npm - @versini/auth-provider - Versions diffs - 7.5.1 → 7.5.3 - Mend

@versini/auth-provider 7.5.1 → 7.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +536 -492
package/package.json +3 -3

package/dist/index.js CHANGED Viewed

@@ -1,16 +1,16 @@
 var yt = Object.defineProperty;
-var ht = (e, t, r) => t in e ? yt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var X = (e, t, r) => ht(e, typeof t != "symbol" ? t + "" : t, r);
-import { jsx as Re } from "react/jsx-runtime";
-import pt, { useSyncExternalStore as ft, useCallback as D, useEffect as De, createContext as Et, useReducer as mt, useRef as gt, useContext as wt } from "react";
+var pt = (e, t, r) => t in e ? yt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var X = (e, t, r) => pt(e, typeof t != "symbol" ? t + "" : t, r);
+import { jsx as _e } from "react/jsx-runtime";
+import ft, { useSyncExternalStore as Et, useCallback as D, useEffect as Ue, createContext as gt, useReducer as mt, useRef as wt, useContext as St } from "react";
 /*!
-  @versini/auth-provider v7.5.1
+  @versini/auth-provider v7.5.3
   © 2025 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "7.5.1",
-    buildTime: "04/02/2025 04:33 PM EDT",
+    version: "7.5.3",
+    buildTime: "04/02/2025 05:48 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -30,94 +30,119 @@ function se(e) {
   return s;
 }
 function me() {
-  return window?.PublicKeyCredential !== void 0 && typeof window.PublicKeyCredential == "function";
+  return At.stubThis(globalThis?.PublicKeyCredential !== void 0 && typeof globalThis.PublicKeyCredential == "function");
 }
-function Ue(e) {
+const At = {
+  stubThis: (e) => e
+};
+function He(e) {
   const { id: t } = e;
   return {
     ...e,
     id: se(t),
+    /**
+     * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
+     * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
+     * are fine to pass to WebAuthn since browsers will recognize the new value.
+     */
     transports: e.transports
   };
 }
-function He(e) {
-  return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
+function Le(e) {
+  return (
+    // Consider localhost valid as well since it's okay wrt Secure Contexts
+    e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)
+  );
 }
-class T extends Error {
+class b extends Error {
   constructor({ message: t, code: r, cause: a, name: n }) {
-    super(t, { cause: a }), this.name = n ?? a.name, this.code = r;
+    super(t, { cause: a }), Object.defineProperty(this, "code", {
+      enumerable: !0,
+      configurable: !0,
+      writable: !0,
+      value: void 0
+    }), this.name = n ?? a.name, this.code = r;
   }
 }
-function St({ error: e, options: t }) {
+function Tt({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
   if (e.name === "AbortError") {
     if (t.signal instanceof AbortSignal)
-      return new T({
+      return new b({
         message: "Registration ceremony was sent an abort signal",
         code: "ERROR_CEREMONY_ABORTED",
         cause: e
       });
   } else if (e.name === "ConstraintError") {
     if (r.authenticatorSelection?.requireResidentKey === !0)
-      return new T({
+      return new b({
         message: "Discoverable credentials were required but no available authenticator supported it",
         code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
         cause: e
       });
+    if (
+      // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+      t.mediation === "conditional" && r.authenticatorSelection?.userVerification === "required"
+    )
+      return new b({
+        message: "User verification was required during automatic registration but it could not be performed",
+        code: "ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",
+        cause: e
+      });
     if (r.authenticatorSelection?.userVerification === "required")
-      return new T({
+      return new b({
         message: "User verification was required but no available authenticator supported it",
         code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
         cause: e
       });
   } else {
     if (e.name === "InvalidStateError")
-      return new T({
+      return new b({
         message: "The authenticator was previously registered",
         code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
         cause: e
       });
     if (e.name === "NotAllowedError")
-      return new T({
+      return new b({
         message: e.message,
         code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
         cause: e
       });
     if (e.name === "NotSupportedError")
-      return r.pubKeyCredParams.filter((n) => n.type === "public-key").length === 0 ? new T({
+      return r.pubKeyCredParams.filter((n) => n.type === "public-key").length === 0 ? new b({
         message: 'No entry in pubKeyCredParams was of type "public-key"',
         code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
         cause: e
-      }) : new T({
+      }) : new b({
         message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
         code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
         cause: e
       });
     if (e.name === "SecurityError") {
-      const a = window.location.hostname;
-      if (He(a)) {
+      const a = globalThis.location.hostname;
+      if (Le(a)) {
         if (r.rp.id !== a)
-          return new T({
+          return new b({
             message: `The RP ID "${r.rp.id}" is invalid for this domain`,
             code: "ERROR_INVALID_RP_ID",
             cause: e
           });
-      } else return new T({
-        message: `${window.location.hostname} is an invalid domain`,
+      } else return new b({
+        message: `${globalThis.location.hostname} is an invalid domain`,
         code: "ERROR_INVALID_DOMAIN",
         cause: e
       });
     } else if (e.name === "TypeError") {
       if (r.user.id.byteLength < 1 || r.user.id.byteLength > 64)
-        return new T({
+        return new b({
           message: "User ID was not between 1 and 64 characters",
           code: "ERROR_INVALID_USER_ID_LENGTH",
           cause: e
         });
     } else if (e.name === "UnknownError")
-      return new T({
+      return new b({
         message: "The authenticator was unable to process the specified options, or could not create a new credential",
         code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
         cause: e
@@ -125,7 +150,15 @@ function St({ error: e, options: t }) {
   }
   return e;
 }
-class At {
+class bt {
+  constructor() {
+    Object.defineProperty(this, "controller", {
+      enumerable: !0,
+      configurable: !0,
+      writable: !0,
+      value: void 0
+    });
+  }
   createNewAbortSignal() {
     if (this.controller) {
       const r = new Error("Cancelling existing WebAuthn API call for new one");
@@ -141,117 +174,122 @@ class At {
     }
   }
 }
-const Le = new At(), Tt = ["cross-platform", "platform"];
-function $e(e) {
-  if (e && !(Tt.indexOf(e) < 0))
+const $e = new bt(), Rt = ["cross-platform", "platform"];
+function We(e) {
+  if (e && !(Rt.indexOf(e) < 0))
     return e;
 }
-async function bt(e) {
+async function _t(e) {
+  !e.optionsJSON && e.challenge && (console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."), e = { optionsJSON: e });
+  const { optionsJSON: t, useAutoRegister: r = !1 } = e;
   if (!me())
     throw new Error("WebAuthn is not supported in this browser");
-  const r = { publicKey: {
-    ...e,
-    challenge: se(e.challenge),
+  const a = {
+    ...t,
+    challenge: se(t.challenge),
     user: {
-      ...e.user,
-      id: se(e.user.id)
+      ...t.user,
+      id: se(t.user.id)
     },
-    excludeCredentials: e.excludeCredentials?.map(Ue)
-  } };
-  r.signal = Le.createNewAbortSignal();
-  let a;
+    excludeCredentials: t.excludeCredentials?.map(He)
+  }, n = {};
+  r && (n.mediation = "conditional"), n.publicKey = a, n.signal = $e.createNewAbortSignal();
+  let s;
   try {
-    a = await navigator.credentials.create(r);
+    s = await navigator.credentials.create(n);
   } catch (h) {
-    throw St({ error: h, options: r });
+    throw Tt({ error: h, options: n });
   }
-  if (!a)
+  if (!s)
     throw new Error("Registration was not completed");
-  const { id: n, rawId: s, response: o, type: i } = a;
-  let c;
-  typeof o.getTransports == "function" && (c = o.getTransports());
-  let f;
-  if (typeof o.getPublicKeyAlgorithm == "function")
+  const { id: o, rawId: i, response: c, type: m } = s;
+  let d;
+  typeof c.getTransports == "function" && (d = c.getTransports());
+  let p;
+  if (typeof c.getPublicKeyAlgorithm == "function")
     try {
-      f = o.getPublicKeyAlgorithm();
+      p = c.getPublicKeyAlgorithm();
     } catch (h) {
       ue("getPublicKeyAlgorithm()", h);
     }
-  let y;
-  if (typeof o.getPublicKey == "function")
+  let E;
+  if (typeof c.getPublicKey == "function")
     try {
-      const h = o.getPublicKey();
-      h !== null && (y = I(h));
+      const h = c.getPublicKey();
+      h !== null && (E = I(h));
     } catch (h) {
       ue("getPublicKey()", h);
     }
-  let d;
-  if (typeof o.getAuthenticatorData == "function")
+  let y;
+  if (typeof c.getAuthenticatorData == "function")
     try {
-      d = I(o.getAuthenticatorData());
+      y = I(c.getAuthenticatorData());
     } catch (h) {
       ue("getAuthenticatorData()", h);
     }
   return {
-    id: n,
-    rawId: I(s),
+    id: o,
+    rawId: I(i),
     response: {
-      attestationObject: I(o.attestationObject),
-      clientDataJSON: I(o.clientDataJSON),
-      transports: c,
-      publicKeyAlgorithm: f,
-      publicKey: y,
-      authenticatorData: d
+      attestationObject: I(c.attestationObject),
+      clientDataJSON: I(c.clientDataJSON),
+      transports: d,
+      publicKeyAlgorithm: p,
+      publicKey: E,
+      authenticatorData: y
     },
-    type: i,
-    clientExtensionResults: a.getClientExtensionResults(),
-    authenticatorAttachment: $e(a.authenticatorAttachment)
+    type: m,
+    clientExtensionResults: s.getClientExtensionResults(),
+    authenticatorAttachment: We(s.authenticatorAttachment)
   };
 }
 function ue(e, t) {
   console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
 `, t);
 }
-function Rt() {
+function It() {
   if (!me())
-    return new Promise((t) => t(!1));
-  const e = window.PublicKeyCredential;
-  return e.isConditionalMediationAvailable === void 0 ? new Promise((t) => t(!1)) : e.isConditionalMediationAvailable();
+    return le.stubThis(new Promise((t) => t(!1)));
+  const e = globalThis.PublicKeyCredential;
+  return e?.isConditionalMediationAvailable === void 0 ? le.stubThis(new Promise((t) => t(!1))) : le.stubThis(e.isConditionalMediationAvailable());
 }
-function _t({ error: e, options: t }) {
+const le = {
+  stubThis: (e) => e
+};
+function Ot({ error: e, options: t }) {
   const { publicKey: r } = t;
   if (!r)
     throw Error("options was missing required publicKey property");
   if (e.name === "AbortError") {
     if (t.signal instanceof AbortSignal)
-      return new T({
+      return new b({
         message: "Authentication ceremony was sent an abort signal",
         code: "ERROR_CEREMONY_ABORTED",
         cause: e
       });
   } else {
     if (e.name === "NotAllowedError")
-      return new T({
+      return new b({
         message: e.message,
         code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
         cause: e
       });
     if (e.name === "SecurityError") {
-      const a = window.location.hostname;
-      if (He(a)) {
+      const a = globalThis.location.hostname;
+      if (Le(a)) {
         if (r.rpId !== a)
-          return new T({
+          return new b({
             message: `The RP ID "${r.rpId}" is invalid for this domain`,
             code: "ERROR_INVALID_RP_ID",
             cause: e
           });
-      } else return new T({
-        message: `${window.location.hostname} is an invalid domain`,
+      } else return new b({
+        message: `${globalThis.location.hostname} is an invalid domain`,
         code: "ERROR_INVALID_DOMAIN",
         cause: e
       });
     } else if (e.name === "UnknownError")
-      return new T({
+      return new b({
         message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
         code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
         cause: e
@@ -259,49 +297,51 @@ function _t({ error: e, options: t }) {
   }
   return e;
 }
-async function It(e, t = !1) {
+async function vt(e) {
+  !e.optionsJSON && e.challenge && (console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."), e = { optionsJSON: e });
+  const { optionsJSON: t, useBrowserAutofill: r = !1, verifyBrowserAutofillInput: a = !0 } = e;
   if (!me())
     throw new Error("WebAuthn is not supported in this browser");
-  let r;
-  e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(Ue));
-  const a = {
-    ...e,
-    challenge: se(e.challenge),
-    allowCredentials: r
-  }, n = {};
-  if (t) {
-    if (!await Rt())
+  let n;
+  t.allowCredentials?.length !== 0 && (n = t.allowCredentials?.map(He));
+  const s = {
+    ...t,
+    challenge: se(t.challenge),
+    allowCredentials: n
+  }, o = {};
+  if (r) {
+    if (!await It())
       throw Error("Browser does not support WebAuthn autofill");
-    if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1)
+    if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1 && a)
       throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
-    n.mediation = "conditional", a.allowCredentials = [];
+    o.mediation = "conditional", s.allowCredentials = [];
   }
-  n.publicKey = a, n.signal = Le.createNewAbortSignal();
-  let s;
+  o.publicKey = s, o.signal = $e.createNewAbortSignal();
+  let i;
   try {
-    s = await navigator.credentials.get(n);
-  } catch (d) {
-    throw _t({ error: d, options: n });
+    i = await navigator.credentials.get(o);
+  } catch (y) {
+    throw Ot({ error: y, options: o });
   }
-  if (!s)
+  if (!i)
     throw new Error("Authentication was not completed");
-  const { id: o, rawId: i, response: c, type: f } = s;
-  let y;
-  return c.userHandle && (y = I(c.userHandle)), {
-    id: o,
-    rawId: I(i),
+  const { id: c, rawId: m, response: d, type: p } = i;
+  let E;
+  return d.userHandle && (E = I(d.userHandle)), {
+    id: c,
+    rawId: I(m),
     response: {
-      authenticatorData: I(c.authenticatorData),
-      clientDataJSON: I(c.clientDataJSON),
-      signature: I(c.signature),
-      userHandle: y
+      authenticatorData: I(d.authenticatorData),
+      clientDataJSON: I(d.clientDataJSON),
+      signature: I(d.signature),
+      userHandle: E
     },
-    type: f,
-    clientExtensionResults: s.getClientExtensionResults(),
-    authenticatorAttachment: $e(s.authenticatorAttachment)
+    type: p,
+    clientExtensionResults: i.getClientExtensionResults(),
+    authenticatorAttachment: We(i.authenticatorAttachment)
   };
 }
-var vt = Object.defineProperty, kt = (e, t, r) => t in e ? vt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r, p = (e, t, r) => kt(e, typeof t != "symbol" ? t + "" : t, r);
+var kt = Object.defineProperty, Ct = (e, t, r) => t in e ? kt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r, f = (e, t, r) => Ct(e, typeof t != "symbol" ? t + "" : t, r);
 /*!
   @versini/auth-common v4.2.1
   © 2025 gizmette.com
@@ -309,7 +349,7 @@ var vt = Object.defineProperty, kt = (e, t, r) => t in e ? vt(e, t, { enumerable
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
     version: "4.2.1",
-    buildTime: "04/02/2025 04:33 PM EDT",
+    buildTime: "04/02/2025 05:48 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -322,9 +362,9 @@ const x = {
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, We = {
+}, Je = {
   CLIENT_ID: "X-Auth-ClientId"
-}, m = {
+}, g = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   USERNAME_KEY: "username",
@@ -337,7 +377,7 @@ const x = {
   SCOPES_KEY: "scopes",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, Ot = `-----BEGIN PUBLIC KEY-----
+}, Pt = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -351,14 +391,14 @@ awIDAQAB
   LOGIN: "login",
   REFRESH: "refresh"
 }, Z = new TextEncoder(), G = new TextDecoder();
-function Ct(...e) {
+function Nt(...e) {
   const t = e.reduce((n, { length: s }) => n + s, 0), r = new Uint8Array(t);
   let a = 0;
   for (const n of e)
     r.set(n, a), a += n.length;
   return r;
 }
-function Pt(e) {
+function Kt(e) {
   if (Uint8Array.fromBase64)
     return Uint8Array.fromBase64(e);
   const t = atob(e), r = new Uint8Array(t.length);
@@ -374,7 +414,7 @@ function F(e) {
   let t = e;
   t instanceof Uint8Array && (t = G.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return Pt(t);
+    return Kt(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -382,62 +422,62 @@ function F(e) {
 class P extends Error {
   constructor(t, r) {
     var a;
-    super(t, r), p(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
+    super(t, r), f(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
   }
 }
-p(P, "code", "ERR_JOSE_GENERIC");
+f(P, "code", "ERR_JOSE_GENERIC");
 class R extends P {
   constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), p(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), p(this, "claim"), p(this, "reason"), p(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
+    super(t, { cause: { claim: a, reason: n, payload: r } }), f(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), f(this, "claim"), f(this, "reason"), f(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
   }
 }
-p(R, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
-class fe extends P {
+f(R, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
+class Ee extends P {
   constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), p(this, "code", "ERR_JWT_EXPIRED"), p(this, "claim"), p(this, "reason"), p(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
+    super(t, { cause: { claim: a, reason: n, payload: r } }), f(this, "code", "ERR_JWT_EXPIRED"), f(this, "claim"), f(this, "reason"), f(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
   }
 }
-p(fe, "code", "ERR_JWT_EXPIRED");
-class Je extends P {
+f(Ee, "code", "ERR_JWT_EXPIRED");
+class Ye extends P {
   constructor() {
-    super(...arguments), p(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+    super(...arguments), f(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
   }
 }
-p(Je, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-let O = class extends P {
+f(Ye, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+let k = class extends P {
   constructor() {
-    super(...arguments), p(this, "code", "ERR_JOSE_NOT_SUPPORTED");
+    super(...arguments), f(this, "code", "ERR_JOSE_NOT_SUPPORTED");
   }
 };
-p(O, "code", "ERR_JOSE_NOT_SUPPORTED");
-class g extends P {
+f(k, "code", "ERR_JOSE_NOT_SUPPORTED");
+class w extends P {
   constructor() {
-    super(...arguments), p(this, "code", "ERR_JWS_INVALID");
+    super(...arguments), f(this, "code", "ERR_JWS_INVALID");
   }
 }
-p(g, "code", "ERR_JWS_INVALID");
+f(w, "code", "ERR_JWS_INVALID");
 class _ extends P {
   constructor() {
-    super(...arguments), p(this, "code", "ERR_JWT_INVALID");
+    super(...arguments), f(this, "code", "ERR_JWT_INVALID");
   }
 }
-p(_, "code", "ERR_JWT_INVALID");
-class Ye extends P {
+f(_, "code", "ERR_JWT_INVALID");
+class xe extends P {
   constructor(t = "signature verification failed", r) {
-    super(t, r), p(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+    super(t, r), f(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
   }
 }
-p(Ye, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-function k(e, t = "algorithm.name") {
+f(xe, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+function v(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
 function V(e, t) {
   return e.name === t;
 }
-function le(e) {
+function de(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function Kt(e) {
+function Dt(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -449,64 +489,64 @@ function Kt(e) {
       throw new Error("unreachable");
   }
 }
-function Nt(e, t) {
+function Ut(e, t) {
   if (!e.usages.includes(t))
     throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
 }
-function Dt(e, t, r) {
+function Ht(e, t, r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
       if (!V(e.algorithm, "HMAC"))
-        throw k("HMAC");
+        throw v("HMAC");
       const a = parseInt(t.slice(2), 10);
-      if (le(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (de(e.algorithm.hash) !== a)
+        throw v(`SHA-${a}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
       if (!V(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw k("RSASSA-PKCS1-v1_5");
+        throw v("RSASSA-PKCS1-v1_5");
       const a = parseInt(t.slice(2), 10);
-      if (le(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (de(e.algorithm.hash) !== a)
+        throw v(`SHA-${a}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
       if (!V(e.algorithm, "RSA-PSS"))
-        throw k("RSA-PSS");
+        throw v("RSA-PSS");
       const a = parseInt(t.slice(2), 10);
-      if (le(e.algorithm.hash) !== a)
-        throw k(`SHA-${a}`, "algorithm.hash");
+      if (de(e.algorithm.hash) !== a)
+        throw v(`SHA-${a}`, "algorithm.hash");
       break;
     }
     case "Ed25519":
     case "EdDSA": {
       if (!V(e.algorithm, "Ed25519"))
-        throw k("Ed25519");
+        throw v("Ed25519");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
       if (!V(e.algorithm, "ECDSA"))
-        throw k("ECDSA");
-      const a = Kt(t);
+        throw v("ECDSA");
+      const a = Dt(t);
       if (e.algorithm.namedCurve !== a)
-        throw k(a, "algorithm.namedCurve");
+        throw v(a, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  Nt(e, r);
+  Ut(e, r);
 }
-function xe(e, t, ...r) {
+function Ge(e, t, ...r) {
   var a;
   if (r = r.filter(Boolean), r.length > 2) {
     const n = r.pop();
@@ -514,17 +554,17 @@ function xe(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (a = t.constructor) != null && a.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const Ut = (e, ...t) => xe("Key must be ", e, ...t);
-function Ge(e, t, ...r) {
-  return xe(`Key for the ${e} algorithm must be `, t, ...r);
+const Lt = (e, ...t) => Ge("Key must be ", e, ...t);
+function Me(e, t, ...r) {
+  return Ge(`Key for the ${e} algorithm must be `, t, ...r);
 }
-function Me(e) {
+function je(e) {
   return e?.[Symbol.toStringTag] === "CryptoKey";
 }
-function je(e) {
+function Ve(e) {
   return e?.[Symbol.toStringTag] === "KeyObject";
 }
-const Ve = (e) => Me(e) || je(e), Ht = (...e) => {
+const Be = (e) => je(e) || Ve(e), $t = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -543,11 +583,11 @@ const Ve = (e) => Me(e) || je(e), Ht = (...e) => {
   }
   return !0;
 };
-function Lt(e) {
+function Wt(e) {
   return typeof e == "object" && e !== null;
 }
 const q = (e) => {
-  if (!Lt(e) || Object.prototype.toString.call(e) !== "[object Object]")
+  if (!Wt(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -555,7 +595,7 @@ const q = (e) => {
   for (; Object.getPrototypeOf(t) !== null; )
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
-}, $t = (e, t) => {
+}, Jt = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
@@ -568,7 +608,7 @@ const q = (e) => {
     return !1;
   const n = e.subarray(a, a + t.length);
   return n.length !== t.length ? !1 : n.every((s, o) => s === t[o]) || ae(e, t, a + 1);
-}, Wt = (e) => {
+}, Yt = (e) => {
   switch (!0) {
     case ae(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -579,7 +619,7 @@ const q = (e) => {
     default:
       return;
   }
-}, Jt = async (e, t, r, a, n) => {
+}, xt = async (e, t, r, a, n) => {
   let s, o;
   const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (a) {
@@ -615,7 +655,7 @@ const q = (e) => {
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = Wt(i);
+      const c = Yt(i);
       s = c != null && c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: "X25519" }, o = [];
       break;
     }
@@ -624,11 +664,11 @@ const q = (e) => {
       s = { name: "Ed25519" }, o = ["verify"];
       break;
     default:
-      throw new O('Invalid or unsupported "alg" (Algorithm) value');
+      throw new k('Invalid or unsupported "alg" (Algorithm) value');
   }
   return crypto.subtle.importKey(t, i, s, !0, o);
-}, Yt = (e, t, r) => Jt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-function xt(e) {
+}, Gt = (e, t, r) => xt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+function Mt(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -653,7 +693,7 @@ function xt(e) {
           }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
-          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -675,7 +715,7 @@ function xt(e) {
           t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -692,27 +732,27 @@ function xt(e) {
           t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
     default:
-      throw new O('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+      throw new k('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
   return { algorithm: t, keyUsages: r };
 }
-const Gt = async (e) => {
+const jt = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = xt(e), a = { ...e };
+  const { algorithm: t, keyUsages: r } = Mt(e), a = { ...e };
   return delete a.alg, delete a.use, crypto.subtle.importKey("jwk", a, t, e.ext ?? !e.d, e.key_ops ?? r);
 };
-async function Mt(e, t, r) {
+async function Vt(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Yt(e, t);
+  return Gt(e, t);
 }
-const jt = (e, t, r, a, n) => {
+const Bt = (e, t, r, a, n) => {
   if (n.crit !== void 0 && a?.crit === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!a || a.crit === void 0)
@@ -723,40 +763,40 @@ const jt = (e, t, r, a, n) => {
   r !== void 0 ? s = new Map([...Object.entries(r), ...t.entries()]) : s = t;
   for (const o of a.crit) {
     if (!s.has(o))
-      throw new O(`Extension Header Parameter "${o}" is not recognized`);
+      throw new k(`Extension Header Parameter "${o}" is not recognized`);
     if (n[o] === void 0)
       throw new e(`Extension Header Parameter "${o}" is missing`);
     if (s.get(o) && a[o] === void 0)
       throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
   }
   return new Set(a.crit);
-}, Vt = (e, t) => {
+}, Ft = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function ge(e) {
+function we(e) {
   return q(e) && typeof e.kty == "string";
 }
-function Bt(e) {
+function qt(e) {
   return e.kty !== "oct" && typeof e.d == "string";
 }
-function Ft(e) {
+function zt(e) {
   return e.kty !== "oct" && typeof e.d > "u";
 }
-function qt(e) {
+function Qt(e) {
   return e.kty === "oct" && typeof e.k == "string";
 }
 let C;
-const _e = async (e, t, r, a = !1) => {
+const Ie = async (e, t, r, a = !1) => {
   C || (C = /* @__PURE__ */ new WeakMap());
   let n = C.get(e);
   if (n != null && n[r])
     return n[r];
-  const s = await Gt({ ...t, alg: r });
+  const s = await jt({ ...t, alg: r });
   return a && Object.freeze(e), n ? n[r] = s : C.set(e, { [r]: s }), s;
-}, zt = (e, t) => {
+}, Xt = (e, t) => {
   var r;
   C || (C = /* @__PURE__ */ new WeakMap());
   let a = C.get(e);
@@ -842,26 +882,26 @@ const _e = async (e, t, r, a = !1) => {
   if (!o)
     throw new TypeError("given KeyObject instance cannot be used for this algorithm");
   return a ? a[t] = o : C.set(e, { [t]: o }), o;
-}, Qt = async (e, t) => {
-  if (e instanceof Uint8Array || Me(e))
+}, Zt = async (e, t) => {
+  if (e instanceof Uint8Array || je(e))
     return e;
-  if (je(e)) {
+  if (Ve(e)) {
     if (e.type === "secret")
       return e.export();
     if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
       try {
-        return zt(e, t);
+        return Xt(e, t);
       } catch (a) {
         if (a instanceof TypeError)
           throw a;
       }
     let r = e.export({ format: "jwk" });
-    return _e(e, r, t);
+    return Ie(e, r, t);
   }
-  if (ge(e))
-    return e.k ? F(e.k) : _e(e, e, t, !0);
+  if (we(e))
+    return e.k ? F(e.k) : Ie(e, e, t, !0);
   throw new Error("unreachable");
-}, Y = (e) => e?.[Symbol.toStringTag], Ee = (e, t, r) => {
+}, Y = (e) => e?.[Symbol.toStringTag], ge = (e, t, r) => {
   var a, n;
   if (t.use !== void 0) {
     let s;
@@ -905,34 +945,34 @@ const _e = async (e, t, r, a = !1) => {
       throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${s}" when present`);
   }
   return !0;
-}, Xt = (e, t, r) => {
+}, er = (e, t, r) => {
   if (!(t instanceof Uint8Array)) {
-    if (ge(t)) {
-      if (qt(t) && Ee(e, t, r))
+    if (we(t)) {
+      if (Qt(t) && ge(e, t, r))
         return;
       throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
     }
-    if (!Ve(t))
-      throw new TypeError(Ge(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+    if (!Be(t))
+      throw new TypeError(Me(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${Y(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Zt = (e, t, r) => {
-  if (ge(t))
+}, tr = (e, t, r) => {
+  if (we(t))
     switch (r) {
       case "decrypt":
       case "sign":
-        if (Bt(t) && Ee(e, t, r))
+        if (qt(t) && ge(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a private JWK");
       case "encrypt":
       case "verify":
-        if (Ft(t) && Ee(e, t, r))
+        if (zt(t) && ge(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a public JWK");
     }
-  if (!Ve(t))
-    throw new TypeError(Ge(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
+  if (!Be(t))
+    throw new TypeError(Me(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
   if (t.type === "secret")
     throw new TypeError(`${Y(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.type === "public")
@@ -949,9 +989,9 @@ const _e = async (e, t, r, a = !1) => {
       case "encrypt":
         throw new TypeError(`${Y(t)} instances for asymmetric algorithm encryption must be of type "public"`);
     }
-}, er = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? Xt(e, t, r) : Zt(e, t, r);
-}, tr = (e, t) => {
+}, rr = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? er(e, t, r) : tr(e, t, r);
+}, ar = (e, t) => {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -974,100 +1014,100 @@ const _e = async (e, t, r, a = !1) => {
     case "EdDSA":
       return { name: "Ed25519" };
     default:
-      throw new O(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
-}, rr = async (e, t, r) => {
+}, nr = async (e, t, r) => {
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(Ut(t, "CryptoKey", "KeyObject", "JSON Web Key"));
+      throw new TypeError(Lt(t, "CryptoKey", "KeyObject", "JSON Web Key"));
     return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  return Dt(t, e, r), t;
-}, ar = async (e, t, r, a) => {
-  const n = await rr(e, t, "verify");
-  $t(e, n);
-  const s = tr(e, n.algorithm);
+  return Ht(t, e, r), t;
+}, sr = async (e, t, r, a) => {
+  const n = await nr(e, t, "verify");
+  Jt(e, n);
+  const s = ar(e, n.algorithm);
   try {
     return await crypto.subtle.verify(s, n, r, a);
   } catch {
     return !1;
   }
 };
-async function nr(e, t, r) {
+async function or(e, t, r) {
   if (!q(e))
-    throw new g("Flattened JWS must be an object");
+    throw new w("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new g('Flattened JWS must have either of the "protected" or "header" members');
+    throw new w('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new g("JWS Protected Header incorrect type");
+    throw new w("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new g("JWS Payload missing");
+    throw new w("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new g("JWS Signature missing or incorrect type");
+    throw new w("JWS Signature missing or incorrect type");
   if (e.header !== void 0 && !q(e.header))
-    throw new g("JWS Unprotected Header incorrect type");
+    throw new w("JWS Unprotected Header incorrect type");
   let a = {};
   if (e.protected)
     try {
       const U = F(e.protected);
       a = JSON.parse(G.decode(U));
     } catch {
-      throw new g("JWS Protected Header is invalid");
+      throw new w("JWS Protected Header is invalid");
     }
-  if (!Ht(a, e.header))
-    throw new g("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  if (!$t(a, e.header))
+    throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const n = {
     ...a,
     ...e.header
-  }, s = jt(g, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, a, n);
+  }, s = Bt(w, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, a, n);
   let o = !0;
   if (s.has("b64") && (o = a.b64, typeof o != "boolean"))
-    throw new g('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+    throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: i } = n;
   if (typeof i != "string" || !i)
-    throw new g('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = r && Vt("algorithms", r.algorithms);
+    throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const c = r && Ft("algorithms", r.algorithms);
   if (c && !c.has(i))
-    throw new Je('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new Ye('"alg" (Algorithm) Header Parameter value not allowed');
   if (o) {
     if (typeof e.payload != "string")
-      throw new g("JWS Payload must be a string");
+      throw new w("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new g("JWS Payload must be a string or an Uint8Array instance");
-  let f = !1;
-  typeof t == "function" && (t = await t(a, e), f = !0), er(i, t, "verify");
-  const y = Ct(Z.encode(e.protected ?? ""), Z.encode("."), typeof e.payload == "string" ? Z.encode(e.payload) : e.payload);
-  let d;
+    throw new w("JWS Payload must be a string or an Uint8Array instance");
+  let m = !1;
+  typeof t == "function" && (t = await t(a, e), m = !0), rr(i, t, "verify");
+  const d = Nt(Z.encode(e.protected ?? ""), Z.encode("."), typeof e.payload == "string" ? Z.encode(e.payload) : e.payload);
+  let p;
   try {
-    d = F(e.signature);
+    p = F(e.signature);
   } catch {
-    throw new g("Failed to base64url decode the signature");
+    throw new w("Failed to base64url decode the signature");
   }
-  const h = await Qt(t, i);
-  if (!await ar(i, h, d, y))
-    throw new Ye();
-  let E;
+  const E = await Zt(t, i);
+  if (!await sr(i, E, p, d))
+    throw new xe();
+  let y;
   if (o)
     try {
-      E = F(e.payload);
+      y = F(e.payload);
     } catch {
-      throw new g("Failed to base64url decode the payload");
+      throw new w("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? E = Z.encode(e.payload) : E = e.payload;
-  const b = { payload: E };
-  return e.protected !== void 0 && (b.protectedHeader = a), e.header !== void 0 && (b.unprotectedHeader = e.header), f ? { ...b, key: h } : b;
+  else typeof e.payload == "string" ? y = Z.encode(e.payload) : y = e.payload;
+  const h = { payload: y };
+  return e.protected !== void 0 && (h.protectedHeader = a), e.header !== void 0 && (h.unprotectedHeader = e.header), m ? { ...h, key: E } : h;
 }
-async function sr(e, t, r) {
+async function ir(e, t, r) {
   if (e instanceof Uint8Array && (e = G.decode(e)), typeof e != "string")
-    throw new g("Compact JWS must be a string or Uint8Array");
+    throw new w("Compact JWS must be a string or Uint8Array");
   const { 0: a, 1: n, 2: s, length: o } = e.split(".");
   if (o !== 3)
-    throw new g("Invalid Compact JWS");
-  const i = await nr({ payload: n, protected: a, signature: s }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+    throw new w("Invalid Compact JWS");
+  const i = await or({ payload: n, protected: a, signature: s }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const or = (e) => Math.floor(e.getTime() / 1e3), Be = 60, Fe = Be * 60, we = Fe * 24, ir = we * 7, cr = we * 365.25, ur = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Ie = (e) => {
-  const t = ur.exec(e);
+const cr = (e) => Math.floor(e.getTime() / 1e3), Fe = 60, qe = Fe * 60, Se = qe * 24, ur = Se * 7, lr = Se * 365.25, dr = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Oe = (e) => {
+  const t = dr.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), a = t[3].toLowerCase();
@@ -1085,32 +1125,32 @@ const or = (e) => Math.floor(e.getTime() / 1e3), Be = 60, Fe = Be * 60, we = Fe
     case "min":
     case "mins":
     case "m":
-      n = Math.round(r * Be);
+      n = Math.round(r * Fe);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      n = Math.round(r * Fe);
+      n = Math.round(r * qe);
       break;
     case "day":
     case "days":
     case "d":
-      n = Math.round(r * we);
+      n = Math.round(r * Se);
       break;
     case "week":
     case "weeks":
     case "w":
-      n = Math.round(r * ir);
+      n = Math.round(r * ur);
       break;
     default:
-      n = Math.round(r * cr);
+      n = Math.round(r * lr);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, ve = (e) => e.toLowerCase().replace(/^application\//, ""), lr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function dr(e, t, r = {}) {
+}, ve = (e) => e.toLowerCase().replace(/^application\//, ""), hr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
+function yr(e, t, r = {}) {
   let a;
   try {
     a = JSON.parse(G.decode(t));
@@ -1121,64 +1161,64 @@ function dr(e, t, r = {}) {
   const { typ: n } = r;
   if (n && (typeof e.typ != "string" || ve(e.typ) !== ve(n)))
     throw new R('unexpected "typ" JWT header value', a, "typ", "check_failed");
-  const { requiredClaims: s = [], issuer: o, subject: i, audience: c, maxTokenAge: f } = r, y = [...s];
-  f !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), o !== void 0 && y.push("iss");
-  for (const b of new Set(y.reverse()))
-    if (!(b in a))
-      throw new R(`missing required "${b}" claim`, a, b, "missing");
+  const { requiredClaims: s = [], issuer: o, subject: i, audience: c, maxTokenAge: m } = r, d = [...s];
+  m !== void 0 && d.push("iat"), c !== void 0 && d.push("aud"), i !== void 0 && d.push("sub"), o !== void 0 && d.push("iss");
+  for (const h of new Set(d.reverse()))
+    if (!(h in a))
+      throw new R(`missing required "${h}" claim`, a, h, "missing");
   if (o && !(Array.isArray(o) ? o : [o]).includes(a.iss))
     throw new R('unexpected "iss" claim value', a, "iss", "check_failed");
   if (i && a.sub !== i)
     throw new R('unexpected "sub" claim value', a, "sub", "check_failed");
-  if (c && !lr(a.aud, typeof c == "string" ? [c] : c))
+  if (c && !hr(a.aud, typeof c == "string" ? [c] : c))
     throw new R('unexpected "aud" claim value', a, "aud", "check_failed");
-  let d;
+  let p;
   switch (typeof r.clockTolerance) {
     case "string":
-      d = Ie(r.clockTolerance);
+      p = Oe(r.clockTolerance);
       break;
     case "number":
-      d = r.clockTolerance;
+      p = r.clockTolerance;
       break;
     case "undefined":
-      d = 0;
+      p = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: h } = r, E = or(h || /* @__PURE__ */ new Date());
-  if ((a.iat !== void 0 || f) && typeof a.iat != "number")
+  const { currentDate: E } = r, y = cr(E || /* @__PURE__ */ new Date());
+  if ((a.iat !== void 0 || m) && typeof a.iat != "number")
     throw new R('"iat" claim must be a number', a, "iat", "invalid");
   if (a.nbf !== void 0) {
     if (typeof a.nbf != "number")
       throw new R('"nbf" claim must be a number', a, "nbf", "invalid");
-    if (a.nbf > E + d)
+    if (a.nbf > y + p)
       throw new R('"nbf" claim timestamp check failed', a, "nbf", "check_failed");
   }
   if (a.exp !== void 0) {
     if (typeof a.exp != "number")
       throw new R('"exp" claim must be a number', a, "exp", "invalid");
-    if (a.exp <= E - d)
-      throw new fe('"exp" claim timestamp check failed', a, "exp", "check_failed");
+    if (a.exp <= y - p)
+      throw new Ee('"exp" claim timestamp check failed', a, "exp", "check_failed");
   }
-  if (f) {
-    const b = E - a.iat, U = typeof f == "number" ? f : Ie(f);
-    if (b - d > U)
-      throw new fe('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
-    if (b < 0 - d)
+  if (m) {
+    const h = y - a.iat, U = typeof m == "number" ? m : Oe(m);
+    if (h - p > U)
+      throw new Ee('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
+    if (h < 0 - p)
       throw new R('"iat" claim timestamp check failed (it should be in the past)', a, "iat", "check_failed");
   }
   return a;
 }
-async function yr(e, t, r) {
+async function pr(e, t, r) {
   var a;
-  const n = await sr(e, t, r);
+  const n = await ir(e, t, r);
   if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
     throw new _("JWTs MUST NOT use unencoded payload");
-  const s = { payload: dr(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  const s = { payload: yr(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...s, key: n.key } : s;
 }
-function hr(e) {
+function fr(e) {
   if (typeof e != "string")
     throw new _("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -1206,94 +1246,94 @@ function hr(e) {
 }
 const M = async (e) => {
   try {
-    const t = m.ALG, r = await Mt(Ot, t);
-    return await yr(e, r, {
-      issuer: m.ISSUER
+    const t = g.ALG, r = await Vt(Pt, t);
+    return await pr(e, r, {
+      issuer: g.ISSUER
     });
   } catch {
     return;
   }
-}, pr = (e) => {
+}, Er = (e) => {
   try {
-    return hr(e);
+    return fr(e);
   } catch {
     return;
   }
-}, S = [];
+}, A = [];
 for (let e = 0; e < 256; ++e)
-  S.push((e + 256).toString(16).slice(1));
-function fr(e, t = 0) {
-  return (S[e[t + 0]] + S[e[t + 1]] + S[e[t + 2]] + S[e[t + 3]] + "-" + S[e[t + 4]] + S[e[t + 5]] + "-" + S[e[t + 6]] + S[e[t + 7]] + "-" + S[e[t + 8]] + S[e[t + 9]] + "-" + S[e[t + 10]] + S[e[t + 11]] + S[e[t + 12]] + S[e[t + 13]] + S[e[t + 14]] + S[e[t + 15]]).toLowerCase();
+  A.push((e + 256).toString(16).slice(1));
+function gr(e, t = 0) {
+  return (A[e[t + 0]] + A[e[t + 1]] + A[e[t + 2]] + A[e[t + 3]] + "-" + A[e[t + 4]] + A[e[t + 5]] + "-" + A[e[t + 6]] + A[e[t + 7]] + "-" + A[e[t + 8]] + A[e[t + 9]] + "-" + A[e[t + 10]] + A[e[t + 11]] + A[e[t + 12]] + A[e[t + 13]] + A[e[t + 14]] + A[e[t + 15]]).toLowerCase();
 }
-let de;
-const Er = new Uint8Array(16);
-function mr() {
-  if (!de) {
+let he;
+const mr = new Uint8Array(16);
+function wr() {
+  if (!he) {
     if (typeof crypto > "u" || !crypto.getRandomValues)
       throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-    de = crypto.getRandomValues.bind(crypto);
+    he = crypto.getRandomValues.bind(crypto);
   }
-  return de(Er);
+  return he(mr);
 }
-const gr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), ke = { randomUUID: gr };
-function Oe(e, t, r) {
+const Sr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), ke = { randomUUID: Sr };
+function Ce(e, t, r) {
   var a;
   if (ke.randomUUID && !e)
     return ke.randomUUID();
   e = e || {};
-  const n = e.random ?? ((a = e.rng) == null ? void 0 : a.call(e)) ?? mr();
+  const n = e.random ?? ((a = e.rng) == null ? void 0 : a.call(e)) ?? wr();
   if (n.length < 16)
     throw new Error("Random bytes length must be >= 16");
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, fr(n);
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, gr(n);
 }
-const Ce = globalThis.crypto, wr = (e) => `${Oe()}${Oe()}`.slice(0, e), Sr = (e) => btoa(
+const Pe = globalThis.crypto, Ar = (e) => `${Ce()}${Ce()}`.slice(0, e), Tr = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function Ar(e) {
-  if (!Ce.subtle)
+async function br(e) {
+  if (!Pe.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await Ce.subtle.digest("SHA-256", t);
-  return Sr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await Pe.subtle.digest("SHA-256", t);
+  return Tr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function Tr(e) {
-  const r = wr(43), a = await Ar(r);
+async function Rr(e) {
+  const r = Ar(43), a = await br(r);
   return {
     code_verifier: r,
     code_challenge: a
   };
 }
-const Br = async (e, t) => {
+const qr = async (e, t) => {
   var r;
   const a = await M(e);
-  if (!a || !Array.isArray((r = a.payload) == null ? void 0 : r[m.SCOPES_KEY]))
+  if (!a || !Array.isArray((r = a.payload) == null ? void 0 : r[g.SCOPES_KEY]))
     return !1;
-  const n = a.payload[m.SCOPES_KEY];
+  const n = a.payload[g.SCOPES_KEY];
   return Array.isArray(t) ? t.every((s) => n.includes(s)) : Object.keys(t).some(
     (s) => t[s].every((o) => n.includes(o))
   );
 };
-function qe(e, t) {
+function ze(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const Pe = (e, t) => {
+const Ne = (e, t) => {
   const r = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, r), qe(e, r);
-}, br = (e) => {
-  window.localStorage.removeItem(e), qe(e, null);
-}, Ke = (e) => window.localStorage.getItem(e), Rr = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+  window.localStorage.setItem(e, r), ze(e, r);
+}, _r = (e) => {
+  window.localStorage.removeItem(e), ze(e, null);
+}, Ke = (e) => window.localStorage.getItem(e), Ir = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
 function ee({
   key: e,
   initialValue: t
 }) {
-  const r = ft(Rr, () => Ke(e)), a = D(
+  const r = Et(Ir, () => Ke(e)), a = D(
     (o) => {
       try {
         const i = typeof o == "function" ? o(JSON.parse(r)) : o;
-        i == null ? br(e) : Pe(e, i);
+        i == null ? _r(e) : Ne(e, i);
       } catch (i) {
         console.warn(i);
       }
@@ -1304,41 +1344,41 @@ function ee({
   }, [t, a]), s = D(() => {
     a(null);
   }, [a]);
-  return De(() => {
+  return Ue(() => {
     try {
-      Ke(e) === null && typeof t < "u" && Pe(e, t);
+      Ke(e) === null && typeof t < "u" && Ne(e, t);
     } catch (o) {
       console.warn(o);
     }
   }, [e, t]), [r ? JSON.parse(r) : null, a, n, s];
 }
-const A = [];
+const T = [];
 for (let e = 0; e < 256; ++e)
-  A.push((e + 256).toString(16).slice(1));
-function _r(e, t = 0) {
-  return (A[e[t + 0]] + A[e[t + 1]] + A[e[t + 2]] + A[e[t + 3]] + "-" + A[e[t + 4]] + A[e[t + 5]] + "-" + A[e[t + 6]] + A[e[t + 7]] + "-" + A[e[t + 8]] + A[e[t + 9]] + "-" + A[e[t + 10]] + A[e[t + 11]] + A[e[t + 12]] + A[e[t + 13]] + A[e[t + 14]] + A[e[t + 15]]).toLowerCase();
+  T.push((e + 256).toString(16).slice(1));
+function Or(e, t = 0) {
+  return (T[e[t + 0]] + T[e[t + 1]] + T[e[t + 2]] + T[e[t + 3]] + "-" + T[e[t + 4]] + T[e[t + 5]] + "-" + T[e[t + 6]] + T[e[t + 7]] + "-" + T[e[t + 8]] + T[e[t + 9]] + "-" + T[e[t + 10]] + T[e[t + 11]] + T[e[t + 12]] + T[e[t + 13]] + T[e[t + 14]] + T[e[t + 15]]).toLowerCase();
 }
 let ye;
-const Ir = new Uint8Array(16);
-function vr() {
+const vr = new Uint8Array(16);
+function kr() {
   if (!ye) {
     if (typeof crypto > "u" || !crypto.getRandomValues)
       throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
     ye = crypto.getRandomValues.bind(crypto);
   }
-  return ye(Ir);
+  return ye(vr);
 }
-const kr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), Ne = { randomUUID: kr };
-function he(e, t, r) {
-  if (Ne.randomUUID && !e)
-    return Ne.randomUUID();
+const Cr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), De = { randomUUID: Cr };
+function pe(e, t, r) {
+  if (De.randomUUID && !e)
+    return De.randomUUID();
   e = e || {};
-  const a = e.random ?? e.rng?.() ?? vr();
+  const a = e.random ?? e.rng?.() ?? kr();
   if (a.length < 16)
     throw new Error("Random bytes length must be >= 16");
-  return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, _r(a);
+  return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, Or(a);
 }
-const L = "Your session has expired. For your security, please log in again to continue.", Or = "Your session has been successfully terminated.", pe = "Login failed. Please try again.", Cr = "Error getting access token, please re-authenticate.", Pr = "You forgot to wrap your component in <AuthProvider>.", te = "@@auth@@", B = "LOADING", ne = "LOGIN", ze = "LOGOUT", z = "success", v = "failure", Qe = "include", Xe = "POST", Ze = "application/json", re = {
+const L = "Your session has expired. For your security, please log in again to continue.", Pr = "Your session has been successfully terminated.", fe = "Login failed. Please try again.", Nr = "Error getting access token, please re-authenticate.", Kr = "You forgot to wrap your component in <AuthProvider>.", te = "@@auth@@", B = "LOADING", ne = "LOGIN", Qe = "LOGOUT", z = "success", O = "failure", Xe = "include", Ze = "POST", et = "application/json", re = {
   GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
 	$clientId: String!,
 	$username: String!,
@@ -1445,12 +1485,12 @@ const L = "Your session has expired. For your security, please log in again to c
 }) => {
   try {
     const s = `Bearer ${e}`, o = await fetch(`${n}/graphql`, {
-      credentials: Qe,
-      method: Xe,
+      credentials: Xe,
+      method: Ze,
       headers: {
         authorization: s,
-        "Content-Type": Ze,
-        [We.CLIENT_ID]: `${r}`
+        "Content-Type": et,
+        [Je.CLIENT_ID]: `${r}`
       },
       body: JSON.stringify({
         query: t.schema,
@@ -1458,14 +1498,14 @@ const L = "Your session has expired. For your security, please log in again to c
       })
     });
     if (o.status !== 200)
-      return { status: v, data: [] };
+      return { status: O, data: [] };
     const { data: i } = await o.json();
     return {
       status: z,
       data: i[t.method]
     };
   } catch (s) {
-    return console.error(s), { status: v, data: [] };
+    return console.error(s), { status: O, data: [] };
   }
 }, ie = async ({
   type: e,
@@ -1475,39 +1515,39 @@ const L = "Your session has expired. For your security, please log in again to c
 }) => {
   try {
     const n = await fetch(`${a}/${e}`, {
-      credentials: Qe,
-      method: Xe,
+      credentials: Xe,
+      method: Ze,
       headers: {
-        "Content-Type": Ze,
-        [We.CLIENT_ID]: `${t}`
+        "Content-Type": et,
+        [Je.CLIENT_ID]: `${t}`
       },
       body: JSON.stringify(r)
     });
     if (n.status !== 200)
-      return { status: v, data: [] };
+      return { status: O, data: [] };
     const { data: s } = await n.json();
     return {
       status: z,
       data: s || []
     };
   } catch (n) {
-    return console.error(n), { status: v, data: [] };
+    return console.error(n), { status: O, data: [] };
   }
-}, Kr = process.env.NODE_ENV === "production", Nr = !Kr, et = {
+}, Dr = process.env.NODE_ENV === "production", Ur = !Dr, tt = {
   isLoading: !0,
   isAuthenticated: !1,
   user: void 0,
   logoutReason: "",
   debug: !1,
   authenticationType: ""
-}, Dr = (e) => {
+}, Hr = (e) => {
   try {
-    const t = pr(e);
-    return t ? t[m.USER_ID_KEY] : "";
+    const t = Er(e);
+    return t ? t[g.USER_ID_KEY] : "";
   } catch {
     return "";
   }
-}, Ur = async ({
+}, Lr = async ({
   userId: e,
   clientId: t,
   domain: r,
@@ -1525,14 +1565,14 @@ const L = "Your session has expired. For your security, please log in again to c
           domain: r,
           idToken: a
         }
-      }))?.status || v
+      }))?.status || O
     };
   } catch {
     return {
-      status: v
+      status: O
     };
   }
-}, Hr = async ({
+}, $r = async ({
   username: e,
   password: t,
   clientId: r,
@@ -1542,12 +1582,12 @@ const L = "Your session has expired. For your security, please log in again to c
   code: o,
   code_verifier: i,
   domain: c,
-  ua: f,
-  endpoint: y
+  ua: m,
+  endpoint: d
 }) => {
   try {
-    const d = await ie({
-      endpoint: y,
+    const p = await ie({
+      endpoint: d,
       type: oe.LOGIN,
       clientId: r,
       params: {
@@ -1559,15 +1599,15 @@ const L = "Your session has expired. For your security, please log in again to c
         code: o,
         code_verifier: i,
         domain: c,
-        ua: f
+        ua: m
       }
-    }), h = await M(d?.data?.idToken);
-    return h && h.payload[m.USER_ID_KEY] !== "" && h.payload[m.NONCE_KEY] === a ? {
-      idToken: d.data.idToken,
-      accessToken: d.data.accessToken,
-      refreshToken: d.data.refreshToken,
-      userId: h.payload[m.USER_ID_KEY],
-      email: h.payload[m.EMAIL_KEY],
+    }), E = await M(p?.data?.idToken);
+    return E && E.payload[g.USER_ID_KEY] !== "" && E.payload[g.NONCE_KEY] === a ? {
+      idToken: p.data.idToken,
+      accessToken: p.data.accessToken,
+      refreshToken: p.data.refreshToken,
+      userId: E.payload[g.USER_ID_KEY],
+      email: E.payload[g.EMAIL_KEY],
       status: !0
     } : {
       status: !1
@@ -1577,7 +1617,7 @@ const L = "Your session has expired. For your security, please log in again to c
       status: !1
     };
   }
-}, Lr = async ({
+}, Wr = async ({
   nonce: e,
   clientId: t,
   code_challenge: r,
@@ -1598,16 +1638,16 @@ const L = "Your session has expired. For your security, please log in again to c
       status: z,
       data: n.data.code
     } : {
-      status: v,
+      status: O,
       data: ""
     };
   } catch {
     return {
-      status: v,
+      status: O,
       data: ""
     };
   }
-}, $r = async ({
+}, Jr = async ({
   clientId: e,
   userId: t,
   nonce: r,
@@ -1630,10 +1670,10 @@ const L = "Your session has expired. For your security, please log in again to c
         domain: s
       }
     }), c = await M(i?.data?.accessToken);
-    return c && c.payload[m.USER_ID_KEY] !== "" && c.payload[m.NONCE_KEY] === r ? {
+    return c && c.payload[g.USER_ID_KEY] !== "" && c.payload[g.NONCE_KEY] === r ? {
       accessToken: i.data.accessToken,
       refreshToken: i.data.refreshToken,
-      userId: c.payload[m.USER_ID_KEY],
+      userId: c.payload[g.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -1644,7 +1684,7 @@ const L = "Your session has expired. For your security, please log in again to c
     };
   }
 };
-class Wr {
+class Yr {
   constructor(t = null, r = null) {
     X(this, "refreshTokenPromise", null);
     X(this, "accessToken");
@@ -1679,8 +1719,8 @@ class Wr {
     domain: s
   }) {
     const o = await M(this.refreshToken);
-    if (o && o.payload[m.USER_ID_KEY] !== "") {
-      const i = await $r({
+    if (o && o.payload[g.USER_ID_KEY] !== "") {
+      const i = await Jr({
         endpoint: t,
         clientId: r,
         userId: a,
@@ -1694,22 +1734,22 @@ class Wr {
         newAccessToken: i.accessToken,
         newRefreshToken: i.refreshToken
       }) : {
-        status: v
+        status: O
       };
     } else
       return {
-        status: v
+        status: O
       };
   }
 }
-const Jr = (e) => D(
+const xr = (e) => D(
   (...t) => {
     e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
   },
   [e]
 ), J = () => {
-  throw new Error(Pr);
-}, tt = Et({
+  throw new Error(Kr);
+}, rt = gt({
   isAuthenticated: !1,
   isLoading: !1,
   login: J,
@@ -1720,11 +1760,11 @@ const Jr = (e) => D(
   loginWithPasskey: J,
   logoutReason: "",
   authenticationType: ""
-}), Yr = pt.createContext({
-  state: et,
+}), Gr = ft.createContext({
+  state: tt,
   dispatch: () => {
   }
-}), xr = (e, t) => t?.type === B ? {
+}), Mr = (e, t) => t?.type === B ? {
   ...e,
   isLoading: t.payload.isLoading
 } : t?.type === ne ? {
@@ -1734,41 +1774,41 @@ const Jr = (e) => D(
   user: t.payload.user,
   authenticationType: t.payload.authenticationType,
   logoutReason: ""
-} : t?.type === ze ? {
+} : t?.type === Qe ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !1,
   user: void 0,
   authenticationType: "",
   logoutReason: t.payload.logoutReason
-} : e, Fr = ({
+} : e, zr = ({
   children: e,
   sessionExpiration: t,
   clientId: r,
   domain: a = "",
   debug: n = !1,
-  endpoint: s = Nr ? "https://auth.gizmette.local.com:3003" : "https://mylogin.gizmette.com/auth"
+  endpoint: s = Ur ? "https://auth.gizmette.local.com:3003" : "https://mylogin.gizmette.com/auth"
 }) => {
-  const [o, i] = mt(xr, {
-    ...et,
+  const [o, i] = mt(Mr, {
+    ...tt,
     debug: n
-  }), c = Jr(n), f = gt(!1), [y, d, , h] = ee({
+  }), c = xr(n), m = wt(!1), [d, p, , E] = ee({
     key: `${te}::${r}::@@user@@`
-  }), [E, b, , U] = ee({
+  }), [y, h, , U] = ee({
     key: `${te}::${r}::@@access@@`
-  }), [rt, ce, , Se] = ee(
+  }), [at, ce, , Ae] = ee(
     {
       key: `${te}::${r}::@@refresh@@`
     }
-  ), [at, Ae, , Te] = ee({
+  ), [nt, Te, , be] = ee({
     key: `${te}::${r}::@@nonce@@`
-  }), nt = new Wr(E, rt), Q = D(() => {
-    c("removeLocalStorage: removing local storage"), h(), U(), Se(), Te();
+  }), st = new Yr(y, at), Q = D(() => {
+    c("removeLocalStorage: removing local storage"), E(), U(), Ae(), be();
   }, [
     U,
-    h,
-    Te,
-    Se,
+    E,
+    be,
+    Ae,
     c
   ]), j = D(
     (u) => {
@@ -1776,29 +1816,29 @@ const Jr = (e) => D(
         "removeStateAndLocalStorage: removing state and local storage with reason: ",
         u
       ), i({
-        type: ze,
+        type: Qe,
         payload: {
           logoutReason: u || L
         }
       }), Q(), i({ type: B, payload: { isLoading: !1 } });
     },
     [Q, c]
-  ), K = D(
+  ), N = D(
     async (u) => {
       c("invalidateAndLogout: invalidating and logging out");
-      const { user: w } = o, l = w?.userId || Dr(y);
+      const { user: S } = o, l = S?.userId || Hr(d);
       l || c(
         "invalidateAndLogout: user cannot be identified, logging out without userId"
-      ), await Ur({
+      ), await Lr({
         userId: l,
         clientId: r,
         domain: a,
-        idToken: y,
+        idToken: d,
         endpoint: s
       }), j(u || L);
     },
     [
-      y,
+      d,
       o,
       r,
       a,
@@ -1807,56 +1847,56 @@ const Jr = (e) => D(
       s
     ]
   );
-  De(() => {
-    if (!f.current)
-      return o.isLoading && y !== null ? (async () => {
+  Ue(() => {
+    if (!m.current)
+      return o.isLoading && d !== null ? (async () => {
         try {
-          const u = await M(y);
-          u && u.payload[m.USER_ID_KEY] !== "" ? (c("useEffect: setting the authentication state"), i({
+          const u = await M(d);
+          u && u.payload[g.USER_ID_KEY] !== "" ? (c("useEffect: setting the authentication state"), i({
             type: ne,
             payload: {
-              authenticationType: u.payload[m.AUTH_TYPE_KEY],
+              authenticationType: u.payload[g.AUTH_TYPE_KEY],
               user: {
-                userId: u.payload[m.USER_ID_KEY],
-                username: u.payload[m.USERNAME_KEY],
-                email: u.payload[m.EMAIL_KEY]
+                userId: u.payload[g.USER_ID_KEY],
+                username: u.payload[g.USERNAME_KEY],
+                email: u.payload[g.EMAIL_KEY]
               }
             }
-          })) : (c("useEffect: invalid JWT, invalidating and logging out"), await K(L));
+          })) : (c("useEffect: invalid JWT, invalidating and logging out"), await N(L));
         } catch {
           c(
             "useEffect: exception validating JWT, invalidating and logging out"
-          ), await K(L);
+          ), await N(L);
         }
       })() : (c("useEffect: setting the loading state to false"), i({ type: B, payload: { isLoading: !1 } })), () => {
-        f.current = !0;
+        m.current = !0;
       };
-  }, [o.isLoading, y, K, c]);
-  const st = async (u, w) => {
+  }, [o.isLoading, d, N, c]);
+  const ot = async (u, S) => {
     i({ type: B, payload: { isLoading: !0 } }), Q();
-    const l = he();
-    Ae(l), c("login: Logging in with password");
-    const { code_verifier: N, code_challenge: dt } = await Tr(), be = await Lr({
+    const l = pe();
+    Te(l), c("login: Logging in with password");
+    const { code_verifier: K, code_challenge: ht } = await Rr(), Re = await Wr({
       endpoint: s,
       nonce: l,
       clientId: r,
-      code_challenge: dt
+      code_challenge: ht
     });
-    if (be.status) {
-      const H = await Hr({
+    if (Re.status) {
+      const H = await $r({
         endpoint: s,
         username: u,
-        password: w,
+        password: S,
         clientId: r,
         sessionExpiration: t,
         nonce: l,
         type: x.CODE,
-        code: be.data,
-        code_verifier: N,
+        code: Re.data,
+        code_verifier: K,
         domain: a,
         ua: navigator.userAgent
       });
-      return H.status ? (d(H.idToken), b(H.accessToken), ce(H.refreshToken), i({
+      return H.status ? (p(H.idToken), h(H.accessToken), ce(H.refreshToken), i({
         type: ne,
         payload: {
           authenticationType: x.CODE,
@@ -1866,46 +1906,46 @@ const Jr = (e) => D(
             email: H.email
           }
         }
-      }), !0) : (j(pe), !1);
+      }), !0) : (j(fe), !1);
     }
     return !1;
-  }, ot = async (u) => {
-    u?.preventDefault(), await K(Or);
-  }, it = async () => {
-    const { isAuthenticated: u, user: w } = o;
+  }, it = async (u) => {
+    u?.preventDefault(), await N(Pr);
+  }, ct = async () => {
+    const { isAuthenticated: u, user: S } = o;
     try {
-      if (u && w && w.userId) {
-        if (E) {
+      if (u && S && S.userId) {
+        if (y) {
           c("getAccessToken");
-          const N = await M(E);
-          if (N && N.payload[m.USER_ID_KEY] !== "")
-            return E;
+          const K = await M(y);
+          if (K && K.payload[g.USER_ID_KEY] !== "")
+            return y;
         }
         c("getAccessToken: invalid access token, trying to refresh it");
-        const l = await nt.refreshtoken({
+        const l = await st.refreshtoken({
           endpoint: s,
           clientId: r,
-          userId: w.userId,
-          nonce: at,
+          userId: S.userId,
+          nonce: nt,
           domain: a
         });
-        return l.status && l.status === "success" && l.newAccessToken ? (b(l.newAccessToken), ce(l.newRefreshToken), l.newAccessToken) : (c(
+        return l.status && l.status === "success" && l.newAccessToken ? (h(l.newAccessToken), ce(l.newRefreshToken), l.newAccessToken) : (c(
           "getAccessToken: invalid refresh token, need to re-authenticate"
-        ), await K(L), "");
+        ), await N(L), "");
       }
       return c(
         "getAccessToken: user is not authenticated, cannot get access token"
-      ), await K(L), "";
+      ), await N(L), "";
     } catch {
       return c(
         "getAccessToken: exception occurred, invalidating and logging out"
-      ), await K(Cr), "";
+      ), await N(Nr), "";
     }
-  }, ct = () => o.isAuthenticated && y ? y : "", ut = async () => {
+  }, ut = () => o.isAuthenticated && d ? d : "", lt = async () => {
     const { user: u } = o;
-    let w = await W({
+    let S = await W({
       endpoint: s,
-      accessToken: E,
+      accessToken: y,
       clientId: r,
       type: $.GET_REGISTRATION_OPTIONS,
       params: {
@@ -1914,12 +1954,14 @@ const Jr = (e) => D(
         username: u?.username
       }
     });
-    if (w.status)
+    if (S.status)
       try {
-        const l = await bt(w.data);
-        return w = await W({
+        const l = await _t({
+          optionsJSON: S.data
+        });
+        return S = await W({
           endpoint: s,
-          accessToken: E,
+          accessToken: y,
           clientId: r,
           type: $.VERIFY_REGISTRATION,
           params: {
@@ -1928,11 +1970,11 @@ const Jr = (e) => D(
             username: u?.username,
             registration: l
           }
-        }), !!(w.status && w.data.length > 0);
+        }), !!(S.status && S.data.length > 0);
       } catch {
         return await W({
           endpoint: s,
-          accessToken: E,
+          accessToken: y,
           clientId: r,
           type: $.VERIFY_REGISTRATION,
           params: {
@@ -1944,39 +1986,41 @@ const Jr = (e) => D(
         }), !1;
       }
     return !1;
-  }, lt = async () => {
+  }, dt = async () => {
     i({ type: B, payload: { isLoading: !0 } }), Q();
-    const u = he();
-    Ae(u), c("loginWithPasskey");
-    const w = he();
+    const u = pe();
+    Te(u), c("loginWithPasskey");
+    const S = pe();
     let l = await W({
       endpoint: s,
-      accessToken: E,
+      accessToken: y,
       clientId: r,
       type: $.GET_AUTHENTICATION_OPTIONS,
       params: {
-        id: w,
+        id: S,
         clientId: r
       }
     });
     if (l.status)
       try {
-        const N = await It(l.data);
+        const K = await vt({
+          optionsJSON: l.data
+        });
         return l = await W({
           endpoint: s,
-          accessToken: E,
+          accessToken: y,
           clientId: r,
           type: $.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
-            id: w,
-            authentication: N,
+            id: S,
+            authentication: K,
             nonce: u,
             domain: a,
             sessionExpiration: t,
             ua: navigator.userAgent
           }
-        }), l.data.status === z ? (d(l.data.idToken), b(l.data.accessToken), ce(l.data.refreshToken), i({
+        }), l.data.status === z ? (p(l.data.idToken), h(l.data.accessToken), ce(l.data.refreshToken), i({
           type: ne,
           payload: {
             authenticationType: x.PASSKEY,
@@ -1986,44 +2030,44 @@ const Jr = (e) => D(
               email: l.data.email
             }
           }
-        }), !0) : (j(pe), !1);
+        }), !0) : (j(fe), !1);
       } catch {
         return await W({
           endpoint: s,
-          accessToken: E,
+          accessToken: y,
           clientId: r,
           type: $.VERIFY_AUTHENTICATION,
           params: {
             clientId: r,
-            id: w,
+            id: S,
             authentication: {},
             nonce: u,
             domain: a,
             sessionExpiration: t
           }
-        }), j(pe), !1;
+        }), j(fe), !1;
       }
     return !1;
   };
-  return /* @__PURE__ */ Re(Yr.Provider, { value: { state: o, dispatch: i }, children: /* @__PURE__ */ Re(
-    tt.Provider,
+  return /* @__PURE__ */ _e(Gr.Provider, { value: { state: o, dispatch: i }, children: /* @__PURE__ */ _e(
+    rt.Provider,
     {
       value: {
         ...o,
-        login: st,
-        logout: ot,
-        getAccessToken: it,
-        getIdToken: ct,
-        registeringForPasskey: ut,
-        loginWithPasskey: lt
+        login: ot,
+        logout: it,
+        getAccessToken: ct,
+        getIdToken: ut,
+        registeringForPasskey: lt,
+        loginWithPasskey: dt
       },
       children: e
     }
   ) });
-}, qr = (e = tt) => wt(e);
+}, Qr = (e = rt) => St(e);
 export {
   x as AUTH_TYPES,
-  Fr as AuthProvider,
-  Br as isGranted,
-  qr as useAuth
+  zr as AuthProvider,
+  qr as isGranted,
+  Qr as useAuth
 };