@sesamy/sesamy-js 1.94.0 → 1.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/auth0-plugin.iife.js +34 -0
  2. package/dist/auth0-plugin.mjs +61 -62
  3. package/dist/sesamy-js.cjs +6 -6
  4. package/dist/sesamy-js.d.ts +12 -10
  5. package/dist/sesamy-js.iife.js +6 -6
  6. package/dist/sesamy-js.mjs +297 -297
  7. package/package.json +3 -3
package/dist/auth0-plugin.iife.js ADDED
@@ -0,0 +1,34 @@
1
+ var auth0Plugin=(function(E){"use strict";function P(o,e){var t={};for(var n in o)Object.prototype.hasOwnProperty.call(o,n)&&e.indexOf(n)<0&&(t[n]=o[n]);if(o!=null&&typeof Object.getOwnPropertySymbols=="function"){var i=0;for(n=Object.getOwnPropertySymbols(o);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(o,n[i])&&(t[n[i]]=o[n[i]])}return t}typeof SuppressedError=="function"&&SuppressedError;var R=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function he(o){return o&&o.__esModule&&Object.prototype.hasOwnProperty.call(o,"default")?o.default:o}function pe(o,e){return o(e={exports:{}},e.exports),e.exports}var N=pe((function(o,e){Object.defineProperty(e,"__esModule",{value:!0});var t=(function(){function n(){var i=this;this.locked=new Map,this.addToLocked=function(r,c){var h=i.locked.get(r);h===void 0?c===void 0?i.locked.set(r,[]):i.locked.set(r,[c]):c!==void 0&&(h.unshift(c),i.locked.set(r,h))},this.isLocked=function(r){return i.locked.has(r)},this.lock=function(r){return new Promise((function(c,h){i.isLocked(r)?i.addToLocked(r,c):(i.addToLocked(r),c())}))},this.unlock=function(r){var c=i.locked.get(r);if(c!==void 0&&c.length!==0){var h=c.pop();i.locked.set(r,c),h!==void 0&&setTimeout(h,0)}else i.locked.delete(r)}}return n.getInstance=function(){return n.instance===void 0&&(n.instance=new n),n.instance},n})();e.default=function(){return t.getInstance()}}));he(N);var nt=he(pe((function(o,e){var t=R&&R.__awaiter||function(s,l,a,u){return new(a||(a=Promise))((function(p,g){function f(v){try{b(u.next(v))}catch(y){g(y)}}function w(v){try{b(u.throw(v))}catch(y){g(y)}}function b(v){v.done?p(v.value):new a((function(y){y(v.value)})).then(f,w)}b((u=u.apply(s,l||[])).next())}))},n=R&&R.__generator||function(s,l){var a,u,p,g,f={label:0,sent:function(){if(1&p[0])throw p[1];return p[1]},trys:[],ops:[]};return g={next:w(0),throw:w(1),return:w(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function w(b){return function(v){return(function(y){if(a)throw new TypeError("Generator is already executing.");for(;f;)try{if(a=1,u&&(p=2&y[0]?u.return:y[0]?u.throw||((p=u.return)&&p.call(u),0):u.next)&&!(p=p.call(u,y[1])).done)return p;switch(u=0,p&&(y=[2&y[0],p.value]),y[0]){case 0:case 1:p=y;break;case 4:return f.label++,{value:y[1],done:!1};case 5:f.label++,u=y[1],y=[0];continue;case 7:y=f.ops.pop(),f.trys.pop();continue;default:if(p=f.trys,!((p=p.length>0&&p[p.length-1])||y[0]!==6&&y[0]!==2)){f=0;continue}if(y[0]===3&&(!p||y[1]>p[0]&&y[1]<p[3])){f.label=y[1];break}if(y[0]===6&&f.label<p[1]){f.label=p[1],p=y;break}if(p&&f.label<p[2]){f.label=p[2],f.ops.push(y);break}p[2]&&f.ops.pop(),f.trys.pop();continue}y=l.call(s,f)}catch(_){y=[6,_],u=0}finally{a=p=0}if(5&y[0])throw y[1];return{value:y[0]?y[1]:void 0,done:!0}})([b,v])}}},i=R;Object.defineProperty(e,"__esModule",{value:!0});var r="browser-tabs-lock-key",c={key:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},getItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},clear:function(){return t(i,void 0,void 0,(function(){return n(this,(function(s){return[2,window.localStorage.clear()]}))}))},removeItem:function(s){return t(i,void 0,void 0,(function(){return n(this,(function(l){throw new Error("Unsupported")}))}))},setItem:function(s,l){return t(i,void 0,void 0,(function(){return n(this,(function(a){throw new Error("Unsupported")}))}))},keySync:function(s){return window.localStorage.key(s)},getItemSync:function(s){return window.localStorage.getItem(s)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(s){return window.localStorage.removeItem(s)},setItemSync:function(s,l){return window.localStorage.setItem(s,l)}};function h(s){return new Promise((function(l){return setTimeout(l,s)}))}function d(s){for(var l="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",a="",u=0;u<s;u++)a+=l[Math.floor(Math.random()*l.length)];return a}var m=(function(){function s(l){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+d(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=l,s.waiters===void 0&&(s.waiters=[])}return s.prototype.acquireLock=function(l,a){return a===void 0&&(a=5e3),t(this,void 0,void 0,(function(){var u,p,g,f,w,b,v;return n(this,(function(y){switch(y.label){case 0:u=Date.now()+d(4),p=Date.now()+a,g=r+"-"+l,f=this.storageHandler===void 0?c:this.storageHandler,y.label=1;case 1:return Date.now()<p?[4,h(30)]:[3,8];case 2:return y.sent(),f.getItemSync(g)!==null?[3,5]:(w=this.id+"-"+l+"-"+u,[4,h(Math.floor(25*Math.random()))]);case 3:return y.sent(),f.setItemSync(g,JSON.stringify({id:this.id,iat:u,timeoutKey:w,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,h(30)];case 4:return y.sent(),(b=f.getItemSync(g))!==null&&(v=JSON.parse(b)).id===this.id&&v.iat===u?(this.acquiredIatSet.add(u),this.refreshLockWhileAcquired(g,u),[2,!0]):[3,7];case 5:return s.lockCorrector(this.storageHandler===void 0?c:this.storageHandler),[4,this.waitForSomethingToChange(p)];case 6:y.sent(),y.label=7;case 7:return u=Date.now()+d(4),[3,1];case 8:return[2,!1]}}))}))},s.prototype.refreshLockWhileAcquired=function(l,a){return t(this,void 0,void 0,(function(){var u=this;return n(this,(function(p){return setTimeout((function(){return t(u,void 0,void 0,(function(){var g,f,w;return n(this,(function(b){switch(b.label){case 0:return[4,N.default().lock(a)];case 1:return b.sent(),this.acquiredIatSet.has(a)?(g=this.storageHandler===void 0?c:this.storageHandler,(f=g.getItemSync(l))===null?(N.default().unlock(a),[2]):((w=JSON.parse(f)).timeRefreshed=Date.now(),g.setItemSync(l,JSON.stringify(w)),N.default().unlock(a),this.refreshLockWhileAcquired(l,a),[2])):(N.default().unlock(a),[2])}}))}))}),1e3),[2]}))}))},s.prototype.waitForSomethingToChange=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,new Promise((function(u){var p=!1,g=Date.now(),f=!1;function w(){if(f||(window.removeEventListener("storage",w),s.removeFromWaiting(w),clearTimeout(b),f=!0),!p){p=!0;var v=50-(Date.now()-g);v>0?setTimeout(u,v):u(null)}}window.addEventListener("storage",w),s.addToWaiting(w);var b=setTimeout(w,Math.max(0,l-Date.now()))}))];case 1:return a.sent(),[2]}}))}))},s.addToWaiting=function(l){this.removeFromWaiting(l),s.waiters!==void 0&&s.waiters.push(l)},s.removeFromWaiting=function(l){s.waiters!==void 0&&(s.waiters=s.waiters.filter((function(a){return a!==l})))},s.notifyWaiters=function(){s.waiters!==void 0&&s.waiters.slice().forEach((function(l){return l()}))},s.prototype.releaseLock=function(l){return t(this,void 0,void 0,(function(){return n(this,(function(a){switch(a.label){case 0:return[4,this.releaseLock__private__(l)];case 1:return[2,a.sent()]}}))}))},s.prototype.releaseLock__private__=function(l){return t(this,void 0,void 0,(function(){var a,u,p,g;return n(this,(function(f){switch(f.label){case 0:return a=this.storageHandler===void 0?c:this.storageHandler,u=r+"-"+l,(p=a.getItemSync(u))===null?[2]:(g=JSON.parse(p)).id!==this.id?[3,2]:[4,N.default().lock(g.iat)];case 1:f.sent(),this.acquiredIatSet.delete(g.iat),a.removeItemSync(u),N.default().unlock(g.iat),s.notifyWaiters(),f.label=2;case 2:return[2]}}))}))},s.lockCorrector=function(l){for(var a=Date.now()-5e3,u=l,p=[],g=0;;){var f=u.keySync(g);if(f===null)break;p.push(f),g++}for(var w=!1,b=0;b<p.length;b++){var v=p[b];if(v.includes(r)){var y=u.getItemSync(v);if(y!==null){var _=JSON.parse(y);(_.timeRefreshed===void 0&&_.timeAcquired<a||_.timeRefreshed!==void 0&&_.timeRefreshed<a)&&(u.removeItemSync(v),w=!0)}}}w&&s.notifyWaiters()},s.waiters=void 0,s})();e.default=m})));const ot={timeoutInSeconds:60},Ne={name:"auth0-spa-js",version:"2.11.3"},je=()=>Date.now();class S extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,S.prototype)}static fromPayload({error:e,error_description:t}){return new S(e,t)}}class me extends S{constructor(e,t,n,i=null){super(e,t),this.state=n,this.appState=i,Object.setPrototypeOf(this,me.prototype)}}class fe extends S{constructor(e,t,n,i,r=null){super(e,t),this.connection=n,this.state=i,this.appState=r,Object.setPrototypeOf(this,fe.prototype)}}class H extends S{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,H.prototype)}}class ge extends H{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,ge.prototype)}}class ye extends S{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,ye.prototype)}}class we extends S{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,we.prototype)}}class be extends S{constructor(e,t,n){super(e,t),this.mfa_token=n,Object.setPrototypeOf(this,be.prototype)}}class te extends S{constructor(e,t){super("missing_refresh_token",`Missing Refresh Token (audience: '${oe(e,["default"])}', scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,te.prototype)}}class ve extends S{constructor(e,t){super("missing_scopes",`Missing requested scopes after refresh (audience: '${oe(e,["default"])}', missing scope: '${oe(t)}')`),this.audience=e,this.scope=t,Object.setPrototypeOf(this,ve.prototype)}}class ne extends S{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,ne.prototype)}}function oe(o,e=[]){return o&&!e.includes(o)?o:""}const ie=()=>window.crypto,F=()=>{const o="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";let e="";return Array.from(ie().getRandomValues(new Uint8Array(43))).forEach((t=>e+=o[t%o.length])),e},ke=o=>btoa(o),it=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],rt=o=>Object.keys(o).reduce(((e,t)=>{const n=it.find((i=>i.key===t));return n&&n.type.includes(typeof o[t])&&(e[t]=o[t]),e}),{}),Se=o=>{var{clientId:e}=o,t=P(o,["clientId"]);return new URLSearchParams((n=>Object.keys(n).filter((i=>n[i]!==void 0)).reduce(((i,r)=>Object.assign(Object.assign({},i),{[r]:n[r]})),{}))(Object.assign({client_id:e},t))).toString()},Ke=async o=>await ie().subtle.digest({name:"SHA-256"},new TextEncoder().encode(o)),De=o=>(e=>decodeURIComponent(atob(e).split("").map((t=>"%"+("00"+t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g,"/").replace(/-/g,"+")),xe=o=>{const e=new Uint8Array(o);return(t=>{const n={"+":"-","/":"_","=":""};return t.replace(/[+/=]/g,(i=>n[i]))})(window.btoa(String.fromCharCode(...Array.from(e))))},st=new TextEncoder,at=new TextDecoder;function $(o){return typeof o=="string"?st.encode(o):at.decode(o)}function ze(o){if(typeof o.modulusLength!="number"||o.modulusLength<2048)throw new ut(`${o.name} modulusLength must be at least 2048 bits`)}async function ct(o,e,t){if(t.usages.includes("sign")===!1)throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const n=`${X($(JSON.stringify(o)))}.${X($(JSON.stringify(e)))}`;return`${n}.${X(await crypto.subtle.sign((function(i){switch(i.algorithm.name){case"ECDSA":return{name:i.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return ze(i.algorithm),{name:i.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return ze(i.algorithm),{name:i.algorithm.name};case"Ed25519":return{name:i.algorithm.name}}throw new j})(t),t,$(n)))}`}let _e;Uint8Array.prototype.toBase64?_e=o=>(o instanceof ArrayBuffer&&(o=new Uint8Array(o)),o.toBase64({alphabet:"base64url",omitPadding:!0})):_e=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function X(o){return _e(o)}class j extends Error{constructor(e){var t;super(e??"operation not supported"),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}class ut extends Error{constructor(e){var t;super(e),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}function lt(o){switch(o.algorithm.name){case"RSA-PSS":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"PS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"RSASSA-PKCS1-v1_5":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"RS256";throw new j("unsupported RsaHashedKeyAlgorithm hash name")})(o);case"ECDSA":return(function(e){if(e.algorithm.namedCurve==="P-256")return"ES256";throw new j("unsupported EcKeyAlgorithm namedCurve")})(o);case"Ed25519":return"Ed25519";default:throw new j("unsupported CryptoKey algorithm name")}}function Ue(o){return o instanceof CryptoKey}function Le(o){return Ue(o)&&o.type==="public"}async function dt(o,e,t,n,i,r){const c=o?.privateKey,h=o?.publicKey;if(!Ue(d=c)||d.type!=="private")throw new TypeError('"keypair.privateKey" must be a private CryptoKey');var d;if(!Le(h))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(h.extractable!==!0)throw new TypeError('"keypair.publicKey.extractable" must be true');if(typeof e!="string")throw new TypeError('"htu" must be a string');if(typeof t!="string")throw new TypeError('"htm" must be a string');if(n!==void 0&&typeof n!="string")throw new TypeError('"nonce" must be a string or undefined');if(i!==void 0&&typeof i!="string")throw new TypeError('"accessToken" must be a string or undefined');return ct({alg:lt(c),typ:"dpop+jwt",jwk:await He(h)},Object.assign(Object.assign({},r),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:t,nonce:n,htu:e,ath:i?X(await crypto.subtle.digest("SHA-256",$(i))):void 0}),c)}async function He(o){const{kty:e,e:t,n,x:i,y:r,crv:c}=await crypto.subtle.exportKey("jwk",o);return{kty:e,crv:c,e:t,n,x:i,y:r}}const ht=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange"];function pt(){return(async function(o,e){var t;let n;if(o.length===0)throw new TypeError('"alg" must be a non-empty string');switch(o){case"PS256":n={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":n={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":n={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":n={name:"Ed25519"};break;default:throw new j}return crypto.subtle.generateKey(n,(t=e?.extractable)!==null&&t!==void 0&&t,["sign","verify"])})("ES256",{extractable:!1})}function mt(o){return(async function(e){if(!Le(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(e.extractable!==!0)throw new TypeError('"publicKey.extractable" must be true');const t=await He(e);let n;switch(t.kty){case"EC":n={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":n={crv:t.crv,kty:t.kty,x:t.x};break;case"RSA":n={e:t.e,kty:t.kty,n:t.n};break;default:throw new j("unsupported JWK kty")}return X(await crypto.subtle.digest({name:"SHA-256"},$(JSON.stringify(n))))})(o.publicKey)}function ft({keyPair:o,url:e,method:t,nonce:n,accessToken:i}){const r=(function(c){const h=new URL(c);return h.search="",h.hash="",h.href})(e);return dt(o,r,t,n,i)}const gt=async(o,e)=>{const t=await fetch(o,e);return{ok:t.ok,json:await t.json(),headers:(n=t.headers,[...n].reduce(((i,[r,c])=>(i[r]=c,i)),{}))};var n},yt=async(o,e,t)=>{const n=new AbortController;let i;return e.signal=n.signal,Promise.race([gt(o,e),new Promise(((r,c)=>{i=setTimeout((()=>{n.abort(),c(new Error("Timeout when executing 'fetch'"))}),t)}))]).finally((()=>{clearTimeout(i)}))},wt=async(o,e,t,n,i,r,c,h)=>{return d={auth:{audience:e,scope:t},timeout:i,fetchUrl:o,fetchOptions:n,useFormData:c,useMrrt:h},m=r,new Promise((function(s,l){const a=new MessageChannel;a.port1.onmessage=function(u){u.data.error?l(new Error(u.data.error)):s(u.data),a.port1.close()},m.postMessage(d,[a.port2])}));var d,m},bt=async(o,e,t,n,i,r,c=1e4,h)=>i?wt(o,e,t,n,c,i,r,h):yt(o,n,c);async function Ze(o,e,t,n,i,r,c,h,d,m){if(d){const v=await d.generateProof({url:o,method:i.method||"GET",nonce:await d.getNonce()});i.headers=Object.assign(Object.assign({},i.headers),{dpop:v})}let s,l=null;for(let v=0;v<3;v++)try{s=await bt(o,t,n,i,r,c,e,h),l=null;break}catch(y){l=y}if(l)throw l;const a=s.json,{error:u,error_description:p}=a,g=P(a,["error","error_description"]),{headers:f,ok:w}=s;let b;if(d&&(b=f["dpop-nonce"],b&&await d.setNonce(b)),!w){const v=p||`HTTP error. Unable to fetch ${o}`;if(u==="mfa_required")throw new be(u,v,g.mfa_token);if(u==="missing_refresh_token")throw new te(t,n);if(u==="use_dpop_nonce"){if(!d||!b||m)throw new ne(b);return Ze(o,e,t,n,i,r,c,h,d,!0)}throw new S(u||"request_error",v)}return g}async function vt(o,e){var{baseUrl:t,timeout:n,audience:i,scope:r,auth0Client:c,useFormData:h,useMrrt:d,dpop:m}=o,s=P(o,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);const l=s.grant_type==="urn:ietf:params:oauth:grant-type:token-exchange",a=s.grant_type==="refresh_token"&&d,u=Object.assign(Object.assign(Object.assign(Object.assign({},s),l&&i&&{audience:i}),l&&r&&{scope:r}),a&&{audience:i,scope:r}),p=h?Se(u):JSON.stringify(u),g=(f=s.grant_type,ht.includes(f));var f;return await Ze(`${t}/oauth/token`,n,i||"default",r,{method:"POST",body:p,headers:{"Content-Type":h?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(rt(c||Ne)))}},e,h,d,g?m:void 0)}const re=(...o)=>{return(e=o.filter(Boolean).join(" ").trim().split(/\s+/),Array.from(new Set(e))).join(" ");var e},se=(o,e,t)=>{let n;return t&&(n=o[t]),n||(n=o.default),re(n,e)};class O{constructor(e,t="@@auth0spajs@@",n){this.prefix=t,this.suffix=n,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){const[t,n,i,r]=e.split("::");return new O({clientId:n,scope:r,audience:i},t)}static fromCacheEntry(e){const{scope:t,audience:n,client_id:i}=e;return new O({scope:t,audience:n,clientId:i})}}class kt{set(e,t){localStorage.setItem(e,JSON.stringify(t))}get(e){const t=window.localStorage.getItem(e);if(t)try{return JSON.parse(t)}catch{return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter((e=>e.startsWith("@@auth0spajs@@")))}}class We{constructor(){this.enclosedCache=(function(){let e={};return{set(t,n){e[t]=n},get(t){const n=e[t];if(n)return n},remove(t){delete e[t]},allKeys:()=>Object.keys(e)}})()}}class St{constructor(e,t,n){this.cache=e,this.keyManifest=t,this.nowProvider=n||je}async setIdToken(e,t,n){var i;const r=this.getIdTokenCacheKey(e);await this.cache.set(r,{id_token:t,decodedToken:n}),await((i=this.keyManifest)===null||i===void 0?void 0:i.add(r))}async getIdToken(e){const t=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!t&&e.scope&&e.audience){const n=await this.get(e);return!n||!n.id_token||!n.decodedToken?void 0:{id_token:n.id_token,decodedToken:n.decodedToken}}if(t)return{id_token:t.id_token,decodedToken:t.decodedToken}}async get(e,t=0,n=!1,i){var r;let c=await this.cache.get(e.toKey());if(!c){const m=await this.getCacheKeys();if(!m)return;const s=this.matchExistingCacheKey(e,m);if(s&&(c=await this.cache.get(s)),!c&&n&&i!=="cache-only")return this.getEntryWithRefreshToken(e,m)}if(!c)return;const h=await this.nowProvider(),d=Math.floor(h/1e3);return c.expiresAt-t<d?c.body.refresh_token?this.modifiedCachedEntry(c,e):(await this.cache.remove(e.toKey()),void await((r=this.keyManifest)===null||r===void 0?void 0:r.remove(e.toKey()))):c.body}async modifiedCachedEntry(e,t){return e.body={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},await this.cache.set(t.toKey(),e),{refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope}}async set(e){var t;const n=new O({clientId:e.client_id,scope:e.scope,audience:e.audience}),i=await this.wrapCacheEntry(e);await this.cache.set(n.toKey(),i),await((t=this.keyManifest)===null||t===void 0?void 0:t.add(n.toKey()))}async remove(e,t,n){const i=new O({clientId:e,scope:n,audience:t});await this.cache.remove(i.toKey())}async clear(e){var t;const n=await this.getCacheKeys();n&&(await n.filter((i=>!e||i.includes(e))).reduce((async(i,r)=>{await i,await this.cache.remove(r)}),Promise.resolve()),await((t=this.keyManifest)===null||t===void 0?void 0:t.clear()))}async wrapCacheEntry(e){const t=await this.nowProvider();return{body:e,expiresAt:Math.floor(t/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?(e=await this.keyManifest.get())===null||e===void 0?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new O({clientId:e},"@@auth0spajs@@","@@user@@").toKey()}matchExistingCacheKey(e,t){return t.filter((n=>{var i;const r=O.fromKey(n),c=new Set(r.scope&&r.scope.split(" ")),h=((i=e.scope)===null||i===void 0?void 0:i.split(" "))||[],d=r.scope&&h.reduce(((m,s)=>m&&c.has(s)),!0);return r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId&&r.audience===e.audience&&d}))[0]}async getEntryWithRefreshToken(e,t){var n;for(const i of t){const r=O.fromKey(i);if(r.prefix==="@@auth0spajs@@"&&r.clientId===e.clientId){const c=await this.cache.get(i);if(!((n=c?.body)===null||n===void 0)&&n.refresh_token)return this.modifiedCachedEntry(c,e)}}}async updateEntry(e,t){var n;const i=await this.getCacheKeys();if(i)for(const r of i){const c=await this.cache.get(r);if(((n=c?.body)===null||n===void 0?void 0:n.refresh_token)===e){const h=Object.assign(Object.assign({},c.body),{refresh_token:t});await this.set(h)}}}}class _t{constructor(e,t,n){this.storage=e,this.clientId=t,this.cookieDomain=n,this.storageKey=`a0.spajs.txs.${this.clientId}`}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}const V=o=>typeof o=="number",It=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"],Tt=o=>{if(!o.id_token)throw new Error("ID token is required but missing");const e=(r=>{const c=r.split("."),[h,d,m]=c;if(c.length!==3||!h||!d||!m)throw new Error("ID token could not be decoded");const s=JSON.parse(De(d)),l={__raw:r},a={};return Object.keys(s).forEach((u=>{l[u]=s[u],It.includes(u)||(a[u]=s[u])})),{encoded:{header:h,payload:d,signature:m},header:JSON.parse(De(h)),claims:l,user:a}})(o.id_token);if(!e.claims.iss)throw new Error("Issuer (iss) claim must be a string present in the ID token");if(e.claims.iss!==o.iss)throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${o.iss}", found "${e.claims.iss}"`);if(!e.user.sub)throw new Error("Subject (sub) claim must be a string present in the ID token");if(e.header.alg!=="RS256")throw new Error(`Signature algorithm of "${e.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);if(!e.claims.aud||typeof e.claims.aud!="string"&&!Array.isArray(e.claims.aud))throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(o.aud))throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but was not one of "${e.claims.aud.join(", ")}"`);if(e.claims.aud.length>1){if(!e.claims.azp)throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(e.claims.azp!==o.aud)throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${o.aud}", found "${e.claims.azp}"`)}}else if(e.claims.aud!==o.aud)throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but found "${e.claims.aud}"`);if(o.nonce){if(!e.claims.nonce)throw new Error("Nonce (nonce) claim must be a string present in the ID token");if(e.claims.nonce!==o.nonce)throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${o.nonce}", found "${e.claims.nonce}"`)}if(o.max_age&&!V(e.claims.auth_time))throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(e.claims.exp==null||!V(e.claims.exp))throw new Error("Expiration Time (exp) claim must be a number present in the ID token");if(!V(e.claims.iat))throw new Error("Issued At (iat) claim must be a number present in the ID token");const t=o.leeway||60,n=new Date(o.now||Date.now()),i=new Date(0);if(i.setUTCSeconds(e.claims.exp+t),n>i)throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${n}) is after expiration time (${i})`);if(e.claims.nbf!=null&&V(e.claims.nbf)){const r=new Date(0);if(r.setUTCSeconds(e.claims.nbf-t),n<r)throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${n}) is before ${r}`)}if(e.claims.auth_time!=null&&V(e.claims.auth_time)){const r=new Date(0);if(r.setUTCSeconds(parseInt(e.claims.auth_time)+o.max_age+t),n>r)throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${n}) is after last auth at ${r}`)}if(o.organization){const r=o.organization.trim();if(r.startsWith("org_")){const c=r;if(!e.claims.org_id)throw new Error("Organization ID (org_id) claim must be a string present in the ID token");if(c!==e.claims.org_id)throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_id}"`)}else{const c=r.toLowerCase();if(!e.claims.org_name)throw new Error("Organization Name (org_name) claim must be a string present in the ID token");if(c!==e.claims.org_name)throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_name}"`)}}return e};var K=pe((function(o,e){var t=R&&R.__assign||function(){return t=Object.assign||function(d){for(var m,s=1,l=arguments.length;s<l;s++)for(var a in m=arguments[s])Object.prototype.hasOwnProperty.call(m,a)&&(d[a]=m[a]);return d},t.apply(this,arguments)};function n(d,m){if(!m)return"";var s="; "+d;return m===!0?s:s+"="+m}function i(d,m,s){return encodeURIComponent(d).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(m).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+(function(l){if(typeof l.expires=="number"){var a=new Date;a.setMilliseconds(a.getMilliseconds()+864e5*l.expires),l.expires=a}return n("Expires",l.expires?l.expires.toUTCString():"")+n("Domain",l.domain)+n("Path",l.path)+n("Secure",l.secure)+n("SameSite",l.sameSite)})(s)}function r(d){for(var m={},s=d?d.split("; "):[],l=/(%[\dA-F]{2})+/gi,a=0;a<s.length;a++){var u=s[a].split("="),p=u.slice(1).join("=");p.charAt(0)==='"'&&(p=p.slice(1,-1));try{m[u[0].replace(l,decodeURIComponent)]=p.replace(l,decodeURIComponent)}catch{}}return m}function c(){return r(document.cookie)}function h(d,m,s){document.cookie=i(d,m,t({path:"/"},s))}e.__esModule=!0,e.encode=i,e.parse=r,e.getAll=c,e.get=function(d){return c()[d]},e.set=h,e.remove=function(d,m){h(d,"",t(t({},m),{expires:-1}))}}));he(K),K.encode,K.parse,K.getAll;var Ot=K.get,Je=K.set,Fe=K.remove;const Z={get(o){const e=Ot(o);if(e!==void 0)return JSON.parse(e)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0,sameSite:"none"}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(o,JSON.stringify(e),n)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t)}},Pt={get(o){return Z.get(o)||Z.get(`_legacy_${o}`)},save(o,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0}),t?.daysUntilExpire&&(n.expires=t.daysUntilExpire),t?.cookieDomain&&(n.domain=t.cookieDomain),Je(`_legacy_${o}`,JSON.stringify(e),n),Z.save(o,e,t)},remove(o,e){let t={};e?.cookieDomain&&(t.domain=e.cookieDomain),Fe(o,t),Z.remove(o,e),Z.remove(`_legacy_${o}`,e)}},Et={get(o){if(typeof sessionStorage>"u")return;const e=sessionStorage.getItem(o);return e!=null?JSON.parse(e):void 0},save(o,e){sessionStorage.setItem(o,JSON.stringify(e))},remove(o){sessionStorage.removeItem(o)}};var D;(function(o){o.Code="code",o.ConnectCode="connect_code"})(D||(D={}));function Ct(o,e,t){var n=e===void 0?null:e,i=(function(d,m){var s=atob(d);if(m){for(var l=new Uint8Array(s.length),a=0,u=s.length;a<u;++a)l[a]=s.charCodeAt(a);return String.fromCharCode.apply(null,new Uint16Array(l.buffer))}return s})(o,t!==void 0&&t),r=i.indexOf(`
2
+ `,10)+1,c=i.substring(r)+(n?"//# sourceMappingURL="+n:""),h=new Blob([c],{type:"application/javascript"});return URL.createObjectURL(h)}var $e,Xe,Ve,Ie,At=($e="Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==",Xe=null,Ve=!1,function(o){return Ie=Ie||Ct($e,Xe,Ve),new Worker(Ie,o)});const Te={},Ge=async(o,e=3)=>{for(let t=0;t<e;t++)if(await o())return!0;return!1};class Rt{constructor(e,t){this.cache=e,this.clientId=t,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var t;const n=new Set(((t=await this.cache.get(this.manifestKey))===null||t===void 0?void 0:t.keys)||[]);n.add(e),await this.cache.set(this.manifestKey,{keys:[...n]})}async remove(e){const t=await this.cache.get(this.manifestKey);if(t){const n=new Set(t.keys);return n.delete(e),n.size>0?await this.cache.set(this.manifestKey,{keys:[...n]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return`@@auth0spajs@@::${e}`}}const Nt={memory:()=>new We().enclosedCache,localstorage:()=>new kt},Me=o=>Nt[o],Ye=o=>{const{openUrl:e,onRedirect:t}=o,n=P(o,["openUrl","onRedirect"]);return Object.assign(Object.assign({},n),{openUrl:e===!1||e?e:t})},Be=(o,e)=>{const t=e?.split(" ")||[];return(o?.split(" ")||[]).every((n=>t.includes(n)))},x={NONCE:"nonce",KEYPAIR:"keypair"};class jt{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){const e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise(((t,n)=>{e.onupgradeneeded=()=>Object.values(x).forEach((i=>e.result.createObjectStore(i))),e.onerror=()=>n(e.error),e.onsuccess=()=>t(e.result)}))}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,t,n){const i=n((await this.getDbHandle()).transaction(e,t).objectStore(e));return new Promise(((r,c)=>{i.onsuccess=()=>r(i.result),i.onerror=()=>c(i.error)}))}buildKey(e){const t=e?`_${e}`:"auth0";return`${this.clientId}::${t}`}setNonce(e,t){return this.save(x.NONCE,this.buildKey(t),e)}setKeyPair(e){return this.save(x.KEYPAIR,this.buildKey(),e)}async save(e,t,n){await this.executeDbRequest(e,"readwrite",(i=>i.put(n,t)))}findNonce(e){return this.find(x.NONCE,this.buildKey(e))}findKeyPair(){return this.find(x.KEYPAIR,this.buildKey())}find(e,t){return this.executeDbRequest(e,"readonly",(n=>n.get(t)))}async deleteBy(e,t){const n=await this.executeDbRequest(e,"readonly",(i=>i.getAllKeys()));n?.filter(t).map((i=>this.executeDbRequest(e,"readwrite",(r=>r.delete(i)))))}deleteByClientId(e,t){return this.deleteBy(e,(n=>typeof n=="string"&&n.startsWith(`${t}::`)))}clearNonces(){return this.deleteByClientId(x.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(x.KEYPAIR,this.clientId)}}class Kt{constructor(e){this.storage=new jt(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,t){return this.storage.setNonce(e,t)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await pt(),await this.storage.setKeyPair(e)),e}async generateProof(e){const t=await this.getOrGenerateKeyPair();return ft(Object.assign({keyPair:t},e))}async calculateThumbprint(){return mt(await this.getOrGenerateKeyPair())}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}var W;(function(o){o.Bearer="Bearer",o.DPoP="DPoP"})(W||(W={}));class Dt{constructor(e,t){this.hooks=t,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||(typeof window>"u"?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,t){if(t){if(this.isAbsoluteUrl(t))return t;if(e)return`${e.replace(/\/?\/$/,"")}/${t.replace(/^\/+/,"")}`}throw new TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return typeof e=="string"?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,t){if(!this.config.baseUrl)return new Request(e,t);const n=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),i=e instanceof Request?new Request(n,e):n;return new Request(i,t)}setAuthorizationHeader(e,t,n=W.Bearer){e.headers.set("authorization",`${n} ${t}`)}async setDpopProofHeader(e,t){if(!this.config.dpopNonceId)return;const n=await this.hooks.getDpopNonce(),i=await this.hooks.generateDpopProof({accessToken:t,method:e.method,nonce:n,url:e.url});e.headers.set("dpop",i)}async prepareRequest(e,t){const n=await this.getAccessToken(t);let i,r;typeof n=="string"?(i=this.config.dpopNonceId?W.DPoP:W.Bearer,r=n):(i=n.token_type,r=n.access_token),this.setAuthorizationHeader(e,r,i),i===W.DPoP&&await this.setDpopProofHeader(e,r)}getHeader(e,t){return Array.isArray(e)?new Headers(e).get(t)||"":typeof e.get=="function"?e.get(t)||"":e[t]||""}hasUseDpopNonceError(e){if(e.status!==401)return!1;const t=this.getHeader(e.headers,"www-authenticate");return t.includes("invalid_dpop_nonce")||t.includes("use_dpop_nonce")}async handleResponse(e,t){const n=this.getHeader(e.headers,"dpop-nonce");if(n&&await this.hooks.setDpopNonce(n),!this.hasUseDpopNonceError(e))return e;if(!n||!t.onUseDpopNonceError)throw new ne(n);return t.onUseDpopNonceError()}async internalFetchWithAuth(e,t,n,i){const r=this.buildBaseRequest(e,t);await this.prepareRequest(r,i);const c=await this.config.fetch(r);return this.handleResponse(c,n)}fetchWithAuth(e,t,n){const i={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,t,Object.assign(Object.assign({},i),{onUseDpopNonceError:void 0}),n)};return this.internalFetchWithAuth(e,t,i,n)}}class xt{constructor(e,t){this.myAccountFetcher=e,this.apiBase=t}async connectAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async completeAccount(e){const t=await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async _handleResponse(e){let t;try{t=await e.text(),t=JSON.parse(t)}catch(n){throw new ae({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:t||String(n)})}if(e.ok)return t;throw new ae(t)}}class ae extends Error{constructor({type:e,status:t,title:n,detail:i,validation_errors:r}){super(i),this.name="MyAccountApiError",this.type=e,this.status=t,this.title=n,this.detail=i,this.validation_errors=r,Object.setPrototypeOf(this,ae.prototype)}}const G=new nt;class zt{constructor(e){let t,n;if(this.userCache=new We().enclosedCache,this.activeLockKeys=new Set,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this._releaseLockOnPageHide=async()=>{const d=Array.from(this.activeLockKeys);for(const m of d)await G.releaseLock(m);this.activeLockKeys.clear(),window.removeEventListener("pagehide",this._releaseLockOnPageHide)},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),typeof window<"u"&&(()=>{if(!ie())throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(ie().subtle===void 0)throw new Error(`
3
+ auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
4
+ `)})(),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)n=e.cache;else{if(t=e.cacheLocation||"memory",!Me(t))throw new Error(`Invalid cache location "${t}"`);n=Me(t)()}this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:1e4,this.cookieStorage=e.legacySameSiteCookie===!1?Z:Pt,this.orgHintCookieName=`auth0.${this.options.clientId}.organization_hint`,this.isAuthenticatedCookieName=(d=>`auth0.${d}.is.authenticated`)(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:Et;var r;this.scope=((d,m,...s)=>{if(typeof d!="object")return{default:re(m,d,...s)};let l={default:re(m,...s)};return Object.keys(d).forEach((a=>{const u=d[a];l[a]=re(m,u,...s)})),l})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new _t(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||je,this.cacheManager=new St(n,n.allKeys?void 0:new Rt(n,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new Kt(this.options.clientId):void 0,this.domainUrl=(r=this.options.domain,/^https?:\/\//.test(r)?r:`https://${r}`),this.tokenIssuer=((d,m)=>d?d.startsWith("https://")?d:`https://${d}/`:`${m}/`)(this.options.issuer,this.domainUrl);const c=`${this.domainUrl}/me/`,h=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:()=>this.getTokenSilently({authorizationParams:{scope:"create:me:connected_accounts",audience:c},detailedResponse:!0})}));this.myAccountApi=new xt(h,c),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&t==="memory"&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new At)}_url(e){const t=encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client||Ne)));return`${this.domainUrl}${e}&auth0Client=${t}`}_authorizeUrl(e){return this._url(`/authorize?${Se(e)}`)}async _verifyIdToken(e,t,n){const i=await this.nowProvider();return Tt({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:(r=this.options.authorizationParams.max_age,typeof r!="string"?r:parseInt(r,10)||void 0),now:i});var r}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}async _prepareAuthorizeUrl(e,t,n){var i;const r=ke(F()),c=ke(F()),h=F(),d=await Ke(h),m=xe(d),s=await((i=this.dpop)===null||i===void 0?void 0:i.calculateThumbprint()),l=((u,p,g,f,w,b,v,y,_)=>Object.assign(Object.assign(Object.assign({client_id:u.clientId},u.authorizationParams),g),{scope:se(p,g.scope,g.audience),response_type:"code",response_mode:y||"query",state:f,nonce:w,redirect_uri:v||u.authorizationParams.redirect_uri,code_challenge:b,code_challenge_method:"S256",dpop_jkt:_}))(this.options,this.scope,e,r,c,m,e.redirect_uri||this.options.authorizationParams.redirect_uri||n,t?.response_mode,s),a=this._authorizeUrl(l);return{nonce:c,code_verifier:h,scope:l.scope,audience:l.audience||"default",redirect_uri:l.redirect_uri,state:r,url:a}}async loginWithPopup(e,t){var n;if(e=e||{},!(t=t||{}).popup&&(t.popup=(h=>{const d=window.screenX+(window.innerWidth-400)/2,m=window.screenY+(window.innerHeight-600)/2;return window.open(h,"auth0:authorize:popup",`left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`)})(""),!t.popup))throw new we;const i=await this._prepareAuthorizeUrl(e.authorizationParams||{},{response_mode:"web_message"},window.location.origin);t.popup.location.href=i.url;const r=await(h=>new Promise(((d,m)=>{let s;const l=setInterval((()=>{h.popup&&h.popup.closed&&(clearInterval(l),clearTimeout(a),window.removeEventListener("message",s,!1),m(new ye(h.popup)))}),1e3),a=setTimeout((()=>{clearInterval(l),m(new ge(h.popup)),window.removeEventListener("message",s,!1)}),1e3*(h.timeoutInSeconds||60));s=function(u){if(u.data&&u.data.type==="authorization_response"){if(clearTimeout(a),clearInterval(l),window.removeEventListener("message",s,!1),h.closePopup!==!1&&h.popup.close(),u.data.response.error)return m(S.fromPayload(u.data.response));d(u.data.response)}},window.addEventListener("message",s)})))(Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}));if(i.state!==r.state)throw new S("state_mismatch","Invalid state");const c=((n=e.authorizationParams)===null||n===void 0?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:i.audience,scope:i.scope,code_verifier:i.code_verifier,grant_type:"authorization_code",code:r.code,redirect_uri:i.redirect_uri},{nonceIn:i.nonce,organization:c})}async getUser(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const t=await this._getIdTokenFromCache();return(e=t?.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(e={}){var t;const n=Ye(e),{openUrl:i,fragment:r,appState:c}=n,h=P(n,["openUrl","fragment","appState"]),d=((t=h.authorizationParams)===null||t===void 0?void 0:t.organization)||this.options.authorizationParams.organization,m=await this._prepareAuthorizeUrl(h.authorizationParams||{}),{url:s}=m,l=P(m,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},l),{appState:c,response_type:D.Code}),d&&{organization:d}));const a=r?`${s}#${r}`:s;i?await i(a):window.location.assign(a)}async handleRedirectCallback(e=window.location.href){const t=e.split("?").slice(1);if(t.length===0)throw new Error("There are no query params available for parsing.");const n=this.transactionManager.get();if(!n)throw new S("missing_transaction","Invalid state");this.transactionManager.remove();const i=(r=>{r.indexOf("#")>-1&&(r=r.substring(0,r.indexOf("#")));const c=new URLSearchParams(r);return{state:c.get("state"),code:c.get("code")||void 0,connect_code:c.get("connect_code")||void 0,error:c.get("error")||void 0,error_description:c.get("error_description")||void 0}})(t.join(""));return n.response_type===D.ConnectCode?this._handleConnectAccountRedirectCallback(i,n):this._handleLoginRedirectCallback(i,n)}async _handleLoginRedirectCallback(e,t){const{code:n,state:i,error:r,error_description:c}=e;if(r)throw new me(r,c||r,i,t.appState);if(!t.code_verifier||t.state&&t.state!==i)throw new S("state_mismatch","Invalid state");const h=t.organization,d=t.nonce,m=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},m?{redirect_uri:m}:{}),{nonceIn:d,organization:h}),{appState:t.appState,response_type:D.Code}}async _handleConnectAccountRedirectCallback(e,t){const{connect_code:n,state:i,error:r,error_description:c}=e;if(r)throw new fe(r,c||r,t.connection,i,t.appState);if(!n)throw new S("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===i))throw new S("state_mismatch","Invalid state");const h=await this.myAccountApi.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier});return Object.assign(Object.assign({},h),{appState:t.appState,response_type:D.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get("auth0.is.authenticated"))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove("auth0.is.authenticated")}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(e={}){var t,n;const i=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(t=e.authorizationParams)===null||t===void 0?void 0:t.scope,((n=e.authorizationParams)===null||n===void 0?void 0:n.audience)||this.options.authorizationParams.audience)})}),r=await((c,h)=>{let d=Te[h];return d||(d=c().finally((()=>{delete Te[h],d=null})),Te[h]=d),d})((()=>this._getTokenSilently(i)),`${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);return e.detailedResponse?r:r?.access_token}async _getTokenSilently(e){const{cacheMode:t}=e,n=P(e,["cacheMode"]);if(t!=="off"){const h=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId,cacheMode:t});if(h)return h}if(t==="cache-only")return;const i=(r=this.options.clientId,c=n.authorizationParams.audience||"default",`auth0.lock.getTokenSilently.${r}.${c}`);var r,c;if(!await Ge((()=>G.acquireLock(i,5e3)),10))throw new H;this.activeLockKeys.add(i),this.activeLockKeys.size===1&&window.addEventListener("pagehide",this._releaseLockOnPageHide);try{if(t!=="off"){const u=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||"default",clientId:this.options.clientId});if(u)return u}const h=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(n):await this._getTokenFromIFrame(n),{id_token:d,token_type:m,access_token:s,oauthTokenScope:l,expires_in:a}=h;return Object.assign(Object.assign({id_token:d,token_type:m,access_token:s},l?{scope:l}:null),{expires_in:a})}finally{await G.releaseLock(i),this.activeLockKeys.delete(i),this.activeLockKeys.size===0&&window.removeEventListener("pagehide",this._releaseLockOnPageHide)}}async getTokenWithPopup(e={},t={}){var n,i;const r=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:se(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((i=e.authorizationParams)===null||i===void 0?void 0:i.audience)||this.options.authorizationParams.audience)})});return t=Object.assign(Object.assign({},ot),t),await this.loginWithPopup(r,t),(await this.cacheManager.get(new O({scope:r.authorizationParams.scope,audience:r.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const t=e.logoutParams||{},{federated:n}=t,i=P(t,["federated"]),r=n?"&federated":"";return this._url(`/v2/logout?${Se(Object.assign({clientId:e.clientId},i))}`)+r}async logout(e={}){var t;const n=Ye(e),{openUrl:i}=n,r=P(n,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove("@@user@@"),await((t=this.dpop)===null||t===void 0?void 0:t.clear());const c=this._buildLogoutUrl(r);i?await i(c):i!==!1&&window.location.assign(c)}async _getTokenFromIFrame(e){const t=`auth0.lock.getTokenFromIFrame.${this.options.clientId}`;if(!await Ge((()=>G.acquireLock(t,5e3)),10))throw new H;try{const n=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!n.organization&&(n.organization=i);const{url:r,state:c,nonce:h,code_verifier:d,redirect_uri:m,scope:s,audience:l}=await this._prepareAuthorizeUrl(n,{response_mode:"web_message"},window.location.origin);if(window.crossOriginIsolated)throw new S("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const a=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let u;try{u=new URL(this.domainUrl).origin}catch{u=this.domainUrl}const p=await((f,w,b=60)=>new Promise(((v,y)=>{const _=window.document.createElement("iframe");_.setAttribute("width","0"),_.setAttribute("height","0"),_.style.display="none";const C=()=>{window.document.body.contains(_)&&(window.document.body.removeChild(_),window.removeEventListener("message",T,!1))};let T;const A=setTimeout((()=>{y(new H),C()}),1e3*b);T=function(I){if(I.origin!=w||!I.data||I.data.type!=="authorization_response")return;const L=I.source;L&&L.close(),I.data.response.error?y(S.fromPayload(I.data.response)):v(I.data.response),clearTimeout(A),window.removeEventListener("message",T,!1),setTimeout(C,2e3)},window.addEventListener("message",T,!1),window.document.body.appendChild(_),_.setAttribute("src",f)})))(r,u,a);if(c!==p.state)throw new S("state_mismatch","Invalid state");const g=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:d,code:p.code,grant_type:"authorization_code",redirect_uri:m,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:h,organization:n.organization});return Object.assign(Object.assign({},g),{scope:s,oauthTokenScope:g.scope,audience:l})}catch(n){throw n.error==="login_required"&&this.logout({openUrl:!1}),n}finally{await G.releaseLock(t)}}async _getTokenUsingRefreshToken(e){const t=await this.cacheManager.get(new O({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(t&&t.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new te(e.authorizationParams.audience||"default",e.authorizationParams.scope)}const n=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,i=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,r=((s,l,a,u)=>{var p;if(s&&a&&u){if(l.audience!==a)return l.scope;const g=u.split(" "),f=((p=l.scope)===null||p===void 0?void 0:p.split(" "))||[],w=f.every((b=>g.includes(b)));return g.length>=f.length&&w?u:l.scope}return l.scope})(this.options.useMrrt,e.authorizationParams,t?.audience,t?.scope);try{const s=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:t&&t.refresh_token,redirect_uri:n}),i&&{timeout:i}),{scopesToRequest:r});if(s.refresh_token&&t?.refresh_token&&await this.cacheManager.updateEntry(t.refresh_token,s.refresh_token),this.options.useMrrt&&(c=t?.audience,h=t?.scope,d=e.authorizationParams.audience,m=e.authorizationParams.scope,(c!==d||!Be(m,h))&&!Be(r,s.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const l=((a,u)=>{const p=a?.split(" ")||[],g=u?.split(" ")||[];return p.filter((f=>g.indexOf(f)==-1)).join(",")})(r,s.scope);throw new ve(e.authorizationParams.audience||"default",l)}return Object.assign(Object.assign({},s),{scope:e.authorizationParams.scope,oauthTokenScope:s.scope,audience:e.authorizationParams.audience||"default"})}catch(s){if((s.message.indexOf("Missing Refresh Token")>-1||s.message&&s.message.indexOf("invalid refresh token")>-1)&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw s}var c,h,d,m}async _saveEntryInCache(e){const{id_token:t,decodedToken:n}=e,i=P(e,["id_token","decodedToken"]);this.userCache.set("@@user@@",{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(i)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||"default",t=this.scope[e],n=await this.cacheManager.getIdToken(new O({clientId:this.options.clientId,audience:e,scope:t})),i=this.userCache.get("@@user@@");return n&&n.id_token===i?.id_token?i:(this.userCache.set("@@user@@",n),n)}async _getEntryFromCache({scope:e,audience:t,clientId:n,cacheMode:i}){const r=await this.cacheManager.get(new O({scope:e,audience:t,clientId:n}),60,this.options.useMrrt,i);if(r&&r.access_token){const{token_type:c,access_token:h,oauthTokenScope:d,expires_in:m}=r,s=await this._getIdTokenFromCache();return s&&Object.assign(Object.assign({id_token:s.id_token,token_type:c||"Bearer",access_token:h},d?{scope:d}:null),{expires_in:m})}}async _requestToken(e,t){var n,i;const{nonceIn:r,organization:c,scopesToRequest:h}=t||{},d=await vt(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:h||e.scope}),this.worker),m=await this._verifyIdToken(d.id_token,r,c);if(e.grant_type==="authorization_code"){const s=await this._getIdTokenFromCache();!((i=(n=s?.decodedToken)===null||n===void 0?void 0:n.claims)===null||i===void 0)&&i.sub&&s.decodedToken.claims.sub!==m.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove("@@user@@"))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},d),{decodedToken:m,scope:e.scope,audience:e.audience||"default"}),d.scope?{oauthTokenScope:d.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(c||m.claims.org_id),Object.assign(Object.assign({},d),{decodedToken:m})}async exchangeToken(e){return this._requestToken({grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type,scope:se(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(e={}){return new Dt(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:t=>{var n;return this.getTokenSilently({authorizationParams:{scope:(n=t?.scope)===null||n===void 0?void 0:n.join(" "),audience:t?.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:t=>this.generateDpopProof(t)})}async connectAccountWithRedirect(e){const{openUrl:t,appState:n,connection:i,scopes:r,authorization_params:c,redirectUri:h=this.options.authorizationParams.redirect_uri||window.location.origin}=e;if(!i)throw new Error("connection is required");const d=ke(F()),m=F(),s=await Ke(m),l=xe(s),{connect_uri:a,connect_params:u,auth_session:p}=await this.myAccountApi.connectAccount({connection:i,scopes:r,redirect_uri:h,state:d,code_challenge:l,code_challenge_method:"S256",authorization_params:c});this.transactionManager.create({state:d,code_verifier:m,auth_session:p,redirect_uri:h,appState:n,connection:i,response_type:D.ConnectCode});const g=new URL(a);g.searchParams.set("ticket",u.ticket),t?await t(g.toString()):window.location.assign(g)}}async function Ut(o){const e=new zt(o);return await e.checkSession(),e}const Lt="sesamy-debug";function Ht(o){if(typeof document>"u")return null;const e=o+"=",t=document.cookie.split(";");for(let n=0;n<t.length;n++){let i=t[n];for(;i.charAt(0)===" ";)i=i.substring(1);if(i.indexOf(e)===0)return i.substring(e.length,i.length)}return null}function Zt(){return Ht(Lt)==="true"}function k(o){Zt()&&console.log(o)}function Oe(o,e){if(typeof window>"u")return;const t=new CustomEvent(o,{detail:e,bubbles:!0,composed:!0});k(`Triggering event: ${o}`),dispatchEvent(t)}var M=(o=>(o.AUTH_INITIALIZED="sesamyJsAuthInitialized",o.READY="sesamyJsReady",o.AUTHENTICATED="sesamyJsAuthenticated",o.LOGOUT="sesamyJsLogout",o.CLEAR_CACHE="sesamyJsClearCache",o.USER_ATTRIBUTE_CHANGED="sesamyUserAttributeChanged",o.PURCHASE="sesamyJsPurchase",o))(M||{});const Wt="sesamy.com",Jt="sesamy.dev";function Ft(o,e){return`${o}.${e==="dev"?Jt:Wt}`}function $t(){let e=(document.documentElement.getAttribute("lang")??navigator.language??"en").split("-")[0]?.toLowerCase()??"en";return e==="nn"&&(e="nb"),e}/*!
5
+ *
6
+ * detectIncognito v1.6.2
7
+ *
8
+ * https://github.com/Joe12387/detectIncognito
9
+ *
10
+ * MIT License
11
+ *
12
+ * Copyright (c) 2021 - 2025 Joe Rutkowski <Joe@dreggle.com>
13
+ *
14
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
15
+ * of this software and associated documentation files (the "Software"), to deal
16
+ * in the Software without restriction, including without limitation the rights
17
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
18
+ * copies of the Software, and to permit persons to whom the Software is
19
+ * furnished to do so, subject to the following conditions:
20
+ *
21
+ * The above copyright notice and this permission notice shall be included in all
22
+ * copies or substantial portions of the Software.
23
+ *
24
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30
+ * SOFTWARE.
31
+ *
32
+ * Please keep this comment intact in order to properly abide by the MIT License.
33
+ *
34
+ **/var Pe={d:(o,e)=>{for(var t in e)Pe.o(e,t)&&!Pe.o(o,t)&&Object.defineProperty(o,t,{enumerable:!0,get:e[t]})},o:(o,e)=>Object.prototype.hasOwnProperty.call(o,e)},Ee={};Pe.d(Ee,{A:()=>Xt,k:()=>Ce});var Y=function(o,e,t,n){return new(t||(t=Promise))(function(i,r){function c(m){try{d(n.next(m))}catch(s){r(s)}}function h(m){try{d(n.throw(m))}catch(s){r(s)}}function d(m){var s;m.done?i(m.value):(s=m.value,s instanceof t?s:new t(function(l){l(s)})).then(c,h)}d((n=n.apply(o,[])).next())})},B=function(o,e){var t,n,i,r,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(r[Symbol.iterator]=function(){return this}),r;function h(d){return function(m){return(function(s){if(t)throw new TypeError("Generator is already executing.");for(;r&&(r=0,s[0]&&(c=0)),c;)try{if(t=1,n&&(i=2&s[0]?n.return:s[0]?n.throw||((i=n.return)&&i.call(n),0):n.next)&&!(i=i.call(n,s[1])).done)return i;switch(n=0,i&&(s=[2&s[0],i.value]),s[0]){case 0:case 1:i=s;break;case 4:return c.label++,{value:s[1],done:!1};case 5:c.label++,n=s[1],s=[0];continue;case 7:s=c.ops.pop(),c.trys.pop();continue;default:if(i=c.trys,!((i=i.length>0&&i[i.length-1])||s[0]!==6&&s[0]!==2)){c=0;continue}if(s[0]===3&&(!i||s[1]>i[0]&&s[1]<i[3])){c.label=s[1];break}if(s[0]===6&&c.label<i[1]){c.label=i[1],i=s;break}if(i&&c.label<i[2]){c.label=i[2],c.ops.push(s);break}i[2]&&c.ops.pop(),c.trys.pop();continue}s=e.call(o,c)}catch(l){s=[6,l],n=0}finally{t=i=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}})([d,m])}}};function Ce(){return Y(this,void 0,Promise,function(){return B(this,function(o){switch(o.label){case 0:return[4,new Promise(function(e,t){var n="Unknown",i=!1;function r(a){i||(i=!0,e({isPrivate:a,browserName:n}))}function c(){var a=0,u=parseInt("-1");try{u.toFixed(u)}catch(p){a=p.message.length}return a}function h(){return Y(this,void 0,void 0,function(){var a,u;return B(this,function(p){switch(p.label){case 0:return p.trys.push([0,2,,3]),[4,navigator.storage.getDirectory()];case 1:return p.sent(),r(!1),[3,3];case 2:return a=p.sent(),u=a instanceof Error&&typeof a.message=="string"?a.message:String(a),r(u.includes("unknown transient reason")),[3,3];case 3:return[2]}})})}function d(){var a;return Y(this,void 0,Promise,function(){return B(this,function(u){switch(u.label){case 0:return typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function"?[3,2]:[4,h()];case 1:return u.sent(),[3,3];case 2:navigator.maxTouchPoints!==void 0?(function(){var p=String(Math.random());try{var g=indexedDB.open(p,1);g.onupgradeneeded=function(f){var w=f.target.result,b=function(v){r(v)};try{w.createObjectStore("t",{autoIncrement:!0}).put(new Blob),b(!1)}catch(v){(v instanceof Error&&typeof v.message=="string"?v.message:String(v)).includes("are not yet supported")?b(!0):b(!1)}finally{w.close(),indexedDB.deleteDatabase(p)}},g.onerror=function(){return r(!1)}}catch{r(!1)}})():(function(){var p=window.openDatabase,g=window.localStorage;try{p(null,null,null,null)}catch{return void r(!0)}try{g.setItem("test","1"),g.removeItem("test")}catch{return void r(!0)}r(!1)})(),u.label=3;case 3:return[2]}})})}function m(){navigator.webkitTemporaryStorage.queryUsageAndQuota(function(a,u){var p=Math.round(u/1048576),g=2*Math.round((function(){var f,w,b,v=window;return(b=(w=(f=v?.performance)===null||f===void 0?void 0:f.memory)===null||w===void 0?void 0:w.jsHeapSizeLimit)!==null&&b!==void 0?b:1073741824})()/1048576);r(p<g)},function(a){t(new Error("detectIncognito somehow failed to query storage quota: "+a.message))})}function s(){self.Promise!==void 0&&self.Promise.allSettled!==void 0?m():(0,window.webkitRequestFileSystem)(0,1,function(){r(!1)},function(){r(!0)})}function l(){var a;return Y(this,void 0,Promise,function(){var u,p,g;return B(this,function(f){switch(f.label){case 0:if(typeof((a=navigator.storage)===null||a===void 0?void 0:a.getDirectory)!="function")return[3,5];f.label=1;case 1:return f.trys.push([1,3,,4]),[4,navigator.storage.getDirectory()];case 2:return f.sent(),r(!1),[3,4];case 3:return u=f.sent(),p=u instanceof Error&&typeof u.message=="string"?u.message:String(u),r(p.includes("Security error")),[2];case 4:return[3,6];case 5:(g=indexedDB.open("inPrivate")).onerror=function(w){g.error&&g.error.name==="InvalidStateError"&&w.preventDefault(),r(!0)},g.onsuccess=function(){indexedDB.deleteDatabase("inPrivate"),r(!1)},f.label=6;case 6:return[2]}})})}(function(){return Y(this,void 0,Promise,function(){return B(this,function(a){switch(a.label){case 0:return c()!==44&&c()!==43?[3,2]:(n="Safari",[4,d()]);case 1:return a.sent(),[3,6];case 2:return c()!==51?[3,3]:(u=navigator.userAgent,n=u.match(/Chrome/)?navigator.brave!==void 0?"Brave":u.match(/Edg/)?"Edge":u.match(/OPR/)?"Opera":"Chrome":"Chromium",s(),[3,6]);case 3:return c()!==25?[3,5]:(n="Firefox",[4,l()]);case 4:return a.sent(),[3,6];case 5:navigator.msSaveBlob!==void 0?(n="Internet Explorer",r(window.indexedDB===void 0)):t(new Error("detectIncognito cannot determine the browser")),a.label=6;case 6:return[2]}var u})})})().catch(t)})];case 1:return[2,o.sent()]}})})}typeof window<"u"&&(window.detectIncognito=Ce);const Xt=Ce;Ee.A,Ee.k;const Vt="sesamy_incognito_mode";function qe(){try{const o=sessionStorage.getItem(Vt);return o===null?void 0:o==="true"}catch{return}}function Ae(){return typeof window<"u"}function Gt(){return/^((?!chrome|android).)*safari/i.test(navigator.userAgent)}function Mt(){return/android/i.test(navigator.userAgent)}const z="sesamyAccessToken",J="sesamyRefreshToken",q="sesamySilentAuthThrottle",Re="sesamy_is_authenticated",ce="sesamySilentRedirectState",Yt=300*1e3,Qe=60,Bt=["login_required","consent_required","interaction_required","timeout","Timeout","access_denied"],qt=64;function et(o){const e=o.split(".");if(e.length!==3)return null;const n=e[1].replace(/-/g,"+").replace(/_/g,"/"),i=decodeURIComponent(atob(n).split("").map(r=>"%"+("00"+r.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(i)}function tt(){if(!Ae())return!1;try{const o=document.cookie.split(";").map(t=>t.trim());if(o.some(t=>t.startsWith(`${Re}=true`))||o.some(t=>t.startsWith("auth0.is.authenticated=true")))return!0;const e=Object.keys(localStorage).filter(t=>t.startsWith("@@auth0spajs@@"));for(const t of e)try{const n=JSON.parse(localStorage.getItem(t)||"{}");if(n?.body?.access_token||n?.body?.refresh_token)return!0}catch{}return!1}catch(o){return k(`Error checking session hint cookie: ${o.message}`),!1}}function Q(o){if(Ae())try{const e=o?2592e3:0,t=window.location.protocol==="https:"?"; Secure":"";document.cookie=`${Re}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`}catch(e){k(`Error setting session hint cookie: ${e.message}`)}}function ue(){Q(!1)}function Qt(){try{sessionStorage.setItem(ce,JSON.stringify({timestamp:Date.now()}))}catch{k("Failed to set silent redirect state")}}function le(){try{const o=sessionStorage.getItem(ce);if(o)return JSON.parse(o)}catch{}return null}function ee(){try{sessionStorage.removeItem(ce)}catch{}}function en(o){const e=o.message||"";return Bt.some(t=>e.includes(t)||o.error===t)}function tn(){try{const o=sessionStorage.getItem(q);if(!o)return!1;const{timestamp:e}=JSON.parse(o);return Date.now()-e<Yt}catch{return sessionStorage.removeItem(q),!1}}function nn(){try{sessionStorage.setItem(q,JSON.stringify({timestamp:Date.now()}))}catch{k("Failed to set silent auth throttle in sessionStorage")}}function de(){try{sessionStorage.removeItem(q)}catch{}}function U(o){try{const e=new URL(o).hostname,t=e.split(".");if(t.length<=1)return e;const n=["co.uk","com.au","co.nz","co.za","com.br","co.jp","gov.uk","ac.uk","org.uk","net.uk","com.sg","com.my","co.in","co.id","co.th","co.kr","com.mx","com.ar","com.co","com.pe","com.ph","com.pk","com.sa","com.eg","com.ng","co.ke","co.tz","co.zw","co.bw","co.mz","gov.au","edu.au","org.au","net.au","asn.au","id.au"];for(const i of n)if(e.endsWith(`.${i}`)){const r=i.split(".").length+1;return t.slice(-r).join(".")}return t.slice(-2).join(".")}catch{return null}}function on(o){if(o.domains&&o.domains.length>0){const e=U(window.location.href);if(e){for(const t of o.domains)if(U(`https://${t}`)===e)return k(`Found matching domain in domains array: ${t} for TLD: ${e}`),t;k(`No matching domain found in domains array for TLD: ${e}`)}}if(o.domain)return k(`Using fallback domain property: ${o.domain}`),o.domain}function rn(){try{const o=Object.keys(localStorage).filter(e=>e.startsWith("@@auth0spajs@@"));for(const e of o){const t=JSON.parse(localStorage.getItem(e)||"{}");let n;if(typeof t=="object"&&(t.body&&typeof t.body=="object"&&"refresh_token"in t.body?n=t.body.refresh_token:"refresh_token"in t&&(n=t.refresh_token)),n&&typeof n=="string"&&n.length===qt)return!0}}catch(o){k(`Error checking for existing auth0 tokens: ${o.message}`)}return!1}function sn(){let o,e,t,n=!1,i=!1,r=!1;Ae()&&window.addEventListener("pageshow",()=>{i=!1,r=!1});async function c(a){if(!a)return null;const u=localStorage.getItem(J);if(!u)return k("No refresh token found in localstorage"),null;const p=new URLSearchParams;p.set("client_id",a.iss),p.set("refresh_token",u),p.set("grant_type","refresh_token");const g=new URL(a.iss);g.pathname="/oauth/token",g.searchParams.set("user_id",a.sub);try{const f=await fetch(g.href,{body:p.toString(),method:"POST",headers:{"content-type":"application/x-www-form-urlencoded"}});if(!f.ok){const b=await f.text().catch(()=>"Unknown error");throw k(`Token refresh failed with status ${f.status}: ${b}`),localStorage.removeItem(J),new Error(`Renew token failed: ${f.status}`)}const w=await f.json();if(!w.access_token)throw k("Token refresh response missing access_token"),new Error("Invalid token response");return w.refresh_token&&localStorage.setItem(J,w.refresh_token),localStorage.setItem(z,w.access_token),w.access_token}catch(f){return k(`Token refresh error: ${f.message}`),localStorage.removeItem(J),localStorage.removeItem(z),await l.logout(),null}}async function h(){const a=localStorage.getItem(z);if(!a)return null;const u=et(a),p=Date.now()/1e3;if(!u||!u.exp||u.exp<p+Qe){const g=await c(u);return g||(localStorage.removeItem(z),null)}return a}async function d(){if(r){k("Silent redirect already in progress");return}if(!tt()){k("No session hint cookie - skipping prompt=none redirect for anonymous user");return}const a=le();if(a&&Date.now()-a.timestamp<3e4){k("Recently attempted silent redirect, skipping to prevent loop");return}k("Attempting prompt=none redirect to recover session"),r=!0,Qt();try{await o.loginWithRedirect({authorizationParams:{prompt:"none",redirect_uri:window.location.href,organization:e}})}catch(u){k(`Prompt=none redirect failed: ${u.message}`),r=!1,ee()}}function m(){return t?U(window.location.href)!==U(`https://${t}`):!1}function s(a){if(i)return k("Login already in progress"),null;if(i=!0,setTimeout(()=>{i=!1},3e3),localStorage.removeItem(z),!o)throw new Error("Auth0 client not initialized");const u=a?.authorizationParams||{};return{...a,authorizationParams:{organization:e,redirect_uri:window.location.href,ui_locales:$t(),incognito:qe(),...u}}}const l={async init(a){if(a.enabled===!1)return;e=a.organization;const u=on(a);t=u&&!rn()?u:Ft("token",a.environment);const p=U(window.location.href)!==U(`https://${t}`),g=U(window.location.href),f=g?`.${g}`:void 0,w={domain:t,clientId:a.clientId,useCookiesForTransactions:!0,legacySameSiteCookie:!1,...f&&{cookieDomain:f},cacheLocation:"localstorage"};(p||a.useRefreshTokens)&&(w.useRefreshTokens=!0),k(`Initializing auth0 client: ${JSON.stringify(w)}`),o=await Ut(w);const b=new URLSearchParams(window.location.search),v=b.get("code"),y=b.get("state"),_=b.get("error");if(_){const C=b.get("error_description");k(`Auth error in URL: ${_}${C?` - ${C}`:""}`);const T=new URL(location.href);T.searchParams.delete("error"),T.searchParams.delete("error_description"),T.searchParams.delete("state"),window.history.replaceState({},document.title,T.toString());const A=le();if(A&&ee(),_==="login_required")k("Silent redirect returned login_required - user is not authenticated"),ue();else if(A)k(`Silent redirect returned ${_} - treating as unauthenticated`),ue();else{const I=C||`Authentication failed: ${_}`;k(`Non-silent auth error, alerting user: ${I}`),setTimeout(()=>{alert(I)},0)}}if(v)if(window.opener)k("Code found in URL, posting to opener"),window.opener.postMessage({type:"authorization_response",response:{code:v,state:y}},window.location.origin);else{k("Code found in URL, handling redirect");const C=window.location.href,T=new URL(location.href),A=T.searchParams;A.delete("code"),A.delete("state"),T.search=A.toString(),window.history.replaceState({},document.title,T.toString()),k("Rewrote url to remove code and state");try{const I=await o.handleRedirectCallback(C);k(`Login result: ${JSON.stringify(I)}`);const L=await o.getUser();if(!L)throw new Error("No user found");k(`User found ${JSON.stringify(L)}`),de(),le()&&(k("Successfully recovered session via prompt=none redirect"),ee()),Q(!0),k(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`),Oe(M.AUTHENTICATED,{...L,appState:I.appState})}catch(I){k(`Error handling redirect: ${I.message}`),le()?(ee(),ue(),k("Silent redirect failed, cleared session hints")):alert("There was an error logging in"),console.error(I)}}n=!0,Oe(M.AUTH_INITIALIZED,{})},async isAuthenticated(){if(!n)return!1;if(await h())return!0;if(!o)return!1;const u=await o.isAuthenticated();return u&&Q(!0),u},async getTokenSilently(a=!0,u=!1){if(!n)return null;const p=await h();if(p)return p;if(!u&&tn()){if(k("Silent auth is throttled due to recent failures, skipping request"),a)throw new Error("Silent auth throttled");return null}try{if(!o)return k("Auth client not initialized"),null;let g=await o.getTokenSilently();const f=et(g),w=Date.now()/1e3;return u&&f?.exp&&f.exp-w<3600+Qe&&(g=await o.getTokenSilently({cacheMode:"off"})),de(),Q(!0),g}catch(g){const f=g;if(k(`Failed to get token silently: ${f.message}`),en(f)){if(k("Iframe-based auth blocked by browser privacy restrictions"),tt())return k("Session hint present - attempting prompt=none redirect recovery"),await d(),null;k("No session hint - user is likely anonymous, not attempting redirect")}if(nn(),await o.isAuthenticated()&&(f.message==="Invalid refresh token"||f.message.includes("Missing Refresh Token"))&&await l.logout(),a)throw g;return null}},async getUser(){return n?await h()?{sub:"local",name:"Local User"}:o?await o.getUser():null:null},async login(a){return m()&&(Gt()||Mt()||qe())?(k("Using popup login for cross-domain auth on Safari/Android/Incognito"),l.loginWithPopup(a)):(k("Using redirect login"),l.loginWithRedirect(a))},async loginWithRedirect(a){const u=s(a);if(u)return o.loginWithRedirect(u)},async loginWithPopup(a){const u=s(a);if(!u)return;await o.loginWithPopup(u,{timeoutInSeconds:1800}),de(),Q(!0);const p=await o.getUser();if(!p)throw new Error("No user found after popup login");const g=new CustomEvent(M.AUTHENTICATED,{detail:{...p,appState:a?.appState},composed:!0,bubbles:!0});window.dispatchEvent(g)&&window.location.reload()},async logout(a={}){if(n&&(localStorage.removeItem(z),localStorage.removeItem(J),ue(),ee(),de(),Oe(M.LOGOUT,{}),!!o))return k(`Logout with options: ${JSON.stringify(a)}`),o.logout({...a,logoutParams:{returnTo:window.location.href,...a.logoutParams||{}}})}};return l}return E.ACCESS_TOKEN_KEY=z,E.REFRESH_TOKEN_KEY=J,E.SESSION_HINT_COOKIE=Re,E.SILENT_AUTH_THROTTLE_KEY=q,E.SILENT_REDIRECT_STATE_KEY=ce,E.createAuth0Plugin=sn,Object.defineProperty(E,Symbol.toStringTag,{value:"Module"}),E})({});
package/dist/auth0-plugin.mjs CHANGED
@@ -8,13 +8,13 @@ function O(o, e) {
8
8
  return t;
9
9
  }
10
10
  var j = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {};
11
- function we(o) {
11
+ function ye(o) {
12
12
  return o && o.__esModule && Object.prototype.hasOwnProperty.call(o, "default") ? o.default : o;
13
13
  }
14
- function be(o, e) {
14
+ function we(o, e) {
15
15
  return o(e = { exports: {} }, e.exports), e.exports;
16
16
  }
17
- var R = be((function(o, e) {
17
+ var R = we((function(o, e) {
18
18
  Object.defineProperty(e, "__esModule", { value: !0 });
19
19
  var t = (function() {
20
20
  function n() {
@@ -44,8 +44,8 @@ var R = be((function(o, e) {
44
44
  return t.getInstance();
45
45
  };
46
46
  }));
47
- we(R);
48
- var nt = we(be((function(o, e) {
47
+ ye(R);
48
+ var nt = ye(we((function(o, e) {
49
49
  var t = j && j.__awaiter || function(s, l, a, u) {
50
50
  return new (a || (a = Promise))((function(p, g) {
51
51
  function f(k) {
@@ -316,14 +316,14 @@ class _ extends Error {
316
316
  return new _(e, t);
317
317
  }
318
318
  }
319
- class ke extends _ {
319
+ class be extends _ {
320
320
  constructor(e, t, n, i = null) {
321
- super(e, t), this.state = n, this.appState = i, Object.setPrototypeOf(this, ke.prototype);
321
+ super(e, t), this.state = n, this.appState = i, Object.setPrototypeOf(this, be.prototype);
322
322
  }
323
323
  }
324
- class ve extends _ {
324
+ class ke extends _ {
325
325
  constructor(e, t, n, i, r = null) {
326
- super(e, t), this.connection = n, this.state = i, this.appState = r, Object.setPrototypeOf(this, ve.prototype);
326
+ super(e, t), this.connection = n, this.state = i, this.appState = r, Object.setPrototypeOf(this, ke.prototype);
327
327
  }
328
328
  }
329
329
  class Z extends _ {
@@ -331,24 +331,24 @@ class Z extends _ {
331
331
  super("timeout", "Timeout"), Object.setPrototypeOf(this, Z.prototype);
332
332
  }
333
333
  }
334
- class Se extends Z {
334
+ class ve extends Z {
335
335
  constructor(e) {
336
- super(), this.popup = e, Object.setPrototypeOf(this, Se.prototype);
336
+ super(), this.popup = e, Object.setPrototypeOf(this, ve.prototype);
337
337
  }
338
338
  }
339
- class _e extends _ {
339
+ class Se extends _ {
340
340
  constructor(e) {
341
- super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, _e.prototype);
341
+ super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, Se.prototype);
342
342
  }
343
343
  }
344
- class Ie extends _ {
344
+ class _e extends _ {
345
345
  constructor() {
346
- super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, Ie.prototype);
346
+ super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, _e.prototype);
347
347
  }
348
348
  }
349
- class Te extends _ {
349
+ class Ie extends _ {
350
350
  constructor(e, t, n) {
351
- super(e, t), this.mfa_token = n, Object.setPrototypeOf(this, Te.prototype);
351
+ super(e, t), this.mfa_token = n, Object.setPrototypeOf(this, Ie.prototype);
352
352
  }
353
353
  }
354
354
  class ce extends _ {
@@ -356,9 +356,9 @@ class ce extends _ {
356
356
  super("missing_refresh_token", `Missing Refresh Token (audience: '${ie(e, ["default"])}', scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, ce.prototype);
357
357
  }
358
358
  }
359
- class Pe extends _ {
359
+ class Te extends _ {
360
360
  constructor(e, t) {
361
- super("missing_scopes", `Missing requested scopes after refresh (audience: '${ie(e, ["default"])}', missing scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Pe.prototype);
361
+ super("missing_scopes", `Missing requested scopes after refresh (audience: '${ie(e, ["default"])}', missing scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Te.prototype);
362
362
  }
363
363
  }
364
364
  class ue extends _ {
@@ -373,10 +373,10 @@ const re = () => window.crypto, W = () => {
373
373
  const o = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";
374
374
  let e = "";
375
375
  return Array.from(re().getRandomValues(new Uint8Array(43))).forEach(((t) => e += o[t % o.length])), e;
376
- }, de = (o) => btoa(o), it = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], rt = (o) => Object.keys(o).reduce(((e, t) => {
376
+ }, le = (o) => btoa(o), it = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], rt = (o) => Object.keys(o).reduce(((e, t) => {
377
377
  const n = it.find(((i) => i.key === t));
378
378
  return n && n.type.includes(typeof o[t]) && (e[t] = o[t]), e;
379
- }), {}), fe = (o) => {
379
+ }), {}), me = (o) => {
380
380
  var { clientId: e } = o, t = O(o, ["clientId"]);
381
381
  return new URLSearchParams(((n) => Object.keys(n).filter(((i) => n[i] !== void 0)).reduce(((i, r) => Object.assign(Object.assign({}, i), { [r]: n[r] })), {}))(Object.assign({ client_id: e }, t))).toString();
382
382
  }, Ae = async (o) => await re().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(o)), xe = (o) => ((e) => decodeURIComponent(atob(e).split("").map(((t) => "%" + ("00" + t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g, "/").replace(/-/g, "+")), Re = (o) => {
@@ -409,15 +409,15 @@ async function ct(o, e, t) {
409
409
  throw new K();
410
410
  })(t), t, B(n)))}`;
411
411
  }
412
- let ge;
413
- Uint8Array.prototype.toBase64 ? ge = (o) => (o instanceof ArrayBuffer && (o = new Uint8Array(o)), o.toBase64({ alphabet: "base64url", omitPadding: !0 })) : ge = (e) => {
412
+ let fe;
413
+ Uint8Array.prototype.toBase64 ? fe = (o) => (o instanceof ArrayBuffer && (o = new Uint8Array(o)), o.toBase64({ alphabet: "base64url", omitPadding: !0 })) : fe = (e) => {
414
414
  e instanceof ArrayBuffer && (e = new Uint8Array(e));
415
415
  const t = [];
416
416
  for (let n = 0; n < e.byteLength; n += 32768) t.push(String.fromCharCode.apply(null, e.subarray(n, n + 32768)));
417
417
  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
418
418
  };
419
419
  function q(o) {
420
- return ge(o);
420
+ return fe(o);
421
421
  }
422
422
  class K extends Error {
423
423
  constructor(e) {
@@ -570,7 +570,7 @@ async function Ye(o, e, t, n, i, r, c, h, d, m) {
570
570
  let b;
571
571
  if (d && (b = f["dpop-nonce"], b && await d.setNonce(b)), !w) {
572
572
  const k = p || `HTTP error. Unable to fetch ${o}`;
573
- if (u === "mfa_required") throw new Te(u, k, g.mfa_token);
573
+ if (u === "mfa_required") throw new Ie(u, k, g.mfa_token);
574
574
  if (u === "missing_refresh_token") throw new ce(t, n);
575
575
  if (u === "use_dpop_nonce") {
576
576
  if (!d || !b || m) throw new ue(b);
@@ -582,7 +582,7 @@ async function Ye(o, e, t, n, i, r, c, h, d, m) {
582
582
  }
583
583
  async function kt(o, e) {
584
584
  var { baseUrl: t, timeout: n, audience: i, scope: r, auth0Client: c, useFormData: h, useMrrt: d, dpop: m } = o, s = O(o, ["baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop"]);
585
- const l = s.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", a = s.grant_type === "refresh_token" && d, u = Object.assign(Object.assign(Object.assign(Object.assign({}, s), l && i && { audience: i }), l && r && { scope: r }), a && { audience: i, scope: r }), p = h ? fe(u) : JSON.stringify(u), g = (f = s.grant_type, ht.includes(f));
585
+ const l = s.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", a = s.grant_type === "refresh_token" && d, u = Object.assign(Object.assign(Object.assign(Object.assign({}, s), l && i && { audience: i }), l && r && { scope: r }), a && { audience: i, scope: r }), p = h ? me(u) : JSON.stringify(u), g = (f = s.grant_type, ht.includes(f));
586
586
  var f;
587
587
  return await Ye(`${t}/oauth/token`, n, i || "default", r, { method: "POST", body: p, headers: { "Content-Type": h ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(rt(c || $e))) } }, e, h, d, g ? m : void 0);
588
588
  }
@@ -799,7 +799,7 @@ const J = (o) => typeof o == "number", It = ["iss", "aud", "exp", "nbf", "iat",
799
799
  }
800
800
  return e;
801
801
  };
802
- var z = be((function(o, e) {
802
+ var z = we((function(o, e) {
803
803
  var t = j && j.__assign || function() {
804
804
  return t = Object.assign || function(d) {
805
805
  for (var m, s = 1, l = arguments.length; s < l; s++) for (var a in m = arguments[s]) Object.prototype.hasOwnProperty.call(m, a) && (d[a] = m[a]);
@@ -843,7 +843,7 @@ var z = be((function(o, e) {
843
843
  h(d, "", t(t({}, m), { expires: -1 }));
844
844
  };
845
845
  }));
846
- we(z), z.encode, z.parse, z.getAll;
846
+ ye(z), z.encode, z.parse, z.getAll;
847
847
  var Pt = z.get, qe = z.set, Qe = z.remove;
848
848
  const L = { get(o) {
849
849
  const e = Pt(o);
@@ -887,10 +887,10 @@ function Ct(o, e, t) {
887
887
  `, 10) + 1, c = i.substring(r) + (n ? "//# sourceMappingURL=" + n : ""), h = new Blob([c], { type: "application/javascript" });
888
888
  return URL.createObjectURL(h);
889
889
  }
890
- var Ne, De, Ke, he, At = (Ne = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", De = null, Ke = !1, function(o) {
891
- return he = he || Ct(Ne, De, Ke), new Worker(he, o);
890
+ var Ne, De, Ke, de, At = (Ne = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", De = null, Ke = !1, function(o) {
891
+ return de = de || Ct(Ne, De, Ke), new Worker(de, o);
892
892
  });
893
- const pe = {}, ze = async (o, e = 3) => {
893
+ const he = {}, ze = async (o, e = 3) => {
894
894
  for (let t = 0; t < e; t++) if (await o()) return !0;
895
895
  return !1;
896
896
  };
@@ -1142,7 +1142,7 @@ class zt {
1142
1142
  return `${this.domainUrl}${e}&auth0Client=${t}`;
1143
1143
  }
1144
1144
  _authorizeUrl(e) {
1145
- return this._url(`/authorize?${fe(e)}`);
1145
+ return this._url(`/authorize?${me(e)}`);
1146
1146
  }
1147
1147
  async _verifyIdToken(e, t, n) {
1148
1148
  const i = await this.nowProvider();
@@ -1154,7 +1154,7 @@ class zt {
1154
1154
  }
1155
1155
  async _prepareAuthorizeUrl(e, t, n) {
1156
1156
  var i;
1157
- const r = de(W()), c = de(W()), h = W(), d = await Ae(h), m = Re(d), s = await ((i = this.dpop) === null || i === void 0 ? void 0 : i.calculateThumbprint()), l = ((u, p, g, f, w, b, k, y, S) => Object.assign(Object.assign(Object.assign({ client_id: u.clientId }, u.authorizationParams), g), { scope: Q(p, g.scope, g.audience), response_type: "code", response_mode: y || "query", state: f, nonce: w, redirect_uri: k || u.authorizationParams.redirect_uri, code_challenge: b, code_challenge_method: "S256", dpop_jkt: S }))(this.options, this.scope, e, r, c, m, e.redirect_uri || this.options.authorizationParams.redirect_uri || n, t?.response_mode, s), a = this._authorizeUrl(l);
1157
+ const r = le(W()), c = le(W()), h = W(), d = await Ae(h), m = Re(d), s = await ((i = this.dpop) === null || i === void 0 ? void 0 : i.calculateThumbprint()), l = ((u, p, g, f, w, b, k, y, S) => Object.assign(Object.assign(Object.assign({ client_id: u.clientId }, u.authorizationParams), g), { scope: Q(p, g.scope, g.audience), response_type: "code", response_mode: y || "query", state: f, nonce: w, redirect_uri: k || u.authorizationParams.redirect_uri, code_challenge: b, code_challenge_method: "S256", dpop_jkt: S }))(this.options, this.scope, e, r, c, m, e.redirect_uri || this.options.authorizationParams.redirect_uri || n, t?.response_mode, s), a = this._authorizeUrl(l);
1158
1158
  return { nonce: c, code_verifier: h, scope: l.scope, audience: l.audience || "default", redirect_uri: l.redirect_uri, state: r, url: a };
1159
1159
  }
1160
1160
  async loginWithPopup(e, t) {
@@ -1162,15 +1162,15 @@ class zt {
1162
1162
  if (e = e || {}, !(t = t || {}).popup && (t.popup = ((h) => {
1163
1163
  const d = window.screenX + (window.innerWidth - 400) / 2, m = window.screenY + (window.innerHeight - 600) / 2;
1164
1164
  return window.open(h, "auth0:authorize:popup", `left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`);
1165
- })(""), !t.popup)) throw new Ie();
1165
+ })(""), !t.popup)) throw new _e();
1166
1166
  const i = await this._prepareAuthorizeUrl(e.authorizationParams || {}, { response_mode: "web_message" }, window.location.origin);
1167
1167
  t.popup.location.href = i.url;
1168
1168
  const r = await ((h) => new Promise(((d, m) => {
1169
1169
  let s;
1170
1170
  const l = setInterval((() => {
1171
- h.popup && h.popup.closed && (clearInterval(l), clearTimeout(a), window.removeEventListener("message", s, !1), m(new _e(h.popup)));
1171
+ h.popup && h.popup.closed && (clearInterval(l), clearTimeout(a), window.removeEventListener("message", s, !1), m(new Se(h.popup)));
1172
1172
  }), 1e3), a = setTimeout((() => {
1173
- clearInterval(l), m(new Se(h.popup)), window.removeEventListener("message", s, !1);
1173
+ clearInterval(l), m(new ve(h.popup)), window.removeEventListener("message", s, !1);
1174
1174
  }), 1e3 * (h.timeoutInSeconds || 60));
1175
1175
  s = function(u) {
1176
1176
  if (u.data && u.data.type === "authorization_response") {
@@ -1215,14 +1215,14 @@ class zt {
1215
1215
  }
1216
1216
  async _handleLoginRedirectCallback(e, t) {
1217
1217
  const { code: n, state: i, error: r, error_description: c } = e;
1218
- if (r) throw new ke(r, c || r, i, t.appState);
1218
+ if (r) throw new be(r, c || r, i, t.appState);
1219
1219
  if (!t.code_verifier || t.state && t.state !== i) throw new _("state_mismatch", "Invalid state");
1220
1220
  const h = t.organization, d = t.nonce, m = t.redirect_uri;
1221
1221
  return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code: n }, m ? { redirect_uri: m } : {}), { nonceIn: d, organization: h }), { appState: t.appState, response_type: N.Code };
1222
1222
  }
1223
1223
  async _handleConnectAccountRedirectCallback(e, t) {
1224
1224
  const { connect_code: n, state: i, error: r, error_description: c } = e;
1225
- if (r) throw new ve(r, c || r, t.connection, i, t.appState);
1225
+ if (r) throw new ke(r, c || r, t.connection, i, t.appState);
1226
1226
  if (!n) throw new _("missing_connect_code", "Missing connect code");
1227
1227
  if (!(t.code_verifier && t.state && t.auth_session && t.redirect_uri && t.state === i)) throw new _("state_mismatch", "Invalid state");
1228
1228
  const h = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code: n, redirect_uri: t.redirect_uri, code_verifier: t.code_verifier });
@@ -1241,10 +1241,10 @@ class zt {
1241
1241
  async getTokenSilently(e = {}) {
1242
1242
  var t, n;
1243
1243
  const i = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Q(this.scope, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, ((n = e.authorizationParams) === null || n === void 0 ? void 0 : n.audience) || this.options.authorizationParams.audience) }) }), r = await ((c, h) => {
1244
- let d = pe[h];
1244
+ let d = he[h];
1245
1245
  return d || (d = c().finally((() => {
1246
- delete pe[h], d = null;
1247
- })), pe[h] = d), d;
1246
+ delete he[h], d = null;
1247
+ })), he[h] = d), d;
1248
1248
  })((() => this._getTokenSilently(i)), `${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);
1249
1249
  return e.detailedResponse ? r : r?.access_token;
1250
1250
  }
@@ -1281,7 +1281,7 @@ class zt {
1281
1281
  _buildLogoutUrl(e) {
1282
1282
  e.clientId !== null ? e.clientId = e.clientId || this.options.clientId : delete e.clientId;
1283
1283
  const t = e.logoutParams || {}, { federated: n } = t, i = O(t, ["federated"]), r = n ? "&federated" : "";
1284
- return this._url(`/v2/logout?${fe(Object.assign({ clientId: e.clientId }, i))}`) + r;
1284
+ return this._url(`/v2/logout?${me(Object.assign({ clientId: e.clientId }, i))}`) + r;
1285
1285
  }
1286
1286
  async logout(e = {}) {
1287
1287
  var t;
@@ -1354,7 +1354,7 @@ class zt {
1354
1354
  const p = a?.split(" ") || [], g = u?.split(" ") || [];
1355
1355
  return p.filter(((f) => g.indexOf(f) == -1)).join(",");
1356
1356
  })(r, s.scope);
1357
- throw new Pe(e.authorizationParams.audience || "default", l);
1357
+ throw new Te(e.authorizationParams.audience || "default", l);
1358
1358
  }
1359
1359
  return Object.assign(Object.assign({}, s), { scope: e.authorizationParams.scope, oauthTokenScope: s.scope, audience: e.authorizationParams.audience || "default" });
1360
1360
  } catch (s) {
@@ -1411,7 +1411,7 @@ class zt {
1411
1411
  async connectAccountWithRedirect(e) {
1412
1412
  const { openUrl: t, appState: n, connection: i, scopes: r, authorization_params: c, redirectUri: h = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
1413
1413
  if (!i) throw new Error("connection is required");
1414
- const d = de(W()), m = W(), s = await Ae(m), l = Re(s), { connect_uri: a, connect_params: u, auth_session: p } = await this.myAccountApi.connectAccount({ connection: i, scopes: r, redirect_uri: h, state: d, code_challenge: l, code_challenge_method: "S256", authorization_params: c });
1414
+ const d = le(W()), m = W(), s = await Ae(m), l = Re(s), { connect_uri: a, connect_params: u, auth_session: p } = await this.myAccountApi.connectAccount({ connection: i, scopes: r, redirect_uri: h, state: d, code_challenge: l, code_challenge_method: "S256", authorization_params: c });
1415
1415
  this.transactionManager.create({ state: d, code_verifier: m, auth_session: p, redirect_uri: h, appState: n, connection: i, response_type: N.ConnectCode });
1416
1416
  const g = new URL(a);
1417
1417
  g.searchParams.set("ticket", u.ticket), t ? await t(g.toString()) : window.location.assign(g);
@@ -1441,7 +1441,7 @@ function Zt() {
1441
1441
  function v(o) {
1442
1442
  Zt() && console.log(o);
1443
1443
  }
1444
- function me(o, e) {
1444
+ function pe(o, e) {
1445
1445
  if (typeof window > "u")
1446
1446
  return;
1447
1447
  const t = new CustomEvent(o, {
@@ -1491,10 +1491,10 @@ function $t() {
1491
1491
  * Please keep this comment intact in order to properly abide by the MIT License.
1492
1492
  *
1493
1493
  **/
1494
- var ye = { d: (o, e) => {
1495
- for (var t in e) ye.o(e, t) && !ye.o(o, t) && Object.defineProperty(o, t, { enumerable: !0, get: e[t] });
1496
- }, o: (o, e) => Object.prototype.hasOwnProperty.call(o, e) }, Oe = {};
1497
- ye.d(Oe, { A: () => Xt, k: () => Ee });
1494
+ var ge = { d: (o, e) => {
1495
+ for (var t in e) ge.o(e, t) && !ge.o(o, t) && Object.defineProperty(o, t, { enumerable: !0, get: e[t] });
1496
+ }, o: (o, e) => Object.prototype.hasOwnProperty.call(o, e) }, Pe = {};
1497
+ ge.d(Pe, { A: () => Xt, k: () => Oe });
1498
1498
  var $ = function(o, e, t, n) {
1499
1499
  return new (t || (t = Promise))(function(i, r) {
1500
1500
  function c(m) {
@@ -1578,7 +1578,7 @@ var $ = function(o, e, t, n) {
1578
1578
  };
1579
1579
  }
1580
1580
  };
1581
- function Ee() {
1581
+ function Oe() {
1582
1582
  return $(this, void 0, Promise, function() {
1583
1583
  return X(this, function(o) {
1584
1584
  switch (o.label) {
@@ -1742,10 +1742,10 @@ function Ee() {
1742
1742
  });
1743
1743
  });
1744
1744
  }
1745
- typeof window < "u" && (window.detectIncognito = Ee);
1746
- const Xt = Ee;
1747
- Oe.A;
1748
- Oe.k;
1745
+ typeof window < "u" && (window.detectIncognito = Oe);
1746
+ const Xt = Oe;
1747
+ Pe.A;
1748
+ Pe.k;
1749
1749
  const Vt = "sesamy_incognito_mode";
1750
1750
  function Ze() {
1751
1751
  try {
@@ -1755,7 +1755,7 @@ function Ze() {
1755
1755
  return;
1756
1756
  }
1757
1757
  }
1758
- function le() {
1758
+ function Ee() {
1759
1759
  return typeof window < "u";
1760
1760
  }
1761
1761
  function Gt() {
@@ -1781,7 +1781,7 @@ function Je(o) {
1781
1781
  return JSON.parse(i);
1782
1782
  }
1783
1783
  function Fe() {
1784
- if (!le()) return !1;
1784
+ if (!Ee()) return !1;
1785
1785
  try {
1786
1786
  const o = document.cookie.split(";").map((t) => t.trim());
1787
1787
  if (o.some((t) => t.startsWith(`${et}=true`)) || o.some((t) => t.startsWith("auth0.is.authenticated=true"))) return !0;
@@ -1798,7 +1798,7 @@ function Fe() {
1798
1798
  }
1799
1799
  }
1800
1800
  function Y(o) {
1801
- if (le())
1801
+ if (Ee())
1802
1802
  try {
1803
1803
  const e = o ? 2592e3 : 0, t = window.location.protocol === "https:" ? "; Secure" : "";
1804
1804
  document.cookie = `${et}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`;
@@ -1942,7 +1942,7 @@ function rn() {
1942
1942
  }
1943
1943
  function sn() {
1944
1944
  let o, e, t, n = !1, i = !1, r = !1;
1945
- le() && window.addEventListener("pageshow", () => {
1945
+ Ee() && window.addEventListener("pageshow", () => {
1946
1946
  i = !1, r = !1;
1947
1947
  });
1948
1948
  async function c(a) {
@@ -2074,12 +2074,12 @@ function sn() {
2074
2074
  v(`Login result: ${JSON.stringify(I)}`);
2075
2075
  const A = await o.getUser();
2076
2076
  if (!A) throw new Error("No user found");
2077
- v(`User found ${JSON.stringify(A)}`), ne(), te() && (v("Successfully recovered session via prompt=none redirect"), G()), Y(!0), v(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`), me(M.AUTHENTICATED, { ...A, appState: I.appState });
2077
+ v(`User found ${JSON.stringify(A)}`), ne(), te() && (v("Successfully recovered session via prompt=none redirect"), G()), Y(!0), v(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`), pe(M.AUTHENTICATED, { ...A, appState: I.appState });
2078
2078
  } catch (I) {
2079
2079
  v(`Error handling redirect: ${I.message}`), te() ? (G(), ee(), v("Silent redirect failed, cleared session hints")) : alert("There was an error logging in"), console.error(I);
2080
2080
  }
2081
2081
  }
2082
- n = !0, me(M.AUTH_INITIALIZED, {});
2082
+ n = !0, pe(M.AUTH_INITIALIZED, {});
2083
2083
  },
2084
2084
  async isAuthenticated() {
2085
2085
  if (!n) return !1;
@@ -2141,7 +2141,7 @@ function sn() {
2141
2141
  window.dispatchEvent(g) && window.location.reload();
2142
2142
  },
2143
2143
  async logout(a = {}) {
2144
- if (n && (localStorage.removeItem(U), localStorage.removeItem(V), ee(), G(), ne(), me(M.LOGOUT, {}), !!o))
2144
+ if (n && (localStorage.removeItem(U), localStorage.removeItem(V), ee(), G(), ne(), pe(M.LOGOUT, {}), !!o))
2145
2145
  return v(`Logout with options: ${JSON.stringify(a)}`), o.logout({
2146
2146
  ...a,
2147
2147
  logoutParams: {
@@ -2153,7 +2153,6 @@ function sn() {
2153
2153
  };
2154
2154
  return l;
2155
2155
  }
2156
- le() && (sn(), void 0);
2157
2156
  export {
2158
2157
  U as ACCESS_TOKEN_KEY,
2159
2158
  V as REFRESH_TOKEN_KEY,