npm - @versini/auth-provider - Versions diffs - 7.3.1 → 7.3.3 - Mend

@versini/auth-provider 7.3.1 → 7.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +574 -512
package/package.json +5 -9

package/dist/index.js CHANGED Viewed

@@ -1,46 +1,46 @@
-var gt = Object.defineProperty;
-var Et = (e, t, r) => t in e ? gt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var F = (e, t, r) => Et(e, typeof t != "symbol" ? t + "" : t, r);
-import { jsx as be } from "react/jsx-runtime";
-import mt, { useSyncExternalStore as wt, useCallback as N, useEffect as He, createContext as St, useReducer as At, useRef as Tt, useContext as Rt } from "react";
+var At = Object.defineProperty;
+var Tt = (e, t, r) => t in e ? At(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var X = (e, t, r) => Tt(e, typeof t != "symbol" ? t + "" : t, r);
+import { jsx as Oe } from "react/jsx-runtime";
+import Rt, { useSyncExternalStore as bt, useCallback as D, useEffect as xe, createContext as _t, useReducer as It, useRef as kt, useContext as vt } from "react";
 /*!
-  @versini/auth-provider v7.3.1
+  @versini/auth-provider v7.3.3
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "7.3.1",
-    buildTime: "09/05/2024 04:25 PM EDT",
+    version: "7.3.3",
+    buildTime: "09/30/2024 01:36 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-function _(e) {
+function b(e) {
   const t = new Uint8Array(e);
   let r = "";
   for (const a of t)
     r += String.fromCharCode(a);
   return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
-function ne(e) {
-  const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), o = new ArrayBuffer(a.length), s = new Uint8Array(o);
+function ie(e) {
+  const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), s = new ArrayBuffer(a.length), o = new Uint8Array(s);
   for (let i = 0; i < a.length; i++)
-    s[i] = a.charCodeAt(i);
-  return o;
+    o[i] = a.charCodeAt(i);
+  return s;
 }
-function Se() {
+function Re() {
   return window?.PublicKeyCredential !== void 0 && typeof window.PublicKeyCredential == "function";
 }
-function We(e) {
+function Ge(e) {
   const { id: t } = e;
   return {
     ...e,
-    id: ne(t),
+    id: ie(t),
     transports: e.transports
   };
 }
-function Ye(e) {
+function Me(e) {
   return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
 }
 class S extends Error {
@@ -48,7 +48,7 @@ class S extends Error {
     super(t, { cause: n }), this.name = a ?? n.name, this.code = r;
   }
 }
-function _t({ error: e, options: t }) {
+function Ot({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
@@ -97,7 +97,7 @@ function _t({ error: e, options: t }) {
       });
     if (e.name === "SecurityError") {
       const n = window.location.hostname;
-      if (Ye(n)) {
+      if (Me(n)) {
         if (r.rp.id !== n)
           return new S({
             message: `The RP ID "${r.rp.id}" is invalid for this domain`,
@@ -125,7 +125,7 @@ function _t({ error: e, options: t }) {
   }
   return e;
 }
-class It {
+class Pt {
   createNewAbortSignal() {
     if (this.controller) {
       const r = new Error("Cancelling existing WebAuthn API call for new one");
@@ -141,63 +141,63 @@ class It {
     }
   }
 }
-const xe = new It(), bt = ["cross-platform", "platform"];
-function Je(e) {
-  if (e && !(bt.indexOf(e) < 0))
+const Ve = new Pt(), Ct = ["cross-platform", "platform"];
+function je(e) {
+  if (e && !(Ct.indexOf(e) < 0))
     return e;
 }
-async function vt(e) {
-  if (!Se())
+async function Nt(e) {
+  if (!Re())
     throw new Error("WebAuthn is not supported in this browser");
   const r = { publicKey: {
     ...e,
-    challenge: ne(e.challenge),
+    challenge: ie(e.challenge),
     user: {
       ...e.user,
-      id: ne(e.user.id)
+      id: ie(e.user.id)
     },
-    excludeCredentials: e.excludeCredentials?.map(We)
+    excludeCredentials: e.excludeCredentials?.map(Ge)
   } };
-  r.signal = xe.createNewAbortSignal();
+  r.signal = Ve.createNewAbortSignal();
   let n;
   try {
     n = await navigator.credentials.create(r);
   } catch (l) {
-    throw _t({ error: l, options: r });
+    throw Ot({ error: l, options: r });
   }
   if (!n)
     throw new Error("Registration was not completed");
-  const { id: a, rawId: o, response: s, type: i } = n;
+  const { id: a, rawId: s, response: o, type: i } = n;
   let c;
-  typeof s.getTransports == "function" && (c = s.getTransports());
+  typeof o.getTransports == "function" && (c = o.getTransports());
   let h;
-  if (typeof s.getPublicKeyAlgorithm == "function")
+  if (typeof o.getPublicKeyAlgorithm == "function")
     try {
-      h = s.getPublicKeyAlgorithm();
+      h = o.getPublicKeyAlgorithm();
     } catch (l) {
-      he("getPublicKeyAlgorithm()", l);
+      ge("getPublicKeyAlgorithm()", l);
     }
   let y;
-  if (typeof s.getPublicKey == "function")
+  if (typeof o.getPublicKey == "function")
     try {
-      const l = s.getPublicKey();
-      l !== null && (y = _(l));
+      const l = o.getPublicKey();
+      l !== null && (y = b(l));
     } catch (l) {
-      he("getPublicKey()", l);
+      ge("getPublicKey()", l);
     }
   let p;
-  if (typeof s.getAuthenticatorData == "function")
+  if (typeof o.getAuthenticatorData == "function")
     try {
-      p = _(s.getAuthenticatorData());
+      p = b(o.getAuthenticatorData());
     } catch (l) {
-      he("getAuthenticatorData()", l);
+      ge("getAuthenticatorData()", l);
     }
   return {
     id: a,
-    rawId: _(o),
+    rawId: b(s),
     response: {
-      attestationObject: _(s.attestationObject),
-      clientDataJSON: _(s.clientDataJSON),
+      attestationObject: b(o.attestationObject),
+      clientDataJSON: b(o.clientDataJSON),
       transports: c,
       publicKeyAlgorithm: h,
       publicKey: y,
@@ -205,20 +205,20 @@ async function vt(e) {
     },
     type: i,
     clientExtensionResults: n.getClientExtensionResults(),
-    authenticatorAttachment: Je(n.authenticatorAttachment)
+    authenticatorAttachment: je(n.authenticatorAttachment)
   };
 }
-function he(e, t) {
+function ge(e, t) {
   console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
 `, t);
 }
-function Ot() {
-  if (!Se())
+function Dt() {
+  if (!Re())
     return new Promise((t) => t(!1));
   const e = window.PublicKeyCredential;
   return e.isConditionalMediationAvailable === void 0 ? new Promise((t) => t(!1)) : e.isConditionalMediationAvailable();
 }
-function kt({ error: e, options: t }) {
+function Kt({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
@@ -238,7 +238,7 @@ function kt({ error: e, options: t }) {
       });
     if (e.name === "SecurityError") {
       const n = window.location.hostname;
-      if (Ye(n)) {
+      if (Me(n)) {
         if (r.rpId !== n)
           return new S({
             message: `The RP ID "${r.rpId}" is invalid for this domain`,
@@ -259,69 +259,69 @@ function kt({ error: e, options: t }) {
   }
   return e;
 }
-async function Pt(e, t = !1) {
-  if (!Se())
+async function Ut(e, t = !1) {
+  if (!Re())
     throw new Error("WebAuthn is not supported in this browser");
   let r;
-  e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(We));
+  e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(Ge));
   const n = {
     ...e,
-    challenge: ne(e.challenge),
+    challenge: ie(e.challenge),
     allowCredentials: r
   }, a = {};
   if (t) {
-    if (!await Ot())
+    if (!await Dt())
       throw Error("Browser does not support WebAuthn autofill");
     if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1)
       throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
     a.mediation = "conditional", n.allowCredentials = [];
   }
-  a.publicKey = n, a.signal = xe.createNewAbortSignal();
-  let o;
+  a.publicKey = n, a.signal = Ve.createNewAbortSignal();
+  let s;
   try {
-    o = await navigator.credentials.get(a);
+    s = await navigator.credentials.get(a);
   } catch (p) {
-    throw kt({ error: p, options: a });
+    throw Kt({ error: p, options: a });
   }
-  if (!o)
+  if (!s)
     throw new Error("Authentication was not completed");
-  const { id: s, rawId: i, response: c, type: h } = o;
+  const { id: o, rawId: i, response: c, type: h } = s;
   let y;
-  return c.userHandle && (y = _(c.userHandle)), {
-    id: s,
-    rawId: _(i),
+  return c.userHandle && (y = b(c.userHandle)), {
+    id: o,
+    rawId: b(i),
     response: {
-      authenticatorData: _(c.authenticatorData),
-      clientDataJSON: _(c.clientDataJSON),
-      signature: _(c.signature),
+      authenticatorData: b(c.authenticatorData),
+      clientDataJSON: b(c.clientDataJSON),
+      signature: b(c.signature),
       userHandle: y
     },
     type: h,
-    clientExtensionResults: o.getClientExtensionResults(),
-    authenticatorAttachment: Je(o.authenticatorAttachment)
+    clientExtensionResults: s.getClientExtensionResults(),
+    authenticatorAttachment: je(s.authenticatorAttachment)
   };
 }
 /*!
-  @versini/auth-common v4.1.1
+  @versini/auth-common v4.1.3
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.1.1",
-    buildTime: "09/05/2024 04:25 PM EDT",
+    version: "4.1.3",
+    buildTime: "09/30/2024 01:36 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const W = {
+const G = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, Ge = {
+}, Fe = {
   CLIENT_ID: "X-Auth-ClientId"
 }, f = {
   ALG: "RS256",
@@ -336,7 +336,7 @@ const W = {
   SCOPES_KEY: "scopes",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, Ct = `-----BEGIN PUBLIC KEY-----
+}, $t = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -344,34 +344,34 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, ie = {
+-----END PUBLIC KEY-----`, de = {
   CODE: "code",
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh"
-}, ce = crypto, Me = (e) => e instanceof CryptoKey, B = new TextEncoder(), M = new TextDecoder();
-function Nt(...e) {
-  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
+}, he = crypto, Be = (e) => e instanceof CryptoKey, Z = new TextEncoder(), q = new TextDecoder();
+function Ht(...e) {
+  const t = e.reduce((a, { length: s }) => a + s, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-const Dt = (e) => {
+const Lt = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
   return r;
-}, G = (e) => {
+}, P = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = M.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = q.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return Dt(t);
+    return Lt(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class D extends Error {
+class K extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -380,7 +380,7 @@ class D extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
-class R extends D {
+class R extends K {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
@@ -388,7 +388,7 @@ class R extends D {
     super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ve extends D {
+class Pe extends K {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
@@ -396,7 +396,7 @@ class ve extends D {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class Ut extends D {
+class Wt extends K {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -404,7 +404,7 @@ class Ut extends D {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class k extends D {
+class _ extends K {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -412,7 +412,7 @@ class k extends D {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-class w extends D {
+class w extends K {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -420,7 +420,7 @@ class w extends D {
     return "ERR_JWS_INVALID";
   }
 }
-let v = class extends D {
+let v = class extends K {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -428,7 +428,7 @@ let v = class extends D {
     return "ERR_JWT_INVALID";
   }
 };
-class Kt extends D {
+class Jt extends K {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -436,16 +436,16 @@ class Kt extends D {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function b(e, t = "algorithm.name") {
+function k(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function q(e, t) {
+function ee(e, t) {
   return e.name === t;
 }
-function pe(e) {
+function Ee(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function Lt(e) {
+function Yt(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -457,7 +457,7 @@ function Lt(e) {
       throw new Error("unreachable");
   }
 }
-function $t(e, t) {
+function xt(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -467,71 +467,71 @@ function $t(e, t) {
     throw new TypeError(r);
   }
 }
-function Ht(e, t, ...r) {
+function Gt(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!q(e.algorithm, "HMAC"))
-        throw b("HMAC");
+      if (!ee(e.algorithm, "HMAC"))
+        throw k("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (pe(e.algorithm.hash) !== n)
-        throw b(`SHA-${n}`, "algorithm.hash");
+      if (Ee(e.algorithm.hash) !== n)
+        throw k(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!q(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw b("RSASSA-PKCS1-v1_5");
+      if (!ee(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw k("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (pe(e.algorithm.hash) !== n)
-        throw b(`SHA-${n}`, "algorithm.hash");
+      if (Ee(e.algorithm.hash) !== n)
+        throw k(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!q(e.algorithm, "RSA-PSS"))
-        throw b("RSA-PSS");
+      if (!ee(e.algorithm, "RSA-PSS"))
+        throw k("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (pe(e.algorithm.hash) !== n)
-        throw b(`SHA-${n}`, "algorithm.hash");
+      if (Ee(e.algorithm.hash) !== n)
+        throw k(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw b("Ed25519 or Ed448");
+        throw k("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!q(e.algorithm, "ECDSA"))
-        throw b("ECDSA");
-      const n = Lt(t);
+      if (!ee(e.algorithm, "ECDSA"))
+        throw k("ECDSA");
+      const n = Yt(t);
       if (e.algorithm.namedCurve !== n)
-        throw b(n, "algorithm.namedCurve");
+        throw k(n, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  $t(e, r);
+  xt(e, r);
 }
-function Ve(e, t, ...r) {
+function qe(e, t, ...r) {
   var n;
-  if (r.length > 2) {
+  if (r = r.filter(Boolean), r.length > 2) {
     const a = r.pop();
     e += `one of type ${r.join(", ")}, or ${a}.`;
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const Oe = (e, ...t) => Ve("Key must be ", e, ...t);
-function je(e, t, ...r) {
-  return Ve(`Key for the ${e} algorithm must be `, t, ...r);
+const Ce = (e, ...t) => qe("Key must be ", e, ...t);
+function ze(e, t, ...r) {
+  return qe(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Fe = (e) => Me(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ae = ["CryptoKey"], Wt = (...e) => {
+const Qe = (e) => Be(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ce = ["CryptoKey"], Mt = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -542,19 +542,19 @@ const Fe = (e) => Me(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ae = ["C
       r = new Set(a);
       continue;
     }
-    for (const o of a) {
-      if (r.has(o))
+    for (const s of a) {
+      if (r.has(s))
         return !1;
-      r.add(o);
+      r.add(s);
     }
   }
   return !0;
 };
-function Yt(e) {
+function Vt(e) {
   return typeof e == "object" && e !== null;
 }
-function se(e) {
-  if (!Yt(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function M(e) {
+  if (!Vt(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -563,14 +563,26 @@ function se(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const xt = (e, t) => {
+const jt = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function Jt(e) {
+function j(e) {
+  return M(e) && typeof e.kty == "string";
+}
+function Ft(e) {
+  return e.kty !== "oct" && typeof e.d == "string";
+}
+function Bt(e) {
+  return e.kty !== "oct" && typeof e.d > "u";
+}
+function qt(e) {
+  return j(e) && e.kty === "oct" && typeof e.k == "string";
+}
+function zt(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -595,7 +607,7 @@ function Jt(e) {
           }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -617,7 +629,7 @@ function Jt(e) {
           t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -633,52 +645,52 @@ function Jt(e) {
           t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
     default:
-      throw new k('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+      throw new _('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
   return { algorithm: t, keyUsages: r };
 }
-const Gt = async (e) => {
+const Xe = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Jt(e), n = [
+  const { algorithm: t, keyUsages: r } = zt(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
   ], a = { ...e };
-  return delete a.alg, delete a.use, ce.subtle.importKey("jwk", a, ...n);
-}, Be = (e) => G(e);
-let ye, fe;
-const qe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ze = async (e, t, r, n) => {
-  let a = e.get(t);
-  if (a != null && a[n])
-    return a[n];
-  const o = await Gt({ ...r, alg: n });
-  return a ? a[n] = o : e.set(t, { [n]: o }), o;
-}, Mt = (e, t) => {
-  if (qe(e)) {
+  return delete a.alg, delete a.use, he.subtle.importKey("jwk", a, ...n);
+}, Ze = (e) => P(e);
+let $, H;
+const et = (e) => e?.[Symbol.toStringTag] === "KeyObject", ue = async (e, t, r, n, a = !1) => {
+  let s = e.get(t);
+  if (s != null && s[n])
+    return s[n];
+  const o = await Xe({ ...r, alg: n });
+  return a && Object.freeze(t), s ? s[n] = o : e.set(t, { [n]: o }), o;
+}, Qt = (e, t) => {
+  if (et(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Be(r.k) : (fe || (fe = /* @__PURE__ */ new WeakMap()), ze(fe, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Ze(r.k) : (H || (H = /* @__PURE__ */ new WeakMap()), ue(H, e, r, t));
   }
-  return e;
-}, Vt = (e, t) => {
-  if (qe(e)) {
+  return j(e) ? e.k ? P(e.k) : (H || (H = /* @__PURE__ */ new WeakMap()), ue(H, e, e, t, !0)) : e;
+}, Xt = (e, t) => {
+  if (et(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Be(r.k) : (ye || (ye = /* @__PURE__ */ new WeakMap()), ze(ye, e, r, t));
+    return r.k ? Ze(r.k) : ($ || ($ = /* @__PURE__ */ new WeakMap()), ue($, e, r, t));
   }
-  return e;
-}, jt = { normalizePublicKey: Mt, normalizePrivateKey: Vt }, O = (e, t, r = 0) => {
+  return j(e) ? e.k ? P(e.k) : ($ || ($ = /* @__PURE__ */ new WeakMap()), ue($, e, e, t, !0)) : e;
+}, Zt = { normalizePublicKey: Qt, normalizePrivateKey: Xt }, O = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((o, s) => o === t[s]) || O(e, t, n + 1);
-}, ke = (e) => {
+  return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) || O(e, t, n + 1);
+}, Ne = (e) => {
   switch (!0) {
     case O(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -695,106 +707,156 @@ const qe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ze = async (e, t, r,
     case O(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new k("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new _("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, Ft = async (e, t, r, n, a) => {
-  let o, s;
+}, er = async (e, t, r, n, a) => {
+  let s, o;
   const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      o = {
+      s = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
-      }, s = ["encrypt", "wrapKey"];
+      }, o = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      o = { name: "ECDSA", namedCurve: "P-256" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
       break;
     case "ES384":
-      o = { name: "ECDSA", namedCurve: "P-384" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
       break;
     case "ES512":
-      o = { name: "ECDSA", namedCurve: "P-521" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = ke(i);
-      o = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, s = [];
+      const c = Ne(i);
+      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, o = [];
       break;
     }
     case "EdDSA":
-      o = { name: ke(i) }, s = ["verify"];
+      s = { name: Ne(i) }, o = ["verify"];
       break;
     default:
-      throw new k('Invalid or unsupported "alg" (Algorithm) value');
+      throw new _('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return ce.subtle.importKey(t, i, o, !1, s);
-}, Bt = (e, t, r) => Ft(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function qt(e, t, r) {
+  return he.subtle.importKey(t, i, s, !1, o);
+}, tr = (e, t, r) => er(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function rr(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Bt(e, t);
+  return tr(e, t);
+}
+async function nr(e, t) {
+  if (!M(e))
+    throw new TypeError("JWK must be an object");
+  switch (t || (t = e.alg), e.kty) {
+    case "oct":
+      if (typeof e.k != "string" || !e.k)
+        throw new TypeError('missing "k" (Key Value) Parameter value');
+      return P(e.k);
+    case "RSA":
+      if (e.oth !== void 0)
+        throw new _('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
+    case "EC":
+    case "OKP":
+      return Xe({ ...e, alg: t });
+    default:
+      throw new _('Unsupported "kty" (Key Type) Parameter value');
+  }
 }
-const te = (e) => e?.[Symbol.toStringTag], zt = (e, t) => {
+const x = (e) => e?.[Symbol.toStringTag], Te = (e, t, r) => {
+  var n, a;
+  if (t.use !== void 0 && t.use !== "sig")
+    throw new TypeError("Invalid key for this operation, when present its use must be sig");
+  if (t.key_ops !== void 0 && ((a = (n = t.key_ops).includes) == null ? void 0 : a.call(n, r)) !== !0)
+    throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);
+  if (t.alg !== void 0 && t.alg !== e)
+    throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);
+  return !0;
+}, ar = (e, t, r, n) => {
   if (!(t instanceof Uint8Array)) {
-    if (!Fe(t))
-      throw new TypeError(je(e, t, ...ae, "Uint8Array"));
+    if (n && j(t)) {
+      if (qt(t) && Te(e, t, r))
+        return;
+      throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
+    }
+    if (!Qe(t))
+      throw new TypeError(ze(e, t, ...ce, "Uint8Array", n ? "JSON Web Key" : null));
     if (t.type !== "secret")
-      throw new TypeError(`${te(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${x(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Qt = (e, t, r) => {
-  if (!Fe(t))
-    throw new TypeError(je(e, t, ...ae));
+}, or = (e, t, r, n) => {
+  if (n && j(t))
+    switch (r) {
+      case "sign":
+        if (Ft(t) && Te(e, t, r))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a private JWK");
+      case "verify":
+        if (Bt(t) && Te(e, t, r))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a public JWK");
+    }
+  if (!Qe(t))
+    throw new TypeError(ze(e, t, ...ce, n ? "JSON Web Key" : null));
   if (t.type === "secret")
-    throw new TypeError(`${te(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${x(t)} instances for asymmetric algorithms must not be of type "secret"`);
+  if (r === "sign" && t.type === "public")
+    throw new TypeError(`${x(t)} instances for asymmetric algorithm signing must be of type "private"`);
+  if (r === "decrypt" && t.type === "public")
+    throw new TypeError(`${x(t)} instances for asymmetric algorithm decryption must be of type "private"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${te(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${x(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${te(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, Xt = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? zt(e, t) : Qt(e, t, r);
+    throw new TypeError(`${x(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 };
-function Zt(e, t, r, n, a) {
+function tt(e, t, r, n) {
+  t.startsWith("HS") || t === "dir" || t.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(t) ? ar(t, r, n, e) : or(t, r, n, e);
+}
+tt.bind(void 0, !1);
+const De = tt.bind(void 0, !0);
+function sr(e, t, r, n, a) {
   if (a.crit !== void 0 && n?.crit === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((s) => typeof s != "string" || s.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let o;
-  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
-  for (const s of n.crit) {
-    if (!o.has(s))
-      throw new k(`Extension Header Parameter "${s}" is not recognized`);
-    if (a[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" is missing`);
-    if (o.get(s) && n[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`);
+  let s;
+  r !== void 0 ? s = new Map([...Object.entries(r), ...t.entries()]) : s = t;
+  for (const o of n.crit) {
+    if (!s.has(o))
+      throw new _(`Extension Header Parameter "${o}" is not recognized`);
+    if (a[o] === void 0)
+      throw new e(`Extension Header Parameter "${o}" is missing`);
+    if (s.get(o) && n[o] === void 0)
+      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const er = (e, t) => {
+const ir = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function tr(e, t) {
+function cr(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -816,31 +878,31 @@ function tr(e, t) {
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new _(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function rr(e, t, r) {
-  if (t = await jt.normalizePublicKey(t, e), Me(t))
-    return Ht(t, e, r), t;
+async function ur(e, t, r) {
+  if (t = await Zt.normalizePublicKey(t, e), Be(t))
+    return Gt(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(Oe(t, ...ae));
-    return ce.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+      throw new TypeError(Ce(t, ...ce));
+    return he.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(Oe(t, ...ae, "Uint8Array"));
+  throw new TypeError(Ce(t, ...ce, "Uint8Array", "JSON Web Key"));
 }
-const nr = async (e, t, r, n) => {
-  const a = await rr(e, t, "verify");
-  xt(e, a);
-  const o = tr(e, a.algorithm);
+const lr = async (e, t, r, n) => {
+  const a = await ur(e, t, "verify");
+  jt(e, a);
+  const s = cr(e, a.algorithm);
   try {
-    return await ce.subtle.verify(o, a, r, n);
+    return await he.subtle.verify(s, a, r, n);
   } catch {
     return !1;
   }
 };
-async function ar(e, t, r) {
-  if (!se(e))
+async function dr(e, t, r) {
+  if (!M(e))
     throw new w("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new w('Flattened JWS must have either of the "protected" or "header" members');
@@ -850,69 +912,69 @@ async function ar(e, t, r) {
     throw new w("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new w("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !se(e.header))
+  if (e.header !== void 0 && !M(e.header))
     throw new w("JWS Unprotected Header incorrect type");
   let n = {};
   if (e.protected)
     try {
-      const T = G(e.protected);
-      n = JSON.parse(M.decode(T));
+      const T = P(e.protected);
+      n = JSON.parse(q.decode(T));
     } catch {
       throw new w("JWS Protected Header is invalid");
     }
-  if (!Wt(n, e.header))
+  if (!Mt(n, e.header))
     throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, o = Zt(w, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
-  let s = !0;
-  if (o.has("b64") && (s = n.b64, typeof s != "boolean"))
+  }, s = sr(w, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
+  let o = !0;
+  if (s.has("b64") && (o = n.b64, typeof o != "boolean"))
     throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: i } = a;
   if (typeof i != "string" || !i)
     throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = r && er("algorithms", r.algorithms);
+  const c = r && ir("algorithms", r.algorithms);
   if (c && !c.has(i))
-    throw new Ut('"alg" (Algorithm) Header Parameter value not allowed');
-  if (s) {
+    throw new Wt('"alg" (Algorithm) Header Parameter value not allowed');
+  if (o) {
     if (typeof e.payload != "string")
       throw new w("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new w("JWS Payload must be a string or an Uint8Array instance");
   let h = !1;
-  typeof t == "function" && (t = await t(n, e), h = !0), Xt(i, t, "verify");
-  const y = Nt(B.encode(e.protected ?? ""), B.encode("."), typeof e.payload == "string" ? B.encode(e.payload) : e.payload);
+  typeof t == "function" ? (t = await t(n, e), h = !0, De(i, t, "verify"), j(t) && (t = await nr(t, i))) : De(i, t, "verify");
+  const y = Ht(Z.encode(e.protected ?? ""), Z.encode("."), typeof e.payload == "string" ? Z.encode(e.payload) : e.payload);
   let p;
   try {
-    p = G(e.signature);
+    p = P(e.signature);
   } catch {
     throw new w("Failed to base64url decode the signature");
   }
-  if (!await nr(i, t, p, y))
-    throw new Kt();
+  if (!await lr(i, t, p, y))
+    throw new Jt();
   let l;
-  if (s)
+  if (o)
     try {
-      l = G(e.payload);
+      l = P(e.payload);
     } catch {
       throw new w("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? l = B.encode(e.payload) : l = e.payload;
+  else typeof e.payload == "string" ? l = Z.encode(e.payload) : l = e.payload;
   const A = { payload: l };
   return e.protected !== void 0 && (A.protectedHeader = n), e.header !== void 0 && (A.unprotectedHeader = e.header), h ? { ...A, key: t } : A;
 }
-async function sr(e, t, r) {
-  if (e instanceof Uint8Array && (e = M.decode(e)), typeof e != "string")
+async function hr(e, t, r) {
+  if (e instanceof Uint8Array && (e = q.decode(e)), typeof e != "string")
     throw new w("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: o, length: s } = e.split(".");
-  if (s !== 3)
+  const { 0: n, 1: a, 2: s, length: o } = e.split(".");
+  if (o !== 3)
     throw new w("Invalid Compact JWS");
-  const i = await ar({ payload: a, protected: n, signature: o }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  const i = await dr({ payload: a, protected: n, signature: s }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const or = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe * 24, ir = Ae * 7, cr = Ae * 365.25, ur = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Pe = (e) => {
-  const t = ur.exec(e);
+const pr = (e) => Math.floor(e.getTime() / 1e3), rt = 60, nt = rt * 60, be = nt * 24, yr = be * 7, fr = be * 365.25, gr = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Ke = (e) => {
+  const t = gr.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -930,56 +992,56 @@ const or = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
     case "min":
     case "mins":
     case "m":
-      a = Math.round(r * Qe);
+      a = Math.round(r * rt);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      a = Math.round(r * Xe);
+      a = Math.round(r * nt);
       break;
     case "day":
     case "days":
     case "d":
-      a = Math.round(r * Ae);
+      a = Math.round(r * be);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * ir);
+      a = Math.round(r * yr);
       break;
     default:
-      a = Math.round(r * cr);
+      a = Math.round(r * fr);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, Ce = (e) => e.toLowerCase().replace(/^application\//, ""), lr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, dr = (e, t, r = {}) => {
+}, Ue = (e) => e.toLowerCase().replace(/^application\//, ""), Er = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, mr = (e, t, r = {}) => {
   let n;
   try {
-    n = JSON.parse(M.decode(t));
+    n = JSON.parse(q.decode(t));
   } catch {
   }
-  if (!se(n))
+  if (!M(n))
     throw new v("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || Ce(e.typ) !== Ce(a)))
+  if (a && (typeof e.typ != "string" || Ue(e.typ) !== Ue(a)))
     throw new R('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: o = [], issuer: s, subject: i, audience: c, maxTokenAge: h } = r, y = [...o];
-  h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), s !== void 0 && y.push("iss");
+  const { requiredClaims: s = [], issuer: o, subject: i, audience: c, maxTokenAge: h } = r, y = [...s];
+  h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), o !== void 0 && y.push("iss");
   for (const T of new Set(y.reverse()))
     if (!(T in n))
       throw new R(`missing required "${T}" claim`, n, T, "missing");
-  if (s && !(Array.isArray(s) ? s : [s]).includes(n.iss))
+  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
     throw new R('unexpected "iss" claim value', n, "iss", "check_failed");
   if (i && n.sub !== i)
     throw new R('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (c && !lr(n.aud, typeof c == "string" ? [c] : c))
+  if (c && !Er(n.aud, typeof c == "string" ? [c] : c))
     throw new R('unexpected "aud" claim value', n, "aud", "check_failed");
   let p;
   switch (typeof r.clockTolerance) {
     case "string":
-      p = Pe(r.clockTolerance);
+      p = Ke(r.clockTolerance);
       break;
     case "number":
       p = r.clockTolerance;
@@ -990,7 +1052,7 @@ const or = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: l } = r, A = or(l || /* @__PURE__ */ new Date());
+  const { currentDate: l } = r, A = pr(l || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || h) && typeof n.iat != "number")
     throw new R('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -1003,27 +1065,27 @@ const or = (e) => Math.floor(e.getTime() / 1e3), Qe = 60, Xe = Qe * 60, Ae = Xe
     if (typeof n.exp != "number")
       throw new R('"exp" claim must be a number', n, "exp", "invalid");
     if (n.exp <= A - p)
-      throw new ve('"exp" claim timestamp check failed', n, "exp", "check_failed");
+      throw new Pe('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (h) {
-    const T = A - n.iat, le = typeof h == "number" ? h : Pe(h);
-    if (T - p > le)
-      throw new ve('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
+    const T = A - n.iat, ye = typeof h == "number" ? h : Ke(h);
+    if (T - p > ye)
+      throw new Pe('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (T < 0 - p)
       throw new R('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 };
-async function hr(e, t, r) {
+async function wr(e, t, r) {
   var n;
-  const a = await sr(e, t, r);
+  const a = await hr(e, t, r);
   if ((n = a.protectedHeader.crit) != null && n.includes("b64") && a.protectedHeader.b64 === !1)
     throw new v("JWTs MUST NOT use unencoded payload");
-  const o = { payload: dr(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
-  return typeof t == "function" ? { ...o, key: a.key } : o;
+  const s = { payload: mr(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
+  return typeof t == "function" ? { ...s, key: a.key } : s;
 }
-const pr = G;
-function yr(e) {
+const Sr = P;
+function Ar(e) {
   if (typeof e != "string")
     throw new v("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -1035,152 +1097,152 @@ function yr(e) {
     throw new v("JWTs must contain a payload");
   let n;
   try {
-    n = pr(t);
+    n = Sr(t);
   } catch {
     throw new v("Failed to base64url decode the payload");
   }
   let a;
   try {
-    a = JSON.parse(M.decode(n));
+    a = JSON.parse(q.decode(n));
   } catch {
     throw new v("Failed to parse the decoded payload as JSON");
   }
-  if (!se(a))
+  if (!M(a))
     throw new v("Invalid JWT Claims Set");
   return a;
 }
-const Y = async (e) => {
+const V = async (e) => {
   try {
-    const t = f.ALG, r = await qt(Ct, t);
-    return await hr(e, r, {
+    const t = f.ALG, r = await rr($t, t);
+    return await wr(e, r, {
       issuer: f.ISSUER
     });
   } catch {
     return;
   }
-}, fr = (e) => {
+}, Tr = (e) => {
   try {
-    return yr(e);
+    return Ar(e);
   } catch {
     return;
   }
 };
 var E = [];
-for (var ge = 0; ge < 256; ++ge)
-  E.push((ge + 256).toString(16).slice(1));
-function gr(e, t = 0) {
+for (var me = 0; me < 256; ++me)
+  E.push((me + 256).toString(16).slice(1));
+function Rr(e, t = 0) {
   return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
 }
-var z, Er = new Uint8Array(16);
-function mr() {
-  if (!z && (z = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !z))
+var te, br = new Uint8Array(16);
+function _r() {
+  if (!te && (te = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !te))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return z(Er);
+  return te(br);
 }
-var wr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const Ne = {
-  randomUUID: wr
+var Ir = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const $e = {
+  randomUUID: Ir
 };
-function De(e, t, r) {
-  if (Ne.randomUUID && !t && !e)
-    return Ne.randomUUID();
+function He(e, t, r) {
+  if ($e.randomUUID && !t && !e)
+    return $e.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || mr)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, gr(n);
+  var n = e.random || (e.rng || _r)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Rr(n);
 }
-const Ue = globalThis.crypto, Sr = (e) => `${De()}${De()}`.slice(0, e), Ar = (e) => btoa(
+const Le = globalThis.crypto, kr = (e) => `${He()}${He()}`.slice(0, e), vr = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function Tr(e) {
-  if (!Ue.subtle)
+async function Or(e) {
+  if (!Le.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await Ue.subtle.digest("SHA-256", t);
-  return Ar(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await Le.subtle.digest("SHA-256", t);
+  return vr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function Rr(e) {
-  const r = Sr(43), n = await Tr(r);
+async function Pr(e) {
+  const r = kr(43), n = await Or(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-const Fr = async (e, t) => {
+const en = async (e, t) => {
   var r;
-  const n = await Y(e);
+  const n = await V(e);
   if (!n || !Array.isArray((r = n.payload) == null ? void 0 : r[f.SCOPES_KEY]))
     return !1;
   const a = n.payload[f.SCOPES_KEY];
-  return Array.isArray(t) ? t.every((o) => a.includes(o)) : Object.keys(t).some(
-    (o) => t[o].every((s) => a.includes(s))
+  return Array.isArray(t) ? t.every((s) => a.includes(s)) : Object.keys(t).some(
+    (s) => t[s].every((o) => a.includes(o))
   );
 };
-function Ze(e, t) {
+function at(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const Ke = (e, t) => {
+const We = (e, t) => {
   const r = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, r), Ze(e, r);
-}, _r = (e) => {
-  window.localStorage.removeItem(e), Ze(e, null);
-}, Le = (e) => window.localStorage.getItem(e), Ir = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function Q({
+  window.localStorage.setItem(e, r), at(e, r);
+}, Cr = (e) => {
+  window.localStorage.removeItem(e), at(e, null);
+}, Je = (e) => window.localStorage.getItem(e), Nr = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function re({
   key: e,
   initialValue: t
 }) {
-  const r = wt(Ir, () => Le(e)), n = N(
-    (s) => {
+  const r = bt(Nr, () => Je(e)), n = D(
+    (o) => {
       try {
-        const i = typeof s == "function" ? s(JSON.parse(r)) : s;
-        i == null ? _r(e) : Ke(e, i);
+        const i = typeof o == "function" ? o(JSON.parse(r)) : o;
+        i == null ? Cr(e) : We(e, i);
       } catch (i) {
         console.warn(i);
       }
     },
     [e, r]
-  ), a = N(() => {
+  ), a = D(() => {
     n(t);
-  }, [t, n]), o = N(() => {
+  }, [t, n]), s = D(() => {
     n(null);
   }, [n]);
-  return He(() => {
+  return xe(() => {
     try {
-      Le(e) === null && typeof t < "u" && Ke(e, t);
-    } catch (s) {
-      console.warn(s);
+      Je(e) === null && typeof t < "u" && We(e, t);
+    } catch (o) {
+      console.warn(o);
     }
-  }, [e, t]), [r ? JSON.parse(r) : null, n, a, o];
+  }, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
 }
 var m = [];
-for (var Ee = 0; Ee < 256; ++Ee)
-  m.push((Ee + 256).toString(16).slice(1));
-function br(e, t = 0) {
+for (var we = 0; we < 256; ++we)
+  m.push((we + 256).toString(16).slice(1));
+function Dr(e, t = 0) {
   return (m[e[t + 0]] + m[e[t + 1]] + m[e[t + 2]] + m[e[t + 3]] + "-" + m[e[t + 4]] + m[e[t + 5]] + "-" + m[e[t + 6]] + m[e[t + 7]] + "-" + m[e[t + 8]] + m[e[t + 9]] + "-" + m[e[t + 10]] + m[e[t + 11]] + m[e[t + 12]] + m[e[t + 13]] + m[e[t + 14]] + m[e[t + 15]]).toLowerCase();
 }
-var X, vr = new Uint8Array(16);
-function Or() {
-  if (!X && (X = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !X))
+var ne, Kr = new Uint8Array(16);
+function Ur() {
+  if (!ne && (ne = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !ne))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return X(vr);
+  return ne(Kr);
 }
-var kr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const $e = {
-  randomUUID: kr
+var $r = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const Ye = {
+  randomUUID: $r
 };
-function me(e, t, r) {
-  if ($e.randomUUID && !t && !e)
-    return $e.randomUUID();
+function Se(e, t, r) {
+  if (Ye.randomUUID && !t && !e)
+    return Ye.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Or)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, br(n);
+  var n = e.random || (e.rng || Ur)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Dr(n);
 }
-const K = "Your session has expired. For your security, please log in again to continue.", Pr = "Your session has been successfully terminated.", we = "Login failed. Please try again.", Cr = "Error getting access token, please re-authenticate.", Nr = "You forgot to wrap your component in <AuthProvider>.", oe = {
+const L = "Your session has expired. For your security, please log in again to continue.", Hr = "Your session has been successfully terminated.", Ae = "Login failed. Please try again.", Lr = "Error getting access token, please re-authenticate.", Wr = "You forgot to wrap your component in <AuthProvider>.", le = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com/auth"
-}, Z = "@@auth@@", J = "LOADING", re = "LOGIN", et = "LOGOUT", V = "success", I = "failure", tt = "include", rt = "POST", nt = "application/json", ee = {
+}, ae = "@@auth@@", B = "LOADING", se = "LOGIN", ot = "LOGOUT", z = "success", I = "failure", st = "include", it = "POST", ct = "application/json", oe = {
   GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
 	$clientId: String!,
 	$username: String!,
@@ -1261,39 +1323,39 @@ const K = "Your session has expired. For your security, please log in again to c
 				email
 		}
 	}`
-}, L = {
+}, W = {
   GET_REGISTRATION_OPTIONS: {
-    schema: ee.GET_REGISTRATION_OPTIONS,
+    schema: oe.GET_REGISTRATION_OPTIONS,
     method: "getPasskeyRegistrationOptions"
   },
   VERIFY_REGISTRATION: {
-    schema: ee.VERIFY_REGISTRATION,
+    schema: oe.VERIFY_REGISTRATION,
     method: "verifyPasskeyRegistration"
   },
   GET_AUTHENTICATION_OPTIONS: {
-    schema: ee.GET_AUTHENTICATION_OPTIONS,
+    schema: oe.GET_AUTHENTICATION_OPTIONS,
     method: "getPasskeyAuthenticationOptions"
   },
   VERIFY_AUTHENTICATION: {
-    schema: ee.VERIFY_AUTHENTICATION,
+    schema: oe.VERIFY_AUTHENTICATION,
     method: "verifyPasskeyAuthentication"
   }
-}, $ = async ({
+}, J = async ({
   accessToken: e,
   type: t,
   clientId: r,
   params: n = {}
 }) => {
   try {
-    const a = `Bearer ${e}`, o = await fetch(
-      at ? `${oe.dev}/graphql` : `${oe.prod}/graphql`,
+    const a = `Bearer ${e}`, s = await fetch(
+      ut ? `${le.dev}/graphql` : `${le.prod}/graphql`,
       {
-        credentials: tt,
-        method: rt,
+        credentials: st,
+        method: it,
         headers: {
           authorization: a,
-          "Content-Type": nt,
-          [Ge.CLIENT_ID]: `${r}`
+          "Content-Type": ct,
+          [Fe.CLIENT_ID]: `${r}`
         },
         body: JSON.stringify({
           query: t.schema,
@@ -1301,30 +1363,30 @@ const K = "Your session has expired. For your security, please log in again to c
         })
       }
     );
-    if (o.status !== 200)
+    if (s.status !== 200)
       return { status: I, data: [] };
-    const { data: s } = await o.json();
+    const { data: o } = await s.json();
     return {
-      status: V,
-      data: s[t.method]
+      status: z,
+      data: o[t.method]
     };
   } catch (a) {
     return console.error(a), { status: I, data: [] };
   }
-}, ue = async ({
+}, pe = async ({
   type: e,
   clientId: t,
   params: r = {}
 }) => {
   try {
     const n = await fetch(
-      at ? `${oe.dev}/${e}` : `${oe.prod}/${e}`,
+      ut ? `${le.dev}/${e}` : `${le.prod}/${e}`,
       {
-        credentials: tt,
-        method: rt,
+        credentials: st,
+        method: it,
         headers: {
-          "Content-Type": nt,
-          [Ge.CLIENT_ID]: `${t}`
+          "Content-Type": ct,
+          [Fe.CLIENT_ID]: `${t}`
         },
         body: JSON.stringify(r)
       }
@@ -1333,27 +1395,27 @@ const K = "Your session has expired. For your security, please log in again to c
       return { status: I, data: [] };
     const { data: a } = await n.json();
     return {
-      status: V,
+      status: z,
       data: a || []
     };
   } catch (n) {
     return console.error(n), { status: I, data: [] };
   }
-}, Dr = process.env.NODE_ENV === "production", at = !Dr, st = {
+}, Jr = process.env.NODE_ENV === "production", ut = !Jr, lt = {
   isLoading: !0,
   isAuthenticated: !1,
   user: void 0,
   logoutReason: "",
   debug: !1,
   authenticationType: ""
-}, Ur = (e) => {
+}, Yr = (e) => {
   try {
-    const t = fr(e);
+    const t = Tr(e);
     return t ? t[f.USER_ID_KEY] : "";
   } catch {
     return "";
   }
-}, Kr = async ({
+}, xr = async ({
   userId: e,
   clientId: t,
   domain: r,
@@ -1361,8 +1423,8 @@ const K = "Your session has expired. For your security, please log in again to c
 }) => {
   try {
     return {
-      status: (await ue({
-        type: ie.LOGOUT,
+      status: (await pe({
+        type: de.LOGOUT,
         clientId: t,
         params: {
           userId: e,
@@ -1376,34 +1438,34 @@ const K = "Your session has expired. For your security, please log in again to c
       status: I
     };
   }
-}, Lr = async ({
+}, Gr = async ({
   username: e,
   password: t,
   clientId: r,
   nonce: n,
   type: a,
-  sessionExpiration: o,
-  code: s,
+  sessionExpiration: s,
+  code: o,
   code_verifier: i,
   domain: c,
   ua: h
 }) => {
   try {
-    const y = await ue({
-      type: ie.LOGIN,
+    const y = await pe({
+      type: de.LOGIN,
       clientId: r,
       params: {
-        type: a || W.ID_AND_ACCESS_TOKEN,
+        type: a || G.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
-        sessionExpiration: o,
+        sessionExpiration: s,
         nonce: n,
-        code: s,
+        code: o,
         code_verifier: i,
         domain: c,
         ua: h
       }
-    }), p = await Y(y?.data?.idToken);
+    }), p = await V(y?.data?.idToken);
     return p && p.payload[f.USER_ID_KEY] !== "" && p.payload[f.NONCE_KEY] === n ? {
       idToken: y.data.idToken,
       accessToken: y.data.accessToken,
@@ -1419,23 +1481,23 @@ const K = "Your session has expired. For your security, please log in again to c
       status: !1
     };
   }
-}, $r = async ({
+}, Mr = async ({
   nonce: e,
   clientId: t,
   code_challenge: r
 }) => {
   try {
-    const n = await ue({
-      type: ie.CODE,
+    const n = await pe({
+      type: de.CODE,
       clientId: t,
       params: {
-        type: W.CODE,
+        type: G.CODE,
         nonce: e,
         code_challenge: r
       }
     });
     return n?.data?.code ? {
-      status: V,
+      status: z,
       data: n.data.code
     } : {
       status: I,
@@ -1447,30 +1509,30 @@ const K = "Your session has expired. For your security, please log in again to c
       data: ""
     };
   }
-}, Hr = async ({
+}, Vr = async ({
   clientId: e,
   userId: t,
   nonce: r,
   refreshToken: n,
   accessToken: a,
-  domain: o
+  domain: s
 }) => {
   try {
-    const s = await ue({
-      type: ie.REFRESH,
+    const o = await pe({
+      type: de.REFRESH,
       clientId: e,
       params: {
-        type: W.REFRESH_TOKEN,
+        type: G.REFRESH_TOKEN,
         userId: t,
         nonce: r,
         refreshToken: n,
         accessToken: a,
-        domain: o
+        domain: s
       }
-    }), i = await Y(s?.data?.accessToken);
+    }), i = await V(o?.data?.accessToken);
     return i && i.payload[f.USER_ID_KEY] !== "" && i.payload[f.NONCE_KEY] === r ? {
-      accessToken: s.data.accessToken,
-      refreshToken: s.data.refreshToken,
+      accessToken: o.data.accessToken,
+      refreshToken: o.data.refreshToken,
       userId: i.payload[f.USER_ID_KEY],
       status: !0
     } : {
@@ -1482,11 +1544,11 @@ const K = "Your session has expired. For your security, please log in again to c
     };
   }
 };
-class Wr {
+class jr {
   constructor(t = null, r = null) {
-    F(this, "refreshTokenPromise", null);
-    F(this, "accessToken");
-    F(this, "refreshToken");
+    X(this, "refreshTokenPromise", null);
+    X(this, "accessToken");
+    X(this, "refreshToken");
     this.accessToken = t || "", this.refreshToken = r || "";
   }
   async refreshtoken({
@@ -1513,9 +1575,9 @@ class Wr {
     nonce: n,
     domain: a
   }) {
-    const o = await Y(this.refreshToken);
-    if (o && o.payload[f.USER_ID_KEY] !== "") {
-      const s = await Hr({
+    const s = await V(this.refreshToken);
+    if (s && s.payload[f.USER_ID_KEY] !== "") {
+      const o = await Vr({
         clientId: t,
         userId: r,
         nonce: n,
@@ -1523,10 +1585,10 @@ class Wr {
         accessToken: this.accessToken,
         domain: a
       });
-      return s.status ? (this.accessToken = s.accessToken, this.refreshToken = s.refreshToken, {
-        status: V,
-        newAccessToken: s.accessToken,
-        newRefreshToken: s.refreshToken
+      return o.status ? (this.accessToken = o.accessToken, this.refreshToken = o.refreshToken, {
+        status: z,
+        newAccessToken: o.accessToken,
+        newRefreshToken: o.refreshToken
       }) : {
         status: I
       };
@@ -1536,108 +1598,108 @@ class Wr {
       };
   }
 }
-const Yr = (e) => N(
+const Fr = (e) => D(
   (...t) => {
     e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
   },
   [e]
-), H = () => {
-  throw new Error(Nr);
-}, ot = St({
+), Y = () => {
+  throw new Error(Wr);
+}, dt = _t({
   isAuthenticated: !1,
   isLoading: !1,
-  login: H,
-  logout: H,
-  getAccessToken: H,
-  getIdToken: H,
-  registeringForPasskey: H,
-  loginWithPasskey: H,
+  login: Y,
+  logout: Y,
+  getAccessToken: Y,
+  getIdToken: Y,
+  registeringForPasskey: Y,
+  loginWithPasskey: Y,
   logoutReason: "",
   authenticationType: ""
-}), xr = mt.createContext({
-  state: st,
+}), Br = Rt.createContext({
+  state: lt,
   dispatch: () => {
   }
-}), Jr = (e, t) => t?.type === J ? {
+}), qr = (e, t) => t?.type === B ? {
   ...e,
   isLoading: t.payload.isLoading
-} : t?.type === re ? {
+} : t?.type === se ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !0,
   user: t.payload.user,
   authenticationType: t.payload.authenticationType,
   logoutReason: ""
-} : t?.type === et ? {
+} : t?.type === ot ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !1,
   user: void 0,
   authenticationType: "",
   logoutReason: t.payload.logoutReason
-} : e, Br = ({
+} : e, tn = ({
   children: e,
   sessionExpiration: t,
   clientId: r,
   domain: n = "",
   debug: a = !1
 }) => {
-  const [o, s] = At(Jr, {
-    ...st,
+  const [s, o] = It(qr, {
+    ...lt,
     debug: a
-  }), i = Yr(a), c = Tt(!1), [h, y, , p] = Q({
-    key: `${Z}::${r}::@@user@@`
-  }), [l, A, , T] = Q({
-    key: `${Z}::${r}::@@access@@`
-  }), [le, de, , Te] = Q(
+  }), i = Fr(a), c = kt(!1), [h, y, , p] = re({
+    key: `${ae}::${r}::@@user@@`
+  }), [l, A, , T] = re({
+    key: `${ae}::${r}::@@access@@`
+  }), [ye, fe, , _e] = re(
     {
-      key: `${Z}::${r}::@@refresh@@`
+      key: `${ae}::${r}::@@refresh@@`
     }
-  ), [it, Re, , _e] = Q({
-    key: `${Z}::${r}::@@nonce@@`
-  }), ct = new Wr(l, le), j = N(() => {
-    i("removeLocalStorage: removing local storage"), p(), T(), Te(), _e();
+  ), [ht, Ie, , ke] = re({
+    key: `${ae}::${r}::@@nonce@@`
+  }), pt = new jr(l, ye), Q = D(() => {
+    i("removeLocalStorage: removing local storage"), p(), T(), _e(), ke();
   }, [
     T,
     p,
+    ke,
     _e,
-    Te,
     i
-  ]), x = N(
+  ]), F = D(
     (u) => {
       i(
         "removeStateAndLocalStorage: removing state and local storage with reason: ",
         u
-      ), s({
-        type: et,
+      ), o({
+        type: ot,
         payload: {
-          logoutReason: u || K
+          logoutReason: u || L
         }
-      }), j(), s({ type: J, payload: { isLoading: !1 } });
+      }), Q(), o({ type: B, payload: { isLoading: !1 } });
     },
-    [j, i]
-  ), P = N(
+    [Q, i]
+  ), C = D(
     async (u) => {
       i("invalidateAndLogout: invalidating and logging out");
-      const { user: g } = o, d = g?.userId || Ur(h);
+      const { user: g } = s, d = g?.userId || Yr(h);
       d || i(
         "invalidateAndLogout: user cannot be identified, logging out without userId"
-      ), await Kr({
+      ), await xr({
         userId: d,
         clientId: r,
         domain: n,
         idToken: h
-      }), x(u || K);
+      }), F(u || L);
     },
-    [h, o, r, n, x, i]
+    [h, s, r, n, F, i]
   );
-  He(() => {
+  xe(() => {
     if (!c.current)
-      return o.isLoading && h !== null ? (async () => {
+      return s.isLoading && h !== null ? (async () => {
         try {
-          const u = await Y(h);
-          u && u.payload[f.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), s({
-            type: re,
+          const u = await V(h);
+          u && u.payload[f.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), o({
+            type: se,
             payload: {
               authenticationType: u.payload[f.AUTH_TYPE_KEY],
               user: {
@@ -1646,88 +1708,88 @@ const Yr = (e) => N(
                 email: u.payload[f.EMAIL_KEY]
               }
             }
-          })) : (i("useEffect: invalid JWT, invalidating and logging out"), await P(K));
+          })) : (i("useEffect: invalid JWT, invalidating and logging out"), await C(L));
         } catch {
           i(
             "useEffect: exception validating JWT, invalidating and logging out"
-          ), await P(K);
+          ), await C(L);
         }
-      })() : (i("useEffect: setting the loading state to false"), s({ type: J, payload: { isLoading: !1 } })), () => {
+      })() : (i("useEffect: setting the loading state to false"), o({ type: B, payload: { isLoading: !1 } })), () => {
         c.current = !0;
       };
-  }, [o.isLoading, h, P, i]);
-  const ut = async (u, g) => {
-    s({ type: J, payload: { isLoading: !0 } }), j();
-    const d = me();
-    Re(d), i("login: Logging in with password");
-    const { code_verifier: C, code_challenge: ft } = await Rr(), Ie = await $r({
+  }, [s.isLoading, h, C, i]);
+  const yt = async (u, g) => {
+    o({ type: B, payload: { isLoading: !0 } }), Q();
+    const d = Se();
+    Ie(d), i("login: Logging in with password");
+    const { code_verifier: N, code_challenge: St } = await Pr(), ve = await Mr({
       nonce: d,
       clientId: r,
-      code_challenge: ft
+      code_challenge: St
     });
-    if (Ie.status) {
-      const U = await Lr({
+    if (ve.status) {
+      const U = await Gr({
         username: u,
         password: g,
         clientId: r,
         sessionExpiration: t,
         nonce: d,
-        type: W.CODE,
-        code: Ie.data,
-        code_verifier: C,
+        type: G.CODE,
+        code: ve.data,
+        code_verifier: N,
         domain: n,
         ua: navigator.userAgent
       });
-      return U.status ? (y(U.idToken), A(U.accessToken), de(U.refreshToken), s({
-        type: re,
+      return U.status ? (y(U.idToken), A(U.accessToken), fe(U.refreshToken), o({
+        type: se,
         payload: {
-          authenticationType: W.CODE,
+          authenticationType: G.CODE,
           user: {
             userId: U.userId,
             username: u,
             email: U.email
           }
         }
-      }), !0) : (x(we), !1);
+      }), !0) : (F(Ae), !1);
     }
     return !1;
-  }, lt = async (u) => {
-    u?.preventDefault(), await P(Pr);
-  }, dt = async () => {
-    const { isAuthenticated: u, user: g } = o;
+  }, ft = async (u) => {
+    u?.preventDefault(), await C(Hr);
+  }, gt = async () => {
+    const { isAuthenticated: u, user: g } = s;
     try {
       if (u && g && g.userId) {
         if (l) {
           i("getAccessToken");
-          const C = await Y(l);
-          if (C && C.payload[f.USER_ID_KEY] !== "")
+          const N = await V(l);
+          if (N && N.payload[f.USER_ID_KEY] !== "")
             return l;
         }
         i("getAccessToken: invalid access token, trying to refresh it");
-        const d = await ct.refreshtoken({
+        const d = await pt.refreshtoken({
           clientId: r,
           userId: g.userId,
-          nonce: it,
+          nonce: ht,
           domain: n
         });
-        return d.status && d.status === "success" && d.newAccessToken ? (A(d.newAccessToken), de(d.newRefreshToken), d.newAccessToken) : (i(
+        return d.status && d.status === "success" && d.newAccessToken ? (A(d.newAccessToken), fe(d.newRefreshToken), d.newAccessToken) : (i(
           "getAccessToken: invalid refresh token, need to re-authenticate"
-        ), await P(K), "");
+        ), await C(L), "");
       }
       return i(
         "getAccessToken: user is not authenticated, cannot get access token"
-      ), await P(K), "";
+      ), await C(L), "";
     } catch {
       return i(
         "getAccessToken: exception occurred, invalidating and logging out"
-      ), await P(Cr), "";
+      ), await C(Lr), "";
     }
-  }, ht = () => o.isAuthenticated && h ? h : "", pt = async () => {
-    const { user: u } = o;
-    let g = await $({
+  }, Et = () => s.isAuthenticated && h ? h : "", mt = async () => {
+    const { user: u } = s;
+    let g = await J({
       accessToken: l,
       clientId: r,
-      type: L.GET_REGISTRATION_OPTIONS,
+      type: W.GET_REGISTRATION_OPTIONS,
       params: {
         clientId: r,
         id: u?.userId,
@@ -1736,11 +1798,11 @@ const Yr = (e) => N(
     });
     if (g.status)
       try {
-        const d = await vt(g.data);
-        return g = await $({
+        const d = await Nt(g.data);
+        return g = await J({
           accessToken: l,
           clientId: r,
-          type: L.VERIFY_REGISTRATION,
+          type: W.VERIFY_REGISTRATION,
           params: {
             clientId: r,
             id: u?.userId,
@@ -1749,10 +1811,10 @@ const Yr = (e) => N(
           }
         }), !!(g.status && g.data.length > 0);
       } catch {
-        return await $({
+        return await J({
           accessToken: l,
           clientId: r,
-          type: L.VERIFY_REGISTRATION,
+          type: W.VERIFY_REGISTRATION,
           params: {
             clientId: r,
             id: u?.userId,
@@ -1762,15 +1824,15 @@ const Yr = (e) => N(
         }), !1;
       }
     return !1;
-  }, yt = async () => {
-    s({ type: J, payload: { isLoading: !0 } }), j();
-    const u = me();
-    Re(u), i("loginWithPasskey");
-    const g = me();
-    let d = await $({
+  }, wt = async () => {
+    o({ type: B, payload: { isLoading: !0 } }), Q();
+    const u = Se();
+    Ie(u), i("loginWithPasskey");
+    const g = Se();
+    let d = await J({
       accessToken: l,
       clientId: r,
-      type: L.GET_AUTHENTICATION_OPTIONS,
+      type: W.GET_AUTHENTICATION_OPTIONS,
       params: {
         id: g,
         clientId: r
@@ -1778,36 +1840,36 @@ const Yr = (e) => N(
     });
     if (d.status)
       try {
-        const C = await Pt(d.data);
-        return d = await $({
+        const N = await Ut(d.data);
+        return d = await J({
           accessToken: l,
           clientId: r,
-          type: L.VERIFY_AUTHENTICATION,
+          type: W.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
             id: g,
-            authentication: C,
+            authentication: N,
             nonce: u,
             domain: n,
             sessionExpiration: t,
             ua: navigator.userAgent
           }
-        }), d.data.status === V ? (y(d.data.idToken), A(d.data.accessToken), de(d.data.refreshToken), s({
-          type: re,
+        }), d.data.status === z ? (y(d.data.idToken), A(d.data.accessToken), fe(d.data.refreshToken), o({
+          type: se,
           payload: {
-            authenticationType: W.PASSKEY,
+            authenticationType: G.PASSKEY,
             user: {
               userId: d.data.userId,
               username: d.data.username,
               email: d.data.email
             }
           }
-        }), !0) : (x(we), !1);
+        }), !0) : (F(Ae), !1);
       } catch {
-        return await $({
+        return await J({
           accessToken: l,
           clientId: r,
-          type: L.VERIFY_AUTHENTICATION,
+          type: W.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
             id: g,
@@ -1816,29 +1878,29 @@ const Yr = (e) => N(
             domain: n,
             sessionExpiration: t
           }
-        }), x(we), !1;
+        }), F(Ae), !1;
       }
     return !1;
   };
-  return /* @__PURE__ */ be(xr.Provider, { value: { state: o, dispatch: s }, children: /* @__PURE__ */ be(
-    ot.Provider,
+  return /* @__PURE__ */ Oe(Br.Provider, { value: { state: s, dispatch: o }, children: /* @__PURE__ */ Oe(
+    dt.Provider,
     {
       value: {
-        ...o,
-        login: ut,
-        logout: lt,
-        getAccessToken: dt,
-        getIdToken: ht,
-        registeringForPasskey: pt,
-        loginWithPasskey: yt
+        ...s,
+        login: yt,
+        logout: ft,
+        getAccessToken: gt,
+        getIdToken: Et,
+        registeringForPasskey: mt,
+        loginWithPasskey: wt
       },
       children: e
     }
   ) });
-}, qr = (e = ot) => Rt(e);
+}, rn = (e = dt) => vt(e);
 export {
-  W as AUTH_TYPES,
-  Br as AuthProvider,
-  Fr as isGranted,
-  qr as useAuth
+  G as AUTH_TYPES,
+  tn as AuthProvider,
+  en as isGranted,
+  rn as useAuth
 };