect({
2002
+ authorizationParams: { prompt: "none", redirect_uri: window.location.href, organization: e }
2003
+ });
2004
+ } catch (u) {
2005
+ v(`Prompt=none redirect failed: ${u.message}`), r = !1, G();
2006
+ }
2007
+ }
2008
+ function m() {
2009
+ return t ? D(window.location.href) !== D(`https://${t}`) : !1;
2010
+ }
2011
+ function s(a) {
2012
+ if (i)
2013
+ return v("Login already in progress"), null;
2014
+ if (i = !0, setTimeout(() => {
2015
+ i = !1;
2016
+ }, 3e3), localStorage.removeItem(U), !o) throw new Error("Auth0 client not initialized");
2017
+ const u = a?.authorizationParams || {};
2018
+ return {
2019
+ ...a,
2020
+ authorizationParams: {
2021
+ organization: e,
2022
+ redirect_uri: window.location.href,
2023
+ ui_locales: $t(),
2024
+ incognito: Ze(),
2025
+ ...u
2026
+ }
2027
+ };
2028
+ }
2029
+ const l = {
2030
+ async init(a) {
2031
+ if (a.enabled === !1) return;
2032
+ e = a.organization;
2033
+ const u = on(a);
2034
+ t = u && !rn() ? u : Ft("token", a.environment);
2035
+ const p = D(window.location.href) !== D(`https://${t}`), g = D(window.location.href), f = g ? `.${g}` : void 0, w = {
2036
+ domain: t,
2037
+ clientId: a.clientId,
2038
+ useCookiesForTransactions: !0,
2039
+ legacySameSiteCookie: !1,
2040
+ ...f && { cookieDomain: f },
2041
+ cacheLocation: "localstorage"
2042
+ };
2043
+ (p || a.useRefreshTokens) && (w.useRefreshTokens = !0), v(`Initializing auth0 client: ${JSON.stringify(w)}`), o = await Ut(w);
2044
+ const b = new URLSearchParams(window.location.search), k = b.get("code"), y = b.get("state"), S = b.get("error");
2045
+ if (S) {
2046
+ const E = b.get("error_description");
2047
+ v(`Auth error in URL: ${S}${E ? ` - ${E}` : ""}`);
2048
+ const T = new URL(location.href);
2049
+ T.searchParams.delete("error"), T.searchParams.delete("error_description"), T.searchParams.delete("state"), window.history.replaceState({}, document.title, T.toString());
2050
+ const C = te();
2051
+ if (C && G(), S === "login_required")
2052
+ v("Silent redirect returned login_required - user is not authenticated"), ee();
2053
+ else if (C)
2054
+ v(`Silent redirect returned ${S} - treating as unauthenticated`), ee();
2055
+ else {
2056
+ const I = E || `Authentication failed: ${S}`;
2057
+ v(`Non-silent auth error, alerting user: ${I}`), setTimeout(() => {
2058
+ alert(I);
2059
+ }, 0);
2060
+ }
2061
+ }
2062
+ if (k)
2063
+ if (window.opener)
2064
+ v("Code found in URL, posting to opener"), window.opener.postMessage(
2065
+ { type: "authorization_response", response: { code: k, state: y } },
2066
+ window.location.origin
2067
+ );
2068
+ else {
2069
+ v("Code found in URL, handling redirect");
2070
+ const E = window.location.href, T = new URL(location.href), C = T.searchParams;
2071
+ C.delete("code"), C.delete("state"), T.search = C.toString(), window.history.replaceState({}, document.title, T.toString()), v("Rewrote url to remove code and state");
2072
+ try {
2073
+ const I = await o.handleRedirectCallback(E);
2074
+ v(`Login result: ${JSON.stringify(I)}`);
2075
+ const A = await o.getUser();
2076
+ if (!A) throw new Error("No user found");
2077
+ v(`User found ${JSON.stringify(A)}`), ne(), te() && (v("Successfully recovered session via prompt=none redirect"), G()), Y(!0), v(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`), me(M.AUTHENTICATED, { ...A, appState: I.appState });
2078
+ } catch (I) {
2079
+ v(`Error handling redirect: ${I.message}`), te() ? (G(), ee(), v("Silent redirect failed, cleared session hints")) : alert("There was an error logging in"), console.error(I);
2080
+ }
2081
+ }
2082
+ n = !0, me(M.AUTH_INITIALIZED, {});
2083
+ },
2084
+ async isAuthenticated() {
2085
+ if (!n) return !1;
2086
+ if (await h()) return !0;
2087
+ if (!o) return !1;
2088
+ const u = await o.isAuthenticated();
2089
+ return u && Y(!0), u;
2090
+ },
2091
+ async getTokenSilently(a = !0, u = !1) {
2092
+ if (!n) return null;
2093
+ const p = await h();
2094
+ if (p) return p;
2095
+ if (!u && tn()) {
2096
+ if (v("Silent auth is throttled due to recent failures, skipping request"), a) throw new Error("Silent auth throttled");
2097
+ return null;
2098
+ }
2099
+ try {
2100
+ if (!o)
2101
+ return v("Auth client not initialized"), null;
2102
+ let g = await o.getTokenSilently();
2103
+ const f = Je(g), w = Date.now() / 1e3;
2104
+ return u && f?.exp && f.exp - w < 3600 + We && (g = await o.getTokenSilently({ cacheMode: "off" })), ne(), Y(!0), g;
2105
+ } catch (g) {
2106
+ const f = g;
2107
+ if (v(`Failed to get token silently: ${f.message}`), en(f)) {
2108
+ if (v("Iframe-based auth blocked by browser privacy restrictions"), Fe())
2109
+ return v("Session hint present - attempting prompt=none redirect recovery"), await d(), null;
2110
+ v("No session hint - user is likely anonymous, not attempting redirect");
2111
+ }
2112
+ if (nn(), await o.isAuthenticated() && (f.message === "Invalid refresh token" || f.message.includes("Missing Refresh Token")) && await l.logout(), a) throw g;
2113
+ return null;
2114
+ }
2115
+ },
2116
+ async getUser() {
2117
+ return n ? await h() ? { sub: "local", name: "Local User" } : o ? await o.getUser() : null : null;
2118
+ },
2119
+ async login(a) {
2120
+ return m() && (Gt() || Mt() || Ze()) ? (v("Using popup login for cross-domain auth on Safari/Android/Incognito"), l.loginWithPopup(a)) : (v("Using redirect login"), l.loginWithRedirect(a));
2121
+ },
2122
+ async loginWithRedirect(a) {
2123
+ const u = s(a);
2124
+ if (u)
2125
+ return o.loginWithRedirect(u);
2126
+ },
2127
+ async loginWithPopup(a) {
2128
+ const u = s(a);
2129
+ if (!u) return;
2130
+ await o.loginWithPopup(u, { timeoutInSeconds: 1800 }), ne(), Y(!0);
2131
+ const p = await o.getUser();
2132
+ if (!p) throw new Error("No user found after popup login");
2133
+ const g = new CustomEvent(M.AUTHENTICATED, {
2134
+ detail: {
2135
+ ...p,
2136
+ appState: a?.appState
2137
+ },
2138
+ composed: !0,
2139
+ bubbles: !0
2140
+ });
2141
+ window.dispatchEvent(g) && window.location.reload();
2142
+ },
2143
+ async logout(a = {}) {
2144
+ if (n && (localStorage.removeItem(U), localStorage.removeItem(V), ee(), G(), ne(), me(M.LOGOUT, {}), !!o))
2145
+ return v(`Logout with options: ${JSON.stringify(a)}`), o.logout({
2146
+ ...a,
2147
+ logoutParams: {
2148
+ returnTo: window.location.href,
2149
+ ...a.logoutParams || {}
2150
+ }
2151
+ });
2152
+ }
2153
+ };
2154
+ return l;
2155
+ }
2156
+ le() && (sn(), void 0);
2157
+ export {
2158
+ U as ACCESS_TOKEN_KEY,
2159
+ V as REFRESH_TOKEN_KEY,
2160
+ et as SESSION_HINT_COOKIE,
2161
+ ae as SILENT_AUTH_THROTTLE_KEY,
2162
+ Ce as SILENT_REDIRECT_STATE_KEY,
2163
+ sn as createAuth0Plugin
2164
+ };