npm - @versini/auth-provider - Versions diffs - 7.5.3 → 8.0.1 - Mend

@versini/auth-provider 7.5.3 → 8.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/AuthHookContext-C9a2AwWZ.js +5 -0
package/dist/auth.d.ts +16 -0
package/dist/auth.js +1104 -0
package/dist/auth0.d.ts +6 -0
package/dist/auth0.js +1314 -0
package/dist/hooks.d.ts +6 -0
package/dist/hooks.js +24 -0
package/dist/index-BUUrGwOT.js +983 -0
package/dist/index.d.ts +0 -55
package/dist/index.js +6 -2061
package/dist/types.d-C8LtGKj9.d.ts +40 -0
package/package.json +19 -5

package/dist/index.js CHANGED Viewed

@@ -1,2073 +1,18 @@
-var yt = Object.defineProperty;
-var pt = (e, t, r) => t in e ? yt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var X = (e, t, r) => pt(e, typeof t != "symbol" ? t + "" : t, r);
-import { jsx as _e } from "react/jsx-runtime";
-import ft, { useSyncExternalStore as Et, useCallback as D, useEffect as Ue, createContext as gt, useReducer as mt, useRef as wt, useContext as St } from "react";
+import { nt as t, ft as r } from "./index-BUUrGwOT.js";
 /*!
-  @versini/auth-provider v7.5.3
+  @versini/auth-provider v8.0.1
   © 2025 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "7.5.3",
-    buildTime: "04/02/2025 05:48 PM EDT",
+    version: "8.0.1",
+    buildTime: "04/13/2025 07:33 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-function I(e) {
-  const t = new Uint8Array(e);
-  let r = "";
-  for (const n of t)
-    r += String.fromCharCode(n);
-  return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-}
-function se(e) {
-  const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, a = t.padEnd(t.length + r, "="), n = atob(a), s = new ArrayBuffer(n.length), o = new Uint8Array(s);
-  for (let i = 0; i < n.length; i++)
-    o[i] = n.charCodeAt(i);
-  return s;
-}
-function me() {
-  return At.stubThis(globalThis?.PublicKeyCredential !== void 0 && typeof globalThis.PublicKeyCredential == "function");
-}
-const At = {
-  stubThis: (e) => e
-};
-function He(e) {
-  const { id: t } = e;
-  return {
-    ...e,
-    id: se(t),
-    /**
-     * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
-     * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
-     * are fine to pass to WebAuthn since browsers will recognize the new value.
-     */
-    transports: e.transports
-  };
-}
-function Le(e) {
-  return (
-    // Consider localhost valid as well since it's okay wrt Secure Contexts
-    e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)
-  );
-}
-class b extends Error {
-  constructor({ message: t, code: r, cause: a, name: n }) {
-    super(t, { cause: a }), Object.defineProperty(this, "code", {
-      enumerable: !0,
-      configurable: !0,
-      writable: !0,
-      value: void 0
-    }), this.name = n ?? a.name, this.code = r;
-  }
-}
-function Tt({ error: e, options: t }) {
-  const { publicKey: r } = t;
-  if (!r)
-    throw Error("options was missing required publicKey property");
-  if (e.name === "AbortError") {
-    if (t.signal instanceof AbortSignal)
-      return new b({
-        message: "Registration ceremony was sent an abort signal",
-        code: "ERROR_CEREMONY_ABORTED",
-        cause: e
-      });
-  } else if (e.name === "ConstraintError") {
-    if (r.authenticatorSelection?.requireResidentKey === !0)
-      return new b({
-        message: "Discoverable credentials were required but no available authenticator supported it",
-        code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
-        cause: e
-      });
-    if (
-      // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
-      t.mediation === "conditional" && r.authenticatorSelection?.userVerification === "required"
-    )
-      return new b({
-        message: "User verification was required during automatic registration but it could not be performed",
-        code: "ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",
-        cause: e
-      });
-    if (r.authenticatorSelection?.userVerification === "required")
-      return new b({
-        message: "User verification was required but no available authenticator supported it",
-        code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
-        cause: e
-      });
-  } else {
-    if (e.name === "InvalidStateError")
-      return new b({
-        message: "The authenticator was previously registered",
-        code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
-        cause: e
-      });
-    if (e.name === "NotAllowedError")
-      return new b({
-        message: e.message,
-        code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
-        cause: e
-      });
-    if (e.name === "NotSupportedError")
-      return r.pubKeyCredParams.filter((n) => n.type === "public-key").length === 0 ? new b({
-        message: 'No entry in pubKeyCredParams was of type "public-key"',
-        code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
-        cause: e
-      }) : new b({
-        message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
-        code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
-        cause: e
-      });
-    if (e.name === "SecurityError") {
-      const a = globalThis.location.hostname;
-      if (Le(a)) {
-        if (r.rp.id !== a)
-          return new b({
-            message: `The RP ID "${r.rp.id}" is invalid for this domain`,
-            code: "ERROR_INVALID_RP_ID",
-            cause: e
-          });
-      } else return new b({
-        message: `${globalThis.location.hostname} is an invalid domain`,
-        code: "ERROR_INVALID_DOMAIN",
-        cause: e
-      });
-    } else if (e.name === "TypeError") {
-      if (r.user.id.byteLength < 1 || r.user.id.byteLength > 64)
-        return new b({
-          message: "User ID was not between 1 and 64 characters",
-          code: "ERROR_INVALID_USER_ID_LENGTH",
-          cause: e
-        });
-    } else if (e.name === "UnknownError")
-      return new b({
-        message: "The authenticator was unable to process the specified options, or could not create a new credential",
-        code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
-        cause: e
-      });
-  }
-  return e;
-}
-class bt {
-  constructor() {
-    Object.defineProperty(this, "controller", {
-      enumerable: !0,
-      configurable: !0,
-      writable: !0,
-      value: void 0
-    });
-  }
-  createNewAbortSignal() {
-    if (this.controller) {
-      const r = new Error("Cancelling existing WebAuthn API call for new one");
-      r.name = "AbortError", this.controller.abort(r);
-    }
-    const t = new AbortController();
-    return this.controller = t, t.signal;
-  }
-  cancelCeremony() {
-    if (this.controller) {
-      const t = new Error("Manually cancelling existing WebAuthn API call");
-      t.name = "AbortError", this.controller.abort(t), this.controller = void 0;
-    }
-  }
-}
-const $e = new bt(), Rt = ["cross-platform", "platform"];
-function We(e) {
-  if (e && !(Rt.indexOf(e) < 0))
-    return e;
-}
-async function _t(e) {
-  !e.optionsJSON && e.challenge && (console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."), e = { optionsJSON: e });
-  const { optionsJSON: t, useAutoRegister: r = !1 } = e;
-  if (!me())
-    throw new Error("WebAuthn is not supported in this browser");
-  const a = {
-    ...t,
-    challenge: se(t.challenge),
-    user: {
-      ...t.user,
-      id: se(t.user.id)
-    },
-    excludeCredentials: t.excludeCredentials?.map(He)
-  }, n = {};
-  r && (n.mediation = "conditional"), n.publicKey = a, n.signal = $e.createNewAbortSignal();
-  let s;
-  try {
-    s = await navigator.credentials.create(n);
-  } catch (h) {
-    throw Tt({ error: h, options: n });
-  }
-  if (!s)
-    throw new Error("Registration was not completed");
-  const { id: o, rawId: i, response: c, type: m } = s;
-  let d;
-  typeof c.getTransports == "function" && (d = c.getTransports());
-  let p;
-  if (typeof c.getPublicKeyAlgorithm == "function")
-    try {
-      p = c.getPublicKeyAlgorithm();
-    } catch (h) {
-      ue("getPublicKeyAlgorithm()", h);
-    }
-  let E;
-  if (typeof c.getPublicKey == "function")
-    try {
-      const h = c.getPublicKey();
-      h !== null && (E = I(h));
-    } catch (h) {
-      ue("getPublicKey()", h);
-    }
-  let y;
-  if (typeof c.getAuthenticatorData == "function")
-    try {
-      y = I(c.getAuthenticatorData());
-    } catch (h) {
-      ue("getAuthenticatorData()", h);
-    }
-  return {
-    id: o,
-    rawId: I(i),
-    response: {
-      attestationObject: I(c.attestationObject),
-      clientDataJSON: I(c.clientDataJSON),
-      transports: d,
-      publicKeyAlgorithm: p,
-      publicKey: E,
-      authenticatorData: y
-    },
-    type: m,
-    clientExtensionResults: s.getClientExtensionResults(),
-    authenticatorAttachment: We(s.authenticatorAttachment)
-  };
-}
-function ue(e, t) {
-  console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
-`, t);
-}
-function It() {
-  if (!me())
-    return le.stubThis(new Promise((t) => t(!1)));
-  const e = globalThis.PublicKeyCredential;
-  return e?.isConditionalMediationAvailable === void 0 ? le.stubThis(new Promise((t) => t(!1))) : le.stubThis(e.isConditionalMediationAvailable());
-}
-const le = {
-  stubThis: (e) => e
-};
-function Ot({ error: e, options: t }) {
-  const { publicKey: r } = t;
-  if (!r)
-    throw Error("options was missing required publicKey property");
-  if (e.name === "AbortError") {
-    if (t.signal instanceof AbortSignal)
-      return new b({
-        message: "Authentication ceremony was sent an abort signal",
-        code: "ERROR_CEREMONY_ABORTED",
-        cause: e
-      });
-  } else {
-    if (e.name === "NotAllowedError")
-      return new b({
-        message: e.message,
-        code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
-        cause: e
-      });
-    if (e.name === "SecurityError") {
-      const a = globalThis.location.hostname;
-      if (Le(a)) {
-        if (r.rpId !== a)
-          return new b({
-            message: `The RP ID "${r.rpId}" is invalid for this domain`,
-            code: "ERROR_INVALID_RP_ID",
-            cause: e
-          });
-      } else return new b({
-        message: `${globalThis.location.hostname} is an invalid domain`,
-        code: "ERROR_INVALID_DOMAIN",
-        cause: e
-      });
-    } else if (e.name === "UnknownError")
-      return new b({
-        message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
-        code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
-        cause: e
-      });
-  }
-  return e;
-}
-async function vt(e) {
-  !e.optionsJSON && e.challenge && (console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."), e = { optionsJSON: e });
-  const { optionsJSON: t, useBrowserAutofill: r = !1, verifyBrowserAutofillInput: a = !0 } = e;
-  if (!me())
-    throw new Error("WebAuthn is not supported in this browser");
-  let n;
-  t.allowCredentials?.length !== 0 && (n = t.allowCredentials?.map(He));
-  const s = {
-    ...t,
-    challenge: se(t.challenge),
-    allowCredentials: n
-  }, o = {};
-  if (r) {
-    if (!await It())
-      throw Error("Browser does not support WebAuthn autofill");
-    if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1 && a)
-      throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
-    o.mediation = "conditional", s.allowCredentials = [];
-  }
-  o.publicKey = s, o.signal = $e.createNewAbortSignal();
-  let i;
-  try {
-    i = await navigator.credentials.get(o);
-  } catch (y) {
-    throw Ot({ error: y, options: o });
-  }
-  if (!i)
-    throw new Error("Authentication was not completed");
-  const { id: c, rawId: m, response: d, type: p } = i;
-  let E;
-  return d.userHandle && (E = I(d.userHandle)), {
-    id: c,
-    rawId: I(m),
-    response: {
-      authenticatorData: I(d.authenticatorData),
-      clientDataJSON: I(d.clientDataJSON),
-      signature: I(d.signature),
-      userHandle: E
-    },
-    type: p,
-    clientExtensionResults: i.getClientExtensionResults(),
-    authenticatorAttachment: We(i.authenticatorAttachment)
-  };
-}
-var kt = Object.defineProperty, Ct = (e, t, r) => t in e ? kt(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r, f = (e, t, r) => Ct(e, typeof t != "symbol" ? t + "" : t, r);
-/*!
-  @versini/auth-common v4.2.1
-  © 2025 gizmette.com
-*/
-try {
-  window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.2.1",
-    buildTime: "04/02/2025 05:48 PM EDT",
-    homepage: "https://github.com/aversini/auth-client",
-    license: "MIT"
-  });
-} catch {
-}
-const x = {
-  ID_TOKEN: "id_token",
-  ACCESS_TOKEN: "token",
-  ID_AND_ACCESS_TOKEN: "id_token token",
-  CODE: "code",
-  REFRESH_TOKEN: "refresh_token",
-  PASSKEY: "passkey"
-}, Je = {
-  CLIENT_ID: "X-Auth-ClientId"
-}, g = {
-  ALG: "RS256",
-  USER_ID_KEY: "sub",
-  USERNAME_KEY: "username",
-  EMAIL_KEY: "email",
-  TOKEN_ID_KEY: "__raw",
-  NONCE_KEY: "_nonce",
-  AUTH_TYPE_KEY: "auth_type",
-  EXPIRES_AT_KEY: "exp",
-  CREATED_AT_KEY: "iat",
-  SCOPES_KEY: "scopes",
-  CLIENT_ID_KEY: "aud",
-  ISSUER: "gizmette.com"
-}, Pt = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
-w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
-i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
-aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
-l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
-sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
-awIDAQAB
------END PUBLIC KEY-----`, oe = {
-  CODE: "code",
-  LOGOUT: "logout",
-  LOGIN: "login",
-  REFRESH: "refresh"
-}, Z = new TextEncoder(), G = new TextDecoder();
-function Nt(...e) {
-  const t = e.reduce((n, { length: s }) => n + s, 0), r = new Uint8Array(t);
-  let a = 0;
-  for (const n of e)
-    r.set(n, a), a += n.length;
-  return r;
-}
-function Kt(e) {
-  if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(e);
-  const t = atob(e), r = new Uint8Array(t.length);
-  for (let a = 0; a < t.length; a++)
-    r[a] = t.charCodeAt(a);
-  return r;
-}
-function F(e) {
-  if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : G.decode(e), {
-      alphabet: "base64url"
-    });
-  let t = e;
-  t instanceof Uint8Array && (t = G.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
-  try {
-    return Kt(t);
-  } catch {
-    throw new TypeError("The input to be decoded is not correctly encoded.");
-  }
-}
-class P extends Error {
-  constructor(t, r) {
-    var a;
-    super(t, r), f(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
-  }
-}
-f(P, "code", "ERR_JOSE_GENERIC");
-class R extends P {
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), f(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), f(this, "claim"), f(this, "reason"), f(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
-  }
-}
-f(R, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
-class Ee extends P {
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), f(this, "code", "ERR_JWT_EXPIRED"), f(this, "claim"), f(this, "reason"), f(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
-  }
-}
-f(Ee, "code", "ERR_JWT_EXPIRED");
-class Ye extends P {
-  constructor() {
-    super(...arguments), f(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-  }
-}
-f(Ye, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-let k = class extends P {
-  constructor() {
-    super(...arguments), f(this, "code", "ERR_JOSE_NOT_SUPPORTED");
-  }
-};
-f(k, "code", "ERR_JOSE_NOT_SUPPORTED");
-class w extends P {
-  constructor() {
-    super(...arguments), f(this, "code", "ERR_JWS_INVALID");
-  }
-}
-f(w, "code", "ERR_JWS_INVALID");
-class _ extends P {
-  constructor() {
-    super(...arguments), f(this, "code", "ERR_JWT_INVALID");
-  }
-}
-f(_, "code", "ERR_JWT_INVALID");
-class xe extends P {
-  constructor(t = "signature verification failed", r) {
-    super(t, r), f(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-  }
-}
-f(xe, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-function v(e, t = "algorithm.name") {
-  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
-}
-function V(e, t) {
-  return e.name === t;
-}
-function de(e) {
-  return parseInt(e.name.slice(4), 10);
-}
-function Dt(e) {
-  switch (e) {
-    case "ES256":
-      return "P-256";
-    case "ES384":
-      return "P-384";
-    case "ES512":
-      return "P-521";
-    default:
-      throw new Error("unreachable");
-  }
-}
-function Ut(e, t) {
-  if (!e.usages.includes(t))
-    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
-}
-function Ht(e, t, r) {
-  switch (t) {
-    case "HS256":
-    case "HS384":
-    case "HS512": {
-      if (!V(e.algorithm, "HMAC"))
-        throw v("HMAC");
-      const a = parseInt(t.slice(2), 10);
-      if (de(e.algorithm.hash) !== a)
-        throw v(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "RS256":
-    case "RS384":
-    case "RS512": {
-      if (!V(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw v("RSASSA-PKCS1-v1_5");
-      const a = parseInt(t.slice(2), 10);
-      if (de(e.algorithm.hash) !== a)
-        throw v(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "PS256":
-    case "PS384":
-    case "PS512": {
-      if (!V(e.algorithm, "RSA-PSS"))
-        throw v("RSA-PSS");
-      const a = parseInt(t.slice(2), 10);
-      if (de(e.algorithm.hash) !== a)
-        throw v(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA": {
-      if (!V(e.algorithm, "Ed25519"))
-        throw v("Ed25519");
-      break;
-    }
-    case "ES256":
-    case "ES384":
-    case "ES512": {
-      if (!V(e.algorithm, "ECDSA"))
-        throw v("ECDSA");
-      const a = Dt(t);
-      if (e.algorithm.namedCurve !== a)
-        throw v(a, "algorithm.namedCurve");
-      break;
-    }
-    default:
-      throw new TypeError("CryptoKey does not support this operation");
-  }
-  Ut(e, r);
-}
-function Ge(e, t, ...r) {
-  var a;
-  if (r = r.filter(Boolean), r.length > 2) {
-    const n = r.pop();
-    e += `one of type ${r.join(", ")}, or ${n}.`;
-  } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
-  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (a = t.constructor) != null && a.name && (e += ` Received an instance of ${t.constructor.name}`), e;
-}
-const Lt = (e, ...t) => Ge("Key must be ", e, ...t);
-function Me(e, t, ...r) {
-  return Ge(`Key for the ${e} algorithm must be `, t, ...r);
-}
-function je(e) {
-  return e?.[Symbol.toStringTag] === "CryptoKey";
-}
-function Ve(e) {
-  return e?.[Symbol.toStringTag] === "KeyObject";
-}
-const Be = (e) => je(e) || Ve(e), $t = (...e) => {
-  const t = e.filter(Boolean);
-  if (t.length === 0 || t.length === 1)
-    return !0;
-  let r;
-  for (const a of t) {
-    const n = Object.keys(a);
-    if (!r || r.size === 0) {
-      r = new Set(n);
-      continue;
-    }
-    for (const s of n) {
-      if (r.has(s))
-        return !1;
-      r.add(s);
-    }
-  }
-  return !0;
-};
-function Wt(e) {
-  return typeof e == "object" && e !== null;
-}
-const q = (e) => {
-  if (!Wt(e) || Object.prototype.toString.call(e) !== "[object Object]")
-    return !1;
-  if (Object.getPrototypeOf(e) === null)
-    return !0;
-  let t = e;
-  for (; Object.getPrototypeOf(t) !== null; )
-    t = Object.getPrototypeOf(t);
-  return Object.getPrototypeOf(e) === t;
-}, Jt = (e, t) => {
-  if (e.startsWith("RS") || e.startsWith("PS")) {
-    const { modulusLength: r } = t.algorithm;
-    if (typeof r != "number" || r < 2048)
-      throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
-  }
-}, ae = (e, t, r = 0) => {
-  r === 0 && (t.unshift(t.length), t.unshift(6));
-  const a = e.indexOf(t[0], r);
-  if (a === -1)
-    return !1;
-  const n = e.subarray(a, a + t.length);
-  return n.length !== t.length ? !1 : n.every((s, o) => s === t[o]) || ae(e, t, a + 1);
-}, Yt = (e) => {
-  switch (!0) {
-    case ae(e, [42, 134, 72, 206, 61, 3, 1, 7]):
-      return "P-256";
-    case ae(e, [43, 129, 4, 0, 34]):
-      return "P-384";
-    case ae(e, [43, 129, 4, 0, 35]):
-      return "P-521";
-    default:
-      return;
-  }
-}, xt = async (e, t, r, a, n) => {
-  let s, o;
-  const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
-  switch (a) {
-    case "PS256":
-    case "PS384":
-    case "PS512":
-      s = { name: "RSA-PSS", hash: `SHA-${a.slice(-3)}` }, o = ["verify"];
-      break;
-    case "RS256":
-    case "RS384":
-    case "RS512":
-      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${a.slice(-3)}` }, o = ["verify"];
-      break;
-    case "RSA-OAEP":
-    case "RSA-OAEP-256":
-    case "RSA-OAEP-384":
-    case "RSA-OAEP-512":
-      s = {
-        name: "RSA-OAEP",
-        hash: `SHA-${parseInt(a.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
-      break;
-    case "ES256":
-      s = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
-      break;
-    case "ES384":
-      s = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
-      break;
-    case "ES512":
-      s = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
-      break;
-    case "ECDH-ES":
-    case "ECDH-ES+A128KW":
-    case "ECDH-ES+A192KW":
-    case "ECDH-ES+A256KW": {
-      const c = Yt(i);
-      s = c != null && c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: "X25519" }, o = [];
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA":
-      s = { name: "Ed25519" }, o = ["verify"];
-      break;
-    default:
-      throw new k('Invalid or unsupported "alg" (Algorithm) value');
-  }
-  return crypto.subtle.importKey(t, i, s, !0, o);
-}, Gt = (e, t, r) => xt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-function Mt(e) {
-  let t, r;
-  switch (e.kty) {
-    case "RSA": {
-      switch (e.alg) {
-        case "PS256":
-        case "PS384":
-        case "PS512":
-          t = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "RS256":
-        case "RS384":
-        case "RS512":
-          t = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "RSA-OAEP":
-        case "RSA-OAEP-256":
-        case "RSA-OAEP-384":
-        case "RSA-OAEP-512":
-          t = {
-            name: "RSA-OAEP",
-            hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
-          }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
-          break;
-        default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    case "EC": {
-      switch (e.alg) {
-        case "ES256":
-          t = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ES384":
-          t = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ES512":
-          t = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ECDH-ES":
-        case "ECDH-ES+A128KW":
-        case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
-          break;
-        default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    case "OKP": {
-      switch (e.alg) {
-        case "Ed25519":
-        case "EdDSA":
-          t = { name: "Ed25519" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ECDH-ES":
-        case "ECDH-ES+A128KW":
-        case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
-          break;
-        default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    default:
-      throw new k('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
-  }
-  return { algorithm: t, keyUsages: r };
-}
-const jt = async (e) => {
-  if (!e.alg)
-    throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Mt(e), a = { ...e };
-  return delete a.alg, delete a.use, crypto.subtle.importKey("jwk", a, t, e.ext ?? !e.d, e.key_ops ?? r);
-};
-async function Vt(e, t, r) {
-  if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
-    throw new TypeError('"spki" must be SPKI formatted string');
-  return Gt(e, t);
-}
-const Bt = (e, t, r, a, n) => {
-  if (n.crit !== void 0 && a?.crit === void 0)
-    throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
-  if (!a || a.crit === void 0)
-    return /* @__PURE__ */ new Set();
-  if (!Array.isArray(a.crit) || a.crit.length === 0 || a.crit.some((o) => typeof o != "string" || o.length === 0))
-    throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let s;
-  r !== void 0 ? s = new Map([...Object.entries(r), ...t.entries()]) : s = t;
-  for (const o of a.crit) {
-    if (!s.has(o))
-      throw new k(`Extension Header Parameter "${o}" is not recognized`);
-    if (n[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (s.get(o) && a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
-  }
-  return new Set(a.crit);
-}, Ft = (e, t) => {
-  if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
-    throw new TypeError(`"${e}" option must be an array of strings`);
-  if (t)
-    return new Set(t);
-};
-function we(e) {
-  return q(e) && typeof e.kty == "string";
-}
-function qt(e) {
-  return e.kty !== "oct" && typeof e.d == "string";
-}
-function zt(e) {
-  return e.kty !== "oct" && typeof e.d > "u";
-}
-function Qt(e) {
-  return e.kty === "oct" && typeof e.k == "string";
-}
-let C;
-const Ie = async (e, t, r, a = !1) => {
-  C || (C = /* @__PURE__ */ new WeakMap());
-  let n = C.get(e);
-  if (n != null && n[r])
-    return n[r];
-  const s = await jt({ ...t, alg: r });
-  return a && Object.freeze(e), n ? n[r] = s : C.set(e, { [r]: s }), s;
-}, Xt = (e, t) => {
-  var r;
-  C || (C = /* @__PURE__ */ new WeakMap());
-  let a = C.get(e);
-  if (a != null && a[t])
-    return a[t];
-  const n = e.type === "public", s = !!n;
-  let o;
-  if (e.asymmetricKeyType === "x25519") {
-    switch (t) {
-      case "ECDH-ES":
-      case "ECDH-ES+A128KW":
-      case "ECDH-ES+A192KW":
-      case "ECDH-ES+A256KW":
-        break;
-      default:
-        throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    }
-    o = e.toCryptoKey(e.asymmetricKeyType, s, n ? [] : ["deriveBits"]);
-  }
-  if (e.asymmetricKeyType === "ed25519") {
-    if (t !== "EdDSA" && t !== "Ed25519")
-      throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    o = e.toCryptoKey(e.asymmetricKeyType, s, [
-      n ? "verify" : "sign"
-    ]);
-  }
-  if (e.asymmetricKeyType === "rsa") {
-    let i;
-    switch (t) {
-      case "RSA-OAEP":
-        i = "SHA-1";
-        break;
-      case "RS256":
-      case "PS256":
-      case "RSA-OAEP-256":
-        i = "SHA-256";
-        break;
-      case "RS384":
-      case "PS384":
-      case "RSA-OAEP-384":
-        i = "SHA-384";
-        break;
-      case "RS512":
-      case "PS512":
-      case "RSA-OAEP-512":
-        i = "SHA-512";
-        break;
-      default:
-        throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    }
-    if (t.startsWith("RSA-OAEP"))
-      return e.toCryptoKey({
-        name: "RSA-OAEP",
-        hash: i
-      }, s, n ? ["encrypt"] : ["decrypt"]);
-    o = e.toCryptoKey({
-      name: t.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
-      hash: i
-    }, s, [n ? "verify" : "sign"]);
-  }
-  if (e.asymmetricKeyType === "ec") {
-    const i = (/* @__PURE__ */ new Map([
-      ["prime256v1", "P-256"],
-      ["secp384r1", "P-384"],
-      ["secp521r1", "P-521"]
-    ])).get((r = e.asymmetricKeyDetails) == null ? void 0 : r.namedCurve);
-    if (!i)
-      throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    t === "ES256" && i === "P-256" && (o = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, s, [n ? "verify" : "sign"])), t === "ES384" && i === "P-384" && (o = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, s, [n ? "verify" : "sign"])), t === "ES512" && i === "P-521" && (o = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, s, [n ? "verify" : "sign"])), t.startsWith("ECDH-ES") && (o = e.toCryptoKey({
-      name: "ECDH",
-      namedCurve: i
-    }, s, n ? [] : ["deriveBits"]));
-  }
-  if (!o)
-    throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-  return a ? a[t] = o : C.set(e, { [t]: o }), o;
-}, Zt = async (e, t) => {
-  if (e instanceof Uint8Array || je(e))
-    return e;
-  if (Ve(e)) {
-    if (e.type === "secret")
-      return e.export();
-    if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
-      try {
-        return Xt(e, t);
-      } catch (a) {
-        if (a instanceof TypeError)
-          throw a;
-      }
-    let r = e.export({ format: "jwk" });
-    return Ie(e, r, t);
-  }
-  if (we(e))
-    return e.k ? F(e.k) : Ie(e, e, t, !0);
-  throw new Error("unreachable");
-}, Y = (e) => e?.[Symbol.toStringTag], ge = (e, t, r) => {
-  var a, n;
-  if (t.use !== void 0) {
-    let s;
-    switch (r) {
-      case "sign":
-      case "verify":
-        s = "sig";
-        break;
-      case "encrypt":
-      case "decrypt":
-        s = "enc";
-        break;
-    }
-    if (t.use !== s)
-      throw new TypeError(`Invalid key for this operation, its "use" must be "${s}" when present`);
-  }
-  if (t.alg !== void 0 && t.alg !== e)
-    throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);
-  if (Array.isArray(t.key_ops)) {
-    let s;
-    switch (!0) {
-      case r === "verify":
-      case e === "dir":
-      case e.includes("CBC-HS"):
-        s = r;
-        break;
-      case e.startsWith("PBES2"):
-        s = "deriveBits";
-        break;
-      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):
-        !e.includes("GCM") && e.endsWith("KW") ? s = "unwrapKey" : s = r;
-        break;
-      case r === "encrypt":
-        s = "wrapKey";
-        break;
-      case r === "decrypt":
-        s = e.startsWith("RSA") ? "unwrapKey" : "deriveBits";
-        break;
-    }
-    if (s && ((n = (a = t.key_ops) == null ? void 0 : a.includes) == null ? void 0 : n.call(a, s)) === !1)
-      throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${s}" when present`);
-  }
-  return !0;
-}, er = (e, t, r) => {
-  if (!(t instanceof Uint8Array)) {
-    if (we(t)) {
-      if (Qt(t) && ge(e, t, r))
-        return;
-      throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
-    }
-    if (!Be(t))
-      throw new TypeError(Me(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
-    if (t.type !== "secret")
-      throw new TypeError(`${Y(t)} instances for symmetric algorithms must be of type "secret"`);
-  }
-}, tr = (e, t, r) => {
-  if (we(t))
-    switch (r) {
-      case "decrypt":
-      case "sign":
-        if (qt(t) && ge(e, t, r))
-          return;
-        throw new TypeError("JSON Web Key for this operation be a private JWK");
-      case "encrypt":
-      case "verify":
-        if (zt(t) && ge(e, t, r))
-          return;
-        throw new TypeError("JSON Web Key for this operation be a public JWK");
-    }
-  if (!Be(t))
-    throw new TypeError(Me(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
-  if (t.type === "secret")
-    throw new TypeError(`${Y(t)} instances for asymmetric algorithms must not be of type "secret"`);
-  if (t.type === "public")
-    switch (r) {
-      case "sign":
-        throw new TypeError(`${Y(t)} instances for asymmetric algorithm signing must be of type "private"`);
-      case "decrypt":
-        throw new TypeError(`${Y(t)} instances for asymmetric algorithm decryption must be of type "private"`);
-    }
-  if (t.type === "private")
-    switch (r) {
-      case "verify":
-        throw new TypeError(`${Y(t)} instances for asymmetric algorithm verifying must be of type "public"`);
-      case "encrypt":
-        throw new TypeError(`${Y(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-    }
-}, rr = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? er(e, t, r) : tr(e, t, r);
-}, ar = (e, t) => {
-  const r = `SHA-${e.slice(-3)}`;
-  switch (e) {
-    case "HS256":
-    case "HS384":
-    case "HS512":
-      return { hash: r, name: "HMAC" };
-    case "PS256":
-    case "PS384":
-    case "PS512":
-      return { hash: r, name: "RSA-PSS", saltLength: parseInt(e.slice(-3), 10) >> 3 };
-    case "RS256":
-    case "RS384":
-    case "RS512":
-      return { hash: r, name: "RSASSA-PKCS1-v1_5" };
-    case "ES256":
-    case "ES384":
-    case "ES512":
-      return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
-    case "Ed25519":
-    case "EdDSA":
-      return { name: "Ed25519" };
-    default:
-      throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
-  }
-}, nr = async (e, t, r) => {
-  if (t instanceof Uint8Array) {
-    if (!e.startsWith("HS"))
-      throw new TypeError(Lt(t, "CryptoKey", "KeyObject", "JSON Web Key"));
-    return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
-  }
-  return Ht(t, e, r), t;
-}, sr = async (e, t, r, a) => {
-  const n = await nr(e, t, "verify");
-  Jt(e, n);
-  const s = ar(e, n.algorithm);
-  try {
-    return await crypto.subtle.verify(s, n, r, a);
-  } catch {
-    return !1;
-  }
-};
-async function or(e, t, r) {
-  if (!q(e))
-    throw new w("Flattened JWS must be an object");
-  if (e.protected === void 0 && e.header === void 0)
-    throw new w('Flattened JWS must have either of the "protected" or "header" members');
-  if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new w("JWS Protected Header incorrect type");
-  if (e.payload === void 0)
-    throw new w("JWS Payload missing");
-  if (typeof e.signature != "string")
-    throw new w("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !q(e.header))
-    throw new w("JWS Unprotected Header incorrect type");
-  let a = {};
-  if (e.protected)
-    try {
-      const U = F(e.protected);
-      a = JSON.parse(G.decode(U));
-    } catch {
-      throw new w("JWS Protected Header is invalid");
-    }
-  if (!$t(a, e.header))
-    throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const n = {
-    ...a,
-    ...e.header
-  }, s = Bt(w, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, a, n);
-  let o = !0;
-  if (s.has("b64") && (o = a.b64, typeof o != "boolean"))
-    throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: i } = n;
-  if (typeof i != "string" || !i)
-    throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = r && Ft("algorithms", r.algorithms);
-  if (c && !c.has(i))
-    throw new Ye('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
-    if (typeof e.payload != "string")
-      throw new w("JWS Payload must be a string");
-  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new w("JWS Payload must be a string or an Uint8Array instance");
-  let m = !1;
-  typeof t == "function" && (t = await t(a, e), m = !0), rr(i, t, "verify");
-  const d = Nt(Z.encode(e.protected ?? ""), Z.encode("."), typeof e.payload == "string" ? Z.encode(e.payload) : e.payload);
-  let p;
-  try {
-    p = F(e.signature);
-  } catch {
-    throw new w("Failed to base64url decode the signature");
-  }
-  const E = await Zt(t, i);
-  if (!await sr(i, E, p, d))
-    throw new xe();
-  let y;
-  if (o)
-    try {
-      y = F(e.payload);
-    } catch {
-      throw new w("Failed to base64url decode the payload");
-    }
-  else typeof e.payload == "string" ? y = Z.encode(e.payload) : y = e.payload;
-  const h = { payload: y };
-  return e.protected !== void 0 && (h.protectedHeader = a), e.header !== void 0 && (h.unprotectedHeader = e.header), m ? { ...h, key: E } : h;
-}
-async function ir(e, t, r) {
-  if (e instanceof Uint8Array && (e = G.decode(e)), typeof e != "string")
-    throw new w("Compact JWS must be a string or Uint8Array");
-  const { 0: a, 1: n, 2: s, length: o } = e.split(".");
-  if (o !== 3)
-    throw new w("Invalid Compact JWS");
-  const i = await or({ payload: n, protected: a, signature: s }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
-  return typeof t == "function" ? { ...c, key: i.key } : c;
-}
-const cr = (e) => Math.floor(e.getTime() / 1e3), Fe = 60, qe = Fe * 60, Se = qe * 24, ur = Se * 7, lr = Se * 365.25, dr = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Oe = (e) => {
-  const t = dr.exec(e);
-  if (!t || t[4] && t[1])
-    throw new TypeError("Invalid time period format");
-  const r = parseFloat(t[2]), a = t[3].toLowerCase();
-  let n;
-  switch (a) {
-    case "sec":
-    case "secs":
-    case "second":
-    case "seconds":
-    case "s":
-      n = Math.round(r);
-      break;
-    case "minute":
-    case "minutes":
-    case "min":
-    case "mins":
-    case "m":
-      n = Math.round(r * Fe);
-      break;
-    case "hour":
-    case "hours":
-    case "hr":
-    case "hrs":
-    case "h":
-      n = Math.round(r * qe);
-      break;
-    case "day":
-    case "days":
-    case "d":
-      n = Math.round(r * Se);
-      break;
-    case "week":
-    case "weeks":
-    case "w":
-      n = Math.round(r * ur);
-      break;
-    default:
-      n = Math.round(r * lr);
-      break;
-  }
-  return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, ve = (e) => e.toLowerCase().replace(/^application\//, ""), hr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function yr(e, t, r = {}) {
-  let a;
-  try {
-    a = JSON.parse(G.decode(t));
-  } catch {
-  }
-  if (!q(a))
-    throw new _("JWT Claims Set must be a top-level JSON object");
-  const { typ: n } = r;
-  if (n && (typeof e.typ != "string" || ve(e.typ) !== ve(n)))
-    throw new R('unexpected "typ" JWT header value', a, "typ", "check_failed");
-  const { requiredClaims: s = [], issuer: o, subject: i, audience: c, maxTokenAge: m } = r, d = [...s];
-  m !== void 0 && d.push("iat"), c !== void 0 && d.push("aud"), i !== void 0 && d.push("sub"), o !== void 0 && d.push("iss");
-  for (const h of new Set(d.reverse()))
-    if (!(h in a))
-      throw new R(`missing required "${h}" claim`, a, h, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(a.iss))
-    throw new R('unexpected "iss" claim value', a, "iss", "check_failed");
-  if (i && a.sub !== i)
-    throw new R('unexpected "sub" claim value', a, "sub", "check_failed");
-  if (c && !hr(a.aud, typeof c == "string" ? [c] : c))
-    throw new R('unexpected "aud" claim value', a, "aud", "check_failed");
-  let p;
-  switch (typeof r.clockTolerance) {
-    case "string":
-      p = Oe(r.clockTolerance);
-      break;
-    case "number":
-      p = r.clockTolerance;
-      break;
-    case "undefined":
-      p = 0;
-      break;
-    default:
-      throw new TypeError("Invalid clockTolerance option type");
-  }
-  const { currentDate: E } = r, y = cr(E || /* @__PURE__ */ new Date());
-  if ((a.iat !== void 0 || m) && typeof a.iat != "number")
-    throw new R('"iat" claim must be a number', a, "iat", "invalid");
-  if (a.nbf !== void 0) {
-    if (typeof a.nbf != "number")
-      throw new R('"nbf" claim must be a number', a, "nbf", "invalid");
-    if (a.nbf > y + p)
-      throw new R('"nbf" claim timestamp check failed', a, "nbf", "check_failed");
-  }
-  if (a.exp !== void 0) {
-    if (typeof a.exp != "number")
-      throw new R('"exp" claim must be a number', a, "exp", "invalid");
-    if (a.exp <= y - p)
-      throw new Ee('"exp" claim timestamp check failed', a, "exp", "check_failed");
-  }
-  if (m) {
-    const h = y - a.iat, U = typeof m == "number" ? m : Oe(m);
-    if (h - p > U)
-      throw new Ee('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
-    if (h < 0 - p)
-      throw new R('"iat" claim timestamp check failed (it should be in the past)', a, "iat", "check_failed");
-  }
-  return a;
-}
-async function pr(e, t, r) {
-  var a;
-  const n = await ir(e, t, r);
-  if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new _("JWTs MUST NOT use unencoded payload");
-  const s = { payload: yr(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...s, key: n.key } : s;
-}
-function fr(e) {
-  if (typeof e != "string")
-    throw new _("JWTs must use Compact JWS serialization, JWT must be a string");
-  const { 1: t, length: r } = e.split(".");
-  if (r === 5)
-    throw new _("Only JWTs using Compact JWS serialization can be decoded");
-  if (r !== 3)
-    throw new _("Invalid JWT");
-  if (!t)
-    throw new _("JWTs must contain a payload");
-  let a;
-  try {
-    a = F(t);
-  } catch {
-    throw new _("Failed to base64url decode the payload");
-  }
-  let n;
-  try {
-    n = JSON.parse(G.decode(a));
-  } catch {
-    throw new _("Failed to parse the decoded payload as JSON");
-  }
-  if (!q(n))
-    throw new _("Invalid JWT Claims Set");
-  return n;
-}
-const M = async (e) => {
-  try {
-    const t = g.ALG, r = await Vt(Pt, t);
-    return await pr(e, r, {
-      issuer: g.ISSUER
-    });
-  } catch {
-    return;
-  }
-}, Er = (e) => {
-  try {
-    return fr(e);
-  } catch {
-    return;
-  }
-}, A = [];
-for (let e = 0; e < 256; ++e)
-  A.push((e + 256).toString(16).slice(1));
-function gr(e, t = 0) {
-  return (A[e[t + 0]] + A[e[t + 1]] + A[e[t + 2]] + A[e[t + 3]] + "-" + A[e[t + 4]] + A[e[t + 5]] + "-" + A[e[t + 6]] + A[e[t + 7]] + "-" + A[e[t + 8]] + A[e[t + 9]] + "-" + A[e[t + 10]] + A[e[t + 11]] + A[e[t + 12]] + A[e[t + 13]] + A[e[t + 14]] + A[e[t + 15]]).toLowerCase();
-}
-let he;
-const mr = new Uint8Array(16);
-function wr() {
-  if (!he) {
-    if (typeof crypto > "u" || !crypto.getRandomValues)
-      throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-    he = crypto.getRandomValues.bind(crypto);
-  }
-  return he(mr);
-}
-const Sr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), ke = { randomUUID: Sr };
-function Ce(e, t, r) {
-  var a;
-  if (ke.randomUUID && !e)
-    return ke.randomUUID();
-  e = e || {};
-  const n = e.random ?? ((a = e.rng) == null ? void 0 : a.call(e)) ?? wr();
-  if (n.length < 16)
-    throw new Error("Random bytes length must be >= 16");
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, gr(n);
-}
-const Pe = globalThis.crypto, Ar = (e) => `${Ce()}${Ce()}`.slice(0, e), Tr = (e) => btoa(
-  [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
-);
-async function br(e) {
-  if (!Pe.subtle)
-    throw new Error(
-      "crypto.subtle is available only in secure contexts (HTTPS)."
-    );
-  const t = new TextEncoder().encode(e), r = await Pe.subtle.digest("SHA-256", t);
-  return Tr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-async function Rr(e) {
-  const r = Ar(43), a = await br(r);
-  return {
-    code_verifier: r,
-    code_challenge: a
-  };
-}
-const qr = async (e, t) => {
-  var r;
-  const a = await M(e);
-  if (!a || !Array.isArray((r = a.payload) == null ? void 0 : r[g.SCOPES_KEY]))
-    return !1;
-  const n = a.payload[g.SCOPES_KEY];
-  return Array.isArray(t) ? t.every((s) => n.includes(s)) : Object.keys(t).some(
-    (s) => t[s].every((o) => n.includes(o))
-  );
-};
-function ze(e, t) {
-  window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
-}
-const Ne = (e, t) => {
-  const r = JSON.stringify(
-    typeof t == "function" ? t() : t
-  );
-  window.localStorage.setItem(e, r), ze(e, r);
-}, _r = (e) => {
-  window.localStorage.removeItem(e), ze(e, null);
-}, Ke = (e) => window.localStorage.getItem(e), Ir = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function ee({
-  key: e,
-  initialValue: t
-}) {
-  const r = Et(Ir, () => Ke(e)), a = D(
-    (o) => {
-      try {
-        const i = typeof o == "function" ? o(JSON.parse(r)) : o;
-        i == null ? _r(e) : Ne(e, i);
-      } catch (i) {
-        console.warn(i);
-      }
-    },
-    [e, r]
-  ), n = D(() => {
-    a(t);
-  }, [t, a]), s = D(() => {
-    a(null);
-  }, [a]);
-  return Ue(() => {
-    try {
-      Ke(e) === null && typeof t < "u" && Ne(e, t);
-    } catch (o) {
-      console.warn(o);
-    }
-  }, [e, t]), [r ? JSON.parse(r) : null, a, n, s];
-}
-const T = [];
-for (let e = 0; e < 256; ++e)
-  T.push((e + 256).toString(16).slice(1));
-function Or(e, t = 0) {
-  return (T[e[t + 0]] + T[e[t + 1]] + T[e[t + 2]] + T[e[t + 3]] + "-" + T[e[t + 4]] + T[e[t + 5]] + "-" + T[e[t + 6]] + T[e[t + 7]] + "-" + T[e[t + 8]] + T[e[t + 9]] + "-" + T[e[t + 10]] + T[e[t + 11]] + T[e[t + 12]] + T[e[t + 13]] + T[e[t + 14]] + T[e[t + 15]]).toLowerCase();
-}
-let ye;
-const vr = new Uint8Array(16);
-function kr() {
-  if (!ye) {
-    if (typeof crypto > "u" || !crypto.getRandomValues)
-      throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-    ye = crypto.getRandomValues.bind(crypto);
-  }
-  return ye(vr);
-}
-const Cr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), De = { randomUUID: Cr };
-function pe(e, t, r) {
-  if (De.randomUUID && !e)
-    return De.randomUUID();
-  e = e || {};
-  const a = e.random ?? e.rng?.() ?? kr();
-  if (a.length < 16)
-    throw new Error("Random bytes length must be >= 16");
-  return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, Or(a);
-}
-const L = "Your session has expired. For your security, please log in again to continue.", Pr = "Your session has been successfully terminated.", fe = "Login failed. Please try again.", Nr = "Error getting access token, please re-authenticate.", Kr = "You forgot to wrap your component in <AuthProvider>.", te = "@@auth@@", B = "LOADING", ne = "LOGIN", Qe = "LOGOUT", z = "success", O = "failure", Xe = "include", Ze = "POST", et = "application/json", re = {
-  GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
-	$clientId: String!,
-	$username: String!,
-	$id: String!) {
-		getPasskeyRegistrationOptions(clientId: $clientId, username: $username, id: $id) {
-			challenge
-			rp {
-				id
-				name
-			}
-			user {
-				id
-				name
-				displayName
-			}
-			pubKeyCredParams {
-				type
-				alg
-			}
-			timeout
-			attestation
-		}
-	}`,
-  VERIFY_REGISTRATION: `mutation VerifyPasskeyRegistration(
-		$clientId: String!,
-		$username: String!,
-		$id: String!,
-		$registration: RegistrationOptionsInput!) {
-		verifyPasskeyRegistration(
-			clientId: $clientId,
-			username: $username,
-			id: $id,
-			registration: $registration) {
-			status
-			message
-		}
-	}`,
-  GET_AUTHENTICATION_OPTIONS: `mutation GetPasskeyAuthenticationOptions(
-		$id: String!,
-		$clientId: String!,
-		) {
-		getPasskeyAuthenticationOptions(
-			id: $id,
-			clientId: $clientId) {
-				rpId,
-				challenge,
-				allowCredentials {
-					id,
-					type,
-					transports
-				}
-				timeout,
-				userVerification,
-		}
-	}`,
-  VERIFY_AUTHENTICATION: `mutation VerifyPasskeyAuthentication(
-		$clientId: String!,
-		$id: String!,
-		$authentication: AuthenticationOptionsInput!,
-		$nonce: String!,
-		$domain: String,
-		$sessionExpiration: String,
-		$ua: String) {
-		verifyPasskeyAuthentication(
-			clientId: $clientId,
-			id: $id,
-			authentication: $authentication,
-			nonce: $nonce,
-			domain: $domain,
-			sessionExpiration: $sessionExpiration,
-			ua: $ua) {
-				status,
-				idToken,
-				accessToken,
-				refreshToken,
-				userId,
-				username,
-				email
-		}
-	}`
-}, $ = {
-  GET_REGISTRATION_OPTIONS: {
-    schema: re.GET_REGISTRATION_OPTIONS,
-    method: "getPasskeyRegistrationOptions"
-  },
-  VERIFY_REGISTRATION: {
-    schema: re.VERIFY_REGISTRATION,
-    method: "verifyPasskeyRegistration"
-  },
-  GET_AUTHENTICATION_OPTIONS: {
-    schema: re.GET_AUTHENTICATION_OPTIONS,
-    method: "getPasskeyAuthenticationOptions"
-  },
-  VERIFY_AUTHENTICATION: {
-    schema: re.VERIFY_AUTHENTICATION,
-    method: "verifyPasskeyAuthentication"
-  }
-}, W = async ({
-  accessToken: e,
-  type: t,
-  clientId: r,
-  params: a = {},
-  endpoint: n
-}) => {
-  try {
-    const s = `Bearer ${e}`, o = await fetch(`${n}/graphql`, {
-      credentials: Xe,
-      method: Ze,
-      headers: {
-        authorization: s,
-        "Content-Type": et,
-        [Je.CLIENT_ID]: `${r}`
-      },
-      body: JSON.stringify({
-        query: t.schema,
-        variables: a
-      })
-    });
-    if (o.status !== 200)
-      return { status: O, data: [] };
-    const { data: i } = await o.json();
-    return {
-      status: z,
-      data: i[t.method]
-    };
-  } catch (s) {
-    return console.error(s), { status: O, data: [] };
-  }
-}, ie = async ({
-  type: e,
-  clientId: t,
-  params: r = {},
-  endpoint: a
-}) => {
-  try {
-    const n = await fetch(`${a}/${e}`, {
-      credentials: Xe,
-      method: Ze,
-      headers: {
-        "Content-Type": et,
-        [Je.CLIENT_ID]: `${t}`
-      },
-      body: JSON.stringify(r)
-    });
-    if (n.status !== 200)
-      return { status: O, data: [] };
-    const { data: s } = await n.json();
-    return {
-      status: z,
-      data: s || []
-    };
-  } catch (n) {
-    return console.error(n), { status: O, data: [] };
-  }
-}, Dr = process.env.NODE_ENV === "production", Ur = !Dr, tt = {
-  isLoading: !0,
-  isAuthenticated: !1,
-  user: void 0,
-  logoutReason: "",
-  debug: !1,
-  authenticationType: ""
-}, Hr = (e) => {
-  try {
-    const t = Er(e);
-    return t ? t[g.USER_ID_KEY] : "";
-  } catch {
-    return "";
-  }
-}, Lr = async ({
-  userId: e,
-  clientId: t,
-  domain: r,
-  idToken: a = "",
-  endpoint: n
-}) => {
-  try {
-    return {
-      status: (await ie({
-        endpoint: n,
-        type: oe.LOGOUT,
-        clientId: t,
-        params: {
-          userId: e,
-          domain: r,
-          idToken: a
-        }
-      }))?.status || O
-    };
-  } catch {
-    return {
-      status: O
-    };
-  }
-}, $r = async ({
-  username: e,
-  password: t,
-  clientId: r,
-  nonce: a,
-  type: n,
-  sessionExpiration: s,
-  code: o,
-  code_verifier: i,
-  domain: c,
-  ua: m,
-  endpoint: d
-}) => {
-  try {
-    const p = await ie({
-      endpoint: d,
-      type: oe.LOGIN,
-      clientId: r,
-      params: {
-        type: n || x.ID_AND_ACCESS_TOKEN,
-        username: e,
-        password: t,
-        sessionExpiration: s,
-        nonce: a,
-        code: o,
-        code_verifier: i,
-        domain: c,
-        ua: m
-      }
-    }), E = await M(p?.data?.idToken);
-    return E && E.payload[g.USER_ID_KEY] !== "" && E.payload[g.NONCE_KEY] === a ? {
-      idToken: p.data.idToken,
-      accessToken: p.data.accessToken,
-      refreshToken: p.data.refreshToken,
-      userId: E.payload[g.USER_ID_KEY],
-      email: E.payload[g.EMAIL_KEY],
-      status: !0
-    } : {
-      status: !1
-    };
-  } catch {
-    return {
-      status: !1
-    };
-  }
-}, Wr = async ({
-  nonce: e,
-  clientId: t,
-  code_challenge: r,
-  endpoint: a
-}) => {
-  try {
-    const n = await ie({
-      endpoint: a,
-      type: oe.CODE,
-      clientId: t,
-      params: {
-        type: x.CODE,
-        nonce: e,
-        code_challenge: r
-      }
-    });
-    return n?.data?.code ? {
-      status: z,
-      data: n.data.code
-    } : {
-      status: O,
-      data: ""
-    };
-  } catch {
-    return {
-      status: O,
-      data: ""
-    };
-  }
-}, Jr = async ({
-  clientId: e,
-  userId: t,
-  nonce: r,
-  refreshToken: a,
-  accessToken: n,
-  domain: s,
-  endpoint: o
-}) => {
-  try {
-    const i = await ie({
-      endpoint: o,
-      type: oe.REFRESH,
-      clientId: e,
-      params: {
-        type: x.REFRESH_TOKEN,
-        userId: t,
-        nonce: r,
-        refreshToken: a,
-        accessToken: n,
-        domain: s
-      }
-    }), c = await M(i?.data?.accessToken);
-    return c && c.payload[g.USER_ID_KEY] !== "" && c.payload[g.NONCE_KEY] === r ? {
-      accessToken: i.data.accessToken,
-      refreshToken: i.data.refreshToken,
-      userId: c.payload[g.USER_ID_KEY],
-      status: !0
-    } : {
-      status: !1
-    };
-  } catch {
-    return {
-      status: !1
-    };
-  }
-};
-class Yr {
-  constructor(t = null, r = null) {
-    X(this, "refreshTokenPromise", null);
-    X(this, "accessToken");
-    X(this, "refreshToken");
-    this.accessToken = t || "", this.refreshToken = r || "";
-  }
-  async refreshtoken({
-    clientId: t,
-    userId: r,
-    nonce: a,
-    domain: n,
-    endpoint: s
-  }) {
-    this.refreshTokenPromise || (this.refreshTokenPromise = this._refreshToken({
-      endpoint: s,
-      clientId: t,
-      userId: r,
-      nonce: a,
-      domain: n
-    }));
-    try {
-      return await this.refreshTokenPromise;
-    } finally {
-      this.refreshTokenPromise = null;
-    }
-  }
-  async _refreshToken({
-    endpoint: t,
-    clientId: r,
-    userId: a,
-    nonce: n,
-    domain: s
-  }) {
-    const o = await M(this.refreshToken);
-    if (o && o.payload[g.USER_ID_KEY] !== "") {
-      const i = await Jr({
-        endpoint: t,
-        clientId: r,
-        userId: a,
-        nonce: n,
-        refreshToken: this.refreshToken,
-        accessToken: this.accessToken,
-        domain: s
-      });
-      return i.status ? (this.accessToken = i.accessToken, this.refreshToken = i.refreshToken, {
-        status: z,
-        newAccessToken: i.accessToken,
-        newRefreshToken: i.refreshToken
-      }) : {
-        status: O
-      };
-    } else
-      return {
-        status: O
-      };
-  }
-}
-const xr = (e) => D(
-  (...t) => {
-    e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
-  },
-  [e]
-), J = () => {
-  throw new Error(Kr);
-}, rt = gt({
-  isAuthenticated: !1,
-  isLoading: !1,
-  login: J,
-  logout: J,
-  getAccessToken: J,
-  getIdToken: J,
-  registeringForPasskey: J,
-  loginWithPasskey: J,
-  logoutReason: "",
-  authenticationType: ""
-}), Gr = ft.createContext({
-  state: tt,
-  dispatch: () => {
-  }
-}), Mr = (e, t) => t?.type === B ? {
-  ...e,
-  isLoading: t.payload.isLoading
-} : t?.type === ne ? {
-  ...e,
-  isLoading: !1,
-  isAuthenticated: !0,
-  user: t.payload.user,
-  authenticationType: t.payload.authenticationType,
-  logoutReason: ""
-} : t?.type === Qe ? {
-  ...e,
-  isLoading: !1,
-  isAuthenticated: !1,
-  user: void 0,
-  authenticationType: "",
-  logoutReason: t.payload.logoutReason
-} : e, zr = ({
-  children: e,
-  sessionExpiration: t,
-  clientId: r,
-  domain: a = "",
-  debug: n = !1,
-  endpoint: s = Ur ? "https://auth.gizmette.local.com:3003" : "https://mylogin.gizmette.com/auth"
-}) => {
-  const [o, i] = mt(Mr, {
-    ...tt,
-    debug: n
-  }), c = xr(n), m = wt(!1), [d, p, , E] = ee({
-    key: `${te}::${r}::@@user@@`
-  }), [y, h, , U] = ee({
-    key: `${te}::${r}::@@access@@`
-  }), [at, ce, , Ae] = ee(
-    {
-      key: `${te}::${r}::@@refresh@@`
-    }
-  ), [nt, Te, , be] = ee({
-    key: `${te}::${r}::@@nonce@@`
-  }), st = new Yr(y, at), Q = D(() => {
-    c("removeLocalStorage: removing local storage"), E(), U(), Ae(), be();
-  }, [
-    U,
-    E,
-    be,
-    Ae,
-    c
-  ]), j = D(
-    (u) => {
-      c(
-        "removeStateAndLocalStorage: removing state and local storage with reason: ",
-        u
-      ), i({
-        type: Qe,
-        payload: {
-          logoutReason: u || L
-        }
-      }), Q(), i({ type: B, payload: { isLoading: !1 } });
-    },
-    [Q, c]
-  ), N = D(
-    async (u) => {
-      c("invalidateAndLogout: invalidating and logging out");
-      const { user: S } = o, l = S?.userId || Hr(d);
-      l || c(
-        "invalidateAndLogout: user cannot be identified, logging out without userId"
-      ), await Lr({
-        userId: l,
-        clientId: r,
-        domain: a,
-        idToken: d,
-        endpoint: s
-      }), j(u || L);
-    },
-    [
-      d,
-      o,
-      r,
-      a,
-      j,
-      c,
-      s
-    ]
-  );
-  Ue(() => {
-    if (!m.current)
-      return o.isLoading && d !== null ? (async () => {
-        try {
-          const u = await M(d);
-          u && u.payload[g.USER_ID_KEY] !== "" ? (c("useEffect: setting the authentication state"), i({
-            type: ne,
-            payload: {
-              authenticationType: u.payload[g.AUTH_TYPE_KEY],
-              user: {
-                userId: u.payload[g.USER_ID_KEY],
-                username: u.payload[g.USERNAME_KEY],
-                email: u.payload[g.EMAIL_KEY]
-              }
-            }
-          })) : (c("useEffect: invalid JWT, invalidating and logging out"), await N(L));
-        } catch {
-          c(
-            "useEffect: exception validating JWT, invalidating and logging out"
-          ), await N(L);
-        }
-      })() : (c("useEffect: setting the loading state to false"), i({ type: B, payload: { isLoading: !1 } })), () => {
-        m.current = !0;
-      };
-  }, [o.isLoading, d, N, c]);
-  const ot = async (u, S) => {
-    i({ type: B, payload: { isLoading: !0 } }), Q();
-    const l = pe();
-    Te(l), c("login: Logging in with password");
-    const { code_verifier: K, code_challenge: ht } = await Rr(), Re = await Wr({
-      endpoint: s,
-      nonce: l,
-      clientId: r,
-      code_challenge: ht
-    });
-    if (Re.status) {
-      const H = await $r({
-        endpoint: s,
-        username: u,
-        password: S,
-        clientId: r,
-        sessionExpiration: t,
-        nonce: l,
-        type: x.CODE,
-        code: Re.data,
-        code_verifier: K,
-        domain: a,
-        ua: navigator.userAgent
-      });
-      return H.status ? (p(H.idToken), h(H.accessToken), ce(H.refreshToken), i({
-        type: ne,
-        payload: {
-          authenticationType: x.CODE,
-          user: {
-            userId: H.userId,
-            username: u,
-            email: H.email
-          }
-        }
-      }), !0) : (j(fe), !1);
-    }
-    return !1;
-  }, it = async (u) => {
-    u?.preventDefault(), await N(Pr);
-  }, ct = async () => {
-    const { isAuthenticated: u, user: S } = o;
-    try {
-      if (u && S && S.userId) {
-        if (y) {
-          c("getAccessToken");
-          const K = await M(y);
-          if (K && K.payload[g.USER_ID_KEY] !== "")
-            return y;
-        }
-        c("getAccessToken: invalid access token, trying to refresh it");
-        const l = await st.refreshtoken({
-          endpoint: s,
-          clientId: r,
-          userId: S.userId,
-          nonce: nt,
-          domain: a
-        });
-        return l.status && l.status === "success" && l.newAccessToken ? (h(l.newAccessToken), ce(l.newRefreshToken), l.newAccessToken) : (c(
-          "getAccessToken: invalid refresh token, need to re-authenticate"
-        ), await N(L), "");
-      }
-      return c(
-        "getAccessToken: user is not authenticated, cannot get access token"
-      ), await N(L), "";
-    } catch {
-      return c(
-        "getAccessToken: exception occurred, invalidating and logging out"
-      ), await N(Nr), "";
-    }
-  }, ut = () => o.isAuthenticated && d ? d : "", lt = async () => {
-    const { user: u } = o;
-    let S = await W({
-      endpoint: s,
-      accessToken: y,
-      clientId: r,
-      type: $.GET_REGISTRATION_OPTIONS,
-      params: {
-        clientId: r,
-        id: u?.userId,
-        username: u?.username
-      }
-    });
-    if (S.status)
-      try {
-        const l = await _t({
-          optionsJSON: S.data
-        });
-        return S = await W({
-          endpoint: s,
-          accessToken: y,
-          clientId: r,
-          type: $.VERIFY_REGISTRATION,
-          params: {
-            clientId: r,
-            id: u?.userId,
-            username: u?.username,
-            registration: l
-          }
-        }), !!(S.status && S.data.length > 0);
-      } catch {
-        return await W({
-          endpoint: s,
-          accessToken: y,
-          clientId: r,
-          type: $.VERIFY_REGISTRATION,
-          params: {
-            clientId: r,
-            id: u?.userId,
-            username: u?.username,
-            registration: {}
-          }
-        }), !1;
-      }
-    return !1;
-  }, dt = async () => {
-    i({ type: B, payload: { isLoading: !0 } }), Q();
-    const u = pe();
-    Te(u), c("loginWithPasskey");
-    const S = pe();
-    let l = await W({
-      endpoint: s,
-      accessToken: y,
-      clientId: r,
-      type: $.GET_AUTHENTICATION_OPTIONS,
-      params: {
-        id: S,
-        clientId: r
-      }
-    });
-    if (l.status)
-      try {
-        const K = await vt({
-          optionsJSON: l.data
-        });
-        return l = await W({
-          endpoint: s,
-          accessToken: y,
-          clientId: r,
-          type: $.VERIFY_AUTHENTICATION,
-          params: {
-            clientId: r,
-            id: S,
-            authentication: K,
-            nonce: u,
-            domain: a,
-            sessionExpiration: t,
-            ua: navigator.userAgent
-          }
-        }), l.data.status === z ? (p(l.data.idToken), h(l.data.accessToken), ce(l.data.refreshToken), i({
-          type: ne,
-          payload: {
-            authenticationType: x.PASSKEY,
-            user: {
-              userId: l.data.userId,
-              username: l.data.username,
-              email: l.data.email
-            }
-          }
-        }), !0) : (j(fe), !1);
-      } catch {
-        return await W({
-          endpoint: s,
-          accessToken: y,
-          clientId: r,
-          type: $.VERIFY_AUTHENTICATION,
-          params: {
-            clientId: r,
-            id: S,
-            authentication: {},
-            nonce: u,
-            domain: a,
-            sessionExpiration: t
-          }
-        }), j(fe), !1;
-      }
-    return !1;
-  };
-  return /* @__PURE__ */ _e(Gr.Provider, { value: { state: o, dispatch: i }, children: /* @__PURE__ */ _e(
-    rt.Provider,
-    {
-      value: {
-        ...o,
-        login: ot,
-        logout: it,
-        getAccessToken: ct,
-        getIdToken: ut,
-        registeringForPasskey: lt,
-        loginWithPasskey: dt
-      },
-      children: e
-    }
-  ) });
-}, Qr = (e = rt) => St(e);
 export {
-  x as AUTH_TYPES,
-  zr as AuthProvider,
-  qr as isGranted,
-  Qr as useAuth
+  t as AUTH_TYPES,
+  r as isGranted
 };