@wandelbots/wandelbots-js-react-components 4.7.2-pr.v4.554.f8a153d → 5.0.0

package/dist/auth0-spa-js.production.esm-DNao6_S5.js

@@ -1,4064 +0,0 @@
-function X(n, e) {
-  var t = {};
-  for (var o in n) Object.prototype.hasOwnProperty.call(n, o) && e.indexOf(o) < 0 && (t[o] = n[o]);
-  if (n != null && typeof Object.getOwnPropertySymbols == "function") {
-    var r = 0;
-    for (o = Object.getOwnPropertySymbols(n); r < o.length; r++) e.indexOf(o[r]) < 0 && Object.prototype.propertyIsEnumerable.call(n, o[r]) && (t[o[r]] = n[o[r]]);
-  }
-  return t;
-}
-const Tr = { timeoutInSeconds: 60 }, xo = { name: "auth0-spa-js", version: "2.17.0" }, Co = () => Date.now();
-class O extends Error {
-  constructor(e, t) {
-    super(t), this.error = e, this.error_description = t, Object.setPrototypeOf(this, O.prototype);
-  }
-  static fromPayload(e) {
-    let { error: t, error_description: o } = e;
-    return new O(t, o);
-  }
-}
-class Cn extends O {
-  constructor(e, t, o) {
-    let r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : null;
-    super(e, t), this.state = o, this.appState = r, Object.setPrototypeOf(this, Cn.prototype);
-  }
-}
-class jn extends O {
-  constructor(e, t, o, r) {
-    let i = arguments.length > 4 && arguments[4] !== void 0 ? arguments[4] : null;
-    super(e, t), this.connection = o, this.state = r, this.appState = i, Object.setPrototypeOf(this, jn.prototype);
-  }
-}
-class Fe extends O {
-  constructor() {
-    super("timeout", "Timeout"), Object.setPrototypeOf(this, Fe.prototype);
-  }
-}
-class Dn extends Fe {
-  constructor(e) {
-    super(), this.popup = e, Object.setPrototypeOf(this, Dn.prototype);
-  }
-}
-class Ln extends O {
-  constructor(e) {
-    super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, Ln.prototype);
-  }
-}
-class Kn extends O {
-  constructor() {
-    super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, Kn.prototype);
-  }
-}
-class Je extends O {
-  constructor(e, t, o, r) {
-    super(e, t), this.mfa_token = o, this.mfa_requirements = r, Object.setPrototypeOf(this, Je.prototype);
-  }
-}
-class Ut extends O {
-  constructor(e, t) {
-    super("missing_refresh_token", "Missing Refresh Token (audience: '".concat(Pt(e, ["default"]), "', scope: '").concat(Pt(t), "')")), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Ut.prototype);
-  }
-}
-class Un extends O {
-  constructor(e, t) {
-    super("missing_scopes", "Missing requested scopes after refresh (audience: '".concat(Pt(e, ["default"]), "', missing scope: '").concat(Pt(t), "')")), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Un.prototype);
-  }
-}
-class Nt extends O {
-  constructor(e) {
-    super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = e, Object.setPrototypeOf(this, Nt.prototype);
-  }
-}
-function Pt(n) {
-  let e = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : [];
-  return n && !e.includes(n) ? n : "";
-}
-const Rt = () => window.crypto, Ze = () => {
-  const n = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";
-  let e = "";
-  return Array.from(Rt().getRandomValues(new Uint8Array(43))).forEach(((t) => e += n[t % n.length])), e;
-}, Jt = (n) => btoa(n), Pr = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], jo = function(n) {
-  let e = arguments.length > 1 && arguments[1] !== void 0 && arguments[1];
-  return Object.keys(n).reduce(((t, o) => {
-    if (e && o === "env") return t;
-    const r = Pr.find(((i) => i.key === o));
-    return r && r.type.includes(typeof n[o]) && (t[o] = n[o]), t;
-  }), {});
-}, mn = (n) => {
-  var { clientId: e } = n, t = X(n, ["clientId"]);
-  return new URLSearchParams(((o) => Object.keys(o).filter(((r) => o[r] !== void 0)).reduce(((r, i) => Object.assign(Object.assign({}, r), { [i]: o[i] })), {}))(Object.assign({ client_id: e }, t))).toString();
-}, $n = async (n) => await Rt().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(n)), eo = (n) => ((e) => decodeURIComponent(atob(e).split("").map(((t) => "%" + ("00" + t.charCodeAt(0).toString(16)).slice(-2))).join("")))(n.replace(/_/g, "/").replace(/-/g, "+")), to = (n) => {
-  const e = new Uint8Array(n);
-  return ((t) => {
-    const o = { "+": "-", "/": "_", "=": "" };
-    return t.replace(/[+/=]/g, ((r) => o[r]));
-  })(window.btoa(String.fromCharCode(...Array.from(e))));
-};
-var Ce = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {}, Do = {}, Nn = {};
-Object.defineProperty(Nn, "__esModule", { value: !0 });
-var Rr = (function() {
-  function n() {
-    var e = this;
-    this.locked = /* @__PURE__ */ new Map(), this.addToLocked = function(t, o) {
-      var r = e.locked.get(t);
-      r === void 0 ? o === void 0 ? e.locked.set(t, []) : e.locked.set(t, [o]) : o !== void 0 && (r.unshift(o), e.locked.set(t, r));
-    }, this.isLocked = function(t) {
-      return e.locked.has(t);
-    }, this.lock = function(t) {
-      return new Promise((function(o, r) {
-        e.isLocked(t) ? e.addToLocked(t, o) : (e.addToLocked(t), o());
-      }));
-    }, this.unlock = function(t) {
-      var o = e.locked.get(t);
-      if (o !== void 0 && o.length !== 0) {
-        var r = o.pop();
-        e.locked.set(t, o), r !== void 0 && setTimeout(r, 0);
-      } else e.locked.delete(t);
-    };
-  }
-  return n.getInstance = function() {
-    return n.instance === void 0 && (n.instance = new n()), n.instance;
-  }, n;
-})();
-Nn.default = function() {
-  return Rr.getInstance();
-};
-var Y = Ce && Ce.__awaiter || function(n, e, t, o) {
-  return new (t || (t = Promise))((function(r, i) {
-    function a(u) {
-      try {
-        c(o.next(u));
-      } catch (l) {
-        i(l);
-      }
-    }
-    function s(u) {
-      try {
-        c(o.throw(u));
-      } catch (l) {
-        i(l);
-      }
-    }
-    function c(u) {
-      u.done ? r(u.value) : new t((function(l) {
-        l(u.value);
-      })).then(a, s);
-    }
-    c((o = o.apply(n, e || [])).next());
-  }));
-}, Q = Ce && Ce.__generator || function(n, e) {
-  var t, o, r, i, a = { label: 0, sent: function() {
-    if (1 & r[0]) throw r[1];
-    return r[1];
-  }, trys: [], ops: [] };
-  return i = { next: s(0), throw: s(1), return: s(2) }, typeof Symbol == "function" && (i[Symbol.iterator] = function() {
-    return this;
-  }), i;
-  function s(c) {
-    return function(u) {
-      return (function(l) {
-        if (t) throw new TypeError("Generator is already executing.");
-        for (; a; ) try {
-          if (t = 1, o && (r = 2 & l[0] ? o.return : l[0] ? o.throw || ((r = o.return) && r.call(o), 0) : o.next) && !(r = r.call(o, l[1])).done) return r;
-          switch (o = 0, r && (l = [2 & l[0], r.value]), l[0]) {
-            case 0:
-            case 1:
-              r = l;
-              break;
-            case 4:
-              return a.label++, { value: l[1], done: !1 };
-            case 5:
-              a.label++, o = l[1], l = [0];
-              continue;
-            case 7:
-              l = a.ops.pop(), a.trys.pop();
-              continue;
-            default:
-              if (r = a.trys, !((r = r.length > 0 && r[r.length - 1]) || l[0] !== 6 && l[0] !== 2)) {
-                a = 0;
-                continue;
-              }
-              if (l[0] === 3 && (!r || l[1] > r[0] && l[1] < r[3])) {
-                a.label = l[1];
-                break;
-              }
-              if (l[0] === 6 && a.label < r[1]) {
-                a.label = r[1], r = l;
-                break;
-              }
-              if (r && a.label < r[2]) {
-                a.label = r[2], a.ops.push(l);
-                break;
-              }
-              r[2] && a.ops.pop(), a.trys.pop();
-              continue;
-          }
-          l = e.call(n, a);
-        } catch (f) {
-          l = [6, f], o = 0;
-        } finally {
-          t = r = 0;
-        }
-        if (5 & l[0]) throw l[1];
-        return { value: l[0] ? l[1] : void 0, done: !0 };
-      })([c, u]);
-    };
-  }
-}, qe = Ce;
-Object.defineProperty(Do, "__esModule", { value: !0 });
-var Le = Nn, mt = { key: function(n) {
-  return Y(qe, void 0, void 0, (function() {
-    return Q(this, (function(e) {
-      throw new Error("Unsupported");
-    }));
-  }));
-}, getItem: function(n) {
-  return Y(qe, void 0, void 0, (function() {
-    return Q(this, (function(e) {
-      throw new Error("Unsupported");
-    }));
-  }));
-}, clear: function() {
-  return Y(qe, void 0, void 0, (function() {
-    return Q(this, (function(n) {
-      return [2, window.localStorage.clear()];
-    }));
-  }));
-}, removeItem: function(n) {
-  return Y(qe, void 0, void 0, (function() {
-    return Q(this, (function(e) {
-      throw new Error("Unsupported");
-    }));
-  }));
-}, setItem: function(n, e) {
-  return Y(qe, void 0, void 0, (function() {
-    return Q(this, (function(t) {
-      throw new Error("Unsupported");
-    }));
-  }));
-}, keySync: function(n) {
-  return window.localStorage.key(n);
-}, getItemSync: function(n) {
-  return window.localStorage.getItem(n);
-}, clearSync: function() {
-  return window.localStorage.clear();
-}, removeItemSync: function(n) {
-  return window.localStorage.removeItem(n);
-}, setItemSync: function(n, e) {
-  return window.localStorage.setItem(n, e);
-} };
-function Vt(n) {
-  return new Promise((function(e) {
-    return setTimeout(e, n);
-  }));
-}
-function Ft(n) {
-  for (var e = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz", t = "", o = 0; o < n; o++)
-    t += e[Math.floor(Math.random() * e.length)];
-  return t;
-}
-var Ir = (function() {
-  function n(e) {
-    this.acquiredIatSet = /* @__PURE__ */ new Set(), this.storageHandler = void 0, this.id = Date.now().toString() + Ft(15), this.acquireLock = this.acquireLock.bind(this), this.releaseLock = this.releaseLock.bind(this), this.releaseLock__private__ = this.releaseLock__private__.bind(this), this.waitForSomethingToChange = this.waitForSomethingToChange.bind(this), this.refreshLockWhileAcquired = this.refreshLockWhileAcquired.bind(this), this.storageHandler = e, n.waiters === void 0 && (n.waiters = []);
-  }
-  return n.prototype.acquireLock = function(e, t) {
-    return t === void 0 && (t = 5e3), Y(this, void 0, void 0, (function() {
-      var o, r, i, a, s, c, u;
-      return Q(this, (function(l) {
-        switch (l.label) {
-          case 0:
-            o = Date.now() + Ft(4), r = Date.now() + t, i = "browser-tabs-lock-key-" + e, a = this.storageHandler === void 0 ? mt : this.storageHandler, l.label = 1;
-          case 1:
-            return Date.now() < r ? [4, Vt(30)] : [3, 8];
-          case 2:
-            return l.sent(), a.getItemSync(i) !== null ? [3, 5] : (s = this.id + "-" + e + "-" + o, [4, Vt(Math.floor(25 * Math.random()))]);
-          case 3:
-            return l.sent(), a.setItemSync(i, JSON.stringify({ id: this.id, iat: o, timeoutKey: s, timeAcquired: Date.now(), timeRefreshed: Date.now() })), [4, Vt(30)];
-          case 4:
-            return l.sent(), (c = a.getItemSync(i)) !== null && (u = JSON.parse(c)).id === this.id && u.iat === o ? (this.acquiredIatSet.add(o), this.refreshLockWhileAcquired(i, o), [2, !0]) : [3, 7];
-          case 5:
-            return n.lockCorrector(this.storageHandler === void 0 ? mt : this.storageHandler), [4, this.waitForSomethingToChange(r)];
-          case 6:
-            l.sent(), l.label = 7;
-          case 7:
-            return o = Date.now() + Ft(4), [3, 1];
-          case 8:
-            return [2, !1];
-        }
-      }));
-    }));
-  }, n.prototype.refreshLockWhileAcquired = function(e, t) {
-    return Y(this, void 0, void 0, (function() {
-      var o = this;
-      return Q(this, (function(r) {
-        return setTimeout((function() {
-          return Y(o, void 0, void 0, (function() {
-            var i, a, s;
-            return Q(this, (function(c) {
-              switch (c.label) {
-                case 0:
-                  return [4, Le.default().lock(t)];
-                case 1:
-                  return c.sent(), this.acquiredIatSet.has(t) ? (i = this.storageHandler === void 0 ? mt : this.storageHandler, (a = i.getItemSync(e)) === null ? (Le.default().unlock(t), [2]) : ((s = JSON.parse(a)).timeRefreshed = Date.now(), i.setItemSync(e, JSON.stringify(s)), Le.default().unlock(t), this.refreshLockWhileAcquired(e, t), [2])) : (Le.default().unlock(t), [2]);
-              }
-            }));
-          }));
-        }), 1e3), [2];
-      }));
-    }));
-  }, n.prototype.waitForSomethingToChange = function(e) {
-    return Y(this, void 0, void 0, (function() {
-      return Q(this, (function(t) {
-        switch (t.label) {
-          case 0:
-            return [4, new Promise((function(o) {
-              var r = !1, i = Date.now(), a = !1;
-              function s() {
-                if (a || (window.removeEventListener("storage", s), n.removeFromWaiting(s), clearTimeout(c), a = !0), !r) {
-                  r = !0;
-                  var u = 50 - (Date.now() - i);
-                  u > 0 ? setTimeout(o, u) : o(null);
-                }
-              }
-              window.addEventListener("storage", s), n.addToWaiting(s);
-              var c = setTimeout(s, Math.max(0, e - Date.now()));
-            }))];
-          case 1:
-            return t.sent(), [2];
-        }
-      }));
-    }));
-  }, n.addToWaiting = function(e) {
-    this.removeFromWaiting(e), n.waiters !== void 0 && n.waiters.push(e);
-  }, n.removeFromWaiting = function(e) {
-    n.waiters !== void 0 && (n.waiters = n.waiters.filter((function(t) {
-      return t !== e;
-    })));
-  }, n.notifyWaiters = function() {
-    n.waiters !== void 0 && n.waiters.slice().forEach((function(e) {
-      return e();
-    }));
-  }, n.prototype.releaseLock = function(e) {
-    return Y(this, void 0, void 0, (function() {
-      return Q(this, (function(t) {
-        switch (t.label) {
-          case 0:
-            return [4, this.releaseLock__private__(e)];
-          case 1:
-            return [2, t.sent()];
-        }
-      }));
-    }));
-  }, n.prototype.releaseLock__private__ = function(e) {
-    return Y(this, void 0, void 0, (function() {
-      var t, o, r, i;
-      return Q(this, (function(a) {
-        switch (a.label) {
-          case 0:
-            return t = this.storageHandler === void 0 ? mt : this.storageHandler, o = "browser-tabs-lock-key-" + e, (r = t.getItemSync(o)) === null ? [2] : (i = JSON.parse(r)).id !== this.id ? [3, 2] : [4, Le.default().lock(i.iat)];
-          case 1:
-            a.sent(), this.acquiredIatSet.delete(i.iat), t.removeItemSync(o), Le.default().unlock(i.iat), n.notifyWaiters(), a.label = 2;
-          case 2:
-            return [2];
-        }
-      }));
-    }));
-  }, n.lockCorrector = function(e) {
-    for (var t = Date.now() - 5e3, o = e, r = [], i = 0; ; ) {
-      var a = o.keySync(i);
-      if (a === null) break;
-      r.push(a), i++;
-    }
-    for (var s = !1, c = 0; c < r.length; c++) {
-      var u = r[c];
-      if (u.includes("browser-tabs-lock-key")) {
-        var l = o.getItemSync(u);
-        if (l !== null) {
-          var f = JSON.parse(l);
-          (f.timeRefreshed === void 0 && f.timeAcquired < t || f.timeRefreshed !== void 0 && f.timeRefreshed < t) && (o.removeItemSync(u), s = !0);
-        }
-      }
-    }
-    s && n.notifyWaiters();
-  }, n.waiters = void 0, n;
-})(), Or = Do.default = Ir;
-class xr {
-  async runWithLock(e, t, o) {
-    const r = new AbortController(), i = setTimeout((() => r.abort()), t);
-    try {
-      return await navigator.locks.request(e, { mode: "exclusive", signal: r.signal }, (async (a) => {
-        if (clearTimeout(i), !a) throw new Error("Lock not available");
-        return await o();
-      }));
-    } catch (a) {
-      throw clearTimeout(i), (a == null ? void 0 : a.name) === "AbortError" ? new Fe() : a;
-    }
-  }
-}
-class Cr {
-  constructor() {
-    this.activeLocks = /* @__PURE__ */ new Set(), this.lock = new Or(), this.pagehideHandler = () => {
-      this.activeLocks.forEach(((e) => this.lock.releaseLock(e))), this.activeLocks.clear();
-    };
-  }
-  async runWithLock(e, t, o) {
-    let r = !1;
-    for (let i = 0; i < 10 && !r; i++) r = await this.lock.acquireLock(e, t);
-    if (!r) throw new Fe();
-    this.activeLocks.add(e), this.activeLocks.size === 1 && typeof window < "u" && window.addEventListener("pagehide", this.pagehideHandler);
-    try {
-      return await o();
-    } finally {
-      this.activeLocks.delete(e), await this.lock.releaseLock(e), this.activeLocks.size === 0 && typeof window < "u" && window.removeEventListener("pagehide", this.pagehideHandler);
-    }
-  }
-}
-function jr() {
-  return typeof navigator < "u" && typeof ((n = navigator.locks) === null || n === void 0 ? void 0 : n.request) == "function" ? new xr() : new Cr();
-  var n;
-}
-let Gt = null;
-const Dr = new TextEncoder(), Lr = new TextDecoder();
-function $e(n) {
-  return typeof n == "string" ? Dr.encode(n) : Lr.decode(n);
-}
-function no(n) {
-  if (typeof n.modulusLength != "number" || n.modulusLength < 2048) throw new Ur(`${n.name} modulusLength must be at least 2048 bits`);
-}
-async function Kr(n, e, t) {
-  if (t.usages.includes("sign") === !1) throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${et($e(JSON.stringify(n)))}.${et($e(JSON.stringify(e)))}`;
-  return `${o}.${et(await crypto.subtle.sign((function(r) {
-    switch (r.algorithm.name) {
-      case "ECDSA":
-        return { name: r.algorithm.name, hash: "SHA-256" };
-      case "RSA-PSS":
-        return no(r.algorithm), { name: r.algorithm.name, saltLength: 32 };
-      case "RSASSA-PKCS1-v1_5":
-        return no(r.algorithm), { name: r.algorithm.name };
-      case "Ed25519":
-        return { name: r.algorithm.name };
-    }
-    throw new Oe();
-  })(t), t, $e(o)))}`;
-}
-let yn;
-Uint8Array.prototype.toBase64 ? yn = (n) => (n instanceof ArrayBuffer && (n = new Uint8Array(n)), n.toBase64({ alphabet: "base64url", omitPadding: !0 })) : yn = (e) => {
-  e instanceof ArrayBuffer && (e = new Uint8Array(e));
-  const t = [];
-  for (let o = 0; o < e.byteLength; o += 32768) t.push(String.fromCharCode.apply(null, e.subarray(o, o + 32768)));
-  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-};
-function et(n) {
-  return yn(n);
-}
-class Oe extends Error {
-  constructor(e) {
-    var t;
-    super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
-  }
-}
-class Ur extends Error {
-  constructor(e) {
-    var t;
-    super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
-  }
-}
-function Nr(n) {
-  switch (n.algorithm.name) {
-    case "RSA-PSS":
-      return (function(e) {
-        if (e.algorithm.hash.name === "SHA-256") return "PS256";
-        throw new Oe("unsupported RsaHashedKeyAlgorithm hash name");
-      })(n);
-    case "RSASSA-PKCS1-v1_5":
-      return (function(e) {
-        if (e.algorithm.hash.name === "SHA-256") return "RS256";
-        throw new Oe("unsupported RsaHashedKeyAlgorithm hash name");
-      })(n);
-    case "ECDSA":
-      return (function(e) {
-        if (e.algorithm.namedCurve === "P-256") return "ES256";
-        throw new Oe("unsupported EcKeyAlgorithm namedCurve");
-      })(n);
-    case "Ed25519":
-      return "Ed25519";
-    default:
-      throw new Oe("unsupported CryptoKey algorithm name");
-  }
-}
-function Lo(n) {
-  return n instanceof CryptoKey;
-}
-function Ko(n) {
-  return Lo(n) && n.type === "public";
-}
-async function Wr(n, e, t, o, r, i) {
-  const a = n == null ? void 0 : n.privateKey, s = n == null ? void 0 : n.publicKey;
-  if (!Lo(c = a) || c.type !== "private") throw new TypeError('"keypair.privateKey" must be a private CryptoKey');
-  var c;
-  if (!Ko(s)) throw new TypeError('"keypair.publicKey" must be a public CryptoKey');
-  if (s.extractable !== !0) throw new TypeError('"keypair.publicKey.extractable" must be true');
-  if (typeof e != "string") throw new TypeError('"htu" must be a string');
-  if (typeof t != "string") throw new TypeError('"htm" must be a string');
-  if (o !== void 0 && typeof o != "string") throw new TypeError('"nonce" must be a string or undefined');
-  if (r !== void 0 && typeof r != "string") throw new TypeError('"accessToken" must be a string or undefined');
-  return Kr({ alg: Nr(a), typ: "dpop+jwt", jwk: await Uo(s) }, Object.assign(Object.assign({}, i), { iat: Math.floor(Date.now() / 1e3), jti: crypto.randomUUID(), htm: t, nonce: o, htu: e, ath: r ? et(await crypto.subtle.digest("SHA-256", $e(r))) : void 0 }), a);
-}
-async function Uo(n) {
-  const { kty: e, e: t, n: o, x: r, y: i, crv: a } = await crypto.subtle.exportKey("jwk", n);
-  return { kty: e, crv: a, e: t, n: o, x: r, y: i };
-}
-const zr = ["authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:token-exchange", "http://auth0.com/oauth/grant-type/mfa-oob", "http://auth0.com/oauth/grant-type/mfa-otp", "http://auth0.com/oauth/grant-type/mfa-recovery-code"];
-function Hr() {
-  return (async function(n, e) {
-    var t;
-    let o;
-    if (n.length === 0) throw new TypeError('"alg" must be a non-empty string');
-    switch (n) {
-      case "PS256":
-        o = { name: "RSA-PSS", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
-        break;
-      case "RS256":
-        o = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
-        break;
-      case "ES256":
-        o = { name: "ECDSA", namedCurve: "P-256" };
-        break;
-      case "Ed25519":
-        o = { name: "Ed25519" };
-        break;
-      default:
-        throw new Oe();
-    }
-    return crypto.subtle.generateKey(o, (t = e == null ? void 0 : e.extractable) !== null && t !== void 0 && t, ["sign", "verify"]);
-  })("ES256", { extractable: !1 });
-}
-function Mr(n) {
-  return (async function(e) {
-    if (!Ko(e)) throw new TypeError('"publicKey" must be a public CryptoKey');
-    if (e.extractable !== !0) throw new TypeError('"publicKey.extractable" must be true');
-    const t = await Uo(e);
-    let o;
-    switch (t.kty) {
-      case "EC":
-        o = { crv: t.crv, kty: t.kty, x: t.x, y: t.y };
-        break;
-      case "OKP":
-        o = { crv: t.crv, kty: t.kty, x: t.x };
-        break;
-      case "RSA":
-        o = { e: t.e, kty: t.kty, n: t.n };
-        break;
-      default:
-        throw new Oe("unsupported JWK kty");
-    }
-    return et(await crypto.subtle.digest({ name: "SHA-256" }, $e(JSON.stringify(o))));
-  })(n.publicKey);
-}
-function Jr(n) {
-  let { keyPair: e, url: t, method: o, nonce: r, accessToken: i } = n;
-  const a = (function(s) {
-    const c = new URL(s);
-    return c.search = "", c.hash = "", c.href;
-  })(t);
-  return Wr(e, a, o, r, i);
-}
-const Vr = async (n, e) => {
-  const t = await fetch(n, e);
-  return { ok: t.ok, json: await t.json(), headers: (o = t.headers, [...o].reduce(((r, i) => {
-    let [a, s] = i;
-    return r[a] = s, r;
-  }), {})) };
-  var o;
-}, Fr = async (n, e, t) => {
-  const o = new AbortController();
-  let r;
-  return e.signal = o.signal, Promise.race([Vr(n, e), new Promise(((i, a) => {
-    r = setTimeout((() => {
-      o.abort(), a(new Error("Timeout when executing 'fetch'"));
-    }), t);
-  }))]).finally((() => {
-    clearTimeout(r);
-  }));
-}, Gr = async (n, e, t, o, r, i, a, s) => ((c, u) => new Promise((function(l, f) {
-  const h = new MessageChannel();
-  h.port1.onmessage = function(d) {
-    d.data.error ? f(new Error(d.data.error)) : l(d.data), h.port1.close();
-  }, u.postMessage(c, [h.port2]);
-})))({ auth: { audience: e, scope: t }, timeout: r, fetchUrl: n, fetchOptions: o, useFormData: a, useMrrt: s }, i), Zr = async function(n, e, t, o, r, i) {
-  let a = arguments.length > 6 && arguments[6] !== void 0 ? arguments[6] : 1e4, s = arguments.length > 7 ? arguments[7] : void 0;
-  return r ? Gr(n, e, t, o, a, r, i, s) : Fr(n, o, a);
-};
-async function No(n, e, t, o, r, i, a, s, c, u) {
-  if (c) {
-    const k = await c.generateProof({ url: n, method: r.method || "GET", nonce: await c.getNonce() });
-    r.headers = Object.assign(Object.assign({}, r.headers), { dpop: k });
-  }
-  let l, f = null;
-  for (let k = 0; k < 3; k++) try {
-    l = await Zr(n, t, o, r, i, a, e, s), f = null;
-    break;
-  } catch (E) {
-    f = E;
-  }
-  if (f) throw f;
-  const h = l.json, { error: d, error_description: w } = h, m = X(h, ["error", "error_description"]), { headers: p, ok: g } = l;
-  let b;
-  if (c && (b = p["dpop-nonce"], b && await c.setNonce(b)), !g) {
-    const k = w || "HTTP error. Unable to fetch ".concat(n);
-    if (d === "mfa_required") throw new Je(d, k, m.mfa_token, m.mfa_requirements);
-    if (d === "missing_refresh_token") throw new Ut(t, o);
-    if (d === "use_dpop_nonce") {
-      if (!c || !b || u) throw new Nt(b);
-      return No(n, e, t, o, r, i, a, s, c, !0);
-    }
-    throw new O(d || "request_error", k);
-  }
-  return m;
-}
-async function qr(n, e) {
-  var { baseUrl: t, timeout: o, audience: r, scope: i, auth0Client: a, useFormData: s, useMrrt: c, dpop: u } = n, l = X(n, ["baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop"]);
-  const f = l.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", h = l.grant_type === "refresh_token" && c, d = Object.assign(Object.assign(Object.assign(Object.assign({}, l), f && r && { audience: r }), f && i && { scope: i }), h && { audience: r, scope: i }), w = s ? mn(d) : JSON.stringify(d), m = (p = l.grant_type, zr.includes(p));
-  var p;
-  return await No("".concat(t, "/oauth/token"), o, r || "default", i, { method: "POST", body: w, headers: { "Content-Type": s ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(jo(a || xo))) } }, e, s, c, m ? u : void 0);
-}
-const Br = (n) => Array.from(new Set(n)), Et = function() {
-  for (var n = arguments.length, e = new Array(n), t = 0; t < n; t++) e[t] = arguments[t];
-  return Br(e.filter(Boolean).join(" ").trim().split(/\s+/)).join(" ");
-}, yt = (n, e, t) => {
-  let o;
-  return t && (o = n[t]), o || (o = n.default), Et(o, e);
-};
-class Z {
-  constructor(e) {
-    let t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "@@auth0spajs@@", o = arguments.length > 2 ? arguments[2] : void 0;
-    this.prefix = t, this.suffix = o, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
-  }
-  toKey() {
-    return [this.prefix, this.clientId, this.audience, this.scope, this.suffix].filter(Boolean).join("::");
-  }
-  static fromKey(e) {
-    const [t, o, r, i] = e.split("::");
-    return new Z({ clientId: o, scope: i, audience: r }, t);
-  }
-  static fromCacheEntry(e) {
-    const { scope: t, audience: o, client_id: r } = e;
-    return new Z({ scope: t, audience: o, clientId: r });
-  }
-}
-class Xr {
-  set(e, t) {
-    localStorage.setItem(e, JSON.stringify(t));
-  }
-  get(e) {
-    const t = window.localStorage.getItem(e);
-    if (t) try {
-      return JSON.parse(t);
-    } catch {
-      return;
-    }
-  }
-  remove(e) {
-    localStorage.removeItem(e);
-  }
-  allKeys() {
-    return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
-  }
-}
-class Wo {
-  constructor() {
-    this.enclosedCache = /* @__PURE__ */ (function() {
-      let e = {};
-      return { set(t, o) {
-        e[t] = o;
-      }, get(t) {
-        const o = e[t];
-        if (o) return o;
-      }, remove(t) {
-        delete e[t];
-      }, allKeys: () => Object.keys(e) };
-    })();
-  }
-}
-class Yr {
-  constructor(e, t, o) {
-    this.cache = e, this.keyManifest = t, this.nowProvider = o || Co;
-  }
-  async setIdToken(e, t, o) {
-    var r;
-    const i = this.getIdTokenCacheKey(e);
-    await this.cache.set(i, { id_token: t, decodedToken: o }), await ((r = this.keyManifest) === null || r === void 0 ? void 0 : r.add(i));
-  }
-  async getIdToken(e) {
-    const t = await this.cache.get(this.getIdTokenCacheKey(e.clientId));
-    if (!t && e.scope && e.audience) {
-      const o = await this.get(e);
-      return !o || !o.id_token || !o.decodedToken ? void 0 : { id_token: o.id_token, decodedToken: o.decodedToken };
-    }
-    if (t) return { id_token: t.id_token, decodedToken: t.decodedToken };
-  }
-  async get(e) {
-    let t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : 0, o = arguments.length > 2 && arguments[2] !== void 0 && arguments[2], r = arguments.length > 3 ? arguments[3] : void 0;
-    var i;
-    let a = await this.cache.get(e.toKey());
-    if (!a) {
-      const u = await this.getCacheKeys();
-      if (!u) return;
-      const l = this.matchExistingCacheKey(e, u);
-      if (l && (a = await this.cache.get(l)), !a && o && r !== "cache-only") return this.getEntryWithRefreshToken(e, u);
-    }
-    if (!a) return;
-    const s = await this.nowProvider(), c = Math.floor(s / 1e3);
-    return a.expiresAt - t < c ? a.body.refresh_token ? this.modifiedCachedEntry(a, e) : (await this.cache.remove(e.toKey()), void await ((i = this.keyManifest) === null || i === void 0 ? void 0 : i.remove(e.toKey()))) : a.body;
-  }
-  async modifiedCachedEntry(e, t) {
-    return e.body = { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope }, await this.cache.set(t.toKey(), e), { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope };
-  }
-  async set(e) {
-    var t;
-    const o = new Z({ clientId: e.client_id, scope: e.scope, audience: e.audience }), r = await this.wrapCacheEntry(e);
-    await this.cache.set(o.toKey(), r), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.add(o.toKey()));
-  }
-  async remove(e, t, o) {
-    const r = new Z({ clientId: e, scope: o, audience: t });
-    await this.cache.remove(r.toKey());
-  }
-  async clear(e) {
-    var t;
-    const o = await this.getCacheKeys();
-    o && (await o.filter(((r) => !e || r.includes(e))).reduce((async (r, i) => {
-      await r, await this.cache.remove(i);
-    }), Promise.resolve()), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.clear()));
-  }
-  async wrapCacheEntry(e) {
-    const t = await this.nowProvider();
-    return { body: e, expiresAt: Math.floor(t / 1e3) + e.expires_in };
-  }
-  async getCacheKeys() {
-    var e;
-    return this.keyManifest ? (e = await this.keyManifest.get()) === null || e === void 0 ? void 0 : e.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
-  }
-  getIdTokenCacheKey(e) {
-    return new Z({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
-  }
-  matchExistingCacheKey(e, t) {
-    return t.filter(((o) => {
-      var r;
-      const i = Z.fromKey(o), a = new Set(i.scope && i.scope.split(" ")), s = ((r = e.scope) === null || r === void 0 ? void 0 : r.split(" ")) || [], c = i.scope && s.reduce(((u, l) => u && a.has(l)), !0);
-      return i.prefix === "@@auth0spajs@@" && i.clientId === e.clientId && i.audience === e.audience && c;
-    }))[0];
-  }
-  async getEntryWithRefreshToken(e, t) {
-    var o;
-    for (const r of t) {
-      const i = Z.fromKey(r);
-      if (i.prefix === "@@auth0spajs@@" && i.clientId === e.clientId) {
-        const a = await this.cache.get(r);
-        if (!((o = a == null ? void 0 : a.body) === null || o === void 0) && o.refresh_token) return this.modifiedCachedEntry(a, e);
-      }
-    }
-  }
-  async updateEntry(e, t) {
-    var o;
-    const r = await this.getCacheKeys();
-    if (r) for (const i of r) {
-      const a = await this.cache.get(i);
-      ((o = a == null ? void 0 : a.body) === null || o === void 0 ? void 0 : o.refresh_token) === e && (a.body.refresh_token = t, await this.cache.set(i, a));
-    }
-  }
-}
-class Qr {
-  constructor(e, t, o) {
-    this.storage = e, this.clientId = t, this.cookieDomain = o, this.storageKey = "".concat("a0.spajs.txs", ".").concat(this.clientId);
-  }
-  create(e) {
-    this.storage.save(this.storageKey, e, { daysUntilExpire: 1, cookieDomain: this.cookieDomain });
-  }
-  get() {
-    return this.storage.get(this.storageKey);
-  }
-  remove() {
-    this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
-  }
-}
-const Be = (n) => typeof n == "number", $r = ["iss", "aud", "exp", "nbf", "iat", "jti", "azp", "nonce", "auth_time", "at_hash", "c_hash", "acr", "amr", "sub_jwk", "cnf", "sip_from_tag", "sip_date", "sip_callid", "sip_cseq_num", "sip_via_branch", "orig", "dest", "mky", "events", "toe", "txn", "rph", "sid", "vot", "vtm"], ei = (n) => {
-  if (!n.id_token) throw new Error("ID token is required but missing");
-  const e = ((i) => {
-    const a = i.split("."), [s, c, u] = a;
-    if (a.length !== 3 || !s || !c || !u) throw new Error("ID token could not be decoded");
-    const l = JSON.parse(eo(c)), f = { __raw: i }, h = {};
-    return Object.keys(l).forEach(((d) => {
-      f[d] = l[d], $r.includes(d) || (h[d] = l[d]);
-    })), { encoded: { header: s, payload: c, signature: u }, header: JSON.parse(eo(s)), claims: f, user: h };
-  })(n.id_token);
-  if (!e.claims.iss) throw new Error("Issuer (iss) claim must be a string present in the ID token");
-  if (e.claims.iss !== n.iss) throw new Error('Issuer (iss) claim mismatch in the ID token; expected "'.concat(n.iss, '", found "').concat(e.claims.iss, '"'));
-  if (!e.user.sub) throw new Error("Subject (sub) claim must be a string present in the ID token");
-  if (e.header.alg !== "RS256") throw new Error('Signature algorithm of "'.concat(e.header.alg, '" is not supported. Expected the ID token to be signed with "RS256".'));
-  if (!e.claims.aud || typeof e.claims.aud != "string" && !Array.isArray(e.claims.aud)) throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");
-  if (Array.isArray(e.claims.aud)) {
-    if (!e.claims.aud.includes(n.aud)) throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(n.aud, '" but was not one of "').concat(e.claims.aud.join(", "), '"'));
-    if (e.claims.aud.length > 1) {
-      if (!e.claims.azp) throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
-      if (e.claims.azp !== n.aud) throw new Error('Authorized Party (azp) claim mismatch in the ID token; expected "'.concat(n.aud, '", found "').concat(e.claims.azp, '"'));
-    }
-  } else if (e.claims.aud !== n.aud) throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(n.aud, '" but found "').concat(e.claims.aud, '"'));
-  if (n.nonce) {
-    if (!e.claims.nonce) throw new Error("Nonce (nonce) claim must be a string present in the ID token");
-    if (e.claims.nonce !== n.nonce) throw new Error('Nonce (nonce) claim mismatch in the ID token; expected "'.concat(n.nonce, '", found "').concat(e.claims.nonce, '"'));
-  }
-  if (n.max_age && !Be(e.claims.auth_time)) throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
-  if (e.claims.exp == null || !Be(e.claims.exp)) throw new Error("Expiration Time (exp) claim must be a number present in the ID token");
-  if (!Be(e.claims.iat)) throw new Error("Issued At (iat) claim must be a number present in the ID token");
-  const t = n.leeway || 60, o = new Date(n.now || Date.now()), r = /* @__PURE__ */ new Date(0);
-  if (r.setUTCSeconds(e.claims.exp + t), o > r) throw new Error("Expiration Time (exp) claim error in the ID token; current time (".concat(o, ") is after expiration time (").concat(r, ")"));
-  if (e.claims.nbf != null && Be(e.claims.nbf)) {
-    const i = /* @__PURE__ */ new Date(0);
-    if (i.setUTCSeconds(e.claims.nbf - t), o < i) throw new Error("Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (".concat(o, ") is before ").concat(i));
-  }
-  if (e.claims.auth_time != null && Be(e.claims.auth_time)) {
-    const i = /* @__PURE__ */ new Date(0);
-    if (i.setUTCSeconds(parseInt(e.claims.auth_time) + n.max_age + t), o > i) throw new Error("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (".concat(o, ") is after last auth at ").concat(i));
-  }
-  if (n.organization) {
-    const i = n.organization.trim();
-    if (i.startsWith("org_")) {
-      const a = i;
-      if (!e.claims.org_id) throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
-      if (a !== e.claims.org_id) throw new Error('Organization ID (org_id) claim mismatch in the ID token; expected "'.concat(a, '", found "').concat(e.claims.org_id, '"'));
-    } else {
-      const a = i.toLowerCase();
-      if (!e.claims.org_name) throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
-      if (a !== e.claims.org_name) throw new Error('Organization Name (org_name) claim mismatch in the ID token; expected "'.concat(a, '", found "').concat(e.claims.org_name, '"'));
-    }
-  }
-  return e;
-};
-var rt = Ce && Ce.__assign || function() {
-  return rt = Object.assign || function(n) {
-    for (var e, t = 1, o = arguments.length; t < o; t++) for (var r in e = arguments[t]) Object.prototype.hasOwnProperty.call(e, r) && (n[r] = e[r]);
-    return n;
-  }, rt.apply(this, arguments);
-};
-function Xe(n, e) {
-  if (!e) return "";
-  var t = "; " + n;
-  return e === !0 ? t : t + "=" + e;
-}
-function ti(n, e, t) {
-  return encodeURIComponent(n).replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent).replace(/\(/g, "%28").replace(/\)/g, "%29") + "=" + encodeURIComponent(e).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent) + (function(o) {
-    if (typeof o.expires == "number") {
-      var r = /* @__PURE__ */ new Date();
-      r.setMilliseconds(r.getMilliseconds() + 864e5 * o.expires), o.expires = r;
-    }
-    return Xe("Expires", o.expires ? o.expires.toUTCString() : "") + Xe("Domain", o.domain) + Xe("Path", o.path) + Xe("Secure", o.secure) + Xe("SameSite", o.sameSite);
-  })(t);
-}
-function ni() {
-  return (function(n) {
-    for (var e = {}, t = n ? n.split("; ") : [], o = /(%[\dA-F]{2})+/gi, r = 0; r < t.length; r++) {
-      var i = t[r].split("="), a = i.slice(1).join("=");
-      a.charAt(0) === '"' && (a = a.slice(1, -1));
-      try {
-        e[i[0].replace(o, decodeURIComponent)] = a.replace(o, decodeURIComponent);
-      } catch {
-      }
-    }
-    return e;
-  })(document.cookie);
-}
-var oi = function(n) {
-  return ni()[n];
-};
-function zo(n, e, t) {
-  document.cookie = ti(n, e, rt({ path: "/" }, t));
-}
-var Ho = zo, Mo = function(n, e) {
-  zo(n, "", rt(rt({}, e), { expires: -1 }));
-};
-const Ne = { get(n) {
-  const e = oi(n);
-  if (e !== void 0) return JSON.parse(e);
-}, save(n, e, t) {
-  let o = {};
-  window.location.protocol === "https:" && (o = { secure: !0, sameSite: "none" }), t != null && t.daysUntilExpire && (o.expires = t.daysUntilExpire), t != null && t.cookieDomain && (o.domain = t.cookieDomain), Ho(n, JSON.stringify(e), o);
-}, remove(n, e) {
-  let t = {};
-  e != null && e.cookieDomain && (t.domain = e.cookieDomain), Mo(n, t);
-} }, ri = { get(n) {
-  return Ne.get(n) || Ne.get("".concat("_legacy_").concat(n));
-}, save(n, e, t) {
-  let o = {};
-  window.location.protocol === "https:" && (o = { secure: !0 }), t != null && t.daysUntilExpire && (o.expires = t.daysUntilExpire), t != null && t.cookieDomain && (o.domain = t.cookieDomain), Ho("".concat("_legacy_").concat(n), JSON.stringify(e), o), Ne.save(n, e, t);
-}, remove(n, e) {
-  let t = {};
-  e != null && e.cookieDomain && (t.domain = e.cookieDomain), Mo(n, t), Ne.remove(n, e), Ne.remove("".concat("_legacy_").concat(n), e);
-} }, ii = { get(n) {
-  if (typeof sessionStorage > "u") return;
-  const e = sessionStorage.getItem(n);
-  return e != null ? JSON.parse(e) : void 0;
-}, save(n, e) {
-  sessionStorage.setItem(n, JSON.stringify(e));
-}, remove(n) {
-  sessionStorage.removeItem(n);
-} };
-var Re;
-(function(n) {
-  n.Code = "code", n.ConnectCode = "connect_code";
-})(Re || (Re = {}));
-function ai(n, e, t) {
-  var o = e === void 0 ? null : e, r = (function(c, u) {
-    var l = atob(c);
-    if (u) {
-      for (var f = new Uint8Array(l.length), h = 0, d = l.length; h < d; ++h) f[h] = l.charCodeAt(h);
-      return String.fromCharCode.apply(null, new Uint16Array(f.buffer));
-    }
-    return l;
-  })(n, t !== void 0 && t), i = r.indexOf(`
-`, 10) + 1, a = r.substring(i) + (o ? "//# sourceMappingURL=" + o : ""), s = new Blob([a], { type: "application/javascript" });
-  return URL.createObjectURL(s);
-}
-var oo, ro, io, Zt, si = (oo = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHQpe2xldHtlcnJvcjpyLGVycm9yX2Rlc2NyaXB0aW9uOnN9PXQ7cmV0dXJuIG5ldyBlKHIscyl9fWNsYXNzIHQgZXh0ZW5kcyBle2NvbnN0cnVjdG9yKGUscyl7c3VwZXIoIm1pc3NpbmdfcmVmcmVzaF90b2tlbiIsIk1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICciLmNvbmNhdChyKGUsWyJkZWZhdWx0Il0pLCInLCBzY29wZTogJyIpLmNvbmNhdChyKHMpLCInKSIpKSx0aGlzLmF1ZGllbmNlPWUsdGhpcy5zY29wZT1zLE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLHQucHJvdG90eXBlKX19ZnVuY3Rpb24gcihlKXtsZXQgdD1hcmd1bWVudHMubGVuZ3RoPjEmJnZvaWQgMCE9PWFyZ3VtZW50c1sxXT9hcmd1bWVudHNbMV06W107cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+IiIuY29uY2F0KGUsInwiKS5jb25jYXQodCk7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jIGU9PntsZXQgcixjLHtkYXRhOnt0aW1lb3V0OmksYXV0aDphLGZldGNoVXJsOmYsZmV0Y2hPcHRpb25zOmwsdXNlRm9ybURhdGE6cCx1c2VNcnJ0Omh9LHBvcnRzOlt1XX09ZSxkPXt9O2NvbnN0e2F1ZGllbmNlOmcsc2NvcGU6eX09YXx8e307dHJ5e2NvbnN0IGU9cD8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShsLmJvZHkpOkpTT04ucGFyc2UobC5ib2R5KTtpZighZS5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1lLmdyYW50X3R5cGUpe2lmKGM9KChlLHQpPT5vW24oZSx0KV0pKGcseSksIWMmJmgpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKCIiLmNvbmNhdChlLCJ8IikpKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxnKTtlJiYhdCYmKGM9ZSl9aWYoIWMpdGhyb3cgbmV3IHQoZyx5KTtsLmJvZHk9cD9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxlKSx7cmVmcmVzaF90b2tlbjpjfSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxlKSx7cmVmcmVzaF90b2tlbjpjfSkpfWxldCBhLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGE9bmV3IEFib3J0Q29udHJvbGxlcixsLnNpZ25hbD1hLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoaj1pLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsaikpKSksZmV0Y2goZixPYmplY3QuYXNzaWduKHt9LGwpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHUucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBhJiZhLmFib3J0KCksdm9pZCB1LnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO189ay5oZWFkZXJzLGQ9Wy4uLl9dLnJlZHVjZSgoKGUsdCk9PntsZXRbcixzXT10O3JldHVybiBlW3JdPXMsZX0pLHt9KSxyPWF3YWl0IGsuanNvbigpLHIucmVmcmVzaF90b2tlbj8oaCYmKG8ubGF0ZXN0X3JlZnJlc2hfdG9rZW49ci5yZWZyZXNoX3Rva2VuLE89YyxiPXIucmVmcmVzaF90b2tlbixPYmplY3QuZW50cmllcyhvKS5mb3JFYWNoKChlPT57bGV0W3Qscl09ZTtyPT09TyYmKG9bdF09Yil9KSkpLCgoZSx0LHIpPT57b1tuKHQscildPWV9KShyLnJlZnJlc2hfdG9rZW4sZyx5KSxkZWxldGUgci5yZWZyZXNoX3Rva2VuKTooKGUsdCk9PntkZWxldGUgb1tuKGUsdCldfSkoZyx5KSx1LnBvc3RNZXNzYWdlKHtvazprLm9rLGpzb246cixoZWFkZXJzOmR9KX1jYXRjaChlKXt1LnBvc3RNZXNzYWdlKHtvazohMSxqc29uOntlcnJvcjplLmVycm9yLGVycm9yX2Rlc2NyaXB0aW9uOmUubWVzc2FnZX0saGVhZGVyczpkfSl9dmFyIE8sYixfLGp9KSl9KCk7Cgo=", ro = null, io = !1, function(n) {
-  return Zt = Zt || ai(oo, ro, io), new Worker(Zt, n);
-});
-const qt = {};
-class ci {
-  constructor(e, t) {
-    this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
-  }
-  async add(e) {
-    var t;
-    const o = new Set(((t = await this.cache.get(this.manifestKey)) === null || t === void 0 ? void 0 : t.keys) || []);
-    o.add(e), await this.cache.set(this.manifestKey, { keys: [...o] });
-  }
-  async remove(e) {
-    const t = await this.cache.get(this.manifestKey);
-    if (t) {
-      const o = new Set(t.keys);
-      return o.delete(e), o.size > 0 ? await this.cache.set(this.manifestKey, { keys: [...o] }) : await this.cache.remove(this.manifestKey);
-    }
-  }
-  get() {
-    return this.cache.get(this.manifestKey);
-  }
-  clear() {
-    return this.cache.remove(this.manifestKey);
-  }
-  createManifestKeyFrom(e) {
-    return "".concat("@@auth0spajs@@", "::").concat(e);
-  }
-}
-const ui = { memory: () => new Wo().enclosedCache, localstorage: () => new Xr() }, ao = (n) => ui[n], so = (n) => {
-  const { openUrl: e, onRedirect: t } = n, o = X(n, ["openUrl", "onRedirect"]);
-  return Object.assign(Object.assign({}, o), { openUrl: e === !1 || e ? e : t });
-}, co = (n, e) => {
-  const t = (e == null ? void 0 : e.split(" ")) || [];
-  return ((n == null ? void 0 : n.split(" ")) || []).every(((o) => t.includes(o)));
-}, _e = { NONCE: "nonce", KEYPAIR: "keypair" };
-class li {
-  constructor(e) {
-    this.clientId = e;
-  }
-  getVersion() {
-    return 1;
-  }
-  createDbHandle() {
-    const e = window.indexedDB.open("auth0-spa-js", this.getVersion());
-    return new Promise(((t, o) => {
-      e.onupgradeneeded = () => Object.values(_e).forEach(((r) => e.result.createObjectStore(r))), e.onerror = () => o(e.error), e.onsuccess = () => t(e.result);
-    }));
-  }
-  async getDbHandle() {
-    return this.dbHandle || (this.dbHandle = await this.createDbHandle()), this.dbHandle;
-  }
-  async executeDbRequest(e, t, o) {
-    const r = o((await this.getDbHandle()).transaction(e, t).objectStore(e));
-    return new Promise(((i, a) => {
-      r.onsuccess = () => i(r.result), r.onerror = () => a(r.error);
-    }));
-  }
-  buildKey(e) {
-    const t = e ? "_".concat(e) : "auth0";
-    return "".concat(this.clientId, "::").concat(t);
-  }
-  setNonce(e, t) {
-    return this.save(_e.NONCE, this.buildKey(t), e);
-  }
-  setKeyPair(e) {
-    return this.save(_e.KEYPAIR, this.buildKey(), e);
-  }
-  async save(e, t, o) {
-    await this.executeDbRequest(e, "readwrite", ((r) => r.put(o, t)));
-  }
-  findNonce(e) {
-    return this.find(_e.NONCE, this.buildKey(e));
-  }
-  findKeyPair() {
-    return this.find(_e.KEYPAIR, this.buildKey());
-  }
-  find(e, t) {
-    return this.executeDbRequest(e, "readonly", ((o) => o.get(t)));
-  }
-  async deleteBy(e, t) {
-    const o = await this.executeDbRequest(e, "readonly", ((r) => r.getAllKeys()));
-    o == null || o.filter(t).map(((r) => this.executeDbRequest(e, "readwrite", ((i) => i.delete(r)))));
-  }
-  deleteByClientId(e, t) {
-    return this.deleteBy(e, ((o) => typeof o == "string" && o.startsWith("".concat(t, "::"))));
-  }
-  clearNonces() {
-    return this.deleteByClientId(_e.NONCE, this.clientId);
-  }
-  clearKeyPairs() {
-    return this.deleteByClientId(_e.KEYPAIR, this.clientId);
-  }
-}
-class hi {
-  constructor(e) {
-    this.storage = new li(e);
-  }
-  getNonce(e) {
-    return this.storage.findNonce(e);
-  }
-  setNonce(e, t) {
-    return this.storage.setNonce(e, t);
-  }
-  async getOrGenerateKeyPair() {
-    let e = await this.storage.findKeyPair();
-    return e || (e = await Hr(), await this.storage.setKeyPair(e)), e;
-  }
-  async generateProof(e) {
-    const t = await this.getOrGenerateKeyPair();
-    return Jr(Object.assign({ keyPair: t }, e));
-  }
-  async calculateThumbprint() {
-    return Mr(await this.getOrGenerateKeyPair());
-  }
-  async clear() {
-    await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
-  }
-}
-var We;
-(function(n) {
-  n.Bearer = "Bearer", n.DPoP = "DPoP";
-})(We || (We = {}));
-class di {
-  constructor(e, t) {
-    this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
-  }
-  isAbsoluteUrl(e) {
-    return /^(https?:)?\/\//i.test(e);
-  }
-  buildUrl(e, t) {
-    if (t) {
-      if (this.isAbsoluteUrl(t)) return t;
-      if (e) return "".concat(e.replace(/\/?\/$/, ""), "/").concat(t.replace(/^\/+/, ""));
-    }
-    throw new TypeError("`url` must be absolute or `baseUrl` non-empty.");
-  }
-  getAccessToken(e) {
-    return this.config.getAccessToken ? this.config.getAccessToken(e) : this.hooks.getAccessToken(e);
-  }
-  extractUrl(e) {
-    return typeof e == "string" ? e : e instanceof URL ? e.href : e.url;
-  }
-  buildBaseRequest(e, t) {
-    if (!this.config.baseUrl) return new Request(e, t);
-    const o = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), r = e instanceof Request ? new Request(o, e) : o;
-    return new Request(r, t);
-  }
-  setAuthorizationHeader(e, t) {
-    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : We.Bearer;
-    e.headers.set("authorization", "".concat(o, " ").concat(t));
-  }
-  async setDpopProofHeader(e, t) {
-    if (!this.config.dpopNonceId) return;
-    const o = await this.hooks.getDpopNonce(), r = await this.hooks.generateDpopProof({ accessToken: t, method: e.method, nonce: o, url: e.url });
-    e.headers.set("dpop", r);
-  }
-  async prepareRequest(e, t) {
-    const o = await this.getAccessToken(t);
-    let r, i;
-    typeof o == "string" ? (r = this.config.dpopNonceId ? We.DPoP : We.Bearer, i = o) : (r = o.token_type, i = o.access_token), this.setAuthorizationHeader(e, i, r), r === We.DPoP && await this.setDpopProofHeader(e, i);
-  }
-  getHeader(e, t) {
-    return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
-  }
-  hasUseDpopNonceError(e) {
-    if (e.status !== 401) return !1;
-    const t = this.getHeader(e.headers, "www-authenticate");
-    return t.includes("invalid_dpop_nonce") || t.includes("use_dpop_nonce");
-  }
-  async handleResponse(e, t) {
-    const o = this.getHeader(e.headers, "dpop-nonce");
-    if (o && await this.hooks.setDpopNonce(o), !this.hasUseDpopNonceError(e)) return e;
-    if (!o || !t.onUseDpopNonceError) throw new Nt(o);
-    return t.onUseDpopNonceError();
-  }
-  async internalFetchWithAuth(e, t, o, r) {
-    const i = this.buildBaseRequest(e, t);
-    await this.prepareRequest(i, r);
-    const a = await this.config.fetch(i);
-    return this.handleResponse(a, o);
-  }
-  fetchWithAuth(e, t, o) {
-    const r = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, r), { onUseDpopNonceError: void 0 }), o) };
-    return this.internalFetchWithAuth(e, t, r, o);
-  }
-}
-class pi {
-  constructor(e, t) {
-    this.myAccountFetcher = e, this.apiBase = t;
-  }
-  async connectAccount(e) {
-    const t = await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase, "v1/connected-accounts/connect"), { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
-    return this._handleResponse(t);
-  }
-  async completeAccount(e) {
-    const t = await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase, "v1/connected-accounts/complete"), { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
-    return this._handleResponse(t);
-  }
-  async _handleResponse(e) {
-    let t;
-    try {
-      t = await e.text(), t = JSON.parse(t);
-    } catch (o) {
-      throw new It({ type: "invalid_json", status: e.status, title: "Invalid JSON response", detail: t || String(o) });
-    }
-    if (e.ok) return t;
-    throw new It(t);
-  }
-}
-class It extends Error {
-  constructor(e) {
-    let { type: t, status: o, title: r, detail: i, validation_errors: a } = e;
-    super(i), this.name = "MyAccountApiError", this.type = t, this.status = o, this.title = r, this.detail = i, this.validation_errors = a, Object.setPrototypeOf(this, It.prototype);
-  }
-}
-const fi = { otp: { authenticatorTypes: ["otp"] }, sms: { authenticatorTypes: ["oob"], oobChannels: ["sms"] }, email: { authenticatorTypes: ["oob"], oobChannels: ["email"] }, push: { authenticatorTypes: ["oob"], oobChannels: ["auth0"] }, voice: { authenticatorTypes: ["oob"], oobChannels: ["voice"] } }, mi = "http://auth0.com/oauth/grant-type/mfa-otp", yi = "http://auth0.com/oauth/grant-type/mfa-oob", gi = "http://auth0.com/oauth/grant-type/mfa-recovery-code";
-function Jo(n, e) {
-  this.v = n, this.k = e;
-}
-function j(n, e, t) {
-  if (typeof n == "function" ? n === e : n.has(e)) return arguments.length < 3 ? e : t;
-  throw new TypeError("Private element is not present on this object");
-}
-function wi(n) {
-  return new Jo(n, 0);
-}
-function Vo(n, e) {
-  if (e.has(n)) throw new TypeError("Cannot initialize the same private elements twice on an object");
-}
-function v(n, e) {
-  return n.get(j(n, e));
-}
-function L(n, e, t) {
-  Vo(n, e), e.set(n, t);
-}
-function x(n, e, t) {
-  return n.set(j(n, e), t), t;
-}
-function _(n, e, t) {
-  return (e = (function(o) {
-    var r = (function(i, a) {
-      if (typeof i != "object" || !i) return i;
-      var s = i[Symbol.toPrimitive];
-      if (s !== void 0) {
-        var c = s.call(i, a);
-        if (typeof c != "object") return c;
-        throw new TypeError("@@toPrimitive must return a primitive value.");
-      }
-      return (a === "string" ? String : Number)(i);
-    })(o, "string");
-    return typeof r == "symbol" ? r : r + "";
-  })(e)) in n ? Object.defineProperty(n, e, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : n[e] = t, n;
-}
-function uo(n, e) {
-  var t = Object.keys(n);
-  if (Object.getOwnPropertySymbols) {
-    var o = Object.getOwnPropertySymbols(n);
-    e && (o = o.filter((function(r) {
-      return Object.getOwnPropertyDescriptor(n, r).enumerable;
-    }))), t.push.apply(t, o);
-  }
-  return t;
-}
-function S(n) {
-  for (var e = 1; e < arguments.length; e++) {
-    var t = arguments[e] != null ? arguments[e] : {};
-    e % 2 ? uo(Object(t), !0).forEach((function(o) {
-      _(n, o, t[o]);
-    })) : Object.getOwnPropertyDescriptors ? Object.defineProperties(n, Object.getOwnPropertyDescriptors(t)) : uo(Object(t)).forEach((function(o) {
-      Object.defineProperty(n, o, Object.getOwnPropertyDescriptor(t, o));
-    }));
-  }
-  return n;
-}
-function lo(n, e) {
-  if (n == null) return {};
-  var t, o, r = (function(a, s) {
-    if (a == null) return {};
-    var c = {};
-    for (var u in a) if ({}.hasOwnProperty.call(a, u)) {
-      if (s.indexOf(u) !== -1) continue;
-      c[u] = a[u];
-    }
-    return c;
-  })(n, e);
-  if (Object.getOwnPropertySymbols) {
-    var i = Object.getOwnPropertySymbols(n);
-    for (o = 0; o < i.length; o++) t = i[o], e.indexOf(t) === -1 && {}.propertyIsEnumerable.call(n, t) && (r[t] = n[t]);
-  }
-  return r;
-}
-function vi(n) {
-  return function() {
-    return new Qe(n.apply(this, arguments));
-  };
-}
-function Qe(n) {
-  var e, t;
-  function o(i, a) {
-    try {
-      var s = n[i](a), c = s.value, u = c instanceof Jo;
-      Promise.resolve(u ? c.v : c).then((function(l) {
-        if (u) {
-          var f = i === "return" ? "return" : "next";
-          if (!c.k || l.done) return o(f, l);
-          l = n[f](l).value;
-        }
-        r(s.done ? "return" : "normal", l);
-      }), (function(l) {
-        o("throw", l);
-      }));
-    } catch (l) {
-      r("throw", l);
-    }
-  }
-  function r(i, a) {
-    switch (i) {
-      case "return":
-        e.resolve({ value: a, done: !0 });
-        break;
-      case "throw":
-        e.reject(a);
-        break;
-      default:
-        e.resolve({ value: a, done: !1 });
-    }
-    (e = e.next) ? o(e.key, e.arg) : t = null;
-  }
-  this._invoke = function(i, a) {
-    return new Promise((function(s, c) {
-      var u = { key: i, arg: a, resolve: s, reject: c, next: null };
-      t ? t = t.next = u : (e = t = u, o(i, a));
-    }));
-  }, typeof n.return != "function" && (this.return = void 0);
-}
-var gt, Bt;
-let gn;
-Qe.prototype[typeof Symbol == "function" && Symbol.asyncIterator || "@@asyncIterator"] = function() {
-  return this;
-}, Qe.prototype.next = function(n) {
-  return this._invoke("next", n);
-}, Qe.prototype.throw = function(n) {
-  return this._invoke("throw", n);
-}, Qe.prototype.return = function(n) {
-  return this._invoke("return", n);
-}, (typeof navigator > "u" || (gt = navigator.userAgent) === null || gt === void 0 || (Bt = gt.startsWith) === null || Bt === void 0 || !Bt.call(gt, "Mozilla/5.0 ")) && (gn = "".concat("oauth4webapi", "/").concat("v3.8.3"));
-function Ge(n, e) {
-  if (n == null) return !1;
-  try {
-    return n instanceof e || Object.getPrototypeOf(n)[Symbol.toStringTag] === e.prototype[Symbol.toStringTag];
-  } catch {
-    return !1;
-  }
-}
-function R(n, e, t) {
-  const o = new TypeError(n, { cause: t });
-  return Object.assign(o, { code: e }), o;
-}
-const q = Symbol(), wn = Symbol(), vn = Symbol(), te = Symbol(), ce = Symbol(), bi = new TextEncoder(), _i = new TextDecoder();
-function Me(n) {
-  return typeof n == "string" ? bi.encode(n) : _i.decode(n);
-}
-let bn, Fo;
-Uint8Array.prototype.toBase64 ? bn = (n) => (n instanceof ArrayBuffer && (n = new Uint8Array(n)), n.toBase64({ alphabet: "base64url", omitPadding: !0 })) : bn = (e) => {
-  e instanceof ArrayBuffer && (e = new Uint8Array(e));
-  const t = [];
-  for (let o = 0; o < e.byteLength; o += 32768) t.push(String.fromCharCode.apply(null, e.subarray(o, o + 32768)));
-  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-};
-function xe(n) {
-  return typeof n == "string" ? Fo(n) : bn(n);
-}
-Fo = Uint8Array.fromBase64 ? (n) => {
-  try {
-    return Uint8Array.fromBase64(n, { alphabet: "base64url" });
-  } catch (e) {
-    throw R("The input to be decoded is not correctly encoded.", "ERR_INVALID_ARG_VALUE", e);
-  }
-} : (n) => {
-  try {
-    const e = atob(n.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), t = new Uint8Array(e.length);
-    for (let o = 0; o < e.length; o++) t[o] = e.charCodeAt(o);
-    return t;
-  } catch (e) {
-    throw R("The input to be decoded is not correctly encoded.", "ERR_INVALID_ARG_VALUE", e);
-  }
-};
-class F extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "code", void 0), this.name = this.constructor.name, this.code = Sn, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-class Wn extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "code", void 0), this.name = this.constructor.name, t != null && t.code && (this.code = t == null ? void 0 : t.code), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-function A(n, e, t) {
-  return new Wn(n, { code: e, cause: t });
-}
-function ki(n, e) {
-  if ((function(t, o) {
-    if (!(t instanceof CryptoKey)) throw R("".concat(o, " must be a CryptoKey"), "ERR_INVALID_ARG_TYPE");
-  })(n, e), n.type !== "private") throw R("".concat(e, " must be a private CryptoKey"), "ERR_INVALID_ARG_VALUE");
-}
-function Ot(n) {
-  return n !== null && typeof n == "object" && !Array.isArray(n);
-}
-function Wt(n) {
-  Ge(n, Headers) && (n = Object.fromEntries(n.entries()));
-  const e = new Headers(n ?? {});
-  if (gn && !e.has("user-agent") && e.set("user-agent", gn), e.has("authorization")) throw R('"options.headers" must not include the "authorization" header name', "ERR_INVALID_ARG_VALUE");
-  return e;
-}
-function Go(n, e) {
-  if (e !== void 0) {
-    if (typeof e == "function" && (e = e(n.href)), !(e instanceof AbortSignal)) throw R('"options.signal" must return or be an instance of AbortSignal', "ERR_INVALID_ARG_TYPE");
-    return e;
-  }
-}
-function ho(n) {
-  return n.includes("//") ? n.replace("//", "/") : n;
-}
-async function Si(n, e) {
-  return (async function(t, o, r, i) {
-    if (!(t instanceof URL)) throw R('"'.concat(o, '" must be an instance of URL'), "ERR_INVALID_ARG_TYPE");
-    zn(t, (i == null ? void 0 : i[q]) !== !0);
-    const a = r(new URL(t.href)), s = Wt(i == null ? void 0 : i.headers);
-    return s.set("accept", "application/json"), ((i == null ? void 0 : i[te]) || fetch)(a.href, { body: void 0, headers: Object.fromEntries(s.entries()), method: "GET", redirect: "manual", signal: Go(a, i == null ? void 0 : i.signal) });
-  })(n, "issuerIdentifier", ((t) => {
-    switch (e == null ? void 0 : e.algorithm) {
-      case void 0:
-      case "oidc":
-        (function(o, r) {
-          o.pathname = ho("".concat(o.pathname, "/").concat(r));
-        })(t, ".well-known/openid-configuration");
-        break;
-      case "oauth2":
-        (function(o, r) {
-          let i = arguments.length > 2 && arguments[2] !== void 0 && arguments[2];
-          o.pathname === "/" ? o.pathname = r : o.pathname = ho("".concat(r, "/").concat(i ? o.pathname : o.pathname.replace(/(\/)$/, "")));
-        })(t, ".well-known/oauth-authorization-server");
-        break;
-      default:
-        throw R('"options.algorithm" must be "oidc" (default), or "oauth2"', "ERR_INVALID_ARG_VALUE");
-    }
-    return t;
-  }), e);
-}
-function ge(n, e, t, o, r) {
-  try {
-    if (typeof n != "number" || !Number.isFinite(n)) throw R("".concat(t, " must be a number"), "ERR_INVALID_ARG_TYPE", r);
-    if (n > 0) return;
-    if (e) {
-      if (n !== 0) throw R("".concat(t, " must be a non-negative number"), "ERR_INVALID_ARG_VALUE", r);
-      return;
-    }
-    throw R("".concat(t, " must be a positive number"), "ERR_INVALID_ARG_VALUE", r);
-  } catch (i) {
-    throw o ? A(i.message, o, r) : i;
-  }
-}
-function D(n, e, t, o) {
-  try {
-    if (typeof n != "string") throw R("".concat(e, " must be a string"), "ERR_INVALID_ARG_TYPE", o);
-    if (n.length === 0) throw R("".concat(e, " must not be empty"), "ERR_INVALID_ARG_VALUE", o);
-  } catch (r) {
-    throw t ? A(r.message, t, o) : r;
-  }
-}
-function Zo(n) {
-  (function(e, t) {
-    if (Yo(e) !== t) throw (function(o) {
-      let r = '"response" content-type must be ';
-      for (var i = arguments.length, a = new Array(i > 1 ? i - 1 : 0), s = 1; s < i; s++) a[s - 1] = arguments[s];
-      if (a.length > 2) {
-        const c = a.pop();
-        r += "".concat(a.join(", "), ", or ").concat(c);
-      } else a.length === 2 ? r += "".concat(a[0], " or ").concat(a[1]) : r += a[0];
-      return A(r, $o, o);
-    })(e, t);
-  })(n, "application/json");
-}
-function qo() {
-  return xe(crypto.getRandomValues(new Uint8Array(32)));
-}
-function Ei(n) {
-  switch (n.algorithm.name) {
-    case "RSA-PSS":
-      return (function(e) {
-        switch (e.algorithm.hash.name) {
-          case "SHA-256":
-            return "PS256";
-          case "SHA-384":
-            return "PS384";
-          case "SHA-512":
-            return "PS512";
-          default:
-            throw new F("unsupported RsaHashedKeyAlgorithm hash name", { cause: e });
-        }
-      })(n);
-    case "RSASSA-PKCS1-v1_5":
-      return (function(e) {
-        switch (e.algorithm.hash.name) {
-          case "SHA-256":
-            return "RS256";
-          case "SHA-384":
-            return "RS384";
-          case "SHA-512":
-            return "RS512";
-          default:
-            throw new F("unsupported RsaHashedKeyAlgorithm hash name", { cause: e });
-        }
-      })(n);
-    case "ECDSA":
-      return (function(e) {
-        switch (e.algorithm.namedCurve) {
-          case "P-256":
-            return "ES256";
-          case "P-384":
-            return "ES384";
-          case "P-521":
-            return "ES512";
-          default:
-            throw new F("unsupported EcKeyAlgorithm namedCurve", { cause: e });
-        }
-      })(n);
-    case "Ed25519":
-    case "ML-DSA-44":
-    case "ML-DSA-65":
-    case "ML-DSA-87":
-      return n.algorithm.name;
-    case "EdDSA":
-      return "Ed25519";
-    default:
-      throw new F("unsupported CryptoKey algorithm name", { cause: n });
-  }
-}
-function xt(n) {
-  const e = n == null ? void 0 : n[wn];
-  return typeof e == "number" && Number.isFinite(e) ? e : 0;
-}
-function _n(n) {
-  const e = n == null ? void 0 : n[vn];
-  return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
-}
-function Ct() {
-  return Math.floor(Date.now() / 1e3);
-}
-function $(n) {
-  if (typeof n != "object" || n === null) throw R('"as" must be an object', "ERR_INVALID_ARG_TYPE");
-  D(n.issuer, '"as.issuer"');
-}
-function ee(n) {
-  if (typeof n != "object" || n === null) throw R('"client" must be an object', "ERR_INVALID_ARG_TYPE");
-  D(n.client_id, '"client.client_id"');
-}
-function po(n) {
-  return D(n, '"clientSecret"'), (e, t, o, r) => {
-    o.set("client_id", t.client_id), o.set("client_secret", n);
-  };
-}
-function Ai(n, e) {
-  const { key: t, kid: o } = (r = n) instanceof CryptoKey ? { key: r } : (r == null ? void 0 : r.key) instanceof CryptoKey ? (r.kid !== void 0 && D(r.kid, '"kid"'), { key: r.key, kid: r.kid }) : {};
-  var r;
-  return ki(t, '"clientPrivateKey.key"'), async (i, a, s, c) => {
-    const u = { alg: Ei(t), kid: o }, l = (function(f, h) {
-      const d = Ct() + xt(h);
-      return { jti: qo(), aud: f.issuer, exp: d + 60, iat: d, nbf: d, iss: h.client_id, sub: h.client_id };
-    })(i, a);
-    s.set("client_id", a.client_id), s.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), s.set("client_assertion", await (async function(f, h, d) {
-      if (!d.usages.includes("sign")) throw R('CryptoKey instances used for signing assertions must include "sign" in their "usages"', "ERR_INVALID_ARG_VALUE");
-      const w = "".concat(xe(Me(JSON.stringify(f))), ".").concat(xe(Me(JSON.stringify(h)))), m = xe(await crypto.subtle.sign((function(p) {
-        switch (p.algorithm.name) {
-          case "ECDSA":
-            return { name: p.algorithm.name, hash: Ji(p) };
-          case "RSA-PSS":
-            switch (yo(p), p.algorithm.hash.name) {
-              case "SHA-256":
-              case "SHA-384":
-              case "SHA-512":
-                return { name: p.algorithm.name, saltLength: parseInt(p.algorithm.hash.name.slice(-3), 10) >> 3 };
-              default:
-                throw new F("unsupported RSA-PSS hash name", { cause: p });
-            }
-          case "RSASSA-PKCS1-v1_5":
-            return yo(p), p.algorithm.name;
-          case "ML-DSA-44":
-          case "ML-DSA-65":
-          case "ML-DSA-87":
-          case "Ed25519":
-            return p.algorithm.name;
-        }
-        throw new F("unsupported CryptoKey algorithm name", { cause: p });
-      })(d), d, Me(w)));
-      return "".concat(w, ".").concat(m);
-    })(u, l, t));
-  };
-}
-const Ti = URL.parse ? (n, e) => URL.parse(n, e) : (n, e) => {
-  try {
-    return new URL(n, e);
-  } catch {
-    return null;
-  }
-};
-function zn(n, e) {
-  if (e && n.protocol !== "https:") throw A("only requests to HTTPS are allowed", er, n);
-  if (n.protocol !== "https:" && n.protocol !== "http:") throw A("only HTTP and HTTPS requests are allowed", tr, n);
-}
-function fo(n, e, t, o) {
-  let r;
-  if (typeof n != "string" || !(r = Ti(n))) throw A("authorization server metadata does not contain a valid ".concat(t ? '"as.mtls_endpoint_aliases.'.concat(e, '"') : '"as.'.concat(e, '"')), n === void 0 ? Hi : Mi, { attribute: t ? "mtls_endpoint_aliases.".concat(e) : e });
-  return zn(r, o), r;
-}
-function st(n, e, t, o) {
-  return t && n.mtls_endpoint_aliases && e in n.mtls_endpoint_aliases ? fo(n.mtls_endpoint_aliases[e], e, t, o) : fo(n[e], e, t, o);
-}
-class zt extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "cause", void 0), _(this, "code", void 0), _(this, "error", void 0), _(this, "status", void 0), _(this, "error_description", void 0), _(this, "response", void 0), this.name = this.constructor.name, this.code = Wi, this.cause = t.cause, this.error = t.cause.error, this.status = t.response.status, this.error_description = t.cause.error_description, Object.defineProperty(this, "response", { enumerable: !1, value: t.response }), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-class Bo extends Error {
-  constructor(e, t) {
-    var o, r;
-    super(e, t), _(this, "cause", void 0), _(this, "code", void 0), _(this, "error", void 0), _(this, "error_description", void 0), this.name = this.constructor.name, this.code = zi, this.cause = t.cause, this.error = t.cause.get("error"), this.error_description = (o = t.cause.get("error_description")) !== null && o !== void 0 ? o : void 0, (r = Error.captureStackTrace) === null || r === void 0 || r.call(Error, this, this.constructor);
-  }
-}
-class Hn extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "cause", void 0), _(this, "code", void 0), _(this, "response", void 0), _(this, "status", void 0), this.name = this.constructor.name, this.code = Ni, this.cause = t.cause, this.status = t.response.status, this.response = t.response, Object.defineProperty(this, "response", { enumerable: !1 }), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-const Pi = "[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+", Ri = new RegExp("^[,\\s]*(" + Pi + ")"), Ii = new RegExp('^[,\\s]*([a-zA-Z0-9!#$%&\\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"[,\\s]*(.*)'), Oi = new RegExp("^[,\\s]*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)[,\\s]*(.*)"), xi = new RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");
-async function Mn(n, e, t) {
-  if (n.status !== e) {
-    let r;
-    var o;
-    throw (function(i) {
-      let a;
-      if (a = (function(s) {
-        if (!Ge(s, Response)) throw R('"response" must be an instance of Response', "ERR_INVALID_ARG_TYPE");
-        const c = s.headers.get("www-authenticate");
-        if (c === null) return;
-        const u = [];
-        let l = c;
-        for (; l; ) {
-          var f;
-          let h = l.match(Ri);
-          const d = (f = h) === null || f === void 0 ? void 0 : f[1].toLowerCase();
-          if (!d) return;
-          const w = l.substring(h[0].length);
-          if (w && !w.match(/^[\s,]/)) return;
-          const m = w.match(/^\s+(.*)$/), p = !!m;
-          l = m ? m[1] : void 0;
-          const g = {};
-          let b;
-          if (p) for (; l; ) {
-            let E, y;
-            if (h = l.match(Ii)) {
-              if ([, E, y, l] = h, y.includes("\\")) try {
-                y = JSON.parse('"'.concat(y, '"'));
-              } catch {
-              }
-              g[E.toLowerCase()] = y;
-            } else {
-              if (!(h = l.match(Oi))) {
-                if (h = l.match(xi)) {
-                  if (Object.keys(g).length) break;
-                  [, b, l] = h;
-                  break;
-                }
-                return;
-              }
-              [, E, y, l] = h, g[E.toLowerCase()] = y;
-            }
-          }
-          else l = w || void 0;
-          const k = { scheme: d, parameters: g };
-          b && (k.token68 = b), u.push(k);
-        }
-        return u.length ? u : void 0;
-      })(i)) throw new Hn("server responded with a challenge in the WWW-Authenticate HTTP Header", { cause: a, response: i });
-    })(n), (r = await (async function(i) {
-      if (i.status > 399 && i.status < 500) {
-        ut(i), Zo(i);
-        try {
-          const a = await i.clone().json();
-          if (Ot(a) && typeof a.error == "string" && a.error.length) return a;
-        } catch {
-        }
-      }
-    })(n)) ? (await ((o = n.body) === null || o === void 0 ? void 0 : o.cancel()), new zt("server responded with an error in the response body", { cause: r, response: n })) : A('"response" is not a conform '.concat(t, " response (unexpected HTTP status code)"), Fn, n);
-  }
-}
-function Xo(n) {
-  if (!Vn.has(n)) throw R('"options.DPoP" is not a valid DPoPHandle', "ERR_INVALID_ARG_VALUE");
-}
-function Yo(n) {
-  var e;
-  return (e = n.headers.get("content-type")) === null || e === void 0 ? void 0 : e.split(";")[0];
-}
-async function Jn(n, e, t, o, r, i, a) {
-  return await t(n, e, r, i), i.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((a == null ? void 0 : a[te]) || fetch)(o.href, { body: r, headers: Object.fromEntries(i.entries()), method: "POST", redirect: "manual", signal: Go(o, a == null ? void 0 : a.signal) });
-}
-async function ct(n, e, t, o, r, i) {
-  var a;
-  const s = st(n, "token_endpoint", e.use_mtls_endpoint_aliases, (i == null ? void 0 : i[q]) !== !0);
-  r.set("grant_type", o);
-  const c = Wt(i == null ? void 0 : i.headers);
-  c.set("accept", "application/json"), (i == null ? void 0 : i.DPoP) !== void 0 && (Xo(i.DPoP), await i.DPoP.addProof(s, c, "POST"));
-  const u = await Jn(n, e, t, s, r, c, i);
-  return i == null || (a = i.DPoP) === null || a === void 0 || a.cacheNonce(u, s), u;
-}
-const Qo = /* @__PURE__ */ new WeakMap(), Ci = /* @__PURE__ */ new WeakMap();
-function kn(n) {
-  if (!n.id_token) return;
-  const e = Qo.get(n);
-  if (!e) throw R('"ref" was already garbage collected or did not resolve from the proper sources', "ERR_INVALID_ARG_VALUE");
-  return e;
-}
-async function Ve(n, e, t, o, r, i) {
-  if ($(n), ee(e), !Ge(t, Response)) throw R('"response" must be an instance of Response', "ERR_INVALID_ARG_TYPE");
-  await Mn(t, 200, "Token Endpoint"), ut(t);
-  const a = await Ht(t);
-  if (D(a.access_token, '"response" body "access_token" property', T, { body: a }), D(a.token_type, '"response" body "token_type" property', T, { body: a }), a.token_type = a.token_type.toLowerCase(), a.expires_in !== void 0) {
-    let s = typeof a.expires_in != "number" ? parseFloat(a.expires_in) : a.expires_in;
-    ge(s, !0, '"response" body "expires_in" property', T, { body: a }), a.expires_in = s;
-  }
-  if (a.refresh_token !== void 0 && D(a.refresh_token, '"response" body "refresh_token" property', T, { body: a }), a.scope !== void 0 && typeof a.scope != "string") throw A('"response" body "scope" property must be a string', T, { body: a });
-  if (a.id_token !== void 0) {
-    D(a.id_token, '"response" body "id_token" property', T, { body: a });
-    const s = ["aud", "exp", "iat", "iss", "sub"];
-    e.require_auth_time === !0 && s.push("auth_time"), e.default_max_age !== void 0 && (ge(e.default_max_age, !0, '"client.default_max_age"'), s.push("auth_time")), o != null && o.length && s.push(...o);
-    const { claims: c, jwt: u } = await (async function(l, f, h, d, w) {
-      let m, p, { 0: g, 1: b, length: k } = l.split(".");
-      if (k === 5) {
-        if (w === void 0) throw new F("JWE decryption is not configured", { cause: l });
-        l = await w(l), { 0: g, 1: b, length: k } = l.split(".");
-      }
-      if (k !== 3) throw A("Invalid JWT", T, l);
-      try {
-        m = JSON.parse(Me(xe(g)));
-      } catch (y) {
-        throw A("failed to parse JWT Header body as base64url encoded JSON", jt, y);
-      }
-      if (!Ot(m)) throw A("JWT Header must be a top level object", T, l);
-      if (f(m), m.crit !== void 0) throw new F('no JWT "crit" header parameter extensions are supported', { cause: { header: m } });
-      try {
-        p = JSON.parse(Me(xe(b)));
-      } catch (y) {
-        throw A("failed to parse JWT Payload body as base64url encoded JSON", jt, y);
-      }
-      if (!Ot(p)) throw A("JWT Payload must be a top level object", T, l);
-      const E = Ct() + h;
-      if (p.exp !== void 0) {
-        if (typeof p.exp != "number") throw A('unexpected JWT "exp" (expiration time) claim type', T, { claims: p });
-        if (p.exp <= E - d) throw A('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp', it, { claims: p, now: E, tolerance: d, claim: "exp" });
-      }
-      if (p.iat !== void 0 && typeof p.iat != "number") throw A('unexpected JWT "iat" (issued at) claim type', T, { claims: p });
-      if (p.iss !== void 0 && typeof p.iss != "string") throw A('unexpected JWT "iss" (issuer) claim type', T, { claims: p });
-      if (p.nbf !== void 0) {
-        if (typeof p.nbf != "number") throw A('unexpected JWT "nbf" (not before) claim type', T, { claims: p });
-        if (p.nbf > E + d) throw A('unexpected JWT "nbf" (not before) claim value', it, { claims: p, now: E, tolerance: d, claim: "nbf" });
-      }
-      if (p.aud !== void 0 && typeof p.aud != "string" && !Array.isArray(p.aud)) throw A('unexpected JWT "aud" (audience) claim type', T, { claims: p });
-      return { header: m, claims: p, jwt: l };
-    })(a.id_token, Fi.bind(void 0, e.id_token_signed_response_alg, n.id_token_signing_alg_values_supported, "RS256"), xt(e), _n(e), r).then(Ki.bind(void 0, s)).then(Di.bind(void 0, n)).then(ji.bind(void 0, e.client_id));
-    if (Array.isArray(c.aud) && c.aud.length !== 1) {
-      if (c.azp === void 0) throw A('ID Token "aud" (audience) claim includes additional untrusted audiences', se, { claims: c, claim: "aud" });
-      if (c.azp !== e.client_id) throw A('unexpected ID Token "azp" (authorized party) claim value', se, { expected: e.client_id, claims: c, claim: "azp" });
-    }
-    c.auth_time !== void 0 && ge(c.auth_time, !0, 'ID Token "auth_time" (authentication time)', T, { claims: c }), Ci.set(t, u), Qo.set(a, c);
-  }
-  if ((i == null ? void 0 : i[a.token_type]) !== void 0) i[a.token_type](t, a);
-  else if (a.token_type !== "dpop" && a.token_type !== "bearer") throw new F("unsupported `token_type` value", { cause: { body: a } });
-  return a;
-}
-function ji(n, e) {
-  if (Array.isArray(e.claims.aud)) {
-    if (!e.claims.aud.includes(n)) throw A('unexpected JWT "aud" (audience) claim value', se, { expected: n, claims: e.claims, claim: "aud" });
-  } else if (e.claims.aud !== n) throw A('unexpected JWT "aud" (audience) claim value', se, { expected: n, claims: e.claims, claim: "aud" });
-  return e;
-}
-function Di(n, e) {
-  var t, o;
-  const r = (t = (o = n[nr]) === null || o === void 0 ? void 0 : o.call(n, e)) !== null && t !== void 0 ? t : n.issuer;
-  if (e.claims.iss !== r) throw A('unexpected JWT "iss" (issuer) claim value', se, { expected: r, claims: e.claims, claim: "iss" });
-  return e;
-}
-const Vn = /* @__PURE__ */ new WeakSet(), mo = Symbol(), Li = { aud: "audience", c_hash: "code hash", client_id: "client id", exp: "expiration time", iat: "issued at", iss: "issuer", jti: "jwt id", nonce: "nonce", s_hash: "state hash", sub: "subject", ath: "access token hash", htm: "http method", htu: "http uri", cnf: "confirmation", auth_time: "authentication time" };
-function Ki(n, e) {
-  for (const t of n) if (e.claims[t] === void 0) throw A('JWT "'.concat(t, '" (').concat(Li[t], ") claim missing"), T, { claims: e.claims });
-  return e;
-}
-const Xt = Symbol(), Yt = Symbol();
-async function Ui(n, e, t, o) {
-  return typeof (o == null ? void 0 : o.expectedNonce) == "string" || typeof (o == null ? void 0 : o.maxAge) == "number" || o != null && o.requireIdToken ? (async function(r, i, a, s, c, u, l) {
-    const f = [];
-    switch (s) {
-      case void 0:
-        s = Xt;
-        break;
-      case Xt:
-        break;
-      default:
-        D(s, '"expectedNonce" argument'), f.push("nonce");
-    }
-    switch (c != null || (c = i.default_max_age), c) {
-      case void 0:
-        c = Yt;
-        break;
-      case Yt:
-        break;
-      default:
-        ge(c, !0, '"maxAge" argument'), f.push("auth_time");
-    }
-    const h = await Ve(r, i, a, f, u, l);
-    D(h.id_token, '"response" body "id_token" property', T, { body: h });
-    const d = kn(h);
-    if (c !== Yt) {
-      const w = Ct() + xt(i), m = _n(i);
-      if (d.auth_time + c < w - m) throw A("too much time has elapsed since the last End-User authentication", it, { claims: d, now: w, tolerance: m, claim: "auth_time" });
-    }
-    if (s === Xt) {
-      if (d.nonce !== void 0) throw A('unexpected ID Token "nonce" claim value', se, { expected: void 0, claims: d, claim: "nonce" });
-    } else if (d.nonce !== s) throw A('unexpected ID Token "nonce" claim value', se, { expected: s, claims: d, claim: "nonce" });
-    return h;
-  })(n, e, t, o.expectedNonce, o.maxAge, o[ce], o.recognizedTokenTypes) : (async function(r, i, a, s, c) {
-    const u = await Ve(r, i, a, void 0, s, c), l = kn(u);
-    if (l) {
-      if (i.default_max_age !== void 0) {
-        ge(i.default_max_age, !0, '"client.default_max_age"');
-        const f = Ct() + xt(i), h = _n(i);
-        if (l.auth_time + i.default_max_age < f - h) throw A("too much time has elapsed since the last End-User authentication", it, { claims: l, now: f, tolerance: h, claim: "auth_time" });
-      }
-      if (l.nonce !== void 0) throw A('unexpected ID Token "nonce" claim value', se, { expected: void 0, claims: l, claim: "nonce" });
-    }
-    return u;
-  })(n, e, t, o == null ? void 0 : o[ce], o == null ? void 0 : o.recognizedTokenTypes);
-}
-const Ni = "OAUTH_WWW_AUTHENTICATE_CHALLENGE", Wi = "OAUTH_RESPONSE_BODY_ERROR", Sn = "OAUTH_UNSUPPORTED_OPERATION", zi = "OAUTH_AUTHORIZATION_RESPONSE_ERROR", jt = "OAUTH_PARSE_ERROR", T = "OAUTH_INVALID_RESPONSE", $o = "OAUTH_RESPONSE_IS_NOT_JSON", Fn = "OAUTH_RESPONSE_IS_NOT_CONFORM", er = "OAUTH_HTTP_REQUEST_FORBIDDEN", tr = "OAUTH_REQUEST_PROTOCOL_FORBIDDEN", it = "OAUTH_JWT_TIMESTAMP_CHECK_FAILED", se = "OAUTH_JWT_CLAIM_COMPARISON_FAILED", En = "OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED", Hi = "OAUTH_MISSING_SERVER_METADATA", Mi = "OAUTH_INVALID_SERVER_METADATA";
-function ut(n) {
-  if (n.bodyUsed) throw R('"response" body has been used already', "ERR_INVALID_ARG_VALUE");
-}
-function yo(n) {
-  const { algorithm: e } = n;
-  if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new F("unsupported ".concat(e.name, " modulusLength"), { cause: n });
-}
-function Ji(n) {
-  const { algorithm: e } = n;
-  switch (e.namedCurve) {
-    case "P-256":
-      return "SHA-256";
-    case "P-384":
-      return "SHA-384";
-    case "P-521":
-      return "SHA-512";
-    default:
-      throw new F("unsupported ECDSA namedCurve", { cause: n });
-  }
-}
-async function Vi(n) {
-  if (n.method !== "POST") throw R("form_post responses are expected to use the POST method", "ERR_INVALID_ARG_VALUE", { cause: n });
-  if (Yo(n) !== "application/x-www-form-urlencoded") throw R("form_post responses are expected to use the application/x-www-form-urlencoded content-type", "ERR_INVALID_ARG_VALUE", { cause: n });
-  return (async function(e) {
-    if (e.bodyUsed) throw R("form_post Request instances must contain a readable body", "ERR_INVALID_ARG_VALUE", { cause: e });
-    return e.text();
-  })(n);
-}
-function Fi(n, e, t, o) {
-  if (n === void 0) if (Array.isArray(e)) {
-    if (!e.includes(o.alg)) throw A('unexpected JWT "alg" header parameter', T, { header: o, expected: e, reason: "authorization server metadata" });
-  } else {
-    if (t === void 0) throw A('missing client or server configuration to verify used JWT "alg" header parameter', void 0, { client: n, issuer: e, fallback: t });
-    if (typeof t == "string" ? o.alg !== t : typeof t == "function" ? !t(o.alg) : !t.includes(o.alg)) throw A('unexpected JWT "alg" header parameter', T, { header: o, expected: t, reason: "default value" });
-  }
-  else if (typeof n == "string" ? o.alg !== n : !n.includes(o.alg)) throw A('unexpected JWT "alg" header parameter', T, { header: o, expected: n, reason: "client configuration" });
-}
-function Pe(n, e) {
-  const { 0: t, length: o } = n.getAll(e);
-  if (o > 1) throw A('"'.concat(e, '" parameter must be provided only once'), T);
-  return t;
-}
-const Gi = Symbol(), Zi = Symbol();
-function qi(n, e, t, o) {
-  if ($(n), ee(e), t instanceof URL && (t = t.searchParams), !(t instanceof URLSearchParams)) throw R('"parameters" must be an instance of URLSearchParams, or URL', "ERR_INVALID_ARG_TYPE");
-  if (Pe(t, "response")) throw A('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()', T, { parameters: t });
-  const r = Pe(t, "iss"), i = Pe(t, "state");
-  if (!r && n.authorization_response_iss_parameter_supported) throw A('response parameter "iss" (issuer) missing', T, { parameters: t });
-  if (r && r !== n.issuer) throw A('unexpected "iss" (issuer) response parameter value', T, { expected: n.issuer, parameters: t });
-  switch (o) {
-    case void 0:
-    case Zi:
-      if (i !== void 0) throw A('unexpected "state" response parameter encountered', T, { expected: void 0, parameters: t });
-      break;
-    case Gi:
-      break;
-    default:
-      if (D(o, '"expectedState" argument'), i !== o) throw A(i === void 0 ? 'response parameter "state" missing' : 'unexpected "state" response parameter value', T, { expected: o, parameters: t });
-  }
-  if (Pe(t, "error")) throw new Bo("authorization response from the server is an error", { cause: t });
-  const a = Pe(t, "id_token"), s = Pe(t, "token");
-  if (a !== void 0 || s !== void 0) throw new F("implicit and hybrid flows are not supported");
-  return c = new URLSearchParams(t), Vn.add(c), c;
-  var c;
-}
-async function Ht(n) {
-  let e, t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : Zo;
-  try {
-    e = await n.json();
-  } catch (o) {
-    throw t(n), A('failed to parse "response" body as JSON', jt, o);
-  }
-  if (!Ot(e)) throw A('"response" body must be a top level object', T, { body: e });
-  return e;
-}
-const Qt = Symbol(), nr = Symbol(), go = new TextEncoder(), at = new TextDecoder();
-function $t(n) {
-  const e = new Uint8Array(n.length);
-  for (let t = 0; t < n.length; t++) {
-    const o = n.charCodeAt(t);
-    if (o > 127) throw new TypeError("non-ASCII string encountered in encode()");
-    e[t] = o;
-  }
-  return e;
-}
-function or(n) {
-  if (Uint8Array.fromBase64) return Uint8Array.fromBase64(n);
-  const e = atob(n), t = new Uint8Array(e.length);
-  for (let o = 0; o < e.length; o++) t[o] = e.charCodeAt(o);
-  return t;
-}
-function tt(n) {
-  if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof n == "string" ? n : at.decode(n), { alphabet: "base64url" });
-  let e = n;
-  e instanceof Uint8Array && (e = at.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/");
-  try {
-    return or(e);
-  } catch {
-    throw new TypeError("The input to be decoded is not correctly encoded.");
-  }
-}
-class W extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-_(W, "code", "ERR_JOSE_GENERIC");
-class B extends W {
-  constructor(e, t) {
-    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : "unspecified", r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : "unspecified";
-    super(e, { cause: { claim: o, reason: r, payload: t } }), _(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), _(this, "claim", void 0), _(this, "reason", void 0), _(this, "payload", void 0), this.claim = o, this.reason = r, this.payload = t;
-  }
-}
-_(B, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
-class An extends W {
-  constructor(e, t) {
-    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : "unspecified", r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : "unspecified";
-    super(e, { cause: { claim: o, reason: r, payload: t } }), _(this, "code", "ERR_JWT_EXPIRED"), _(this, "claim", void 0), _(this, "reason", void 0), _(this, "payload", void 0), this.claim = o, this.reason = r, this.payload = t;
-  }
-}
-_(An, "code", "ERR_JWT_EXPIRED");
-class rr extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-  }
-}
-_(rr, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-class V extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JOSE_NOT_SUPPORTED");
-  }
-}
-_(V, "code", "ERR_JOSE_NOT_SUPPORTED");
-_(class extends W {
-  constructor() {
-    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "decryption operation failed", arguments.length > 1 ? arguments[1] : void 0), _(this, "code", "ERR_JWE_DECRYPTION_FAILED");
-  }
-}, "code", "ERR_JWE_DECRYPTION_FAILED");
-_(class extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JWE_INVALID");
-  }
-}, "code", "ERR_JWE_INVALID");
-class K extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JWS_INVALID");
-  }
-}
-_(K, "code", "ERR_JWS_INVALID");
-class Tn extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JWT_INVALID");
-  }
-}
-_(Tn, "code", "ERR_JWT_INVALID");
-_(class extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JWK_INVALID");
-  }
-}, "code", "ERR_JWK_INVALID");
-class Gn extends W {
-  constructor() {
-    super(...arguments), _(this, "code", "ERR_JWKS_INVALID");
-  }
-}
-_(Gn, "code", "ERR_JWKS_INVALID");
-class Zn extends W {
-  constructor() {
-    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "no applicable key found in the JSON Web Key Set", arguments.length > 1 ? arguments[1] : void 0), _(this, "code", "ERR_JWKS_NO_MATCHING_KEY");
-  }
-}
-_(Zn, "code", "ERR_JWKS_NO_MATCHING_KEY");
-class ir extends W {
-  constructor() {
-    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "multiple matching keys found in the JSON Web Key Set", arguments.length > 1 ? arguments[1] : void 0), _(this, Symbol.asyncIterator, void 0), _(this, "code", "ERR_JWKS_MULTIPLE_MATCHING_KEYS");
-  }
-}
-_(ir, "code", "ERR_JWKS_MULTIPLE_MATCHING_KEYS");
-class ar extends W {
-  constructor() {
-    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "request timed out", arguments.length > 1 ? arguments[1] : void 0), _(this, "code", "ERR_JWKS_TIMEOUT");
-  }
-}
-_(ar, "code", "ERR_JWKS_TIMEOUT");
-class sr extends W {
-  constructor() {
-    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "signature verification failed", arguments.length > 1 ? arguments[1] : void 0), _(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-  }
-}
-_(sr, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-const ne = function(n) {
-  let e = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "algorithm.name";
-  return new TypeError("CryptoKey does not support this operation, its ".concat(e, " must be ").concat(n));
-}, Ke = (n, e) => n.name === e;
-function en(n) {
-  return parseInt(n.name.slice(4), 10);
-}
-function Bi(n, e, t) {
-  switch (e) {
-    case "HS256":
-    case "HS384":
-    case "HS512": {
-      if (!Ke(n.algorithm, "HMAC")) throw ne("HMAC");
-      const o = parseInt(e.slice(2), 10);
-      if (en(n.algorithm.hash) !== o) throw ne("SHA-".concat(o), "algorithm.hash");
-      break;
-    }
-    case "RS256":
-    case "RS384":
-    case "RS512": {
-      if (!Ke(n.algorithm, "RSASSA-PKCS1-v1_5")) throw ne("RSASSA-PKCS1-v1_5");
-      const o = parseInt(e.slice(2), 10);
-      if (en(n.algorithm.hash) !== o) throw ne("SHA-".concat(o), "algorithm.hash");
-      break;
-    }
-    case "PS256":
-    case "PS384":
-    case "PS512": {
-      if (!Ke(n.algorithm, "RSA-PSS")) throw ne("RSA-PSS");
-      const o = parseInt(e.slice(2), 10);
-      if (en(n.algorithm.hash) !== o) throw ne("SHA-".concat(o), "algorithm.hash");
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA":
-      if (!Ke(n.algorithm, "Ed25519")) throw ne("Ed25519");
-      break;
-    case "ML-DSA-44":
-    case "ML-DSA-65":
-    case "ML-DSA-87":
-      if (!Ke(n.algorithm, e)) throw ne(e);
-      break;
-    case "ES256":
-    case "ES384":
-    case "ES512": {
-      if (!Ke(n.algorithm, "ECDSA")) throw ne("ECDSA");
-      const o = (function(r) {
-        switch (r) {
-          case "ES256":
-            return "P-256";
-          case "ES384":
-            return "P-384";
-          case "ES512":
-            return "P-521";
-          default:
-            throw new Error("unreachable");
-        }
-      })(e);
-      if (n.algorithm.namedCurve !== o) throw ne(o, "algorithm.namedCurve");
-      break;
-    }
-    default:
-      throw new TypeError("CryptoKey does not support this operation");
-  }
-  (function(o, r) {
-    if (!o.usages.includes(r)) throw new TypeError("CryptoKey does not support this operation, its usages must include ".concat(r, "."));
-  })(n, t);
-}
-function cr(n, e) {
-  for (var t = arguments.length, o = new Array(t > 2 ? t - 2 : 0), r = 2; r < t; r++) o[r - 2] = arguments[r];
-  if ((o = o.filter(Boolean)).length > 2) {
-    const a = o.pop();
-    n += "one of type ".concat(o.join(", "), ", or ").concat(a, ".");
-  } else o.length === 2 ? n += "one of type ".concat(o[0], " or ").concat(o[1], ".") : n += "of type ".concat(o[0], ".");
-  if (e == null) n += " Received ".concat(e);
-  else if (typeof e == "function" && e.name) n += " Received function ".concat(e.name);
-  else if (typeof e == "object" && e != null) {
-    var i;
-    (i = e.constructor) !== null && i !== void 0 && i.name && (n += " Received an instance of ".concat(e.constructor.name));
-  }
-  return n;
-}
-const wo = function(n, e) {
-  for (var t = arguments.length, o = new Array(t > 2 ? t - 2 : 0), r = 2; r < t; r++) o[r - 2] = arguments[r];
-  return cr("Key for the ".concat(n, " algorithm must be "), e, ...o);
-}, ur = (n) => {
-  if ((n == null ? void 0 : n[Symbol.toStringTag]) === "CryptoKey") return !0;
-  try {
-    return n instanceof CryptoKey;
-  } catch {
-    return !1;
-  }
-}, lr = (n) => (n == null ? void 0 : n[Symbol.toStringTag]) === "KeyObject", vo = (n) => ur(n) || lr(n);
-function ve(n) {
-  if (typeof (e = n) != "object" || e === null || Object.prototype.toString.call(n) !== "[object Object]") return !1;
-  var e;
-  if (Object.getPrototypeOf(n) === null) return !0;
-  let t = n;
-  for (; Object.getPrototypeOf(t) !== null; ) t = Object.getPrototypeOf(t);
-  return Object.getPrototypeOf(n) === t;
-}
-const tn = (n, e) => {
-  if (n.byteLength !== e.length) return !1;
-  for (let t = 0; t < n.byteLength; t++) if (n[t] !== e[t]) return !1;
-  return !0;
-}, nt = (n) => {
-  const e = n.data[n.pos++];
-  if (128 & e) {
-    const t = 127 & e;
-    let o = 0;
-    for (let r = 0; r < t; r++) o = o << 8 | n.data[n.pos++];
-    return o;
-  }
-  return e;
-}, ot = (n, e, t) => {
-  if (n.data[n.pos++] !== e) throw new Error(t);
-}, bo = (n, e) => {
-  const t = n.data.subarray(n.pos, n.pos + e);
-  return n.pos += e, t;
-}, Xi = (n) => {
-  const e = ((r) => {
-    ot(r, 6, "Expected algorithm OID");
-    const i = nt(r);
-    return bo(r, i);
-  })(n);
-  if (tn(e, [43, 101, 110])) return "X25519";
-  if (!tn(e, [42, 134, 72, 206, 61, 2, 1])) throw new Error("Unsupported key algorithm");
-  ot(n, 6, "Expected curve OID");
-  const t = nt(n), o = bo(n, t);
-  for (const { name: r, oid: i } of [{ name: "P-256", oid: [42, 134, 72, 206, 61, 3, 1, 7] }, { name: "P-384", oid: [43, 129, 4, 0, 34] }, { name: "P-521", oid: [43, 129, 4, 0, 35] }]) if (tn(o, i)) return r;
-  throw new Error("Unsupported named curve");
-}, Yi = async (n, e, t, o) => {
-  var r;
-  let i, a;
-  const s = () => ["sign"];
-  switch (t) {
-    case "PS256":
-    case "PS384":
-    case "PS512":
-      i = { name: "RSA-PSS", hash: "SHA-".concat(t.slice(-3)) }, a = s();
-      break;
-    case "RS256":
-    case "RS384":
-    case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-".concat(t.slice(-3)) }, a = s();
-      break;
-    case "RSA-OAEP":
-    case "RSA-OAEP-256":
-    case "RSA-OAEP-384":
-    case "RSA-OAEP-512":
-      i = { name: "RSA-OAEP", hash: "SHA-".concat(parseInt(t.slice(-3), 10) || 1) }, a = ["decrypt", "unwrapKey"];
-      break;
-    case "ES256":
-    case "ES384":
-    case "ES512":
-      i = { name: "ECDSA", namedCurve: { ES256: "P-256", ES384: "P-384", ES512: "P-521" }[t] }, a = s();
-      break;
-    case "ECDH-ES":
-    case "ECDH-ES+A128KW":
-    case "ECDH-ES+A192KW":
-    case "ECDH-ES+A256KW":
-      try {
-        const c = o.getNamedCurve(e);
-        i = c === "X25519" ? { name: "X25519" } : { name: "ECDH", namedCurve: c };
-      } catch {
-        throw new V("Invalid or unsupported key format");
-      }
-      a = ["deriveBits"];
-      break;
-    case "Ed25519":
-    case "EdDSA":
-      i = { name: "Ed25519" }, a = s();
-      break;
-    case "ML-DSA-44":
-    case "ML-DSA-65":
-    case "ML-DSA-87":
-      i = { name: t }, a = s();
-      break;
-    default:
-      throw new V('Invalid or unsupported "alg" (Algorithm) value');
-  }
-  return crypto.subtle.importKey(n, e, i, (r = o == null ? void 0 : o.extractable) !== null && r !== void 0 ? r : !1, a);
-}, Qi = (n, e, t) => {
-  var o;
-  const r = ((a, s) => or(a.replace(s, "")))(n, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);
-  let i = t;
-  return e != null && (o = e.startsWith) !== null && o !== void 0 && o.call(e, "ECDH-ES") && (i || (i = {}), i.getNamedCurve = (a) => {
-    const s = { data: a, pos: 0 };
-    return (function(c) {
-      ot(c, 48, "Invalid PKCS#8 structure"), nt(c), ot(c, 2, "Expected version field");
-      const u = nt(c);
-      c.pos += u, ot(c, 48, "Expected algorithm identifier"), nt(c);
-    })(s), Xi(s);
-  }), Yi("pkcs8", r, e, i);
-};
-async function At(n) {
-  var e, t;
-  if (!n.alg) throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: o, keyUsages: r } = (function(a) {
-    let s, c;
-    switch (a.kty) {
-      case "AKP":
-        switch (a.alg) {
-          case "ML-DSA-44":
-          case "ML-DSA-65":
-          case "ML-DSA-87":
-            s = { name: a.alg }, c = a.priv ? ["sign"] : ["verify"];
-            break;
-          default:
-            throw new V('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-        }
-        break;
-      case "RSA":
-        switch (a.alg) {
-          case "PS256":
-          case "PS384":
-          case "PS512":
-            s = { name: "RSA-PSS", hash: "SHA-".concat(a.alg.slice(-3)) }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "RS256":
-          case "RS384":
-          case "RS512":
-            s = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-".concat(a.alg.slice(-3)) }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "RSA-OAEP":
-          case "RSA-OAEP-256":
-          case "RSA-OAEP-384":
-          case "RSA-OAEP-512":
-            s = { name: "RSA-OAEP", hash: "SHA-".concat(parseInt(a.alg.slice(-3), 10) || 1) }, c = a.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
-            break;
-          default:
-            throw new V('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-        }
-        break;
-      case "EC":
-        switch (a.alg) {
-          case "ES256":
-            s = { name: "ECDSA", namedCurve: "P-256" }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "ES384":
-            s = { name: "ECDSA", namedCurve: "P-384" }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "ES512":
-            s = { name: "ECDSA", namedCurve: "P-521" }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "ECDH-ES":
-          case "ECDH-ES+A128KW":
-          case "ECDH-ES+A192KW":
-          case "ECDH-ES+A256KW":
-            s = { name: "ECDH", namedCurve: a.crv }, c = a.d ? ["deriveBits"] : [];
-            break;
-          default:
-            throw new V('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-        }
-        break;
-      case "OKP":
-        switch (a.alg) {
-          case "Ed25519":
-          case "EdDSA":
-            s = { name: "Ed25519" }, c = a.d ? ["sign"] : ["verify"];
-            break;
-          case "ECDH-ES":
-          case "ECDH-ES+A128KW":
-          case "ECDH-ES+A192KW":
-          case "ECDH-ES+A256KW":
-            s = { name: a.crv }, c = a.d ? ["deriveBits"] : [];
-            break;
-          default:
-            throw new V('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-        }
-        break;
-      default:
-        throw new V('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
-    }
-    return { algorithm: s, keyUsages: c };
-  })(n), i = S({}, n);
-  return i.kty !== "AKP" && delete i.alg, delete i.use, crypto.subtle.importKey("jwk", i, o, (e = n.ext) !== null && e !== void 0 ? e : !n.d && !n.priv, (t = n.key_ops) !== null && t !== void 0 ? t : r);
-}
-const Pn = (n) => ve(n) && typeof n.kty == "string";
-let me;
-const _o = async function(n, e, t) {
-  let o = arguments.length > 3 && arguments[3] !== void 0 && arguments[3];
-  me || (me = /* @__PURE__ */ new WeakMap());
-  let r = me.get(n);
-  if (r != null && r[t]) return r[t];
-  const i = await At(S(S({}, e), {}, { alg: t }));
-  return o && Object.freeze(n), r ? r[t] = i : me.set(n, { [t]: i }), i;
-};
-async function $i(n, e) {
-  if (n instanceof Uint8Array || ur(n)) return n;
-  if (lr(n)) {
-    if (n.type === "secret") return n.export();
-    if ("toCryptoKey" in n && typeof n.toCryptoKey == "function") try {
-      return ((o, r) => {
-        me || (me = /* @__PURE__ */ new WeakMap());
-        let i = me.get(o);
-        if (i != null && i[r]) return i[r];
-        const a = o.type === "public", s = !!a;
-        let c;
-        if (o.asymmetricKeyType === "x25519") {
-          switch (r) {
-            case "ECDH-ES":
-            case "ECDH-ES+A128KW":
-            case "ECDH-ES+A192KW":
-            case "ECDH-ES+A256KW":
-              break;
-            default:
-              throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-          }
-          c = o.toCryptoKey(o.asymmetricKeyType, s, a ? [] : ["deriveBits"]);
-        }
-        if (o.asymmetricKeyType === "ed25519") {
-          if (r !== "EdDSA" && r !== "Ed25519") throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-          c = o.toCryptoKey(o.asymmetricKeyType, s, [a ? "verify" : "sign"]);
-        }
-        switch (o.asymmetricKeyType) {
-          case "ml-dsa-44":
-          case "ml-dsa-65":
-          case "ml-dsa-87":
-            if (r !== o.asymmetricKeyType.toUpperCase()) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-            c = o.toCryptoKey(o.asymmetricKeyType, s, [a ? "verify" : "sign"]);
-        }
-        if (o.asymmetricKeyType === "rsa") {
-          let l;
-          switch (r) {
-            case "RSA-OAEP":
-              l = "SHA-1";
-              break;
-            case "RS256":
-            case "PS256":
-            case "RSA-OAEP-256":
-              l = "SHA-256";
-              break;
-            case "RS384":
-            case "PS384":
-            case "RSA-OAEP-384":
-              l = "SHA-384";
-              break;
-            case "RS512":
-            case "PS512":
-            case "RSA-OAEP-512":
-              l = "SHA-512";
-              break;
-            default:
-              throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-          }
-          if (r.startsWith("RSA-OAEP")) return o.toCryptoKey({ name: "RSA-OAEP", hash: l }, s, a ? ["encrypt"] : ["decrypt"]);
-          c = o.toCryptoKey({ name: r.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5", hash: l }, s, [a ? "verify" : "sign"]);
-        }
-        if (o.asymmetricKeyType === "ec") {
-          var u;
-          const l = (/* @__PURE__ */ new Map([["prime256v1", "P-256"], ["secp384r1", "P-384"], ["secp521r1", "P-521"]])).get((u = o.asymmetricKeyDetails) === null || u === void 0 ? void 0 : u.namedCurve);
-          if (!l) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-          r === "ES256" && l === "P-256" && (c = o.toCryptoKey({ name: "ECDSA", namedCurve: l }, s, [a ? "verify" : "sign"])), r === "ES384" && l === "P-384" && (c = o.toCryptoKey({ name: "ECDSA", namedCurve: l }, s, [a ? "verify" : "sign"])), r === "ES512" && l === "P-521" && (c = o.toCryptoKey({ name: "ECDSA", namedCurve: l }, s, [a ? "verify" : "sign"])), r.startsWith("ECDH-ES") && (c = o.toCryptoKey({ name: "ECDH", namedCurve: l }, s, a ? [] : ["deriveBits"]));
-        }
-        if (!c) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-        return i ? i[r] = c : me.set(o, { [r]: c }), c;
-      })(n, e);
-    } catch (o) {
-      if (o instanceof TypeError) throw o;
-    }
-    let t = n.export({ format: "jwk" });
-    return _o(n, t, e);
-  }
-  if (Pn(n)) return n.k ? tt(n.k) : _o(n, n, e, !0);
-  throw new Error("unreachable");
-}
-const Ue = (n) => n == null ? void 0 : n[Symbol.toStringTag], nn = (n, e, t) => {
-  if (e.use !== void 0) {
-    let i;
-    switch (t) {
-      case "sign":
-      case "verify":
-        i = "sig";
-        break;
-      case "encrypt":
-      case "decrypt":
-        i = "enc";
-    }
-    if (e.use !== i) throw new TypeError('Invalid key for this operation, its "use" must be "'.concat(i, '" when present'));
-  }
-  if (e.alg !== void 0 && e.alg !== n) throw new TypeError('Invalid key for this operation, its "alg" must be "'.concat(n, '" when present'));
-  if (Array.isArray(e.key_ops)) {
-    var o, r;
-    let i;
-    switch (!0) {
-      case t === "verify":
-      case n === "dir":
-      case n.includes("CBC-HS"):
-        i = t;
-        break;
-      case n.startsWith("PBES2"):
-        i = "deriveBits";
-        break;
-      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(n):
-        i = !n.includes("GCM") && n.endsWith("KW") ? "unwrapKey" : t;
-        break;
-      case t === "encrypt":
-        i = "wrapKey";
-        break;
-      case t === "decrypt":
-        i = n.startsWith("RSA") ? "unwrapKey" : "deriveBits";
-    }
-    if (i && ((o = e.key_ops) === null || o === void 0 || (r = o.includes) === null || r === void 0 ? void 0 : r.call(o, i)) === !1) throw new TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(i, '" when present'));
-  }
-  return !0;
-};
-function ea(n, e, t) {
-  switch (n.substring(0, 2)) {
-    case "A1":
-    case "A2":
-    case "di":
-    case "HS":
-    case "PB":
-      ((o, r, i) => {
-        if (!(r instanceof Uint8Array)) {
-          if (Pn(r)) {
-            if (((a) => a.kty === "oct" && typeof a.k == "string")(r) && nn(o, r, i)) return;
-            throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
-          }
-          if (!vo(r)) throw new TypeError(wo(o, r, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
-          if (r.type !== "secret") throw new TypeError("".concat(Ue(r), ' instances for symmetric algorithms must be of type "secret"'));
-        }
-      })(n, e, t);
-      break;
-    default:
-      ((o, r, i) => {
-        if (Pn(r)) switch (i) {
-          case "decrypt":
-          case "sign":
-            if (((a) => a.kty !== "oct" && (a.kty === "AKP" && typeof a.priv == "string" || typeof a.d == "string"))(r) && nn(o, r, i)) return;
-            throw new TypeError("JSON Web Key for this operation must be a private JWK");
-          case "encrypt":
-          case "verify":
-            if (((a) => a.kty !== "oct" && a.d === void 0 && a.priv === void 0)(r) && nn(o, r, i)) return;
-            throw new TypeError("JSON Web Key for this operation must be a public JWK");
-        }
-        if (!vo(r)) throw new TypeError(wo(o, r, "CryptoKey", "KeyObject", "JSON Web Key"));
-        if (r.type === "secret") throw new TypeError("".concat(Ue(r), ' instances for asymmetric algorithms must not be of type "secret"'));
-        if (r.type === "public") switch (i) {
-          case "sign":
-            throw new TypeError("".concat(Ue(r), ' instances for asymmetric algorithm signing must be of type "private"'));
-          case "decrypt":
-            throw new TypeError("".concat(Ue(r), ' instances for asymmetric algorithm decryption must be of type "private"'));
-        }
-        if (r.type === "private") switch (i) {
-          case "verify":
-            throw new TypeError("".concat(Ue(r), ' instances for asymmetric algorithm verifying must be of type "public"'));
-          case "encrypt":
-            throw new TypeError("".concat(Ue(r), ' instances for asymmetric algorithm encryption must be of type "public"'));
-        }
-      })(n, e, t);
-  }
-}
-var wt, on;
-let re, ko;
-(typeof navigator > "u" || (wt = navigator.userAgent) === null || wt === void 0 || (on = wt.startsWith) === null || on === void 0 || !on.call(wt, "Mozilla/5.0 ")) && (ko = "".concat("openid-client", "/").concat("v6.8.1"), re = { "user-agent": ko });
-const N = (n) => Tt.get(n);
-let Tt, vt;
-function hr(n) {
-  return n !== void 0 ? po(n) : (vt || (vt = /* @__PURE__ */ new WeakMap()), (e, t, o, r) => {
-    let i;
-    return (i = vt.get(t)) || ((function(a, s) {
-      if (typeof a != "string") throw ie("".concat(s, " must be a string"), ht);
-      if (a.length === 0) throw ie("".concat(s, " must not be empty"), lt);
-    })(t.client_secret, '"metadata.client_secret"'), i = po(t.client_secret), vt.set(t, i)), i(e, t, o, r);
-  });
-}
-const ye = te, lt = "ERR_INVALID_ARG_VALUE", ht = "ERR_INVALID_ARG_TYPE";
-function ie(n, e, t) {
-  const o = new TypeError(n, { cause: t });
-  return Object.assign(o, { code: e }), o;
-}
-function ta(n) {
-  return (async function(e) {
-    return D(e, "codeVerifier"), xe(await crypto.subtle.digest("SHA-256", Me(e)));
-  })(n);
-}
-function na() {
-  return qo();
-}
-class Dt extends Error {
-  constructor(e, t) {
-    var o;
-    super(e, t), _(this, "code", void 0), this.name = this.constructor.name, this.code = t == null ? void 0 : t.code, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
-  }
-}
-function z(n, e, t) {
-  return new Dt(n, { cause: e, code: t });
-}
-function H(n) {
-  if (n instanceof TypeError || n instanceof Dt || n instanceof zt || n instanceof Bo || n instanceof Hn) throw n;
-  if (n instanceof Wn) switch (n.code) {
-    case er:
-      throw z("only requests to HTTPS are allowed", n, n.code);
-    case tr:
-      throw z("only requests to HTTP or HTTPS are allowed", n, n.code);
-    case Fn:
-      throw z("unexpected HTTP response status code", n.cause, n.code);
-    case $o:
-      throw z("unexpected response content-type", n.cause, n.code);
-    case jt:
-      throw z("parsing error occured", n, n.code);
-    case T:
-      throw z("invalid response encountered", n, n.code);
-    case se:
-      throw z("unexpected JWT claim value encountered", n, n.code);
-    case En:
-      throw z("unexpected JSON attribute value encountered", n, n.code);
-    case it:
-      throw z("JWT timestamp claim value failed validation", n, n.code);
-    default:
-      throw z(n.message, n, n.code);
-  }
-  if (n instanceof F) throw z("unsupported operation", n, n.code);
-  if (n instanceof DOMException) switch (n.name) {
-    case "OperationError":
-      throw z("runtime operation error", n, Sn);
-    case "NotSupportedError":
-      throw z("runtime unsupported operation", n, Sn);
-    case "TimeoutError":
-      throw z("operation timed out", n, "OAUTH_TIMEOUT");
-    case "AbortError":
-      throw z("operation aborted", n, "OAUTH_ABORT");
-  }
-  throw new Dt("something went wrong", { cause: n });
-}
-async function oa(n, e, t, o, r) {
-  const i = await (async function(c, u) {
-    var l, f;
-    if (!(c instanceof URL)) throw ie('"server" must be an instance of URL', ht);
-    const h = !c.href.includes("/.well-known/"), d = (l = u == null ? void 0 : u.timeout) !== null && l !== void 0 ? l : 30, w = AbortSignal.timeout(1e3 * d), m = await (h ? Si(c, { algorithm: u == null ? void 0 : u.algorithm, [te]: u == null ? void 0 : u[ye], [q]: u == null || (f = u.execute) === null || f === void 0 ? void 0 : f.includes(Ao), signal: w, headers: new Headers(re) }) : ((u == null ? void 0 : u[ye]) || fetch)((zn(c, u == null || (p = u.execute) === null || p === void 0 || !p.includes(Ao)), c.href), { headers: Object.fromEntries(new Headers(S({ accept: "application/json" }, re)).entries()), body: void 0, method: "GET", redirect: "manual", signal: w })).then(((g) => (async function(b, k) {
-      const E = b;
-      if (!(E instanceof URL) && E !== Qt) throw R('"expectedIssuerIdentifier" must be an instance of URL', "ERR_INVALID_ARG_TYPE");
-      if (!Ge(k, Response)) throw R('"response" must be an instance of Response', "ERR_INVALID_ARG_TYPE");
-      if (k.status !== 200) throw A('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)', Fn, k);
-      ut(k);
-      const y = await Ht(k);
-      if (D(y.issuer, '"response" body "issuer" property', T, { body: y }), E !== Qt && new URL(y.issuer).href !== E.href) throw A('"response" body "issuer" property does not match the expected value', En, { expected: E.href, body: y, attribute: "issuer" });
-      return y;
-    })(Qt, g))).catch(H);
-    var p;
-    return h && new URL(m.issuer).href !== c.href && ((function(g, b, k) {
-      return !(g.origin !== "https://login.microsoftonline.com" || k != null && k.algorithm && k.algorithm !== "oidc" || (b[dr] = !0, 0));
-    })(c, m, u) || (function(g, b) {
-      return !(!g.hostname.endsWith(".b2clogin.com") || b != null && b.algorithm && b.algorithm !== "oidc");
-    })(c, u) || (() => {
-      throw new Dt("discovered metadata issuer does not match the expected issuer", { code: En, cause: { expected: c.href, body: m, attribute: "issuer" } });
-    })()), m;
-  })(n, r), a = new Lt(i, e, t, o);
-  let s = N(a);
-  if (r != null && r[ye] && (s.fetch = r[ye]), r != null && r.timeout && (s.timeout = r.timeout), r != null && r.execute) for (const c of r.execute) c(a);
-  return a;
-}
-new TextDecoder();
-const dr = Symbol();
-class Lt {
-  constructor(e, t, o, r) {
-    var i, a, s, c, u;
-    if (typeof t != "string" || !t.length) throw ie('"clientId" must be a non-empty string', ht);
-    if (typeof o == "string" && (o = { client_secret: o }), ((i = o) === null || i === void 0 ? void 0 : i.client_id) !== void 0 && t !== o.client_id) throw ie('"clientId" and "metadata.client_id" must be the same', lt);
-    const l = S(S({}, structuredClone(o)), {}, { client_id: t });
-    let f;
-    l[wn] = (a = (s = o) === null || s === void 0 ? void 0 : s[wn]) !== null && a !== void 0 ? a : 0, l[vn] = (c = (u = o) === null || u === void 0 ? void 0 : u[vn]) !== null && c !== void 0 ? c : 30, f = r || (typeof l.client_secret == "string" && l.client_secret.length ? hr(l.client_secret) : (m, p, g, b) => {
-      g.set("client_id", p.client_id);
-    });
-    let h = Object.freeze(l);
-    const d = structuredClone(e);
-    dr in e && (d[nr] = (m) => {
-      let { claims: { tid: p } } = m;
-      return e.issuer.replace("{tenantid}", p);
-    });
-    let w = Object.freeze(d);
-    Tt || (Tt = /* @__PURE__ */ new WeakMap()), Tt.set(this, { __proto__: null, as: w, c: h, auth: f, tlsOnly: !0, jwksCache: {} });
-  }
-  serverMetadata() {
-    const e = structuredClone(N(this).as);
-    return (function(t) {
-      Object.defineProperties(t, /* @__PURE__ */ (function(o) {
-        return { supportsPKCE: { __proto__: null, value() {
-          var r;
-          let i = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "S256";
-          return ((r = o.code_challenge_methods_supported) === null || r === void 0 ? void 0 : r.includes(i)) === !0;
-        } } };
-      })(t));
-    })(e), e;
-  }
-  clientMetadata() {
-    return structuredClone(N(this).c);
-  }
-  get timeout() {
-    return N(this).timeout;
-  }
-  set timeout(e) {
-    N(this).timeout = e;
-  }
-  get [ye]() {
-    return N(this).fetch;
-  }
-  set [ye](e) {
-    N(this).fetch = e;
-  }
-}
-function dt(n) {
-  Object.defineProperties(n, (function(e) {
-    let t;
-    if (e.expires_in !== void 0) {
-      const o = /* @__PURE__ */ new Date();
-      o.setSeconds(o.getSeconds() + e.expires_in), t = o.getTime();
-    }
-    return { expiresIn: { __proto__: null, value() {
-      if (t) {
-        const o = Date.now();
-        return t > o ? Math.floor((t - o) / 1e3) : 0;
-      }
-    } }, claims: { __proto__: null, value() {
-      try {
-        return kn(this);
-      } catch {
-        return;
-      }
-    } } };
-  })(n));
-}
-async function So(n, e, t) {
-  var o;
-  let r = arguments.length > 3 && arguments[3] !== void 0 && arguments[3];
-  const i = (o = n.headers.get("retry-after")) === null || o === void 0 ? void 0 : o.trim();
-  if (i === void 0) return;
-  let a;
-  if (/^\d+$/.test(i)) a = parseInt(i, 10);
-  else {
-    const s = new Date(i);
-    if (Number.isFinite(s.getTime())) {
-      const c = /* @__PURE__ */ new Date(), u = s.getTime() - c.getTime();
-      u > 0 && (a = Math.ceil(u / 1e3));
-    }
-  }
-  if (r && !Number.isFinite(a)) throw new Wn("invalid Retry-After header value", { cause: n });
-  a > e && await pr(a - e, t);
-}
-function pr(n, e) {
-  return new Promise(((t, o) => {
-    const r = (i) => {
-      try {
-        e.throwIfAborted();
-      } catch (s) {
-        return void o(s);
-      }
-      if (i <= 0) return void t();
-      const a = Math.min(i, 5);
-      setTimeout((() => r(i - a)), 1e3 * a);
-    };
-    r(n);
-  }));
-}
-async function Eo(n, e) {
-  ue(n);
-  const { as: t, c: o, auth: r, fetch: i, tlsOnly: a, timeout: s } = N(n);
-  return (async function(c, u, l, f, h) {
-    $(c), ee(u);
-    const d = st(c, "backchannel_authentication_endpoint", u.use_mtls_endpoint_aliases, (h == null ? void 0 : h[q]) !== !0), w = new URLSearchParams(f);
-    w.set("client_id", u.client_id);
-    const m = Wt(h == null ? void 0 : h.headers);
-    return m.set("accept", "application/json"), Jn(c, u, l, d, w, m, h);
-  })(t, o, r, e, { [te]: i, [q]: !a, headers: new Headers(re), signal: je(s) }).then(((c) => (async function(u, l, f) {
-    if ($(u), ee(l), !Ge(f, Response)) throw R('"response" must be an instance of Response', "ERR_INVALID_ARG_TYPE");
-    await Mn(f, 200, "Backchannel Authentication Endpoint"), ut(f);
-    const h = await Ht(f);
-    D(h.auth_req_id, '"response" body "auth_req_id" property', T, { body: h });
-    let d = typeof h.expires_in != "number" ? parseFloat(h.expires_in) : h.expires_in;
-    return ge(d, !0, '"response" body "expires_in" property', T, { body: h }), h.expires_in = d, h.interval !== void 0 && ge(h.interval, !1, '"response" body "interval" property', T, { body: h }), h;
-  })(t, o, c))).catch(H);
-}
-async function fr(n, e, t, o) {
-  var r, i;
-  ue(n), t = new URLSearchParams(t);
-  let a = (r = e.interval) !== null && r !== void 0 ? r : 5;
-  const s = (i = o == null ? void 0 : o.signal) !== null && i !== void 0 ? i : AbortSignal.timeout(1e3 * e.expires_in);
-  try {
-    await pr(a, s);
-  } catch (y) {
-    H(y);
-  }
-  const { as: c, c: u, auth: l, fetch: f, tlsOnly: h, nonRepudiation: d, timeout: w, decrypt: m } = N(n), p = (y, P) => fr(n, S(S({}, e), {}, { interval: y }), t, S(S({}, o), {}, { signal: s, flag: P })), g = await (async function(y, P, J, U, he) {
-    $(y), ee(P), D(U, '"authReqId"');
-    const M = new URLSearchParams(he == null ? void 0 : he.additionalParameters);
-    return M.set("auth_req_id", U), ct(y, P, J, "urn:openid:params:grant-type:ciba", M, he);
-  })(c, u, l, e.auth_req_id, { [te]: f, [q]: !h, additionalParameters: t, DPoP: o == null ? void 0 : o.DPoP, headers: new Headers(re), signal: s.aborted ? s : je(w) }).catch(H);
-  var b;
-  if (g.status === 503 && g.headers.has("retry-after")) return await So(g, a, s, !0), await ((b = g.body) === null || b === void 0 ? void 0 : b.cancel()), p(a);
-  const k = (async function(y, P, J, U) {
-    return Ve(y, P, J, void 0, U == null ? void 0 : U[ce], U == null ? void 0 : U.recognizedTokenTypes);
-  })(c, u, g, { [ce]: m });
-  let E;
-  try {
-    E = await k;
-  } catch (y) {
-    if (pt(y, o)) return p(a, we);
-    if (y instanceof zt) switch (y.error) {
-      case "slow_down":
-        a += 5;
-      case "authorization_pending":
-        return await So(y.response, a, s), p(a);
-    }
-    H(y);
-  }
-  return E.id_token && await (d == null ? void 0 : d(g)), dt(E), E;
-}
-function Ao(n) {
-  N(n).tlsOnly = !1;
-}
-async function mr(n, e, t, o, r) {
-  if (ue(n), !((r == null ? void 0 : r.flag) === we || e instanceof URL || (function(y, P) {
-    try {
-      return Object.getPrototypeOf(y)[Symbol.toStringTag] === P;
-    } catch {
-      return !1;
-    }
-  })(e, "Request"))) throw ie('"currentUrl" must be an instance of URL, or Request', ht);
-  let i, a;
-  const { as: s, c, auth: u, fetch: l, tlsOnly: f, jarm: h, hybrid: d, nonRepudiation: w, timeout: m, decrypt: p, implicit: g } = N(n);
-  if ((r == null ? void 0 : r.flag) === we) i = r.authResponse, a = r.redirectUri;
-  else {
-    if (!(e instanceof URL)) {
-      const y = e;
-      switch (e = new URL(e.url), y.method) {
-        case "GET":
-          break;
-        case "POST":
-          const P = new URLSearchParams(await Vi(y));
-          if (d) e.hash = P.toString();
-          else for (const [J, U] of P.entries()) e.searchParams.append(J, U);
-          break;
-        default:
-          throw ie("unexpected Request HTTP method", lt);
-      }
-    }
-    switch (a = (function(y) {
-      return (y = new URL(y)).search = "", y.hash = "", y.href;
-    })(e), !0) {
-      case !!h:
-        i = await h(e, t == null ? void 0 : t.expectedState);
-        break;
-      case !!d:
-        i = await d(e, t == null ? void 0 : t.expectedNonce, t == null ? void 0 : t.expectedState, t == null ? void 0 : t.maxAge);
-        break;
-      case !!g:
-        throw new TypeError("authorizationCodeGrant() cannot be used by response_type=id_token clients");
-      default:
-        try {
-          i = qi(s, c, e.searchParams, t == null ? void 0 : t.expectedState);
-        } catch (y) {
-          H(y);
-        }
-    }
-  }
-  const b = await (async function(y, P, J, U, he, M, De) {
-    if ($(y), ee(P), !Vn.has(U)) throw R('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()', "ERR_INVALID_ARG_VALUE");
-    D(he, '"redirectUri"');
-    const Qn = Pe(U, "code");
-    if (!Qn) throw A('no authorization code in "callbackParameters"', T);
-    const ft = new URLSearchParams(De == null ? void 0 : De.additionalParameters);
-    return ft.set("redirect_uri", he), ft.set("code", Qn), M !== mo && (D(M, '"codeVerifier"'), ft.set("code_verifier", M)), ct(y, P, J, "authorization_code", ft, De);
-  })(s, c, u, i, a, (t == null ? void 0 : t.pkceCodeVerifier) || mo, { additionalParameters: o, [te]: l, [q]: !f, DPoP: r == null ? void 0 : r.DPoP, headers: new Headers(re), signal: je(m) }).catch(H);
-  typeof (t == null ? void 0 : t.expectedNonce) != "string" && typeof (t == null ? void 0 : t.maxAge) != "number" || (t.idTokenExpected = !0);
-  const k = Ui(s, c, b, { expectedNonce: t == null ? void 0 : t.expectedNonce, maxAge: t == null ? void 0 : t.maxAge, requireIdToken: t == null ? void 0 : t.idTokenExpected, [ce]: p });
-  let E;
-  try {
-    E = await k;
-  } catch (y) {
-    if (pt(y, r)) return mr(n, void 0, t, o, S(S({}, r), {}, { flag: we, authResponse: i, redirectUri: a }));
-    H(y);
-  }
-  return E.id_token && await (w == null ? void 0 : w(b)), dt(E), E;
-}
-async function yr(n, e, t, o) {
-  ue(n), t = new URLSearchParams(t);
-  const { as: r, c: i, auth: a, fetch: s, tlsOnly: c, nonRepudiation: u, timeout: l, decrypt: f } = N(n), h = await (async function(m, p, g, b, k) {
-    $(m), ee(p), D(b, '"refreshToken"');
-    const E = new URLSearchParams(k == null ? void 0 : k.additionalParameters);
-    return E.set("refresh_token", b), ct(m, p, g, "refresh_token", E, k);
-  })(r, i, a, e, { [te]: s, [q]: !c, additionalParameters: t, DPoP: o == null ? void 0 : o.DPoP, headers: new Headers(re), signal: je(l) }).catch(H), d = (async function(m, p, g, b) {
-    return Ve(m, p, g, void 0, b == null ? void 0 : b[ce], b == null ? void 0 : b.recognizedTokenTypes);
-  })(r, i, h, { [ce]: f });
-  let w;
-  try {
-    w = await d;
-  } catch (m) {
-    if (pt(m, o)) return yr(n, e, t, S(S({}, o), {}, { flag: we }));
-    H(m);
-  }
-  return w.id_token && await (u == null ? void 0 : u(h)), dt(w), w;
-}
-async function gr(n, e, t) {
-  ue(n), e = new URLSearchParams(e);
-  const { as: o, c: r, auth: i, fetch: a, tlsOnly: s, timeout: c } = N(n), u = await (async function(h, d, w, m, p) {
-    return $(h), ee(d), ct(h, d, w, "client_credentials", new URLSearchParams(m), p);
-  })(o, r, i, e, { [te]: a, [q]: !s, DPoP: t == null ? void 0 : t.DPoP, headers: new Headers(re), signal: je(c) }).catch(H), l = (async function(h, d, w, m) {
-    return Ve(h, d, w, void 0, void 0, void 0);
-  })(o, r, u);
-  let f;
-  try {
-    f = await l;
-  } catch (h) {
-    if (pt(h, t)) return gr(n, e, S(S({}, t), {}, { flag: we }));
-    H(h);
-  }
-  return dt(f), f;
-}
-function Rn(n, e) {
-  ue(n);
-  const { as: t, c: o, tlsOnly: r, hybrid: i, jarm: a, implicit: s } = N(n), c = st(t, "authorization_endpoint", !1, r);
-  if ((e = new URLSearchParams(e)).has("client_id") || e.set("client_id", o.client_id), !e.has("request_uri") && !e.has("request")) {
-    if (e.has("response_type") || e.set("response_type", i ? "code id_token" : s ? "id_token" : "code"), s && !e.has("nonce")) throw ie("response_type=id_token clients must provide a nonce parameter in their authorization request parameters", lt);
-    a && e.set("response_mode", "jwt");
-  }
-  for (const [u, l] of e.entries()) c.searchParams.append(u, l);
-  return c;
-}
-async function wr(n, e, t) {
-  ue(n);
-  const o = Rn(n, e), { as: r, c: i, auth: a, fetch: s, tlsOnly: c, timeout: u } = N(n), l = await (async function(d, w, m, p, g) {
-    var b;
-    $(d), ee(w);
-    const k = st(d, "pushed_authorization_request_endpoint", w.use_mtls_endpoint_aliases, (g == null ? void 0 : g[q]) !== !0), E = new URLSearchParams(p);
-    E.set("client_id", w.client_id);
-    const y = Wt(g == null ? void 0 : g.headers);
-    y.set("accept", "application/json"), (g == null ? void 0 : g.DPoP) !== void 0 && (Xo(g.DPoP), await g.DPoP.addProof(k, y, "POST"));
-    const P = await Jn(d, w, m, k, E, y, g);
-    return g == null || (b = g.DPoP) === null || b === void 0 || b.cacheNonce(P, k), P;
-  })(r, i, a, o.searchParams, { [te]: s, [q]: !c, DPoP: t == null ? void 0 : t.DPoP, headers: new Headers(re), signal: je(u) }).catch(H), f = (async function(d, w, m) {
-    if ($(d), ee(w), !Ge(m, Response)) throw R('"response" must be an instance of Response', "ERR_INVALID_ARG_TYPE");
-    await Mn(m, 201, "Pushed Authorization Request Endpoint"), ut(m);
-    const p = await Ht(m);
-    D(p.request_uri, '"response" body "request_uri" property', T, { body: p });
-    let g = typeof p.expires_in != "number" ? parseFloat(p.expires_in) : p.expires_in;
-    return ge(g, !0, '"response" body "expires_in" property', T, { body: p }), p.expires_in = g, p;
-  })(r, i, l);
-  let h;
-  try {
-    h = await f;
-  } catch (d) {
-    if (pt(d, t)) return wr(n, e, S(S({}, t), {}, { flag: we }));
-    H(d);
-  }
-  return Rn(n, { request_uri: h.request_uri });
-}
-function ue(n) {
-  if (!(n instanceof Lt)) throw ie('"config" must be an instance of Configuration', ht);
-  if (Object.getPrototypeOf(n) !== Lt.prototype) throw ie("subclassing Configuration is not allowed", lt);
-}
-function je(n) {
-  return n ? AbortSignal.timeout(1e3 * n) : void 0;
-}
-function pt(n, e) {
-  return !(e == null || !e.DPoP || e.flag === we) && (function(t) {
-    if (t instanceof Hn) {
-      const { 0: o, length: r } = t.cause;
-      return r === 1 && o.scheme === "dpop" && o.parameters.error === "use_dpop_nonce";
-    }
-    return t instanceof zt && t.error === "use_dpop_nonce";
-  })(n);
-}
-Object.freeze(Lt.prototype);
-const we = Symbol();
-async function qn(n, e, t, o) {
-  ue(n);
-  const { as: r, c: i, auth: a, fetch: s, tlsOnly: c, timeout: u, decrypt: l } = N(n), f = await (async function(h, d, w, m, p, g) {
-    return $(h), ee(d), D(m, '"grantType"'), ct(h, d, w, m, new URLSearchParams(p), g);
-  })(r, i, a, e, new URLSearchParams(t), { [te]: s, [q]: !c, DPoP: void 0, headers: new Headers(re), signal: je(u) }).then(((h) => {
-    let d;
-    return e === "urn:ietf:params:oauth:grant-type:token-exchange" && (d = { n_a: () => {
-    } }), (async function(w, m, p, g) {
-      return Ve(w, m, p, void 0, g == null ? void 0 : g[ce], g == null ? void 0 : g.recognizedTokenTypes);
-    })(r, i, h, { [ce]: l, recognizedTokenTypes: d });
-  })).catch(H);
-  return dt(f), f;
-}
-async function ra(n, e, t) {
-  if (e instanceof Uint8Array) {
-    if (!n.startsWith("HS")) throw new TypeError((function(o) {
-      for (var r = arguments.length, i = new Array(r > 1 ? r - 1 : 0), a = 1; a < r; a++) i[a - 1] = arguments[a];
-      return cr("Key must be ", o, ...i);
-    })(e, "CryptoKey", "KeyObject", "JSON Web Key"));
-    return crypto.subtle.importKey("raw", e, { hash: "SHA-".concat(n.slice(-3)), name: "HMAC" }, !1, [t]);
-  }
-  return Bi(e, n, t), e;
-}
-async function ia(n, e, t, o) {
-  const r = await ra(n, e, "verify");
-  (function(a, s) {
-    if (a.startsWith("RS") || a.startsWith("PS")) {
-      const { modulusLength: c } = s.algorithm;
-      if (typeof c != "number" || c < 2048) throw new TypeError("".concat(a, " requires key modulusLength to be 2048 bits or larger"));
-    }
-  })(n, r);
-  const i = (function(a, s) {
-    const c = "SHA-".concat(a.slice(-3));
-    switch (a) {
-      case "HS256":
-      case "HS384":
-      case "HS512":
-        return { hash: c, name: "HMAC" };
-      case "PS256":
-      case "PS384":
-      case "PS512":
-        return { hash: c, name: "RSA-PSS", saltLength: parseInt(a.slice(-3), 10) >> 3 };
-      case "RS256":
-      case "RS384":
-      case "RS512":
-        return { hash: c, name: "RSASSA-PKCS1-v1_5" };
-      case "ES256":
-      case "ES384":
-      case "ES512":
-        return { hash: c, name: "ECDSA", namedCurve: s.namedCurve };
-      case "Ed25519":
-      case "EdDSA":
-        return { name: "Ed25519" };
-      case "ML-DSA-44":
-      case "ML-DSA-65":
-      case "ML-DSA-87":
-        return { name: a };
-      default:
-        throw new V("alg ".concat(a, " is not supported either by JOSE or your javascript runtime"));
-    }
-  })(n, r.algorithm);
-  try {
-    return await crypto.subtle.verify(i, r, t, o);
-  } catch {
-    return !1;
-  }
-}
-async function aa(n, e, t) {
-  if (!ve(n)) throw new K("Flattened JWS must be an object");
-  if (n.protected === void 0 && n.header === void 0) throw new K('Flattened JWS must have either of the "protected" or "header" members');
-  if (n.protected !== void 0 && typeof n.protected != "string") throw new K("JWS Protected Header incorrect type");
-  if (n.payload === void 0) throw new K("JWS Payload missing");
-  if (typeof n.signature != "string") throw new K("JWS Signature missing or incorrect type");
-  if (n.header !== void 0 && !ve(n.header)) throw new K("JWS Unprotected Header incorrect type");
-  let o = {};
-  if (n.protected) try {
-    const m = tt(n.protected);
-    o = JSON.parse(at.decode(m));
-  } catch {
-    throw new K("JWS Protected Header is invalid");
-  }
-  if (!(function() {
-    for (var m = arguments.length, p = new Array(m), g = 0; g < m; g++) p[g] = arguments[g];
-    const b = p.filter(Boolean);
-    if (b.length === 0 || b.length === 1) return !0;
-    let k;
-    for (const E of b) {
-      const y = Object.keys(E);
-      if (k && k.size !== 0) for (const P of y) {
-        if (k.has(P)) return !1;
-        k.add(P);
-      }
-      else k = new Set(y);
-    }
-    return !0;
-  })(o, n.header)) throw new K("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const r = S(S({}, o), n.header), i = (function(m, p, g, b, k) {
-    if (k.crit !== void 0 && (b == null ? void 0 : b.crit) === void 0) throw new m('"crit" (Critical) Header Parameter MUST be integrity protected');
-    if (!b || b.crit === void 0) return /* @__PURE__ */ new Set();
-    if (!Array.isArray(b.crit) || b.crit.length === 0 || b.crit.some(((y) => typeof y != "string" || y.length === 0))) throw new m('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-    let E;
-    E = g !== void 0 ? new Map([...Object.entries(g), ...p.entries()]) : p;
-    for (const y of b.crit) {
-      if (!E.has(y)) throw new V('Extension Header Parameter "'.concat(y, '" is not recognized'));
-      if (k[y] === void 0) throw new m('Extension Header Parameter "'.concat(y, '" is missing'));
-      if (E.get(y) && b[y] === void 0) throw new m('Extension Header Parameter "'.concat(y, '" MUST be integrity protected'));
-    }
-    return new Set(b.crit);
-  })(K, /* @__PURE__ */ new Map([["b64", !0]]), t == null ? void 0 : t.crit, o, r);
-  let a = !0;
-  if (i.has("b64") && (a = o.b64, typeof a != "boolean")) throw new K('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: s } = r;
-  if (typeof s != "string" || !s) throw new K('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = t && (function(m, p) {
-    if (p !== void 0 && (!Array.isArray(p) || p.some(((g) => typeof g != "string")))) throw new TypeError('"'.concat(m, '" option must be an array of strings'));
-    if (p) return new Set(p);
-  })("algorithms", t.algorithms);
-  if (c && !c.has(s)) throw new rr('"alg" (Algorithm) Header Parameter value not allowed');
-  if (a) {
-    if (typeof n.payload != "string") throw new K("JWS Payload must be a string");
-  } else if (typeof n.payload != "string" && !(n.payload instanceof Uint8Array)) throw new K("JWS Payload must be a string or an Uint8Array instance");
-  let u = !1;
-  typeof e == "function" && (e = await e(o, n), u = !0), ea(s, e, "verify");
-  const l = (function() {
-    for (var m = arguments.length, p = new Array(m), g = 0; g < m; g++) p[g] = arguments[g];
-    const b = p.reduce(((y, P) => {
-      let { length: J } = P;
-      return y + J;
-    }), 0), k = new Uint8Array(b);
-    let E = 0;
-    for (const y of p) k.set(y, E), E += y.length;
-    return k;
-  })(n.protected !== void 0 ? $t(n.protected) : new Uint8Array(), $t("."), typeof n.payload == "string" ? a ? $t(n.payload) : go.encode(n.payload) : n.payload);
-  let f;
-  try {
-    f = tt(n.signature);
-  } catch {
-    throw new K("Failed to base64url decode the signature");
-  }
-  const h = await $i(e, s);
-  if (!await ia(s, h, f, l)) throw new sr();
-  let d;
-  if (a) try {
-    d = tt(n.payload);
-  } catch {
-    throw new K("Failed to base64url decode the payload");
-  }
-  else d = typeof n.payload == "string" ? go.encode(n.payload) : n.payload;
-  const w = { payload: d };
-  return n.protected !== void 0 && (w.protectedHeader = o), n.header !== void 0 && (w.unprotectedHeader = n.header), u ? S(S({}, w), {}, { key: h }) : w;
-}
-const sa = (n) => Math.floor(n.getTime() / 1e3), ca = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
-function To(n) {
-  const e = ca.exec(n);
-  if (!e || e[4] && e[1]) throw new TypeError("Invalid time period format");
-  const t = parseFloat(e[2]);
-  let o;
-  switch (e[3].toLowerCase()) {
-    case "sec":
-    case "secs":
-    case "second":
-    case "seconds":
-    case "s":
-      o = Math.round(t);
-      break;
-    case "minute":
-    case "minutes":
-    case "min":
-    case "mins":
-    case "m":
-      o = Math.round(60 * t);
-      break;
-    case "hour":
-    case "hours":
-    case "hr":
-    case "hrs":
-    case "h":
-      o = Math.round(3600 * t);
-      break;
-    case "day":
-    case "days":
-    case "d":
-      o = Math.round(86400 * t);
-      break;
-    case "week":
-    case "weeks":
-    case "w":
-      o = Math.round(604800 * t);
-      break;
-    default:
-      o = Math.round(31557600 * t);
-  }
-  return e[1] === "-" || e[4] === "ago" ? -o : o;
-}
-const Po = (n) => n.includes("/") ? n.toLowerCase() : "application/".concat(n.toLowerCase()), ua = (n, e) => typeof n == "string" ? e.includes(n) : !!Array.isArray(n) && e.some(Set.prototype.has.bind(new Set(n)));
-async function la(n, e, t) {
-  var o;
-  const r = await (async function(s, c, u) {
-    if (s instanceof Uint8Array && (s = at.decode(s)), typeof s != "string") throw new K("Compact JWS must be a string or Uint8Array");
-    const { 0: l, 1: f, 2: h, length: d } = s.split(".");
-    if (d !== 3) throw new K("Invalid Compact JWS");
-    const w = await aa({ payload: f, protected: l, signature: h }, c, u), m = { payload: w.payload, protectedHeader: w.protectedHeader };
-    return typeof c == "function" ? S(S({}, m), {}, { key: w.key }) : m;
-  })(n, e, t);
-  if ((o = r.protectedHeader.crit) !== null && o !== void 0 && o.includes("b64") && r.protectedHeader.b64 === !1) throw new Tn("JWTs MUST NOT use unencoded payload");
-  const i = (function(s, c) {
-    let u, l = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : {};
-    try {
-      u = JSON.parse(at.decode(c));
-    } catch {
-    }
-    if (!ve(u)) throw new Tn("JWT Claims Set must be a top-level JSON object");
-    const { typ: f } = l;
-    if (f && (typeof s.typ != "string" || Po(s.typ) !== Po(f))) throw new B('unexpected "typ" JWT header value', u, "typ", "check_failed");
-    const { requiredClaims: h = [], issuer: d, subject: w, audience: m, maxTokenAge: p } = l, g = [...h];
-    p !== void 0 && g.push("iat"), m !== void 0 && g.push("aud"), w !== void 0 && g.push("sub"), d !== void 0 && g.push("iss");
-    for (const y of new Set(g.reverse())) if (!(y in u)) throw new B('missing required "'.concat(y, '" claim'), u, y, "missing");
-    if (d && !(Array.isArray(d) ? d : [d]).includes(u.iss)) throw new B('unexpected "iss" claim value', u, "iss", "check_failed");
-    if (w && u.sub !== w) throw new B('unexpected "sub" claim value', u, "sub", "check_failed");
-    if (m && !ua(u.aud, typeof m == "string" ? [m] : m)) throw new B('unexpected "aud" claim value', u, "aud", "check_failed");
-    let b;
-    switch (typeof l.clockTolerance) {
-      case "string":
-        b = To(l.clockTolerance);
-        break;
-      case "number":
-        b = l.clockTolerance;
-        break;
-      case "undefined":
-        b = 0;
-        break;
-      default:
-        throw new TypeError("Invalid clockTolerance option type");
-    }
-    const { currentDate: k } = l, E = sa(k || /* @__PURE__ */ new Date());
-    if ((u.iat !== void 0 || p) && typeof u.iat != "number") throw new B('"iat" claim must be a number', u, "iat", "invalid");
-    if (u.nbf !== void 0) {
-      if (typeof u.nbf != "number") throw new B('"nbf" claim must be a number', u, "nbf", "invalid");
-      if (u.nbf > E + b) throw new B('"nbf" claim timestamp check failed', u, "nbf", "check_failed");
-    }
-    if (u.exp !== void 0) {
-      if (typeof u.exp != "number") throw new B('"exp" claim must be a number', u, "exp", "invalid");
-      if (u.exp <= E - b) throw new An('"exp" claim timestamp check failed', u, "exp", "check_failed");
-    }
-    if (p) {
-      const y = E - u.iat;
-      if (y - b > (typeof p == "number" ? p : To(p))) throw new An('"iat" claim timestamp check failed (too far in the past)', u, "iat", "check_failed");
-      if (y < 0 - b) throw new B('"iat" claim timestamp check failed (it should be in the past)', u, "iat", "check_failed");
-    }
-    return u;
-  })(r.protectedHeader, r.payload, t), a = { payload: i, protectedHeader: r.protectedHeader };
-  return typeof e == "function" ? S(S({}, a), {}, { key: r.key }) : a;
-}
-function ha(n) {
-  return ve(n);
-}
-var bt, rn, _t = /* @__PURE__ */ new WeakMap(), an = /* @__PURE__ */ new WeakMap();
-class da {
-  constructor(e) {
-    if (L(this, _t, void 0), L(this, an, /* @__PURE__ */ new WeakMap()), !(function(t) {
-      return t && typeof t == "object" && Array.isArray(t.keys) && t.keys.every(ha);
-    })(e)) throw new Gn("JSON Web Key Set malformed");
-    x(_t, this, structuredClone(e));
-  }
-  jwks() {
-    return v(_t, this);
-  }
-  async getKey(e, t) {
-    const { alg: o, kid: r } = S(S({}, e), t == null ? void 0 : t.header), i = (function(u) {
-      switch (typeof u == "string" && u.slice(0, 2)) {
-        case "RS":
-        case "PS":
-          return "RSA";
-        case "ES":
-          return "EC";
-        case "Ed":
-          return "OKP";
-        case "ML":
-          return "AKP";
-        default:
-          throw new V('Unsupported "alg" value for a JSON Web Key Set');
-      }
-    })(o), a = v(_t, this).keys.filter(((u) => {
-      let l = i === u.kty;
-      if (l && typeof r == "string" && (l = r === u.kid), !l || typeof u.alg != "string" && i !== "AKP" || (l = o === u.alg), l && typeof u.use == "string" && (l = u.use === "sig"), l && Array.isArray(u.key_ops) && (l = u.key_ops.includes("verify")), l) switch (o) {
-        case "ES256":
-          l = u.crv === "P-256";
-          break;
-        case "ES384":
-          l = u.crv === "P-384";
-          break;
-        case "ES512":
-          l = u.crv === "P-521";
-          break;
-        case "Ed25519":
-        case "EdDSA":
-          l = u.crv === "Ed25519";
-      }
-      return l;
-    })), { 0: s, length: c } = a;
-    if (c === 0) throw new Zn();
-    if (c !== 1) {
-      const u = new ir(), l = v(an, this);
-      throw u[Symbol.asyncIterator] = vi((function* () {
-        for (const f of a) try {
-          yield yield wi(Ro(l, f, o));
-        } catch {
-        }
-      })), u;
-    }
-    return Ro(v(an, this), s, o);
-  }
-}
-async function Ro(n, e, t) {
-  const o = n.get(e) || n.set(e, {}).get(e);
-  if (o[t] === void 0) {
-    const r = await (async function(i, a, s) {
-      var c;
-      if (!ve(i)) throw new TypeError("JWK must be an object");
-      let u;
-      switch (a != null || (a = i.alg), u != null || (u = (c = void 0) !== null && c !== void 0 ? c : i.ext), i.kty) {
-        case "oct":
-          if (typeof i.k != "string" || !i.k) throw new TypeError('missing "k" (Key Value) Parameter value');
-          return tt(i.k);
-        case "RSA":
-          if ("oth" in i && i.oth !== void 0) throw new V('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
-          return At(S(S({}, i), {}, { alg: a, ext: u }));
-        case "AKP":
-          if (typeof i.alg != "string" || !i.alg) throw new TypeError('missing "alg" (Algorithm) Parameter value');
-          if (a !== void 0 && a !== i.alg) throw new TypeError("JWK alg and alg option value mismatch");
-          return At(S(S({}, i), {}, { ext: u }));
-        case "EC":
-        case "OKP":
-          return At(S(S({}, i), {}, { alg: a, ext: u }));
-        default:
-          throw new V('Unsupported "kty" (Key Type) Parameter value');
-      }
-    })(S(S({}, e), {}, { ext: !0 }), t);
-    if (r instanceof Uint8Array || r.type !== "public") throw new Gn("JSON Web Key Set members must be public keys");
-    o[t] = r;
-  }
-  return o[t];
-}
-function Io(n) {
-  const e = new da(n), t = async (o, r) => e.getKey(o, r);
-  return Object.defineProperties(t, { jwks: { value: () => structuredClone(e.jwks()), enumerable: !1, configurable: !1, writable: !1 } }), t;
-}
-let In;
-(typeof navigator > "u" || (bt = navigator.userAgent) === null || bt === void 0 || (rn = bt.startsWith) === null || rn === void 0 || !rn.call(bt, "Mozilla/5.0 ")) && (In = "".concat("jose", "/").concat("v6.1.3"));
-const vr = Symbol(), sn = Symbol();
-var cn = /* @__PURE__ */ new WeakMap(), un = /* @__PURE__ */ new WeakMap(), ln = /* @__PURE__ */ new WeakMap(), kt = /* @__PURE__ */ new WeakMap(), ke = /* @__PURE__ */ new WeakMap(), ae = /* @__PURE__ */ new WeakMap(), de = /* @__PURE__ */ new WeakMap(), hn = /* @__PURE__ */ new WeakMap(), Se = /* @__PURE__ */ new WeakMap(), Ee = /* @__PURE__ */ new WeakMap();
-class pa {
-  constructor(e, t) {
-    if (L(this, cn, void 0), L(this, un, void 0), L(this, ln, void 0), L(this, kt, void 0), L(this, ke, void 0), L(this, ae, void 0), L(this, de, void 0), L(this, hn, void 0), L(this, Se, void 0), L(this, Ee, void 0), !(e instanceof URL)) throw new TypeError("url must be an instance of URL");
-    var o, r;
-    x(cn, this, new URL(e.href)), x(un, this, typeof (t == null ? void 0 : t.timeoutDuration) == "number" ? t == null ? void 0 : t.timeoutDuration : 5e3), x(ln, this, typeof (t == null ? void 0 : t.cooldownDuration) == "number" ? t == null ? void 0 : t.cooldownDuration : 3e4), x(kt, this, typeof (t == null ? void 0 : t.cacheMaxAge) == "number" ? t == null ? void 0 : t.cacheMaxAge : 6e5), x(de, this, new Headers(t == null ? void 0 : t.headers)), In && !v(de, this).has("User-Agent") && v(de, this).set("User-Agent", In), v(de, this).has("accept") || (v(de, this).set("accept", "application/json"), v(de, this).append("accept", "application/jwk-set+json")), x(hn, this, t == null ? void 0 : t[vr]), (t == null ? void 0 : t[sn]) !== void 0 && (x(Ee, this, t == null ? void 0 : t[sn]), o = t == null ? void 0 : t[sn], r = v(kt, this), typeof o == "object" && o !== null && "uat" in o && typeof o.uat == "number" && !(Date.now() - o.uat >= r) && "jwks" in o && ve(o.jwks) && Array.isArray(o.jwks.keys) && Array.prototype.every.call(o.jwks.keys, ve) && (x(ke, this, v(Ee, this).uat), x(Se, this, Io(v(Ee, this).jwks))));
-  }
-  pendingFetch() {
-    return !!v(ae, this);
-  }
-  coolingDown() {
-    return typeof v(ke, this) == "number" && Date.now() < v(ke, this) + v(ln, this);
-  }
-  fresh() {
-    return typeof v(ke, this) == "number" && Date.now() < v(ke, this) + v(kt, this);
-  }
-  jwks() {
-    var e;
-    return (e = v(Se, this)) === null || e === void 0 ? void 0 : e.jwks();
-  }
-  async getKey(e, t) {
-    v(Se, this) && this.fresh() || await this.reload();
-    try {
-      return await v(Se, this).call(this, e, t);
-    } catch (o) {
-      if (o instanceof Zn && this.coolingDown() === !1) return await this.reload(), v(Se, this).call(this, e, t);
-      throw o;
-    }
-  }
-  async reload() {
-    v(ae, this) && (typeof WebSocketPair < "u" || typeof navigator < "u" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime < "u" && EdgeRuntime === "vercel") && x(ae, this, void 0), v(ae, this) || x(ae, this, (async function(e, t, o) {
-      const i = await (arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : fetch)(e, { method: "GET", signal: o, redirect: "manual", headers: t }).catch(((a) => {
-        throw a.name === "TimeoutError" ? new ar() : a;
-      }));
-      if (i.status !== 200) throw new W("Expected 200 OK from the JSON Web Key Set HTTP response");
-      try {
-        return await i.json();
-      } catch {
-        throw new W("Failed to parse the JSON Web Key Set HTTP response as JSON");
-      }
-    })(v(cn, this).href, v(de, this), AbortSignal.timeout(v(un, this)), v(hn, this)).then(((e) => {
-      x(Se, this, Io(e)), v(Ee, this) && (v(Ee, this).uat = Date.now(), v(Ee, this).jwks = e), x(ke, this, Date.now()), x(ae, this, void 0);
-    })).catch(((e) => {
-      throw x(ae, this, void 0), e;
-    }))), await v(ae, this);
-  }
-}
-const fa = ["mfaToken"], ma = ["mfaToken"];
-var Ae, St, Te, fe, ze, I, Ye, C, Oo = class extends Error {
-  constructor(n, e) {
-    super(e), _(this, "code", void 0), this.name = "NotSupportedError", this.code = n;
-  }
-}, le = class extends Error {
-  constructor(n, e, t) {
-    super(e), _(this, "cause", void 0), _(this, "code", void 0), this.code = n, this.cause = t && { error: t.error, error_description: t.error_description, message: t.message };
-  }
-}, ya = class extends le {
-  constructor(n, e) {
-    super("token_by_code_error", n, e), this.name = "TokenByCodeError";
-  }
-}, ga = class extends le {
-  constructor(n, e) {
-    super("token_by_client_credentials_error", n, e), this.name = "TokenByClientCredentialsError";
-  }
-}, wa = class extends le {
-  constructor(n, e) {
-    super("token_by_refresh_token_error", n, e), this.name = "TokenByRefreshTokenError";
-  }
-}, dn = class extends le {
-  constructor(n, e) {
-    super("token_for_connection_error", n, e), this.name = "TokenForConnectionErrorCode";
-  }
-}, oe = class extends le {
-  constructor(n, e) {
-    super("token_exchange_error", n, e), this.name = "TokenExchangeError";
-  }
-}, pe = class extends Error {
-  constructor(n) {
-    super(n), _(this, "code", "verify_logout_token_error"), this.name = "VerifyLogoutTokenError";
-  }
-}, pn = class extends le {
-  constructor(n) {
-    super("backchannel_authentication_error", "There was an error when trying to use Client-Initiated Backchannel Authentication.", n), _(this, "code", "backchannel_authentication_error"), this.name = "BackchannelAuthenticationError";
-  }
-}, va = class extends le {
-  constructor(n) {
-    super("build_authorization_url_error", "There was an error when trying to build the authorization URL.", n), this.name = "BuildAuthorizationUrlError";
-  }
-}, ba = class extends le {
-  constructor(n) {
-    super("build_link_user_url_error", "There was an error when trying to build the Link User URL.", n), this.name = "BuildLinkUserUrlError";
-  }
-}, _a = class extends le {
-  constructor(n) {
-    super("build_unlink_user_url_error", "There was an error when trying to build the Unlink User URL.", n), this.name = "BuildUnlinkUserUrlError";
-  }
-}, ka = class extends Error {
-  constructor() {
-    super("The client secret or client assertion signing key must be provided."), _(this, "code", "missing_client_auth_error"), this.name = "MissingClientAuthError";
-  }
-};
-function On(n) {
-  return Object.entries(n).filter(((e) => {
-    let [, t] = e;
-    return t !== void 0;
-  })).reduce(((e, t) => S(S({}, e), {}, { [t[0]]: t[1] })), {});
-}
-var Mt = class extends Error {
-  constructor(n, e, t) {
-    super(e), _(this, "cause", void 0), _(this, "code", void 0), this.code = n, this.cause = t && { error: t.error, error_description: t.error_description, message: t.message };
-  }
-}, br = class extends Mt {
-  constructor(n, e) {
-    super("mfa_list_authenticators_error", n, e), this.name = "MfaListAuthenticatorsError";
-  }
-}, _r = class extends Mt {
-  constructor(n, e) {
-    super("mfa_enrollment_error", n, e), this.name = "MfaEnrollmentError";
-  }
-}, Sa = class extends Mt {
-  constructor(n, e) {
-    super("mfa_delete_authenticator_error", n, e), this.name = "MfaDeleteAuthenticatorError";
-  }
-}, kr = class extends Mt {
-  constructor(n, e) {
-    super("mfa_challenge_error", n, e), this.name = "MfaChallengeError";
-  }
-};
-function Ea(n) {
-  return { id: n.id, authenticatorType: n.authenticator_type, active: n.active, name: n.name, oobChannels: n.oob_channels, type: n.type };
-}
-var Aa = (Ae = /* @__PURE__ */ new WeakMap(), St = /* @__PURE__ */ new WeakMap(), Te = /* @__PURE__ */ new WeakMap(), class {
-  constructor(n) {
-    var e;
-    L(this, Ae, void 0), L(this, St, void 0), L(this, Te, void 0), x(Ae, this, "https://".concat(n.domain)), x(St, this, n.clientId), x(Te, this, (e = n.customFetch) !== null && e !== void 0 ? e : function() {
-      return fetch(...arguments);
-    });
-  }
-  async listAuthenticators(n) {
-    const e = "".concat(v(Ae, this), "/mfa/authenticators"), { mfaToken: t } = n, o = await v(Te, this).call(this, e, { method: "GET", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" } });
-    if (!o.ok) {
-      const r = await o.json();
-      throw new br(r.error_description || "Failed to list authenticators", r);
-    }
-    return (await o.json()).map(Ea);
-  }
-  async enrollAuthenticator(n) {
-    const e = "".concat(v(Ae, this), "/mfa/associate"), { mfaToken: t } = n, o = lo(n, fa), r = { authenticator_types: o.authenticatorTypes };
-    "oobChannels" in o && (r.oob_channels = o.oobChannels), "phoneNumber" in o && o.phoneNumber && (r.phone_number = o.phoneNumber), "email" in o && o.email && (r.email = o.email);
-    const i = await v(Te, this).call(this, e, { method: "POST", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" }, body: JSON.stringify(r) });
-    if (!i.ok) {
-      const a = await i.json();
-      throw new _r(a.error_description || "Failed to enroll authenticator", a);
-    }
-    return (function(a) {
-      if (a.authenticator_type === "otp") return { authenticatorType: "otp", secret: a.secret, barcodeUri: a.barcode_uri, recoveryCodes: a.recovery_codes, id: a.id };
-      if (a.authenticator_type === "oob") return { authenticatorType: "oob", oobChannel: a.oob_channel, oobCode: a.oob_code, bindingMethod: a.binding_method, id: a.id };
-      throw new Error("Unexpected authenticator type: ".concat(a.authenticator_type));
-    })(await i.json());
-  }
-  async deleteAuthenticator(n) {
-    const { authenticatorId: e, mfaToken: t } = n, o = "".concat(v(Ae, this), "/mfa/authenticators/").concat(encodeURIComponent(e)), r = await v(Te, this).call(this, o, { method: "DELETE", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" } });
-    if (!r.ok) {
-      const i = await r.json();
-      throw new Sa(i.error_description || "Failed to delete authenticator", i);
-    }
-  }
-  async challengeAuthenticator(n) {
-    const e = "".concat(v(Ae, this), "/mfa/challenge"), { mfaToken: t } = n, o = lo(n, ma), r = { mfa_token: t, client_id: v(St, this), challenge_type: o.challengeType };
-    o.authenticatorId && (r.authenticator_id = o.authenticatorId);
-    const i = await v(Te, this).call(this, e, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(r) });
-    if (!i.ok) {
-      const a = await i.json();
-      throw new kr(a.error_description || "Failed to challenge authenticator", a);
-    }
-    return (function(a) {
-      const s = { challengeType: a.challenge_type };
-      return a.oob_code !== void 0 && (s.oobCode = a.oob_code), a.binding_method !== void 0 && (s.bindingMethod = a.binding_method), s;
-    })(await i.json());
-  }
-}), Ie = class Sr {
-  constructor(e, t, o, r, i, a, s) {
-    _(this, "accessToken", void 0), _(this, "idToken", void 0), _(this, "refreshToken", void 0), _(this, "expiresAt", void 0), _(this, "scope", void 0), _(this, "claims", void 0), _(this, "authorizationDetails", void 0), _(this, "tokenType", void 0), _(this, "issuedTokenType", void 0), this.accessToken = e, this.idToken = o, this.refreshToken = r, this.expiresAt = t, this.scope = i, this.claims = a, this.authorizationDetails = s;
-  }
-  static fromTokenEndpointResponse(e) {
-    const t = e.id_token ? e.claims() : void 0, o = new Sr(e.access_token, Math.floor(Date.now() / 1e3) + Number(e.expires_in), e.id_token, e.refresh_token, e.scope, t, e.authorization_details);
-    return o.tokenType = e.token_type, o.issuedTokenType = e.issued_token_type, o;
-  }
-}, xn = "openid profile email offline_access", Ta = Object.freeze(/* @__PURE__ */ new Set(["grant_type", "client_id", "client_secret", "client_assertion", "client_assertion_type", "subject_token", "subject_token_type", "requested_token_type", "actor_token", "actor_token_type", "audience", "aud", "resource", "resources", "resource_indicator", "scope", "connection", "login_hint", "organization", "assertion"]));
-function Er(n) {
-  if (n == null) throw new oe("subject_token is required");
-  if (typeof n != "string") throw new oe("subject_token must be a string");
-  if (n.trim().length === 0) throw new oe("subject_token cannot be blank or whitespace");
-  if (n !== n.trim()) throw new oe("subject_token must not include leading or trailing whitespace");
-  if (/^bearer\s+/i.test(n)) throw new oe("subject_token must not include the 'Bearer ' prefix");
-}
-function Ar(n, e) {
-  if (e) {
-    for (const [t, o] of Object.entries(e)) if (!Ta.has(t)) if (Array.isArray(o)) {
-      if (o.length > 20) throw new oe("Parameter '".concat(t, "' exceeds maximum array size of ").concat(20));
-      o.forEach(((r) => {
-        n.append(t, r);
-      }));
-    } else n.append(t, o);
-  }
-}
-var Pa = (fe = /* @__PURE__ */ new WeakMap(), ze = /* @__PURE__ */ new WeakMap(), I = /* @__PURE__ */ new WeakMap(), Ye = /* @__PURE__ */ new WeakMap(), C = /* @__PURE__ */ new WeakSet(), class {
-  constructor(n) {
-    if ((function(e, t) {
-      Vo(e, t), t.add(e);
-    })(this, C), L(this, fe, void 0), L(this, ze, void 0), L(this, I, void 0), L(this, Ye, void 0), _(this, "mfa", void 0), x(I, this, n), n.useMtls && !n.customFetch) throw new Oo("mtls_without_custom_fetch_not_supported", "Using mTLS without a custom fetch implementation is not supported");
-    this.mfa = new Aa({ domain: v(I, this).domain, clientId: v(I, this).clientId, customFetch: v(I, this).customFetch });
-  }
-  async buildAuthorizationUrl(n) {
-    const { serverMetadata: e } = await j(C, this, G).call(this);
-    if (n != null && n.pushedAuthorizationRequests && !e.pushed_authorization_request_endpoint) throw new Oo("par_not_supported_error", "The Auth0 tenant does not have pushed authorization requests enabled. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-par");
-    try {
-      return await j(C, this, fn).call(this, n);
-    } catch (t) {
-      throw new va(t);
-    }
-  }
-  async buildLinkUserUrl(n) {
-    try {
-      const e = await j(C, this, fn).call(this, { authorizationParams: S(S({}, n.authorizationParams), {}, { requested_connection: n.connection, requested_connection_scope: n.connectionScope, scope: "openid link_account offline_access", id_token_hint: n.idToken }) });
-      return { linkUserUrl: e.authorizationUrl, codeVerifier: e.codeVerifier };
-    } catch (e) {
-      throw new ba(e);
-    }
-  }
-  async buildUnlinkUserUrl(n) {
-    try {
-      const e = await j(C, this, fn).call(this, { authorizationParams: S(S({}, n.authorizationParams), {}, { requested_connection: n.connection, scope: "openid unlink_account", id_token_hint: n.idToken }) });
-      return { unlinkUserUrl: e.authorizationUrl, codeVerifier: e.codeVerifier };
-    } catch (e) {
-      throw new _a(e);
-    }
-  }
-  async backchannelAuthentication(n) {
-    const { configuration: e, serverMetadata: t } = await j(C, this, G).call(this), o = On(S(S({}, v(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), r = new URLSearchParams(S(S({ scope: xn }, o), {}, { client_id: v(I, this).clientId, binding_message: n.bindingMessage, login_hint: JSON.stringify({ format: "iss_sub", iss: t.issuer, sub: n.loginHint.sub }) }));
-    n.requestedExpiry && r.append("requested_expiry", n.requestedExpiry.toString()), n.authorizationDetails && r.append("authorization_details", JSON.stringify(n.authorizationDetails));
-    try {
-      const i = await Eo(e, r), a = await fr(e, i);
-      return Ie.fromTokenEndpointResponse(a);
-    } catch (i) {
-      throw new pn(i);
-    }
-  }
-  async initiateBackchannelAuthentication(n) {
-    const { configuration: e, serverMetadata: t } = await j(C, this, G).call(this), o = On(S(S({}, v(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), r = new URLSearchParams(S(S({ scope: xn }, o), {}, { client_id: v(I, this).clientId, binding_message: n.bindingMessage, login_hint: JSON.stringify({ format: "iss_sub", iss: t.issuer, sub: n.loginHint.sub }) }));
-    n.requestedExpiry && r.append("requested_expiry", n.requestedExpiry.toString()), n.authorizationDetails && r.append("authorization_details", JSON.stringify(n.authorizationDetails));
-    try {
-      const i = await Eo(e, r);
-      return { authReqId: i.auth_req_id, expiresIn: i.expires_in, interval: i.interval };
-    } catch (i) {
-      throw new pn(i);
-    }
-  }
-  async backchannelAuthenticationGrant(n) {
-    let { authReqId: e } = n;
-    const { configuration: t } = await j(C, this, G).call(this), o = new URLSearchParams({ auth_req_id: e });
-    try {
-      const r = await qn(t, "urn:openid:params:grant-type:ciba", o);
-      return Ie.fromTokenEndpointResponse(r);
-    } catch (r) {
-      throw new pn(r);
-    }
-  }
-  async getTokenForConnection(n) {
-    var e;
-    if (n.refreshToken && n.accessToken) throw new dn("Either a refresh or access token should be specified, but not both.");
-    const t = (e = n.accessToken) !== null && e !== void 0 ? e : n.refreshToken;
-    if (!t) throw new dn("Either a refresh or access token must be specified.");
-    try {
-      return await this.exchangeToken({ connection: n.connection, subjectToken: t, subjectTokenType: n.accessToken ? "urn:ietf:params:oauth:token-type:access_token" : "urn:ietf:params:oauth:token-type:refresh_token", loginHint: n.loginHint });
-    } catch (o) {
-      throw o instanceof oe ? new dn(o.message, o.cause) : o;
-    }
-  }
-  async exchangeToken(n) {
-    return "connection" in n ? j(C, this, Ra).call(this, n) : j(C, this, Ia).call(this, n);
-  }
-  async getTokenByCode(n, e) {
-    const { configuration: t } = await j(C, this, G).call(this);
-    try {
-      const o = await mr(t, n, { pkceCodeVerifier: e.codeVerifier });
-      return Ie.fromTokenEndpointResponse(o);
-    } catch (o) {
-      throw new ya("There was an error while trying to request a token.", o);
-    }
-  }
-  async getTokenByRefreshToken(n) {
-    const { configuration: e } = await j(C, this, G).call(this);
-    try {
-      const t = await yr(e, n.refreshToken);
-      return Ie.fromTokenEndpointResponse(t);
-    } catch (t) {
-      throw new wa("The access token has expired and there was an error while trying to refresh it.", t);
-    }
-  }
-  async getTokenByClientCredentials(n) {
-    const { configuration: e } = await j(C, this, G).call(this);
-    try {
-      const t = new URLSearchParams({ audience: n.audience });
-      n.organization && t.append("organization", n.organization);
-      const o = await gr(e, t);
-      return Ie.fromTokenEndpointResponse(o);
-    } catch (t) {
-      throw new ga("There was an error while trying to request a token.", t);
-    }
-  }
-  async buildLogoutUrl(n) {
-    const { configuration: e, serverMetadata: t } = await j(C, this, G).call(this);
-    if (!t.end_session_endpoint) {
-      const o = new URL("https://".concat(v(I, this).domain, "/v2/logout"));
-      return o.searchParams.set("returnTo", n.returnTo), o.searchParams.set("client_id", v(I, this).clientId), o;
-    }
-    return (function(o, r) {
-      ue(o);
-      const { as: i, c: a, tlsOnly: s } = N(o), c = st(i, "end_session_endpoint", !1, s);
-      (r = new URLSearchParams(r)).has("client_id") || r.set("client_id", a.client_id);
-      for (const [u, l] of r.entries()) c.searchParams.append(u, l);
-      return c;
-    })(e, { post_logout_redirect_uri: n.returnTo });
-  }
-  async verifyLogoutToken(n) {
-    const { serverMetadata: e } = await j(C, this, G).call(this);
-    v(Ye, this) || x(Ye, this, (function(o, r) {
-      const i = new pa(o, r), a = async (s, c) => i.getKey(s, c);
-      return Object.defineProperties(a, { coolingDown: { get: () => i.coolingDown(), enumerable: !0, configurable: !1 }, fresh: { get: () => i.fresh(), enumerable: !0, configurable: !1 }, reload: { value: () => i.reload(), enumerable: !0, configurable: !1, writable: !1 }, reloading: { get: () => i.pendingFetch(), enumerable: !0, configurable: !1 }, jwks: { value: () => i.jwks(), enumerable: !0, configurable: !1, writable: !1 } }), a;
-    })(new URL(e.jwks_uri), { [vr]: v(I, this).customFetch }));
-    const { payload: t } = await la(n.logoutToken, v(Ye, this), { issuer: e.issuer, audience: v(I, this).clientId, algorithms: ["RS256"], requiredClaims: ["iat"] });
-    if (!("sid" in t) && !("sub" in t)) throw new pe('either "sid" or "sub" (or both) claims must be present');
-    if ("sid" in t && typeof t.sid != "string") throw new pe('"sid" claim must be a string');
-    if ("sub" in t && typeof t.sub != "string") throw new pe('"sub" claim must be a string');
-    if ("nonce" in t) throw new pe('"nonce" claim is prohibited');
-    if (!("events" in t)) throw new pe('"events" claim is missing');
-    if (typeof t.events != "object" || t.events === null) throw new pe('"events" claim must be an object');
-    if (!("http://schemas.openid.net/event/backchannel-logout" in t.events)) throw new pe('"http://schemas.openid.net/event/backchannel-logout" member is missing in the "events" claim');
-    if (typeof t.events["http://schemas.openid.net/event/backchannel-logout"] != "object") throw new pe('"http://schemas.openid.net/event/backchannel-logout" member in the "events" claim must be an object');
-    return { sid: t.sid, sub: t.sub };
-  }
-});
-async function G() {
-  if (v(fe, this) && v(ze, this)) return { configuration: v(fe, this), serverMetadata: v(ze, this) };
-  const n = await j(C, this, Oa).call(this);
-  return x(fe, this, await oa(new URL("https://".concat(v(I, this).domain)), v(I, this).clientId, { use_mtls_endpoint_aliases: v(I, this).useMtls }, n, { [ye]: v(I, this).customFetch })), x(ze, this, v(fe, this).serverMetadata()), v(fe, this)[ye] = v(I, this).customFetch || fetch, { configuration: v(fe, this), serverMetadata: v(ze, this) };
-}
-async function Ra(n) {
-  var e, t;
-  const { configuration: o } = await j(C, this, G).call(this);
-  if ("audience" in n || "resource" in n) throw new oe("audience and resource parameters are not supported for Token Vault exchanges");
-  Er(n.subjectToken);
-  const r = new URLSearchParams({ connection: n.connection, subject_token: n.subjectToken, subject_token_type: (e = n.subjectTokenType) !== null && e !== void 0 ? e : "urn:ietf:params:oauth:token-type:access_token", requested_token_type: (t = n.requestedTokenType) !== null && t !== void 0 ? t : "http://auth0.com/oauth/token-type/federated-connection-access-token" });
-  n.loginHint && r.append("login_hint", n.loginHint), n.scope && r.append("scope", n.scope), Ar(r, n.extra);
-  try {
-    const i = await qn(o, "urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token", r);
-    return Ie.fromTokenEndpointResponse(i);
-  } catch (i) {
-    throw new oe("Failed to exchange token for connection '".concat(n.connection, "'."), i);
-  }
-}
-async function Ia(n) {
-  const { configuration: e } = await j(C, this, G).call(this);
-  Er(n.subjectToken);
-  const t = new URLSearchParams({ subject_token_type: n.subjectTokenType, subject_token: n.subjectToken });
-  n.audience && t.append("audience", n.audience), n.scope && t.append("scope", n.scope), n.requestedTokenType && t.append("requested_token_type", n.requestedTokenType), n.organization && t.append("organization", n.organization), Ar(t, n.extra);
-  try {
-    const o = await qn(e, "urn:ietf:params:oauth:grant-type:token-exchange", t);
-    return Ie.fromTokenEndpointResponse(o);
-  } catch (o) {
-    throw new oe("Failed to exchange token of type '".concat(n.subjectTokenType, "'").concat(n.audience ? " for audience '".concat(n.audience, "'") : "", "."), o);
-  }
-}
-async function Oa() {
-  if (!v(I, this).clientSecret && !v(I, this).clientAssertionSigningKey && !v(I, this).useMtls) throw new ka();
-  if (v(I, this).useMtls) return (e, t, o, r) => {
-    o.set("client_id", t.client_id);
-  };
-  let n = v(I, this).clientAssertionSigningKey;
-  return !n || n instanceof CryptoKey || (n = await (async function(e, t, o) {
-    if (typeof e != "string" || e.indexOf("-----BEGIN PRIVATE KEY-----") !== 0) throw new TypeError('"pkcs8" must be PKCS#8 formatted string');
-    return Qi(e, t, o);
-  })(n, v(I, this).clientAssertionSigningAlg || "RS256")), n ? (function(e, t) {
-    return Ai(e);
-  })(n) : hr(v(I, this).clientSecret);
-}
-async function fn(n) {
-  const { configuration: e } = await j(C, this, G).call(this), t = na(), o = await ta(t), r = On(S(S({}, v(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), i = new URLSearchParams(S(S({ scope: xn }, r), {}, { client_id: v(I, this).clientId, code_challenge: o, code_challenge_method: "S256" }));
-  return { authorizationUrl: n != null && n.pushedAuthorizationRequests ? await wr(e, i) : await Rn(e, i), codeVerifier: t };
-}
-class be extends O {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, be.prototype);
-  }
-  static fromPayload(e) {
-    let { error: t, error_description: o } = e;
-    return new be(t, o);
-  }
-}
-class Kt extends be {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, Kt.prototype);
-  }
-}
-class Bn extends be {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, Bn.prototype);
-  }
-}
-class Xn extends be {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, Xn.prototype);
-  }
-}
-class He extends be {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, He.prototype);
-  }
-}
-class Yn extends be {
-  constructor(e, t) {
-    super(e, t), Object.setPrototypeOf(this, Yn.prototype);
-  }
-}
-class xa {
-  constructor() {
-    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : 6e5;
-    this.contexts = /* @__PURE__ */ new Map(), this.ttlMs = e;
-  }
-  set(e, t) {
-    this.cleanup(), this.contexts.set(e, Object.assign(Object.assign({}, t), { createdAt: Date.now() }));
-  }
-  get(e) {
-    const t = this.contexts.get(e);
-    if (t) {
-      if (!(Date.now() - t.createdAt > this.ttlMs)) return t;
-      this.contexts.delete(e);
-    }
-  }
-  remove(e) {
-    this.contexts.delete(e);
-  }
-  cleanup() {
-    const e = Date.now();
-    for (const [t, o] of this.contexts) e - o.createdAt > this.ttlMs && this.contexts.delete(t);
-  }
-  get size() {
-    return this.contexts.size;
-  }
-}
-class Ca {
-  constructor(e, t) {
-    this.authJsMfaClient = e, this.auth0Client = t, this.contextManager = new xa();
-  }
-  setMFAAuthDetails(e, t, o, r) {
-    this.contextManager.set(e, { scope: t, audience: o, mfaRequirements: r });
-  }
-  async getAuthenticators(e) {
-    var t, o;
-    const r = this.contextManager.get(e);
-    if (!(!((t = r == null ? void 0 : r.mfaRequirements) === null || t === void 0) && t.challenge) || r.mfaRequirements.challenge.length === 0) throw new Kt("invalid_request", "challengeType is required and must contain at least one challenge type, please check mfa_required error payload");
-    const i = r.mfaRequirements.challenge.map(((a) => a.type));
-    try {
-      return (await this.authJsMfaClient.listAuthenticators({ mfaToken: e })).filter(((a) => !!a.type && i.includes(a.type)));
-    } catch (a) {
-      throw a instanceof br ? new Kt((o = a.cause) === null || o === void 0 ? void 0 : o.error, a.message) : a;
-    }
-  }
-  async enroll(e) {
-    var t;
-    const o = (function(r) {
-      const i = fi[r.factorType];
-      return Object.assign(Object.assign(Object.assign({ mfaToken: r.mfaToken, authenticatorTypes: i.authenticatorTypes }, i.oobChannels && { oobChannels: i.oobChannels }), "phoneNumber" in r && { phoneNumber: r.phoneNumber }), "email" in r && { email: r.email });
-    })(e);
-    try {
-      return await this.authJsMfaClient.enrollAuthenticator(o);
-    } catch (r) {
-      throw r instanceof _r ? new Bn((t = r.cause) === null || t === void 0 ? void 0 : t.error, r.message) : r;
-    }
-  }
-  async challenge(e) {
-    var t;
-    try {
-      const o = { challengeType: e.challengeType, mfaToken: e.mfaToken };
-      return e.authenticatorId && (o.authenticatorId = e.authenticatorId), await this.authJsMfaClient.challengeAuthenticator(o);
-    } catch (o) {
-      throw o instanceof kr ? new Xn((t = o.cause) === null || t === void 0 ? void 0 : t.error, o.message) : o;
-    }
-  }
-  async getEnrollmentFactors(e) {
-    const t = this.contextManager.get(e);
-    if (!t || !t.mfaRequirements) throw new Yn("mfa_context_not_found", "MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");
-    return t.mfaRequirements.enroll && t.mfaRequirements.enroll.length !== 0 ? t.mfaRequirements.enroll : [];
-  }
-  async verify(e) {
-    const t = this.contextManager.get(e.mfaToken);
-    if (!t) throw new He("mfa_context_not_found", "MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");
-    const o = (function(a) {
-      return "otp" in a && a.otp ? mi : "oobCode" in a && a.oobCode ? yi : "recoveryCode" in a && a.recoveryCode ? gi : void 0;
-    })(e);
-    if (!o) throw new He("invalid_request", "Unable to determine grant type. Provide one of: otp, oobCode, or recoveryCode.");
-    const r = t.scope, i = t.audience;
-    try {
-      const a = await this.auth0Client._requestTokenForMfa({ grant_type: o, mfaToken: e.mfaToken, scope: r, audience: i, otp: e.otp, oob_code: e.oobCode, binding_code: e.bindingCode, recovery_code: e.recoveryCode });
-      return this.contextManager.remove(e.mfaToken), a;
-    } catch (a) {
-      if (a instanceof Je) this.setMFAAuthDetails(a.mfa_token, r, i, a.mfa_requirements);
-      else if (a instanceof He) throw new He(a.error, a.error_description);
-      throw a;
-    }
-  }
-}
-class ja {
-  constructor(e) {
-    let t, o;
-    if (this.userCache = new Wo().enclosedCache, this.defaultOptions = { authorizationParams: { scope: "openid profile email" }, useRefreshTokensFallback: !1, useFormData: !0 }, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
-      if (!Rt()) throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
-      if (Rt().subtle === void 0) throw new Error(`
-      auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
-    `);
-    })(), this.lockManager = (Gt || (Gt = jr()), Gt), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) o = e.cache;
-    else {
-      if (t = e.cacheLocation || "memory", !ao(t)) throw new Error('Invalid cache location "'.concat(t, '"'));
-      o = ao(t)();
-    }
-    var r;
-    this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = e.legacySameSiteCookie === !1 ? Ne : ri, this.orgHintCookieName = (r = this.options.clientId, "auth0.".concat(r, ".organization_hint")), this.isAuthenticatedCookieName = ((u) => "auth0.".concat(u, ".is.authenticated"))(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
-    const i = e.useCookiesForTransactions ? this.cookieStorage : ii;
-    var a;
-    this.scope = (function(u, l) {
-      for (var f = arguments.length, h = new Array(f > 2 ? f - 2 : 0), d = 2; d < f; d++) h[d - 2] = arguments[d];
-      if (typeof u != "object") return { default: Et(l, u, ...h) };
-      let w = { default: Et(l, ...h) };
-      return Object.keys(u).forEach(((m) => {
-        const p = u[m];
-        w[m] = Et(l, p, ...h);
-      })), w;
-    })(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new Qr(i, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || Co, this.cacheManager = new Yr(o, o.allKeys ? void 0 : new ci(o, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new hi(this.options.clientId) : void 0, this.domainUrl = (a = this.options.domain, /^https?:\/\//.test(a) ? a : "https://".concat(a)), this.tokenIssuer = ((u, l) => u ? u.startsWith("https://") ? u : "https://".concat(u, "/") : "".concat(l, "/"))(this.options.issuer, this.domainUrl);
-    const s = "".concat(this.domainUrl, "/me/"), c = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({ authorizationParams: { scope: "create:me:connected_accounts", audience: s }, detailedResponse: !0 }) }));
-    this.myAccountApi = new pi(c, s), this.authJsClient = new Pa({ domain: this.options.domain, clientId: this.options.clientId }), this.mfa = new Ca(this.authJsClient.mfa, this), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new si());
-  }
-  getConfiguration() {
-    return Object.freeze({ domain: this.options.domain, clientId: this.options.clientId });
-  }
-  _url(e) {
-    const t = this.options.auth0Client || xo, o = jo(t, !0), r = encodeURIComponent(btoa(JSON.stringify(o)));
-    return "".concat(this.domainUrl).concat(e, "&auth0Client=").concat(r);
-  }
-  _authorizeUrl(e) {
-    return this._url("/authorize?".concat(mn(e)));
-  }
-  async _verifyIdToken(e, t, o) {
-    const r = await this.nowProvider();
-    return ei({ iss: this.tokenIssuer, aud: this.options.clientId, id_token: e, nonce: t, organization: o, leeway: this.options.leeway, max_age: (i = this.options.authorizationParams.max_age, typeof i != "string" ? i : parseInt(i, 10) || void 0), now: r });
-    var i;
-  }
-  _processOrgHint(e) {
-    e ? this.cookieStorage.save(this.orgHintCookieName, e, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
-  }
-  async _prepareAuthorizeUrl(e, t, o) {
-    var r;
-    const i = Jt(Ze()), a = Jt(Ze()), s = Ze(), c = await $n(s), u = to(c), l = await ((r = this.dpop) === null || r === void 0 ? void 0 : r.calculateThumbprint()), f = ((d, w, m, p, g, b, k, E, y) => Object.assign(Object.assign(Object.assign({ client_id: d.clientId }, d.authorizationParams), m), { scope: yt(w, m.scope, m.audience), response_type: "code", response_mode: E || "query", state: p, nonce: g, redirect_uri: k || d.authorizationParams.redirect_uri, code_challenge: b, code_challenge_method: "S256", dpop_jkt: y }))(this.options, this.scope, e, i, a, u, e.redirect_uri || this.options.authorizationParams.redirect_uri || o, t == null ? void 0 : t.response_mode, l), h = this._authorizeUrl(f);
-    return { nonce: a, code_verifier: s, scope: f.scope, audience: f.audience || "default", redirect_uri: f.redirect_uri, state: i, url: h };
-  }
-  async loginWithPopup(e, t) {
-    var o;
-    if (e = e || {}, !(t = t || {}).popup && (t.popup = ((s) => {
-      const c = window.screenX + (window.innerWidth - 400) / 2, u = window.screenY + (window.innerHeight - 600) / 2;
-      return window.open(s, "auth0:authorize:popup", "left=".concat(c, ",top=").concat(u, ",width=").concat(400, ",height=").concat(600, ",resizable,scrollbars=yes,status=1"));
-    })(""), !t.popup)) throw new Kn();
-    const r = await this._prepareAuthorizeUrl(e.authorizationParams || {}, { response_mode: "web_message" }, window.location.origin);
-    t.popup.location.href = r.url;
-    const i = await ((s) => new Promise(((c, u) => {
-      let l;
-      const f = setInterval((() => {
-        s.popup && s.popup.closed && (clearInterval(f), clearTimeout(h), window.removeEventListener("message", l, !1), u(new Ln(s.popup)));
-      }), 1e3), h = setTimeout((() => {
-        clearInterval(f), u(new Dn(s.popup)), window.removeEventListener("message", l, !1);
-      }), 1e3 * (s.timeoutInSeconds || 60));
-      l = function(d) {
-        if (d.data && d.data.type === "authorization_response") {
-          if (clearTimeout(h), clearInterval(f), window.removeEventListener("message", l, !1), s.closePopup !== !1 && s.popup.close(), d.data.response.error) return u(O.fromPayload(d.data.response));
-          c(d.data.response);
-        }
-      }, window.addEventListener("message", l);
-    })))(Object.assign(Object.assign({}, t), { timeoutInSeconds: t.timeoutInSeconds || this.options.authorizeTimeoutInSeconds || 60 }));
-    if (r.state !== i.state) throw new O("state_mismatch", "Invalid state");
-    const a = ((o = e.authorizationParams) === null || o === void 0 ? void 0 : o.organization) || this.options.authorizationParams.organization;
-    await this._requestToken({ audience: r.audience, scope: r.scope, code_verifier: r.code_verifier, grant_type: "authorization_code", code: i.code, redirect_uri: r.redirect_uri }, { nonceIn: r.nonce, organization: a });
-  }
-  async getUser() {
-    var e;
-    const t = await this._getIdTokenFromCache();
-    return (e = t == null ? void 0 : t.decodedToken) === null || e === void 0 ? void 0 : e.user;
-  }
-  async getIdTokenClaims() {
-    var e;
-    const t = await this._getIdTokenFromCache();
-    return (e = t == null ? void 0 : t.decodedToken) === null || e === void 0 ? void 0 : e.claims;
-  }
-  async loginWithRedirect() {
-    var e;
-    const t = so(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {}), { openUrl: o, fragment: r, appState: i } = t, a = X(t, ["openUrl", "fragment", "appState"]), s = ((e = a.authorizationParams) === null || e === void 0 ? void 0 : e.organization) || this.options.authorizationParams.organization, c = await this._prepareAuthorizeUrl(a.authorizationParams || {}), { url: u } = c, l = X(c, ["url"]);
-    this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, l), { appState: i, response_type: Re.Code }), s && { organization: s }));
-    const f = r ? "".concat(u, "#").concat(r) : u;
-    o ? await o(f) : window.location.assign(f);
-  }
-  async handleRedirectCallback() {
-    const e = (arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : window.location.href).split("?").slice(1);
-    if (e.length === 0) throw new Error("There are no query params available for parsing.");
-    const t = this.transactionManager.get();
-    if (!t) throw new O("missing_transaction", "Invalid state");
-    this.transactionManager.remove();
-    const o = ((r) => {
-      r.indexOf("#") > -1 && (r = r.substring(0, r.indexOf("#")));
-      const i = new URLSearchParams(r);
-      return { state: i.get("state"), code: i.get("code") || void 0, connect_code: i.get("connect_code") || void 0, error: i.get("error") || void 0, error_description: i.get("error_description") || void 0 };
-    })(e.join(""));
-    return t.response_type === Re.ConnectCode ? this._handleConnectAccountRedirectCallback(o, t) : this._handleLoginRedirectCallback(o, t);
-  }
-  async _handleLoginRedirectCallback(e, t) {
-    const { code: o, state: r, error: i, error_description: a } = e;
-    if (i) throw new Cn(i, a || i, r, t.appState);
-    if (!t.code_verifier || t.state && t.state !== r) throw new O("state_mismatch", "Invalid state");
-    const s = t.organization, c = t.nonce, u = t.redirect_uri;
-    return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code: o }, u ? { redirect_uri: u } : {}), { nonceIn: c, organization: s }), { appState: t.appState, response_type: Re.Code };
-  }
-  async _handleConnectAccountRedirectCallback(e, t) {
-    const { connect_code: o, state: r, error: i, error_description: a } = e;
-    if (i) throw new jn(i, a || i, t.connection, r, t.appState);
-    if (!o) throw new O("missing_connect_code", "Missing connect code");
-    if (!(t.code_verifier && t.state && t.auth_session && t.redirect_uri && t.state === r)) throw new O("state_mismatch", "Invalid state");
-    const s = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code: o, redirect_uri: t.redirect_uri, code_verifier: t.code_verifier });
-    return Object.assign(Object.assign({}, s), { appState: t.appState, response_type: Re.ConnectCode });
-  }
-  async checkSession(e) {
-    if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
-      if (!this.cookieStorage.get("auth0.is.authenticated")) return;
-      this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove("auth0.is.authenticated");
-    }
-    try {
-      await this.getTokenSilently(e);
-    } catch {
-    }
-  }
-  async getTokenSilently() {
-    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
-    var t, o;
-    const r = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: yt(this.scope, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, ((o = e.authorizationParams) === null || o === void 0 ? void 0 : o.audience) || this.options.authorizationParams.audience) }) }), i = await ((a, s) => {
-      let c = qt[s];
-      return c || (c = a().finally((() => {
-        delete qt[s], c = null;
-      })), qt[s] = c), c;
-    })((() => this._getTokenSilently(r)), "".concat(this.options.clientId, "::").concat(r.authorizationParams.audience, "::").concat(r.authorizationParams.scope));
-    return e.detailedResponse ? i : i == null ? void 0 : i.access_token;
-  }
-  async _getTokenSilently(e) {
-    const { cacheMode: t } = e, o = X(e, ["cacheMode"]);
-    if (t !== "off") {
-      const s = await this._getEntryFromCache({ scope: o.authorizationParams.scope, audience: o.authorizationParams.audience || "default", clientId: this.options.clientId, cacheMode: t });
-      if (s) return s;
-    }
-    if (t === "cache-only") return;
-    const r = (i = this.options.clientId, a = o.authorizationParams.audience || "default", "".concat("auth0.lock.getTokenSilently", ".").concat(i, ".").concat(a));
-    var i, a;
-    try {
-      return await this.lockManager.runWithLock(r, 5e3, (async () => {
-        if (t !== "off") {
-          const d = await this._getEntryFromCache({ scope: o.authorizationParams.scope, audience: o.authorizationParams.audience || "default", clientId: this.options.clientId });
-          if (d) return d;
-        }
-        const s = this.options.useRefreshTokens ? await this._getTokenUsingRefreshToken(o) : await this._getTokenFromIFrame(o), { id_token: c, token_type: u, access_token: l, oauthTokenScope: f, expires_in: h } = s;
-        return Object.assign(Object.assign({ id_token: c, token_type: u, access_token: l }, f ? { scope: f } : null), { expires_in: h });
-      }));
-    } catch (s) {
-      if (this._isInteractiveError(s) && this.options.interactiveErrorHandler === "popup") return await this._handleInteractiveErrorWithPopup(o);
-      throw s;
-    }
-  }
-  _isInteractiveError(e) {
-    return e instanceof Je || e instanceof O && this._isIframeMfaError(e);
-  }
-  _isIframeMfaError(e) {
-    return e.error === "login_required" && e.error_description === "Multifactor authentication required";
-  }
-  async _handleInteractiveErrorWithPopup(e) {
-    try {
-      await this.loginWithPopup({ authorizationParams: e.authorizationParams });
-      const t = await this._getEntryFromCache({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || "default", clientId: this.options.clientId });
-      if (!t) throw new O("interactive_handler_cache_miss", "Token not found in cache after interactive authentication");
-      return t;
-    } catch (t) {
-      throw t;
-    }
-  }
-  async getTokenWithPopup() {
-    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {}, t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : {};
-    var o, r;
-    const i = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: yt(this.scope, (o = e.authorizationParams) === null || o === void 0 ? void 0 : o.scope, ((r = e.authorizationParams) === null || r === void 0 ? void 0 : r.audience) || this.options.authorizationParams.audience) }) });
-    return t = Object.assign(Object.assign({}, Tr), t), await this.loginWithPopup(i, t), (await this.cacheManager.get(new Z({ scope: i.authorizationParams.scope, audience: i.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt)).access_token;
-  }
-  async isAuthenticated() {
-    return !!await this.getUser();
-  }
-  _buildLogoutUrl(e) {
-    e.clientId !== null ? e.clientId = e.clientId || this.options.clientId : delete e.clientId;
-    const t = e.logoutParams || {}, { federated: o } = t, r = X(t, ["federated"]), i = o ? "&federated" : "";
-    return this._url("/v2/logout?".concat(mn(Object.assign({ clientId: e.clientId }, r)))) + i;
-  }
-  async logout() {
-    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
-    var t;
-    const o = so(e), { openUrl: r } = o, i = X(o, ["openUrl"]);
-    e.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(e.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await ((t = this.dpop) === null || t === void 0 ? void 0 : t.clear());
-    const a = this._buildLogoutUrl(i);
-    r ? await r(a) : r !== !1 && window.location.assign(a);
-  }
-  async _getTokenFromIFrame(e) {
-    const t = (o = this.options.clientId, "".concat("auth0.lock.getTokenFromIFrame", ".").concat(o));
-    var o;
-    try {
-      return await this.lockManager.runWithLock(t, 5e3, (async () => {
-        const r = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), i = this.cookieStorage.get(this.orgHintCookieName);
-        i && !r.organization && (r.organization = i);
-        const { url: a, state: s, nonce: c, code_verifier: u, redirect_uri: l, scope: f, audience: h } = await this._prepareAuthorizeUrl(r, { response_mode: "web_message" }, window.location.origin);
-        if (window.crossOriginIsolated) throw new O("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
-        const d = e.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
-        let w;
-        try {
-          w = new URL(this.domainUrl).origin;
-        } catch {
-          w = this.domainUrl;
-        }
-        const m = await (function(g, b) {
-          let k = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : 60;
-          return new Promise(((E, y) => {
-            const P = window.document.createElement("iframe");
-            P.setAttribute("width", "0"), P.setAttribute("height", "0"), P.style.display = "none";
-            const J = () => {
-              window.document.body.contains(P) && (window.document.body.removeChild(P), window.removeEventListener("message", U, !1));
-            };
-            let U;
-            const he = setTimeout((() => {
-              y(new Fe()), J();
-            }), 1e3 * k);
-            U = function(M) {
-              if (M.origin != b || !M.data || M.data.type !== "authorization_response") return;
-              const De = M.source;
-              De && De.close(), M.data.response.error ? y(O.fromPayload(M.data.response)) : E(M.data.response), clearTimeout(he), window.removeEventListener("message", U, !1), setTimeout(J, 2e3);
-            }, window.addEventListener("message", U, !1), window.document.body.appendChild(P), P.setAttribute("src", g);
-          }));
-        })(a, w, d);
-        if (s !== m.state) throw new O("state_mismatch", "Invalid state");
-        const p = await this._requestToken(Object.assign(Object.assign({}, e.authorizationParams), { code_verifier: u, code: m.code, grant_type: "authorization_code", redirect_uri: l, timeout: e.authorizationParams.timeout || this.httpTimeoutMs }), { nonceIn: c, organization: r.organization });
-        return Object.assign(Object.assign({}, p), { scope: f, oauthTokenScope: p.scope, audience: h });
-      }));
-    } catch (r) {
-      throw r.error === "login_required" && (r instanceof O && this._isIframeMfaError(r) && this.options.interactiveErrorHandler === "popup" || this.logout({ openUrl: !1 })), r;
-    }
-  }
-  async _getTokenUsingRefreshToken(e) {
-    var t, o;
-    const r = await this.cacheManager.get(new Z({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt);
-    if (!(r && r.refresh_token || this.worker)) {
-      if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
-      throw new Ut(e.authorizationParams.audience || "default", e.authorizationParams.scope);
-    }
-    const i = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, a = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, s = ((h, d, w, m) => {
-      var p;
-      if (h && w && m) {
-        if (d.audience !== w) return d.scope;
-        const g = m.split(" "), b = ((p = d.scope) === null || p === void 0 ? void 0 : p.split(" ")) || [], k = b.every(((E) => g.includes(E)));
-        return g.length >= b.length && k ? m : d.scope;
-      }
-      return d.scope;
-    })(this.options.useMrrt, e.authorizationParams, r == null ? void 0 : r.audience, r == null ? void 0 : r.scope);
-    try {
-      const h = await this._requestToken(Object.assign(Object.assign(Object.assign({}, e.authorizationParams), { grant_type: "refresh_token", refresh_token: r && r.refresh_token, redirect_uri: i }), a && { timeout: a }), { scopesToRequest: s });
-      if (h.refresh_token && (r != null && r.refresh_token) && await this.cacheManager.updateEntry(r.refresh_token, h.refresh_token), this.options.useMrrt && (c = r == null ? void 0 : r.audience, u = r == null ? void 0 : r.scope, l = e.authorizationParams.audience, f = e.authorizationParams.scope, (c !== l || !co(f, u)) && !co(s, h.scope))) {
-        if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
-        await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
-        const d = ((w, m) => {
-          const p = (w == null ? void 0 : w.split(" ")) || [], g = (m == null ? void 0 : m.split(" ")) || [];
-          return p.filter(((b) => g.indexOf(b) == -1)).join(",");
-        })(s, h.scope);
-        throw new Un(e.authorizationParams.audience || "default", d);
-      }
-      return Object.assign(Object.assign({}, h), { scope: e.authorizationParams.scope, oauthTokenScope: h.scope, audience: e.authorizationParams.audience || "default" });
-    } catch (h) {
-      if (h.message) {
-        if (h.message.includes("user is blocked")) throw await this.logout({ openUrl: !1 }), h;
-        if ((h.message.includes("Missing Refresh Token") || h.message.includes("invalid refresh token")) && this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
-      }
-      throw h instanceof Je && this.mfa.setMFAAuthDetails(h.mfa_token, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, (o = e.authorizationParams) === null || o === void 0 ? void 0 : o.audience, h.mfa_requirements), h;
-    }
-    var c, u, l, f;
-  }
-  async _saveEntryInCache(e) {
-    const { id_token: t, decodedToken: o } = e, r = X(e, ["id_token", "decodedToken"]);
-    this.userCache.set("@@user@@", { id_token: t, decodedToken: o }), await this.cacheManager.setIdToken(this.options.clientId, e.id_token, e.decodedToken), await this.cacheManager.set(r);
-  }
-  async _getIdTokenFromCache() {
-    const e = this.options.authorizationParams.audience || "default", t = this.scope[e], o = await this.cacheManager.getIdToken(new Z({ clientId: this.options.clientId, audience: e, scope: t })), r = this.userCache.get("@@user@@");
-    return o && o.id_token === (r == null ? void 0 : r.id_token) ? r : (this.userCache.set("@@user@@", o), o);
-  }
-  async _getEntryFromCache(e) {
-    let { scope: t, audience: o, clientId: r, cacheMode: i } = e;
-    const a = await this.cacheManager.get(new Z({ scope: t, audience: o, clientId: r }), 60, this.options.useMrrt, i);
-    if (a && a.access_token) {
-      const { token_type: s, access_token: c, oauthTokenScope: u, expires_in: l } = a, f = await this._getIdTokenFromCache();
-      return f && Object.assign(Object.assign({ id_token: f.id_token, token_type: s || "Bearer", access_token: c }, u ? { scope: u } : null), { expires_in: l });
-    }
-  }
-  async _requestToken(e, t) {
-    var o, r;
-    const { nonceIn: i, organization: a, scopesToRequest: s } = t || {}, c = await qr(Object.assign(Object.assign({ baseUrl: this.domainUrl, client_id: this.options.clientId, auth0Client: this.options.auth0Client, useFormData: this.options.useFormData, timeout: this.httpTimeoutMs, useMrrt: this.options.useMrrt, dpop: this.dpop }, e), { scope: s || e.scope }), this.worker), u = await this._verifyIdToken(c.id_token, i, a);
-    if (e.grant_type === "authorization_code") {
-      const l = await this._getIdTokenFromCache();
-      !((r = (o = l == null ? void 0 : l.decodedToken) === null || o === void 0 ? void 0 : o.claims) === null || r === void 0) && r.sub && l.decodedToken.claims.sub !== u.claims.sub && (await this.cacheManager.clear(this.options.clientId), this.userCache.remove("@@user@@"));
-    }
-    return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, c), { decodedToken: u, scope: e.scope, audience: e.audience || "default" }), c.scope ? { oauthTokenScope: c.scope } : null), { client_id: this.options.clientId })), this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this._processOrgHint(a || u.claims.org_id), Object.assign(Object.assign({}, c), { decodedToken: u });
-  }
-  async loginWithCustomTokenExchange(e) {
-    return this._requestToken(Object.assign(Object.assign({}, e), { grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", subject_token: e.subject_token, subject_token_type: e.subject_token_type, scope: yt(this.scope, e.scope, e.audience || this.options.authorizationParams.audience), audience: e.audience || this.options.authorizationParams.audience, organization: e.organization || this.options.authorizationParams.organization }));
-  }
-  async exchangeToken(e) {
-    return this.loginWithCustomTokenExchange(e);
-  }
-  _assertDpop(e) {
-    if (!e) throw new Error("`useDpop` option must be enabled before using DPoP.");
-  }
-  getDpopNonce(e) {
-    return this._assertDpop(this.dpop), this.dpop.getNonce(e);
-  }
-  setDpopNonce(e, t) {
-    return this._assertDpop(this.dpop), this.dpop.setNonce(e, t);
-  }
-  generateDpopProof(e) {
-    return this._assertDpop(this.dpop), this.dpop.generateProof(e);
-  }
-  createFetcher() {
-    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
-    return new di(e, { isDpopEnabled: () => !!this.options.useDpop, getAccessToken: (t) => {
-      var o;
-      return this.getTokenSilently({ authorizationParams: { scope: (o = t == null ? void 0 : t.scope) === null || o === void 0 ? void 0 : o.join(" "), audience: t == null ? void 0 : t.audience }, detailedResponse: !0 });
-    }, getDpopNonce: () => this.getDpopNonce(e.dpopNonceId), setDpopNonce: (t) => this.setDpopNonce(t, e.dpopNonceId), generateDpopProof: (t) => this.generateDpopProof(t) });
-  }
-  async connectAccountWithRedirect(e) {
-    const { openUrl: t, appState: o, connection: r, scopes: i, authorization_params: a, redirectUri: s = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
-    if (!r) throw new Error("connection is required");
-    const c = Jt(Ze()), u = Ze(), l = await $n(u), f = to(l), { connect_uri: h, connect_params: d, auth_session: w } = await this.myAccountApi.connectAccount({ connection: r, scopes: i, redirect_uri: s, state: c, code_challenge: f, code_challenge_method: "S256", authorization_params: a });
-    this.transactionManager.create({ state: c, code_verifier: u, auth_session: w, redirect_uri: s, appState: o, connection: r, response_type: Re.ConnectCode });
-    const m = new URL(h);
-    m.searchParams.set("ticket", d.ticket), t ? await t(m.toString()) : window.location.assign(m);
-  }
-  async _requestTokenForMfa(e, t) {
-    const { mfaToken: o } = e, r = X(e, ["mfaToken"]);
-    return this._requestToken(Object.assign(Object.assign({}, r), { mfa_token: o }), t);
-  }
-}
-export {
-  ja as Auth0Client,
-  Cn as AuthenticationError,
-  Z as CacheKey,
-  jn as ConnectError,
-  O as GenericError,
-  Wo as InMemoryCache,
-  Xr as LocalStorageCache,
-  Ca as MfaApiClient,
-  Xn as MfaChallengeError,
-  Bn as MfaEnrollmentError,
-  Yn as MfaEnrollmentFactorsError,
-  be as MfaError,
-  Kt as MfaListAuthenticatorsError,
-  Je as MfaRequiredError,
-  He as MfaVerifyError,
-  Ut as MissingRefreshTokenError,
-  It as MyAccountApiError,
-  Ln as PopupCancelledError,
-  Kn as PopupOpenError,
-  Dn as PopupTimeoutError,
-  Re as ResponseType,
-  Fe as TimeoutError,
-  Nt as UseDpopNonceError
-};
-//# sourceMappingURL=auth0-spa-js.production.esm-DNao6_S5.js.map