npm - @versini/auth-provider - Versions diffs - 4.1.0 → 4.2.0 - Mend

@versini/auth-provider 4.1.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,55 +1,80 @@
-import { jsx as pe } from "react/jsx-runtime";
-import * as I from "react";
-import { createContext as fe, useState as ye, useCallback as me, useEffect as we, useContext as Se } from "react";
+import { jsx as Pe } from "react/jsx-runtime";
+import * as C from "react";
+import { createContext as De, useState as Ue, useCallback as Ne, useEffect as He, useContext as Le } from "react";
 /*!
-  @versini/auth-provider v4.1.0
+  @versini/auth-provider v4.2.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "4.1.0",
-    buildTime: "06/26/2024 12:59 PM EDT",
+    version: "4.2.0",
+    buildTime: "06/27/2024 06:57 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.6.0
+  @versini/auth-common v2.8.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.6.0",
-    buildTime: "06/26/2024 12:59 PM EDT",
+    version: "2.8.0",
+    buildTime: "06/27/2024 06:57 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const x = crypto, Z = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
-function Ee(...e) {
-  const t = e.reduce((a, { length: s }) => a + s, 0), o = new Uint8Array(t);
+const F = {
+  ID_TOKEN: "id_token",
+  ACCESS_TOKEN: "token",
+  ID_AND_ACCESS_TOKEN: "id_token token",
+  CODE: "code"
+}, $e = {
+  CLIENT_ID: "X-Auth-ClientId"
+}, _ = {
+  ALG: "RS256",
+  USER_ID_KEY: "sub",
+  TOKEN_ID_KEY: "__raw",
+  NONCE_KEY: "_nonce",
+  ISSUER: "gizmette.com"
+}, Je = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
+w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
+i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
+aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
+l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
+sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
+awIDAQAB
+-----END PUBLIC KEY-----`, q = {
+  AUTHENTICATE: "authenticate",
+  CODE: "code",
+  LOGOUT: "logout"
+}, z = crypto, ye = (e) => e instanceof CryptoKey, P = new TextEncoder(), J = new TextDecoder();
+function Ke(...e) {
+  const t = e.reduce((n, { length: s }) => n + s, 0), o = new Uint8Array(t);
   let r = 0;
-  for (const a of e)
-    o.set(a, r), r += a.length;
+  for (const n of e)
+    o.set(n, r), r += n.length;
   return o;
 }
-const ge = (e) => {
+const We = (e) => {
   const t = atob(e), o = new Uint8Array(t.length);
   for (let r = 0; r < t.length; r++)
     o[r] = t.charCodeAt(r);
   return o;
-}, N = (e) => {
+}, x = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = J.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return ge(t);
+    return We(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-let b = class extends Error {
+class T extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -57,24 +82,24 @@ let b = class extends Error {
     var o;
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
-};
-class S extends b {
+}
+class w extends T {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, o, r = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = a, this.payload = o;
+  constructor(t, o, r = "unspecified", n = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class V extends b {
+class te extends T {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, o, r = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = a, this.payload = o;
+  constructor(t, o, r = "unspecified", n = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class Ae extends b {
+class xe extends T {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -82,7 +107,7 @@ class Ae extends b {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class P extends b {
+class K extends T {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -90,7 +115,7 @@ class P extends b {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-let d = class extends b {
+let h = class extends T {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -98,7 +123,7 @@ let d = class extends b {
     return "ERR_JWS_INVALID";
   }
 };
-class ee extends b {
+class me extends T {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -106,7 +131,7 @@ class ee extends b {
     return "ERR_JWT_INVALID";
   }
 }
-class _e extends b {
+class je extends T {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -114,16 +139,16 @@ class _e extends b {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function E(e, t = "algorithm.name") {
+function S(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function R(e, t) {
+function D(e, t) {
   return e.name === t;
 }
-function D(e) {
+function j(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function be(e) {
+function Me(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -135,7 +160,7 @@ function be(e) {
       throw new Error("unreachable");
   }
 }
-function Ie(e, t) {
+function Ve(e, t) {
   if (t.length && !t.some((o) => e.usages.includes(o))) {
     let o = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -146,83 +171,83 @@ function Ie(e, t) {
     throw new TypeError(o);
   }
 }
-function Te(e, t, ...o) {
+function Ge(e, t, ...o) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!R(e.algorithm, "HMAC"))
-        throw E("HMAC");
+      if (!D(e.algorithm, "HMAC"))
+        throw S("HMAC");
       const r = parseInt(t.slice(2), 10);
-      if (D(e.algorithm.hash) !== r)
-        throw E(`SHA-${r}`, "algorithm.hash");
+      if (j(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!R(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw E("RSASSA-PKCS1-v1_5");
+      if (!D(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw S("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
-      if (D(e.algorithm.hash) !== r)
-        throw E(`SHA-${r}`, "algorithm.hash");
+      if (j(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!R(e.algorithm, "RSA-PSS"))
-        throw E("RSA-PSS");
+      if (!D(e.algorithm, "RSA-PSS"))
+        throw S("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
-      if (D(e.algorithm.hash) !== r)
-        throw E(`SHA-${r}`, "algorithm.hash");
+      if (j(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw E("Ed25519 or Ed448");
+        throw S("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!R(e.algorithm, "ECDSA"))
-        throw E("ECDSA");
-      const r = be(t);
+      if (!D(e.algorithm, "ECDSA"))
+        throw S("ECDSA");
+      const r = Me(t);
       if (e.algorithm.namedCurve !== r)
-        throw E(r, "algorithm.namedCurve");
+        throw S(r, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  Ie(e, o);
+  Ve(e, o);
 }
-function te(e, t, ...o) {
+function we(e, t, ...o) {
   var r;
   if (o.length > 2) {
-    const a = o.pop();
-    e += `one of type ${o.join(", ")}, or ${a}.`;
+    const n = o.pop();
+    e += `one of type ${o.join(", ")}, or ${n}.`;
   } else
     o.length === 2 ? e += `one of type ${o[0]} or ${o[1]}.` : e += `of type ${o[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const Y = (e, ...t) => te("Key must be ", e, ...t);
-function re(e, t, ...o) {
-  return te(`Key for the ${e} algorithm must be `, t, ...o);
+const re = (e, ...t) => we("Key must be ", e, ...t);
+function ge(e, t, ...o) {
+  return we(`Key for the ${e} algorithm must be `, t, ...o);
 }
-const oe = (e) => Z(e), A = ["CryptoKey"], ve = (...e) => {
+const Se = (e) => ye(e), b = ["CryptoKey"], Ye = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
   let o;
   for (const r of t) {
-    const a = Object.keys(r);
+    const n = Object.keys(r);
     if (!o || o.size === 0) {
-      o = new Set(a);
+      o = new Set(n);
       continue;
     }
-    for (const s of a) {
+    for (const s of n) {
       if (o.has(s))
         return !1;
       o.add(s);
@@ -230,11 +255,11 @@ const oe = (e) => Z(e), A = ["CryptoKey"], ve = (...e) => {
   }
   return !0;
 };
-function Re(e) {
+function Be(e) {
   return typeof e == "object" && e !== null;
 }
-function W(e) {
-  if (!Re(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function B(e) {
+  if (!Be(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -243,51 +268,51 @@ function W(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const ke = (e, t) => {
+const Fe = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: o } = t.algorithm;
     if (typeof o != "number" || o < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
-}, g = (e, t, o = 0) => {
+}, A = (e, t, o = 0) => {
   o === 0 && (t.unshift(t.length), t.unshift(6));
   const r = e.indexOf(t[0], o);
   if (r === -1)
     return !1;
-  const a = e.subarray(r, r + t.length);
-  return a.length !== t.length ? !1 : a.every((s, n) => s === t[n]) || g(e, t, r + 1);
-}, G = (e) => {
+  const n = e.subarray(r, r + t.length);
+  return n.length !== t.length ? !1 : n.every((s, a) => s === t[a]) || A(e, t, r + 1);
+}, oe = (e) => {
   switch (!0) {
-    case g(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case A(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case g(e, [43, 129, 4, 0, 34]):
+    case A(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case g(e, [43, 129, 4, 0, 35]):
+    case A(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case g(e, [43, 101, 110]):
+    case A(e, [43, 101, 110]):
       return "X25519";
-    case g(e, [43, 101, 111]):
+    case A(e, [43, 101, 111]):
       return "X448";
-    case g(e, [43, 101, 112]):
+    case A(e, [43, 101, 112]):
       return "Ed25519";
-    case g(e, [43, 101, 113]):
+    case A(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new P("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new K("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, Ce = async (e, t, o, r, a) => {
-  let s, n;
-  const i = new Uint8Array(atob(o.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
+}, qe = async (e, t, o, r, n) => {
+  let s, a;
+  const c = new Uint8Array(atob(o.replace(e, "")).split("").map((i) => i.charCodeAt(0)));
   switch (r) {
     case "PS256":
     case "PS384":
     case "PS512":
-      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, n = ["verify"];
+      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, n = ["verify"];
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
@@ -296,83 +321,83 @@ const ke = (e, t) => {
       s = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
-      }, n = ["encrypt", "wrapKey"];
+      }, a = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      s = { name: "ECDSA", namedCurve: "P-256" }, n = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
       break;
     case "ES384":
-      s = { name: "ECDSA", namedCurve: "P-384" }, n = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
       break;
     case "ES512":
-      s = { name: "ECDSA", namedCurve: "P-521" }, n = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = G(i);
-      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, n = [];
+      const i = oe(c);
+      s = i.startsWith("P-") ? { name: "ECDH", namedCurve: i } : { name: i }, a = [];
       break;
     }
     case "EdDSA":
-      s = { name: G(i) }, n = ["verify"];
+      s = { name: oe(c) }, a = ["verify"];
       break;
     default:
-      throw new P('Invalid or unsupported "alg" (Algorithm) value');
+      throw new K('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return x.subtle.importKey(t, i, s, !1, n);
-}, Pe = (e, t, o) => Ce(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Oe(e, t, o) {
+  return z.subtle.importKey(t, c, s, !1, a);
+}, ze = (e, t, o) => qe(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Xe(e, t, o) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Pe(e, t);
+  return ze(e, t);
 }
-const Ne = (e, t) => {
+const Qe = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!oe(t))
-      throw new TypeError(re(e, t, ...A, "Uint8Array"));
+    if (!Se(t))
+      throw new TypeError(ge(e, t, ...b, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${A.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${b.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
-}, De = (e, t, o) => {
-  if (!oe(t))
-    throw new TypeError(re(e, t, ...A));
+}, Ze = (e, t, o) => {
+  if (!Se(t))
+    throw new TypeError(ge(e, t, ...b));
   if (t.type === "secret")
-    throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${b.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && o === "verify" && t.type === "private")
-    throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${b.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && o === "encrypt" && t.type === "private")
-    throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, Ue = (e, t, o) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ne(e, t) : De(e, t, o);
+    throw new TypeError(`${b.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
+}, et = (e, t, o) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Qe(e, t) : Ze(e, t, o);
 };
-function He(e, t, o, r, a) {
-  if (a.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+function tt(e, t, o, r, n) {
+  if (n.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((n) => typeof n != "string" || n.length === 0))
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
   let s;
   o !== void 0 ? s = new Map([...Object.entries(o), ...t.entries()]) : s = t;
-  for (const n of r.crit) {
-    if (!s.has(n))
-      throw new P(`Extension Header Parameter "${n}" is not recognized`);
-    if (a[n] === void 0)
-      throw new e(`Extension Header Parameter "${n}" is missing`);
-    if (s.get(n) && r[n] === void 0)
-      throw new e(`Extension Header Parameter "${n}" MUST be integrity protected`);
+  for (const a of r.crit) {
+    if (!s.has(a))
+      throw new K(`Extension Header Parameter "${a}" is not recognized`);
+    if (n[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" is missing`);
+    if (s.get(a) && r[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
   }
   return new Set(r.crit);
 }
-const Le = (e, t) => {
+const rt = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((o) => typeof o != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function $e(e, t) {
+function ot(e, t) {
   const o = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -394,352 +419,375 @@ function $e(e, t) {
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new P(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new K(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-function Je(e, t, o) {
-  if (Z(t))
-    return Te(t, e, o), t;
+function nt(e, t, o) {
+  if (ye(t))
+    return Ge(t, e, o), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(Y(t, ...A));
-    return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
+      throw new TypeError(re(t, ...b));
+    return z.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
   }
-  throw new TypeError(Y(t, ...A, "Uint8Array"));
+  throw new TypeError(re(t, ...b, "Uint8Array"));
 }
-const Ke = async (e, t, o, r) => {
-  const a = await Je(e, t, "verify");
-  ke(e, a);
-  const s = $e(e, a.algorithm);
+const at = async (e, t, o, r) => {
+  const n = await nt(e, t, "verify");
+  Fe(e, n);
+  const s = ot(e, n.algorithm);
   try {
-    return await x.subtle.verify(s, a, o, r);
+    return await z.subtle.verify(s, n, o, r);
   } catch {
     return !1;
   }
 };
-async function We(e, t, o) {
-  if (!W(e))
-    throw new d("Flattened JWS must be an object");
+async function st(e, t, o) {
+  if (!B(e))
+    throw new h("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new d('Flattened JWS must have either of the "protected" or "header" members');
+    throw new h('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new d("JWS Protected Header incorrect type");
+    throw new h("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new d("JWS Payload missing");
+    throw new h("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new d("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !W(e.header))
-    throw new d("JWS Unprotected Header incorrect type");
+    throw new h("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !B(e.header))
+    throw new h("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const w = N(e.protected);
-      r = JSON.parse(C.decode(w));
+      const p = x(e.protected);
+      r = JSON.parse(J.decode(p));
     } catch {
-      throw new d("JWS Protected Header is invalid");
+      throw new h("JWS Protected Header is invalid");
     }
-  if (!ve(r, e.header))
-    throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const a = {
+  if (!Ye(r, e.header))
+    throw new h("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const n = {
     ...r,
     ...e.header
-  }, s = He(d, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, a);
-  let n = !0;
-  if (s.has("b64") && (n = r.b64, typeof n != "boolean"))
-    throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: i } = a;
-  if (typeof i != "string" || !i)
-    throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = o && Le("algorithms", o.algorithms);
-  if (c && !c.has(i))
-    throw new Ae('"alg" (Algorithm) Header Parameter value not allowed');
-  if (n) {
+  }, s = tt(h, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
+  let a = !0;
+  if (s.has("b64") && (a = r.b64, typeof a != "boolean"))
+    throw new h('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: c } = n;
+  if (typeof c != "string" || !c)
+    throw new h('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const i = o && rt("algorithms", o.algorithms);
+  if (i && !i.has(c))
+    throw new xe('"alg" (Algorithm) Header Parameter value not allowed');
+  if (a) {
     if (typeof e.payload != "string")
-      throw new d("JWS Payload must be a string");
+      throw new h("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new d("JWS Payload must be a string or an Uint8Array instance");
-  let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), Ue(i, t, "verify");
-  const y = Ee(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
-  let l;
+    throw new h("JWS Payload must be a string or an Uint8Array instance");
+  let u = !1;
+  typeof t == "function" && (t = await t(r, e), u = !0), et(c, t, "verify");
+  const m = Ke(P.encode(e.protected ?? ""), P.encode("."), typeof e.payload == "string" ? P.encode(e.payload) : e.payload);
+  let f;
   try {
-    l = N(e.signature);
+    f = x(e.signature);
   } catch {
-    throw new d("Failed to base64url decode the signature");
+    throw new h("Failed to base64url decode the signature");
   }
-  if (!await Ke(i, t, l, y))
-    throw new _e();
-  let m;
-  if (n)
+  if (!await at(c, t, f, m))
+    throw new je();
+  let E;
+  if (a)
     try {
-      m = N(e.payload);
+      E = x(e.payload);
     } catch {
-      throw new d("Failed to base64url decode the payload");
+      throw new h("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? m = v.encode(e.payload) : m = e.payload;
-  const h = { payload: m };
-  return e.protected !== void 0 && (h.protectedHeader = r), e.header !== void 0 && (h.unprotectedHeader = e.header), p ? { ...h, key: t } : h;
-}
-async function xe(e, t, o) {
-  if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
-    throw new d("Compact JWS must be a string or Uint8Array");
-  const { 0: r, 1: a, 2: s, length: n } = e.split(".");
-  if (n !== 3)
-    throw new d("Invalid Compact JWS");
-  const i = await We({ payload: a, protected: r, signature: s }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
-  return typeof t == "function" ? { ...c, key: i.key } : c;
-}
-const je = (e) => Math.floor(e.getTime() / 1e3), ae = 60, ne = ae * 60, j = ne * 24, Me = j * 7, Ve = j * 365.25, Ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, B = (e) => {
-  const t = Ye.exec(e);
+    typeof e.payload == "string" ? E = P.encode(e.payload) : E = e.payload;
+  const y = { payload: E };
+  return e.protected !== void 0 && (y.protectedHeader = r), e.header !== void 0 && (y.unprotectedHeader = e.header), u ? { ...y, key: t } : y;
+}
+async function it(e, t, o) {
+  if (e instanceof Uint8Array && (e = J.decode(e)), typeof e != "string")
+    throw new h("Compact JWS must be a string or Uint8Array");
+  const { 0: r, 1: n, 2: s, length: a } = e.split(".");
+  if (a !== 3)
+    throw new h("Invalid Compact JWS");
+  const c = await st({ payload: n, protected: r, signature: s }, t, o), i = { payload: c.payload, protectedHeader: c.protectedHeader };
+  return typeof t == "function" ? { ...i, key: c.key } : i;
+}
+const ct = (e) => Math.floor(e.getTime() / 1e3), Ee = 60, Ae = Ee * 60, X = Ae * 24, ut = X * 7, dt = X * 365.25, lt = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, ne = (e) => {
+  const t = lt.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const o = parseFloat(t[2]), r = t[3].toLowerCase();
-  let a;
+  let n;
   switch (r) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      a = Math.round(o);
+      n = Math.round(o);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      a = Math.round(o * ae);
+      n = Math.round(o * Ee);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      a = Math.round(o * ne);
+      n = Math.round(o * Ae);
       break;
     case "day":
     case "days":
     case "d":
-      a = Math.round(o * j);
+      n = Math.round(o * X);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(o * Me);
+      n = Math.round(o * ut);
       break;
     default:
-      a = Math.round(o * Ve);
+      n = Math.round(o * dt);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, F = (e) => e.toLowerCase().replace(/^application\//, ""), Ge = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Be = (e, t, o = {}) => {
+  return t[1] === "-" || t[4] === "ago" ? -n : n;
+}, ae = (e) => e.toLowerCase().replace(/^application\//, ""), ht = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, pt = (e, t, o = {}) => {
   let r;
   try {
-    r = JSON.parse(C.decode(t));
+    r = JSON.parse(J.decode(t));
   } catch {
   }
-  if (!W(r))
-    throw new ee("JWT Claims Set must be a top-level JSON object");
-  const { typ: a } = o;
-  if (a && (typeof e.typ != "string" || F(e.typ) !== F(a)))
-    throw new S('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: s = [], issuer: n, subject: i, audience: c, maxTokenAge: p } = o, y = [...s];
-  p !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), n !== void 0 && y.push("iss");
-  for (const w of new Set(y.reverse()))
-    if (!(w in r))
-      throw new S(`missing required "${w}" claim`, r, w, "missing");
-  if (n && !(Array.isArray(n) ? n : [n]).includes(r.iss))
-    throw new S('unexpected "iss" claim value', r, "iss", "check_failed");
-  if (i && r.sub !== i)
-    throw new S('unexpected "sub" claim value', r, "sub", "check_failed");
-  if (c && !Ge(r.aud, typeof c == "string" ? [c] : c))
-    throw new S('unexpected "aud" claim value', r, "aud", "check_failed");
-  let l;
+  if (!B(r))
+    throw new me("JWT Claims Set must be a top-level JSON object");
+  const { typ: n } = o;
+  if (n && (typeof e.typ != "string" || ae(e.typ) !== ae(n)))
+    throw new w('unexpected "typ" JWT header value', r, "typ", "check_failed");
+  const { requiredClaims: s = [], issuer: a, subject: c, audience: i, maxTokenAge: u } = o, m = [...s];
+  u !== void 0 && m.push("iat"), i !== void 0 && m.push("aud"), c !== void 0 && m.push("sub"), a !== void 0 && m.push("iss");
+  for (const p of new Set(m.reverse()))
+    if (!(p in r))
+      throw new w(`missing required "${p}" claim`, r, p, "missing");
+  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
+    throw new w('unexpected "iss" claim value', r, "iss", "check_failed");
+  if (c && r.sub !== c)
+    throw new w('unexpected "sub" claim value', r, "sub", "check_failed");
+  if (i && !ht(r.aud, typeof i == "string" ? [i] : i))
+    throw new w('unexpected "aud" claim value', r, "aud", "check_failed");
+  let f;
   switch (typeof o.clockTolerance) {
     case "string":
-      l = B(o.clockTolerance);
+      f = ne(o.clockTolerance);
       break;
     case "number":
-      l = o.clockTolerance;
+      f = o.clockTolerance;
       break;
     case "undefined":
-      l = 0;
+      f = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: m } = o, h = je(m || /* @__PURE__ */ new Date());
-  if ((r.iat !== void 0 || p) && typeof r.iat != "number")
-    throw new S('"iat" claim must be a number', r, "iat", "invalid");
+  const { currentDate: E } = o, y = ct(E || /* @__PURE__ */ new Date());
+  if ((r.iat !== void 0 || u) && typeof r.iat != "number")
+    throw new w('"iat" claim must be a number', r, "iat", "invalid");
   if (r.nbf !== void 0) {
     if (typeof r.nbf != "number")
-      throw new S('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > h + l)
-      throw new S('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
+      throw new w('"nbf" claim must be a number', r, "nbf", "invalid");
+    if (r.nbf > y + f)
+      throw new w('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
   }
   if (r.exp !== void 0) {
     if (typeof r.exp != "number")
-      throw new S('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= h - l)
-      throw new V('"exp" claim timestamp check failed', r, "exp", "check_failed");
+      throw new w('"exp" claim must be a number', r, "exp", "invalid");
+    if (r.exp <= y - f)
+      throw new te('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
-  if (p) {
-    const w = h - r.iat, O = typeof p == "number" ? p : B(p);
-    if (w - l > O)
-      throw new V('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
-    if (w < 0 - l)
-      throw new S('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+  if (u) {
+    const p = y - r.iat, v = typeof u == "number" ? u : ne(u);
+    if (p - f > v)
+      throw new te('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (p < 0 - f)
+      throw new w('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
   }
   return r;
 };
-async function Fe(e, t, o) {
+async function ft(e, t, o) {
   var r;
-  const a = await xe(e, t, o);
-  if ((r = a.protectedHeader.crit) != null && r.includes("b64") && a.protectedHeader.b64 === !1)
-    throw new ee("JWTs MUST NOT use unencoded payload");
-  const s = { payload: Be(a.protectedHeader, a.payload, o), protectedHeader: a.protectedHeader };
-  return typeof t == "function" ? { ...s, key: a.key } : s;
+  const n = await it(e, t, o);
+  if ((r = n.protectedHeader.crit) != null && r.includes("b64") && n.protectedHeader.b64 === !1)
+    throw new me("JWTs MUST NOT use unencoded payload");
+  const s = { payload: pt(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...s, key: n.key } : s;
 }
-const qe = {
-  ID_TOKEN: "id_token",
-  ACCESS_TOKEN: "token",
-  ID_AND_ACCESS_TOKEN: "id_token token"
-}, ze = {
-  CLIENT_ID: "X-Auth-ClientId"
-}, _ = {
-  ALG: "RS256",
-  USER_ID_KEY: "_id",
-  TOKEN_ID_KEY: "__raw",
-  NONCE_KEY: "_nonce",
-  ISSUER: "gizmette.com"
-}, Xe = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
-w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
-i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
-aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
-l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
-sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
-awIDAQAB
------END PUBLIC KEY-----`, se = async (e, t) => {
+const be = async (e) => {
   try {
-    const o = _.ALG, r = await Oe(Xe, o);
-    return await Fe(e, r, {
-      issuer: _.ISSUER,
-      audience: t
+    const t = _.ALG, o = await Xe(Je, t);
+    return await ft(e, o, {
+      issuer: _.ISSUER
     });
   } catch {
     return;
   }
 };
-function ie(e, t) {
+var d = [];
+for (var M = 0; M < 256; ++M)
+  d.push((M + 256).toString(16).slice(1));
+function yt(e, t = 0) {
+  return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
+}
+var U, mt = new Uint8Array(16);
+function wt() {
+  if (!U && (U = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !U))
+    throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
+  return U(mt);
+}
+var gt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const se = {
+  randomUUID: gt
+};
+function ie(e, t, o) {
+  if (se.randomUUID && !t && !e)
+    return se.randomUUID();
+  e = e || {};
+  var r = e.random || (e.rng || wt)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, yt(r);
+}
+const ce = globalThis.crypto, St = (e) => `${ie()}${ie()}`.slice(0, e), Et = (e) => btoa(
+  [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
+);
+async function At(e) {
+  if (!ce.subtle)
+    throw new Error(
+      "crypto.subtle is available only in secure contexts (HTTPS)."
+    );
+  const t = new TextEncoder().encode(e), o = await ce.subtle.digest("SHA-256", t);
+  return Et(o).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+async function bt(e) {
+  const o = St(43), r = await At(o);
+  return {
+    code_verifier: o,
+    code_challenge: r
+  };
+}
+function _e(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const q = (e, t) => {
+const ue = (e, t) => {
   const o = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, o), ie(e, o);
-}, Qe = (e) => {
-  window.localStorage.removeItem(e), ie(e, null);
-}, z = (e) => window.localStorage.getItem(e), Ze = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function U({
+  window.localStorage.setItem(e, o), _e(e, o);
+}, _t = (e) => {
+  window.localStorage.removeItem(e), _e(e, null);
+}, de = (e) => window.localStorage.getItem(e), Tt = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function N({
   key: e,
   initialValue: t
 }) {
-  const o = () => z(e), r = I.useSyncExternalStore(
-    Ze,
+  const o = () => de(e), r = C.useSyncExternalStore(
+    Tt,
     o
-  ), a = I.useCallback(
-    (i) => {
+  ), n = C.useCallback(
+    (c) => {
       try {
-        const c = typeof i == "function" ? i(JSON.parse(r)) : i;
-        c == null ? Qe(e) : q(e, c);
-      } catch (c) {
-        console.warn(c);
+        const i = typeof c == "function" ? c(JSON.parse(r)) : c;
+        i == null ? _t(e) : ue(e, i);
+      } catch (i) {
+        console.warn(i);
       }
     },
     [e, r]
-  ), s = I.useCallback(() => {
-    a(t);
-  }, [t, a]), n = I.useCallback(() => {
-    a(null);
-  }, [a]);
-  return I.useEffect(() => {
+  ), s = C.useCallback(() => {
+    n(t);
+  }, [t, n]), a = C.useCallback(() => {
+    n(null);
+  }, [n]);
+  return C.useEffect(() => {
     try {
-      z(e) === null && typeof t < "u" && q(e, t);
-    } catch (i) {
-      console.warn(i);
+      de(e) === null && typeof t < "u" && ue(e, t);
+    } catch (c) {
+      console.warn(c);
     }
-  }, [e, t]), [r ? JSON.parse(r) : null, a, s, n];
+  }, [e, t]), [r ? JSON.parse(r) : null, n, s, a];
 }
-var u = [];
-for (var H = 0; H < 256; ++H)
-  u.push((H + 256).toString(16).slice(1));
-function et(e, t = 0) {
-  return (u[e[t + 0]] + u[e[t + 1]] + u[e[t + 2]] + u[e[t + 3]] + "-" + u[e[t + 4]] + u[e[t + 5]] + "-" + u[e[t + 6]] + u[e[t + 7]] + "-" + u[e[t + 8]] + u[e[t + 9]] + "-" + u[e[t + 10]] + u[e[t + 11]] + u[e[t + 12]] + u[e[t + 13]] + u[e[t + 14]] + u[e[t + 15]]).toLowerCase();
+var l = [];
+for (var V = 0; V < 256; ++V)
+  l.push((V + 256).toString(16).slice(1));
+function vt(e, t = 0) {
+  return (l[e[t + 0]] + l[e[t + 1]] + l[e[t + 2]] + l[e[t + 3]] + "-" + l[e[t + 4]] + l[e[t + 5]] + "-" + l[e[t + 6]] + l[e[t + 7]] + "-" + l[e[t + 8]] + l[e[t + 9]] + "-" + l[e[t + 10]] + l[e[t + 11]] + l[e[t + 12]] + l[e[t + 13]] + l[e[t + 14]] + l[e[t + 15]]).toLowerCase();
 }
-var k, tt = new Uint8Array(16);
-function rt() {
-  if (!k && (k = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !k))
+var H, It = new Uint8Array(16);
+function Rt() {
+  if (!H && (H = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !H))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return k(tt);
+  return H(It);
 }
-var ot = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const X = {
-  randomUUID: ot
+var kt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const le = {
+  randomUUID: kt
 };
-function at(e, t, o) {
-  if (X.randomUUID && !t && !e)
-    return X.randomUUID();
+function Ct(e, t, o) {
+  if (le.randomUUID && !t && !e)
+    return le.randomUUID();
   e = e || {};
-  var r = e.random || (e.rng || rt)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, et(r);
+  var r = e.random || (e.rng || Rt)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, vt(r);
 }
-const L = "Oops! It looks like your session has expired. For your security, please log in again to continue.", nt = "Your session has been successfully terminated.", st = "Login failed. Please try again.", it = "You forgot to wrap your component in <AuthProvider>.", Q = {
+const G = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Ot = "Your session has been successfully terminated.", he = "Login failed. Please try again.", Pt = "You forgot to wrap your component in <AuthProvider>.", pe = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com"
-}, $ = "@@auth@@", ct = process.env.NODE_ENV === "production", ut = !ct, ce = {
-  AUTHENTICATE: "authenticate",
-  LOGOUT: "logout"
-}, ue = async ({ type: e, params: t = {} }) => {
+}, L = "@@auth@@", Dt = process.env.NODE_ENV === "production", Ut = !Dt, Q = async ({
+  type: e,
+  clientId: t,
+  params: o = {}
+}) => {
   try {
-    const o = await fetch(
-      ut ? `${Q.dev}/${e}` : `${Q.prod}/${e}`,
+    const r = await fetch(
+      Ut ? `${pe.dev}/${e}` : `${pe.prod}/${e}`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [ze.CLIENT_ID]: `${t.clientId}`
+          [$e.CLIENT_ID]: `${t}`
         },
-        body: JSON.stringify(t)
+        body: JSON.stringify(o)
       }
     );
-    if (o.status !== 200)
-      return { status: o.status, data: [] };
-    const { data: r, errors: a } = await o.json();
+    if (r.status !== 200)
+      return { status: r.status, data: [] };
+    const { data: n, errors: s } = await r.json();
     return {
-      status: o.status,
-      data: r,
-      errors: a
+      status: r.status,
+      data: n,
+      errors: s
     };
-  } catch (o) {
-    return console.error(o), { status: 500, data: [] };
+  } catch (r) {
+    return console.error(r), { status: 500, data: [] };
   }
-}, J = async ({
+}, Y = async ({
   idToken: e,
   accessToken: t,
-  clientId: o
+  refreshToken: o,
+  clientId: r
 }) => {
   try {
     return {
-      status: (await ue({
-        type: ce.LOGOUT,
+      status: (await Q({
+        type: q.LOGOUT,
+        clientId: r,
         params: {
           idToken: e,
           accessToken: t,
-          clientId: o
+          refreshToken: o
         }
       })).status === 200
     };
@@ -748,29 +796,35 @@ const L = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, dt = async ({
+}, fe = async ({
   username: e,
   password: t,
   clientId: o,
   nonce: r,
-  sessionExpiration: a
+  type: n,
+  sessionExpiration: s,
+  code: a,
+  code_verifier: c
 }) => {
   try {
-    const s = await ue({
-      type: ce.AUTHENTICATE,
+    const i = await Q({
+      type: q.AUTHENTICATE,
+      clientId: o,
       params: {
-        type: qe.ID_AND_ACCESS_TOKEN,
+        type: n || F.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
-        sessionExpiration: a,
-        clientId: o,
-        nonce: r
+        sessionExpiration: s,
+        nonce: r,
+        code: a,
+        code_verifier: c
       }
-    }), n = await se(s.data.idToken, o);
-    return n && n.payload[_.USER_ID_KEY] !== "" && n.payload[_.NONCE_KEY] === r ? {
-      idToken: s.data.idToken,
-      accessToken: s.data.accessToken,
-      userId: n.payload[_.USER_ID_KEY],
+    }), u = await be(i.data.idToken);
+    return u && u.payload[_.USER_ID_KEY] !== "" && u.payload[_.NONCE_KEY] === r ? {
+      idToken: i.data.idToken,
+      accessToken: i.data.accessToken,
+      refreshToken: i.data.refreshToken,
+      userId: u.payload[_.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -780,112 +834,170 @@ const L = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, K = () => {
-  throw new Error(it);
-}, de = fe({
+}, Nt = async ({
+  nonce: e,
+  clientId: t,
+  code_challenge: o
+}) => {
+  try {
+    const r = await Q({
+      type: q.CODE,
+      clientId: t,
+      params: {
+        type: F.CODE,
+        nonce: e,
+        code_challenge: o
+      }
+    });
+    return r.data.code ? {
+      status: !0,
+      code: r.data.code
+    } : {
+      status: !1
+    };
+  } catch {
+    return {
+      status: !1
+    };
+  }
+}, $ = () => {
+  throw new Error(Pt);
+}, Te = De({
   isAuthenticated: !1,
   isLoading: !1,
-  login: K,
-  logout: K,
-  getAccessToken: K,
-  logoutReason: "",
-  idTokenClaims: null
-}), yt = ({
+  login: $,
+  logout: $,
+  getAccessToken: $,
+  getIdToken: $,
+  logoutReason: ""
+}), Jt = ({
   children: e,
   sessionExpiration: t,
   clientId: o
 }) => {
-  const [r, a, , s] = U({
-    key: `${$}::${o}::@@user@@`
-  }), [n, i, , c] = U({
-    key: `${$}::${o}::@@access@@`
-  }), [, p, , y] = U({
-    key: `${$}::${o}::@@nonce@@`
-  }), [l, m] = ye({
+  const [r, n, , s] = N({
+    key: `${L}::${o}::@@user@@`
+  }), [a, c, , i] = N({
+    key: `${L}::${o}::@@access@@`
+  }), [u, m, , f] = N(
+    {
+      key: `${L}::${o}::@@refresh@@`
+    }
+  ), [, E, , y] = N({
+    key: `${L}::${o}::@@nonce@@`
+  }), [p, v] = Ue({
     isLoading: !0,
     isAuthenticated: !1,
-    logoutReason: "",
     userId: "",
-    idTokenClaims: null
-  }), h = me(
-    (f) => {
-      m({
+    logoutReason: ""
+  }), I = Ne(
+    (g) => {
+      v({
         isLoading: !1,
         isAuthenticated: !1,
-        logoutReason: f || L,
         userId: "",
-        idTokenClaims: null
-      }), s(), c(), y();
+        logoutReason: g || G
+      }), s(), i(), f(), y();
     },
-    [s, c, y]
+    [s, i, y, f]
   );
-  we(() => {
-    l.isLoading && r !== null && (async () => {
+  He(() => {
+    p.isLoading && r !== null && (async () => {
       try {
-        const f = await se(r, o);
-        f && f.payload[_.USER_ID_KEY] !== "" ? m({
+        const g = await be(r);
+        g && g.payload[_.USER_ID_KEY] !== "" ? v({
           isLoading: !1,
           isAuthenticated: !0,
-          logoutReason: "",
-          userId: f.payload[_.USER_ID_KEY],
-          idTokenClaims: {
-            ...f == null ? void 0 : f.payload,
-            [_.TOKEN_ID_KEY]: r
-          }
-        }) : (h(L), await J({
+          userId: g.payload[_.USER_ID_KEY],
+          logoutReason: ""
+        }) : (I(G), await Y({
           idToken: r,
-          accessToken: n,
+          accessToken: a,
+          refreshToken: u,
           clientId: o
         }));
       } catch {
-        h(L), await J({
+        I(G), await Y({
           idToken: r,
-          accessToken: n,
+          accessToken: a,
+          refreshToken: u,
           clientId: o
         });
       }
     })();
   }, [
-    l.isLoading,
-    n,
+    p.isLoading,
+    a,
     r,
+    u,
     o,
-    h
+    I
   ]);
-  const w = async (f, he) => {
-    const M = at();
-    p(M);
-    const T = await dt({
-      username: f,
-      password: he,
+  const ve = async (g, Z, W) => {
+    const O = Ct();
+    if (E(O), W === F.CODE) {
+      const { code_verifier: Ce, code_challenge: Oe } = await bt(), ee = await Nt({
+        nonce: O,
+        clientId: o,
+        code_challenge: Oe
+      });
+      if (ee.status) {
+        const k = await fe({
+          username: g,
+          password: Z,
+          clientId: o,
+          sessionExpiration: t,
+          nonce: O,
+          type: W,
+          code: ee.code,
+          code_verifier: Ce
+        });
+        return k.status ? (n(k.idToken), c(k.accessToken), m(k.refreshToken), v({
+          isLoading: !1,
+          isAuthenticated: !0,
+          userId: k.userId,
+          logoutReason: ""
+        }), !0) : (I(he), !1);
+      }
+      return !1;
+    }
+    const R = await fe({
+      username: g,
+      password: Z,
       clientId: o,
       sessionExpiration: t,
-      nonce: M
+      nonce: O,
+      type: W
     });
-    return T.status ? (a(T.idToken), i(T.accessToken), m({
+    return R.status ? (n(R.idToken), c(R.accessToken), m(R.refreshToken), v({
       isLoading: !1,
       isAuthenticated: !0,
-      userId: T.userId
-    }), !0) : (h(st), !1);
-  }, O = async () => {
-    h(nt), await J({
+      userId: R.userId
+    }), !0) : (I(he), !1);
+  }, Ie = async () => {
+    I(Ot), await Y({
       idToken: r,
-      accessToken: n,
+      accessToken: a,
+      refreshToken: u,
       clientId: o
     });
-  }, le = () => {
-    if (l.isAuthenticated && n)
-      return n;
+  }, Re = () => {
+    if (p.isAuthenticated && a)
+      return a;
+  }, ke = () => {
+    if (p.isAuthenticated && r)
+      return r;
   };
-  return /* @__PURE__ */ pe(
-    de.Provider,
+  return /* @__PURE__ */ Pe(
+    Te.Provider,
     {
-      value: { ...l, login: w, logout: O, getAccessToken: le },
+      value: { ...p, login: ve, logout: Ie, getAccessToken: Re, getIdToken: ke },
       children: e
     }
   );
-}, mt = (e = de) => Se(e);
+}, Kt = (e = Te) => Le(e);
 export {
-  yt as AuthProvider,
-  mt as useAuth
+  F as AUTH_TYPES,
+  Jt as AuthProvider,
+  Kt as useAuth
 };