@wandelbots/wandelbots-js-react-components 3.6.0-pr.feat-model-retrieval-from-rdp.463.38d5c81 → 3.6.0-pr.feat-add-abb-cobots.464.ab034a2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/README.md +0 -18
  2. package/dist/3d.cjs.js +1 -1
  3. package/dist/3d.es.js +1 -1
  4. package/dist/{LoadingCover-6gWr11KP.js → LoadingCover-Dr9hDTku.js} +10 -11
  5. package/dist/{LoadingCover-6gWr11KP.js.map → LoadingCover-Dr9hDTku.js.map} +1 -1
  6. package/dist/LoadingCover-r2yhJZF9.cjs +2 -0
  7. package/dist/{LoadingCover-CukpS_aj.cjs.map → LoadingCover-r2yhJZF9.cjs.map} +1 -1
  8. package/dist/WandelscriptEditor-Dj7TBCkF.cjs +2 -0
  9. package/dist/{WandelscriptEditor-D6_vS5Uk.cjs.map → WandelscriptEditor-Dj7TBCkF.cjs.map} +1 -1
  10. package/dist/{WandelscriptEditor-7eN-Yw7m.js → WandelscriptEditor-DnJvITTA.js} +3 -3
  11. package/dist/{WandelscriptEditor-7eN-Yw7m.js.map → WandelscriptEditor-DnJvITTA.js.map} +1 -1
  12. package/dist/auth0-spa-js.production.esm-DL9f1uDJ.js +1438 -0
  13. package/dist/auth0-spa-js.production.esm-DL9f1uDJ.js.map +1 -0
  14. package/dist/auth0-spa-js.production.esm-DTiWXa87.cjs +5 -0
  15. package/dist/auth0-spa-js.production.esm-DTiWXa87.cjs.map +1 -0
  16. package/dist/components/RobotCard.d.ts +1 -1
  17. package/dist/components/RobotCard.d.ts.map +1 -1
  18. package/dist/components/robots/GenericRobot.d.ts +2 -2
  19. package/dist/components/robots/GenericRobot.d.ts.map +1 -1
  20. package/dist/components/robots/Robot.d.ts +1 -1
  21. package/dist/components/robots/Robot.d.ts.map +1 -1
  22. package/dist/components/robots/SupportedRobot.d.ts +1 -1
  23. package/dist/components/robots/SupportedRobot.d.ts.map +1 -1
  24. package/dist/components/robots/robotModelLogic.d.ts +1 -1
  25. package/dist/components/robots/robotModelLogic.d.ts.map +1 -1
  26. package/dist/core.cjs.js +1 -1
  27. package/dist/core.es.js +4 -4
  28. package/dist/index-CAib4NKw.js +2261 -0
  29. package/dist/index-CAib4NKw.js.map +1 -0
  30. package/dist/index-CqMZL0FV.cjs +2 -0
  31. package/dist/index-CqMZL0FV.cjs.map +1 -0
  32. package/dist/index-CxasuX80.js +5212 -0
  33. package/dist/index-CxasuX80.js.map +1 -0
  34. package/dist/index-DxwppshT.cjs +29 -0
  35. package/dist/index-DxwppshT.cjs.map +1 -0
  36. package/dist/index.cjs.js +1 -1
  37. package/dist/index.es.js +6 -6
  38. package/dist/lib/JoggerConnection.d.ts.map +1 -1
  39. package/dist/manufacturerHomePositions-Ca80ycLi.cjs +2 -0
  40. package/dist/manufacturerHomePositions-Ca80ycLi.cjs.map +1 -0
  41. package/dist/{manufacturerHomePositions-CtUNJexK.js → manufacturerHomePositions-CgaG5vaK.js} +290 -350
  42. package/dist/manufacturerHomePositions-CgaG5vaK.js.map +1 -0
  43. package/dist/{theming-B7ojcJTM.js → theming-Coh4zx7d.js} +6245 -4802
  44. package/dist/theming-Coh4zx7d.js.map +1 -0
  45. package/dist/theming-D4ztsmTr.cjs +133 -0
  46. package/dist/theming-D4ztsmTr.cjs.map +1 -0
  47. package/dist/wandelscript.cjs.js +1 -1
  48. package/dist/wandelscript.es.js +1 -1
  49. package/package.json +4 -14
  50. package/src/components/RobotCard.tsx +1 -1
  51. package/src/components/robots/GenericRobot.tsx +36 -98
  52. package/src/components/robots/Robot.tsx +1 -1
  53. package/src/components/robots/SupportedRobot.tsx +3 -11
  54. package/src/components/robots/robotModelLogic.ts +6 -40
  55. package/src/lib/JoggerConnection.ts +10 -10
  56. package/src/lib/MotionStreamConnection.ts +1 -1
  57. package/dist/LoadingCover-CukpS_aj.cjs +0 -2
  58. package/dist/WandelscriptEditor-D6_vS5Uk.cjs +0 -2
  59. package/dist/auth0-spa-js.production.esm-BMSlxZC5.js +0 -3877
  60. package/dist/auth0-spa-js.production.esm-BMSlxZC5.js.map +0 -1
  61. package/dist/auth0-spa-js.production.esm-DZ6lsBvD.cjs +0 -5
  62. package/dist/auth0-spa-js.production.esm-DZ6lsBvD.cjs.map +0 -1
  63. package/dist/externalizeComponent-CkVWk2F_.cjs +0 -24
  64. package/dist/externalizeComponent-CkVWk2F_.cjs.map +0 -1
  65. package/dist/externalizeComponent-Dc3fViZA.js +0 -489
  66. package/dist/externalizeComponent-Dc3fViZA.js.map +0 -1
  67. package/dist/interpolation-DAXKfoDS.cjs +0 -20
  68. package/dist/interpolation-DAXKfoDS.cjs.map +0 -1
  69. package/dist/interpolation-DcPbemBD.js +0 -6924
  70. package/dist/interpolation-DcPbemBD.js.map +0 -1
  71. package/dist/manufacturerHomePositions-Badt_vO2.cjs +0 -2
  72. package/dist/manufacturerHomePositions-Badt_vO2.cjs.map +0 -1
  73. package/dist/manufacturerHomePositions-CtUNJexK.js.map +0 -1
  74. package/dist/theming-B7ojcJTM.js.map +0 -1
  75. package/dist/theming-C9apy9Ov.cjs +0 -115
  76. package/dist/theming-C9apy9Ov.cjs.map +0 -1
  77. package/src/env.d.ts +0 -3
package/dist/auth0-spa-js.production.esm-DZ6lsBvD.cjs DELETED
@@ -1,5 +0,0 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});function ne(t,e){var n={};for(var o in t)Object.prototype.hasOwnProperty.call(t,o)&&e.indexOf(o)<0&&(n[o]=t[o]);if(t!=null&&typeof Object.getOwnPropertySymbols=="function"){var r=0;for(o=Object.getOwnPropertySymbols(t);r<o.length;r++)e.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(t,o[r])&&(n[o[r]]=t[o[r]])}return n}var xe=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{},To={},jn={};Object.defineProperty(jn,"__esModule",{value:!0});var gr=(function(){function t(){var e=this;this.locked=new Map,this.addToLocked=function(n,o){var r=e.locked.get(n);r===void 0?o===void 0?e.locked.set(n,[]):e.locked.set(n,[o]):o!==void 0&&(r.unshift(o),e.locked.set(n,r))},this.isLocked=function(n){return e.locked.has(n)},this.lock=function(n){return new Promise((function(o,r){e.isLocked(n)?e.addToLocked(n,o):(e.addToLocked(n),o())}))},this.unlock=function(n){var o=e.locked.get(n);if(o!==void 0&&o.length!==0){var r=o.pop();e.locked.set(n,o),r!==void 0&&setTimeout(r,0)}else e.locked.delete(n)}}return t.getInstance=function(){return t.instance===void 0&&(t.instance=new t),t.instance},t})();jn.default=function(){return gr.getInstance()};var X=xe&&xe.__awaiter||function(t,e,n,o){return new(n||(n=Promise))((function(r,i){function a(l){try{c(o.next(l))}catch(u){i(u)}}function s(l){try{c(o.throw(l))}catch(u){i(u)}}function c(l){l.done?r(l.value):new n((function(u){u(l.value)})).then(a,s)}c((o=o.apply(t,e||[])).next())}))},Y=xe&&xe.__generator||function(t,e){var n,o,r,i,a={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),return:s(2)},typeof Symbol=="function"&&(i[Symbol.iterator]=function(){return this}),i;function s(c){return function(l){return(function(u){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(r=2&u[0]?o.return:u[0]?o.throw||((r=o.return)&&r.call(o),0):o.next)&&!(r=r.call(o,u[1])).done)return r;switch(o=0,r&&(u=[2&u[0],r.value]),u[0]){case 0:case 1:r=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,o=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(r=a.trys,!((r=r.length>0&&r[r.length-1])||u[0]!==6&&u[0]!==2)){a=0;continue}if(u[0]===3&&(!r||u[1]>r[0]&&u[1]<r[3])){a.label=u[1];break}if(u[0]===6&&a.label<r[1]){a.label=r[1],r=u;break}if(r&&a.label<r[2]){a.label=r[2],a.ops.push(u);break}r[2]&&a.ops.pop(),a.trys.pop();continue}u=e.call(t,a)}catch(p){u=[6,p],o=0}finally{n=r=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}})([c,l])}}},Me=xe;Object.defineProperty(To,"__esModule",{value:!0});var De=jn,ft={key:function(t){return X(Me,void 0,void 0,(function(){return Y(this,(function(e){throw new Error("Unsupported")}))}))},getItem:function(t){return X(Me,void 0,void 0,(function(){return Y(this,(function(e){throw new Error("Unsupported")}))}))},clear:function(){return X(Me,void 0,void 0,(function(){return Y(this,(function(t){return[2,window.localStorage.clear()]}))}))},removeItem:function(t){return X(Me,void 0,void 0,(function(){return Y(this,(function(e){throw new Error("Unsupported")}))}))},setItem:function(t,e){return X(Me,void 0,void 0,(function(){return Y(this,(function(n){throw new Error("Unsupported")}))}))},keySync:function(t){return window.localStorage.key(t)},getItemSync:function(t){return window.localStorage.getItem(t)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(t){return window.localStorage.removeItem(t)},setItemSync:function(t,e){return window.localStorage.setItem(t,e)}};function Gt(t){return new Promise((function(e){return setTimeout(e,t)}))}function Ft(t){for(var e="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",n="",o=0;o<t;o++)n+=e[Math.floor(Math.random()*e.length)];return n}var wr=(function(){function t(e){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+Ft(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=e,t.waiters===void 0&&(t.waiters=[])}return t.prototype.acquireLock=function(e,n){return n===void 0&&(n=5e3),X(this,void 0,void 0,(function(){var o,r,i,a,s,c,l;return Y(this,(function(u){switch(u.label){case 0:o=Date.now()+Ft(4),r=Date.now()+n,i="browser-tabs-lock-key-"+e,a=this.storageHandler===void 0?ft:this.storageHandler,u.label=1;case 1:return Date.now()<r?[4,Gt(30)]:[3,8];case 2:return u.sent(),a.getItemSync(i)!==null?[3,5]:(s=this.id+"-"+e+"-"+o,[4,Gt(Math.floor(25*Math.random()))]);case 3:return u.sent(),a.setItemSync(i,JSON.stringify({id:this.id,iat:o,timeoutKey:s,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,Gt(30)];case 4:return u.sent(),(c=a.getItemSync(i))!==null&&(l=JSON.parse(c)).id===this.id&&l.iat===o?(this.acquiredIatSet.add(o),this.refreshLockWhileAcquired(i,o),[2,!0]):[3,7];case 5:return t.lockCorrector(this.storageHandler===void 0?ft:this.storageHandler),[4,this.waitForSomethingToChange(r)];case 6:u.sent(),u.label=7;case 7:return o=Date.now()+Ft(4),[3,1];case 8:return[2,!1]}}))}))},t.prototype.refreshLockWhileAcquired=function(e,n){return X(this,void 0,void 0,(function(){var o=this;return Y(this,(function(r){return setTimeout((function(){return X(o,void 0,void 0,(function(){var i,a,s;return Y(this,(function(c){switch(c.label){case 0:return[4,De.default().lock(n)];case 1:return c.sent(),this.acquiredIatSet.has(n)?(i=this.storageHandler===void 0?ft:this.storageHandler,(a=i.getItemSync(e))===null?(De.default().unlock(n),[2]):((s=JSON.parse(a)).timeRefreshed=Date.now(),i.setItemSync(e,JSON.stringify(s)),De.default().unlock(n),this.refreshLockWhileAcquired(e,n),[2])):(De.default().unlock(n),[2])}}))}))}),1e3),[2]}))}))},t.prototype.waitForSomethingToChange=function(e){return X(this,void 0,void 0,(function(){return Y(this,(function(n){switch(n.label){case 0:return[4,new Promise((function(o){var r=!1,i=Date.now(),a=!1;function s(){if(a||(window.removeEventListener("storage",s),t.removeFromWaiting(s),clearTimeout(c),a=!0),!r){r=!0;var l=50-(Date.now()-i);l>0?setTimeout(o,l):o(null)}}window.addEventListener("storage",s),t.addToWaiting(s);var c=setTimeout(s,Math.max(0,e-Date.now()))}))];case 1:return n.sent(),[2]}}))}))},t.addToWaiting=function(e){this.removeFromWaiting(e),t.waiters!==void 0&&t.waiters.push(e)},t.removeFromWaiting=function(e){t.waiters!==void 0&&(t.waiters=t.waiters.filter((function(n){return n!==e})))},t.notifyWaiters=function(){t.waiters!==void 0&&t.waiters.slice().forEach((function(e){return e()}))},t.prototype.releaseLock=function(e){return X(this,void 0,void 0,(function(){return Y(this,(function(n){switch(n.label){case 0:return[4,this.releaseLock__private__(e)];case 1:return[2,n.sent()]}}))}))},t.prototype.releaseLock__private__=function(e){return X(this,void 0,void 0,(function(){var n,o,r,i;return Y(this,(function(a){switch(a.label){case 0:return n=this.storageHandler===void 0?ft:this.storageHandler,o="browser-tabs-lock-key-"+e,(r=n.getItemSync(o))===null?[2]:(i=JSON.parse(r)).id!==this.id?[3,2]:[4,De.default().lock(i.iat)];case 1:a.sent(),this.acquiredIatSet.delete(i.iat),n.removeItemSync(o),De.default().unlock(i.iat),t.notifyWaiters(),a.label=2;case 2:return[2]}}))}))},t.lockCorrector=function(e){for(var n=Date.now()-5e3,o=e,r=[],i=0;;){var a=o.keySync(i);if(a===null)break;r.push(a),i++}for(var s=!1,c=0;c<r.length;c++){var l=r[c];if(l.includes("browser-tabs-lock-key")){var u=o.getItemSync(l);if(u!==null){var p=JSON.parse(u);(p.timeRefreshed===void 0&&p.timeAcquired<n||p.timeRefreshed!==void 0&&p.timeRefreshed<n)&&(o.removeItemSync(l),s=!0)}}}s&&t.notifyWaiters()},t.waiters=void 0,t})(),vr=To.default=wr;const br={timeoutInSeconds:60},Po={name:"auth0-spa-js",version:"2.12.0"},Ro=()=>Date.now();class x extends Error{constructor(e,n){super(n),this.error=e,this.error_description=n,Object.setPrototypeOf(this,x.prototype)}static fromPayload(e){let{error:n,error_description:o}=e;return new x(n,o)}}class Kt extends x{constructor(e,n,o){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:null;super(e,n),this.state=o,this.appState=r,Object.setPrototypeOf(this,Kt.prototype)}}class Lt extends x{constructor(e,n,o,r){let i=arguments.length>4&&arguments[4]!==void 0?arguments[4]:null;super(e,n),this.connection=o,this.state=r,this.appState=i,Object.setPrototypeOf(this,Lt.prototype)}}class Ie extends x{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,Ie.prototype)}}class Ut extends Ie{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,Ut.prototype)}}class Nt extends x{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,Nt.prototype)}}class Wt extends x{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,Wt.prototype)}}class Ht extends x{constructor(e,n,o){super(e,n),this.mfa_token=o,Object.setPrototypeOf(this,Ht.prototype)}}class it extends x{constructor(e,n){super("missing_refresh_token","Missing Refresh Token (audience: '".concat(Pt(e,["default"]),"', scope: '").concat(Pt(n),"')")),this.audience=e,this.scope=n,Object.setPrototypeOf(this,it.prototype)}}class Dn extends x{constructor(e,n){super("missing_scopes","Missing requested scopes after refresh (audience: '".concat(Pt(e,["default"]),"', missing scope: '").concat(Pt(n),"')")),this.audience=e,this.scope=n,Object.setPrototypeOf(this,Dn.prototype)}}class at extends x{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,at.prototype)}}function Pt(t){let e=arguments.length>1&&arguments[1]!==void 0?arguments[1]:[];return t&&!e.includes(t)?t:""}const Rt=()=>window.crypto,Ve=()=>{const t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";let e="";return Array.from(Rt().getRandomValues(new Uint8Array(43))).forEach((n=>e+=t[n%t.length])),e},Zt=t=>btoa(t),_r=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],kr=t=>Object.keys(t).reduce(((e,n)=>{const o=_r.find((r=>r.key===n));return o&&o.type.includes(typeof t[n])&&(e[n]=t[n]),e}),{}),yn=t=>{var{clientId:e}=t,n=ne(t,["clientId"]);return new URLSearchParams((o=>Object.keys(o).filter((r=>o[r]!==void 0)).reduce(((r,i)=>Object.assign(Object.assign({},r),{[i]:o[i]})),{}))(Object.assign({client_id:e},n))).toString()},Zn=async t=>await Rt().subtle.digest({name:"SHA-256"},new TextEncoder().encode(t)),qn=t=>(e=>decodeURIComponent(atob(e).split("").map((n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2))).join("")))(t.replace(/_/g,"/").replace(/-/g,"+")),Bn=t=>{const e=new Uint8Array(t);return(n=>{const o={"+":"-","/":"_","=":""};return n.replace(/[+/=]/g,(r=>o[r]))})(window.btoa(String.fromCharCode(...Array.from(e))))},Sr=new TextEncoder,Er=new TextDecoder;function Xe(t){return typeof t=="string"?Sr.encode(t):Er.decode(t)}function Xn(t){if(typeof t.modulusLength!="number"||t.modulusLength<2048)throw new Tr(`${t.name} modulusLength must be at least 2048 bits`)}async function Ar(t,e,n){if(n.usages.includes("sign")===!1)throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const o=`${Ye(Xe(JSON.stringify(t)))}.${Ye(Xe(JSON.stringify(e)))}`;return`${o}.${Ye(await crypto.subtle.sign((function(r){switch(r.algorithm.name){case"ECDSA":return{name:r.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return Xn(r.algorithm),{name:r.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return Xn(r.algorithm),{name:r.algorithm.name};case"Ed25519":return{name:r.algorithm.name}}throw new Re})(n),n,Xe(o)))}`}let gn;Uint8Array.prototype.toBase64?gn=t=>(t instanceof ArrayBuffer&&(t=new Uint8Array(t)),t.toBase64({alphabet:"base64url",omitPadding:!0})):gn=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const n=[];for(let o=0;o<e.byteLength;o+=32768)n.push(String.fromCharCode.apply(null,e.subarray(o,o+32768)));return btoa(n.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function Ye(t){return gn(t)}class Re extends Error{constructor(e){var n;super(e??"operation not supported"),this.name=this.constructor.name,(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}class Tr extends Error{constructor(e){var n;super(e),this.name=this.constructor.name,(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}function Pr(t){switch(t.algorithm.name){case"RSA-PSS":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"PS256";throw new Re("unsupported RsaHashedKeyAlgorithm hash name")})(t);case"RSASSA-PKCS1-v1_5":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"RS256";throw new Re("unsupported RsaHashedKeyAlgorithm hash name")})(t);case"ECDSA":return(function(e){if(e.algorithm.namedCurve==="P-256")return"ES256";throw new Re("unsupported EcKeyAlgorithm namedCurve")})(t);case"Ed25519":return"Ed25519";default:throw new Re("unsupported CryptoKey algorithm name")}}function Io(t){return t instanceof CryptoKey}function Oo(t){return Io(t)&&t.type==="public"}async function Rr(t,e,n,o,r,i){const a=t==null?void 0:t.privateKey,s=t==null?void 0:t.publicKey;if(!Io(c=a)||c.type!=="private")throw new TypeError('"keypair.privateKey" must be a private CryptoKey');var c;if(!Oo(s))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(s.extractable!==!0)throw new TypeError('"keypair.publicKey.extractable" must be true');if(typeof e!="string")throw new TypeError('"htu" must be a string');if(typeof n!="string")throw new TypeError('"htm" must be a string');if(o!==void 0&&typeof o!="string")throw new TypeError('"nonce" must be a string or undefined');if(r!==void 0&&typeof r!="string")throw new TypeError('"accessToken" must be a string or undefined');return Ar({alg:Pr(a),typ:"dpop+jwt",jwk:await xo(s)},Object.assign(Object.assign({},i),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:n,nonce:o,htu:e,ath:r?Ye(await crypto.subtle.digest("SHA-256",Xe(r))):void 0}),a)}async function xo(t){const{kty:e,e:n,n:o,x:r,y:i,crv:a}=await crypto.subtle.exportKey("jwk",t);return{kty:e,crv:a,e:n,n:o,x:r,y:i}}const Ir=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange"];function Or(){return(async function(t,e){var n;let o;if(t.length===0)throw new TypeError('"alg" must be a non-empty string');switch(t){case"PS256":o={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":o={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":o={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":o={name:"Ed25519"};break;default:throw new Re}return crypto.subtle.generateKey(o,(n=e==null?void 0:e.extractable)!==null&&n!==void 0&&n,["sign","verify"])})("ES256",{extractable:!1})}function xr(t){return(async function(e){if(!Oo(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(e.extractable!==!0)throw new TypeError('"publicKey.extractable" must be true');const n=await xo(e);let o;switch(n.kty){case"EC":o={crv:n.crv,kty:n.kty,x:n.x,y:n.y};break;case"OKP":o={crv:n.crv,kty:n.kty,x:n.x};break;case"RSA":o={e:n.e,kty:n.kty,n:n.n};break;default:throw new Re("unsupported JWK kty")}return Ye(await crypto.subtle.digest({name:"SHA-256"},Xe(JSON.stringify(o))))})(t.publicKey)}function Cr(t){let{keyPair:e,url:n,method:o,nonce:r,accessToken:i}=t;const a=(function(s){const c=new URL(s);return c.search="",c.hash="",c.href})(n);return Rr(e,a,o,r,i)}const jr=async(t,e)=>{const n=await fetch(t,e);return{ok:n.ok,json:await n.json(),headers:(o=n.headers,[...o].reduce(((r,i)=>{let[a,s]=i;return r[a]=s,r}),{}))};var o},Dr=async(t,e,n)=>{const o=new AbortController;let r;return e.signal=o.signal,Promise.race([jr(t,e),new Promise(((i,a)=>{r=setTimeout((()=>{o.abort(),a(new Error("Timeout when executing 'fetch'"))}),n)}))]).finally((()=>{clearTimeout(r)}))},Kr=async(t,e,n,o,r,i,a,s)=>((c,l)=>new Promise((function(u,p){const h=new MessageChannel;h.port1.onmessage=function(d){d.data.error?p(new Error(d.data.error)):u(d.data),h.port1.close()},l.postMessage(c,[h.port2])})))({auth:{audience:e,scope:n},timeout:r,fetchUrl:t,fetchOptions:o,useFormData:a,useMrrt:s},i),Lr=async function(t,e,n,o,r,i){let a=arguments.length>6&&arguments[6]!==void 0?arguments[6]:1e4,s=arguments.length>7?arguments[7]:void 0;return r?Kr(t,e,n,o,a,r,i,s):Dr(t,o,a)};async function Co(t,e,n,o,r,i,a,s,c,l){if(c){const k=await c.generateProof({url:t,method:r.method||"GET",nonce:await c.getNonce()});r.headers=Object.assign(Object.assign({},r.headers),{dpop:k})}let u,p=null;for(let k=0;k<3;k++)try{u=await Lr(t,n,o,r,i,a,e,s),p=null;break}catch(E){p=E}if(p)throw p;const h=u.json,{error:d,error_description:g}=h,f=ne(h,["error","error_description"]),{headers:m,ok:w}=u;let _;if(c&&(_=m["dpop-nonce"],_&&await c.setNonce(_)),!w){const k=g||"HTTP error. Unable to fetch ".concat(t);if(d==="mfa_required")throw new Ht(d,k,f.mfa_token);if(d==="missing_refresh_token")throw new it(n,o);if(d==="use_dpop_nonce"){if(!c||!_||l)throw new at(_);return Co(t,e,n,o,r,i,a,s,c,!0)}throw new x(d||"request_error",k)}return f}async function Ur(t,e){var{baseUrl:n,timeout:o,audience:r,scope:i,auth0Client:a,useFormData:s,useMrrt:c,dpop:l}=t,u=ne(t,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);const p=u.grant_type==="urn:ietf:params:oauth:grant-type:token-exchange",h=u.grant_type==="refresh_token"&&c,d=Object.assign(Object.assign(Object.assign(Object.assign({},u),p&&r&&{audience:r}),p&&i&&{scope:i}),h&&{audience:r,scope:i}),g=s?yn(d):JSON.stringify(d),f=(m=u.grant_type,Ir.includes(m));var m;return await Co("".concat(n,"/oauth/token"),o,r||"default",i,{method:"POST",body:g,headers:{"Content-Type":s?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(kr(a||Po)))}},e,s,c,f?l:void 0)}const Nr=t=>Array.from(new Set(t)),Et=function(){for(var t=arguments.length,e=new Array(t),n=0;n<t;n++)e[n]=arguments[n];return Nr(e.filter(Boolean).join(" ").trim().split(/\s+/)).join(" ")},yt=(t,e,n)=>{let o;return n&&(o=t[n]),o||(o=t.default),Et(o,e)};class V{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"@@auth0spajs@@",o=arguments.length>2?arguments[2]:void 0;this.prefix=n,this.suffix=o,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){const[n,o,r,i]=e.split("::");return new V({clientId:o,scope:i,audience:r},n)}static fromCacheEntry(e){const{scope:n,audience:o,client_id:r}=e;return new V({scope:n,audience:o,clientId:r})}}class jo{set(e,n){localStorage.setItem(e,JSON.stringify(n))}get(e){const n=window.localStorage.getItem(e);if(n)try{return JSON.parse(n)}catch{return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter((e=>e.startsWith("@@auth0spajs@@")))}}class Kn{constructor(){this.enclosedCache=(function(){let e={};return{set(n,o){e[n]=o},get(n){const o=e[n];if(o)return o},remove(n){delete e[n]},allKeys:()=>Object.keys(e)}})()}}class Wr{constructor(e,n,o){this.cache=e,this.keyManifest=n,this.nowProvider=o||Ro}async setIdToken(e,n,o){var r;const i=this.getIdTokenCacheKey(e);await this.cache.set(i,{id_token:n,decodedToken:o}),await((r=this.keyManifest)===null||r===void 0?void 0:r.add(i))}async getIdToken(e){const n=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!n&&e.scope&&e.audience){const o=await this.get(e);return!o||!o.id_token||!o.decodedToken?void 0:{id_token:o.id_token,decodedToken:o.decodedToken}}if(n)return{id_token:n.id_token,decodedToken:n.decodedToken}}async get(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:0,o=arguments.length>2&&arguments[2]!==void 0&&arguments[2],r=arguments.length>3?arguments[3]:void 0;var i;let a=await this.cache.get(e.toKey());if(!a){const l=await this.getCacheKeys();if(!l)return;const u=this.matchExistingCacheKey(e,l);if(u&&(a=await this.cache.get(u)),!a&&o&&r!=="cache-only")return this.getEntryWithRefreshToken(e,l)}if(!a)return;const s=await this.nowProvider(),c=Math.floor(s/1e3);return a.expiresAt-n<c?a.body.refresh_token?this.modifiedCachedEntry(a,e):(await this.cache.remove(e.toKey()),void await((i=this.keyManifest)===null||i===void 0?void 0:i.remove(e.toKey()))):a.body}async modifiedCachedEntry(e,n){return e.body={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},await this.cache.set(n.toKey(),e),{refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope}}async set(e){var n;const o=new V({clientId:e.client_id,scope:e.scope,audience:e.audience}),r=await this.wrapCacheEntry(e);await this.cache.set(o.toKey(),r),await((n=this.keyManifest)===null||n===void 0?void 0:n.add(o.toKey()))}async remove(e,n,o){const r=new V({clientId:e,scope:o,audience:n});await this.cache.remove(r.toKey())}async clear(e){var n;const o=await this.getCacheKeys();o&&(await o.filter((r=>!e||r.includes(e))).reduce((async(r,i)=>{await r,await this.cache.remove(i)}),Promise.resolve()),await((n=this.keyManifest)===null||n===void 0?void 0:n.clear()))}async wrapCacheEntry(e){const n=await this.nowProvider();return{body:e,expiresAt:Math.floor(n/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?(e=await this.keyManifest.get())===null||e===void 0?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new V({clientId:e},"@@auth0spajs@@","@@user@@").toKey()}matchExistingCacheKey(e,n){return n.filter((o=>{var r;const i=V.fromKey(o),a=new Set(i.scope&&i.scope.split(" ")),s=((r=e.scope)===null||r===void 0?void 0:r.split(" "))||[],c=i.scope&&s.reduce(((l,u)=>l&&a.has(u)),!0);return i.prefix==="@@auth0spajs@@"&&i.clientId===e.clientId&&i.audience===e.audience&&c}))[0]}async getEntryWithRefreshToken(e,n){var o;for(const r of n){const i=V.fromKey(r);if(i.prefix==="@@auth0spajs@@"&&i.clientId===e.clientId){const a=await this.cache.get(r);if(!((o=a==null?void 0:a.body)===null||o===void 0)&&o.refresh_token)return this.modifiedCachedEntry(a,e)}}}async updateEntry(e,n){var o;const r=await this.getCacheKeys();if(r)for(const i of r){const a=await this.cache.get(i);if(((o=a==null?void 0:a.body)===null||o===void 0?void 0:o.refresh_token)===e){const s=Object.assign(Object.assign({},a.body),{refresh_token:n});await this.set(s)}}}}class Hr{constructor(e,n,o){this.storage=e,this.clientId=n,this.cookieDomain=o,this.storageKey="".concat("a0.spajs.txs",".").concat(this.clientId)}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}const Ge=t=>typeof t=="number",zr=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"],Jr=t=>{if(!t.id_token)throw new Error("ID token is required but missing");const e=(i=>{const a=i.split("."),[s,c,l]=a;if(a.length!==3||!s||!c||!l)throw new Error("ID token could not be decoded");const u=JSON.parse(qn(c)),p={__raw:i},h={};return Object.keys(u).forEach((d=>{p[d]=u[d],zr.includes(d)||(h[d]=u[d])})),{encoded:{header:s,payload:c,signature:l},header:JSON.parse(qn(s)),claims:p,user:h}})(t.id_token);if(!e.claims.iss)throw new Error("Issuer (iss) claim must be a string present in the ID token");if(e.claims.iss!==t.iss)throw new Error('Issuer (iss) claim mismatch in the ID token; expected "'.concat(t.iss,'", found "').concat(e.claims.iss,'"'));if(!e.user.sub)throw new Error("Subject (sub) claim must be a string present in the ID token");if(e.header.alg!=="RS256")throw new Error('Signature algorithm of "'.concat(e.header.alg,'" is not supported. Expected the ID token to be signed with "RS256".'));if(!e.claims.aud||typeof e.claims.aud!="string"&&!Array.isArray(e.claims.aud))throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(t.aud))throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(t.aud,'" but was not one of "').concat(e.claims.aud.join(", "),'"'));if(e.claims.aud.length>1){if(!e.claims.azp)throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(e.claims.azp!==t.aud)throw new Error('Authorized Party (azp) claim mismatch in the ID token; expected "'.concat(t.aud,'", found "').concat(e.claims.azp,'"'))}}else if(e.claims.aud!==t.aud)throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(t.aud,'" but found "').concat(e.claims.aud,'"'));if(t.nonce){if(!e.claims.nonce)throw new Error("Nonce (nonce) claim must be a string present in the ID token");if(e.claims.nonce!==t.nonce)throw new Error('Nonce (nonce) claim mismatch in the ID token; expected "'.concat(t.nonce,'", found "').concat(e.claims.nonce,'"'))}if(t.max_age&&!Ge(e.claims.auth_time))throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(e.claims.exp==null||!Ge(e.claims.exp))throw new Error("Expiration Time (exp) claim must be a number present in the ID token");if(!Ge(e.claims.iat))throw new Error("Issued At (iat) claim must be a number present in the ID token");const n=t.leeway||60,o=new Date(t.now||Date.now()),r=new Date(0);if(r.setUTCSeconds(e.claims.exp+n),o>r)throw new Error("Expiration Time (exp) claim error in the ID token; current time (".concat(o,") is after expiration time (").concat(r,")"));if(e.claims.nbf!=null&&Ge(e.claims.nbf)){const i=new Date(0);if(i.setUTCSeconds(e.claims.nbf-n),o<i)throw new Error("Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (".concat(o,") is before ").concat(i))}if(e.claims.auth_time!=null&&Ge(e.claims.auth_time)){const i=new Date(0);if(i.setUTCSeconds(parseInt(e.claims.auth_time)+t.max_age+n),o>i)throw new Error("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (".concat(o,") is after last auth at ").concat(i))}if(t.organization){const i=t.organization.trim();if(i.startsWith("org_")){const a=i;if(!e.claims.org_id)throw new Error("Organization ID (org_id) claim must be a string present in the ID token");if(a!==e.claims.org_id)throw new Error('Organization ID (org_id) claim mismatch in the ID token; expected "'.concat(a,'", found "').concat(e.claims.org_id,'"'))}else{const a=i.toLowerCase();if(!e.claims.org_name)throw new Error("Organization Name (org_name) claim must be a string present in the ID token");if(a!==e.claims.org_name)throw new Error('Organization Name (org_name) claim mismatch in the ID token; expected "'.concat(a,'", found "').concat(e.claims.org_name,'"'))}}return e};var tt=xe&&xe.__assign||function(){return tt=Object.assign||function(t){for(var e,n=1,o=arguments.length;n<o;n++)for(var r in e=arguments[n])Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r]);return t},tt.apply(this,arguments)};function Fe(t,e){if(!e)return"";var n="; "+t;return e===!0?n:n+"="+e}function Mr(t,e,n){return encodeURIComponent(t).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(e).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+(function(o){if(typeof o.expires=="number"){var r=new Date;r.setMilliseconds(r.getMilliseconds()+864e5*o.expires),o.expires=r}return Fe("Expires",o.expires?o.expires.toUTCString():"")+Fe("Domain",o.domain)+Fe("Path",o.path)+Fe("Secure",o.secure)+Fe("SameSite",o.sameSite)})(n)}function Vr(){return(function(t){for(var e={},n=t?t.split("; "):[],o=/(%[\dA-F]{2})+/gi,r=0;r<n.length;r++){var i=n[r].split("="),a=i.slice(1).join("=");a.charAt(0)==='"'&&(a=a.slice(1,-1));try{e[i[0].replace(o,decodeURIComponent)]=a.replace(o,decodeURIComponent)}catch{}}return e})(document.cookie)}var Gr=function(t){return Vr()[t]};function Do(t,e,n){document.cookie=Mr(t,e,tt({path:"/"},n))}var Ko=Do,Lo=function(t,e){Do(t,"",tt(tt({},e),{expires:-1}))};const Ue={get(t){const e=Gr(t);if(e!==void 0)return JSON.parse(e)},save(t,e,n){let o={};window.location.protocol==="https:"&&(o={secure:!0,sameSite:"none"}),n!=null&&n.daysUntilExpire&&(o.expires=n.daysUntilExpire),n!=null&&n.cookieDomain&&(o.domain=n.cookieDomain),Ko(t,JSON.stringify(e),o)},remove(t,e){let n={};e!=null&&e.cookieDomain&&(n.domain=e.cookieDomain),Lo(t,n)}},Fr={get(t){return Ue.get(t)||Ue.get("".concat("_legacy_").concat(t))},save(t,e,n){let o={};window.location.protocol==="https:"&&(o={secure:!0}),n!=null&&n.daysUntilExpire&&(o.expires=n.daysUntilExpire),n!=null&&n.cookieDomain&&(o.domain=n.cookieDomain),Ko("".concat("_legacy_").concat(t),JSON.stringify(e),o),Ue.save(t,e,n)},remove(t,e){let n={};e!=null&&e.cookieDomain&&(n.domain=e.cookieDomain),Lo(t,n),Ue.remove(t,e),Ue.remove("".concat("_legacy_").concat(t),e)}},Zr={get(t){if(typeof sessionStorage>"u")return;const e=sessionStorage.getItem(t);return e!=null?JSON.parse(e):void 0},save(t,e){sessionStorage.setItem(t,JSON.stringify(e))},remove(t){sessionStorage.removeItem(t)}};exports.ResponseType=void 0;(function(t){t.Code="code",t.ConnectCode="connect_code"})(exports.ResponseType||(exports.ResponseType={}));function qr(t,e,n){var o=e===void 0?null:e,r=(function(c,l){var u=atob(c);if(l){for(var p=new Uint8Array(u.length),h=0,d=u.length;h<d;++h)p[h]=u.charCodeAt(h);return String.fromCharCode.apply(null,new Uint16Array(p.buffer))}return u})(t,n!==void 0&&n),i=r.indexOf(`
2
- `,10)+1,a=r.substring(i)+(o?"//# sourceMappingURL="+o:""),s=new Blob([a],{type:"application/javascript"});return URL.createObjectURL(s)}var Yn,Qn,$n,qt,Br=(Yn="Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHQpe2xldHtlcnJvcjpyLGVycm9yX2Rlc2NyaXB0aW9uOnN9PXQ7cmV0dXJuIG5ldyBlKHIscyl9fWNsYXNzIHQgZXh0ZW5kcyBle2NvbnN0cnVjdG9yKGUscyl7c3VwZXIoIm1pc3NpbmdfcmVmcmVzaF90b2tlbiIsIk1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICciLmNvbmNhdChyKGUsWyJkZWZhdWx0Il0pLCInLCBzY29wZTogJyIpLmNvbmNhdChyKHMpLCInKSIpKSx0aGlzLmF1ZGllbmNlPWUsdGhpcy5zY29wZT1zLE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLHQucHJvdG90eXBlKX19ZnVuY3Rpb24gcihlKXtsZXQgdD1hcmd1bWVudHMubGVuZ3RoPjEmJnZvaWQgMCE9PWFyZ3VtZW50c1sxXT9hcmd1bWVudHNbMV06W107cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+IiIuY29uY2F0KGUsInwiKS5jb25jYXQodCk7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jIGU9PntsZXQgcixjLHtkYXRhOnt0aW1lb3V0OmksYXV0aDphLGZldGNoVXJsOmYsZmV0Y2hPcHRpb25zOmwsdXNlRm9ybURhdGE6cCx1c2VNcnJ0Omh9LHBvcnRzOlt1XX09ZSxkPXt9O2NvbnN0e2F1ZGllbmNlOmcsc2NvcGU6eX09YXx8e307dHJ5e2NvbnN0IGU9cD8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShsLmJvZHkpOkpTT04ucGFyc2UobC5ib2R5KTtpZighZS5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1lLmdyYW50X3R5cGUpe2lmKGM9KChlLHQpPT5vW24oZSx0KV0pKGcseSksIWMmJmgpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKCIiLmNvbmNhdChlLCJ8IikpKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxnKTtlJiYhdCYmKGM9ZSl9aWYoIWMpdGhyb3cgbmV3IHQoZyx5KTtsLmJvZHk9cD9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxlKSx7cmVmcmVzaF90b2tlbjpjfSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxlKSx7cmVmcmVzaF90b2tlbjpjfSkpfWxldCBhLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGE9bmV3IEFib3J0Q29udHJvbGxlcixsLnNpZ25hbD1hLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoaj1pLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsaikpKSksZmV0Y2goZixPYmplY3QuYXNzaWduKHt9LGwpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHUucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBhJiZhLmFib3J0KCksdm9pZCB1LnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO189ay5oZWFkZXJzLGQ9Wy4uLl9dLnJlZHVjZSgoKGUsdCk9PntsZXRbcixzXT10O3JldHVybiBlW3JdPXMsZX0pLHt9KSxyPWF3YWl0IGsuanNvbigpLHIucmVmcmVzaF90b2tlbj8oaCYmKG8ubGF0ZXN0X3JlZnJlc2hfdG9rZW49ci5yZWZyZXNoX3Rva2VuLE89YyxiPXIucmVmcmVzaF90b2tlbixPYmplY3QuZW50cmllcyhvKS5mb3JFYWNoKChlPT57bGV0W3Qscl09ZTtyPT09TyYmKG9bdF09Yil9KSkpLCgoZSx0LHIpPT57b1tuKHQscildPWV9KShyLnJlZnJlc2hfdG9rZW4sZyx5KSxkZWxldGUgci5yZWZyZXNoX3Rva2VuKTooKGUsdCk9PntkZWxldGUgb1tuKGUsdCldfSkoZyx5KSx1LnBvc3RNZXNzYWdlKHtvazprLm9rLGpzb246cixoZWFkZXJzOmR9KX1jYXRjaChlKXt1LnBvc3RNZXNzYWdlKHtvazohMSxqc29uOntlcnJvcjplLmVycm9yLGVycm9yX2Rlc2NyaXB0aW9uOmUubWVzc2FnZX0saGVhZGVyczpkfSl9dmFyIE8sYixfLGp9KSl9KCk7Cgo=",Qn=null,$n=!1,function(t){return qt=qt||qr(Yn,Qn,$n),new Worker(qt,t)});const Bt={},eo=async function(t){let e=arguments.length>1&&arguments[1]!==void 0?arguments[1]:3;for(let n=0;n<e;n++)if(await t())return!0;return!1};class Xr{constructor(e,n){this.cache=e,this.clientId=n,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var n;const o=new Set(((n=await this.cache.get(this.manifestKey))===null||n===void 0?void 0:n.keys)||[]);o.add(e),await this.cache.set(this.manifestKey,{keys:[...o]})}async remove(e){const n=await this.cache.get(this.manifestKey);if(n){const o=new Set(n.keys);return o.delete(e),o.size>0?await this.cache.set(this.manifestKey,{keys:[...o]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return"".concat("@@auth0spajs@@","::").concat(e)}}const Yr={memory:()=>new Kn().enclosedCache,localstorage:()=>new jo},to=t=>Yr[t],no=t=>{const{openUrl:e,onRedirect:n}=t,o=ne(t,["openUrl","onRedirect"]);return Object.assign(Object.assign({},o),{openUrl:e===!1||e?e:n})},oo=(t,e)=>{const n=(e==null?void 0:e.split(" "))||[];return((t==null?void 0:t.split(" "))||[]).every((o=>n.includes(o)))},be={NONCE:"nonce",KEYPAIR:"keypair"};class Qr{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){const e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise(((n,o)=>{e.onupgradeneeded=()=>Object.values(be).forEach((r=>e.result.createObjectStore(r))),e.onerror=()=>o(e.error),e.onsuccess=()=>n(e.result)}))}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,n,o){const r=o((await this.getDbHandle()).transaction(e,n).objectStore(e));return new Promise(((i,a)=>{r.onsuccess=()=>i(r.result),r.onerror=()=>a(r.error)}))}buildKey(e){const n=e?"_".concat(e):"auth0";return"".concat(this.clientId,"::").concat(n)}setNonce(e,n){return this.save(be.NONCE,this.buildKey(n),e)}setKeyPair(e){return this.save(be.KEYPAIR,this.buildKey(),e)}async save(e,n,o){await this.executeDbRequest(e,"readwrite",(r=>r.put(o,n)))}findNonce(e){return this.find(be.NONCE,this.buildKey(e))}findKeyPair(){return this.find(be.KEYPAIR,this.buildKey())}find(e,n){return this.executeDbRequest(e,"readonly",(o=>o.get(n)))}async deleteBy(e,n){const o=await this.executeDbRequest(e,"readonly",(r=>r.getAllKeys()));o==null||o.filter(n).map((r=>this.executeDbRequest(e,"readwrite",(i=>i.delete(r)))))}deleteByClientId(e,n){return this.deleteBy(e,(o=>typeof o=="string"&&o.startsWith("".concat(n,"::"))))}clearNonces(){return this.deleteByClientId(be.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(be.KEYPAIR,this.clientId)}}class $r{constructor(e){this.storage=new Qr(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,n){return this.storage.setNonce(e,n)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await Or(),await this.storage.setKeyPair(e)),e}async generateProof(e){const n=await this.getOrGenerateKeyPair();return Cr(Object.assign({keyPair:n},e))}async calculateThumbprint(){return xr(await this.getOrGenerateKeyPair())}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}var Ne,gt,Xt;(function(t){t.Bearer="Bearer",t.DPoP="DPoP"})(Ne||(Ne={}));class ei{constructor(e,n){this.hooks=n,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||(typeof window>"u"?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,n){if(n){if(this.isAbsoluteUrl(n))return n;if(e)return"".concat(e.replace(/\/?\/$/,""),"/").concat(n.replace(/^\/+/,""))}throw new TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return typeof e=="string"?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,n){if(!this.config.baseUrl)return new Request(e,n);const o=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),r=e instanceof Request?new Request(o,e):o;return new Request(r,n)}setAuthorizationHeader(e,n){let o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:Ne.Bearer;e.headers.set("authorization","".concat(o," ").concat(n))}async setDpopProofHeader(e,n){if(!this.config.dpopNonceId)return;const o=await this.hooks.getDpopNonce(),r=await this.hooks.generateDpopProof({accessToken:n,method:e.method,nonce:o,url:e.url});e.headers.set("dpop",r)}async prepareRequest(e,n){const o=await this.getAccessToken(n);let r,i;typeof o=="string"?(r=this.config.dpopNonceId?Ne.DPoP:Ne.Bearer,i=o):(r=o.token_type,i=o.access_token),this.setAuthorizationHeader(e,i,r),r===Ne.DPoP&&await this.setDpopProofHeader(e,i)}getHeader(e,n){return Array.isArray(e)?new Headers(e).get(n)||"":typeof e.get=="function"?e.get(n)||"":e[n]||""}hasUseDpopNonceError(e){if(e.status!==401)return!1;const n=this.getHeader(e.headers,"www-authenticate");return n.includes("invalid_dpop_nonce")||n.includes("use_dpop_nonce")}async handleResponse(e,n){const o=this.getHeader(e.headers,"dpop-nonce");if(o&&await this.hooks.setDpopNonce(o),!this.hasUseDpopNonceError(e))return e;if(!o||!n.onUseDpopNonceError)throw new at(o);return n.onUseDpopNonceError()}async internalFetchWithAuth(e,n,o,r){const i=this.buildBaseRequest(e,n);await this.prepareRequest(i,r);const a=await this.config.fetch(i);return this.handleResponse(a,o)}fetchWithAuth(e,n,o){const r={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,n,Object.assign(Object.assign({},r),{onUseDpopNonceError:void 0}),o)};return this.internalFetchWithAuth(e,n,r,o)}}class ti{constructor(e,n){this.myAccountFetcher=e,this.apiBase=n}async connectAccount(e){const n=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/connect"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(n)}async completeAccount(e){const n=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/complete"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(n)}async _handleResponse(e){let n;try{n=await e.text(),n=JSON.parse(n)}catch(o){throw new nt({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:n||String(o)})}if(e.ok)return n;throw new nt(n)}}class nt extends Error{constructor(e){let{type:n,status:o,title:r,detail:i,validation_errors:a}=e;super(i),this.name="MyAccountApiError",this.type=n,this.status=o,this.title=r,this.detail=i,this.validation_errors=a,Object.setPrototypeOf(this,nt.prototype)}}function Uo(t,e){this.v=t,this.k=e}function j(t,e,n){if(typeof t=="function"?t===e:t.has(e))return arguments.length<3?e:n;throw new TypeError("Private element is not present on this object")}function ni(t){return new Uo(t,0)}function No(t,e){if(e.has(t))throw new TypeError("Cannot initialize the same private elements twice on an object")}function v(t,e){return t.get(j(t,e))}function K(t,e,n){No(t,e),e.set(t,n)}function O(t,e,n){return t.set(j(t,e),n),n}function b(t,e,n){return(e=(function(o){var r=(function(i,a){if(typeof i!="object"||!i)return i;var s=i[Symbol.toPrimitive];if(s!==void 0){var c=s.call(i,a);if(typeof c!="object")return c;throw new TypeError("@@toPrimitive must return a primitive value.")}return(a==="string"?String:Number)(i)})(o,"string");return typeof r=="symbol"?r:r+""})(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function ro(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(t);e&&(o=o.filter((function(r){return Object.getOwnPropertyDescriptor(t,r).enumerable}))),n.push.apply(n,o)}return n}function S(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?ro(Object(n),!0).forEach((function(o){b(t,o,n[o])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):ro(Object(n)).forEach((function(o){Object.defineProperty(t,o,Object.getOwnPropertyDescriptor(n,o))}))}return t}function io(t,e){if(t==null)return{};var n,o,r=(function(a,s){if(a==null)return{};var c={};for(var l in a)if({}.hasOwnProperty.call(a,l)){if(s.indexOf(l)!==-1)continue;c[l]=a[l]}return c})(t,e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);for(o=0;o<i.length;o++)n=i[o],e.indexOf(n)===-1&&{}.propertyIsEnumerable.call(t,n)&&(r[n]=t[n])}return r}function oi(t){return function(){return new Be(t.apply(this,arguments))}}function Be(t){var e,n;function o(i,a){try{var s=t[i](a),c=s.value,l=c instanceof Uo;Promise.resolve(l?c.v:c).then((function(u){if(l){var p=i==="return"?"return":"next";if(!c.k||u.done)return o(p,u);u=t[p](u).value}r(s.done?"return":"normal",u)}),(function(u){o("throw",u)}))}catch(u){r("throw",u)}}function r(i,a){switch(i){case"return":e.resolve({value:a,done:!0});break;case"throw":e.reject(a);break;default:e.resolve({value:a,done:!1})}(e=e.next)?o(e.key,e.arg):n=null}this._invoke=function(i,a){return new Promise((function(s,c){var l={key:i,arg:a,resolve:s,reject:c,next:null};n?n=n.next=l:(e=n=l,o(i,a))}))},typeof t.return!="function"&&(this.return=void 0)}let wn;Be.prototype[typeof Symbol=="function"&&Symbol.asyncIterator||"@@asyncIterator"]=function(){return this},Be.prototype.next=function(t){return this._invoke("next",t)},Be.prototype.throw=function(t){return this._invoke("throw",t)},Be.prototype.return=function(t){return this._invoke("return",t)},(typeof navigator>"u"||(gt=navigator.userAgent)===null||gt===void 0||(Xt=gt.startsWith)===null||Xt===void 0||!Xt.call(gt,"Mozilla/5.0 "))&&(wn="".concat("oauth4webapi","/").concat("v3.8.3"));function Je(t,e){if(t==null)return!1;try{return t instanceof e||Object.getPrototypeOf(t)[Symbol.toStringTag]===e.prototype[Symbol.toStringTag]}catch{return!1}}function R(t,e,n){const o=new TypeError(t,{cause:n});return Object.assign(o,{code:e}),o}const q=Symbol(),vn=Symbol(),bn=Symbol(),ee=Symbol(),ce=Symbol(),ri=new TextEncoder,ii=new TextDecoder;function He(t){return typeof t=="string"?ri.encode(t):ii.decode(t)}let _n,Wo;Uint8Array.prototype.toBase64?_n=t=>(t instanceof ArrayBuffer&&(t=new Uint8Array(t)),t.toBase64({alphabet:"base64url",omitPadding:!0})):_n=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const n=[];for(let o=0;o<e.byteLength;o+=32768)n.push(String.fromCharCode.apply(null,e.subarray(o,o+32768)));return btoa(n.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function Oe(t){return typeof t=="string"?Wo(t):_n(t)}Wo=Uint8Array.fromBase64?t=>{try{return Uint8Array.fromBase64(t,{alphabet:"base64url"})}catch(e){throw R("The input to be decoded is not correctly encoded.","ERR_INVALID_ARG_VALUE",e)}}:t=>{try{const e=atob(t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"")),n=new Uint8Array(e.length);for(let o=0;o<e.length;o++)n[o]=e.charCodeAt(o);return n}catch(e){throw R("The input to be decoded is not correctly encoded.","ERR_INVALID_ARG_VALUE",e)}};class F extends Error{constructor(e,n){var o;super(e,n),b(this,"code",void 0),this.name=this.constructor.name,this.code=En,(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}class Ln extends Error{constructor(e,n){var o;super(e,n),b(this,"code",void 0),this.name=this.constructor.name,n!=null&&n.code&&(this.code=n==null?void 0:n.code),(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}function A(t,e,n){return new Ln(t,{code:e,cause:n})}function ai(t,e){if((function(n,o){if(!(n instanceof CryptoKey))throw R("".concat(o," must be a CryptoKey"),"ERR_INVALID_ARG_TYPE")})(t,e),t.type!=="private")throw R("".concat(e," must be a private CryptoKey"),"ERR_INVALID_ARG_VALUE")}function It(t){return t!==null&&typeof t=="object"&&!Array.isArray(t)}function zt(t){Je(t,Headers)&&(t=Object.fromEntries(t.entries()));const e=new Headers(t??{});if(wn&&!e.has("user-agent")&&e.set("user-agent",wn),e.has("authorization"))throw R('"options.headers" must not include the "authorization" header name',"ERR_INVALID_ARG_VALUE");return e}function Ho(t,e){if(e!==void 0){if(typeof e=="function"&&(e=e(t.href)),!(e instanceof AbortSignal))throw R('"options.signal" must return or be an instance of AbortSignal',"ERR_INVALID_ARG_TYPE");return e}}function ao(t){return t.includes("//")?t.replace("//","/"):t}async function si(t,e){return(async function(n,o,r,i){if(!(n instanceof URL))throw R('"'.concat(o,'" must be an instance of URL'),"ERR_INVALID_ARG_TYPE");Un(n,(i==null?void 0:i[q])!==!0);const a=r(new URL(n.href)),s=zt(i==null?void 0:i.headers);return s.set("accept","application/json"),((i==null?void 0:i[ee])||fetch)(a.href,{body:void 0,headers:Object.fromEntries(s.entries()),method:"GET",redirect:"manual",signal:Ho(a,i==null?void 0:i.signal)})})(t,"issuerIdentifier",(n=>{switch(e==null?void 0:e.algorithm){case void 0:case"oidc":(function(o,r){o.pathname=ao("".concat(o.pathname,"/").concat(r))})(n,".well-known/openid-configuration");break;case"oauth2":(function(o,r){let i=arguments.length>2&&arguments[2]!==void 0&&arguments[2];o.pathname==="/"?o.pathname=r:o.pathname=ao("".concat(r,"/").concat(i?o.pathname:o.pathname.replace(/(\/)$/,"")))})(n,".well-known/oauth-authorization-server");break;default:throw R('"options.algorithm" must be "oidc" (default), or "oauth2"',"ERR_INVALID_ARG_VALUE")}return n}),e)}function ge(t,e,n,o,r){try{if(typeof t!="number"||!Number.isFinite(t))throw R("".concat(n," must be a number"),"ERR_INVALID_ARG_TYPE",r);if(t>0)return;if(e){if(t!==0)throw R("".concat(n," must be a non-negative number"),"ERR_INVALID_ARG_VALUE",r);return}throw R("".concat(n," must be a positive number"),"ERR_INVALID_ARG_VALUE",r)}catch(i){throw o?A(i.message,o,r):i}}function D(t,e,n,o){try{if(typeof t!="string")throw R("".concat(e," must be a string"),"ERR_INVALID_ARG_TYPE",o);if(t.length===0)throw R("".concat(e," must not be empty"),"ERR_INVALID_ARG_VALUE",o)}catch(r){throw n?A(r.message,n,o):r}}function zo(t){(function(e,n){if(Go(e)!==n)throw(function(o){let r='"response" content-type must be ';for(var i=arguments.length,a=new Array(i>1?i-1:0),s=1;s<i;s++)a[s-1]=arguments[s];if(a.length>2){const c=a.pop();r+="".concat(a.join(", "),", or ").concat(c)}else a.length===2?r+="".concat(a[0]," or ").concat(a[1]):r+=a[0];return A(r,Zo,o)})(e,n)})(t,"application/json")}function Jo(){return Oe(crypto.getRandomValues(new Uint8Array(32)))}function ci(t){switch(t.algorithm.name){case"RSA-PSS":return(function(e){switch(e.algorithm.hash.name){case"SHA-256":return"PS256";case"SHA-384":return"PS384";case"SHA-512":return"PS512";default:throw new F("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}})(t);case"RSASSA-PKCS1-v1_5":return(function(e){switch(e.algorithm.hash.name){case"SHA-256":return"RS256";case"SHA-384":return"RS384";case"SHA-512":return"RS512";default:throw new F("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}})(t);case"ECDSA":return(function(e){switch(e.algorithm.namedCurve){case"P-256":return"ES256";case"P-384":return"ES384";case"P-521":return"ES512";default:throw new F("unsupported EcKeyAlgorithm namedCurve",{cause:e})}})(t);case"Ed25519":case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return t.algorithm.name;case"EdDSA":return"Ed25519";default:throw new F("unsupported CryptoKey algorithm name",{cause:t})}}function Ot(t){const e=t==null?void 0:t[vn];return typeof e=="number"&&Number.isFinite(e)?e:0}function kn(t){const e=t==null?void 0:t[bn];return typeof e=="number"&&Number.isFinite(e)&&Math.sign(e)!==-1?e:30}function xt(){return Math.floor(Date.now()/1e3)}function Q(t){if(typeof t!="object"||t===null)throw R('"as" must be an object',"ERR_INVALID_ARG_TYPE");D(t.issuer,'"as.issuer"')}function $(t){if(typeof t!="object"||t===null)throw R('"client" must be an object',"ERR_INVALID_ARG_TYPE");D(t.client_id,'"client.client_id"')}function so(t){return D(t,'"clientSecret"'),(e,n,o,r)=>{o.set("client_id",n.client_id),o.set("client_secret",t)}}function ui(t,e){const{key:n,kid:o}=(r=t)instanceof CryptoKey?{key:r}:(r==null?void 0:r.key)instanceof CryptoKey?(r.kid!==void 0&&D(r.kid,'"kid"'),{key:r.key,kid:r.kid}):{};var r;return ai(n,'"clientPrivateKey.key"'),async(i,a,s,c)=>{const l={alg:ci(n),kid:o},u=(function(p,h){const d=xt()+Ot(h);return{jti:Jo(),aud:p.issuer,exp:d+60,iat:d,nbf:d,iss:h.client_id,sub:h.client_id}})(i,a);s.set("client_id",a.client_id),s.set("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),s.set("client_assertion",await(async function(p,h,d){if(!d.usages.includes("sign"))throw R('CryptoKey instances used for signing assertions must include "sign" in their "usages"',"ERR_INVALID_ARG_VALUE");const g="".concat(Oe(He(JSON.stringify(p))),".").concat(Oe(He(JSON.stringify(h)))),f=Oe(await crypto.subtle.sign((function(m){switch(m.algorithm.name){case"ECDSA":return{name:m.algorithm.name,hash:Pi(m)};case"RSA-PSS":switch(lo(m),m.algorithm.hash.name){case"SHA-256":case"SHA-384":case"SHA-512":return{name:m.algorithm.name,saltLength:parseInt(m.algorithm.hash.name.slice(-3),10)>>3};default:throw new F("unsupported RSA-PSS hash name",{cause:m})}case"RSASSA-PKCS1-v1_5":return lo(m),m.algorithm.name;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":case"Ed25519":return m.algorithm.name}throw new F("unsupported CryptoKey algorithm name",{cause:m})})(d),d,He(g)));return"".concat(g,".").concat(f)})(l,u,n))}}const li=URL.parse?(t,e)=>URL.parse(t,e):(t,e)=>{try{return new URL(t,e)}catch{return null}};function Un(t,e){if(e&&t.protocol!=="https:")throw A("only requests to HTTPS are allowed",qo,t);if(t.protocol!=="https:"&&t.protocol!=="http:")throw A("only HTTP and HTTPS requests are allowed",Bo,t)}function co(t,e,n,o){let r;if(typeof t!="string"||!(r=li(t)))throw A("authorization server metadata does not contain a valid ".concat(n?'"as.mtls_endpoint_aliases.'.concat(e,'"'):'"as.'.concat(e,'"')),t===void 0?Ai:Ti,{attribute:n?"mtls_endpoint_aliases.".concat(e):e});return Un(r,o),r}function st(t,e,n,o){return n&&t.mtls_endpoint_aliases&&e in t.mtls_endpoint_aliases?co(t.mtls_endpoint_aliases[e],e,n,o):co(t[e],e,n,o)}class Jt extends Error{constructor(e,n){var o;super(e,n),b(this,"cause",void 0),b(this,"code",void 0),b(this,"error",void 0),b(this,"status",void 0),b(this,"error_description",void 0),b(this,"response",void 0),this.name=this.constructor.name,this.code=Si,this.cause=n.cause,this.error=n.cause.error,this.status=n.response.status,this.error_description=n.cause.error_description,Object.defineProperty(this,"response",{enumerable:!1,value:n.response}),(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}class Mo extends Error{constructor(e,n){var o,r;super(e,n),b(this,"cause",void 0),b(this,"code",void 0),b(this,"error",void 0),b(this,"error_description",void 0),this.name=this.constructor.name,this.code=Ei,this.cause=n.cause,this.error=n.cause.get("error"),this.error_description=(o=n.cause.get("error_description"))!==null&&o!==void 0?o:void 0,(r=Error.captureStackTrace)===null||r===void 0||r.call(Error,this,this.constructor)}}class Nn extends Error{constructor(e,n){var o;super(e,n),b(this,"cause",void 0),b(this,"code",void 0),b(this,"response",void 0),b(this,"status",void 0),this.name=this.constructor.name,this.code=ki,this.cause=n.cause,this.status=n.response.status,this.response=n.response,Object.defineProperty(this,"response",{enumerable:!1}),(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}const di="[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+",hi=new RegExp("^[,\\s]*("+di+")"),pi=new RegExp('^[,\\s]*([a-zA-Z0-9!#$%&\\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"[,\\s]*(.*)'),mi=new RegExp("^[,\\s]*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)[,\\s]*(.*)"),fi=new RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");async function Wn(t,e,n){if(t.status!==e){let r;var o;throw(function(i){let a;if(a=(function(s){if(!Je(s,Response))throw R('"response" must be an instance of Response',"ERR_INVALID_ARG_TYPE");const c=s.headers.get("www-authenticate");if(c===null)return;const l=[];let u=c;for(;u;){var p;let h=u.match(hi);const d=(p=h)===null||p===void 0?void 0:p[1].toLowerCase();if(!d)return;const g=u.substring(h[0].length);if(g&&!g.match(/^[\s,]/))return;const f=g.match(/^\s+(.*)$/),m=!!f;u=f?f[1]:void 0;const w={};let _;if(m)for(;u;){let E,y;if(h=u.match(pi)){if([,E,y,u]=h,y.includes("\\"))try{y=JSON.parse('"'.concat(y,'"'))}catch{}w[E.toLowerCase()]=y}else{if(!(h=u.match(mi))){if(h=u.match(fi)){if(Object.keys(w).length)break;[,_,u]=h;break}return}[,E,y,u]=h,w[E.toLowerCase()]=y}}else u=g||void 0;const k={scheme:d,parameters:w};_&&(k.token68=_),l.push(k)}return l.length?l:void 0})(i))throw new Nn("server responded with a challenge in the WWW-Authenticate HTTP Header",{cause:a,response:i})})(t),(r=await(async function(i){if(i.status>399&&i.status<500){ut(i),zo(i);try{const a=await i.clone().json();if(It(a)&&typeof a.error=="string"&&a.error.length)return a}catch{}}})(t))?(await((o=t.body)===null||o===void 0?void 0:o.cancel()),new Jt("server responded with an error in the response body",{cause:r,response:t})):A('"response" is not a conform '.concat(n," response (unexpected HTTP status code)"),Jn,t)}}function Vo(t){if(!zn.has(t))throw R('"options.DPoP" is not a valid DPoPHandle',"ERR_INVALID_ARG_VALUE")}function Go(t){var e;return(e=t.headers.get("content-type"))===null||e===void 0?void 0:e.split(";")[0]}async function Hn(t,e,n,o,r,i,a){return await n(t,e,r,i),i.set("content-type","application/x-www-form-urlencoded;charset=UTF-8"),((a==null?void 0:a[ee])||fetch)(o.href,{body:r,headers:Object.fromEntries(i.entries()),method:"POST",redirect:"manual",signal:Ho(o,a==null?void 0:a.signal)})}async function ct(t,e,n,o,r,i){var a;const s=st(t,"token_endpoint",e.use_mtls_endpoint_aliases,(i==null?void 0:i[q])!==!0);r.set("grant_type",o);const c=zt(i==null?void 0:i.headers);c.set("accept","application/json"),(i==null?void 0:i.DPoP)!==void 0&&(Vo(i.DPoP),await i.DPoP.addProof(s,c,"POST"));const l=await Hn(t,e,n,s,r,c,i);return i==null||(a=i.DPoP)===null||a===void 0||a.cacheNonce(l,s),l}const Fo=new WeakMap,yi=new WeakMap;function Sn(t){if(!t.id_token)return;const e=Fo.get(t);if(!e)throw R('"ref" was already garbage collected or did not resolve from the proper sources',"ERR_INVALID_ARG_VALUE");return e}async function ze(t,e,n,o,r,i){if(Q(t),$(e),!Je(n,Response))throw R('"response" must be an instance of Response',"ERR_INVALID_ARG_TYPE");await Wn(n,200,"Token Endpoint"),ut(n);const a=await Mt(n);if(D(a.access_token,'"response" body "access_token" property',T,{body:a}),D(a.token_type,'"response" body "token_type" property',T,{body:a}),a.token_type=a.token_type.toLowerCase(),a.expires_in!==void 0){let s=typeof a.expires_in!="number"?parseFloat(a.expires_in):a.expires_in;ge(s,!0,'"response" body "expires_in" property',T,{body:a}),a.expires_in=s}if(a.refresh_token!==void 0&&D(a.refresh_token,'"response" body "refresh_token" property',T,{body:a}),a.scope!==void 0&&typeof a.scope!="string")throw A('"response" body "scope" property must be a string',T,{body:a});if(a.id_token!==void 0){D(a.id_token,'"response" body "id_token" property',T,{body:a});const s=["aud","exp","iat","iss","sub"];e.require_auth_time===!0&&s.push("auth_time"),e.default_max_age!==void 0&&(ge(e.default_max_age,!0,'"client.default_max_age"'),s.push("auth_time")),o!=null&&o.length&&s.push(...o);const{claims:c,jwt:l}=await(async function(u,p,h,d,g){let f,m,{0:w,1:_,length:k}=u.split(".");if(k===5){if(g===void 0)throw new F("JWE decryption is not configured",{cause:u});u=await g(u),{0:w,1:_,length:k}=u.split(".")}if(k!==3)throw A("Invalid JWT",T,u);try{f=JSON.parse(He(Oe(w)))}catch(y){throw A("failed to parse JWT Header body as base64url encoded JSON",Ct,y)}if(!It(f))throw A("JWT Header must be a top level object",T,u);if(p(f),f.crit!==void 0)throw new F('no JWT "crit" header parameter extensions are supported',{cause:{header:f}});try{m=JSON.parse(He(Oe(_)))}catch(y){throw A("failed to parse JWT Payload body as base64url encoded JSON",Ct,y)}if(!It(m))throw A("JWT Payload must be a top level object",T,u);const E=xt()+h;if(m.exp!==void 0){if(typeof m.exp!="number")throw A('unexpected JWT "exp" (expiration time) claim type',T,{claims:m});if(m.exp<=E-d)throw A('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp',ot,{claims:m,now:E,tolerance:d,claim:"exp"})}if(m.iat!==void 0&&typeof m.iat!="number")throw A('unexpected JWT "iat" (issued at) claim type',T,{claims:m});if(m.iss!==void 0&&typeof m.iss!="string")throw A('unexpected JWT "iss" (issuer) claim type',T,{claims:m});if(m.nbf!==void 0){if(typeof m.nbf!="number")throw A('unexpected JWT "nbf" (not before) claim type',T,{claims:m});if(m.nbf>E+d)throw A('unexpected JWT "nbf" (not before) claim value',ot,{claims:m,now:E,tolerance:d,claim:"nbf"})}if(m.aud!==void 0&&typeof m.aud!="string"&&!Array.isArray(m.aud))throw A('unexpected JWT "aud" (audience) claim type',T,{claims:m});return{header:f,claims:m,jwt:u}})(a.id_token,Ii.bind(void 0,e.id_token_signed_response_alg,t.id_token_signing_alg_values_supported,"RS256"),Ot(e),kn(e),r).then(bi.bind(void 0,s)).then(wi.bind(void 0,t)).then(gi.bind(void 0,e.client_id));if(Array.isArray(c.aud)&&c.aud.length!==1){if(c.azp===void 0)throw A('ID Token "aud" (audience) claim includes additional untrusted audiences',se,{claims:c,claim:"aud"});if(c.azp!==e.client_id)throw A('unexpected ID Token "azp" (authorized party) claim value',se,{expected:e.client_id,claims:c,claim:"azp"})}c.auth_time!==void 0&&ge(c.auth_time,!0,'ID Token "auth_time" (authentication time)',T,{claims:c}),yi.set(n,l),Fo.set(a,c)}if((i==null?void 0:i[a.token_type])!==void 0)i[a.token_type](n,a);else if(a.token_type!=="dpop"&&a.token_type!=="bearer")throw new F("unsupported `token_type` value",{cause:{body:a}});return a}function gi(t,e){if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(t))throw A('unexpected JWT "aud" (audience) claim value',se,{expected:t,claims:e.claims,claim:"aud"})}else if(e.claims.aud!==t)throw A('unexpected JWT "aud" (audience) claim value',se,{expected:t,claims:e.claims,claim:"aud"});return e}function wi(t,e){var n,o;const r=(n=(o=t[Xo])===null||o===void 0?void 0:o.call(t,e))!==null&&n!==void 0?n:t.issuer;if(e.claims.iss!==r)throw A('unexpected JWT "iss" (issuer) claim value',se,{expected:r,claims:e.claims,claim:"iss"});return e}const zn=new WeakSet,uo=Symbol(),vi={aud:"audience",c_hash:"code hash",client_id:"client id",exp:"expiration time",iat:"issued at",iss:"issuer",jti:"jwt id",nonce:"nonce",s_hash:"state hash",sub:"subject",ath:"access token hash",htm:"http method",htu:"http uri",cnf:"confirmation",auth_time:"authentication time"};function bi(t,e){for(const n of t)if(e.claims[n]===void 0)throw A('JWT "'.concat(n,'" (').concat(vi[n],") claim missing"),T,{claims:e.claims});return e}const Yt=Symbol(),Qt=Symbol();async function _i(t,e,n,o){return typeof(o==null?void 0:o.expectedNonce)=="string"||typeof(o==null?void 0:o.maxAge)=="number"||o!=null&&o.requireIdToken?(async function(r,i,a,s,c,l,u){const p=[];switch(s){case void 0:s=Yt;break;case Yt:break;default:D(s,'"expectedNonce" argument'),p.push("nonce")}switch(c!=null||(c=i.default_max_age),c){case void 0:c=Qt;break;case Qt:break;default:ge(c,!0,'"maxAge" argument'),p.push("auth_time")}const h=await ze(r,i,a,p,l,u);D(h.id_token,'"response" body "id_token" property',T,{body:h});const d=Sn(h);if(c!==Qt){const g=xt()+Ot(i),f=kn(i);if(d.auth_time+c<g-f)throw A("too much time has elapsed since the last End-User authentication",ot,{claims:d,now:g,tolerance:f,claim:"auth_time"})}if(s===Yt){if(d.nonce!==void 0)throw A('unexpected ID Token "nonce" claim value',se,{expected:void 0,claims:d,claim:"nonce"})}else if(d.nonce!==s)throw A('unexpected ID Token "nonce" claim value',se,{expected:s,claims:d,claim:"nonce"});return h})(t,e,n,o.expectedNonce,o.maxAge,o[ce],o.recognizedTokenTypes):(async function(r,i,a,s,c){const l=await ze(r,i,a,void 0,s,c),u=Sn(l);if(u){if(i.default_max_age!==void 0){ge(i.default_max_age,!0,'"client.default_max_age"');const p=xt()+Ot(i),h=kn(i);if(u.auth_time+i.default_max_age<p-h)throw A("too much time has elapsed since the last End-User authentication",ot,{claims:u,now:p,tolerance:h,claim:"auth_time"})}if(u.nonce!==void 0)throw A('unexpected ID Token "nonce" claim value',se,{expected:void 0,claims:u,claim:"nonce"})}return l})(t,e,n,o==null?void 0:o[ce],o==null?void 0:o.recognizedTokenTypes)}const ki="OAUTH_WWW_AUTHENTICATE_CHALLENGE",Si="OAUTH_RESPONSE_BODY_ERROR",En="OAUTH_UNSUPPORTED_OPERATION",Ei="OAUTH_AUTHORIZATION_RESPONSE_ERROR",Ct="OAUTH_PARSE_ERROR",T="OAUTH_INVALID_RESPONSE",Zo="OAUTH_RESPONSE_IS_NOT_JSON",Jn="OAUTH_RESPONSE_IS_NOT_CONFORM",qo="OAUTH_HTTP_REQUEST_FORBIDDEN",Bo="OAUTH_REQUEST_PROTOCOL_FORBIDDEN",ot="OAUTH_JWT_TIMESTAMP_CHECK_FAILED",se="OAUTH_JWT_CLAIM_COMPARISON_FAILED",An="OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED",Ai="OAUTH_MISSING_SERVER_METADATA",Ti="OAUTH_INVALID_SERVER_METADATA";function ut(t){if(t.bodyUsed)throw R('"response" body has been used already',"ERR_INVALID_ARG_VALUE")}function lo(t){const{algorithm:e}=t;if(typeof e.modulusLength!="number"||e.modulusLength<2048)throw new F("unsupported ".concat(e.name," modulusLength"),{cause:t})}function Pi(t){const{algorithm:e}=t;switch(e.namedCurve){case"P-256":return"SHA-256";case"P-384":return"SHA-384";case"P-521":return"SHA-512";default:throw new F("unsupported ECDSA namedCurve",{cause:t})}}async function Ri(t){if(t.method!=="POST")throw R("form_post responses are expected to use the POST method","ERR_INVALID_ARG_VALUE",{cause:t});if(Go(t)!=="application/x-www-form-urlencoded")throw R("form_post responses are expected to use the application/x-www-form-urlencoded content-type","ERR_INVALID_ARG_VALUE",{cause:t});return(async function(e){if(e.bodyUsed)throw R("form_post Request instances must contain a readable body","ERR_INVALID_ARG_VALUE",{cause:e});return e.text()})(t)}function Ii(t,e,n,o){if(t===void 0)if(Array.isArray(e)){if(!e.includes(o.alg))throw A('unexpected JWT "alg" header parameter',T,{header:o,expected:e,reason:"authorization server metadata"})}else{if(n===void 0)throw A('missing client or server configuration to verify used JWT "alg" header parameter',void 0,{client:t,issuer:e,fallback:n});if(typeof n=="string"?o.alg!==n:typeof n=="function"?!n(o.alg):!n.includes(o.alg))throw A('unexpected JWT "alg" header parameter',T,{header:o,expected:n,reason:"default value"})}else if(typeof t=="string"?o.alg!==t:!t.includes(o.alg))throw A('unexpected JWT "alg" header parameter',T,{header:o,expected:t,reason:"client configuration"})}function Te(t,e){const{0:n,length:o}=t.getAll(e);if(o>1)throw A('"'.concat(e,'" parameter must be provided only once'),T);return n}const Oi=Symbol(),xi=Symbol();function Ci(t,e,n,o){if(Q(t),$(e),n instanceof URL&&(n=n.searchParams),!(n instanceof URLSearchParams))throw R('"parameters" must be an instance of URLSearchParams, or URL',"ERR_INVALID_ARG_TYPE");if(Te(n,"response"))throw A('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()',T,{parameters:n});const r=Te(n,"iss"),i=Te(n,"state");if(!r&&t.authorization_response_iss_parameter_supported)throw A('response parameter "iss" (issuer) missing',T,{parameters:n});if(r&&r!==t.issuer)throw A('unexpected "iss" (issuer) response parameter value',T,{expected:t.issuer,parameters:n});switch(o){case void 0:case xi:if(i!==void 0)throw A('unexpected "state" response parameter encountered',T,{expected:void 0,parameters:n});break;case Oi:break;default:if(D(o,'"expectedState" argument'),i!==o)throw A(i===void 0?'response parameter "state" missing':'unexpected "state" response parameter value',T,{expected:o,parameters:n})}if(Te(n,"error"))throw new Mo("authorization response from the server is an error",{cause:n});const a=Te(n,"id_token"),s=Te(n,"token");if(a!==void 0||s!==void 0)throw new F("implicit and hybrid flows are not supported");return c=new URLSearchParams(n),zn.add(c),c;var c}async function Mt(t){let e,n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:zo;try{e=await t.json()}catch(o){throw n(t),A('failed to parse "response" body as JSON',Ct,o)}if(!It(e))throw A('"response" body must be a top level object',T,{body:e});return e}const $t=Symbol(),Xo=Symbol(),ho=new TextEncoder,rt=new TextDecoder;function en(t){const e=new Uint8Array(t.length);for(let n=0;n<t.length;n++){const o=t.charCodeAt(n);if(o>127)throw new TypeError("non-ASCII string encountered in encode()");e[n]=o}return e}function Yo(t){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(t);const e=atob(t),n=new Uint8Array(e.length);for(let o=0;o<e.length;o++)n[o]=e.charCodeAt(o);return n}function Qe(t){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof t=="string"?t:rt.decode(t),{alphabet:"base64url"});let e=t;e instanceof Uint8Array&&(e=rt.decode(e)),e=e.replace(/-/g,"+").replace(/_/g,"/");try{return Yo(e)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}class W extends Error{constructor(e,n){var o;super(e,n),b(this,"code","ERR_JOSE_GENERIC"),this.name=this.constructor.name,(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}b(W,"code","ERR_JOSE_GENERIC");class B extends W{constructor(e,n){let o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"unspecified",r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:"unspecified";super(e,{cause:{claim:o,reason:r,payload:n}}),b(this,"code","ERR_JWT_CLAIM_VALIDATION_FAILED"),b(this,"claim",void 0),b(this,"reason",void 0),b(this,"payload",void 0),this.claim=o,this.reason=r,this.payload=n}}b(B,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");class Tn extends W{constructor(e,n){let o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"unspecified",r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:"unspecified";super(e,{cause:{claim:o,reason:r,payload:n}}),b(this,"code","ERR_JWT_EXPIRED"),b(this,"claim",void 0),b(this,"reason",void 0),b(this,"payload",void 0),this.claim=o,this.reason=r,this.payload=n}}b(Tn,"code","ERR_JWT_EXPIRED");class Qo extends W{constructor(){super(...arguments),b(this,"code","ERR_JOSE_ALG_NOT_ALLOWED")}}b(Qo,"code","ERR_JOSE_ALG_NOT_ALLOWED");class G extends W{constructor(){super(...arguments),b(this,"code","ERR_JOSE_NOT_SUPPORTED")}}b(G,"code","ERR_JOSE_NOT_SUPPORTED");b(class extends W{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"decryption operation failed",arguments.length>1?arguments[1]:void 0),b(this,"code","ERR_JWE_DECRYPTION_FAILED")}},"code","ERR_JWE_DECRYPTION_FAILED");b(class extends W{constructor(){super(...arguments),b(this,"code","ERR_JWE_INVALID")}},"code","ERR_JWE_INVALID");class L extends W{constructor(){super(...arguments),b(this,"code","ERR_JWS_INVALID")}}b(L,"code","ERR_JWS_INVALID");class Pn extends W{constructor(){super(...arguments),b(this,"code","ERR_JWT_INVALID")}}b(Pn,"code","ERR_JWT_INVALID");b(class extends W{constructor(){super(...arguments),b(this,"code","ERR_JWK_INVALID")}},"code","ERR_JWK_INVALID");class Mn extends W{constructor(){super(...arguments),b(this,"code","ERR_JWKS_INVALID")}}b(Mn,"code","ERR_JWKS_INVALID");class Vn extends W{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"no applicable key found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),b(this,"code","ERR_JWKS_NO_MATCHING_KEY")}}b(Vn,"code","ERR_JWKS_NO_MATCHING_KEY");class $o extends W{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"multiple matching keys found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),b(this,Symbol.asyncIterator,void 0),b(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS")}}b($o,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");class er extends W{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"request timed out",arguments.length>1?arguments[1]:void 0),b(this,"code","ERR_JWKS_TIMEOUT")}}b(er,"code","ERR_JWKS_TIMEOUT");class tr extends W{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"signature verification failed",arguments.length>1?arguments[1]:void 0),b(this,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED")}}b(tr,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED");const te=function(t){let e=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"algorithm.name";return new TypeError("CryptoKey does not support this operation, its ".concat(e," must be ").concat(t))},Ke=(t,e)=>t.name===e;function tn(t){return parseInt(t.name.slice(4),10)}function ji(t,e,n){switch(e){case"HS256":case"HS384":case"HS512":{if(!Ke(t.algorithm,"HMAC"))throw te("HMAC");const o=parseInt(e.slice(2),10);if(tn(t.algorithm.hash)!==o)throw te("SHA-".concat(o),"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!Ke(t.algorithm,"RSASSA-PKCS1-v1_5"))throw te("RSASSA-PKCS1-v1_5");const o=parseInt(e.slice(2),10);if(tn(t.algorithm.hash)!==o)throw te("SHA-".concat(o),"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!Ke(t.algorithm,"RSA-PSS"))throw te("RSA-PSS");const o=parseInt(e.slice(2),10);if(tn(t.algorithm.hash)!==o)throw te("SHA-".concat(o),"algorithm.hash");break}case"Ed25519":case"EdDSA":if(!Ke(t.algorithm,"Ed25519"))throw te("Ed25519");break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":if(!Ke(t.algorithm,e))throw te(e);break;case"ES256":case"ES384":case"ES512":{if(!Ke(t.algorithm,"ECDSA"))throw te("ECDSA");const o=(function(r){switch(r){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}})(e);if(t.algorithm.namedCurve!==o)throw te(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}(function(o,r){if(!o.usages.includes(r))throw new TypeError("CryptoKey does not support this operation, its usages must include ".concat(r,"."))})(t,n)}function nr(t,e){for(var n=arguments.length,o=new Array(n>2?n-2:0),r=2;r<n;r++)o[r-2]=arguments[r];if((o=o.filter(Boolean)).length>2){const a=o.pop();t+="one of type ".concat(o.join(", "),", or ").concat(a,".")}else o.length===2?t+="one of type ".concat(o[0]," or ").concat(o[1],"."):t+="of type ".concat(o[0],".");if(e==null)t+=" Received ".concat(e);else if(typeof e=="function"&&e.name)t+=" Received function ".concat(e.name);else if(typeof e=="object"&&e!=null){var i;(i=e.constructor)!==null&&i!==void 0&&i.name&&(t+=" Received an instance of ".concat(e.constructor.name))}return t}const po=function(t,e){for(var n=arguments.length,o=new Array(n>2?n-2:0),r=2;r<n;r++)o[r-2]=arguments[r];return nr("Key for the ".concat(t," algorithm must be "),e,...o)},or=t=>{if((t==null?void 0:t[Symbol.toStringTag])==="CryptoKey")return!0;try{return t instanceof CryptoKey}catch{return!1}},rr=t=>(t==null?void 0:t[Symbol.toStringTag])==="KeyObject",mo=t=>or(t)||rr(t);function ve(t){if(typeof(e=t)!="object"||e===null||Object.prototype.toString.call(t)!=="[object Object]")return!1;var e;if(Object.getPrototypeOf(t)===null)return!0;let n=t;for(;Object.getPrototypeOf(n)!==null;)n=Object.getPrototypeOf(n);return Object.getPrototypeOf(t)===n}const nn=(t,e)=>{if(t.byteLength!==e.length)return!1;for(let n=0;n<t.byteLength;n++)if(t[n]!==e[n])return!1;return!0},$e=t=>{const e=t.data[t.pos++];if(128&e){const n=127&e;let o=0;for(let r=0;r<n;r++)o=o<<8|t.data[t.pos++];return o}return e},et=(t,e,n)=>{if(t.data[t.pos++]!==e)throw new Error(n)},fo=(t,e)=>{const n=t.data.subarray(t.pos,t.pos+e);return t.pos+=e,n},Di=t=>{const e=(r=>{et(r,6,"Expected algorithm OID");const i=$e(r);return fo(r,i)})(t);if(nn(e,[43,101,110]))return"X25519";if(!nn(e,[42,134,72,206,61,2,1]))throw new Error("Unsupported key algorithm");et(t,6,"Expected curve OID");const n=$e(t),o=fo(t,n);for(const{name:r,oid:i}of[{name:"P-256",oid:[42,134,72,206,61,3,1,7]},{name:"P-384",oid:[43,129,4,0,34]},{name:"P-521",oid:[43,129,4,0,35]}])if(nn(o,i))return r;throw new Error("Unsupported named curve")},Ki=async(t,e,n,o)=>{var r;let i,a;const s=()=>["sign"];switch(n){case"PS256":case"PS384":case"PS512":i={name:"RSA-PSS",hash:"SHA-".concat(n.slice(-3))},a=s();break;case"RS256":case"RS384":case"RS512":i={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(n.slice(-3))},a=s();break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":i={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(n.slice(-3),10)||1)},a=["decrypt","unwrapKey"];break;case"ES256":case"ES384":case"ES512":i={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[n]},a=s();break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":try{const c=o.getNamedCurve(e);i=c==="X25519"?{name:"X25519"}:{name:"ECDH",namedCurve:c}}catch{throw new G("Invalid or unsupported key format")}a=["deriveBits"];break;case"Ed25519":case"EdDSA":i={name:"Ed25519"},a=s();break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":i={name:n},a=s();break;default:throw new G('Invalid or unsupported "alg" (Algorithm) value')}return crypto.subtle.importKey(t,e,i,(r=o==null?void 0:o.extractable)!==null&&r!==void 0?r:!1,a)},Li=(t,e,n)=>{var o;const r=((a,s)=>Yo(a.replace(s,"")))(t,/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);let i=n;return e!=null&&(o=e.startsWith)!==null&&o!==void 0&&o.call(e,"ECDH-ES")&&(i||(i={}),i.getNamedCurve=a=>{const s={data:a,pos:0};return(function(c){et(c,48,"Invalid PKCS#8 structure"),$e(c),et(c,2,"Expected version field");const l=$e(c);c.pos+=l,et(c,48,"Expected algorithm identifier"),$e(c)})(s),Di(s)}),Ki("pkcs8",r,e,i)};async function At(t){var e,n;if(!t.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');const{algorithm:o,keyUsages:r}=(function(a){let s,c;switch(a.kty){case"AKP":switch(a.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":s={name:a.alg},c=a.priv?["sign"]:["verify"];break;default:throw new G('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"RSA":switch(a.alg){case"PS256":case"PS384":case"PS512":s={name:"RSA-PSS",hash:"SHA-".concat(a.alg.slice(-3))},c=a.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":s={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(a.alg.slice(-3))},c=a.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(a.alg.slice(-3),10)||1)},c=a.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new G('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(a.alg){case"ES256":s={name:"ECDSA",namedCurve:"P-256"},c=a.d?["sign"]:["verify"];break;case"ES384":s={name:"ECDSA",namedCurve:"P-384"},c=a.d?["sign"]:["verify"];break;case"ES512":s={name:"ECDSA",namedCurve:"P-521"},c=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":s={name:"ECDH",namedCurve:a.crv},c=a.d?["deriveBits"]:[];break;default:throw new G('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"OKP":switch(a.alg){case"Ed25519":case"EdDSA":s={name:"Ed25519"},c=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":s={name:a.crv},c=a.d?["deriveBits"]:[];break;default:throw new G('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;default:throw new G('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:s,keyUsages:c}})(t),i=S({},t);return i.kty!=="AKP"&&delete i.alg,delete i.use,crypto.subtle.importKey("jwk",i,o,(e=t.ext)!==null&&e!==void 0?e:!t.d&&!t.priv,(n=t.key_ops)!==null&&n!==void 0?n:r)}const Rn=t=>ve(t)&&typeof t.kty=="string";let fe;const yo=async function(t,e,n){let o=arguments.length>3&&arguments[3]!==void 0&&arguments[3];fe||(fe=new WeakMap);let r=fe.get(t);if(r!=null&&r[n])return r[n];const i=await At(S(S({},e),{},{alg:n}));return o&&Object.freeze(t),r?r[n]=i:fe.set(t,{[n]:i}),i};async function Ui(t,e){if(t instanceof Uint8Array||or(t))return t;if(rr(t)){if(t.type==="secret")return t.export();if("toCryptoKey"in t&&typeof t.toCryptoKey=="function")try{return((o,r)=>{fe||(fe=new WeakMap);let i=fe.get(o);if(i!=null&&i[r])return i[r];const a=o.type==="public",s=!!a;let c;if(o.asymmetricKeyType==="x25519"){switch(r){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}c=o.toCryptoKey(o.asymmetricKeyType,s,a?[]:["deriveBits"])}if(o.asymmetricKeyType==="ed25519"){if(r!=="EdDSA"&&r!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");c=o.toCryptoKey(o.asymmetricKeyType,s,[a?"verify":"sign"])}switch(o.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":if(r!==o.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");c=o.toCryptoKey(o.asymmetricKeyType,s,[a?"verify":"sign"])}if(o.asymmetricKeyType==="rsa"){let u;switch(r){case"RSA-OAEP":u="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":u="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":u="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":u="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(r.startsWith("RSA-OAEP"))return o.toCryptoKey({name:"RSA-OAEP",hash:u},s,a?["encrypt"]:["decrypt"]);c=o.toCryptoKey({name:r.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:u},s,[a?"verify":"sign"])}if(o.asymmetricKeyType==="ec"){var l;const u=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get((l=o.asymmetricKeyDetails)===null||l===void 0?void 0:l.namedCurve);if(!u)throw new TypeError("given KeyObject instance cannot be used for this algorithm");r==="ES256"&&u==="P-256"&&(c=o.toCryptoKey({name:"ECDSA",namedCurve:u},s,[a?"verify":"sign"])),r==="ES384"&&u==="P-384"&&(c=o.toCryptoKey({name:"ECDSA",namedCurve:u},s,[a?"verify":"sign"])),r==="ES512"&&u==="P-521"&&(c=o.toCryptoKey({name:"ECDSA",namedCurve:u},s,[a?"verify":"sign"])),r.startsWith("ECDH-ES")&&(c=o.toCryptoKey({name:"ECDH",namedCurve:u},s,a?[]:["deriveBits"]))}if(!c)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return i?i[r]=c:fe.set(o,{[r]:c}),c})(t,e)}catch(o){if(o instanceof TypeError)throw o}let n=t.export({format:"jwk"});return yo(t,n,e)}if(Rn(t))return t.k?Qe(t.k):yo(t,t,e,!0);throw new Error("unreachable")}const Le=t=>t==null?void 0:t[Symbol.toStringTag],on=(t,e,n)=>{if(e.use!==void 0){let i;switch(n){case"sign":case"verify":i="sig";break;case"encrypt":case"decrypt":i="enc"}if(e.use!==i)throw new TypeError('Invalid key for this operation, its "use" must be "'.concat(i,'" when present'))}if(e.alg!==void 0&&e.alg!==t)throw new TypeError('Invalid key for this operation, its "alg" must be "'.concat(t,'" when present'));if(Array.isArray(e.key_ops)){var o,r;let i;switch(!0){case n==="verify":case t==="dir":case t.includes("CBC-HS"):i=n;break;case t.startsWith("PBES2"):i="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(t):i=!t.includes("GCM")&&t.endsWith("KW")?"unwrapKey":n;break;case n==="encrypt":i="wrapKey";break;case n==="decrypt":i=t.startsWith("RSA")?"unwrapKey":"deriveBits"}if(i&&((o=e.key_ops)===null||o===void 0||(r=o.includes)===null||r===void 0?void 0:r.call(o,i))===!1)throw new TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(i,'" when present'))}return!0};function Ni(t,e,n){switch(t.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":((o,r,i)=>{if(!(r instanceof Uint8Array)){if(Rn(r)){if((a=>a.kty==="oct"&&typeof a.k=="string")(r)&&on(o,r,i))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!mo(r))throw new TypeError(po(o,r,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(r.type!=="secret")throw new TypeError("".concat(Le(r),' instances for symmetric algorithms must be of type "secret"'))}})(t,e,n);break;default:((o,r,i)=>{if(Rn(r))switch(i){case"decrypt":case"sign":if((a=>a.kty!=="oct"&&(a.kty==="AKP"&&typeof a.priv=="string"||typeof a.d=="string"))(r)&&on(o,r,i))return;throw new TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if((a=>a.kty!=="oct"&&a.d===void 0&&a.priv===void 0)(r)&&on(o,r,i))return;throw new TypeError("JSON Web Key for this operation must be a public JWK")}if(!mo(r))throw new TypeError(po(o,r,"CryptoKey","KeyObject","JSON Web Key"));if(r.type==="secret")throw new TypeError("".concat(Le(r),' instances for asymmetric algorithms must not be of type "secret"'));if(r.type==="public")switch(i){case"sign":throw new TypeError("".concat(Le(r),' instances for asymmetric algorithm signing must be of type "private"'));case"decrypt":throw new TypeError("".concat(Le(r),' instances for asymmetric algorithm decryption must be of type "private"'))}if(r.type==="private")switch(i){case"verify":throw new TypeError("".concat(Le(r),' instances for asymmetric algorithm verifying must be of type "public"'));case"encrypt":throw new TypeError("".concat(Le(r),' instances for asymmetric algorithm encryption must be of type "public"'))}})(t,e,n)}}var wt,rn;let re,go;(typeof navigator>"u"||(wt=navigator.userAgent)===null||wt===void 0||(rn=wt.startsWith)===null||rn===void 0||!rn.call(wt,"Mozilla/5.0 "))&&(go="".concat("openid-client","/").concat("v6.8.1"),re={"user-agent":go});const N=t=>Tt.get(t);let Tt,vt;function ir(t){return t!==void 0?so(t):(vt||(vt=new WeakMap),(e,n,o,r)=>{let i;return(i=vt.get(n))||((function(a,s){if(typeof a!="string")throw ie("".concat(s," must be a string"),dt);if(a.length===0)throw ie("".concat(s," must not be empty"),lt)})(n.client_secret,'"metadata.client_secret"'),i=so(n.client_secret),vt.set(n,i)),i(e,n,o,r)})}const ye=ee,lt="ERR_INVALID_ARG_VALUE",dt="ERR_INVALID_ARG_TYPE";function ie(t,e,n){const o=new TypeError(t,{cause:n});return Object.assign(o,{code:e}),o}function Wi(t){return(async function(e){return D(e,"codeVerifier"),Oe(await crypto.subtle.digest("SHA-256",He(e)))})(t)}function Hi(){return Jo()}class jt extends Error{constructor(e,n){var o;super(e,n),b(this,"code",void 0),this.name=this.constructor.name,this.code=n==null?void 0:n.code,(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}function H(t,e,n){return new jt(t,{cause:e,code:n})}function z(t){if(t instanceof TypeError||t instanceof jt||t instanceof Jt||t instanceof Mo||t instanceof Nn)throw t;if(t instanceof Ln)switch(t.code){case qo:throw H("only requests to HTTPS are allowed",t,t.code);case Bo:throw H("only requests to HTTP or HTTPS are allowed",t,t.code);case Jn:throw H("unexpected HTTP response status code",t.cause,t.code);case Zo:throw H("unexpected response content-type",t.cause,t.code);case Ct:throw H("parsing error occured",t,t.code);case T:throw H("invalid response encountered",t,t.code);case se:throw H("unexpected JWT claim value encountered",t,t.code);case An:throw H("unexpected JSON attribute value encountered",t,t.code);case ot:throw H("JWT timestamp claim value failed validation",t,t.code);default:throw H(t.message,t,t.code)}if(t instanceof F)throw H("unsupported operation",t,t.code);if(t instanceof DOMException)switch(t.name){case"OperationError":throw H("runtime operation error",t,En);case"NotSupportedError":throw H("runtime unsupported operation",t,En);case"TimeoutError":throw H("operation timed out",t,"OAUTH_TIMEOUT");case"AbortError":throw H("operation aborted",t,"OAUTH_ABORT")}throw new jt("something went wrong",{cause:t})}async function zi(t,e,n,o,r){const i=await(async function(c,l){var u,p;if(!(c instanceof URL))throw ie('"server" must be an instance of URL',dt);const h=!c.href.includes("/.well-known/"),d=(u=l==null?void 0:l.timeout)!==null&&u!==void 0?u:30,g=AbortSignal.timeout(1e3*d),f=await(h?si(c,{algorithm:l==null?void 0:l.algorithm,[ee]:l==null?void 0:l[ye],[q]:l==null||(p=l.execute)===null||p===void 0?void 0:p.includes(bo),signal:g,headers:new Headers(re)}):((l==null?void 0:l[ye])||fetch)((Un(c,l==null||(m=l.execute)===null||m===void 0||!m.includes(bo)),c.href),{headers:Object.fromEntries(new Headers(S({accept:"application/json"},re)).entries()),body:void 0,method:"GET",redirect:"manual",signal:g})).then((w=>(async function(_,k){const E=_;if(!(E instanceof URL)&&E!==$t)throw R('"expectedIssuerIdentifier" must be an instance of URL',"ERR_INVALID_ARG_TYPE");if(!Je(k,Response))throw R('"response" must be an instance of Response',"ERR_INVALID_ARG_TYPE");if(k.status!==200)throw A('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)',Jn,k);ut(k);const y=await Mt(k);if(D(y.issuer,'"response" body "issuer" property',T,{body:y}),E!==$t&&new URL(y.issuer).href!==E.href)throw A('"response" body "issuer" property does not match the expected value',An,{expected:E.href,body:y,attribute:"issuer"});return y})($t,w))).catch(z);var m;return h&&new URL(f.issuer).href!==c.href&&((function(w,_,k){return!(w.origin!=="https://login.microsoftonline.com"||k!=null&&k.algorithm&&k.algorithm!=="oidc"||(_[ar]=!0,0))})(c,f,l)||(function(w,_){return!(!w.hostname.endsWith(".b2clogin.com")||_!=null&&_.algorithm&&_.algorithm!=="oidc")})(c,l)||(()=>{throw new jt("discovered metadata issuer does not match the expected issuer",{code:An,cause:{expected:c.href,body:f,attribute:"issuer"}})})()),f})(t,r),a=new Dt(i,e,n,o);let s=N(a);if(r!=null&&r[ye]&&(s.fetch=r[ye]),r!=null&&r.timeout&&(s.timeout=r.timeout),r!=null&&r.execute)for(const c of r.execute)c(a);return a}new TextDecoder;const ar=Symbol();class Dt{constructor(e,n,o,r){var i,a,s,c,l;if(typeof n!="string"||!n.length)throw ie('"clientId" must be a non-empty string',dt);if(typeof o=="string"&&(o={client_secret:o}),((i=o)===null||i===void 0?void 0:i.client_id)!==void 0&&n!==o.client_id)throw ie('"clientId" and "metadata.client_id" must be the same',lt);const u=S(S({},structuredClone(o)),{},{client_id:n});let p;u[vn]=(a=(s=o)===null||s===void 0?void 0:s[vn])!==null&&a!==void 0?a:0,u[bn]=(c=(l=o)===null||l===void 0?void 0:l[bn])!==null&&c!==void 0?c:30,p=r||(typeof u.client_secret=="string"&&u.client_secret.length?ir(u.client_secret):(f,m,w,_)=>{w.set("client_id",m.client_id)});let h=Object.freeze(u);const d=structuredClone(e);ar in e&&(d[Xo]=f=>{let{claims:{tid:m}}=f;return e.issuer.replace("{tenantid}",m)});let g=Object.freeze(d);Tt||(Tt=new WeakMap),Tt.set(this,{__proto__:null,as:g,c:h,auth:p,tlsOnly:!0,jwksCache:{}})}serverMetadata(){const e=structuredClone(N(this).as);return(function(n){Object.defineProperties(n,(function(o){return{supportsPKCE:{__proto__:null,value(){var r;let i=arguments.length>0&&arguments[0]!==void 0?arguments[0]:"S256";return((r=o.code_challenge_methods_supported)===null||r===void 0?void 0:r.includes(i))===!0}}}})(n))})(e),e}clientMetadata(){return structuredClone(N(this).c)}get timeout(){return N(this).timeout}set timeout(e){N(this).timeout=e}get[ye](){return N(this).fetch}set[ye](e){N(this).fetch=e}}function ht(t){Object.defineProperties(t,(function(e){let n;if(e.expires_in!==void 0){const o=new Date;o.setSeconds(o.getSeconds()+e.expires_in),n=o.getTime()}return{expiresIn:{__proto__:null,value(){if(n){const o=Date.now();return n>o?Math.floor((n-o)/1e3):0}}},claims:{__proto__:null,value(){try{return Sn(this)}catch{return}}}}})(t))}async function wo(t,e,n){var o;let r=arguments.length>3&&arguments[3]!==void 0&&arguments[3];const i=(o=t.headers.get("retry-after"))===null||o===void 0?void 0:o.trim();if(i===void 0)return;let a;if(/^\d+$/.test(i))a=parseInt(i,10);else{const s=new Date(i);if(Number.isFinite(s.getTime())){const c=new Date,l=s.getTime()-c.getTime();l>0&&(a=Math.ceil(l/1e3))}}if(r&&!Number.isFinite(a))throw new Ln("invalid Retry-After header value",{cause:t});a>e&&await sr(a-e,n)}function sr(t,e){return new Promise(((n,o)=>{const r=i=>{try{e.throwIfAborted()}catch(s){return void o(s)}if(i<=0)return void n();const a=Math.min(i,5);setTimeout((()=>r(i-a)),1e3*a)};r(t)}))}async function vo(t,e){ue(t);const{as:n,c:o,auth:r,fetch:i,tlsOnly:a,timeout:s}=N(t);return(async function(c,l,u,p,h){Q(c),$(l);const d=st(c,"backchannel_authentication_endpoint",l.use_mtls_endpoint_aliases,(h==null?void 0:h[q])!==!0),g=new URLSearchParams(p);g.set("client_id",l.client_id);const f=zt(h==null?void 0:h.headers);return f.set("accept","application/json"),Hn(c,l,u,d,g,f,h)})(n,o,r,e,{[ee]:i,[q]:!a,headers:new Headers(re),signal:Ce(s)}).then((c=>(async function(l,u,p){if(Q(l),$(u),!Je(p,Response))throw R('"response" must be an instance of Response',"ERR_INVALID_ARG_TYPE");await Wn(p,200,"Backchannel Authentication Endpoint"),ut(p);const h=await Mt(p);D(h.auth_req_id,'"response" body "auth_req_id" property',T,{body:h});let d=typeof h.expires_in!="number"?parseFloat(h.expires_in):h.expires_in;return ge(d,!0,'"response" body "expires_in" property',T,{body:h}),h.expires_in=d,h.interval!==void 0&&ge(h.interval,!1,'"response" body "interval" property',T,{body:h}),h})(n,o,c))).catch(z)}async function cr(t,e,n,o){var r,i;ue(t),n=new URLSearchParams(n);let a=(r=e.interval)!==null&&r!==void 0?r:5;const s=(i=o==null?void 0:o.signal)!==null&&i!==void 0?i:AbortSignal.timeout(1e3*e.expires_in);try{await sr(a,s)}catch(y){z(y)}const{as:c,c:l,auth:u,fetch:p,tlsOnly:h,nonRepudiation:d,timeout:g,decrypt:f}=N(t),m=(y,P)=>cr(t,S(S({},e),{},{interval:y}),n,S(S({},o),{},{signal:s,flag:P})),w=await(async function(y,P,M,U,de){Q(y),$(P),D(U,'"authReqId"');const J=new URLSearchParams(de==null?void 0:de.additionalParameters);return J.set("auth_req_id",U),ct(y,P,M,"urn:openid:params:grant-type:ciba",J,de)})(c,l,u,e.auth_req_id,{[ee]:p,[q]:!h,additionalParameters:n,DPoP:o==null?void 0:o.DPoP,headers:new Headers(re),signal:s.aborted?s:Ce(g)}).catch(z);var _;if(w.status===503&&w.headers.has("retry-after"))return await wo(w,a,s,!0),await((_=w.body)===null||_===void 0?void 0:_.cancel()),m(a);const k=(async function(y,P,M,U){return ze(y,P,M,void 0,U==null?void 0:U[ce],U==null?void 0:U.recognizedTokenTypes)})(c,l,w,{[ce]:f});let E;try{E=await k}catch(y){if(pt(y,o))return m(a,we);if(y instanceof Jt)switch(y.error){case"slow_down":a+=5;case"authorization_pending":return await wo(y.response,a,s),m(a)}z(y)}return E.id_token&&await(d==null?void 0:d(w)),ht(E),E}function bo(t){N(t).tlsOnly=!1}async function ur(t,e,n,o,r){if(ue(t),!((r==null?void 0:r.flag)===we||e instanceof URL||(function(y,P){try{return Object.getPrototypeOf(y)[Symbol.toStringTag]===P}catch{return!1}})(e,"Request")))throw ie('"currentUrl" must be an instance of URL, or Request',dt);let i,a;const{as:s,c,auth:l,fetch:u,tlsOnly:p,jarm:h,hybrid:d,nonRepudiation:g,timeout:f,decrypt:m,implicit:w}=N(t);if((r==null?void 0:r.flag)===we)i=r.authResponse,a=r.redirectUri;else{if(!(e instanceof URL)){const y=e;switch(e=new URL(e.url),y.method){case"GET":break;case"POST":const P=new URLSearchParams(await Ri(y));if(d)e.hash=P.toString();else for(const[M,U]of P.entries())e.searchParams.append(M,U);break;default:throw ie("unexpected Request HTTP method",lt)}}switch(a=(function(y){return(y=new URL(y)).search="",y.hash="",y.href})(e),!0){case!!h:i=await h(e,n==null?void 0:n.expectedState);break;case!!d:i=await d(e,n==null?void 0:n.expectedNonce,n==null?void 0:n.expectedState,n==null?void 0:n.maxAge);break;case!!w:throw new TypeError("authorizationCodeGrant() cannot be used by response_type=id_token clients");default:try{i=Ci(s,c,e.searchParams,n==null?void 0:n.expectedState)}catch(y){z(y)}}}const _=await(async function(y,P,M,U,de,J,je){if(Q(y),$(P),!zn.has(U))throw R('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()',"ERR_INVALID_ARG_VALUE");D(de,'"redirectUri"');const Fn=Te(U,"code");if(!Fn)throw A('no authorization code in "callbackParameters"',T);const mt=new URLSearchParams(je==null?void 0:je.additionalParameters);return mt.set("redirect_uri",de),mt.set("code",Fn),J!==uo&&(D(J,'"codeVerifier"'),mt.set("code_verifier",J)),ct(y,P,M,"authorization_code",mt,je)})(s,c,l,i,a,(n==null?void 0:n.pkceCodeVerifier)||uo,{additionalParameters:o,[ee]:u,[q]:!p,DPoP:r==null?void 0:r.DPoP,headers:new Headers(re),signal:Ce(f)}).catch(z);typeof(n==null?void 0:n.expectedNonce)!="string"&&typeof(n==null?void 0:n.maxAge)!="number"||(n.idTokenExpected=!0);const k=_i(s,c,_,{expectedNonce:n==null?void 0:n.expectedNonce,maxAge:n==null?void 0:n.maxAge,requireIdToken:n==null?void 0:n.idTokenExpected,[ce]:m});let E;try{E=await k}catch(y){if(pt(y,r))return ur(t,void 0,n,o,S(S({},r),{},{flag:we,authResponse:i,redirectUri:a}));z(y)}return E.id_token&&await(g==null?void 0:g(_)),ht(E),E}async function lr(t,e,n,o){ue(t),n=new URLSearchParams(n);const{as:r,c:i,auth:a,fetch:s,tlsOnly:c,nonRepudiation:l,timeout:u,decrypt:p}=N(t),h=await(async function(f,m,w,_,k){Q(f),$(m),D(_,'"refreshToken"');const E=new URLSearchParams(k==null?void 0:k.additionalParameters);return E.set("refresh_token",_),ct(f,m,w,"refresh_token",E,k)})(r,i,a,e,{[ee]:s,[q]:!c,additionalParameters:n,DPoP:o==null?void 0:o.DPoP,headers:new Headers(re),signal:Ce(u)}).catch(z),d=(async function(f,m,w,_){return ze(f,m,w,void 0,_==null?void 0:_[ce],_==null?void 0:_.recognizedTokenTypes)})(r,i,h,{[ce]:p});let g;try{g=await d}catch(f){if(pt(f,o))return lr(t,e,n,S(S({},o),{},{flag:we}));z(f)}return g.id_token&&await(l==null?void 0:l(h)),ht(g),g}async function dr(t,e,n){ue(t),e=new URLSearchParams(e);const{as:o,c:r,auth:i,fetch:a,tlsOnly:s,timeout:c}=N(t),l=await(async function(h,d,g,f,m){return Q(h),$(d),ct(h,d,g,"client_credentials",new URLSearchParams(f),m)})(o,r,i,e,{[ee]:a,[q]:!s,DPoP:n==null?void 0:n.DPoP,headers:new Headers(re),signal:Ce(c)}).catch(z),u=(async function(h,d,g,f){return ze(h,d,g,void 0,void 0,void 0)})(o,r,l);let p;try{p=await u}catch(h){if(pt(h,n))return dr(t,e,S(S({},n),{},{flag:we}));z(h)}return ht(p),p}function In(t,e){ue(t);const{as:n,c:o,tlsOnly:r,hybrid:i,jarm:a,implicit:s}=N(t),c=st(n,"authorization_endpoint",!1,r);if((e=new URLSearchParams(e)).has("client_id")||e.set("client_id",o.client_id),!e.has("request_uri")&&!e.has("request")){if(e.has("response_type")||e.set("response_type",i?"code id_token":s?"id_token":"code"),s&&!e.has("nonce"))throw ie("response_type=id_token clients must provide a nonce parameter in their authorization request parameters",lt);a&&e.set("response_mode","jwt")}for(const[l,u]of e.entries())c.searchParams.append(l,u);return c}async function hr(t,e,n){ue(t);const o=In(t,e),{as:r,c:i,auth:a,fetch:s,tlsOnly:c,timeout:l}=N(t),u=await(async function(d,g,f,m,w){var _;Q(d),$(g);const k=st(d,"pushed_authorization_request_endpoint",g.use_mtls_endpoint_aliases,(w==null?void 0:w[q])!==!0),E=new URLSearchParams(m);E.set("client_id",g.client_id);const y=zt(w==null?void 0:w.headers);y.set("accept","application/json"),(w==null?void 0:w.DPoP)!==void 0&&(Vo(w.DPoP),await w.DPoP.addProof(k,y,"POST"));const P=await Hn(d,g,f,k,E,y,w);return w==null||(_=w.DPoP)===null||_===void 0||_.cacheNonce(P,k),P})(r,i,a,o.searchParams,{[ee]:s,[q]:!c,DPoP:n==null?void 0:n.DPoP,headers:new Headers(re),signal:Ce(l)}).catch(z),p=(async function(d,g,f){if(Q(d),$(g),!Je(f,Response))throw R('"response" must be an instance of Response',"ERR_INVALID_ARG_TYPE");await Wn(f,201,"Pushed Authorization Request Endpoint"),ut(f);const m=await Mt(f);D(m.request_uri,'"response" body "request_uri" property',T,{body:m});let w=typeof m.expires_in!="number"?parseFloat(m.expires_in):m.expires_in;return ge(w,!0,'"response" body "expires_in" property',T,{body:m}),m.expires_in=w,m})(r,i,u);let h;try{h=await p}catch(d){if(pt(d,n))return hr(t,e,S(S({},n),{},{flag:we}));z(d)}return In(t,{request_uri:h.request_uri})}function ue(t){if(!(t instanceof Dt))throw ie('"config" must be an instance of Configuration',dt);if(Object.getPrototypeOf(t)!==Dt.prototype)throw ie("subclassing Configuration is not allowed",lt)}function Ce(t){return t?AbortSignal.timeout(1e3*t):void 0}function pt(t,e){return!(e==null||!e.DPoP||e.flag===we)&&(function(n){if(n instanceof Nn){const{0:o,length:r}=n.cause;return r===1&&o.scheme==="dpop"&&o.parameters.error==="use_dpop_nonce"}return n instanceof Jt&&n.error==="use_dpop_nonce"})(t)}Object.freeze(Dt.prototype);const we=Symbol();async function Gn(t,e,n,o){ue(t);const{as:r,c:i,auth:a,fetch:s,tlsOnly:c,timeout:l,decrypt:u}=N(t),p=await(async function(h,d,g,f,m,w){return Q(h),$(d),D(f,'"grantType"'),ct(h,d,g,f,new URLSearchParams(m),w)})(r,i,a,e,new URLSearchParams(n),{[ee]:s,[q]:!c,DPoP:void 0,headers:new Headers(re),signal:Ce(l)}).then((h=>{let d;return e==="urn:ietf:params:oauth:grant-type:token-exchange"&&(d={n_a:()=>{}}),(async function(g,f,m,w){return ze(g,f,m,void 0,w==null?void 0:w[ce],w==null?void 0:w.recognizedTokenTypes)})(r,i,h,{[ce]:u,recognizedTokenTypes:d})})).catch(z);return ht(p),p}async function Ji(t,e,n){if(e instanceof Uint8Array){if(!t.startsWith("HS"))throw new TypeError((function(o){for(var r=arguments.length,i=new Array(r>1?r-1:0),a=1;a<r;a++)i[a-1]=arguments[a];return nr("Key must be ",o,...i)})(e,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",e,{hash:"SHA-".concat(t.slice(-3)),name:"HMAC"},!1,[n])}return ji(e,t,n),e}async function Mi(t,e,n,o){const r=await Ji(t,e,"verify");(function(a,s){if(a.startsWith("RS")||a.startsWith("PS")){const{modulusLength:c}=s.algorithm;if(typeof c!="number"||c<2048)throw new TypeError("".concat(a," requires key modulusLength to be 2048 bits or larger"))}})(t,r);const i=(function(a,s){const c="SHA-".concat(a.slice(-3));switch(a){case"HS256":case"HS384":case"HS512":return{hash:c,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:c,name:"RSA-PSS",saltLength:parseInt(a.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:c,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:c,name:"ECDSA",namedCurve:s.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:a};default:throw new G("alg ".concat(a," is not supported either by JOSE or your javascript runtime"))}})(t,r.algorithm);try{return await crypto.subtle.verify(i,r,n,o)}catch{return!1}}async function Vi(t,e,n){if(!ve(t))throw new L("Flattened JWS must be an object");if(t.protected===void 0&&t.header===void 0)throw new L('Flattened JWS must have either of the "protected" or "header" members');if(t.protected!==void 0&&typeof t.protected!="string")throw new L("JWS Protected Header incorrect type");if(t.payload===void 0)throw new L("JWS Payload missing");if(typeof t.signature!="string")throw new L("JWS Signature missing or incorrect type");if(t.header!==void 0&&!ve(t.header))throw new L("JWS Unprotected Header incorrect type");let o={};if(t.protected)try{const f=Qe(t.protected);o=JSON.parse(rt.decode(f))}catch{throw new L("JWS Protected Header is invalid")}if(!(function(){for(var f=arguments.length,m=new Array(f),w=0;w<f;w++)m[w]=arguments[w];const _=m.filter(Boolean);if(_.length===0||_.length===1)return!0;let k;for(const E of _){const y=Object.keys(E);if(k&&k.size!==0)for(const P of y){if(k.has(P))return!1;k.add(P)}else k=new Set(y)}return!0})(o,t.header))throw new L("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const r=S(S({},o),t.header),i=(function(f,m,w,_,k){if(k.crit!==void 0&&(_==null?void 0:_.crit)===void 0)throw new f('"crit" (Critical) Header Parameter MUST be integrity protected');if(!_||_.crit===void 0)return new Set;if(!Array.isArray(_.crit)||_.crit.length===0||_.crit.some((y=>typeof y!="string"||y.length===0)))throw new f('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let E;E=w!==void 0?new Map([...Object.entries(w),...m.entries()]):m;for(const y of _.crit){if(!E.has(y))throw new G('Extension Header Parameter "'.concat(y,'" is not recognized'));if(k[y]===void 0)throw new f('Extension Header Parameter "'.concat(y,'" is missing'));if(E.get(y)&&_[y]===void 0)throw new f('Extension Header Parameter "'.concat(y,'" MUST be integrity protected'))}return new Set(_.crit)})(L,new Map([["b64",!0]]),n==null?void 0:n.crit,o,r);let a=!0;if(i.has("b64")&&(a=o.b64,typeof a!="boolean"))throw new L('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:s}=r;if(typeof s!="string"||!s)throw new L('JWS "alg" (Algorithm) Header Parameter missing or invalid');const c=n&&(function(f,m){if(m!==void 0&&(!Array.isArray(m)||m.some((w=>typeof w!="string"))))throw new TypeError('"'.concat(f,'" option must be an array of strings'));if(m)return new Set(m)})("algorithms",n.algorithms);if(c&&!c.has(s))throw new Qo('"alg" (Algorithm) Header Parameter value not allowed');if(a){if(typeof t.payload!="string")throw new L("JWS Payload must be a string")}else if(typeof t.payload!="string"&&!(t.payload instanceof Uint8Array))throw new L("JWS Payload must be a string or an Uint8Array instance");let l=!1;typeof e=="function"&&(e=await e(o,t),l=!0),Ni(s,e,"verify");const u=(function(){for(var f=arguments.length,m=new Array(f),w=0;w<f;w++)m[w]=arguments[w];const _=m.reduce(((y,P)=>{let{length:M}=P;return y+M}),0),k=new Uint8Array(_);let E=0;for(const y of m)k.set(y,E),E+=y.length;return k})(t.protected!==void 0?en(t.protected):new Uint8Array,en("."),typeof t.payload=="string"?a?en(t.payload):ho.encode(t.payload):t.payload);let p;try{p=Qe(t.signature)}catch{throw new L("Failed to base64url decode the signature")}const h=await Ui(e,s);if(!await Mi(s,h,p,u))throw new tr;let d;if(a)try{d=Qe(t.payload)}catch{throw new L("Failed to base64url decode the payload")}else d=typeof t.payload=="string"?ho.encode(t.payload):t.payload;const g={payload:d};return t.protected!==void 0&&(g.protectedHeader=o),t.header!==void 0&&(g.unprotectedHeader=t.header),l?S(S({},g),{},{key:h}):g}const Gi=t=>Math.floor(t.getTime()/1e3),Fi=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function _o(t){const e=Fi.exec(t);if(!e||e[4]&&e[1])throw new TypeError("Invalid time period format");const n=parseFloat(e[2]);let o;switch(e[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":o=Math.round(n);break;case"minute":case"minutes":case"min":case"mins":case"m":o=Math.round(60*n);break;case"hour":case"hours":case"hr":case"hrs":case"h":o=Math.round(3600*n);break;case"day":case"days":case"d":o=Math.round(86400*n);break;case"week":case"weeks":case"w":o=Math.round(604800*n);break;default:o=Math.round(31557600*n)}return e[1]==="-"||e[4]==="ago"?-o:o}const ko=t=>t.includes("/")?t.toLowerCase():"application/".concat(t.toLowerCase()),Zi=(t,e)=>typeof t=="string"?e.includes(t):!!Array.isArray(t)&&e.some(Set.prototype.has.bind(new Set(t)));async function qi(t,e,n){var o;const r=await(async function(s,c,l){if(s instanceof Uint8Array&&(s=rt.decode(s)),typeof s!="string")throw new L("Compact JWS must be a string or Uint8Array");const{0:u,1:p,2:h,length:d}=s.split(".");if(d!==3)throw new L("Invalid Compact JWS");const g=await Vi({payload:p,protected:u,signature:h},c,l),f={payload:g.payload,protectedHeader:g.protectedHeader};return typeof c=="function"?S(S({},f),{},{key:g.key}):f})(t,e,n);if((o=r.protectedHeader.crit)!==null&&o!==void 0&&o.includes("b64")&&r.protectedHeader.b64===!1)throw new Pn("JWTs MUST NOT use unencoded payload");const i=(function(s,c){let l,u=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};try{l=JSON.parse(rt.decode(c))}catch{}if(!ve(l))throw new Pn("JWT Claims Set must be a top-level JSON object");const{typ:p}=u;if(p&&(typeof s.typ!="string"||ko(s.typ)!==ko(p)))throw new B('unexpected "typ" JWT header value',l,"typ","check_failed");const{requiredClaims:h=[],issuer:d,subject:g,audience:f,maxTokenAge:m}=u,w=[...h];m!==void 0&&w.push("iat"),f!==void 0&&w.push("aud"),g!==void 0&&w.push("sub"),d!==void 0&&w.push("iss");for(const y of new Set(w.reverse()))if(!(y in l))throw new B('missing required "'.concat(y,'" claim'),l,y,"missing");if(d&&!(Array.isArray(d)?d:[d]).includes(l.iss))throw new B('unexpected "iss" claim value',l,"iss","check_failed");if(g&&l.sub!==g)throw new B('unexpected "sub" claim value',l,"sub","check_failed");if(f&&!Zi(l.aud,typeof f=="string"?[f]:f))throw new B('unexpected "aud" claim value',l,"aud","check_failed");let _;switch(typeof u.clockTolerance){case"string":_=_o(u.clockTolerance);break;case"number":_=u.clockTolerance;break;case"undefined":_=0;break;default:throw new TypeError("Invalid clockTolerance option type")}const{currentDate:k}=u,E=Gi(k||new Date);if((l.iat!==void 0||m)&&typeof l.iat!="number")throw new B('"iat" claim must be a number',l,"iat","invalid");if(l.nbf!==void 0){if(typeof l.nbf!="number")throw new B('"nbf" claim must be a number',l,"nbf","invalid");if(l.nbf>E+_)throw new B('"nbf" claim timestamp check failed',l,"nbf","check_failed")}if(l.exp!==void 0){if(typeof l.exp!="number")throw new B('"exp" claim must be a number',l,"exp","invalid");if(l.exp<=E-_)throw new Tn('"exp" claim timestamp check failed',l,"exp","check_failed")}if(m){const y=E-l.iat;if(y-_>(typeof m=="number"?m:_o(m)))throw new Tn('"iat" claim timestamp check failed (too far in the past)',l,"iat","check_failed");if(y<0-_)throw new B('"iat" claim timestamp check failed (it should be in the past)',l,"iat","check_failed")}return l})(r.protectedHeader,r.payload,n),a={payload:i,protectedHeader:r.protectedHeader};return typeof e=="function"?S(S({},a),{},{key:r.key}):a}function Bi(t){return ve(t)}var bt,an,_t=new WeakMap,sn=new WeakMap;class Xi{constructor(e){if(K(this,_t,void 0),K(this,sn,new WeakMap),!(function(n){return n&&typeof n=="object"&&Array.isArray(n.keys)&&n.keys.every(Bi)})(e))throw new Mn("JSON Web Key Set malformed");O(_t,this,structuredClone(e))}jwks(){return v(_t,this)}async getKey(e,n){const{alg:o,kid:r}=S(S({},e),n==null?void 0:n.header),i=(function(l){switch(typeof l=="string"&&l.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";case"ML":return"AKP";default:throw new G('Unsupported "alg" value for a JSON Web Key Set')}})(o),a=v(_t,this).keys.filter((l=>{let u=i===l.kty;if(u&&typeof r=="string"&&(u=r===l.kid),!u||typeof l.alg!="string"&&i!=="AKP"||(u=o===l.alg),u&&typeof l.use=="string"&&(u=l.use==="sig"),u&&Array.isArray(l.key_ops)&&(u=l.key_ops.includes("verify")),u)switch(o){case"ES256":u=l.crv==="P-256";break;case"ES384":u=l.crv==="P-384";break;case"ES512":u=l.crv==="P-521";break;case"Ed25519":case"EdDSA":u=l.crv==="Ed25519"}return u})),{0:s,length:c}=a;if(c===0)throw new Vn;if(c!==1){const l=new $o,u=v(sn,this);throw l[Symbol.asyncIterator]=oi((function*(){for(const p of a)try{yield yield ni(So(u,p,o))}catch{}})),l}return So(v(sn,this),s,o)}}async function So(t,e,n){const o=t.get(e)||t.set(e,{}).get(e);if(o[n]===void 0){const r=await(async function(i,a,s){var c;if(!ve(i))throw new TypeError("JWK must be an object");let l;switch(a!=null||(a=i.alg),l!=null||(l=(c=void 0)!==null&&c!==void 0?c:i.ext),i.kty){case"oct":if(typeof i.k!="string"||!i.k)throw new TypeError('missing "k" (Key Value) Parameter value');return Qe(i.k);case"RSA":if("oth"in i&&i.oth!==void 0)throw new G('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return At(S(S({},i),{},{alg:a,ext:l}));case"AKP":if(typeof i.alg!="string"||!i.alg)throw new TypeError('missing "alg" (Algorithm) Parameter value');if(a!==void 0&&a!==i.alg)throw new TypeError("JWK alg and alg option value mismatch");return At(S(S({},i),{},{ext:l}));case"EC":case"OKP":return At(S(S({},i),{},{alg:a,ext:l}));default:throw new G('Unsupported "kty" (Key Type) Parameter value')}})(S(S({},e),{},{ext:!0}),n);if(r instanceof Uint8Array||r.type!=="public")throw new Mn("JSON Web Key Set members must be public keys");o[n]=r}return o[n]}function Eo(t){const e=new Xi(t),n=async(o,r)=>e.getKey(o,r);return Object.defineProperties(n,{jwks:{value:()=>structuredClone(e.jwks()),enumerable:!1,configurable:!1,writable:!1}}),n}let On;(typeof navigator>"u"||(bt=navigator.userAgent)===null||bt===void 0||(an=bt.startsWith)===null||an===void 0||!an.call(bt,"Mozilla/5.0 "))&&(On="".concat("jose","/").concat("v6.1.3"));const pr=Symbol(),cn=Symbol();var un=new WeakMap,ln=new WeakMap,dn=new WeakMap,kt=new WeakMap,_e=new WeakMap,ae=new WeakMap,he=new WeakMap,hn=new WeakMap,ke=new WeakMap,Se=new WeakMap;class Yi{constructor(e,n){if(K(this,un,void 0),K(this,ln,void 0),K(this,dn,void 0),K(this,kt,void 0),K(this,_e,void 0),K(this,ae,void 0),K(this,he,void 0),K(this,hn,void 0),K(this,ke,void 0),K(this,Se,void 0),!(e instanceof URL))throw new TypeError("url must be an instance of URL");var o,r;O(un,this,new URL(e.href)),O(ln,this,typeof(n==null?void 0:n.timeoutDuration)=="number"?n==null?void 0:n.timeoutDuration:5e3),O(dn,this,typeof(n==null?void 0:n.cooldownDuration)=="number"?n==null?void 0:n.cooldownDuration:3e4),O(kt,this,typeof(n==null?void 0:n.cacheMaxAge)=="number"?n==null?void 0:n.cacheMaxAge:6e5),O(he,this,new Headers(n==null?void 0:n.headers)),On&&!v(he,this).has("User-Agent")&&v(he,this).set("User-Agent",On),v(he,this).has("accept")||(v(he,this).set("accept","application/json"),v(he,this).append("accept","application/jwk-set+json")),O(hn,this,n==null?void 0:n[pr]),(n==null?void 0:n[cn])!==void 0&&(O(Se,this,n==null?void 0:n[cn]),o=n==null?void 0:n[cn],r=v(kt,this),typeof o=="object"&&o!==null&&"uat"in o&&typeof o.uat=="number"&&!(Date.now()-o.uat>=r)&&"jwks"in o&&ve(o.jwks)&&Array.isArray(o.jwks.keys)&&Array.prototype.every.call(o.jwks.keys,ve)&&(O(_e,this,v(Se,this).uat),O(ke,this,Eo(v(Se,this).jwks))))}pendingFetch(){return!!v(ae,this)}coolingDown(){return typeof v(_e,this)=="number"&&Date.now()<v(_e,this)+v(dn,this)}fresh(){return typeof v(_e,this)=="number"&&Date.now()<v(_e,this)+v(kt,this)}jwks(){var e;return(e=v(ke,this))===null||e===void 0?void 0:e.jwks()}async getKey(e,n){v(ke,this)&&this.fresh()||await this.reload();try{return await v(ke,this).call(this,e,n)}catch(o){if(o instanceof Vn&&this.coolingDown()===!1)return await this.reload(),v(ke,this).call(this,e,n);throw o}}async reload(){v(ae,this)&&(typeof WebSocketPair<"u"||typeof navigator<"u"&&navigator.userAgent==="Cloudflare-Workers"||typeof EdgeRuntime<"u"&&EdgeRuntime==="vercel")&&O(ae,this,void 0),v(ae,this)||O(ae,this,(async function(e,n,o){const i=await(arguments.length>3&&arguments[3]!==void 0?arguments[3]:fetch)(e,{method:"GET",signal:o,redirect:"manual",headers:n}).catch((a=>{throw a.name==="TimeoutError"?new er:a}));if(i.status!==200)throw new W("Expected 200 OK from the JSON Web Key Set HTTP response");try{return await i.json()}catch{throw new W("Failed to parse the JSON Web Key Set HTTP response as JSON")}})(v(un,this).href,v(he,this),AbortSignal.timeout(v(ln,this)),v(hn,this)).then((e=>{O(ke,this,Eo(e)),v(Se,this)&&(v(Se,this).uat=Date.now(),v(Se,this).jwks=e),O(_e,this,Date.now()),O(ae,this,void 0)})).catch((e=>{throw O(ae,this,void 0),e}))),await v(ae,this)}}const Qi=["mfaToken"],$i=["mfaToken"];var Ee,St,Ae,me,We,I,Ze,C,Ao=class extends Error{constructor(t,e){super(e),b(this,"code",void 0),this.name="NotSupportedError",this.code=t}},le=class extends Error{constructor(t,e,n){super(e),b(this,"cause",void 0),b(this,"code",void 0),this.code=t,this.cause=n&&{error:n.error,error_description:n.error_description,message:n.message}}},ea=class extends le{constructor(t,e){super("token_by_code_error",t,e),this.name="TokenByCodeError"}},ta=class extends le{constructor(t,e){super("token_by_client_credentials_error",t,e),this.name="TokenByClientCredentialsError"}},na=class extends le{constructor(t,e){super("token_by_refresh_token_error",t,e),this.name="TokenByRefreshTokenError"}},pn=class extends le{constructor(t,e){super("token_for_connection_error",t,e),this.name="TokenForConnectionErrorCode"}},oe=class extends le{constructor(t,e){super("token_exchange_error",t,e),this.name="TokenExchangeError"}},pe=class extends Error{constructor(t){super(t),b(this,"code","verify_logout_token_error"),this.name="VerifyLogoutTokenError"}},mn=class extends le{constructor(t){super("backchannel_authentication_error","There was an error when trying to use Client-Initiated Backchannel Authentication.",t),b(this,"code","backchannel_authentication_error"),this.name="BackchannelAuthenticationError"}},oa=class extends le{constructor(t){super("build_authorization_url_error","There was an error when trying to build the authorization URL.",t),this.name="BuildAuthorizationUrlError"}},ra=class extends le{constructor(t){super("build_link_user_url_error","There was an error when trying to build the Link User URL.",t),this.name="BuildLinkUserUrlError"}},ia=class extends le{constructor(t){super("build_unlink_user_url_error","There was an error when trying to build the Unlink User URL.",t),this.name="BuildUnlinkUserUrlError"}},aa=class extends Error{constructor(){super("The client secret or client assertion signing key must be provided."),b(this,"code","missing_client_auth_error"),this.name="MissingClientAuthError"}};function xn(t){return Object.entries(t).filter((e=>{let[,n]=e;return n!==void 0})).reduce(((e,n)=>S(S({},e),{},{[n[0]]:n[1]})),{})}var Vt=class extends Error{constructor(t,e,n){super(e),b(this,"cause",void 0),b(this,"code",void 0),this.code=t,this.cause=n&&{error:n.error,error_description:n.error_description,message:n.message}}},sa=class extends Vt{constructor(t,e){super("mfa_list_authenticators_error",t,e),this.name="MfaListAuthenticatorsError"}},ca=class extends Vt{constructor(t,e){super("mfa_enrollment_error",t,e),this.name="MfaEnrollmentError"}},ua=class extends Vt{constructor(t,e){super("mfa_delete_authenticator_error",t,e),this.name="MfaDeleteAuthenticatorError"}},la=class extends Vt{constructor(t,e){super("mfa_challenge_error",t,e),this.name="MfaChallengeError"}};function da(t){return{id:t.id,authenticatorType:t.authenticator_type,active:t.active,name:t.name,oobChannels:t.oob_channels,type:t.type}}var ha=(Ee=new WeakMap,St=new WeakMap,Ae=new WeakMap,class{constructor(t){var e;K(this,Ee,void 0),K(this,St,void 0),K(this,Ae,void 0),O(Ee,this,"https://".concat(t.domain)),O(St,this,t.clientId),O(Ae,this,(e=t.customFetch)!==null&&e!==void 0?e:function(){return fetch(...arguments)})}async listAuthenticators(t){const e="".concat(v(Ee,this),"/mfa/authenticators"),{mfaToken:n}=t,o=await v(Ae,this).call(this,e,{method:"GET",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"}});if(!o.ok){const r=await o.json();throw new sa(r.error_description||"Failed to list authenticators",r)}return(await o.json()).map(da)}async enrollAuthenticator(t){const e="".concat(v(Ee,this),"/mfa/associate"),{mfaToken:n}=t,o=io(t,Qi),r={authenticator_types:o.authenticatorTypes};"oobChannels"in o&&(r.oob_channels=o.oobChannels),"phoneNumber"in o&&o.phoneNumber&&(r.phone_number=o.phoneNumber),"email"in o&&o.email&&(r.email=o.email);const i=await v(Ae,this).call(this,e,{method:"POST",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"},body:JSON.stringify(r)});if(!i.ok){const a=await i.json();throw new ca(a.error_description||"Failed to enroll authenticator",a)}return(function(a){if(a.authenticator_type==="otp")return{authenticatorType:"otp",secret:a.secret,barcodeUri:a.barcode_uri,recoveryCodes:a.recovery_codes,id:a.id};if(a.authenticator_type==="oob")return{authenticatorType:"oob",oobChannel:a.oob_channel,oobCode:a.oob_code,bindingMethod:a.binding_method,id:a.id};throw new Error("Unexpected authenticator type: ".concat(a.authenticator_type))})(await i.json())}async deleteAuthenticator(t){const{authenticatorId:e,mfaToken:n}=t,o="".concat(v(Ee,this),"/mfa/authenticators/").concat(encodeURIComponent(e)),r=await v(Ae,this).call(this,o,{method:"DELETE",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"}});if(!r.ok){const i=await r.json();throw new ua(i.error_description||"Failed to delete authenticator",i)}}async challengeAuthenticator(t){const e="".concat(v(Ee,this),"/mfa/challenge"),{mfaToken:n}=t,o=io(t,$i),r={mfa_token:n,client_id:v(St,this),challenge_type:o.challengeType};o.authenticatorId&&(r.authenticator_id=o.authenticatorId);const i=await v(Ae,this).call(this,e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r)});if(!i.ok){const a=await i.json();throw new la(a.error_description||"Failed to challenge authenticator",a)}return(function(a){const s={challengeType:a.challenge_type};return a.oob_code!==void 0&&(s.oobCode=a.oob_code),a.binding_method!==void 0&&(s.bindingMethod=a.binding_method),s})(await i.json())}}),Pe=class mr{constructor(e,n,o,r,i,a,s){b(this,"accessToken",void 0),b(this,"idToken",void 0),b(this,"refreshToken",void 0),b(this,"expiresAt",void 0),b(this,"scope",void 0),b(this,"claims",void 0),b(this,"authorizationDetails",void 0),b(this,"tokenType",void 0),b(this,"issuedTokenType",void 0),this.accessToken=e,this.idToken=o,this.refreshToken=r,this.expiresAt=n,this.scope=i,this.claims=a,this.authorizationDetails=s}static fromTokenEndpointResponse(e){const n=e.id_token?e.claims():void 0,o=new mr(e.access_token,Math.floor(Date.now()/1e3)+Number(e.expires_in),e.id_token,e.refresh_token,e.scope,n,e.authorization_details);return o.tokenType=e.token_type,o.issuedTokenType=e.issued_token_type,o}},Cn="openid profile email offline_access",pa=Object.freeze(new Set(["grant_type","client_id","client_secret","client_assertion","client_assertion_type","subject_token","subject_token_type","requested_token_type","actor_token","actor_token_type","audience","aud","resource","resources","resource_indicator","scope","connection","login_hint","organization","assertion"]));function fr(t){if(t==null)throw new oe("subject_token is required");if(typeof t!="string")throw new oe("subject_token must be a string");if(t.trim().length===0)throw new oe("subject_token cannot be blank or whitespace");if(t!==t.trim())throw new oe("subject_token must not include leading or trailing whitespace");if(/^bearer\s+/i.test(t))throw new oe("subject_token must not include the 'Bearer ' prefix")}function yr(t,e){if(e){for(const[n,o]of Object.entries(e))if(!pa.has(n))if(Array.isArray(o)){if(o.length>20)throw new oe("Parameter '".concat(n,"' exceeds maximum array size of ").concat(20));o.forEach((r=>{t.append(n,r)}))}else t.append(n,o)}}var ma=(me=new WeakMap,We=new WeakMap,I=new WeakMap,Ze=new WeakMap,C=new WeakSet,class{constructor(t){if((function(e,n){No(e,n),n.add(e)})(this,C),K(this,me,void 0),K(this,We,void 0),K(this,I,void 0),K(this,Ze,void 0),b(this,"mfa",void 0),O(I,this,t),t.useMtls&&!t.customFetch)throw new Ao("mtls_without_custom_fetch_not_supported","Using mTLS without a custom fetch implementation is not supported");this.mfa=new ha({domain:v(I,this).domain,clientId:v(I,this).clientId,customFetch:v(I,this).customFetch})}async buildAuthorizationUrl(t){const{serverMetadata:e}=await j(C,this,Z).call(this);if(t!=null&&t.pushedAuthorizationRequests&&!e.pushed_authorization_request_endpoint)throw new Ao("par_not_supported_error","The Auth0 tenant does not have pushed authorization requests enabled. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-par");try{return await j(C,this,fn).call(this,t)}catch(n){throw new oa(n)}}async buildLinkUserUrl(t){try{const e=await j(C,this,fn).call(this,{authorizationParams:S(S({},t.authorizationParams),{},{requested_connection:t.connection,requested_connection_scope:t.connectionScope,scope:"openid link_account offline_access",id_token_hint:t.idToken})});return{linkUserUrl:e.authorizationUrl,codeVerifier:e.codeVerifier}}catch(e){throw new ra(e)}}async buildUnlinkUserUrl(t){try{const e=await j(C,this,fn).call(this,{authorizationParams:S(S({},t.authorizationParams),{},{requested_connection:t.connection,scope:"openid unlink_account",id_token_hint:t.idToken})});return{unlinkUserUrl:e.authorizationUrl,codeVerifier:e.codeVerifier}}catch(e){throw new ia(e)}}async backchannelAuthentication(t){const{configuration:e,serverMetadata:n}=await j(C,this,Z).call(this),o=xn(S(S({},v(I,this).authorizationParams),t==null?void 0:t.authorizationParams)),r=new URLSearchParams(S(S({scope:Cn},o),{},{client_id:v(I,this).clientId,binding_message:t.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:n.issuer,sub:t.loginHint.sub})}));t.requestedExpiry&&r.append("requested_expiry",t.requestedExpiry.toString()),t.authorizationDetails&&r.append("authorization_details",JSON.stringify(t.authorizationDetails));try{const i=await vo(e,r),a=await cr(e,i);return Pe.fromTokenEndpointResponse(a)}catch(i){throw new mn(i)}}async initiateBackchannelAuthentication(t){const{configuration:e,serverMetadata:n}=await j(C,this,Z).call(this),o=xn(S(S({},v(I,this).authorizationParams),t==null?void 0:t.authorizationParams)),r=new URLSearchParams(S(S({scope:Cn},o),{},{client_id:v(I,this).clientId,binding_message:t.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:n.issuer,sub:t.loginHint.sub})}));t.requestedExpiry&&r.append("requested_expiry",t.requestedExpiry.toString()),t.authorizationDetails&&r.append("authorization_details",JSON.stringify(t.authorizationDetails));try{const i=await vo(e,r);return{authReqId:i.auth_req_id,expiresIn:i.expires_in,interval:i.interval}}catch(i){throw new mn(i)}}async backchannelAuthenticationGrant(t){let{authReqId:e}=t;const{configuration:n}=await j(C,this,Z).call(this),o=new URLSearchParams({auth_req_id:e});try{const r=await Gn(n,"urn:openid:params:grant-type:ciba",o);return Pe.fromTokenEndpointResponse(r)}catch(r){throw new mn(r)}}async getTokenForConnection(t){var e;if(t.refreshToken&&t.accessToken)throw new pn("Either a refresh or access token should be specified, but not both.");const n=(e=t.accessToken)!==null&&e!==void 0?e:t.refreshToken;if(!n)throw new pn("Either a refresh or access token must be specified.");try{return await this.exchangeToken({connection:t.connection,subjectToken:n,subjectTokenType:t.accessToken?"urn:ietf:params:oauth:token-type:access_token":"urn:ietf:params:oauth:token-type:refresh_token",loginHint:t.loginHint})}catch(o){throw o instanceof oe?new pn(o.message,o.cause):o}}async exchangeToken(t){return"connection"in t?j(C,this,fa).call(this,t):j(C,this,ya).call(this,t)}async getTokenByCode(t,e){const{configuration:n}=await j(C,this,Z).call(this);try{const o=await ur(n,t,{pkceCodeVerifier:e.codeVerifier});return Pe.fromTokenEndpointResponse(o)}catch(o){throw new ea("There was an error while trying to request a token.",o)}}async getTokenByRefreshToken(t){const{configuration:e}=await j(C,this,Z).call(this);try{const n=await lr(e,t.refreshToken);return Pe.fromTokenEndpointResponse(n)}catch(n){throw new na("The access token has expired and there was an error while trying to refresh it.",n)}}async getTokenByClientCredentials(t){const{configuration:e}=await j(C,this,Z).call(this);try{const n=new URLSearchParams({audience:t.audience});t.organization&&n.append("organization",t.organization);const o=await dr(e,n);return Pe.fromTokenEndpointResponse(o)}catch(n){throw new ta("There was an error while trying to request a token.",n)}}async buildLogoutUrl(t){const{configuration:e,serverMetadata:n}=await j(C,this,Z).call(this);if(!n.end_session_endpoint){const o=new URL("https://".concat(v(I,this).domain,"/v2/logout"));return o.searchParams.set("returnTo",t.returnTo),o.searchParams.set("client_id",v(I,this).clientId),o}return(function(o,r){ue(o);const{as:i,c:a,tlsOnly:s}=N(o),c=st(i,"end_session_endpoint",!1,s);(r=new URLSearchParams(r)).has("client_id")||r.set("client_id",a.client_id);for(const[l,u]of r.entries())c.searchParams.append(l,u);return c})(e,{post_logout_redirect_uri:t.returnTo})}async verifyLogoutToken(t){const{serverMetadata:e}=await j(C,this,Z).call(this);v(Ze,this)||O(Ze,this,(function(o,r){const i=new Yi(o,r),a=async(s,c)=>i.getKey(s,c);return Object.defineProperties(a,{coolingDown:{get:()=>i.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>i.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>i.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>i.pendingFetch(),enumerable:!0,configurable:!1},jwks:{value:()=>i.jwks(),enumerable:!0,configurable:!1,writable:!1}}),a})(new URL(e.jwks_uri),{[pr]:v(I,this).customFetch}));const{payload:n}=await qi(t.logoutToken,v(Ze,this),{issuer:e.issuer,audience:v(I,this).clientId,algorithms:["RS256"],requiredClaims:["iat"]});if(!("sid"in n)&&!("sub"in n))throw new pe('either "sid" or "sub" (or both) claims must be present');if("sid"in n&&typeof n.sid!="string")throw new pe('"sid" claim must be a string');if("sub"in n&&typeof n.sub!="string")throw new pe('"sub" claim must be a string');if("nonce"in n)throw new pe('"nonce" claim is prohibited');if(!("events"in n))throw new pe('"events" claim is missing');if(typeof n.events!="object"||n.events===null)throw new pe('"events" claim must be an object');if(!("http://schemas.openid.net/event/backchannel-logout"in n.events))throw new pe('"http://schemas.openid.net/event/backchannel-logout" member is missing in the "events" claim');if(typeof n.events["http://schemas.openid.net/event/backchannel-logout"]!="object")throw new pe('"http://schemas.openid.net/event/backchannel-logout" member in the "events" claim must be an object');return{sid:n.sid,sub:n.sub}}});async function Z(){if(v(me,this)&&v(We,this))return{configuration:v(me,this),serverMetadata:v(We,this)};const t=await j(C,this,ga).call(this);return O(me,this,await zi(new URL("https://".concat(v(I,this).domain)),v(I,this).clientId,{use_mtls_endpoint_aliases:v(I,this).useMtls},t,{[ye]:v(I,this).customFetch})),O(We,this,v(me,this).serverMetadata()),v(me,this)[ye]=v(I,this).customFetch||fetch,{configuration:v(me,this),serverMetadata:v(We,this)}}async function fa(t){var e,n;const{configuration:o}=await j(C,this,Z).call(this);if("audience"in t||"resource"in t)throw new oe("audience and resource parameters are not supported for Token Vault exchanges");fr(t.subjectToken);const r=new URLSearchParams({connection:t.connection,subject_token:t.subjectToken,subject_token_type:(e=t.subjectTokenType)!==null&&e!==void 0?e:"urn:ietf:params:oauth:token-type:access_token",requested_token_type:(n=t.requestedTokenType)!==null&&n!==void 0?n:"http://auth0.com/oauth/token-type/federated-connection-access-token"});t.loginHint&&r.append("login_hint",t.loginHint),t.scope&&r.append("scope",t.scope),yr(r,t.extra);try{const i=await Gn(o,"urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token",r);return Pe.fromTokenEndpointResponse(i)}catch(i){throw new oe("Failed to exchange token for connection '".concat(t.connection,"'."),i)}}async function ya(t){const{configuration:e}=await j(C,this,Z).call(this);fr(t.subjectToken);const n=new URLSearchParams({subject_token_type:t.subjectTokenType,subject_token:t.subjectToken});t.audience&&n.append("audience",t.audience),t.scope&&n.append("scope",t.scope),t.requestedTokenType&&n.append("requested_token_type",t.requestedTokenType),t.organization&&n.append("organization",t.organization),yr(n,t.extra);try{const o=await Gn(e,"urn:ietf:params:oauth:grant-type:token-exchange",n);return Pe.fromTokenEndpointResponse(o)}catch(o){throw new oe("Failed to exchange token of type '".concat(t.subjectTokenType,"'").concat(t.audience?" for audience '".concat(t.audience,"'"):"","."),o)}}async function ga(){if(!v(I,this).clientSecret&&!v(I,this).clientAssertionSigningKey&&!v(I,this).useMtls)throw new aa;if(v(I,this).useMtls)return(e,n,o,r)=>{o.set("client_id",n.client_id)};let t=v(I,this).clientAssertionSigningKey;return!t||t instanceof CryptoKey||(t=await(async function(e,n,o){if(typeof e!="string"||e.indexOf("-----BEGIN PRIVATE KEY-----")!==0)throw new TypeError('"pkcs8" must be PKCS#8 formatted string');return Li(e,n,o)})(t,v(I,this).clientAssertionSigningAlg||"RS256")),t?(function(e,n){return ui(e)})(t):ir(v(I,this).clientSecret)}async function fn(t){const{configuration:e}=await j(C,this,Z).call(this),n=Hi(),o=await Wi(n),r=xn(S(S({},v(I,this).authorizationParams),t==null?void 0:t.authorizationParams)),i=new URLSearchParams(S(S({scope:Cn},r),{},{client_id:v(I,this).clientId,code_challenge:o,code_challenge_method:"S256"}));return{authorizationUrl:t!=null&&t.pushedAuthorizationRequests?await hr(e,i):await In(e,i),codeVerifier:n}}const qe=new vr;class wa{constructor(e){let n,o;if(this.userCache=new Kn().enclosedCache,this.activeLockKeys=new Set,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this._releaseLockOnPageHide=async()=>{const l=Array.from(this.activeLockKeys);for(const u of l)await qe.releaseLock(u);this.activeLockKeys.clear(),window.removeEventListener("pagehide",this._releaseLockOnPageHide)},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),typeof window<"u"&&(()=>{if(!Rt())throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(Rt().subtle===void 0)throw new Error(`
3
- auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
4
- `)})(),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)o=e.cache;else{if(n=e.cacheLocation||"memory",!to(n))throw new Error('Invalid cache location "'.concat(n,'"'));o=to(n)()}var r;this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:1e4,this.cookieStorage=e.legacySameSiteCookie===!1?Ue:Fr,this.orgHintCookieName=(r=this.options.clientId,"auth0.".concat(r,".organization_hint")),this.isAuthenticatedCookieName=(l=>"auth0.".concat(l,".is.authenticated"))(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:Zr;var a;this.scope=(function(l,u){for(var p=arguments.length,h=new Array(p>2?p-2:0),d=2;d<p;d++)h[d-2]=arguments[d];if(typeof l!="object")return{default:Et(u,l,...h)};let g={default:Et(u,...h)};return Object.keys(l).forEach((f=>{const m=l[f];g[f]=Et(u,m,...h)})),g})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new Hr(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||Ro,this.cacheManager=new Wr(o,o.allKeys?void 0:new Xr(o,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new $r(this.options.clientId):void 0,this.domainUrl=(a=this.options.domain,/^https?:\/\//.test(a)?a:"https://".concat(a)),this.tokenIssuer=((l,u)=>l?l.startsWith("https://")?l:"https://".concat(l,"/"):"".concat(u,"/"))(this.options.issuer,this.domainUrl);const s="".concat(this.domainUrl,"/me/"),c=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:()=>this.getTokenSilently({authorizationParams:{scope:"create:me:connected_accounts",audience:s},detailedResponse:!0})}));this.myAccountApi=new ti(c,s),this.authJsClient=new ma({domain:this.options.domain,clientId:this.options.clientId}),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&n==="memory"&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new Br)}getConfiguration(){return Object.freeze({domain:this.options.domain,clientId:this.options.clientId})}_url(e){const n=encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client||Po)));return"".concat(this.domainUrl).concat(e,"&auth0Client=").concat(n)}_authorizeUrl(e){return this._url("/authorize?".concat(yn(e)))}async _verifyIdToken(e,n,o){const r=await this.nowProvider();return Jr({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:n,organization:o,leeway:this.options.leeway,max_age:(i=this.options.authorizationParams.max_age,typeof i!="string"?i:parseInt(i,10)||void 0),now:r});var i}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}async _prepareAuthorizeUrl(e,n,o){var r;const i=Zt(Ve()),a=Zt(Ve()),s=Ve(),c=await Zn(s),l=Bn(c),u=await((r=this.dpop)===null||r===void 0?void 0:r.calculateThumbprint()),p=((d,g,f,m,w,_,k,E,y)=>Object.assign(Object.assign(Object.assign({client_id:d.clientId},d.authorizationParams),f),{scope:yt(g,f.scope,f.audience),response_type:"code",response_mode:E||"query",state:m,nonce:w,redirect_uri:k||d.authorizationParams.redirect_uri,code_challenge:_,code_challenge_method:"S256",dpop_jkt:y}))(this.options,this.scope,e,i,a,l,e.redirect_uri||this.options.authorizationParams.redirect_uri||o,n==null?void 0:n.response_mode,u),h=this._authorizeUrl(p);return{nonce:a,code_verifier:s,scope:p.scope,audience:p.audience||"default",redirect_uri:p.redirect_uri,state:i,url:h}}async loginWithPopup(e,n){var o;if(e=e||{},!(n=n||{}).popup&&(n.popup=(s=>{const c=window.screenX+(window.innerWidth-400)/2,l=window.screenY+(window.innerHeight-600)/2;return window.open(s,"auth0:authorize:popup","left=".concat(c,",top=").concat(l,",width=").concat(400,",height=").concat(600,",resizable,scrollbars=yes,status=1"))})(""),!n.popup))throw new Wt;const r=await this._prepareAuthorizeUrl(e.authorizationParams||{},{response_mode:"web_message"},window.location.origin);n.popup.location.href=r.url;const i=await(s=>new Promise(((c,l)=>{let u;const p=setInterval((()=>{s.popup&&s.popup.closed&&(clearInterval(p),clearTimeout(h),window.removeEventListener("message",u,!1),l(new Nt(s.popup)))}),1e3),h=setTimeout((()=>{clearInterval(p),l(new Ut(s.popup)),window.removeEventListener("message",u,!1)}),1e3*(s.timeoutInSeconds||60));u=function(d){if(d.data&&d.data.type==="authorization_response"){if(clearTimeout(h),clearInterval(p),window.removeEventListener("message",u,!1),s.closePopup!==!1&&s.popup.close(),d.data.response.error)return l(x.fromPayload(d.data.response));c(d.data.response)}},window.addEventListener("message",u)})))(Object.assign(Object.assign({},n),{timeoutInSeconds:n.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}));if(r.state!==i.state)throw new x("state_mismatch","Invalid state");const a=((o=e.authorizationParams)===null||o===void 0?void 0:o.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:r.audience,scope:r.scope,code_verifier:r.code_verifier,grant_type:"authorization_code",code:i.code,redirect_uri:r.redirect_uri},{nonceIn:r.nonce,organization:a})}async getUser(){var e;const n=await this._getIdTokenFromCache();return(e=n==null?void 0:n.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const n=await this._getIdTokenFromCache();return(e=n==null?void 0:n.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(){var e;const n=no(arguments.length>0&&arguments[0]!==void 0?arguments[0]:{}),{openUrl:o,fragment:r,appState:i}=n,a=ne(n,["openUrl","fragment","appState"]),s=((e=a.authorizationParams)===null||e===void 0?void 0:e.organization)||this.options.authorizationParams.organization,c=await this._prepareAuthorizeUrl(a.authorizationParams||{}),{url:l}=c,u=ne(c,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},u),{appState:i,response_type:exports.ResponseType.Code}),s&&{organization:s}));const p=r?"".concat(l,"#").concat(r):l;o?await o(p):window.location.assign(p)}async handleRedirectCallback(){const e=(arguments.length>0&&arguments[0]!==void 0?arguments[0]:window.location.href).split("?").slice(1);if(e.length===0)throw new Error("There are no query params available for parsing.");const n=this.transactionManager.get();if(!n)throw new x("missing_transaction","Invalid state");this.transactionManager.remove();const o=(r=>{r.indexOf("#")>-1&&(r=r.substring(0,r.indexOf("#")));const i=new URLSearchParams(r);return{state:i.get("state"),code:i.get("code")||void 0,connect_code:i.get("connect_code")||void 0,error:i.get("error")||void 0,error_description:i.get("error_description")||void 0}})(e.join(""));return n.response_type===exports.ResponseType.ConnectCode?this._handleConnectAccountRedirectCallback(o,n):this._handleLoginRedirectCallback(o,n)}async _handleLoginRedirectCallback(e,n){const{code:o,state:r,error:i,error_description:a}=e;if(i)throw new Kt(i,a||i,r,n.appState);if(!n.code_verifier||n.state&&n.state!==r)throw new x("state_mismatch","Invalid state");const s=n.organization,c=n.nonce,l=n.redirect_uri;return await this._requestToken(Object.assign({audience:n.audience,scope:n.scope,code_verifier:n.code_verifier,grant_type:"authorization_code",code:o},l?{redirect_uri:l}:{}),{nonceIn:c,organization:s}),{appState:n.appState,response_type:exports.ResponseType.Code}}async _handleConnectAccountRedirectCallback(e,n){const{connect_code:o,state:r,error:i,error_description:a}=e;if(i)throw new Lt(i,a||i,n.connection,r,n.appState);if(!o)throw new x("missing_connect_code","Missing connect code");if(!(n.code_verifier&&n.state&&n.auth_session&&n.redirect_uri&&n.state===r))throw new x("state_mismatch","Invalid state");const s=await this.myAccountApi.completeAccount({auth_session:n.auth_session,connect_code:o,redirect_uri:n.redirect_uri,code_verifier:n.code_verifier});return Object.assign(Object.assign({},s),{appState:n.appState,response_type:exports.ResponseType.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get("auth0.is.authenticated"))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove("auth0.is.authenticated")}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var n,o;const r=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:yt(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((o=e.authorizationParams)===null||o===void 0?void 0:o.audience)||this.options.authorizationParams.audience)})}),i=await((a,s)=>{let c=Bt[s];return c||(c=a().finally((()=>{delete Bt[s],c=null})),Bt[s]=c),c})((()=>this._getTokenSilently(r)),"".concat(this.options.clientId,"::").concat(r.authorizationParams.audience,"::").concat(r.authorizationParams.scope));return e.detailedResponse?i:i==null?void 0:i.access_token}async _getTokenSilently(e){const{cacheMode:n}=e,o=ne(e,["cacheMode"]);if(n!=="off"){const s=await this._getEntryFromCache({scope:o.authorizationParams.scope,audience:o.authorizationParams.audience||"default",clientId:this.options.clientId,cacheMode:n});if(s)return s}if(n==="cache-only")return;const r=(i=this.options.clientId,a=o.authorizationParams.audience||"default","".concat("auth0.lock.getTokenSilently",".").concat(i,".").concat(a));var i,a;if(!await eo((()=>qe.acquireLock(r,5e3)),10))throw new Ie;this.activeLockKeys.add(r),this.activeLockKeys.size===1&&window.addEventListener("pagehide",this._releaseLockOnPageHide);try{if(n!=="off"){const d=await this._getEntryFromCache({scope:o.authorizationParams.scope,audience:o.authorizationParams.audience||"default",clientId:this.options.clientId});if(d)return d}const s=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(o):await this._getTokenFromIFrame(o),{id_token:c,token_type:l,access_token:u,oauthTokenScope:p,expires_in:h}=s;return Object.assign(Object.assign({id_token:c,token_type:l,access_token:u},p?{scope:p}:null),{expires_in:h})}finally{await qe.releaseLock(r),this.activeLockKeys.delete(r),this.activeLockKeys.size===0&&window.removeEventListener("pagehide",this._releaseLockOnPageHide)}}async getTokenWithPopup(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};var o,r;const i=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:yt(this.scope,(o=e.authorizationParams)===null||o===void 0?void 0:o.scope,((r=e.authorizationParams)===null||r===void 0?void 0:r.audience)||this.options.authorizationParams.audience)})});return n=Object.assign(Object.assign({},br),n),await this.loginWithPopup(i,n),(await this.cacheManager.get(new V({scope:i.authorizationParams.scope,audience:i.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const n=e.logoutParams||{},{federated:o}=n,r=ne(n,["federated"]),i=o?"&federated":"";return this._url("/v2/logout?".concat(yn(Object.assign({clientId:e.clientId},r))))+i}async logout(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var n;const o=no(e),{openUrl:r}=o,i=ne(o,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove("@@user@@"),await((n=this.dpop)===null||n===void 0?void 0:n.clear());const a=this._buildLogoutUrl(i);r?await r(a):r!==!1&&window.location.assign(a)}async _getTokenFromIFrame(e){const n=(o=this.options.clientId,"".concat("auth0.lock.getTokenFromIFrame",".").concat(o));var o;if(!await eo((()=>qe.acquireLock(n,5e3)),10))throw new Ie;try{const r=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!r.organization&&(r.organization=i);const{url:a,state:s,nonce:c,code_verifier:l,redirect_uri:u,scope:p,audience:h}=await this._prepareAuthorizeUrl(r,{response_mode:"web_message"},window.location.origin);if(window.crossOriginIsolated)throw new x("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const d=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let g;try{g=new URL(this.domainUrl).origin}catch{g=this.domainUrl}const f=await(function(w,_){let k=arguments.length>2&&arguments[2]!==void 0?arguments[2]:60;return new Promise(((E,y)=>{const P=window.document.createElement("iframe");P.setAttribute("width","0"),P.setAttribute("height","0"),P.style.display="none";const M=()=>{window.document.body.contains(P)&&(window.document.body.removeChild(P),window.removeEventListener("message",U,!1))};let U;const de=setTimeout((()=>{y(new Ie),M()}),1e3*k);U=function(J){if(J.origin!=_||!J.data||J.data.type!=="authorization_response")return;const je=J.source;je&&je.close(),J.data.response.error?y(x.fromPayload(J.data.response)):E(J.data.response),clearTimeout(de),window.removeEventListener("message",U,!1),setTimeout(M,2e3)},window.addEventListener("message",U,!1),window.document.body.appendChild(P),P.setAttribute("src",w)}))})(a,g,d);if(s!==f.state)throw new x("state_mismatch","Invalid state");const m=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:l,code:f.code,grant_type:"authorization_code",redirect_uri:u,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:c,organization:r.organization});return Object.assign(Object.assign({},m),{scope:p,oauthTokenScope:m.scope,audience:h})}catch(r){throw r.error==="login_required"&&this.logout({openUrl:!1}),r}finally{await qe.releaseLock(n)}}async _getTokenUsingRefreshToken(e){const n=await this.cacheManager.get(new V({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||"default",clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(n&&n.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new it(e.authorizationParams.audience||"default",e.authorizationParams.scope)}const o=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,r=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,i=((u,p,h,d)=>{var g;if(u&&h&&d){if(p.audience!==h)return p.scope;const f=d.split(" "),m=((g=p.scope)===null||g===void 0?void 0:g.split(" "))||[],w=m.every((_=>f.includes(_)));return f.length>=m.length&&w?d:p.scope}return p.scope})(this.options.useMrrt,e.authorizationParams,n==null?void 0:n.audience,n==null?void 0:n.scope);try{const u=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:n&&n.refresh_token,redirect_uri:o}),r&&{timeout:r}),{scopesToRequest:i});if(u.refresh_token&&(n!=null&&n.refresh_token)&&await this.cacheManager.updateEntry(n.refresh_token,u.refresh_token),this.options.useMrrt&&(a=n==null?void 0:n.audience,s=n==null?void 0:n.scope,c=e.authorizationParams.audience,l=e.authorizationParams.scope,(a!==c||!oo(l,s))&&!oo(i,u.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const p=((h,d)=>{const g=(h==null?void 0:h.split(" "))||[],f=(d==null?void 0:d.split(" "))||[];return g.filter((m=>f.indexOf(m)==-1)).join(",")})(i,u.scope);throw new Dn(e.authorizationParams.audience||"default",p)}return Object.assign(Object.assign({},u),{scope:e.authorizationParams.scope,oauthTokenScope:u.scope,audience:e.authorizationParams.audience||"default"})}catch(u){if((u.message.indexOf("Missing Refresh Token")>-1||u.message&&u.message.indexOf("invalid refresh token")>-1)&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw u}var a,s,c,l}async _saveEntryInCache(e){const{id_token:n,decodedToken:o}=e,r=ne(e,["id_token","decodedToken"]);this.userCache.set("@@user@@",{id_token:n,decodedToken:o}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(r)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||"default",n=this.scope[e],o=await this.cacheManager.getIdToken(new V({clientId:this.options.clientId,audience:e,scope:n})),r=this.userCache.get("@@user@@");return o&&o.id_token===(r==null?void 0:r.id_token)?r:(this.userCache.set("@@user@@",o),o)}async _getEntryFromCache(e){let{scope:n,audience:o,clientId:r,cacheMode:i}=e;const a=await this.cacheManager.get(new V({scope:n,audience:o,clientId:r}),60,this.options.useMrrt,i);if(a&&a.access_token){const{token_type:s,access_token:c,oauthTokenScope:l,expires_in:u}=a,p=await this._getIdTokenFromCache();return p&&Object.assign(Object.assign({id_token:p.id_token,token_type:s||"Bearer",access_token:c},l?{scope:l}:null),{expires_in:u})}}async _requestToken(e,n){var o,r;const{nonceIn:i,organization:a,scopesToRequest:s}=n||{},c=await Ur(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:s||e.scope}),this.worker),l=await this._verifyIdToken(c.id_token,i,a);if(e.grant_type==="authorization_code"){const u=await this._getIdTokenFromCache();!((r=(o=u==null?void 0:u.decodedToken)===null||o===void 0?void 0:o.claims)===null||r===void 0)&&r.sub&&u.decodedToken.claims.sub!==l.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove("@@user@@"))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},c),{decodedToken:l,scope:e.scope,audience:e.audience||"default"}),c.scope?{oauthTokenScope:c.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(a||l.claims.org_id),Object.assign(Object.assign({},c),{decodedToken:l})}async exchangeToken(e){return this._requestToken({grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type,scope:yt(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,n){return this._assertDpop(this.dpop),this.dpop.setNonce(e,n)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return new ei(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:n=>{var o;return this.getTokenSilently({authorizationParams:{scope:(o=n==null?void 0:n.scope)===null||o===void 0?void 0:o.join(" "),audience:n==null?void 0:n.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:n=>this.setDpopNonce(n,e.dpopNonceId),generateDpopProof:n=>this.generateDpopProof(n)})}async connectAccountWithRedirect(e){const{openUrl:n,appState:o,connection:r,scopes:i,authorization_params:a,redirectUri:s=this.options.authorizationParams.redirect_uri||window.location.origin}=e;if(!r)throw new Error("connection is required");const c=Zt(Ve()),l=Ve(),u=await Zn(l),p=Bn(u),{connect_uri:h,connect_params:d,auth_session:g}=await this.myAccountApi.connectAccount({connection:r,scopes:i,redirect_uri:s,state:c,code_challenge:p,code_challenge_method:"S256",authorization_params:a});this.transactionManager.create({state:c,code_verifier:l,auth_session:g,redirect_uri:s,appState:o,connection:r,response_type:exports.ResponseType.ConnectCode});const f=new URL(h);f.searchParams.set("ticket",d.ticket),n?await n(f.toString()):window.location.assign(f)}}exports.Auth0Client=wa;exports.AuthenticationError=Kt;exports.CacheKey=V;exports.ConnectError=Lt;exports.GenericError=x;exports.InMemoryCache=Kn;exports.LocalStorageCache=jo;exports.MfaRequiredError=Ht;exports.MissingRefreshTokenError=it;exports.MyAccountApiError=nt;exports.PopupCancelledError=Nt;exports.PopupOpenError=Wt;exports.PopupTimeoutError=Ut;exports.TimeoutError=Ie;exports.UseDpopNonceError=at;
5
- //# sourceMappingURL=auth0-spa-js.production.esm-DZ6lsBvD.cjs.map