npm - @versini/auth-provider - Versions diffs - 7.1.2 → 7.3.0 - Mend

@versini/auth-provider 7.1.2 → 7.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,16 +1,16 @@
-var Et = Object.defineProperty;
-var mt = (e, t, r) => t in e ? Et(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var j = (e, t, r) => mt(e, typeof t != "symbol" ? t + "" : t, r);
+var gt = Object.defineProperty;
+var Et = (e, t, r) => t in e ? gt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var F = (e, t, r) => Et(e, typeof t != "symbol" ? t + "" : t, r);
 import { jsx as be } from "react/jsx-runtime";
-import wt, { useSyncExternalStore as St, useCallback as N, useEffect as He, createContext as At, useReducer as Tt, useRef as Rt, useContext as _t } from "react";
+import mt, { useSyncExternalStore as wt, useCallback as N, useEffect as He, createContext as St, useReducer as At, useRef as Tt, useContext as Rt } from "react";
 /*!
-  @versini/auth-provider v7.1.2
+  @versini/auth-provider v7.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "7.1.2",
-    buildTime: "08/26/2024 06:52 PM EDT",
+    version: "7.3.0",
+    buildTime: "09/01/2024 05:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -23,7 +23,7 @@ function _(e) {
     r += String.fromCharCode(a);
   return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
-function re(e) {
+function ne(e) {
   const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), o = new ArrayBuffer(a.length), s = new Uint8Array(o);
   for (let i = 0; i < a.length; i++)
     s[i] = a.charCodeAt(i);
@@ -36,88 +36,88 @@ function We(e) {
   const { id: t } = e;
   return {
     ...e,
-    id: re(t),
+    id: ne(t),
     transports: e.transports
   };
 }
-function xe(e) {
+function Ye(e) {
   return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
 }
-class w extends Error {
+class S extends Error {
   constructor({ message: t, code: r, cause: n, name: a }) {
     super(t, { cause: n }), this.name = a ?? n.name, this.code = r;
   }
 }
-function It({ error: e, options: t }) {
+function _t({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
   if (e.name === "AbortError") {
     if (t.signal instanceof AbortSignal)
-      return new w({
+      return new S({
         message: "Registration ceremony was sent an abort signal",
         code: "ERROR_CEREMONY_ABORTED",
         cause: e
       });
   } else if (e.name === "ConstraintError") {
     if (r.authenticatorSelection?.requireResidentKey === !0)
-      return new w({
+      return new S({
         message: "Discoverable credentials were required but no available authenticator supported it",
         code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
         cause: e
       });
     if (r.authenticatorSelection?.userVerification === "required")
-      return new w({
+      return new S({
         message: "User verification was required but no available authenticator supported it",
         code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
         cause: e
       });
   } else {
     if (e.name === "InvalidStateError")
-      return new w({
+      return new S({
         message: "The authenticator was previously registered",
         code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
         cause: e
       });
     if (e.name === "NotAllowedError")
-      return new w({
+      return new S({
         message: e.message,
         code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
         cause: e
       });
     if (e.name === "NotSupportedError")
-      return r.pubKeyCredParams.filter((a) => a.type === "public-key").length === 0 ? new w({
+      return r.pubKeyCredParams.filter((a) => a.type === "public-key").length === 0 ? new S({
         message: 'No entry in pubKeyCredParams was of type "public-key"',
         code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
         cause: e
-      }) : new w({
+      }) : new S({
         message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
         code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
         cause: e
       });
     if (e.name === "SecurityError") {
       const n = window.location.hostname;
-      if (xe(n)) {
+      if (Ye(n)) {
         if (r.rp.id !== n)
-          return new w({
+          return new S({
             message: `The RP ID "${r.rp.id}" is invalid for this domain`,
             code: "ERROR_INVALID_RP_ID",
             cause: e
           });
-      } else return new w({
+      } else return new S({
         message: `${window.location.hostname} is an invalid domain`,
         code: "ERROR_INVALID_DOMAIN",
         cause: e
       });
     } else if (e.name === "TypeError") {
       if (r.user.id.byteLength < 1 || r.user.id.byteLength > 64)
-        return new w({
+        return new S({
           message: "User ID was not between 1 and 64 characters",
           code: "ERROR_INVALID_USER_ID_LENGTH",
           cause: e
         });
     } else if (e.name === "UnknownError")
-      return new w({
+      return new S({
         message: "The authenticator was unable to process the specified options, or could not create a new credential",
         code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
         cause: e
@@ -125,7 +125,7 @@ function It({ error: e, options: t }) {
   }
   return e;
 }
-class bt {
+class It {
   createNewAbortSignal() {
     if (this.controller) {
       const r = new Error("Cancelling existing WebAuthn API call for new one");
@@ -141,29 +141,29 @@ class bt {
     }
   }
 }
-const Je = new bt(), vt = ["cross-platform", "platform"];
-function Ye(e) {
-  if (e && !(vt.indexOf(e) < 0))
+const xe = new It(), bt = ["cross-platform", "platform"];
+function Je(e) {
+  if (e && !(bt.indexOf(e) < 0))
     return e;
 }
-async function Ot(e) {
+async function vt(e) {
   if (!Se())
     throw new Error("WebAuthn is not supported in this browser");
   const r = { publicKey: {
     ...e,
-    challenge: re(e.challenge),
+    challenge: ne(e.challenge),
     user: {
       ...e.user,
-      id: re(e.user.id)
+      id: ne(e.user.id)
     },
     excludeCredentials: e.excludeCredentials?.map(We)
   } };
-  r.signal = Je.createNewAbortSignal();
+  r.signal = xe.createNewAbortSignal();
   let n;
   try {
     n = await navigator.credentials.create(r);
-  } catch (u) {
-    throw It({ error: u, options: r });
+  } catch (l) {
+    throw _t({ error: l, options: r });
   }
   if (!n)
     throw new Error("Registration was not completed");
@@ -174,23 +174,23 @@ async function Ot(e) {
   if (typeof s.getPublicKeyAlgorithm == "function")
     try {
       h = s.getPublicKeyAlgorithm();
-    } catch (u) {
-      he("getPublicKeyAlgorithm()", u);
+    } catch (l) {
+      he("getPublicKeyAlgorithm()", l);
     }
-  let f;
+  let y;
   if (typeof s.getPublicKey == "function")
     try {
-      const u = s.getPublicKey();
-      u !== null && (f = _(u));
-    } catch (u) {
-      he("getPublicKey()", u);
+      const l = s.getPublicKey();
+      l !== null && (y = _(l));
+    } catch (l) {
+      he("getPublicKey()", l);
     }
   let p;
   if (typeof s.getAuthenticatorData == "function")
     try {
       p = _(s.getAuthenticatorData());
-    } catch (u) {
-      he("getAuthenticatorData()", u);
+    } catch (l) {
+      he("getAuthenticatorData()", l);
     }
   return {
     id: a,
@@ -200,58 +200,58 @@ async function Ot(e) {
       clientDataJSON: _(s.clientDataJSON),
       transports: c,
       publicKeyAlgorithm: h,
-      publicKey: f,
+      publicKey: y,
       authenticatorData: p
     },
     type: i,
     clientExtensionResults: n.getClientExtensionResults(),
-    authenticatorAttachment: Ye(n.authenticatorAttachment)
+    authenticatorAttachment: Je(n.authenticatorAttachment)
   };
 }
 function he(e, t) {
   console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
 `, t);
 }
-function kt() {
+function Ot() {
   if (!Se())
     return new Promise((t) => t(!1));
   const e = window.PublicKeyCredential;
   return e.isConditionalMediationAvailable === void 0 ? new Promise((t) => t(!1)) : e.isConditionalMediationAvailable();
 }
-function Pt({ error: e, options: t }) {
+function kt({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
   if (e.name === "AbortError") {
     if (t.signal instanceof AbortSignal)
-      return new w({
+      return new S({
         message: "Authentication ceremony was sent an abort signal",
         code: "ERROR_CEREMONY_ABORTED",
         cause: e
       });
   } else {
     if (e.name === "NotAllowedError")
-      return new w({
+      return new S({
         message: e.message,
         code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
         cause: e
       });
     if (e.name === "SecurityError") {
       const n = window.location.hostname;
-      if (xe(n)) {
+      if (Ye(n)) {
         if (r.rpId !== n)
-          return new w({
+          return new S({
             message: `The RP ID "${r.rpId}" is invalid for this domain`,
             code: "ERROR_INVALID_RP_ID",
             cause: e
           });
-      } else return new w({
+      } else return new S({
         message: `${window.location.hostname} is an invalid domain`,
         code: "ERROR_INVALID_DOMAIN",
         cause: e
       });
     } else if (e.name === "UnknownError")
-      return new w({
+      return new S({
         message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
         code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
         cause: e
@@ -259,62 +259,62 @@ function Pt({ error: e, options: t }) {
   }
   return e;
 }
-async function Ct(e, t = !1) {
+async function Pt(e, t = !1) {
   if (!Se())
     throw new Error("WebAuthn is not supported in this browser");
   let r;
   e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(We));
   const n = {
     ...e,
-    challenge: re(e.challenge),
+    challenge: ne(e.challenge),
     allowCredentials: r
   }, a = {};
   if (t) {
-    if (!await kt())
+    if (!await Ot())
       throw Error("Browser does not support WebAuthn autofill");
     if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1)
       throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
     a.mediation = "conditional", n.allowCredentials = [];
   }
-  a.publicKey = n, a.signal = Je.createNewAbortSignal();
+  a.publicKey = n, a.signal = xe.createNewAbortSignal();
   let o;
   try {
     o = await navigator.credentials.get(a);
   } catch (p) {
-    throw Pt({ error: p, options: a });
+    throw kt({ error: p, options: a });
   }
   if (!o)
     throw new Error("Authentication was not completed");
   const { id: s, rawId: i, response: c, type: h } = o;
-  let f;
-  return c.userHandle && (f = _(c.userHandle)), {
+  let y;
+  return c.userHandle && (y = _(c.userHandle)), {
     id: s,
     rawId: _(i),
     response: {
       authenticatorData: _(c.authenticatorData),
       clientDataJSON: _(c.clientDataJSON),
       signature: _(c.signature),
-      userHandle: f
+      userHandle: y
     },
     type: h,
     clientExtensionResults: o.getClientExtensionResults(),
-    authenticatorAttachment: Ye(o.authenticatorAttachment)
+    authenticatorAttachment: Je(o.authenticatorAttachment)
   };
 }
 /*!
-  @versini/auth-common v4.0.0
+  @versini/auth-common v4.1.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.0.0",
-    buildTime: "08/26/2024 06:51 PM EDT",
+    version: "4.1.0",
+    buildTime: "09/01/2024 05:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const oe = {
+const W = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
@@ -323,19 +323,20 @@ const oe = {
   PASSKEY: "passkey"
 }, Ge = {
   CLIENT_ID: "X-Auth-ClientId"
-}, S = {
+}, f = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
+  USERNAME_KEY: "username",
+  EMAIL_KEY: "email",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
-  USERNAME_KEY: "username",
   AUTH_TYPE_KEY: "auth_type",
   EXPIRES_AT_KEY: "exp",
   CREATED_AT_KEY: "iat",
   SCOPES_KEY: "scopes",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, Nt = `-----BEGIN PUBLIC KEY-----
+}, Ct = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -348,24 +349,24 @@ awIDAQAB
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh"
-}, ce = crypto, Me = (e) => e instanceof CryptoKey, F = new TextEncoder(), G = new TextDecoder();
-function Dt(...e) {
+}, ce = crypto, Me = (e) => e instanceof CryptoKey, B = new TextEncoder(), M = new TextDecoder();
+function Nt(...e) {
   const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-const Ut = (e) => {
+const Dt = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
   return r;
-}, Y = (e) => {
+}, G = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = G.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = M.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return Ut(t);
+    return Dt(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -395,7 +396,7 @@ class ve extends D {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class Kt extends D {
+class Ut extends D {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -411,7 +412,7 @@ class k extends D {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-class m extends D {
+class w extends D {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -427,7 +428,7 @@ let v = class extends D {
     return "ERR_JWT_INVALID";
   }
 };
-class $t extends D {
+class Kt extends D {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -438,7 +439,7 @@ class $t extends D {
 function b(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function B(e, t) {
+function q(e, t) {
   return e.name === t;
 }
 function pe(e) {
@@ -456,7 +457,7 @@ function Lt(e) {
       throw new Error("unreachable");
   }
 }
-function Ht(e, t) {
+function $t(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -466,12 +467,12 @@ function Ht(e, t) {
     throw new TypeError(r);
   }
 }
-function Wt(e, t, ...r) {
+function Ht(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!B(e.algorithm, "HMAC"))
+      if (!q(e.algorithm, "HMAC"))
         throw b("HMAC");
       const n = parseInt(t.slice(2), 10);
       if (pe(e.algorithm.hash) !== n)
@@ -481,7 +482,7 @@ function Wt(e, t, ...r) {
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!B(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!q(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw b("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
       if (pe(e.algorithm.hash) !== n)
@@ -491,7 +492,7 @@ function Wt(e, t, ...r) {
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!B(e.algorithm, "RSA-PSS"))
+      if (!q(e.algorithm, "RSA-PSS"))
         throw b("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
       if (pe(e.algorithm.hash) !== n)
@@ -506,7 +507,7 @@ function Wt(e, t, ...r) {
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!B(e.algorithm, "ECDSA"))
+      if (!q(e.algorithm, "ECDSA"))
         throw b("ECDSA");
       const n = Lt(t);
       if (e.algorithm.namedCurve !== n)
@@ -516,7 +517,7 @@ function Wt(e, t, ...r) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  Ht(e, r);
+  $t(e, r);
 }
 function Ve(e, t, ...r) {
   var n;
@@ -530,7 +531,7 @@ const Oe = (e, ...t) => Ve("Key must be ", e, ...t);
 function je(e, t, ...r) {
   return Ve(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Fe = (e) => Me(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ne = ["CryptoKey"], xt = (...e) => {
+const Fe = (e) => Me(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ae = ["CryptoKey"], Wt = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -549,11 +550,11 @@ const Fe = (e) => Me(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ne = ["C
   }
   return !0;
 };
-function Jt(e) {
+function Yt(e) {
   return typeof e == "object" && e !== null;
 }
-function ae(e) {
-  if (!Jt(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function se(e) {
+  if (!Yt(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -562,14 +563,14 @@ function ae(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const Yt = (e, t) => {
+const xt = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function Gt(e) {
+function Jt(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -641,36 +642,36 @@ function Gt(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-const Mt = async (e) => {
+const Gt = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Gt(e), n = [
+  const { algorithm: t, keyUsages: r } = Jt(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
   ], a = { ...e };
   return delete a.alg, delete a.use, ce.subtle.importKey("jwk", a, ...n);
-}, Be = (e) => Y(e);
-let fe, ye;
+}, Be = (e) => G(e);
+let ye, fe;
 const qe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ze = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const o = await Mt({ ...r, alg: n });
+  const o = await Gt({ ...r, alg: n });
   return a ? a[n] = o : e.set(t, { [n]: o }), o;
-}, Vt = (e, t) => {
+}, Mt = (e, t) => {
   if (qe(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Be(r.k) : (ye || (ye = /* @__PURE__ */ new WeakMap()), ze(ye, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Be(r.k) : (fe || (fe = /* @__PURE__ */ new WeakMap()), ze(fe, e, r, t));
   }
   return e;
-}, jt = (e, t) => {
+}, Vt = (e, t) => {
   if (qe(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Be(r.k) : (fe || (fe = /* @__PURE__ */ new WeakMap()), ze(fe, e, r, t));
+    return r.k ? Be(r.k) : (ye || (ye = /* @__PURE__ */ new WeakMap()), ze(ye, e, r, t));
   }
   return e;
-}, Ft = { normalizePublicKey: Vt, normalizePrivateKey: jt }, O = (e, t, r = 0) => {
+}, jt = { normalizePublicKey: Mt, normalizePrivateKey: Vt }, O = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
@@ -696,7 +697,7 @@ const qe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ze = async (e, t, r,
     default:
       throw new k("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, Bt = async (e, t, r, n, a) => {
+}, Ft = async (e, t, r, n, a) => {
   let o, s;
   const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (n) {
@@ -743,32 +744,32 @@ const qe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ze = async (e, t, r,
       throw new k('Invalid or unsupported "alg" (Algorithm) value');
   }
   return ce.subtle.importKey(t, i, o, !1, s);
-}, qt = (e, t, r) => Bt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function zt(e, t, r) {
+}, Bt = (e, t, r) => Ft(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function qt(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return qt(e, t);
+  return Bt(e, t);
 }
-const ee = (e) => e?.[Symbol.toStringTag], Qt = (e, t) => {
+const te = (e) => e?.[Symbol.toStringTag], zt = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!Fe(t))
-      throw new TypeError(je(e, t, ...ne, "Uint8Array"));
+      throw new TypeError(je(e, t, ...ae, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${ee(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${te(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Xt = (e, t, r) => {
+}, Qt = (e, t, r) => {
   if (!Fe(t))
-    throw new TypeError(je(e, t, ...ne));
+    throw new TypeError(je(e, t, ...ae));
   if (t.type === "secret")
-    throw new TypeError(`${ee(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${te(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${ee(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${te(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${ee(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, Zt = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Qt(e, t) : Xt(e, t, r);
+    throw new TypeError(`${te(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+}, Xt = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? zt(e, t) : Qt(e, t, r);
 };
-function er(e, t, r, n, a) {
+function Zt(e, t, r, n, a) {
   if (a.crit !== void 0 && n?.crit === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -787,13 +788,13 @@ function er(e, t, r, n, a) {
   }
   return new Set(n.crit);
 }
-const tr = (e, t) => {
+const er = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function rr(e, t) {
+function tr(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -818,100 +819,100 @@ function rr(e, t) {
       throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function nr(e, t, r) {
-  if (t = await Ft.normalizePublicKey(t, e), Me(t))
-    return Wt(t, e, r), t;
+async function rr(e, t, r) {
+  if (t = await jt.normalizePublicKey(t, e), Me(t))
+    return Ht(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(Oe(t, ...ne));
+      throw new TypeError(Oe(t, ...ae));
     return ce.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(Oe(t, ...ne, "Uint8Array"));
+  throw new TypeError(Oe(t, ...ae, "Uint8Array"));
 }
-const ar = async (e, t, r, n) => {
-  const a = await nr(e, t, "verify");
-  Yt(e, a);
-  const o = rr(e, a.algorithm);
+const nr = async (e, t, r, n) => {
+  const a = await rr(e, t, "verify");
+  xt(e, a);
+  const o = tr(e, a.algorithm);
   try {
     return await ce.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
 };
-async function sr(e, t, r) {
-  if (!ae(e))
-    throw new m("Flattened JWS must be an object");
+async function ar(e, t, r) {
+  if (!se(e))
+    throw new w("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new m('Flattened JWS must have either of the "protected" or "header" members');
+    throw new w('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new m("JWS Protected Header incorrect type");
+    throw new w("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new m("JWS Payload missing");
+    throw new w("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new m("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !ae(e.header))
-    throw new m("JWS Unprotected Header incorrect type");
+    throw new w("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !se(e.header))
+    throw new w("JWS Unprotected Header incorrect type");
   let n = {};
   if (e.protected)
     try {
-      const T = Y(e.protected);
-      n = JSON.parse(G.decode(T));
+      const T = G(e.protected);
+      n = JSON.parse(M.decode(T));
     } catch {
-      throw new m("JWS Protected Header is invalid");
+      throw new w("JWS Protected Header is invalid");
     }
-  if (!xt(n, e.header))
-    throw new m("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  if (!Wt(n, e.header))
+    throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, o = er(m, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
+  }, o = Zt(w, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
   let s = !0;
   if (o.has("b64") && (s = n.b64, typeof s != "boolean"))
-    throw new m('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+    throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: i } = a;
   if (typeof i != "string" || !i)
-    throw new m('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = r && tr("algorithms", r.algorithms);
+    throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const c = r && er("algorithms", r.algorithms);
   if (c && !c.has(i))
-    throw new Kt('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new Ut('"alg" (Algorithm) Header Parameter value not allowed');
   if (s) {
     if (typeof e.payload != "string")
-      throw new m("JWS Payload must be a string");
+      throw new w("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new m("JWS Payload must be a string or an Uint8Array instance");
+    throw new w("JWS Payload must be a string or an Uint8Array instance");
   let h = !1;
-  typeof t == "function" && (t = await t(n, e), h = !0), Zt(i, t, "verify");
-  const f = Dt(F.encode(e.protected ?? ""), F.encode("."), typeof e.payload == "string" ? F.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(n, e), h = !0), Xt(i, t, "verify");
+  const y = Nt(B.encode(e.protected ?? ""), B.encode("."), typeof e.payload == "string" ? B.encode(e.payload) : e.payload);
   let p;
   try {
-    p = Y(e.signature);
+    p = G(e.signature);
   } catch {
-    throw new m("Failed to base64url decode the signature");
+    throw new w("Failed to base64url decode the signature");
   }
-  if (!await ar(i, t, p, f))
-    throw new $t();
-  let u;
+  if (!await nr(i, t, p, y))
+    throw new Kt();
+  let l;
   if (s)
     try {
-      u = Y(e.payload);
+      l = G(e.payload);
     } catch {
-      throw new m("Failed to base64url decode the payload");
+      throw new w("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? u = F.encode(e.payload) : u = e.payload;
-  const A = { payload: u };
+  else typeof e.payload == "string" ? l = B.encode(e.payload) : l = e.payload;
+  const A = { payload: l };
   return e.protected !== void 0 && (A.protectedHeader = n), e.header !== void 0 && (A.unprotectedHeader = e.header), h ? { ...A, key: t } : A;
 }
-async function or(e, t, r) {
-  if (e instanceof Uint8Array && (e = G.decode(e)), typeof e != "string")
-    throw new m("Compact JWS must be a string or Uint8Array");
+async function sr(e, t, r) {
+  if (e instanceof Uint8Array && (e = M.decode(e)), typeof e != "string")
+    throw new w("Compact JWS must be a string or Uint8Array");
   const { 0: n, 1: a, 2: o, length: s } = e.split(".");
   if (s !== 3)
-    throw new m("Invalid Compact JWS");
-  const i = await sr({ payload: a, protected: n, signature: o }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+    throw new w("Invalid Compact JWS");
+  const i = await ar({ payload: a, protected: n, signature: o }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const ir = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe * 24, cr = Ae * 7, ur = Ae * 365.25, lr = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Pe = (e) => {
-  const t = lr.exec(e);
+const or = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe * 24, ir = Ae * 7, cr = Ae * 365.25, ur = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Pe = (e) => {
+  const t = ur.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -946,34 +947,34 @@ const ir = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * cr);
+      a = Math.round(r * ir);
       break;
     default:
-      a = Math.round(r * ur);
+      a = Math.round(r * cr);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, Ce = (e) => e.toLowerCase().replace(/^application\//, ""), dr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, hr = (e, t, r = {}) => {
+}, Ce = (e) => e.toLowerCase().replace(/^application\//, ""), lr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, dr = (e, t, r = {}) => {
   let n;
   try {
-    n = JSON.parse(G.decode(t));
+    n = JSON.parse(M.decode(t));
   } catch {
   }
-  if (!ae(n))
+  if (!se(n))
     throw new v("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || Ce(e.typ) !== Ce(a)))
     throw new R('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: o = [], issuer: s, subject: i, audience: c, maxTokenAge: h } = r, f = [...o];
-  h !== void 0 && f.push("iat"), c !== void 0 && f.push("aud"), i !== void 0 && f.push("sub"), s !== void 0 && f.push("iss");
-  for (const T of new Set(f.reverse()))
+  const { requiredClaims: o = [], issuer: s, subject: i, audience: c, maxTokenAge: h } = r, y = [...o];
+  h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), s !== void 0 && y.push("iss");
+  for (const T of new Set(y.reverse()))
     if (!(T in n))
       throw new R(`missing required "${T}" claim`, n, T, "missing");
   if (s && !(Array.isArray(s) ? s : [s]).includes(n.iss))
     throw new R('unexpected "iss" claim value', n, "iss", "check_failed");
   if (i && n.sub !== i)
     throw new R('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (c && !dr(n.aud, typeof c == "string" ? [c] : c))
+  if (c && !lr(n.aud, typeof c == "string" ? [c] : c))
     throw new R('unexpected "aud" claim value', n, "aud", "check_failed");
   let p;
   switch (typeof r.clockTolerance) {
@@ -989,7 +990,7 @@ const ir = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: u } = r, A = ir(u || /* @__PURE__ */ new Date());
+  const { currentDate: l } = r, A = or(l || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || h) && typeof n.iat != "number")
     throw new R('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -1013,15 +1014,15 @@ const ir = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
   }
   return n;
 };
-async function pr(e, t, r) {
+async function hr(e, t, r) {
   var n;
-  const a = await or(e, t, r);
+  const a = await sr(e, t, r);
   if ((n = a.protectedHeader.crit) != null && n.includes("b64") && a.protectedHeader.b64 === !1)
     throw new v("JWTs MUST NOT use unencoded payload");
-  const o = { payload: hr(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
+  const o = { payload: dr(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
   return typeof t == "function" ? { ...o, key: a.key } : o;
 }
-const fr = Y;
+const pr = G;
 function yr(e) {
   if (typeof e != "string")
     throw new v("JWTs must use Compact JWS serialization, JWT must be a string");
@@ -1034,83 +1035,83 @@ function yr(e) {
     throw new v("JWTs must contain a payload");
   let n;
   try {
-    n = fr(t);
+    n = pr(t);
   } catch {
     throw new v("Failed to base64url decode the payload");
   }
   let a;
   try {
-    a = JSON.parse(G.decode(n));
+    a = JSON.parse(M.decode(n));
   } catch {
     throw new v("Failed to parse the decoded payload as JSON");
   }
-  if (!ae(a))
+  if (!se(a))
     throw new v("Invalid JWT Claims Set");
   return a;
 }
-const H = async (e) => {
+const Y = async (e) => {
   try {
-    const t = S.ALG, r = await zt(Nt, t);
-    return await pr(e, r, {
-      issuer: S.ISSUER
+    const t = f.ALG, r = await qt(Ct, t);
+    return await hr(e, r, {
+      issuer: f.ISSUER
     });
   } catch {
     return;
   }
-}, gr = (e) => {
+}, fr = (e) => {
   try {
     return yr(e);
   } catch {
     return;
   }
 };
-var g = [];
+var E = [];
 for (var ge = 0; ge < 256; ++ge)
-  g.push((ge + 256).toString(16).slice(1));
-function Er(e, t = 0) {
-  return (g[e[t + 0]] + g[e[t + 1]] + g[e[t + 2]] + g[e[t + 3]] + "-" + g[e[t + 4]] + g[e[t + 5]] + "-" + g[e[t + 6]] + g[e[t + 7]] + "-" + g[e[t + 8]] + g[e[t + 9]] + "-" + g[e[t + 10]] + g[e[t + 11]] + g[e[t + 12]] + g[e[t + 13]] + g[e[t + 14]] + g[e[t + 15]]).toLowerCase();
+  E.push((ge + 256).toString(16).slice(1));
+function gr(e, t = 0) {
+  return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
 }
-var q, mr = new Uint8Array(16);
-function wr() {
-  if (!q && (q = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !q))
+var z, Er = new Uint8Array(16);
+function mr() {
+  if (!z && (z = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !z))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return q(mr);
+  return z(Er);
 }
-var Sr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+var wr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 const Ne = {
-  randomUUID: Sr
+  randomUUID: wr
 };
 function De(e, t, r) {
   if (Ne.randomUUID && !t && !e)
     return Ne.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || wr)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Er(n);
+  var n = e.random || (e.rng || mr)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, gr(n);
 }
-const Ue = globalThis.crypto, Ar = (e) => `${De()}${De()}`.slice(0, e), Tr = (e) => btoa(
+const Ue = globalThis.crypto, Sr = (e) => `${De()}${De()}`.slice(0, e), Ar = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function Rr(e) {
+async function Tr(e) {
   if (!Ue.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
   const t = new TextEncoder().encode(e), r = await Ue.subtle.digest("SHA-256", t);
-  return Tr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return Ar(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function _r(e) {
-  const r = Ar(43), n = await Rr(r);
+async function Rr(e) {
+  const r = Sr(43), n = await Tr(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-const Br = async (e, t) => {
+const Fr = async (e, t) => {
   var r;
-  const n = await H(e);
-  if (!n || !Array.isArray((r = n.payload) == null ? void 0 : r[S.SCOPES_KEY]))
+  const n = await Y(e);
+  if (!n || !Array.isArray((r = n.payload) == null ? void 0 : r[f.SCOPES_KEY]))
     return !1;
-  const a = n.payload[S.SCOPES_KEY];
+  const a = n.payload[f.SCOPES_KEY];
   return Array.isArray(t) ? t.every((o) => a.includes(o)) : Object.keys(t).some(
     (o) => t[o].every((s) => a.includes(s))
   );
@@ -1123,18 +1124,18 @@ const Ke = (e, t) => {
     typeof t == "function" ? t() : t
   );
   window.localStorage.setItem(e, r), Ze(e, r);
-}, Ir = (e) => {
+}, _r = (e) => {
   window.localStorage.removeItem(e), Ze(e, null);
-}, $e = (e) => window.localStorage.getItem(e), br = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function z({
+}, Le = (e) => window.localStorage.getItem(e), Ir = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function Q({
   key: e,
   initialValue: t
 }) {
-  const r = St(br, () => $e(e)), n = N(
+  const r = wt(Ir, () => Le(e)), n = N(
     (s) => {
       try {
         const i = typeof s == "function" ? s(JSON.parse(r)) : s;
-        i == null ? Ir(e) : Ke(e, i);
+        i == null ? _r(e) : Ke(e, i);
       } catch (i) {
         console.warn(i);
       }
@@ -1147,39 +1148,39 @@ function z({
   }, [n]);
   return He(() => {
     try {
-      $e(e) === null && typeof t < "u" && Ke(e, t);
+      Le(e) === null && typeof t < "u" && Ke(e, t);
     } catch (s) {
       console.warn(s);
     }
   }, [e, t]), [r ? JSON.parse(r) : null, n, a, o];
 }
-var E = [];
+var m = [];
 for (var Ee = 0; Ee < 256; ++Ee)
-  E.push((Ee + 256).toString(16).slice(1));
-function vr(e, t = 0) {
-  return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
+  m.push((Ee + 256).toString(16).slice(1));
+function br(e, t = 0) {
+  return (m[e[t + 0]] + m[e[t + 1]] + m[e[t + 2]] + m[e[t + 3]] + "-" + m[e[t + 4]] + m[e[t + 5]] + "-" + m[e[t + 6]] + m[e[t + 7]] + "-" + m[e[t + 8]] + m[e[t + 9]] + "-" + m[e[t + 10]] + m[e[t + 11]] + m[e[t + 12]] + m[e[t + 13]] + m[e[t + 14]] + m[e[t + 15]]).toLowerCase();
 }
-var Q, Or = new Uint8Array(16);
-function kr() {
-  if (!Q && (Q = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !Q))
+var X, vr = new Uint8Array(16);
+function Or() {
+  if (!X && (X = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !X))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return Q(Or);
+  return X(vr);
 }
-var Pr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const Le = {
-  randomUUID: Pr
+var kr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const $e = {
+  randomUUID: kr
 };
 function me(e, t, r) {
-  if (Le.randomUUID && !t && !e)
-    return Le.randomUUID();
+  if ($e.randomUUID && !t && !e)
+    return $e.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || kr)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, vr(n);
+  var n = e.random || (e.rng || Or)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, br(n);
 }
-const U = "Your session has expired. For your security, please log in again to continue.", Cr = "Your session has been successfully terminated.", we = "Login failed. Please try again.", Nr = "Error getting access token, please re-authenticate.", Dr = "You forgot to wrap your component in <AuthProvider>.", se = {
+const K = "Your session has expired. For your security, please log in again to continue.", Pr = "Your session has been successfully terminated.", we = "Login failed. Please try again.", Cr = "Error getting access token, please re-authenticate.", Nr = "You forgot to wrap your component in <AuthProvider>.", oe = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com/auth"
-}, X = "@@auth@@", J = "LOADING", te = "LOGIN", et = "LOGOUT", M = "success", I = "failure", tt = "include", rt = "POST", nt = "application/json", Z = {
+}, Z = "@@auth@@", J = "LOADING", re = "LOGIN", et = "LOGOUT", V = "success", I = "failure", tt = "include", rt = "POST", nt = "application/json", ee = {
   GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
 	$clientId: String!,
 	$username: String!,
@@ -1257,23 +1258,24 @@ const U = "Your session has expired. For your security, please log in again to c
 				refreshToken,
 				userId,
 				username,
+				email
 		}
 	}`
-}, K = {
+}, L = {
   GET_REGISTRATION_OPTIONS: {
-    schema: Z.GET_REGISTRATION_OPTIONS,
+    schema: ee.GET_REGISTRATION_OPTIONS,
     method: "getPasskeyRegistrationOptions"
   },
   VERIFY_REGISTRATION: {
-    schema: Z.VERIFY_REGISTRATION,
+    schema: ee.VERIFY_REGISTRATION,
     method: "verifyPasskeyRegistration"
   },
   GET_AUTHENTICATION_OPTIONS: {
-    schema: Z.GET_AUTHENTICATION_OPTIONS,
+    schema: ee.GET_AUTHENTICATION_OPTIONS,
     method: "getPasskeyAuthenticationOptions"
   },
   VERIFY_AUTHENTICATION: {
-    schema: Z.VERIFY_AUTHENTICATION,
+    schema: ee.VERIFY_AUTHENTICATION,
     method: "verifyPasskeyAuthentication"
   }
 }, $ = async ({
@@ -1284,7 +1286,7 @@ const U = "Your session has expired. For your security, please log in again to c
 }) => {
   try {
     const a = `Bearer ${e}`, o = await fetch(
-      at ? `${se.dev}/graphql` : `${se.prod}/graphql`,
+      at ? `${oe.dev}/graphql` : `${oe.prod}/graphql`,
       {
         credentials: tt,
         method: rt,
@@ -1303,7 +1305,7 @@ const U = "Your session has expired. For your security, please log in again to c
       return { status: I, data: [] };
     const { data: s } = await o.json();
     return {
-      status: M,
+      status: V,
       data: s[t.method]
     };
   } catch (a) {
@@ -1316,7 +1318,7 @@ const U = "Your session has expired. For your security, please log in again to c
 }) => {
   try {
     const n = await fetch(
-      at ? `${se.dev}/${e}` : `${se.prod}/${e}`,
+      at ? `${oe.dev}/${e}` : `${oe.prod}/${e}`,
       {
         credentials: tt,
         method: rt,
@@ -1331,26 +1333,27 @@ const U = "Your session has expired. For your security, please log in again to c
       return { status: I, data: [] };
     const { data: a } = await n.json();
     return {
-      status: M,
+      status: V,
       data: a || []
     };
   } catch (n) {
     return console.error(n), { status: I, data: [] };
   }
-}, Ur = process.env.NODE_ENV === "production", at = !Ur, st = {
+}, Dr = process.env.NODE_ENV === "production", at = !Dr, st = {
   isLoading: !0,
   isAuthenticated: !1,
   user: void 0,
   logoutReason: "",
-  debug: !1
-}, Kr = (e) => {
+  debug: !1,
+  authenticationType: ""
+}, Ur = (e) => {
   try {
-    const t = gr(e);
-    return t ? t[S.USER_ID_KEY] : "";
+    const t = fr(e);
+    return t ? t[f.USER_ID_KEY] : "";
   } catch {
     return "";
   }
-}, $r = async ({
+}, Kr = async ({
   userId: e,
   clientId: t,
   domain: r,
@@ -1386,11 +1389,11 @@ const U = "Your session has expired. For your security, please log in again to c
   ua: h
 }) => {
   try {
-    const f = await ue({
+    const y = await ue({
       type: ie.LOGIN,
       clientId: r,
       params: {
-        type: a || oe.ID_AND_ACCESS_TOKEN,
+        type: a || W.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
         sessionExpiration: o,
@@ -1400,12 +1403,13 @@ const U = "Your session has expired. For your security, please log in again to c
         domain: c,
         ua: h
       }
-    }), p = await H(f?.data?.idToken);
-    return p && p.payload[S.USER_ID_KEY] !== "" && p.payload[S.NONCE_KEY] === n ? {
-      idToken: f.data.idToken,
-      accessToken: f.data.accessToken,
-      refreshToken: f.data.refreshToken,
-      userId: p.payload[S.USER_ID_KEY],
+    }), p = await Y(y?.data?.idToken);
+    return p && p.payload[f.USER_ID_KEY] !== "" && p.payload[f.NONCE_KEY] === n ? {
+      idToken: y.data.idToken,
+      accessToken: y.data.accessToken,
+      refreshToken: y.data.refreshToken,
+      userId: p.payload[f.USER_ID_KEY],
+      email: p.payload[f.EMAIL_KEY],
       status: !0
     } : {
       status: !1
@@ -1415,7 +1419,7 @@ const U = "Your session has expired. For your security, please log in again to c
       status: !1
     };
   }
-}, Hr = async ({
+}, $r = async ({
   nonce: e,
   clientId: t,
   code_challenge: r
@@ -1425,13 +1429,13 @@ const U = "Your session has expired. For your security, please log in again to c
       type: ie.CODE,
       clientId: t,
       params: {
-        type: oe.CODE,
+        type: W.CODE,
         nonce: e,
         code_challenge: r
       }
     });
     return n?.data?.code ? {
-      status: M,
+      status: V,
       data: n.data.code
     } : {
       status: I,
@@ -1443,7 +1447,7 @@ const U = "Your session has expired. For your security, please log in again to c
       data: ""
     };
   }
-}, Wr = async ({
+}, Hr = async ({
   clientId: e,
   userId: t,
   nonce: r,
@@ -1456,18 +1460,18 @@ const U = "Your session has expired. For your security, please log in again to c
       type: ie.REFRESH,
       clientId: e,
       params: {
-        type: oe.REFRESH_TOKEN,
+        type: W.REFRESH_TOKEN,
         userId: t,
         nonce: r,
         refreshToken: n,
         accessToken: a,
         domain: o
       }
-    }), i = await H(s?.data?.accessToken);
-    return i && i.payload[S.USER_ID_KEY] !== "" && i.payload[S.NONCE_KEY] === r ? {
+    }), i = await Y(s?.data?.accessToken);
+    return i && i.payload[f.USER_ID_KEY] !== "" && i.payload[f.NONCE_KEY] === r ? {
       accessToken: s.data.accessToken,
       refreshToken: s.data.refreshToken,
-      userId: i.payload[S.USER_ID_KEY],
+      userId: i.payload[f.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -1478,11 +1482,11 @@ const U = "Your session has expired. For your security, please log in again to c
     };
   }
 };
-class xr {
+class Wr {
   constructor(t = null, r = null) {
-    j(this, "refreshTokenPromise", null);
-    j(this, "accessToken");
-    j(this, "refreshToken");
+    F(this, "refreshTokenPromise", null);
+    F(this, "accessToken");
+    F(this, "refreshToken");
     this.accessToken = t || "", this.refreshToken = r || "";
   }
   async refreshtoken({
@@ -1509,9 +1513,9 @@ class xr {
     nonce: n,
     domain: a
   }) {
-    const o = await H(this.refreshToken);
-    if (o && o.payload[S.USER_ID_KEY] !== "") {
-      const s = await Wr({
+    const o = await Y(this.refreshToken);
+    if (o && o.payload[f.USER_ID_KEY] !== "") {
+      const s = await Hr({
         clientId: t,
         userId: r,
         nonce: n,
@@ -1520,7 +1524,7 @@ class xr {
         domain: a
       });
       return s.status ? (this.accessToken = s.accessToken, this.refreshToken = s.refreshToken, {
-        status: M,
+        status: V,
         newAccessToken: s.accessToken,
         newRefreshToken: s.refreshToken
       }) : {
@@ -1532,63 +1536,66 @@ class xr {
       };
   }
 }
-const Jr = (e) => N(
+const Yr = (e) => N(
   (...t) => {
     e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
   },
   [e]
-), L = () => {
-  throw new Error(Dr);
-}, ot = At({
+), H = () => {
+  throw new Error(Nr);
+}, ot = St({
   isAuthenticated: !1,
   isLoading: !1,
-  login: L,
-  logout: L,
-  getAccessToken: L,
-  getIdToken: L,
-  registeringForPasskey: L,
-  loginWithPasskey: L,
-  logoutReason: ""
-}), Yr = wt.createContext({
+  login: H,
+  logout: H,
+  getAccessToken: H,
+  getIdToken: H,
+  registeringForPasskey: H,
+  loginWithPasskey: H,
+  logoutReason: "",
+  authenticationType: ""
+}), xr = mt.createContext({
   state: st,
   dispatch: () => {
   }
-}), Gr = (e, t) => t?.type === J ? {
+}), Jr = (e, t) => t?.type === J ? {
   ...e,
   isLoading: t.payload.isLoading
-} : t?.type === te ? {
+} : t?.type === re ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !0,
   user: t.payload.user,
+  authenticationType: t.payload.authenticationType,
   logoutReason: ""
 } : t?.type === et ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !1,
   user: void 0,
+  authenticationType: "",
   logoutReason: t.payload.logoutReason
-} : e, qr = ({
+} : e, Br = ({
   children: e,
   sessionExpiration: t,
   clientId: r,
   domain: n = "",
   debug: a = !1
 }) => {
-  const [o, s] = Tt(Gr, {
+  const [o, s] = At(Jr, {
     ...st,
     debug: a
-  }), i = Jr(a), c = Rt(!1), [h, f, , p] = z({
-    key: `${X}::${r}::@@user@@`
-  }), [u, A, , T] = z({
-    key: `${X}::${r}::@@access@@`
-  }), [le, de, , Te] = z(
+  }), i = Yr(a), c = Tt(!1), [h, y, , p] = Q({
+    key: `${Z}::${r}::@@user@@`
+  }), [l, A, , T] = Q({
+    key: `${Z}::${r}::@@access@@`
+  }), [le, de, , Te] = Q(
     {
-      key: `${X}::${r}::@@refresh@@`
+      key: `${Z}::${r}::@@refresh@@`
     }
-  ), [it, Re, , _e] = z({
-    key: `${X}::${r}::@@nonce@@`
-  }), ct = new xr(u, le), V = N(() => {
+  ), [it, Re, , _e] = Q({
+    key: `${Z}::${r}::@@nonce@@`
+  }), ct = new Wr(l, le), j = N(() => {
     i("removeLocalStorage: removing local storage"), p(), T(), Te(), _e();
   }, [
     T,
@@ -1596,218 +1603,224 @@ const Jr = (e) => N(
     _e,
     Te,
     i
-  ]), W = N(
-    (l) => {
+  ]), x = N(
+    (u) => {
       i(
         "removeStateAndLocalStorage: removing state and local storage with reason: ",
-        l
+        u
       ), s({
         type: et,
         payload: {
-          logoutReason: l || U
+          logoutReason: u || K
         }
-      }), V(), s({ type: J, payload: { isLoading: !1 } });
+      }), j(), s({ type: J, payload: { isLoading: !1 } });
     },
-    [V, i]
+    [j, i]
   ), P = N(
-    async (l) => {
+    async (u) => {
       i("invalidateAndLogout: invalidating and logging out");
-      const { user: y } = o, d = y?.userId || Kr(h);
+      const { user: g } = o, d = g?.userId || Ur(h);
       d || i(
         "invalidateAndLogout: user cannot be identified, logging out without userId"
-      ), await $r({
+      ), await Kr({
         userId: d,
         clientId: r,
         domain: n,
         idToken: h
-      }), W(l || U);
+      }), x(u || K);
     },
-    [h, o, r, n, W, i]
+    [h, o, r, n, x, i]
   );
   He(() => {
     if (!c.current)
       return o.isLoading && h !== null ? (async () => {
         try {
-          const l = await H(h);
-          l && l.payload[S.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), s({
-            type: te,
+          const u = await Y(h);
+          u && u.payload[f.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), s({
+            type: re,
             payload: {
+              authenticationType: u.payload[f.AUTH_TYPE_KEY],
               user: {
-                userId: l.payload[S.USER_ID_KEY],
-                username: l.payload[S.USERNAME_KEY]
+                userId: u.payload[f.USER_ID_KEY],
+                username: u.payload[f.USERNAME_KEY],
+                email: u.payload[f.EMAIL_KEY]
               }
             }
-          })) : (i("useEffect: invalid JWT, invalidating and logging out"), await P(U));
+          })) : (i("useEffect: invalid JWT, invalidating and logging out"), await P(K));
         } catch {
           i(
             "useEffect: exception validating JWT, invalidating and logging out"
-          ), await P(U);
+          ), await P(K);
         }
       })() : (i("useEffect: setting the loading state to false"), s({ type: J, payload: { isLoading: !1 } })), () => {
         c.current = !0;
       };
   }, [o.isLoading, h, P, i]);
-  const ut = async (l, y) => {
-    s({ type: J, payload: { isLoading: !0 } }), V();
+  const ut = async (u, g) => {
+    s({ type: J, payload: { isLoading: !0 } }), j();
     const d = me();
     Re(d), i("login: Logging in with password");
-    const C = oe.CODE, { code_verifier: yt, code_challenge: gt } = await _r(), Ie = await Hr({
+    const { code_verifier: C, code_challenge: ft } = await Rr(), Ie = await $r({
       nonce: d,
       clientId: r,
-      code_challenge: gt
+      code_challenge: ft
     });
     if (Ie.status) {
-      const x = await Lr({
-        username: l,
-        password: y,
+      const U = await Lr({
+        username: u,
+        password: g,
         clientId: r,
         sessionExpiration: t,
         nonce: d,
-        type: C,
+        type: W.CODE,
         code: Ie.data,
-        code_verifier: yt,
+        code_verifier: C,
         domain: n,
         ua: navigator.userAgent
       });
-      return x.status ? (f(x.idToken), A(x.accessToken), de(x.refreshToken), s({
-        type: te,
+      return U.status ? (y(U.idToken), A(U.accessToken), de(U.refreshToken), s({
+        type: re,
         payload: {
+          authenticationType: W.CODE,
           user: {
-            userId: x.userId,
-            username: l
+            userId: U.userId,
+            username: u,
+            email: U.email
           }
         }
-      }), !0) : (W(we), !1);
+      }), !0) : (x(we), !1);
     }
     return !1;
-  }, lt = async (l) => {
-    l?.preventDefault(), await P(Cr);
+  }, lt = async (u) => {
+    u?.preventDefault(), await P(Pr);
   }, dt = async () => {
-    const { isAuthenticated: l, user: y } = o;
+    const { isAuthenticated: u, user: g } = o;
     try {
-      if (l && y && y.userId) {
-        if (u) {
+      if (u && g && g.userId) {
+        if (l) {
           i("getAccessToken");
-          const C = await H(u);
-          if (C && C.payload[S.USER_ID_KEY] !== "")
-            return u;
+          const C = await Y(l);
+          if (C && C.payload[f.USER_ID_KEY] !== "")
+            return l;
         }
         i("getAccessToken: invalid access token, trying to refresh it");
         const d = await ct.refreshtoken({
           clientId: r,
-          userId: y.userId,
+          userId: g.userId,
           nonce: it,
           domain: n
         });
         return d.status && d.status === "success" && d.newAccessToken ? (A(d.newAccessToken), de(d.newRefreshToken), d.newAccessToken) : (i(
           "getAccessToken: invalid refresh token, need to re-authenticate"
-        ), await P(U), "");
+        ), await P(K), "");
       }
       return i(
         "getAccessToken: user is not authenticated, cannot get access token"
-      ), await P(U), "";
+      ), await P(K), "";
     } catch {
       return i(
         "getAccessToken: exception occurred, invalidating and logging out"
-      ), await P(Nr), "";
+      ), await P(Cr), "";
     }
   }, ht = () => o.isAuthenticated && h ? h : "", pt = async () => {
-    const { user: l } = o;
-    let y = await $({
-      accessToken: u,
+    const { user: u } = o;
+    let g = await $({
+      accessToken: l,
       clientId: r,
-      type: K.GET_REGISTRATION_OPTIONS,
+      type: L.GET_REGISTRATION_OPTIONS,
       params: {
         clientId: r,
-        id: l?.userId,
-        username: l?.username
+        id: u?.userId,
+        username: u?.username
       }
     });
-    if (y.status)
+    if (g.status)
       try {
-        const d = await Ot(y.data);
-        return y = await $({
-          accessToken: u,
+        const d = await vt(g.data);
+        return g = await $({
+          accessToken: l,
           clientId: r,
-          type: K.VERIFY_REGISTRATION,
+          type: L.VERIFY_REGISTRATION,
           params: {
             clientId: r,
-            id: l?.userId,
-            username: l?.username,
+            id: u?.userId,
+            username: u?.username,
             registration: d
           }
-        }), !!(y.status && y.data.length > 0);
+        }), !!(g.status && g.data.length > 0);
       } catch {
         return await $({
-          accessToken: u,
+          accessToken: l,
           clientId: r,
-          type: K.VERIFY_REGISTRATION,
+          type: L.VERIFY_REGISTRATION,
           params: {
             clientId: r,
-            id: l?.userId,
-            username: l?.username,
+            id: u?.userId,
+            username: u?.username,
             registration: {}
           }
         }), !1;
       }
     return !1;
-  }, ft = async () => {
-    s({ type: J, payload: { isLoading: !0 } }), V();
-    const l = me();
-    Re(l), i("loginWithPasskey");
-    const y = me();
+  }, yt = async () => {
+    s({ type: J, payload: { isLoading: !0 } }), j();
+    const u = me();
+    Re(u), i("loginWithPasskey");
+    const g = me();
     let d = await $({
-      accessToken: u,
+      accessToken: l,
       clientId: r,
-      type: K.GET_AUTHENTICATION_OPTIONS,
+      type: L.GET_AUTHENTICATION_OPTIONS,
       params: {
-        id: y,
+        id: g,
         clientId: r
       }
     });
     if (d.status)
       try {
-        const C = await Ct(d.data);
+        const C = await Pt(d.data);
         return d = await $({
-          accessToken: u,
+          accessToken: l,
           clientId: r,
-          type: K.VERIFY_AUTHENTICATION,
+          type: L.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
-            id: y,
+            id: g,
             authentication: C,
-            nonce: l,
+            nonce: u,
             domain: n,
             sessionExpiration: t,
             ua: navigator.userAgent
           }
-        }), d.data.status === M ? (f(d.data.idToken), A(d.data.accessToken), de(d.data.refreshToken), s({
-          type: te,
+        }), d.data.status === V ? (y(d.data.idToken), A(d.data.accessToken), de(d.data.refreshToken), s({
+          type: re,
           payload: {
+            authenticationType: W.PASSKEY,
             user: {
               userId: d.data.userId,
-              username: d.data.username
+              username: d.data.username,
+              email: d.data.email
             }
           }
-        }), !0) : (W(we), !1);
+        }), !0) : (x(we), !1);
       } catch {
         return await $({
-          accessToken: u,
+          accessToken: l,
           clientId: r,
-          type: K.VERIFY_AUTHENTICATION,
+          type: L.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
-            id: y,
+            id: g,
             authentication: {},
-            nonce: l,
+            nonce: u,
             domain: n,
             sessionExpiration: t
           }
-        }), W(we), !1;
+        }), x(we), !1;
       }
     return !1;
   };
-  return /* @__PURE__ */ be(Yr.Provider, { value: { state: o, dispatch: s }, children: /* @__PURE__ */ be(
+  return /* @__PURE__ */ be(xr.Provider, { value: { state: o, dispatch: s }, children: /* @__PURE__ */ be(
     ot.Provider,
     {
       value: {
@@ -1817,15 +1830,15 @@ const Jr = (e) => N(
         getAccessToken: dt,
         getIdToken: ht,
         registeringForPasskey: pt,
-        loginWithPasskey: ft
+        loginWithPasskey: yt
       },
       children: e
     }
   ) });
-}, zr = (e = ot) => _t(e);
+}, qr = (e = ot) => Rt(e);
 export {
-  oe as AUTH_TYPES,
-  qr as AuthProvider,
-  Br as isGranted,
-  zr as useAuth
+  W as AUTH_TYPES,
+  Br as AuthProvider,
+  Fr as isGranted,
+  qr as useAuth
 };