npm - @versini/auth-provider - Versions diffs - 5.2.1 → 5.4.0 - Mend

@versini/auth-provider 5.2.1 → 5.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,50 +1,340 @@
-var Fe = Object.defineProperty;
-var qe = (e, t, r) => t in e ? Fe(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var H = (e, t, r) => qe(e, typeof t != "symbol" ? t + "" : t, r);
-import { jsx as de } from "react/jsx-runtime";
-import ze, { useSyncExternalStore as Xe, useCallback as D, useEffect as ve, createContext as Qe, useReducer as Ze, useRef as et, useContext as tt } from "react";
+var dt = Object.defineProperty;
+var ht = (e, t, r) => t in e ? dt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var M = (e, t, r) => ht(e, typeof t != "symbol" ? t + "" : t, r);
+import { jsx as Te } from "react/jsx-runtime";
+import pt, { useSyncExternalStore as ft, useCallback as x, useEffect as Ke, createContext as yt, useReducer as mt, useRef as Et, useContext as wt } from "react";
 /*!
-  @versini/auth-provider v5.2.1
+  @versini/auth-provider v5.4.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "5.2.1",
-    buildTime: "07/09/2024 07:27 PM EDT",
+    version: "5.4.0",
+    buildTime: "07/15/2024 11:26 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
+function _(e) {
+  const t = new Uint8Array(e);
+  let r = "";
+  for (const a of t)
+    r += String.fromCharCode(a);
+  return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function te(e) {
+  const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), o = new ArrayBuffer(a.length), s = new Uint8Array(o);
+  for (let i = 0; i < a.length; i++)
+    s[i] = a.charCodeAt(i);
+  return o;
+}
+function Ee() {
+  return (window == null ? void 0 : window.PublicKeyCredential) !== void 0 && typeof window.PublicKeyCredential == "function";
+}
+function He(e) {
+  const { id: t } = e;
+  return {
+    ...e,
+    id: te(t),
+    transports: e.transports
+  };
+}
+function $e(e) {
+  return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
+}
+class A extends Error {
+  constructor({ message: t, code: r, cause: n, name: a }) {
+    super(t, { cause: n }), this.name = a ?? n.name, this.code = r;
+  }
+}
+function gt({ error: e, options: t }) {
+  var n, a;
+  const { publicKey: r } = t;
+  if (!r)
+    throw Error("options was missing required publicKey property");
+  if (e.name === "AbortError") {
+    if (t.signal instanceof AbortSignal)
+      return new A({
+        message: "Registration ceremony was sent an abort signal",
+        code: "ERROR_CEREMONY_ABORTED",
+        cause: e
+      });
+  } else if (e.name === "ConstraintError") {
+    if (((n = r.authenticatorSelection) == null ? void 0 : n.requireResidentKey) === !0)
+      return new A({
+        message: "Discoverable credentials were required but no available authenticator supported it",
+        code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
+        cause: e
+      });
+    if (((a = r.authenticatorSelection) == null ? void 0 : a.userVerification) === "required")
+      return new A({
+        message: "User verification was required but no available authenticator supported it",
+        code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
+        cause: e
+      });
+  } else {
+    if (e.name === "InvalidStateError")
+      return new A({
+        message: "The authenticator was previously registered",
+        code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
+        cause: e
+      });
+    if (e.name === "NotAllowedError")
+      return new A({
+        message: e.message,
+        code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
+        cause: e
+      });
+    if (e.name === "NotSupportedError")
+      return r.pubKeyCredParams.filter((s) => s.type === "public-key").length === 0 ? new A({
+        message: 'No entry in pubKeyCredParams was of type "public-key"',
+        code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
+        cause: e
+      }) : new A({
+        message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
+        code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
+        cause: e
+      });
+    if (e.name === "SecurityError") {
+      const o = window.location.hostname;
+      if ($e(o)) {
+        if (r.rp.id !== o)
+          return new A({
+            message: `The RP ID "${r.rp.id}" is invalid for this domain`,
+            code: "ERROR_INVALID_RP_ID",
+            cause: e
+          });
+      } else return new A({
+        message: `${window.location.hostname} is an invalid domain`,
+        code: "ERROR_INVALID_DOMAIN",
+        cause: e
+      });
+    } else if (e.name === "TypeError") {
+      if (r.user.id.byteLength < 1 || r.user.id.byteLength > 64)
+        return new A({
+          message: "User ID was not between 1 and 64 characters",
+          code: "ERROR_INVALID_USER_ID_LENGTH",
+          cause: e
+        });
+    } else if (e.name === "UnknownError")
+      return new A({
+        message: "The authenticator was unable to process the specified options, or could not create a new credential",
+        code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
+        cause: e
+      });
+  }
+  return e;
+}
+class At {
+  createNewAbortSignal() {
+    if (this.controller) {
+      const r = new Error("Cancelling existing WebAuthn API call for new one");
+      r.name = "AbortError", this.controller.abort(r);
+    }
+    const t = new AbortController();
+    return this.controller = t, t.signal;
+  }
+  cancelCeremony() {
+    if (this.controller) {
+      const t = new Error("Manually cancelling existing WebAuthn API call");
+      t.name = "AbortError", this.controller.abort(t), this.controller = void 0;
+    }
+  }
+}
+const Le = new At(), St = ["cross-platform", "platform"];
+function We(e) {
+  if (e && !(St.indexOf(e) < 0))
+    return e;
+}
+async function Tt(e) {
+  var m;
+  if (!Ee())
+    throw new Error("WebAuthn is not supported in this browser");
+  const r = { publicKey: {
+    ...e,
+    challenge: te(e.challenge),
+    user: {
+      ...e.user,
+      id: te(e.user.id)
+    },
+    excludeCredentials: (m = e.excludeCredentials) == null ? void 0 : m.map(He)
+  } };
+  r.signal = Le.createNewAbortSignal();
+  let n;
+  try {
+    n = await navigator.credentials.create(r);
+  } catch (d) {
+    throw gt({ error: d, options: r });
+  }
+  if (!n)
+    throw new Error("Registration was not completed");
+  const { id: a, rawId: o, response: s, type: i } = n;
+  let u;
+  typeof s.getTransports == "function" && (u = s.getTransports());
+  let h;
+  if (typeof s.getPublicKeyAlgorithm == "function")
+    try {
+      h = s.getPublicKeyAlgorithm();
+    } catch (d) {
+      ce("getPublicKeyAlgorithm()", d);
+    }
+  let l;
+  if (typeof s.getPublicKey == "function")
+    try {
+      const d = s.getPublicKey();
+      d !== null && (l = _(d));
+    } catch (d) {
+      ce("getPublicKey()", d);
+    }
+  let f;
+  if (typeof s.getAuthenticatorData == "function")
+    try {
+      f = _(s.getAuthenticatorData());
+    } catch (d) {
+      ce("getAuthenticatorData()", d);
+    }
+  return {
+    id: a,
+    rawId: _(o),
+    response: {
+      attestationObject: _(s.attestationObject),
+      clientDataJSON: _(s.clientDataJSON),
+      transports: u,
+      publicKeyAlgorithm: h,
+      publicKey: l,
+      authenticatorData: f
+    },
+    type: i,
+    clientExtensionResults: n.getClientExtensionResults(),
+    authenticatorAttachment: We(n.authenticatorAttachment)
+  };
+}
+function ce(e, t) {
+  console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
+`, t);
+}
+function Rt() {
+  if (!Ee())
+    return new Promise((t) => t(!1));
+  const e = window.PublicKeyCredential;
+  return e.isConditionalMediationAvailable === void 0 ? new Promise((t) => t(!1)) : e.isConditionalMediationAvailable();
+}
+function It({ error: e, options: t }) {
+  const { publicKey: r } = t;
+  if (!r)
+    throw Error("options was missing required publicKey property");
+  if (e.name === "AbortError") {
+    if (t.signal instanceof AbortSignal)
+      return new A({
+        message: "Authentication ceremony was sent an abort signal",
+        code: "ERROR_CEREMONY_ABORTED",
+        cause: e
+      });
+  } else {
+    if (e.name === "NotAllowedError")
+      return new A({
+        message: e.message,
+        code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
+        cause: e
+      });
+    if (e.name === "SecurityError") {
+      const n = window.location.hostname;
+      if ($e(n)) {
+        if (r.rpId !== n)
+          return new A({
+            message: `The RP ID "${r.rpId}" is invalid for this domain`,
+            code: "ERROR_INVALID_RP_ID",
+            cause: e
+          });
+      } else return new A({
+        message: `${window.location.hostname} is an invalid domain`,
+        code: "ERROR_INVALID_DOMAIN",
+        cause: e
+      });
+    } else if (e.name === "UnknownError")
+      return new A({
+        message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
+        code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
+        cause: e
+      });
+  }
+  return e;
+}
+async function _t(e, t = !1) {
+  var f, m;
+  if (!Ee())
+    throw new Error("WebAuthn is not supported in this browser");
+  let r;
+  ((f = e.allowCredentials) == null ? void 0 : f.length) !== 0 && (r = (m = e.allowCredentials) == null ? void 0 : m.map(He));
+  const n = {
+    ...e,
+    challenge: te(e.challenge),
+    allowCredentials: r
+  }, a = {};
+  if (t) {
+    if (!await Rt())
+      throw Error("Browser does not support WebAuthn autofill");
+    if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1)
+      throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
+    a.mediation = "conditional", n.allowCredentials = [];
+  }
+  a.publicKey = n, a.signal = Le.createNewAbortSignal();
+  let o;
+  try {
+    o = await navigator.credentials.get(a);
+  } catch (d) {
+    throw It({ error: d, options: a });
+  }
+  if (!o)
+    throw new Error("Authentication was not completed");
+  const { id: s, rawId: i, response: u, type: h } = o;
+  let l;
+  return u.userHandle && (l = _(u.userHandle)), {
+    id: s,
+    rawId: _(i),
+    response: {
+      authenticatorData: _(u.authenticatorData),
+      clientDataJSON: _(u.clientDataJSON),
+      signature: _(u.signature),
+      userHandle: l
+    },
+    type: h,
+    clientExtensionResults: o.getClientExtensionResults(),
+    authenticatorAttachment: We(o.authenticatorAttachment)
+  };
+}
 /*!
-  @versini/auth-common v2.11.0
+  @versini/auth-common v2.12.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.11.0",
-    buildTime: "07/09/2024 07:27 PM EDT",
+    version: "2.12.1",
+    buildTime: "07/15/2024 11:26 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const q = {
+const Y = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
-  REFRESH_TOKEN: "refresh_token"
-}, rt = {
+  REFRESH_TOKEN: "refresh_token",
+  PASSKEY: "passkey"
+}, xe = {
   CLIENT_ID: "X-Auth-ClientId"
-}, w = {
+}, S = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
   USERNAME_KEY: "username",
+  AUTH_TYPE_KEY: "auth_type",
   ISSUER: "gizmette.com"
-}, at = `-----BEGIN PUBLIC KEY-----
+}, bt = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -52,33 +342,33 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, z = {
+-----END PUBLIC KEY-----`, ae = {
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, X = crypto, be = (e) => e instanceof CryptoKey, K = new TextEncoder(), Q = new TextDecoder();
-function nt(...e) {
-  const t = e.reduce((n, { length: o }) => n + o, 0), r = new Uint8Array(t);
-  let a = 0;
-  for (const n of e)
-    r.set(n, a), a += n.length;
+}, se = crypto, Ye = (e) => e instanceof CryptoKey, V = new TextEncoder(), oe = new TextDecoder();
+function kt(...e) {
+  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
+  let n = 0;
+  for (const a of e)
+    r.set(a, n), n += a.length;
   return r;
 }
-const st = (e) => {
+const Ot = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
-  for (let a = 0; a < t.length; a++)
-    r[a] = t.charCodeAt(a);
+  for (let n = 0; n < t.length; n++)
+    r[n] = t.charCodeAt(n);
   return r;
-}, Y = (e) => {
+}, Z = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = Q.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = oe.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return st(t);
+    return Ot(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class R extends Error {
+class v extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -87,23 +377,23 @@ class R extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
-class T extends R {
+class I extends v {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = a, this.reason = n, this.payload = r;
+  constructor(t, r, n = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class le extends R {
+class Re extends v {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = a, this.reason = n, this.payload = r;
+  constructor(t, r, n = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ot extends R {
+class Pt extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -111,7 +401,7 @@ class ot extends R {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class v extends R {
+class O extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -119,7 +409,7 @@ class v extends R {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-class f extends R {
+class g extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -127,7 +417,7 @@ class f extends R {
     return "ERR_JWS_INVALID";
   }
 }
-let Ie = class extends R {
+let Ge = class extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -135,7 +425,7 @@ let Ie = class extends R {
     return "ERR_JWT_INVALID";
   }
 };
-class it extends R {
+class vt extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -143,16 +433,16 @@ class it extends R {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function k(e, t = "algorithm.name") {
+function b(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function L(e, t) {
+function J(e, t) {
   return e.name === t;
 }
-function ee(e) {
+function ue(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function ct(e) {
+function Ct(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -164,92 +454,92 @@ function ct(e) {
       throw new Error("unreachable");
   }
 }
-function ut(e, t) {
+function Nt(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
-      const a = t.pop();
-      r += `one of ${t.join(", ")}, or ${a}.`;
+      const n = t.pop();
+      r += `one of ${t.join(", ")}, or ${n}.`;
     } else t.length === 2 ? r += `one of ${t[0]} or ${t[1]}.` : r += `${t[0]}.`;
     throw new TypeError(r);
   }
 }
-function dt(e, t, ...r) {
+function Dt(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!L(e.algorithm, "HMAC"))
-        throw k("HMAC");
-      const a = parseInt(t.slice(2), 10);
-      if (ee(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (!J(e.algorithm, "HMAC"))
+        throw b("HMAC");
+      const n = parseInt(t.slice(2), 10);
+      if (ue(e.algorithm.hash) !== n)
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!L(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw k("RSASSA-PKCS1-v1_5");
-      const a = parseInt(t.slice(2), 10);
-      if (ee(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (!J(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw b("RSASSA-PKCS1-v1_5");
+      const n = parseInt(t.slice(2), 10);
+      if (ue(e.algorithm.hash) !== n)
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!L(e.algorithm, "RSA-PSS"))
-        throw k("RSA-PSS");
-      const a = parseInt(t.slice(2), 10);
-      if (ee(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (!J(e.algorithm, "RSA-PSS"))
+        throw b("RSA-PSS");
+      const n = parseInt(t.slice(2), 10);
+      if (ue(e.algorithm.hash) !== n)
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw k("Ed25519 or Ed448");
+        throw b("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!L(e.algorithm, "ECDSA"))
-        throw k("ECDSA");
-      const a = ct(t);
-      if (e.algorithm.namedCurve !== a)
-        throw k(a, "algorithm.namedCurve");
+      if (!J(e.algorithm, "ECDSA"))
+        throw b("ECDSA");
+      const n = Ct(t);
+      if (e.algorithm.namedCurve !== n)
+        throw b(n, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ut(e, r);
+  Nt(e, r);
 }
-function Re(e, t, ...r) {
-  var a;
+function Me(e, t, ...r) {
+  var n;
   if (r.length > 2) {
-    const n = r.pop();
-    e += `one of type ${r.join(", ")}, or ${n}.`;
+    const a = r.pop();
+    e += `one of type ${r.join(", ")}, or ${a}.`;
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
-  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (a = t.constructor) != null && a.name && (e += ` Received an instance of ${t.constructor.name}`), e;
+  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const he = (e, ...t) => Re("Key must be ", e, ...t);
-function Ce(e, t, ...r) {
-  return Re(`Key for the ${e} algorithm must be `, t, ...r);
+const Ie = (e, ...t) => Me("Key must be ", e, ...t);
+function Ve(e, t, ...r) {
+  return Me(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Pe = (e) => be(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", F = ["CryptoKey"], lt = (...e) => {
+const Je = (e) => Ye(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", re = ["CryptoKey"], Ut = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
   let r;
-  for (const a of t) {
-    const n = Object.keys(a);
+  for (const n of t) {
+    const a = Object.keys(n);
     if (!r || r.size === 0) {
-      r = new Set(n);
+      r = new Set(a);
       continue;
     }
-    for (const o of n) {
+    for (const o of a) {
       if (r.has(o))
         return !1;
       r.add(o);
@@ -257,11 +547,11 @@ const Pe = (e) => be(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) ===
   }
   return !0;
 };
-function ht(e) {
+function Kt(e) {
   return typeof e == "object" && e !== null;
 }
-function oe(e) {
-  if (!ht(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function me(e) {
+  if (!Kt(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -270,14 +560,14 @@ function oe(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const pt = (e, t) => {
+const Ht = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function ft(e) {
+function $t(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -302,7 +592,7 @@ function ft(e) {
           }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
-          throw new v('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -324,7 +614,7 @@ function ft(e) {
           t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new v('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -340,83 +630,83 @@ function ft(e) {
           t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new v('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
     default:
-      throw new v('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+      throw new O('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
   return { algorithm: t, keyUsages: r };
 }
-const yt = async (e) => {
+const Lt = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = ft(e), a = [
+  const { algorithm: t, keyUsages: r } = $t(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
-  ], n = { ...e };
-  return delete n.alg, delete n.use, X.subtle.importKey("jwk", n, ...a);
-}, Oe = (e) => Y(e);
-let te, re;
-const De = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", Ue = async (e, t, r, a) => {
-  let n = e.get(t);
-  if (n != null && n[a])
-    return n[a];
-  const o = await yt({ ...r, alg: a });
-  return n ? n[a] = o : e.set(t, { [a]: o }), o;
-}, wt = (e, t) => {
-  if (De(e)) {
+  ], a = { ...e };
+  return delete a.alg, delete a.use, se.subtle.importKey("jwk", a, ...n);
+}, je = (e) => Z(e);
+let le, de;
+const Fe = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", Be = async (e, t, r, n) => {
+  let a = e.get(t);
+  if (a != null && a[n])
+    return a[n];
+  const o = await Lt({ ...r, alg: n });
+  return a ? a[n] = o : e.set(t, { [n]: o }), o;
+}, Wt = (e, t) => {
+  if (Fe(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Oe(r.k) : (re || (re = /* @__PURE__ */ new WeakMap()), Ue(re, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? je(r.k) : (de || (de = /* @__PURE__ */ new WeakMap()), Be(de, e, r, t));
   }
   return e;
-}, mt = (e, t) => {
-  if (De(e)) {
+}, xt = (e, t) => {
+  if (Fe(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Oe(r.k) : (te || (te = /* @__PURE__ */ new WeakMap()), Ue(te, e, r, t));
+    return r.k ? je(r.k) : (le || (le = /* @__PURE__ */ new WeakMap()), Be(le, e, r, t));
   }
   return e;
-}, Et = { normalizePublicKey: wt, normalizePrivateKey: mt }, _ = (e, t, r = 0) => {
+}, Yt = { normalizePublicKey: Wt, normalizePrivateKey: xt }, k = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
-  const a = e.indexOf(t[0], r);
-  if (a === -1)
+  const n = e.indexOf(t[0], r);
+  if (n === -1)
     return !1;
-  const n = e.subarray(a, a + t.length);
-  return n.length !== t.length ? !1 : n.every((o, s) => o === t[s]) || _(e, t, a + 1);
-}, pe = (e) => {
+  const a = e.subarray(n, n + t.length);
+  return a.length !== t.length ? !1 : a.every((o, s) => o === t[s]) || k(e, t, n + 1);
+}, _e = (e) => {
   switch (!0) {
-    case _(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case k(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case _(e, [43, 129, 4, 0, 34]):
+    case k(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case _(e, [43, 129, 4, 0, 35]):
+    case k(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case _(e, [43, 101, 110]):
+    case k(e, [43, 101, 110]):
       return "X25519";
-    case _(e, [43, 101, 111]):
+    case k(e, [43, 101, 111]):
       return "X448";
-    case _(e, [43, 101, 112]):
+    case k(e, [43, 101, 112]):
       return "Ed25519";
-    case _(e, [43, 101, 113]):
+    case k(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new v("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new O("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, St = async (e, t, r, a, n) => {
+}, Gt = async (e, t, r, n, a) => {
   let o, s;
-  const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
-  switch (a) {
+  const i = new Uint8Array(atob(r.replace(e, "")).split("").map((u) => u.charCodeAt(0)));
+  switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      o = { name: "RSA-PSS", hash: `SHA-${a.slice(-3)}` }, s = ["verify"];
+      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, s = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${a.slice(-3)}` }, s = ["verify"];
+      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, s = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
@@ -424,7 +714,7 @@ const De = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
     case "RSA-OAEP-512":
       o = {
         name: "RSA-OAEP",
-        hash: `SHA-${parseInt(a.slice(-3), 10) || 1}`
+        hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
       }, s = ["encrypt", "wrapKey"];
       break;
     case "ES256":
@@ -440,68 +730,68 @@ const De = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = pe(i);
-      o = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, s = [];
+      const u = _e(i);
+      o = u.startsWith("P-") ? { name: "ECDH", namedCurve: u } : { name: u }, s = [];
       break;
     }
     case "EdDSA":
-      o = { name: pe(i) }, s = ["verify"];
+      o = { name: _e(i) }, s = ["verify"];
       break;
     default:
-      throw new v('Invalid or unsupported "alg" (Algorithm) value');
+      throw new O('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return X.subtle.importKey(t, i, o, !1, s);
-}, gt = (e, t, r) => St(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function At(e, t, r) {
+  return se.subtle.importKey(t, i, o, !1, s);
+}, Mt = (e, t, r) => Gt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Vt(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return gt(e, t);
+  return Mt(e, t);
 }
-const V = (e) => e == null ? void 0 : e[Symbol.toStringTag], Tt = (e, t) => {
+const ee = (e) => e == null ? void 0 : e[Symbol.toStringTag], Jt = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!Pe(t))
-      throw new TypeError(Ce(e, t, ...F, "Uint8Array"));
+    if (!Je(t))
+      throw new TypeError(Ve(e, t, ...re, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${V(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${ee(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, kt = (e, t, r) => {
-  if (!Pe(t))
-    throw new TypeError(Ce(e, t, ...F));
+}, jt = (e, t, r) => {
+  if (!Je(t))
+    throw new TypeError(Ve(e, t, ...re));
   if (t.type === "secret")
-    throw new TypeError(`${V(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${V(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${V(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, _t = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Tt(e, t) : kt(e, t, r);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+}, Ft = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Jt(e, t) : jt(e, t, r);
 };
-function vt(e, t, r, a, n) {
-  if (n.crit !== void 0 && (a == null ? void 0 : a.crit) === void 0)
+function Bt(e, t, r, n, a) {
+  if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
-  if (!a || a.crit === void 0)
+  if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(a.crit) || a.crit.length === 0 || a.crit.some((s) => typeof s != "string" || s.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((s) => typeof s != "string" || s.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
   let o;
   r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
-  for (const s of a.crit) {
+  for (const s of n.crit) {
     if (!o.has(s))
-      throw new v(`Extension Header Parameter "${s}" is not recognized`);
-    if (n[s] === void 0)
+      throw new O(`Extension Header Parameter "${s}" is not recognized`);
+    if (a[s] === void 0)
       throw new e(`Extension Header Parameter "${s}" is missing`);
-    if (o.get(s) && a[s] === void 0)
+    if (o.get(s) && n[s] === void 0)
       throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`);
   }
-  return new Set(a.crit);
+  return new Set(n.crit);
 }
-const bt = (e, t) => {
+const qt = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function It(e, t) {
+function zt(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -523,374 +813,374 @@ function It(e, t) {
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new v(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new O(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function Rt(e, t, r) {
-  if (t = await Et.normalizePublicKey(t, e), be(t))
-    return dt(t, e, r), t;
+async function Qt(e, t, r) {
+  if (t = await Yt.normalizePublicKey(t, e), Ye(t))
+    return Dt(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(he(t, ...F));
-    return X.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+      throw new TypeError(Ie(t, ...re));
+    return se.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(he(t, ...F, "Uint8Array"));
+  throw new TypeError(Ie(t, ...re, "Uint8Array"));
 }
-const Ct = async (e, t, r, a) => {
-  const n = await Rt(e, t, "verify");
-  pt(e, n);
-  const o = It(e, n.algorithm);
+const Xt = async (e, t, r, n) => {
+  const a = await Qt(e, t, "verify");
+  Ht(e, a);
+  const o = zt(e, a.algorithm);
   try {
-    return await X.subtle.verify(o, n, r, a);
+    return await se.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
 };
-async function Pt(e, t, r) {
-  if (!oe(e))
-    throw new f("Flattened JWS must be an object");
+async function Zt(e, t, r) {
+  if (!me(e))
+    throw new g("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new f('Flattened JWS must have either of the "protected" or "header" members');
+    throw new g('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new f("JWS Protected Header incorrect type");
+    throw new g("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new f("JWS Payload missing");
+    throw new g("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new f("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !oe(e.header))
-    throw new f("JWS Unprotected Header incorrect type");
-  let a = {};
+    throw new g("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !me(e.header))
+    throw new g("JWS Unprotected Header incorrect type");
+  let n = {};
   if (e.protected)
     try {
-      const E = Y(e.protected);
-      a = JSON.parse(Q.decode(E));
+      const T = Z(e.protected);
+      n = JSON.parse(oe.decode(T));
     } catch {
-      throw new f("JWS Protected Header is invalid");
+      throw new g("JWS Protected Header is invalid");
     }
-  if (!lt(a, e.header))
-    throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const n = {
-    ...a,
+  if (!Ut(n, e.header))
+    throw new g("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const a = {
+    ...n,
     ...e.header
-  }, o = vt(f, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, a, n);
+  }, o = Bt(g, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
   let s = !0;
-  if (o.has("b64") && (s = a.b64, typeof s != "boolean"))
-    throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: i } = n;
+  if (o.has("b64") && (s = n.b64, typeof s != "boolean"))
+    throw new g('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: i } = a;
   if (typeof i != "string" || !i)
-    throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = r && bt("algorithms", r.algorithms);
-  if (c && !c.has(i))
-    throw new ot('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new g('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const u = r && qt("algorithms", r.algorithms);
+  if (u && !u.has(i))
+    throw new Pt('"alg" (Algorithm) Header Parameter value not allowed');
   if (s) {
     if (typeof e.payload != "string")
-      throw new f("JWS Payload must be a string");
+      throw new g("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new f("JWS Payload must be a string or an Uint8Array instance");
-  let d = !1;
-  typeof t == "function" && (t = await t(a, e), d = !0), _t(i, t, "verify");
-  const l = nt(K.encode(e.protected ?? ""), K.encode("."), typeof e.payload == "string" ? K.encode(e.payload) : e.payload);
-  let y;
+    throw new g("JWS Payload must be a string or an Uint8Array instance");
+  let h = !1;
+  typeof t == "function" && (t = await t(n, e), h = !0), Ft(i, t, "verify");
+  const l = kt(V.encode(e.protected ?? ""), V.encode("."), typeof e.payload == "string" ? V.encode(e.payload) : e.payload);
+  let f;
   try {
-    y = Y(e.signature);
+    f = Z(e.signature);
   } catch {
-    throw new f("Failed to base64url decode the signature");
+    throw new g("Failed to base64url decode the signature");
   }
-  if (!await Ct(i, t, y, l))
-    throw new it();
-  let S;
+  if (!await Xt(i, t, f, l))
+    throw new vt();
+  let m;
   if (s)
     try {
-      S = Y(e.payload);
+      m = Z(e.payload);
     } catch {
-      throw new f("Failed to base64url decode the payload");
+      throw new g("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? S = K.encode(e.payload) : S = e.payload;
-  const m = { payload: S };
-  return e.protected !== void 0 && (m.protectedHeader = a), e.header !== void 0 && (m.unprotectedHeader = e.header), d ? { ...m, key: t } : m;
+  else typeof e.payload == "string" ? m = V.encode(e.payload) : m = e.payload;
+  const d = { payload: m };
+  return e.protected !== void 0 && (d.protectedHeader = n), e.header !== void 0 && (d.unprotectedHeader = e.header), h ? { ...d, key: t } : d;
 }
-async function Ot(e, t, r) {
-  if (e instanceof Uint8Array && (e = Q.decode(e)), typeof e != "string")
-    throw new f("Compact JWS must be a string or Uint8Array");
-  const { 0: a, 1: n, 2: o, length: s } = e.split(".");
+async function er(e, t, r) {
+  if (e instanceof Uint8Array && (e = oe.decode(e)), typeof e != "string")
+    throw new g("Compact JWS must be a string or Uint8Array");
+  const { 0: n, 1: a, 2: o, length: s } = e.split(".");
   if (s !== 3)
-    throw new f("Invalid Compact JWS");
-  const i = await Pt({ payload: n, protected: a, signature: o }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
-  return typeof t == "function" ? { ...c, key: i.key } : c;
+    throw new g("Invalid Compact JWS");
+  const i = await Zt({ payload: a, protected: n, signature: o }, t, r), u = { payload: i.payload, protectedHeader: i.protectedHeader };
+  return typeof t == "function" ? { ...u, key: i.key } : u;
 }
-const Dt = (e) => Math.floor(e.getTime() / 1e3), Ne = 60, He = Ne * 60, ie = He * 24, Ut = ie * 7, Nt = ie * 365.25, Ht = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, fe = (e) => {
-  const t = Ht.exec(e);
+const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze * 24, rr = we * 7, nr = we * 365.25, ar = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, be = (e) => {
+  const t = ar.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
-  const r = parseFloat(t[2]), a = t[3].toLowerCase();
-  let n;
-  switch (a) {
+  const r = parseFloat(t[2]), n = t[3].toLowerCase();
+  let a;
+  switch (n) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      n = Math.round(r);
+      a = Math.round(r);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      n = Math.round(r * Ne);
+      a = Math.round(r * qe);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      n = Math.round(r * He);
+      a = Math.round(r * ze);
       break;
     case "day":
     case "days":
     case "d":
-      n = Math.round(r * ie);
+      a = Math.round(r * we);
       break;
     case "week":
     case "weeks":
     case "w":
-      n = Math.round(r * Ut);
+      a = Math.round(r * rr);
       break;
     default:
-      n = Math.round(r * Nt);
+      a = Math.round(r * nr);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, ye = (e) => e.toLowerCase().replace(/^application\//, ""), Kt = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Lt = (e, t, r = {}) => {
-  let a;
+  return t[1] === "-" || t[4] === "ago" ? -a : a;
+}, ke = (e) => e.toLowerCase().replace(/^application\//, ""), sr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, or = (e, t, r = {}) => {
+  let n;
   try {
-    a = JSON.parse(Q.decode(t));
+    n = JSON.parse(oe.decode(t));
   } catch {
   }
-  if (!oe(a))
-    throw new Ie("JWT Claims Set must be a top-level JSON object");
-  const { typ: n } = r;
-  if (n && (typeof e.typ != "string" || ye(e.typ) !== ye(n)))
-    throw new T('unexpected "typ" JWT header value', a, "typ", "check_failed");
-  const { requiredClaims: o = [], issuer: s, subject: i, audience: c, maxTokenAge: d } = r, l = [...o];
-  d !== void 0 && l.push("iat"), c !== void 0 && l.push("aud"), i !== void 0 && l.push("sub"), s !== void 0 && l.push("iss");
-  for (const E of new Set(l.reverse()))
-    if (!(E in a))
-      throw new T(`missing required "${E}" claim`, a, E, "missing");
-  if (s && !(Array.isArray(s) ? s : [s]).includes(a.iss))
-    throw new T('unexpected "iss" claim value', a, "iss", "check_failed");
-  if (i && a.sub !== i)
-    throw new T('unexpected "sub" claim value', a, "sub", "check_failed");
-  if (c && !Kt(a.aud, typeof c == "string" ? [c] : c))
-    throw new T('unexpected "aud" claim value', a, "aud", "check_failed");
-  let y;
+  if (!me(n))
+    throw new Ge("JWT Claims Set must be a top-level JSON object");
+  const { typ: a } = r;
+  if (a && (typeof e.typ != "string" || ke(e.typ) !== ke(a)))
+    throw new I('unexpected "typ" JWT header value', n, "typ", "check_failed");
+  const { requiredClaims: o = [], issuer: s, subject: i, audience: u, maxTokenAge: h } = r, l = [...o];
+  h !== void 0 && l.push("iat"), u !== void 0 && l.push("aud"), i !== void 0 && l.push("sub"), s !== void 0 && l.push("iss");
+  for (const T of new Set(l.reverse()))
+    if (!(T in n))
+      throw new I(`missing required "${T}" claim`, n, T, "missing");
+  if (s && !(Array.isArray(s) ? s : [s]).includes(n.iss))
+    throw new I('unexpected "iss" claim value', n, "iss", "check_failed");
+  if (i && n.sub !== i)
+    throw new I('unexpected "sub" claim value', n, "sub", "check_failed");
+  if (u && !sr(n.aud, typeof u == "string" ? [u] : u))
+    throw new I('unexpected "aud" claim value', n, "aud", "check_failed");
+  let f;
   switch (typeof r.clockTolerance) {
     case "string":
-      y = fe(r.clockTolerance);
+      f = be(r.clockTolerance);
       break;
     case "number":
-      y = r.clockTolerance;
+      f = r.clockTolerance;
       break;
     case "undefined":
-      y = 0;
+      f = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: S } = r, m = Dt(S || /* @__PURE__ */ new Date());
-  if ((a.iat !== void 0 || d) && typeof a.iat != "number")
-    throw new T('"iat" claim must be a number', a, "iat", "invalid");
-  if (a.nbf !== void 0) {
-    if (typeof a.nbf != "number")
-      throw new T('"nbf" claim must be a number', a, "nbf", "invalid");
-    if (a.nbf > m + y)
-      throw new T('"nbf" claim timestamp check failed', a, "nbf", "check_failed");
+  const { currentDate: m } = r, d = tr(m || /* @__PURE__ */ new Date());
+  if ((n.iat !== void 0 || h) && typeof n.iat != "number")
+    throw new I('"iat" claim must be a number', n, "iat", "invalid");
+  if (n.nbf !== void 0) {
+    if (typeof n.nbf != "number")
+      throw new I('"nbf" claim must be a number', n, "nbf", "invalid");
+    if (n.nbf > d + f)
+      throw new I('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
   }
-  if (a.exp !== void 0) {
-    if (typeof a.exp != "number")
-      throw new T('"exp" claim must be a number', a, "exp", "invalid");
-    if (a.exp <= m - y)
-      throw new le('"exp" claim timestamp check failed', a, "exp", "check_failed");
+  if (n.exp !== void 0) {
+    if (typeof n.exp != "number")
+      throw new I('"exp" claim must be a number', n, "exp", "invalid");
+    if (n.exp <= d - f)
+      throw new Re('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
-  if (d) {
-    const E = m - a.iat, C = typeof d == "number" ? d : fe(d);
-    if (E - y > C)
-      throw new le('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
-    if (E < 0 - y)
-      throw new T('"iat" claim timestamp check failed (it should be in the past)', a, "iat", "check_failed");
+  if (h) {
+    const T = d - n.iat, C = typeof h == "number" ? h : be(h);
+    if (T - f > C)
+      throw new Re('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
+    if (T < 0 - f)
+      throw new I('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
-  return a;
+  return n;
 };
-async function $t(e, t, r) {
-  var a;
-  const n = await Ot(e, t, r);
-  if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new Ie("JWTs MUST NOT use unencoded payload");
-  const o = { payload: Lt(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...o, key: n.key } : o;
+async function ir(e, t, r) {
+  var n;
+  const a = await er(e, t, r);
+  if ((n = a.protectedHeader.crit) != null && n.includes("b64") && a.protectedHeader.b64 === !1)
+    throw new Ge("JWTs MUST NOT use unencoded payload");
+  const o = { payload: or(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
+  return typeof t == "function" ? { ...o, key: a.key } : o;
 }
-const U = async (e) => {
+const G = async (e) => {
   try {
-    const t = w.ALG, r = await At(at, t);
-    return await $t(e, r, {
-      issuer: w.ISSUER
+    const t = S.ALG, r = await Vt(bt, t);
+    return await ir(e, r, {
+      issuer: S.ISSUER
     });
   } catch {
     return;
   }
 };
-var h = [];
-for (var ae = 0; ae < 256; ++ae)
-  h.push((ae + 256).toString(16).slice(1));
-function Wt(e, t = 0) {
-  return (h[e[t + 0]] + h[e[t + 1]] + h[e[t + 2]] + h[e[t + 3]] + "-" + h[e[t + 4]] + h[e[t + 5]] + "-" + h[e[t + 6]] + h[e[t + 7]] + "-" + h[e[t + 8]] + h[e[t + 9]] + "-" + h[e[t + 10]] + h[e[t + 11]] + h[e[t + 12]] + h[e[t + 13]] + h[e[t + 14]] + h[e[t + 15]]).toLowerCase();
+var E = [];
+for (var he = 0; he < 256; ++he)
+  E.push((he + 256).toString(16).slice(1));
+function cr(e, t = 0) {
+  return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
 }
-var $, Jt = new Uint8Array(16);
-function xt() {
-  if (!$ && ($ = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !$))
+var j, ur = new Uint8Array(16);
+function lr() {
+  if (!j && (j = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !j))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return $(Jt);
+  return j(ur);
 }
-var jt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const we = {
-  randomUUID: jt
+var dr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const Oe = {
+  randomUUID: dr
 };
-function me(e, t, r) {
-  if (we.randomUUID && !t && !e)
-    return we.randomUUID();
+function Pe(e, t, r) {
+  if (Oe.randomUUID && !t && !e)
+    return Oe.randomUUID();
   e = e || {};
-  var a = e.random || (e.rng || xt)();
-  return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, Wt(a);
+  var n = e.random || (e.rng || lr)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, cr(n);
 }
-const Ee = globalThis.crypto, Mt = (e) => `${me()}${me()}`.slice(0, e), Yt = (e) => btoa(
+const ve = globalThis.crypto, hr = (e) => `${Pe()}${Pe()}`.slice(0, e), pr = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function Vt(e) {
-  if (!Ee.subtle)
+async function fr(e) {
+  if (!ve.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await Ee.subtle.digest("SHA-256", t);
-  return Yt(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await ve.subtle.digest("SHA-256", t);
+  return pr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function Gt(e) {
-  const r = Mt(43), a = await Vt(r);
+async function yr(e) {
+  const r = hr(43), n = await fr(r);
   return {
     code_verifier: r,
-    code_challenge: a
+    code_challenge: n
   };
 }
-function Ke(e, t) {
+function Qe(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const Se = (e, t) => {
+const Ce = (e, t) => {
   const r = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, r), Ke(e, r);
-}, Bt = (e) => {
-  window.localStorage.removeItem(e), Ke(e, null);
-}, ge = (e) => window.localStorage.getItem(e), Ft = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function W({
+  window.localStorage.setItem(e, r), Qe(e, r);
+}, mr = (e) => {
+  window.localStorage.removeItem(e), Qe(e, null);
+}, Ne = (e) => window.localStorage.getItem(e), Er = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function F({
   key: e,
   initialValue: t
 }) {
-  const r = Xe(Ft, () => ge(e)), a = D(
+  const r = ft(Er, () => Ne(e)), n = x(
     (s) => {
       try {
         const i = typeof s == "function" ? s(JSON.parse(r)) : s;
-        i == null ? Bt(e) : Se(e, i);
+        i == null ? mr(e) : Ce(e, i);
       } catch (i) {
         console.warn(i);
       }
     },
     [e, r]
-  ), n = D(() => {
-    a(t);
-  }, [t, a]), o = D(() => {
-    a(null);
-  }, [a]);
-  return ve(() => {
+  ), a = x(() => {
+    n(t);
+  }, [t, n]), o = x(() => {
+    n(null);
+  }, [n]);
+  return Ke(() => {
     try {
-      ge(e) === null && typeof t < "u" && Se(e, t);
+      Ne(e) === null && typeof t < "u" && Ce(e, t);
     } catch (s) {
       console.warn(s);
     }
-  }, [e, t]), [r ? JSON.parse(r) : null, a, n, o];
+  }, [e, t]), [r ? JSON.parse(r) : null, n, a, o];
 }
-var p = [];
-for (var ne = 0; ne < 256; ++ne)
-  p.push((ne + 256).toString(16).slice(1));
-function qt(e, t = 0) {
-  return (p[e[t + 0]] + p[e[t + 1]] + p[e[t + 2]] + p[e[t + 3]] + "-" + p[e[t + 4]] + p[e[t + 5]] + "-" + p[e[t + 6]] + p[e[t + 7]] + "-" + p[e[t + 8]] + p[e[t + 9]] + "-" + p[e[t + 10]] + p[e[t + 11]] + p[e[t + 12]] + p[e[t + 13]] + p[e[t + 14]] + p[e[t + 15]]).toLowerCase();
+var w = [];
+for (var pe = 0; pe < 256; ++pe)
+  w.push((pe + 256).toString(16).slice(1));
+function wr(e, t = 0) {
+  return (w[e[t + 0]] + w[e[t + 1]] + w[e[t + 2]] + w[e[t + 3]] + "-" + w[e[t + 4]] + w[e[t + 5]] + "-" + w[e[t + 6]] + w[e[t + 7]] + "-" + w[e[t + 8]] + w[e[t + 9]] + "-" + w[e[t + 10]] + w[e[t + 11]] + w[e[t + 12]] + w[e[t + 13]] + w[e[t + 14]] + w[e[t + 15]]).toLowerCase();
 }
-var J, zt = new Uint8Array(16);
-function Xt() {
-  if (!J && (J = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !J))
+var B, gr = new Uint8Array(16);
+function Ar() {
+  if (!B && (B = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !B))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return J(zt);
+  return B(gr);
 }
-var Qt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const Ae = {
-  randomUUID: Qt
+var Sr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const De = {
+  randomUUID: Sr
 };
-function Zt(e, t, r) {
-  if (Ae.randomUUID && !t && !e)
-    return Ae.randomUUID();
+function fe(e, t, r) {
+  if (De.randomUUID && !t && !e)
+    return De.randomUUID();
   e = e || {};
-  var a = e.random || (e.rng || Xt)();
-  return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, qt(a);
+  var n = e.random || (e.rng || Ar)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, wr(n);
 }
-const x = "Oops! It looks like your session has expired. For your security, please log in again to continue.", er = "Your session has been successfully terminated.", Te = "Login failed. Please try again.", se = "Error getting access token, please re-authenticate.", tr = "You forgot to wrap your component in <AuthProvider>.", ke = {
+const q = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Tr = "Your session has been successfully terminated.", z = "Login failed. Please try again.", ye = "Error getting access token, please re-authenticate.", Rr = "You forgot to wrap your component in <AuthProvider>.", ne = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com"
-}, j = "@@auth@@", G = "LOADING", B = "LOGIN", Le = "LOGOUT", rr = process.env.NODE_ENV === "production", ar = !rr, Z = async ({
+}, Q = "@@auth@@", L = "LOADING", W = "LOGIN", Xe = "LOGOUT", Ir = process.env.NODE_ENV === "production", Ze = !Ir, ie = async ({
   type: e,
   clientId: t,
   params: r = {}
 }) => {
   try {
-    const a = await fetch(
-      ar ? `${ke.dev}/${e}` : `${ke.prod}/${e}`,
+    const n = await fetch(
+      Ze ? `${ne.dev}/${e}` : `${ne.prod}/${e}`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [rt.CLIENT_ID]: `${t}`
+          [xe.CLIENT_ID]: `${t}`
         },
         body: JSON.stringify(r)
       }
     );
-    if (a.status !== 200)
-      return { status: a.status, data: [] };
-    const { data: n, errors: o } = await a.json();
+    if (n.status !== 200)
+      return { status: n.status, data: [] };
+    const { data: a, errors: o } = await n.json();
     return {
-      status: a.status,
-      data: n,
+      status: n.status,
+      data: a,
       errors: o
     };
-  } catch (a) {
-    return console.error(a), { status: 500, data: [] };
+  } catch (n) {
+    return console.error(n), { status: 500, data: [] };
   }
-}, nr = async ({
+}, _r = async ({
   userId: e,
   idToken: t,
   accessToken: r,
-  refreshToken: a,
-  clientId: n,
+  refreshToken: n,
+  clientId: a,
   domain: o
 }) => {
   try {
     return {
-      status: (await Z({
-        type: z.LOGOUT,
-        clientId: n,
+      status: (await ie({
+        type: ae.LOGOUT,
+        clientId: a,
         params: {
           userId: e,
           idToken: t,
           accessToken: r,
-          refreshToken: a,
+          refreshToken: n,
           domain: o
         }
       })).status === 200
@@ -900,37 +1190,37 @@ const x = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, _e = async ({
+}, Ue = async ({
   username: e,
   password: t,
   clientId: r,
-  nonce: a,
-  type: n,
+  nonce: n,
+  type: a,
   sessionExpiration: o,
   code: s,
   code_verifier: i,
-  domain: c
+  domain: u
 }) => {
   try {
-    const d = await Z({
-      type: z.AUTHENTICATE,
+    const h = await ie({
+      type: ae.AUTHENTICATE,
       clientId: r,
       params: {
-        type: n || q.ID_AND_ACCESS_TOKEN,
+        type: a || Y.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
         sessionExpiration: o,
-        nonce: a,
+        nonce: n,
         code: s,
         code_verifier: i,
-        domain: c
+        domain: u
       }
-    }), l = await U(d.data.idToken);
-    return l && l.payload[w.USER_ID_KEY] !== "" && l.payload[w.NONCE_KEY] === a ? {
-      idToken: d.data.idToken,
-      accessToken: d.data.accessToken,
-      refreshToken: d.data.refreshToken,
-      userId: l.payload[w.USER_ID_KEY],
+    }), l = await G(h.data.idToken);
+    return l && l.payload[S.USER_ID_KEY] !== "" && l.payload[S.NONCE_KEY] === n ? {
+      idToken: h.data.idToken,
+      accessToken: h.data.accessToken,
+      refreshToken: h.data.refreshToken,
+      userId: l.payload[S.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -940,24 +1230,24 @@ const x = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, sr = async ({
+}, br = async ({
   nonce: e,
   clientId: t,
   code_challenge: r
 }) => {
   try {
-    const a = await Z({
-      type: z.CODE,
+    const n = await ie({
+      type: ae.CODE,
       clientId: t,
       params: {
-        type: q.CODE,
+        type: Y.CODE,
         nonce: e,
         code_challenge: r
       }
     });
-    return a.data.code ? {
+    return n.data.code ? {
       status: !0,
-      code: a.data.code
+      code: n.data.code
     } : {
       status: !1
     };
@@ -966,31 +1256,31 @@ const x = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, or = async ({
+}, kr = async ({
   clientId: e,
   userId: t,
   nonce: r,
-  refreshToken: a,
-  accessToken: n,
+  refreshToken: n,
+  accessToken: a,
   domain: o
 }) => {
   try {
-    const s = await Z({
-      type: z.AUTHENTICATE,
+    const s = await ie({
+      type: ae.AUTHENTICATE,
       clientId: e,
       params: {
-        type: q.REFRESH_TOKEN,
+        type: Y.REFRESH_TOKEN,
         userId: t,
         nonce: r,
-        refreshToken: a,
-        accessToken: n,
+        refreshToken: n,
+        accessToken: a,
         domain: o
       }
-    }), i = await U(s.data.accessToken);
-    return i && i.payload[w.USER_ID_KEY] !== "" && i.payload[w.NONCE_KEY] === r ? {
+    }), i = await G(s.data.accessToken);
+    return i && i.payload[S.USER_ID_KEY] !== "" && i.payload[S.NONCE_KEY] === r ? {
       accessToken: s.data.accessToken,
       refreshToken: s.data.refreshToken,
-      userId: i.payload[w.USER_ID_KEY],
+      userId: i.payload[S.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -1000,25 +1290,150 @@ const x = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
+}, X = {
+  GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
+	$clientId: String!,
+	$username: String!,
+	$id: String!) {
+		getPasskeyRegistrationOptions(clientId: $clientId, username: $username, id: $id) {
+			challenge
+			rp {
+				id
+				name
+			}
+			user {
+				id
+				name
+				displayName
+			}
+			pubKeyCredParams {
+				type
+				alg
+			}
+			timeout
+			attestation
+		}
+	}`,
+  VERIFY_REGISTRATION: `mutation VerifyPasskeyRegistration(
+		$clientId: String!,
+		$username: String!,
+		$id: String!,
+		$registration: RegistrationOptionsInput!) {
+		verifyPasskeyRegistration(
+			clientId: $clientId,
+			username: $username,
+			id: $id,
+			registration: $registration) {
+			status
+			message
+		}
+	}`,
+  GET_AUTHENTICATION_OPTIONS: `mutation GetPasskeyAuthenticationOptions(
+		$id: String!,
+		$clientId: String!,
+		) {
+		getPasskeyAuthenticationOptions(
+			id: $id,
+			clientId: $clientId) {
+				rpId,
+				challenge,
+				allowCredentials,
+				timeout,
+				userVerification,
+		}
+	}`,
+  VERIFY_AUTHENTICATION: `mutation VerifyPasskeyAuthentication(
+		$clientId: String!,
+		$id: String!,
+		$authentication: AuthenticationOptionsInput!,
+		$nonce: String!,
+		$domain: String) {
+		verifyPasskeyAuthentication(
+			clientId: $clientId,
+			id: $id,
+			authentication: $authentication,
+			nonce: $nonce,
+			domain: $domain) {
+				status,
+				idToken,
+				accessToken,
+				refreshToken,
+				userId,
+				username,
+		}
+	}`
+}, D = {
+  GET_REGISTRATION_OPTIONS: {
+    schema: X.GET_REGISTRATION_OPTIONS,
+    method: "getPasskeyRegistrationOptions"
+  },
+  VERIFY_REGISTRATION: {
+    schema: X.VERIFY_REGISTRATION,
+    method: "verifyPasskeyRegistration"
+  },
+  GET_AUTHENTICATION_OPTIONS: {
+    schema: X.GET_AUTHENTICATION_OPTIONS,
+    method: "getPasskeyAuthenticationOptions"
+  },
+  VERIFY_AUTHENTICATION: {
+    schema: X.VERIFY_AUTHENTICATION,
+    method: "verifyPasskeyAuthentication"
+  }
+}, U = async ({
+  accessToken: e,
+  type: t,
+  clientId: r,
+  params: n = {}
+}) => {
+  try {
+    const a = t != null && t.data ? t.data(n) : n, o = `Bearer ${e}`, s = await fetch(
+      Ze ? `${ne.dev}/graphql` : `${ne.prod}/graphql`,
+      {
+        method: "POST",
+        credentials: "include",
+        headers: {
+          authorization: o,
+          "Content-Type": "application/json",
+          Accept: "application/json",
+          [xe.CLIENT_ID]: `${r}`
+        },
+        body: JSON.stringify({
+          query: t.schema,
+          variables: a
+        })
+      }
+    );
+    if (s.status !== 200)
+      return { status: s.status, data: [] };
+    const { data: i, errors: u } = await s.json();
+    return {
+      status: s.status,
+      data: i[t.method],
+      errors: u
+    };
+  } catch (a) {
+    return console.error(a), { status: 500, data: [] };
+  }
 };
-class ir {
+class Or {
   constructor(t = null, r = null) {
-    H(this, "refreshTokenPromise", null);
-    H(this, "accessToken");
-    H(this, "refreshToken");
+    M(this, "refreshTokenPromise", null);
+    M(this, "accessToken");
+    M(this, "refreshToken");
     this.accessToken = t || "", this.refreshToken = r || "";
   }
   async refreshtoken({
     clientId: t,
     userId: r,
-    nonce: a,
-    domain: n
+    nonce: n,
+    domain: a
   }) {
     this.refreshTokenPromise || (this.refreshTokenPromise = this._refreshToken({
       clientId: t,
       userId: r,
-      nonce: a,
-      domain: n
+      nonce: n,
+      domain: a
     }));
     try {
       return await this.refreshTokenPromise;
@@ -1029,18 +1444,18 @@ class ir {
   async _refreshToken({
     clientId: t,
     userId: r,
-    nonce: a,
-    domain: n
+    nonce: n,
+    domain: a
   }) {
-    const o = await U(this.refreshToken);
-    if (o && o.payload[w.USER_ID_KEY] !== "") {
-      const s = await or({
+    const o = await G(this.refreshToken);
+    if (o && o.payload[S.USER_ID_KEY] !== "") {
+      const s = await kr({
         clientId: t,
         userId: r,
-        nonce: a,
+        nonce: n,
         refreshToken: this.refreshToken,
         accessToken: this.accessToken,
-        domain: n
+        domain: a
       });
       return s.status ? (this.accessToken = s.accessToken, this.refreshToken = s.refreshToken, {
         status: "success",
@@ -1055,201 +1470,309 @@ class ir {
       };
   }
 }
-const M = () => {
-  throw new Error(tr);
-}, $e = Qe({
+const K = () => {
+  throw new Error(Rr);
+}, et = yt({
   isAuthenticated: !1,
   isLoading: !1,
-  login: M,
-  logout: M,
-  getAccessToken: M,
-  getIdToken: M,
+  authenticationType: null,
+  login: K,
+  logout: K,
+  getAccessToken: K,
+  getIdToken: K,
+  registeringForPasskey: K,
+  loginWithPasskey: K,
   logoutReason: ""
-}), cr = ze.createContext({
+}), Pr = pt.createContext({
   state: {
     isLoading: !0,
     isAuthenticated: !1,
+    authenticationType: null,
     user: void 0,
     logoutReason: ""
   },
   dispatch: () => {
   }
-}), ur = (e, t) => (t == null ? void 0 : t.type) === G ? {
+}), vr = (e, t) => (t == null ? void 0 : t.type) === L ? {
   ...e,
   isLoading: t.payload.isLoading
-} : (t == null ? void 0 : t.type) === B ? {
+} : (t == null ? void 0 : t.type) === W ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !0,
   user: t.payload.user,
+  authenticationType: t.payload.authenticationType,
   logoutReason: ""
-} : (t == null ? void 0 : t.type) === Le ? {
+} : (t == null ? void 0 : t.type) === Xe ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !1,
   user: void 0,
+  authenticationType: null,
   logoutReason: t.payload.logoutReason
-} : e, fr = ({
+} : e, Kr = ({
   children: e,
   sessionExpiration: t,
   clientId: r,
-  domain: a = ""
+  domain: n = ""
 }) => {
-  const [n, o] = Ze(ur, {
+  const [a, o] = mt(vr, {
     isLoading: !0,
     isAuthenticated: !1,
+    authenticationType: null,
     user: void 0,
     logoutReason: ""
-  }), s = et(!1), [i, c, , d] = W({
-    key: `${j}::${r}::@@user@@`
-  }), [l, y, , S] = W({
-    key: `${j}::${r}::@@access@@`
-  }), [m, E, , C] = W(
+  }), s = Et(!1), [i, u, , h] = F({
+    key: `${Q}::${r}::@@user@@`
+  }), [l, f, , m] = F({
+    key: `${Q}::${r}::@@access@@`
+  }), [d, T, , C] = F(
     {
-      key: `${j}::${r}::@@refresh@@`
+      key: `${Q}::${r}::@@refresh@@`
     }
-  ), [We, Je, , ce] = W({
-    key: `${j}::${r}::@@nonce@@`
-  }), xe = new ir(l, m), N = D(
-    (u) => {
-      console.warn(u), o({
-        type: Le,
+  ), [tt, ge, , Ae] = F({
+    key: `${Q}::${r}::@@nonce@@`
+  }), rt = new Or(l, d), N = x(
+    (c) => {
+      console.warn(c), o({
+        type: Xe,
         payload: {
-          logoutReason: u || x
+          logoutReason: c || q
         }
-      }), d(), S(), C(), ce(), o({ type: G, payload: { isLoading: !1 } });
+      }), h(), m(), C(), Ae(), o({ type: L, payload: { isLoading: !1 } });
     },
-    [S, d, ce, C]
-  ), b = D(
-    async (u) => {
-      const { user: g } = n;
-      await nr({
-        userId: (g == null ? void 0 : g.userId) || "",
+    [m, h, Ae, C]
+  ), P = x(
+    async (c) => {
+      const { user: y } = a;
+      await _r({
+        userId: (y == null ? void 0 : y.userId) || "",
         idToken: i,
         accessToken: l,
-        refreshToken: m,
+        refreshToken: d,
         clientId: r,
-        domain: a
-      }), N(u || x);
+        domain: n
+      }), N(c || q);
     },
     [
       l,
-      n,
-      r,
       a,
+      r,
+      n,
       i,
-      m,
+      d,
       N
     ]
   );
-  ve(() => {
+  Ke(() => {
     if (!s.current)
-      return n.isLoading && i !== null ? (async () => {
+      return a.isLoading && i !== null ? (async () => {
         try {
-          const u = await U(i);
-          u && u.payload[w.USER_ID_KEY] !== "" ? o({
-            type: B,
+          const c = await G(i);
+          c && c.payload[S.USER_ID_KEY] !== "" ? o({
+            type: W,
             payload: {
+              authenticationType: c.payload[S.AUTH_TYPE_KEY],
               user: {
-                userId: u.payload[w.USER_ID_KEY],
-                username: u.payload[w.USERNAME_KEY]
+                userId: c.payload[S.USER_ID_KEY],
+                username: c.payload[S.USERNAME_KEY]
               }
             }
-          }) : await b(x);
+          }) : await P(q);
         } catch {
-          await b(x);
+          await P(q);
         }
-      })() : o({ type: G, payload: { isLoading: !1 } }), () => {
+      })() : o({ type: L, payload: { isLoading: !1 } }), () => {
         s.current = !0;
       };
-  }, [n.isLoading, i, b]);
-  const je = async (u, g, A) => {
-    const I = Zt();
-    if (Je(I), o({ type: G, payload: { isLoading: !0 } }), d(), S(), C(), A === q.CODE) {
-      const { code_verifier: Ge, code_challenge: Be } = await Gt(), ue = await sr({
-        nonce: I,
+  }, [a.isLoading, i, P]);
+  const nt = async (c, y, p) => {
+    const R = fe();
+    if (ge(R), o({ type: L, payload: { isLoading: !0 } }), h(), m(), C(), p === Y.CODE) {
+      const { code_verifier: ut, code_challenge: lt } = await yr(), Se = await br({
+        nonce: R,
         clientId: r,
-        code_challenge: Be
+        code_challenge: lt
       });
-      if (ue.status) {
-        const O = await _e({
-          username: u,
-          password: g,
+      if (Se.status) {
+        const $ = await Ue({
+          username: c,
+          password: y,
           clientId: r,
           sessionExpiration: t,
-          nonce: I,
-          type: A,
-          code: ue.code,
-          code_verifier: Ge,
-          domain: a
+          nonce: R,
+          type: p,
+          code: Se.code,
+          code_verifier: ut,
+          domain: n
         });
-        return O.status ? (c(O.idToken), y(O.accessToken), E(O.refreshToken), o({
-          type: B,
+        return $.status ? (u($.idToken), f($.accessToken), T($.refreshToken), o({
+          type: W,
           payload: {
+            authenticationType: p,
             user: {
-              userId: O.userId,
-              username: u
+              userId: $.userId,
+              username: c
             }
           }
-        }), !0) : (N(Te), !1);
+        }), !0) : (N(z), !1);
       }
       return !1;
     }
-    const P = await _e({
-      username: u,
-      password: g,
+    const H = await Ue({
+      username: c,
+      password: y,
       clientId: r,
       sessionExpiration: t,
-      nonce: I,
-      type: A,
-      domain: a
+      nonce: R,
+      type: p,
+      domain: n
     });
-    return P.status ? (c(P.idToken), y(P.accessToken), E(P.refreshToken), o({
-      type: B,
+    return H.status ? (u(H.idToken), f(H.accessToken), T(H.refreshToken), o({
+      type: W,
       payload: {
+        authenticationType: p,
         user: {
-          userId: P.userId,
-          username: u
+          userId: H.userId,
+          username: c
         }
       }
-    }), !0) : (N(Te), !1);
-  }, Me = async (u) => {
-    u == null || u.preventDefault(), await b(er);
-  }, Ye = async () => {
-    const { isAuthenticated: u, user: g } = n;
+    }), !0) : (N(z), !1);
+  }, at = async (c) => {
+    c == null || c.preventDefault(), await P(Tr);
+  }, st = async () => {
+    const { isAuthenticated: c, user: y } = a;
     try {
-      if (u && g && g.userId) {
+      if (c && y && y.userId) {
         if (l) {
-          const I = await U(l);
-          if (I && I.payload[w.USER_ID_KEY] !== "")
+          const R = await G(l);
+          if (R && R.payload[S.USER_ID_KEY] !== "")
             return l;
         }
-        const A = await xe.refreshtoken({
+        const p = await rt.refreshtoken({
           clientId: r,
-          userId: g.userId,
-          nonce: We,
-          domain: a
+          userId: y.userId,
+          nonce: tt,
+          domain: n
         });
-        return A.status && A.status === "success" ? (y(A.newAccessToken), E(A.newRefreshToken), A.newAccessToken) : (await b(se), "");
+        return p.status && p.status === "success" ? (f(p.newAccessToken), T(p.newRefreshToken), p.newAccessToken) : (await P(ye), "");
       }
-      return await b(se), "";
+      return await P(ye), "";
     } catch {
-      return await b(se), "";
+      return await P(ye), "";
     }
-  }, Ve = () => {
-    if (n.isAuthenticated && i)
+  }, ot = () => {
+    if (a.isAuthenticated && i)
       return i;
+  }, it = async () => {
+    const { user: c } = a;
+    let y = await U({
+      accessToken: l,
+      clientId: r,
+      type: D.GET_REGISTRATION_OPTIONS,
+      params: {
+        clientId: r,
+        id: c == null ? void 0 : c.userId,
+        username: c == null ? void 0 : c.username
+      }
+    });
+    if (y.status)
+      try {
+        const p = await Tt(y.data);
+        y = await U({
+          accessToken: l,
+          clientId: r,
+          type: D.VERIFY_REGISTRATION,
+          params: {
+            clientId: r,
+            id: c == null ? void 0 : c.userId,
+            username: c == null ? void 0 : c.username,
+            registration: p
+          }
+        });
+      } catch {
+        return await U({
+          accessToken: l,
+          clientId: r,
+          type: D.VERIFY_REGISTRATION,
+          params: {
+            clientId: r,
+            id: c == null ? void 0 : c.userId,
+            username: c == null ? void 0 : c.username,
+            registration: {}
+          }
+        }), !1;
+      }
+  }, ct = async () => {
+    const c = fe();
+    ge(c), o({ type: L, payload: { isLoading: !0 } }), h(), m(), C();
+    const y = fe();
+    let p = await U({
+      accessToken: l,
+      clientId: r,
+      type: D.GET_AUTHENTICATION_OPTIONS,
+      params: {
+        id: y,
+        clientId: r
+      }
+    });
+    if (p.status)
+      try {
+        const R = await _t(p.data);
+        return p = await U({
+          accessToken: l,
+          clientId: r,
+          type: D.VERIFY_AUTHENTICATION,
+          params: {
+            clientId: r,
+            id: y,
+            authentication: R,
+            nonce: c,
+            domain: n
+          }
+        }), p.data.status === "success" ? (u(p.data.idToken), f(p.data.accessToken), T(p.data.refreshToken), o({
+          type: W,
+          payload: {
+            authenticationType: Y.PASSKEY,
+            user: {
+              userId: p.data.userId,
+              username: p.data.username
+            }
+          }
+        }), !0) : (N(z), !1);
+      } catch {
+        return await U({
+          accessToken: l,
+          clientId: r,
+          type: D.VERIFY_AUTHENTICATION,
+          params: {
+            clientId: r,
+            id: y,
+            authentication: {},
+            nonce: c,
+            domain: n
+          }
+        }), N(z), !1;
+      }
   };
-  return /* @__PURE__ */ de(cr.Provider, { value: { state: n, dispatch: o }, children: /* @__PURE__ */ de(
-    $e.Provider,
+  return /* @__PURE__ */ Te(Pr.Provider, { value: { state: a, dispatch: o }, children: /* @__PURE__ */ Te(
+    et.Provider,
     {
-      value: { ...n, login: je, logout: Me, getAccessToken: Ye, getIdToken: Ve },
+      value: {
+        ...a,
+        login: nt,
+        logout: at,
+        getAccessToken: st,
+        getIdToken: ot,
+        registeringForPasskey: it,
+        loginWithPasskey: ct
+      },
       children: e
     }
   ) });
-}, yr = (e = $e) => tt(e);
+}, Hr = (e = et) => wt(e);
 export {
-  q as AUTH_TYPES,
-  fr as AuthProvider,
-  yr as useAuth
+  Y as AUTH_TYPES,
+  Kr as AuthProvider,
+  Hr as useAuth
 };