@wandelbots/wandelbots-js-react-components 4.7.2 → 5.0.0

package/dist/auth0-spa-js.production.esm-Cr9w0sUa.js

@@ -0,0 +1,4217 @@
+function te(n, e) {
+  var t = {};
+  for (var o in n) Object.prototype.hasOwnProperty.call(n, o) && e.indexOf(o) < 0 && (t[o] = n[o]);
+  if (n != null && typeof Object.getOwnPropertySymbols == "function") {
+    var r = 0;
+    for (o = Object.getOwnPropertySymbols(n); r < o.length; r++) e.indexOf(o[r]) < 0 && Object.prototype.propertyIsEnumerable.call(n, o[r]) && (t[o[r]] = n[o[r]]);
+  }
+  return t;
+}
+const oi = { timeoutInSeconds: 60 }, Un = 1e4, _o = "memory", Kn = { name: "auth0-spa-js", version: "2.19.0" }, ar = () => Date.now(), H = "default";
+class j extends Error {
+  constructor(e, t) {
+    super(t), this.error = e, this.error_description = t, Object.setPrototypeOf(this, j.prototype);
+  }
+  static fromPayload(e) {
+    let { error: t, error_description: o } = e;
+    return new j(t, o);
+  }
+}
+class $n extends j {
+  constructor(e, t, o) {
+    let r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : null;
+    super(e, t), this.state = o, this.appState = r, Object.setPrototypeOf(this, $n.prototype);
+  }
+}
+class eo extends j {
+  constructor(e, t, o, r) {
+    let i = arguments.length > 4 && arguments[4] !== void 0 ? arguments[4] : null;
+    super(e, t), this.connection = o, this.state = r, this.appState = i, Object.setPrototypeOf(this, eo.prototype);
+  }
+}
+class nt extends j {
+  constructor() {
+    super("timeout", "Timeout"), Object.setPrototypeOf(this, nt.prototype);
+  }
+}
+class to extends nt {
+  constructor(e) {
+    super(), this.popup = e, Object.setPrototypeOf(this, to.prototype);
+  }
+}
+class no extends j {
+  constructor(e) {
+    super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, no.prototype);
+  }
+}
+class oo extends j {
+  constructor() {
+    super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, oo.prototype);
+  }
+}
+class $e extends j {
+  constructor(e, t, o, r) {
+    super(e, t), this.mfa_token = o, this.mfa_requirements = r, Object.setPrototypeOf(this, $e.prototype);
+  }
+}
+class tn extends j {
+  constructor(e, t) {
+    super("missing_refresh_token", "Missing Refresh Token (audience: '".concat(Zt(e, ["default"]), "', scope: '").concat(Zt(t), "')")), this.audience = e, this.scope = t, Object.setPrototypeOf(this, tn.prototype);
+  }
+}
+class ro extends j {
+  constructor(e, t) {
+    super("missing_scopes", "Missing requested scopes after refresh (audience: '".concat(Zt(e, ["default"]), "', missing scope: '").concat(Zt(t), "')")), this.audience = e, this.scope = t, Object.setPrototypeOf(this, ro.prototype);
+  }
+}
+class nn extends j {
+  constructor(e) {
+    super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = e, Object.setPrototypeOf(this, nn.prototype);
+  }
+}
+function Zt(n) {
+  return n && !(arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : []).includes(n) ? n : "";
+}
+const Vt = () => window.crypto, rt = () => {
+  const n = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";
+  let e = "";
+  for (; e.length < 43; ) {
+    const t = Vt().getRandomValues(new Uint8Array(43 - e.length));
+    for (const o of t) e.length < 43 && o < 198 && (e += n[o % 66]);
+  }
+  return e;
+}, un = (n) => btoa(n), ri = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], Dn = function(n) {
+  let e = arguments.length > 1 && arguments[1] !== void 0 && arguments[1];
+  return Object.keys(n).reduce((t, o) => {
+    if (e && o === "env") return t;
+    const r = ri.find((i) => i.key === o);
+    return r && r.type.includes(typeof n[o]) && (t[o] = n[o]), t;
+  }, {});
+}, ut = (n) => {
+  var { clientId: e } = n, t = te(n, ["clientId"]);
+  return new URLSearchParams(((o) => Object.keys(o).filter((r) => o[r] !== void 0).reduce((r, i) => Object.assign(Object.assign({}, r), { [i]: o[i] }), {}))(Object.assign({ client_id: e }, t))).toString();
+}, So = async (n) => await Vt().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(n)), To = (n) => ((e) => decodeURIComponent(atob(e).split("").map((t) => "%" + ("00" + t.charCodeAt(0).toString(16)).slice(-2)).join("")))(n.replace(/_/g, "/").replace(/-/g, "+")), Eo = (n) => {
+  const e = new Uint8Array(n);
+  return ((t) => {
+    const o = { "+": "-", "/": "_", "=": "" };
+    return t.replace(/[+/=]/g, (r) => o[r]);
+  })(window.btoa(String.fromCharCode(...Array.from(e))));
+};
+var Le = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {}, sr = {}, io = {};
+Object.defineProperty(io, "__esModule", { value: !0 });
+var ii = (function() {
+  function n() {
+    var e = this;
+    this.locked = /* @__PURE__ */ new Map(), this.addToLocked = function(t, o) {
+      var r = e.locked.get(t);
+      r === void 0 ? o === void 0 ? e.locked.set(t, []) : e.locked.set(t, [o]) : o !== void 0 && (r.unshift(o), e.locked.set(t, r));
+    }, this.isLocked = function(t) {
+      return e.locked.has(t);
+    }, this.lock = function(t) {
+      return new Promise(function(o, r) {
+        e.isLocked(t) ? e.addToLocked(t, o) : (e.addToLocked(t), o());
+      });
+    }, this.unlock = function(t) {
+      var o = e.locked.get(t);
+      if (o !== void 0 && o.length !== 0) {
+        var r = o.pop();
+        e.locked.set(t, o), r !== void 0 && setTimeout(r, 0);
+      } else e.locked.delete(t);
+    };
+  }
+  return n.getInstance = function() {
+    return n.instance === void 0 && (n.instance = new n()), n.instance;
+  }, n;
+})();
+io.default = function() {
+  return ii.getInstance();
+};
+var ne = Le && Le.__awaiter || function(n, e, t, o) {
+  return new (t || (t = Promise))(function(r, i) {
+    function a(l) {
+      try {
+        c(o.next(l));
+      } catch (u) {
+        i(u);
+      }
+    }
+    function s(l) {
+      try {
+        c(o.throw(l));
+      } catch (u) {
+        i(u);
+      }
+    }
+    function c(l) {
+      l.done ? r(l.value) : new t(function(u) {
+        u(l.value);
+      }).then(a, s);
+    }
+    c((o = o.apply(n, e || [])).next());
+  });
+}, oe = Le && Le.__generator || function(n, e) {
+  var t, o, r, i, a = { label: 0, sent: function() {
+    if (1 & r[0]) throw r[1];
+    return r[1];
+  }, trys: [], ops: [] };
+  return i = { next: s(0), throw: s(1), return: s(2) }, typeof Symbol == "function" && (i[Symbol.iterator] = function() {
+    return this;
+  }), i;
+  function s(c) {
+    return function(l) {
+      return (function(u) {
+        if (t) throw new TypeError("Generator is already executing.");
+        for (; a; ) try {
+          if (t = 1, o && (r = 2 & u[0] ? o.return : u[0] ? o.throw || ((r = o.return) && r.call(o), 0) : o.next) && !(r = r.call(o, u[1])).done) return r;
+          switch (o = 0, r && (u = [2 & u[0], r.value]), u[0]) {
+            case 0:
+            case 1:
+              r = u;
+              break;
+            case 4:
+              return a.label++, { value: u[1], done: !1 };
+            case 5:
+              a.label++, o = u[1], u = [0];
+              continue;
+            case 7:
+              u = a.ops.pop(), a.trys.pop();
+              continue;
+            default:
+              if (r = a.trys, !((r = r.length > 0 && r[r.length - 1]) || u[0] !== 6 && u[0] !== 2)) {
+                a = 0;
+                continue;
+              }
+              if (u[0] === 3 && (!r || u[1] > r[0] && u[1] < r[3])) {
+                a.label = u[1];
+                break;
+              }
+              if (u[0] === 6 && a.label < r[1]) {
+                a.label = r[1], r = u;
+                break;
+              }
+              if (r && a.label < r[2]) {
+                a.label = r[2], a.ops.push(u);
+                break;
+              }
+              r[2] && a.ops.pop(), a.trys.pop();
+              continue;
+          }
+          u = e.call(n, a);
+        } catch (p) {
+          u = [6, p], o = 0;
+        } finally {
+          t = r = 0;
+        }
+        if (5 & u[0]) throw u[1];
+        return { value: u[0] ? u[1] : void 0, done: !0 };
+      })([c, l]);
+    };
+  }
+}, it = Le;
+Object.defineProperty(sr, "__esModule", { value: !0 });
+var Me = io, ln = "browser-tabs-lock-key", At = { key: function(n) {
+  return ne(it, void 0, void 0, function() {
+    return oe(this, function(e) {
+      throw new Error("Unsupported");
+    });
+  });
+}, getItem: function(n) {
+  return ne(it, void 0, void 0, function() {
+    return oe(this, function(e) {
+      throw new Error("Unsupported");
+    });
+  });
+}, clear: function() {
+  return ne(it, void 0, void 0, function() {
+    return oe(this, function(n) {
+      return [2, window.localStorage.clear()];
+    });
+  });
+}, removeItem: function(n) {
+  return ne(it, void 0, void 0, function() {
+    return oe(this, function(e) {
+      throw new Error("Unsupported");
+    });
+  });
+}, setItem: function(n, e) {
+  return ne(it, void 0, void 0, function() {
+    return oe(this, function(t) {
+      throw new Error("Unsupported");
+    });
+  });
+}, keySync: function(n) {
+  return window.localStorage.key(n);
+}, getItemSync: function(n) {
+  return window.localStorage.getItem(n);
+}, clearSync: function() {
+  return window.localStorage.clear();
+}, removeItemSync: function(n) {
+  return window.localStorage.removeItem(n);
+}, setItemSync: function(n, e) {
+  return window.localStorage.setItem(n, e);
+} };
+function hn(n) {
+  return new Promise(function(e) {
+    return setTimeout(e, n);
+  });
+}
+function dn(n) {
+  for (var e = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz", t = "", o = 0; o < n; o++)
+    t += e[Math.floor(61 * Math.random())];
+  return t;
+}
+var ai = (function() {
+  function n(e) {
+    this.acquiredIatSet = /* @__PURE__ */ new Set(), this.storageHandler = void 0, this.id = Date.now().toString() + dn(15), this.acquireLock = this.acquireLock.bind(this), this.releaseLock = this.releaseLock.bind(this), this.releaseLock__private__ = this.releaseLock__private__.bind(this), this.waitForSomethingToChange = this.waitForSomethingToChange.bind(this), this.refreshLockWhileAcquired = this.refreshLockWhileAcquired.bind(this), this.storageHandler = e, n.waiters === void 0 && (n.waiters = []);
+  }
+  return n.prototype.acquireLock = function(e, t) {
+    return t === void 0 && (t = 5e3), ne(this, void 0, void 0, function() {
+      var o, r, i, a, s, c, l;
+      return oe(this, function(u) {
+        switch (u.label) {
+          case 0:
+            o = Date.now() + dn(4), r = Date.now() + t, i = ln + "-" + e, a = this.storageHandler === void 0 ? At : this.storageHandler, u.label = 1;
+          case 1:
+            return Date.now() < r ? [4, hn(30)] : [3, 8];
+          case 2:
+            return u.sent(), a.getItemSync(i) !== null ? [3, 5] : (s = this.id + "-" + e + "-" + o, [4, hn(Math.floor(25 * Math.random()))]);
+          case 3:
+            return u.sent(), a.setItemSync(i, JSON.stringify({ id: this.id, iat: o, timeoutKey: s, timeAcquired: Date.now(), timeRefreshed: Date.now() })), [4, hn(30)];
+          case 4:
+            return u.sent(), (c = a.getItemSync(i)) !== null && (l = JSON.parse(c)).id === this.id && l.iat === o ? (this.acquiredIatSet.add(o), this.refreshLockWhileAcquired(i, o), [2, !0]) : [3, 7];
+          case 5:
+            return n.lockCorrector(this.storageHandler === void 0 ? At : this.storageHandler), [4, this.waitForSomethingToChange(r)];
+          case 6:
+            u.sent(), u.label = 7;
+          case 7:
+            return o = Date.now() + dn(4), [3, 1];
+          case 8:
+            return [2, !1];
+        }
+      });
+    });
+  }, n.prototype.refreshLockWhileAcquired = function(e, t) {
+    return ne(this, void 0, void 0, function() {
+      var o = this;
+      return oe(this, function(r) {
+        return setTimeout(function() {
+          return ne(o, void 0, void 0, function() {
+            var i, a, s;
+            return oe(this, function(c) {
+              switch (c.label) {
+                case 0:
+                  return [4, Me.default().lock(t)];
+                case 1:
+                  return c.sent(), this.acquiredIatSet.has(t) ? (i = this.storageHandler === void 0 ? At : this.storageHandler, (a = i.getItemSync(e)) === null ? (Me.default().unlock(t), [2]) : ((s = JSON.parse(a)).timeRefreshed = Date.now(), i.setItemSync(e, JSON.stringify(s)), Me.default().unlock(t), this.refreshLockWhileAcquired(e, t), [2])) : (Me.default().unlock(t), [2]);
+              }
+            });
+          });
+        }, 1e3), [2];
+      });
+    });
+  }, n.prototype.waitForSomethingToChange = function(e) {
+    return ne(this, void 0, void 0, function() {
+      return oe(this, function(t) {
+        switch (t.label) {
+          case 0:
+            return [4, new Promise(function(o) {
+              var r = !1, i = Date.now(), a = !1;
+              function s() {
+                if (a || (window.removeEventListener("storage", s), n.removeFromWaiting(s), clearTimeout(c), a = !0), !r) {
+                  r = !0;
+                  var l = 50 - (Date.now() - i);
+                  l > 0 ? setTimeout(o, l) : o(null);
+                }
+              }
+              window.addEventListener("storage", s), n.addToWaiting(s);
+              var c = setTimeout(s, Math.max(0, e - Date.now()));
+            })];
+          case 1:
+            return t.sent(), [2];
+        }
+      });
+    });
+  }, n.addToWaiting = function(e) {
+    this.removeFromWaiting(e), n.waiters !== void 0 && n.waiters.push(e);
+  }, n.removeFromWaiting = function(e) {
+    n.waiters !== void 0 && (n.waiters = n.waiters.filter(function(t) {
+      return t !== e;
+    }));
+  }, n.notifyWaiters = function() {
+    n.waiters !== void 0 && n.waiters.slice().forEach(function(e) {
+      return e();
+    });
+  }, n.prototype.releaseLock = function(e) {
+    return ne(this, void 0, void 0, function() {
+      return oe(this, function(t) {
+        switch (t.label) {
+          case 0:
+            return [4, this.releaseLock__private__(e)];
+          case 1:
+            return [2, t.sent()];
+        }
+      });
+    });
+  }, n.prototype.releaseLock__private__ = function(e) {
+    return ne(this, void 0, void 0, function() {
+      var t, o, r, i;
+      return oe(this, function(a) {
+        switch (a.label) {
+          case 0:
+            return t = this.storageHandler === void 0 ? At : this.storageHandler, o = ln + "-" + e, (r = t.getItemSync(o)) === null ? [2] : (i = JSON.parse(r)).id !== this.id ? [3, 2] : [4, Me.default().lock(i.iat)];
+          case 1:
+            a.sent(), this.acquiredIatSet.delete(i.iat), t.removeItemSync(o), Me.default().unlock(i.iat), n.notifyWaiters(), a.label = 2;
+          case 2:
+            return [2];
+        }
+      });
+    });
+  }, n.lockCorrector = function(e) {
+    for (var t = Date.now() - 5e3, o = e, r = [], i = 0; ; ) {
+      var a = o.keySync(i);
+      if (a === null) break;
+      r.push(a), i++;
+    }
+    for (var s = !1, c = 0; c < r.length; c++) {
+      var l = r[c];
+      if (l.includes(ln)) {
+        var u = o.getItemSync(l);
+        if (u !== null) {
+          var p = JSON.parse(u);
+          (p.timeRefreshed === void 0 && p.timeAcquired < t || p.timeRefreshed !== void 0 && p.timeRefreshed < t) && (o.removeItemSync(l), s = !0);
+        }
+      }
+    }
+    s && n.notifyWaiters();
+  }, n.waiters = void 0, n;
+})(), si = sr.default = ai;
+class ci {
+  async runWithLock(e, t, o) {
+    const r = new AbortController(), i = setTimeout(() => r.abort(), t);
+    try {
+      return await navigator.locks.request(e, { mode: "exclusive", signal: r.signal }, async (a) => {
+        if (clearTimeout(i), !a) throw new Error("Lock not available");
+        return await o();
+      });
+    } catch (a) {
+      throw clearTimeout(i), (a == null ? void 0 : a.name) === "AbortError" ? new nt() : a;
+    }
+  }
+}
+class ui {
+  constructor() {
+    this.activeLocks = /* @__PURE__ */ new Set(), this.lock = new si(), this.pagehideHandler = () => {
+      this.activeLocks.forEach((e) => this.lock.releaseLock(e)), this.activeLocks.clear();
+    };
+  }
+  async runWithLock(e, t, o) {
+    let r = !1;
+    for (let i = 0; i < 10 && !r; i++) r = await this.lock.acquireLock(e, t);
+    if (!r) throw new nt();
+    this.activeLocks.add(e), this.activeLocks.size === 1 && typeof window < "u" && window.addEventListener("pagehide", this.pagehideHandler);
+    try {
+      return await o();
+    } finally {
+      this.activeLocks.delete(e), await this.lock.releaseLock(e), this.activeLocks.size === 0 && typeof window < "u" && window.removeEventListener("pagehide", this.pagehideHandler);
+    }
+  }
+}
+function li() {
+  return typeof navigator < "u" && typeof ((n = navigator.locks) === null || n === void 0 ? void 0 : n.request) == "function" ? new ci() : new ui();
+  var n;
+}
+let pn = null;
+const hi = new TextEncoder(), di = new TextDecoder();
+function ht(n) {
+  return typeof n == "string" ? hi.encode(n) : di.decode(n);
+}
+function Po(n) {
+  if (typeof n.modulusLength != "number" || n.modulusLength < 2048) throw new mi(`${n.name} modulusLength must be at least 2048 bits`);
+}
+async function pi(n, e, t) {
+  if (t.usages.includes("sign") === !1) throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');
+  const o = `${dt(ht(JSON.stringify(n)))}.${dt(ht(JSON.stringify(e)))}`;
+  return `${o}.${dt(await crypto.subtle.sign((function(r) {
+    switch (r.algorithm.name) {
+      case "ECDSA":
+        return { name: r.algorithm.name, hash: "SHA-256" };
+      case "RSA-PSS":
+        return Po(r.algorithm), { name: r.algorithm.name, saltLength: 32 };
+      case "RSASSA-PKCS1-v1_5":
+        return Po(r.algorithm), { name: r.algorithm.name };
+      case "Ed25519":
+        return { name: r.algorithm.name };
+    }
+    throw new Ke();
+  })(t), t, ht(o)))}`;
+}
+let Nn;
+Uint8Array.prototype.toBase64 ? Nn = (n) => (n instanceof ArrayBuffer && (n = new Uint8Array(n)), n.toBase64({ alphabet: "base64url", omitPadding: !0 })) : Nn = (e) => {
+  e instanceof ArrayBuffer && (e = new Uint8Array(e));
+  const t = [];
+  for (let o = 0; o < e.byteLength; o += 32768) t.push(String.fromCharCode.apply(null, e.subarray(o, o + 32768)));
+  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+};
+function dt(n) {
+  return Nn(n);
+}
+class Ke extends Error {
+  constructor(e) {
+    var t;
+    super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
+  }
+}
+class mi extends Error {
+  constructor(e) {
+    var t;
+    super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
+  }
+}
+function fi(n) {
+  switch (n.algorithm.name) {
+    case "RSA-PSS":
+      return (function(e) {
+        if (e.algorithm.hash.name === "SHA-256") return "PS256";
+        throw new Ke("unsupported RsaHashedKeyAlgorithm hash name");
+      })(n);
+    case "RSASSA-PKCS1-v1_5":
+      return (function(e) {
+        if (e.algorithm.hash.name === "SHA-256") return "RS256";
+        throw new Ke("unsupported RsaHashedKeyAlgorithm hash name");
+      })(n);
+    case "ECDSA":
+      return (function(e) {
+        if (e.algorithm.namedCurve === "P-256") return "ES256";
+        throw new Ke("unsupported EcKeyAlgorithm namedCurve");
+      })(n);
+    case "Ed25519":
+      return "Ed25519";
+    default:
+      throw new Ke("unsupported CryptoKey algorithm name");
+  }
+}
+function cr(n) {
+  return n instanceof CryptoKey;
+}
+function ur(n) {
+  return cr(n) && n.type === "public";
+}
+async function yi(n, e, t, o, r, i) {
+  const a = n == null ? void 0 : n.privateKey, s = n == null ? void 0 : n.publicKey;
+  if (!cr(c = a) || c.type !== "private") throw new TypeError('"keypair.privateKey" must be a private CryptoKey');
+  var c;
+  if (!ur(s)) throw new TypeError('"keypair.publicKey" must be a public CryptoKey');
+  if (s.extractable !== !0) throw new TypeError('"keypair.publicKey.extractable" must be true');
+  if (typeof e != "string") throw new TypeError('"htu" must be a string');
+  if (typeof t != "string") throw new TypeError('"htm" must be a string');
+  if (o !== void 0 && typeof o != "string") throw new TypeError('"nonce" must be a string or undefined');
+  if (r !== void 0 && typeof r != "string") throw new TypeError('"accessToken" must be a string or undefined');
+  return pi({ alg: fi(a), typ: "dpop+jwt", jwk: await lr(s) }, Object.assign(Object.assign({}, i), { iat: Math.floor(Date.now() / 1e3), jti: crypto.randomUUID(), htm: t, nonce: o, htu: e, ath: r ? dt(await crypto.subtle.digest("SHA-256", ht(r))) : void 0 }), a);
+}
+async function lr(n) {
+  const { kty: e, e: t, n: o, x: r, y: i, crv: a } = await crypto.subtle.exportKey("jwk", n);
+  return { kty: e, crv: a, e: t, n: o, x: r, y: i };
+}
+const hr = "dpop-nonce", gi = ["authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:token-exchange", "http://auth0.com/oauth/grant-type/mfa-oob", "http://auth0.com/oauth/grant-type/mfa-otp", "http://auth0.com/oauth/grant-type/mfa-recovery-code"];
+function wi() {
+  return (async function(n, e) {
+    var t;
+    let o;
+    if (n.length === 0) throw new TypeError('"alg" must be a non-empty string');
+    switch (n) {
+      case "PS256":
+        o = { name: "RSA-PSS", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
+        break;
+      case "RS256":
+        o = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
+        break;
+      case "ES256":
+        o = { name: "ECDSA", namedCurve: "P-256" };
+        break;
+      case "Ed25519":
+        o = { name: "Ed25519" };
+        break;
+      default:
+        throw new Ke();
+    }
+    return crypto.subtle.generateKey(o, (t = e == null ? void 0 : e.extractable) !== null && t !== void 0 && t, ["sign", "verify"]);
+  })("ES256", { extractable: !1 });
+}
+function vi(n) {
+  return (async function(e) {
+    if (!ur(e)) throw new TypeError('"publicKey" must be a public CryptoKey');
+    if (e.extractable !== !0) throw new TypeError('"publicKey.extractable" must be true');
+    const t = await lr(e);
+    let o;
+    switch (t.kty) {
+      case "EC":
+        o = { crv: t.crv, kty: t.kty, x: t.x, y: t.y };
+        break;
+      case "OKP":
+        o = { crv: t.crv, kty: t.kty, x: t.x };
+        break;
+      case "RSA":
+        o = { e: t.e, kty: t.kty, n: t.n };
+        break;
+      default:
+        throw new Ke("unsupported JWK kty");
+    }
+    return dt(await crypto.subtle.digest({ name: "SHA-256" }, ht(JSON.stringify(o))));
+  })(n.publicKey);
+}
+function bi(n) {
+  let { keyPair: e, url: t, method: o, nonce: r, accessToken: i } = n;
+  const a = (function(s) {
+    const c = new URL(s);
+    return c.search = "", c.hash = "", c.href;
+  })(t);
+  return yi(e, a, o, r, i);
+}
+const dr = (n, e) => new Promise(function(t, o) {
+  const r = new MessageChannel();
+  r.port1.onmessage = function(i) {
+    i.data.error ? o(new Error(i.data.error)) : t(i.data), r.port1.close();
+  }, e.postMessage(n, [r.port2]);
+}), pr = (n, e, t) => {
+  const o = new AbortController();
+  let r;
+  return e.signal = o.signal, Promise.race([fetch(n, e), new Promise((i, a) => {
+    r = setTimeout(() => {
+      o.abort(), a(new Error("Timeout when executing 'fetch'"));
+    }, t);
+  })]).finally(() => {
+    clearTimeout(r);
+  });
+}, ki = async function(n, e, t, o, r, i) {
+  let a = arguments.length > 6 && arguments[6] !== void 0 ? arguments[6] : Un;
+  return r ? (async (s, c, l, u, p, h, d, g) => dr({ type: "refresh", auth: { audience: c, scope: l }, timeout: p, fetchUrl: s, fetchOptions: u, useFormData: d, useMrrt: g }, h))(n, e, t, o, a, r, i, arguments.length > 7 ? arguments[7] : void 0) : (async (s, c, l) => {
+    const u = await pr(s, c, l);
+    return { ok: u.ok, json: await u.json(), headers: (p = u.headers, [...p].reduce((h, d) => {
+      let [g, f] = d;
+      return h[g] = f, h;
+    }, {})) };
+    var p;
+  })(n, o, a);
+};
+async function mr(n, e, t, o, r, i, a, s, c, l) {
+  if (c) {
+    const S = await c.generateProof({ url: n, method: r.method || "GET", nonce: await c.getNonce() });
+    r.headers = Object.assign(Object.assign({}, r.headers), { dpop: S });
+  }
+  let u, p = null;
+  for (let S = 0; S < 3; S++) try {
+    u = await ki(n, t, o, r, i, a, e, s), p = null;
+    break;
+  } catch (T) {
+    p = T;
+  }
+  if (p) throw p;
+  const h = u.json, { error: d, error_description: g } = h, f = te(h, ["error", "error_description"]), { headers: m, ok: w } = u;
+  let k;
+  if (c && (k = m[hr], k && await c.setNonce(k)), !w) {
+    const S = g || "HTTP error. Unable to fetch ".concat(n);
+    if (d === "mfa_required") throw new $e(d, S, f.mfa_token, f.mfa_requirements);
+    if (d === "missing_refresh_token") throw new tn(t, o);
+    if (d === "use_dpop_nonce") {
+      if (!c || !k || l) throw new nn(k);
+      return mr(n, e, t, o, r, i, a, s, c, !0);
+    }
+    throw new j(d || "request_error", S);
+  }
+  return f;
+}
+async function _i(n, e) {
+  var { baseUrl: t, timeout: o, audience: r, scope: i, auth0Client: a, useFormData: s, useMrrt: c, dpop: l } = n, u = te(n, ["baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop"]);
+  const p = u.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", h = u.grant_type === "refresh_token" && c, d = Object.assign(Object.assign(Object.assign(Object.assign({}, u), p && r && { audience: r }), p && i && { scope: i }), h && { audience: r, scope: i }), g = s ? ut(d) : JSON.stringify(d), f = (m = u.grant_type, gi.includes(m));
+  var m;
+  return await mr("".concat(t, "/oauth/token"), o, r || H, i, { method: "POST", body: g, headers: { "Content-Type": s ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(Dn(a || Kn))) } }, e, s, c, f ? l : void 0);
+}
+const zt = function() {
+  for (var n = arguments.length, e = new Array(n), t = 0; t < n; t++) e[t] = arguments[t];
+  return (o = e.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(o))).join(" ");
+  var o;
+}, Rt = (n, e, t) => {
+  let o;
+  return t && (o = n[t]), o || (o = n[H]), zt(o, e);
+}, De = "@@auth0spajs@@", Fe = "@@user@@";
+class G {
+  constructor(e) {
+    let t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : De, o = arguments.length > 2 ? arguments[2] : void 0;
+    this.prefix = t, this.suffix = o, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
+  }
+  toKey() {
+    return [this.prefix, this.clientId, this.audience, this.scope, this.suffix].filter(Boolean).join("::");
+  }
+  static fromKey(e) {
+    const [t, o, r, i] = e.split("::");
+    return new G({ clientId: o, scope: i, audience: r }, t);
+  }
+  static fromCacheEntry(e) {
+    const { scope: t, audience: o, client_id: r } = e;
+    return new G({ scope: t, audience: o, clientId: r });
+  }
+}
+class Si {
+  set(e, t) {
+    localStorage.setItem(e, JSON.stringify(t));
+  }
+  get(e) {
+    const t = window.localStorage.getItem(e);
+    if (t) try {
+      return JSON.parse(t);
+    } catch {
+      return;
+    }
+  }
+  remove(e) {
+    localStorage.removeItem(e);
+  }
+  allKeys() {
+    return Object.keys(window.localStorage).filter((e) => e.startsWith(De));
+  }
+}
+class fr {
+  constructor() {
+    this.enclosedCache = /* @__PURE__ */ (function() {
+      let e = {};
+      return { set(t, o) {
+        e[t] = o;
+      }, get(t) {
+        const o = e[t];
+        if (o) return o;
+      }, remove(t) {
+        delete e[t];
+      }, allKeys: () => Object.keys(e) };
+    })();
+  }
+}
+class Ti {
+  constructor(e, t, o) {
+    this.cache = e, this.keyManifest = t, this.nowProvider = o || ar;
+  }
+  async setIdToken(e, t, o) {
+    var r;
+    const i = this.getIdTokenCacheKey(e);
+    await this.cache.set(i, { id_token: t, decodedToken: o }), await ((r = this.keyManifest) === null || r === void 0 ? void 0 : r.add(i));
+  }
+  async getIdToken(e) {
+    const t = await this.cache.get(this.getIdTokenCacheKey(e.clientId));
+    if (!t && e.scope && e.audience) {
+      const o = await this.get(e);
+      return !o || !o.id_token || !o.decodedToken ? void 0 : { id_token: o.id_token, decodedToken: o.decodedToken };
+    }
+    if (t) return { id_token: t.id_token, decodedToken: t.decodedToken };
+  }
+  async get(e) {
+    let t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : 0, o = arguments.length > 2 && arguments[2] !== void 0 && arguments[2], r = arguments.length > 3 ? arguments[3] : void 0;
+    var i;
+    let a = await this.cache.get(e.toKey());
+    if (!a) {
+      const l = await this.getCacheKeys();
+      if (!l) return;
+      const u = this.matchExistingCacheKey(e, l);
+      if (u && (a = await this.cache.get(u)), !a && o && r !== "cache-only") return this.getEntryWithRefreshToken(e, l);
+    }
+    if (!a) return;
+    const s = await this.nowProvider(), c = Math.floor(s / 1e3);
+    return a.expiresAt - t < c ? a.body.refresh_token ? this.modifiedCachedEntry(a, e) : (await this.cache.remove(e.toKey()), void await ((i = this.keyManifest) === null || i === void 0 ? void 0 : i.remove(e.toKey()))) : a.body;
+  }
+  async modifiedCachedEntry(e, t) {
+    return e.body = { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope }, await this.cache.set(t.toKey(), e), { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope };
+  }
+  async set(e) {
+    var t;
+    const o = new G({ clientId: e.client_id, scope: e.scope, audience: e.audience }), r = await this.wrapCacheEntry(e);
+    await this.cache.set(o.toKey(), r), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.add(o.toKey()));
+  }
+  async remove(e, t, o) {
+    const r = new G({ clientId: e, scope: o, audience: t });
+    await this.cache.remove(r.toKey());
+  }
+  async stripRefreshToken(e) {
+    var t;
+    const o = await this.getCacheKeys();
+    if (o) for (const r of o) {
+      const i = await this.cache.get(r);
+      ((t = i == null ? void 0 : i.body) === null || t === void 0 ? void 0 : t.refresh_token) === e && (delete i.body.refresh_token, await this.cache.set(r, i));
+    }
+  }
+  async clear(e) {
+    var t;
+    const o = await this.getCacheKeys();
+    o && (await o.filter((r) => !e || r.includes(e)).reduce(async (r, i) => {
+      await r, await this.cache.remove(i);
+    }, Promise.resolve()), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.clear()));
+  }
+  async wrapCacheEntry(e) {
+    const t = await this.nowProvider();
+    return { body: e, expiresAt: Math.floor(t / 1e3) + e.expires_in };
+  }
+  async getCacheKeys() {
+    var e;
+    return this.keyManifest ? (e = await this.keyManifest.get()) === null || e === void 0 ? void 0 : e.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
+  }
+  getIdTokenCacheKey(e) {
+    return new G({ clientId: e }, De, Fe).toKey();
+  }
+  matchExistingCacheKey(e, t) {
+    return t.filter((o) => {
+      var r;
+      const i = G.fromKey(o), a = new Set(i.scope && i.scope.split(" ")), s = ((r = e.scope) === null || r === void 0 ? void 0 : r.split(" ")) || [], c = i.scope && s.reduce((l, u) => l && a.has(u), !0);
+      return i.prefix === De && i.clientId === e.clientId && i.audience === e.audience && c;
+    })[0];
+  }
+  async getEntryWithRefreshToken(e, t) {
+    var o;
+    for (const r of t) {
+      const i = G.fromKey(r);
+      if (i.prefix === De && i.clientId === e.clientId) {
+        const a = await this.cache.get(r);
+        if (!((o = a == null ? void 0 : a.body) === null || o === void 0) && o.refresh_token) return this.modifiedCachedEntry(a, e);
+      }
+    }
+  }
+  async getRefreshTokensByAudience(e, t) {
+    var o;
+    const r = await this.getCacheKeys();
+    if (!r) return [];
+    const i = /* @__PURE__ */ new Set();
+    for (const a of r) {
+      const s = G.fromKey(a);
+      if (s.prefix === De && s.clientId === t && s.audience === e) {
+        const c = await this.cache.get(a);
+        !((o = c == null ? void 0 : c.body) === null || o === void 0) && o.refresh_token && i.add(c.body.refresh_token);
+      }
+    }
+    return Array.from(i);
+  }
+  async updateEntry(e, t) {
+    var o;
+    const r = await this.getCacheKeys();
+    if (r) for (const i of r) {
+      const a = await this.cache.get(i);
+      ((o = a == null ? void 0 : a.body) === null || o === void 0 ? void 0 : o.refresh_token) === e && (a.body.refresh_token = t, await this.cache.set(i, a));
+    }
+  }
+}
+class Ei {
+  constructor(e, t, o) {
+    this.storage = e, this.clientId = t, this.cookieDomain = o, this.storageKey = "".concat("a0.spajs.txs", ".").concat(this.clientId);
+  }
+  create(e) {
+    this.storage.save(this.storageKey, e, { daysUntilExpire: 1, cookieDomain: this.cookieDomain });
+  }
+  get() {
+    return this.storage.get(this.storageKey);
+  }
+  remove() {
+    this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
+  }
+}
+const at = (n) => typeof n == "number", Pi = ["iss", "aud", "exp", "nbf", "iat", "jti", "azp", "nonce", "auth_time", "at_hash", "c_hash", "acr", "amr", "sub_jwk", "cnf", "sip_from_tag", "sip_date", "sip_callid", "sip_cseq_num", "sip_via_branch", "orig", "dest", "mky", "events", "toe", "txn", "rph", "sid", "vot", "vtm"], Ai = (n) => {
+  if (!n.id_token) throw new Error("ID token is required but missing");
+  const e = ((i) => {
+    const a = i.split("."), [s, c, l] = a;
+    if (a.length !== 3 || !s || !c || !l) throw new Error("ID token could not be decoded");
+    const u = JSON.parse(To(c)), p = { __raw: i }, h = {};
+    return Object.keys(u).forEach((d) => {
+      p[d] = u[d], Pi.includes(d) || (h[d] = u[d]);
+    }), { encoded: { header: s, payload: c, signature: l }, header: JSON.parse(To(s)), claims: p, user: h };
+  })(n.id_token);
+  if (!e.claims.iss) throw new Error("Issuer (iss) claim must be a string present in the ID token");
+  if (e.claims.iss !== n.iss) throw new Error('Issuer (iss) claim mismatch in the ID token; expected "'.concat(n.iss, '", found "').concat(e.claims.iss, '"'));
+  if (!e.user.sub) throw new Error("Subject (sub) claim must be a string present in the ID token");
+  if (e.header.alg !== "RS256") throw new Error('Signature algorithm of "'.concat(e.header.alg, '" is not supported. Expected the ID token to be signed with "RS256".'));
+  if (!e.claims.aud || typeof e.claims.aud != "string" && !Array.isArray(e.claims.aud)) throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");
+  if (Array.isArray(e.claims.aud)) {
+    if (!e.claims.aud.includes(n.aud)) throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(n.aud, '" but was not one of "').concat(e.claims.aud.join(", "), '"'));
+    if (e.claims.aud.length > 1) {
+      if (!e.claims.azp) throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
+      if (e.claims.azp !== n.aud) throw new Error('Authorized Party (azp) claim mismatch in the ID token; expected "'.concat(n.aud, '", found "').concat(e.claims.azp, '"'));
+    }
+  } else if (e.claims.aud !== n.aud) throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(n.aud, '" but found "').concat(e.claims.aud, '"'));
+  if (n.nonce) {
+    if (!e.claims.nonce) throw new Error("Nonce (nonce) claim must be a string present in the ID token");
+    if (e.claims.nonce !== n.nonce) throw new Error('Nonce (nonce) claim mismatch in the ID token; expected "'.concat(n.nonce, '", found "').concat(e.claims.nonce, '"'));
+  }
+  if (n.max_age && !at(e.claims.auth_time)) throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
+  if (e.claims.exp == null || !at(e.claims.exp)) throw new Error("Expiration Time (exp) claim must be a number present in the ID token");
+  if (!at(e.claims.iat)) throw new Error("Issued At (iat) claim must be a number present in the ID token");
+  const t = n.leeway || 60, o = new Date(n.now || Date.now()), r = /* @__PURE__ */ new Date(0);
+  if (r.setUTCSeconds(e.claims.exp + t), o > r) throw new Error("Expiration Time (exp) claim error in the ID token; current time (".concat(o, ") is after expiration time (").concat(r, ")"));
+  if (e.claims.nbf != null && at(e.claims.nbf)) {
+    const i = /* @__PURE__ */ new Date(0);
+    if (i.setUTCSeconds(e.claims.nbf - t), o < i) throw new Error("Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (".concat(o, ") is before ").concat(i));
+  }
+  if (e.claims.auth_time != null && at(e.claims.auth_time)) {
+    const i = /* @__PURE__ */ new Date(0);
+    if (i.setUTCSeconds(parseInt(e.claims.auth_time) + n.max_age + t), o > i) throw new Error("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (".concat(o, ") is after last auth at ").concat(i));
+  }
+  if (n.organization) {
+    const i = n.organization.trim();
+    if (i.startsWith("org_")) {
+      const a = i;
+      if (!e.claims.org_id) throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
+      if (a !== e.claims.org_id) throw new Error('Organization ID (org_id) claim mismatch in the ID token; expected "'.concat(a, '", found "').concat(e.claims.org_id, '"'));
+    } else {
+      const a = i.toLowerCase();
+      if (!e.claims.org_name) throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
+      if (a !== e.claims.org_name) throw new Error('Organization Name (org_name) claim mismatch in the ID token; expected "'.concat(a, '", found "').concat(e.claims.org_name, '"'));
+    }
+  }
+  return e;
+};
+var yt = Le && Le.__assign || function() {
+  return yt = Object.assign || function(n) {
+    for (var e, t = 1, o = arguments.length; t < o; t++) for (var r in e = arguments[t]) Object.prototype.hasOwnProperty.call(e, r) && (n[r] = e[r]);
+    return n;
+  }, yt.apply(this, arguments);
+};
+function st(n, e) {
+  if (!e) return "";
+  var t = "; " + n;
+  return e === !0 ? t : t + "=" + e;
+}
+function Ri(n, e, t) {
+  return encodeURIComponent(n).replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent).replace(/\(/g, "%28").replace(/\)/g, "%29") + "=" + encodeURIComponent(e).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent) + (function(o) {
+    if (typeof o.expires == "number") {
+      var r = /* @__PURE__ */ new Date();
+      r.setMilliseconds(r.getMilliseconds() + 864e5 * o.expires), o.expires = r;
+    }
+    return st("Expires", o.expires ? o.expires.toUTCString() : "") + st("Domain", o.domain) + st("Path", o.path) + st("Secure", o.secure) + st("SameSite", o.sameSite);
+  })(t);
+}
+function Ii() {
+  return (function(n) {
+    for (var e = {}, t = n ? n.split("; ") : [], o = /(%[\dA-F]{2})+/gi, r = 0; r < t.length; r++) {
+      var i = t[r].split("="), a = i.slice(1).join("=");
+      a.charAt(0) === '"' && (a = a.slice(1, -1));
+      try {
+        e[i[0].replace(o, decodeURIComponent)] = a.replace(o, decodeURIComponent);
+      } catch {
+      }
+    }
+    return e;
+  })(document.cookie);
+}
+var xi = function(n) {
+  return Ii()[n];
+};
+function yr(n, e, t) {
+  document.cookie = Ri(n, e, yt({ path: "/" }, t));
+}
+var gr = yr, wr = function(n, e) {
+  yr(n, "", yt(yt({}, e), { expires: -1 }));
+};
+const Xe = { get(n) {
+  const e = xi(n);
+  if (e !== void 0) return JSON.parse(e);
+}, save(n, e, t) {
+  let o = {};
+  window.location.protocol === "https:" && (o = { secure: !0, sameSite: "none" }), t != null && t.daysUntilExpire && (o.expires = t.daysUntilExpire), t != null && t.cookieDomain && (o.domain = t.cookieDomain), gr(n, JSON.stringify(e), o);
+}, remove(n, e) {
+  let t = {};
+  e != null && e.cookieDomain && (t.domain = e.cookieDomain), wr(n, t);
+} }, mn = "_legacy_", Oi = { get(n) {
+  return Xe.get(n) || Xe.get("".concat(mn).concat(n));
+}, save(n, e, t) {
+  let o = {};
+  window.location.protocol === "https:" && (o = { secure: !0 }), t != null && t.daysUntilExpire && (o.expires = t.daysUntilExpire), t != null && t.cookieDomain && (o.domain = t.cookieDomain), gr("".concat(mn).concat(n), JSON.stringify(e), o), Xe.save(n, e, t);
+}, remove(n, e) {
+  let t = {};
+  e != null && e.cookieDomain && (t.domain = e.cookieDomain), wr(n, t), Xe.remove(n, e), Xe.remove("".concat(mn).concat(n), e);
+} }, Ci = { get(n) {
+  if (typeof sessionStorage > "u") return;
+  const e = sessionStorage.getItem(n);
+  return e != null ? JSON.parse(e) : void 0;
+}, save(n, e) {
+  sessionStorage.setItem(n, JSON.stringify(e));
+}, remove(n) {
+  sessionStorage.removeItem(n);
+} };
+var Ue;
+(function(n) {
+  n.Code = "code", n.ConnectCode = "connect_code";
+})(Ue || (Ue = {}));
+function ji(n, e, t) {
+  var o = e === void 0 ? null : e, r = (function(c, l) {
+    var u = atob(c);
+    if (l) {
+      for (var p = new Uint8Array(u.length), h = 0, d = u.length; h < d; ++h) p[h] = u.charCodeAt(h);
+      return String.fromCharCode.apply(null, new Uint16Array(p.buffer));
+    }
+    return u;
+  })(n, t !== void 0 && t), i = r.indexOf(`
+`, 10) + 1, a = r.substring(i) + (o ? "//# sourceMappingURL=" + o : ""), s = new Blob([a], { type: "application/javascript" });
+  return URL.createObjectURL(s);
+}
+var Ao, Ro, Io, fn, Wi = (Ao = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHQpe2xldHtlcnJvcjpyLGVycm9yX2Rlc2NyaXB0aW9uOm99PXQ7cmV0dXJuIG5ldyBlKHIsbyl9fWNsYXNzIHQgZXh0ZW5kcyBle2NvbnN0cnVjdG9yKGUsbyl7c3VwZXIoIm1pc3NpbmdfcmVmcmVzaF90b2tlbiIsIk1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICciLmNvbmNhdChyKGUsWyJkZWZhdWx0Il0pLCInLCBzY29wZTogJyIpLmNvbmNhdChyKG8pLCInKSIpKSx0aGlzLmF1ZGllbmNlPWUsdGhpcy5zY29wZT1vLE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLHQucHJvdG90eXBlKX19ZnVuY3Rpb24gcihlKXtyZXR1cm4gZSYmIShhcmd1bWVudHMubGVuZ3RoPjEmJnZvaWQgMCE9PWFyZ3VtZW50c1sxXT9hcmd1bWVudHNbMV06W10pLmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IG89ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIG8gaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxvKSYmdC5pbmRleE9mKG8pPDAmJihyW29dPWVbb10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgcz0wO2ZvcihvPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7czxvLmxlbmd0aDtzKyspdC5pbmRleE9mKG9bc10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLG9bc10pJiYocltvW3NdXT1lW29bc11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIodD0+dm9pZCAwIT09ZVt0XSkucmVkdWNlKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkse30pKShPYmplY3QuYXNzaWduKHtjbGllbnRfaWQ6dH0scikpKS50b1N0cmluZygpfTtsZXQgcz17fSxuPW51bGw7Y29uc3QgaT0oZSx0KT0+IiIuY29uY2F0KGUsInwiKS5jb25jYXQodCksYT0oZSx0KT0+dC5zdGFydHNXaXRoKCIiLmNvbmNhdChlLCJ8IikpLGM9ZT0+e09iamVjdC5lbnRyaWVzKHMpLmZvckVhY2godD0+e2xldFtyLG9dPXQ7bz09PWUmJmRlbGV0ZSBzW3JdfSl9LGw9ZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKGUsdCk9PntyW3RdPWV9KSxyfSxmPWFzeW5jIGU9PntsZXQgcixuLHtkYXRhOnt0aW1lb3V0OmMsYXV0aDpmLGZldGNoVXJsOnUsZmV0Y2hPcHRpb25zOmgsdXNlRm9ybURhdGE6ZCx1c2VNcnJ0OnB9LHBvcnRzOltnXX09ZSx5PXt9O2NvbnN0e2F1ZGllbmNlOmIsc2NvcGU6T309Znx8e307dHJ5e2NvbnN0IGU9ZD9sKGguYm9keSk6SlNPTi5wYXJzZShoLmJvZHkpO2lmKCFlLnJlZnJlc2hfdG9rZW4mJiJyZWZyZXNoX3Rva2VuIj09PWUuZ3JhbnRfdHlwZSl7aWYobj0oKGUsdCk9PnNbaShlLHQpXSkoYixPKSwhbiYmcCl7Y29uc3QgZT1zLmxhdGVzdF9yZWZyZXNoX3Rva2VuLHQ9KChlLHQpPT4hIU9iamVjdC5rZXlzKHMpLmZpbmQocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBvPWEodCxyKSxzPXIuc3BsaXQoInwiKVsxXS5zcGxpdCgiICIpLG49ZS5zcGxpdCgiICIpLmV2ZXJ5KGU9PnMuaW5jbHVkZXMoZSkpO3JldHVybiBvJiZufX0pKShPLGIpO2UmJiF0JiYobj1lKX1pZighbil0aHJvdyBuZXcgdChiLE8pO2guYm9keT1kP28oT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSl9bGV0IGYsdzsiZnVuY3Rpb24iPT10eXBlb2YgQWJvcnRDb250cm9sbGVyJiYoZj1uZXcgQWJvcnRDb250cm9sbGVyLGguc2lnbmFsPWYuc2lnbmFsKTt0cnl7dz1hd2FpdCBQcm9taXNlLnJhY2UoWyhtPWMsbmV3IFByb21pc2UoZT0+c2V0VGltZW91dChlLG0pKSksZmV0Y2godSxPYmplY3QuYXNzaWduKHt9LGgpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIGcucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCF3KXJldHVybiBmJiZmLmFib3J0KCksdm9pZCBnLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO189dy5oZWFkZXJzLHk9Wy4uLl9dLnJlZHVjZSgoZSx0KT0+e2xldFtyLG9dPXQ7cmV0dXJuIGVbcl09byxlfSx7fSkscj1hd2FpdCB3Lmpzb24oKSxyLnJlZnJlc2hfdG9rZW4/KHAmJihzLmxhdGVzdF9yZWZyZXNoX3Rva2VuPXIucmVmcmVzaF90b2tlbixrPW4saj1yLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMocykuZm9yRWFjaChlPT57bGV0W3Qscl09ZTtyPT09ayYmKHNbdF09ail9KSksKChlLHQscik9PntzW2kodCxyKV09ZX0pKHIucmVmcmVzaF90b2tlbixiLE8pLGRlbGV0ZSByLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBzW2koZSx0KV19KShiLE8pLGcucG9zdE1lc3NhZ2Uoe29rOncub2ssanNvbjpyLGhlYWRlcnM6eX0pfWNhdGNoKGUpe2cucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOnl9KX12YXIgayxqLF8sbX0sdT1hc3luYyBlPT57bGV0e2RhdGE6e3RpbWVvdXQ6dCxhdXRoOnIsZmV0Y2hVcmw6bixmZXRjaE9wdGlvbnM6aSx1c2VGb3JtRGF0YTpmfSxwb3J0czpbdV19PWU7Y29uc3R7YXVkaWVuY2U6aH09cnx8e307dHJ5e2NvbnN0IGU9KGU9Pntjb25zdCB0PW5ldyBTZXQ7cmV0dXJuIE9iamVjdC5lbnRyaWVzKHMpLmZvckVhY2gocj0+e2xldFtvLHNdPXI7YShlLG8pJiZ0LmFkZChzKX0pLEFycmF5LmZyb20odCl9KShoKTtpZigwPT09ZS5sZW5ndGgpcmV0dXJuIHZvaWQgdS5wb3N0TWVzc2FnZSh7b2s6ITB9KTtjb25zdCByPWY/bChpLmJvZHkpOkpTT04ucGFyc2UoaS5ib2R5KTtmb3IoY29uc3QgcyBvZiBlKXtjb25zdCBlPWY/byhPYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30scikse3Rva2VuOnN9KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LHIpLHt0b2tlbjpzfSkpO2xldCBhLGwsaCxkOyJmdW5jdGlvbiI9PXR5cGVvZiBBYm9ydENvbnRyb2xsZXImJihhPW5ldyBBYm9ydENvbnRyb2xsZXIsbD1hLnNpZ25hbCk7dHJ5e2Q9YXdhaXQgUHJvbWlzZS5yYWNlKFtuZXcgUHJvbWlzZShlPT57aD1zZXRUaW1lb3V0KGUsdCl9KSxmZXRjaChuLE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxpKSx7Ym9keTplLHNpZ25hbDpsfSkpXSkuZmluYWxseSgoKT0+Y2xlYXJUaW1lb3V0KGgpKX1jYXRjaChlKXtyZXR1cm4gdm9pZCB1LnBvc3RNZXNzYWdlKHtlcnJvcjplLm1lc3NhZ2V9KX1pZighZClyZXR1cm4gYSYmYS5hYm9ydCgpLHZvaWQgdS5wb3N0TWVzc2FnZSh7ZXJyb3I6IlRpbWVvdXQgd2hlbiBleGVjdXRpbmcgJ2ZldGNoJyJ9KTtpZighZC5vayl7bGV0IGU7dHJ5e2NvbnN0e2Vycm9yX2Rlc2NyaXB0aW9uOnR9PUpTT04ucGFyc2UoYXdhaXQgZC50ZXh0KCkpO2U9dH1jYXRjaChlKXt9cmV0dXJuIHZvaWQgdS5wb3N0TWVzc2FnZSh7ZXJyb3I6ZXx8IkhUVFAgZXJyb3IgIi5jb25jYXQoZC5zdGF0dXMpfSl9YyhzKX11LnBvc3RNZXNzYWdlKHtvazohMH0pfWNhdGNoKGUpe3UucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZXx8IlVua25vd24gZXJyb3IgZHVyaW5nIHRva2VuIHJldm9jYXRpb24ifSl9fSxoPShlLHQpPT57aWYoIW4pcmV0dXJuITE7dHJ5e2NvbnN0IHI9bmV3IFVSTChuKS5vcmlnaW4sbz1uZXcgVVJMKGUuZmV0Y2hVcmwpO3JldHVybiBvLm9yaWdpbj09PXImJm8ucGF0aG5hbWU9PT10fWNhdGNoKGUpe3JldHVybiExfX07YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsZT0+e2NvbnN0e2RhdGE6dCxwb3J0czpyfT1lLFtvXT1yO2lmKCJ0eXBlImluIHQmJiJpbml0Ij09PXQudHlwZSl7aWYobnVsbD09PW4pdHJ5e25ldyBVUkwodC5hbGxvd2VkQmFzZVVybCksbj10LmFsbG93ZWRCYXNlVXJsfWNhdGNoKGUpe3JldHVybn19ZWxzZXtpZigidHlwZSJpbiB0JiYicmV2b2tlIj09PXQudHlwZSlyZXR1cm4gaCh0LCIvb2F1dGgvcmV2b2tlIik/dm9pZCB1KGUpOnZvaWQobnVsbD09b3x8by5wb3N0TWVzc2FnZSh7b2s6ITEsanNvbjp7ZXJyb3I6ImludmFsaWRfZmV0Y2hfdXJsIixlcnJvcl9kZXNjcmlwdGlvbjoiVW5hdXRob3JpemVkIGZldGNoIFVSTCJ9LGhlYWRlcnM6e319KSk7ImZldGNoVXJsImluIHQmJmgodCwiL29hdXRoL3Rva2VuIik/ZihlKTpudWxsPT1vfHxvLnBvc3RNZXNzYWdlKHtvazohMSxqc29uOntlcnJvcjoiaW52YWxpZF9mZXRjaF91cmwiLGVycm9yX2Rlc2NyaXB0aW9uOiJVbmF1dGhvcml6ZWQgZmV0Y2ggVVJMIn0saGVhZGVyczp7fX0pfX0pfSgpOwoK", Ro = null, Io = !1, function(n) {
+  return fn = fn || ji(Ao, Ro, Io), new Worker(fn, n);
+});
+const yn = {};
+class Ui {
+  constructor(e, t) {
+    this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
+  }
+  async add(e) {
+    var t;
+    const o = new Set(((t = await this.cache.get(this.manifestKey)) === null || t === void 0 ? void 0 : t.keys) || []);
+    o.add(e), await this.cache.set(this.manifestKey, { keys: [...o] });
+  }
+  async remove(e) {
+    const t = await this.cache.get(this.manifestKey);
+    if (t) {
+      const o = new Set(t.keys);
+      return o.delete(e), o.size > 0 ? await this.cache.set(this.manifestKey, { keys: [...o] }) : await this.cache.remove(this.manifestKey);
+    }
+  }
+  get() {
+    return this.cache.get(this.manifestKey);
+  }
+  clear() {
+    return this.cache.remove(this.manifestKey);
+  }
+  createManifestKeyFrom(e) {
+    return "".concat(De, "::").concat(e);
+  }
+}
+const xo = "auth0.is.authenticated", Ki = { memory: () => new fr().enclosedCache, localstorage: () => new Si() }, Oo = (n) => Ki[n], Co = (n) => {
+  const { openUrl: e, onRedirect: t } = n, o = te(n, ["openUrl", "onRedirect"]);
+  return Object.assign(Object.assign({}, o), { openUrl: e === !1 || e ? e : t });
+}, jo = (n, e) => {
+  const t = (e == null ? void 0 : e.split(" ")) || [];
+  return ((n == null ? void 0 : n.split(" ")) || []).every((o) => t.includes(o));
+}, Re = { NONCE: "nonce", KEYPAIR: "keypair" };
+class Di {
+  constructor(e) {
+    this.clientId = e;
+  }
+  getVersion() {
+    return 1;
+  }
+  createDbHandle() {
+    const e = window.indexedDB.open("auth0-spa-js", this.getVersion());
+    return new Promise((t, o) => {
+      e.onupgradeneeded = () => Object.values(Re).forEach((r) => e.result.createObjectStore(r)), e.onerror = () => o(e.error), e.onsuccess = () => t(e.result);
+    });
+  }
+  async getDbHandle() {
+    return this.dbHandle || (this.dbHandle = await this.createDbHandle()), this.dbHandle;
+  }
+  async executeDbRequest(e, t, o) {
+    const r = o((await this.getDbHandle()).transaction(e, t).objectStore(e));
+    return new Promise((i, a) => {
+      r.onsuccess = () => i(r.result), r.onerror = () => a(r.error);
+    });
+  }
+  buildKey(e) {
+    const t = e ? "_".concat(e) : "auth0";
+    return "".concat(this.clientId, "::").concat(t);
+  }
+  setNonce(e, t) {
+    return this.save(Re.NONCE, this.buildKey(t), e);
+  }
+  setKeyPair(e) {
+    return this.save(Re.KEYPAIR, this.buildKey(), e);
+  }
+  async save(e, t, o) {
+    await this.executeDbRequest(e, "readwrite", (r) => r.put(o, t));
+  }
+  findNonce(e) {
+    return this.find(Re.NONCE, this.buildKey(e));
+  }
+  findKeyPair() {
+    return this.find(Re.KEYPAIR, this.buildKey());
+  }
+  find(e, t) {
+    return this.executeDbRequest(e, "readonly", (o) => o.get(t));
+  }
+  async deleteBy(e, t) {
+    const o = await this.executeDbRequest(e, "readonly", (r) => r.getAllKeys());
+    o == null || o.filter(t).map((r) => this.executeDbRequest(e, "readwrite", (i) => i.delete(r)));
+  }
+  deleteByClientId(e, t) {
+    return this.deleteBy(e, (o) => typeof o == "string" && o.startsWith("".concat(t, "::")));
+  }
+  clearNonces() {
+    return this.deleteByClientId(Re.NONCE, this.clientId);
+  }
+  clearKeyPairs() {
+    return this.deleteByClientId(Re.KEYPAIR, this.clientId);
+  }
+}
+class Ni {
+  constructor(e) {
+    this.storage = new Di(e);
+  }
+  getNonce(e) {
+    return this.storage.findNonce(e);
+  }
+  setNonce(e, t) {
+    return this.storage.setNonce(e, t);
+  }
+  async getOrGenerateKeyPair() {
+    let e = await this.storage.findKeyPair();
+    return e || (e = await wi(), await this.storage.setKeyPair(e)), e;
+  }
+  async generateProof(e) {
+    const t = await this.getOrGenerateKeyPair();
+    return bi(Object.assign({ keyPair: t }, e));
+  }
+  async calculateThumbprint() {
+    return vi(await this.getOrGenerateKeyPair());
+  }
+  async clear() {
+    await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
+  }
+}
+var Ge;
+(function(n) {
+  n.Bearer = "Bearer", n.DPoP = "DPoP";
+})(Ge || (Ge = {}));
+class Li {
+  constructor(e, t) {
+    this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
+  }
+  isAbsoluteUrl(e) {
+    return /^(https?:)?\/\//i.test(e);
+  }
+  buildUrl(e, t) {
+    if (t) {
+      if (this.isAbsoluteUrl(t)) return t;
+      if (e) return "".concat(e.replace(/\/?\/$/, ""), "/").concat(t.replace(/^\/+/, ""));
+    }
+    throw new TypeError("`url` must be absolute or `baseUrl` non-empty.");
+  }
+  getAccessToken(e) {
+    return this.config.getAccessToken ? this.config.getAccessToken(e) : this.hooks.getAccessToken(e);
+  }
+  extractUrl(e) {
+    return typeof e == "string" ? e : e instanceof URL ? e.href : e.url;
+  }
+  buildBaseRequest(e, t) {
+    if (!this.config.baseUrl) return new Request(e, t);
+    const o = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), r = e instanceof Request ? new Request(o, e) : o;
+    return new Request(r, t);
+  }
+  setAuthorizationHeader(e, t) {
+    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : Ge.Bearer;
+    e.headers.set("authorization", "".concat(o, " ").concat(t));
+  }
+  async setDpopProofHeader(e, t) {
+    if (!this.config.dpopNonceId) return;
+    const o = await this.hooks.getDpopNonce(), r = await this.hooks.generateDpopProof({ accessToken: t, method: e.method, nonce: o, url: e.url });
+    e.headers.set("dpop", r);
+  }
+  async prepareRequest(e, t) {
+    const o = await this.getAccessToken(t);
+    let r, i;
+    typeof o == "string" ? (r = this.config.dpopNonceId ? Ge.DPoP : Ge.Bearer, i = o) : (r = o.token_type, i = o.access_token), this.setAuthorizationHeader(e, i, r), r === Ge.DPoP && await this.setDpopProofHeader(e, i);
+  }
+  getHeader(e, t) {
+    return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
+  }
+  hasUseDpopNonceError(e) {
+    if (e.status !== 401) return !1;
+    const t = this.getHeader(e.headers, "www-authenticate");
+    return t.includes("invalid_dpop_nonce") || t.includes("use_dpop_nonce");
+  }
+  async handleResponse(e, t) {
+    const o = this.getHeader(e.headers, hr);
+    if (o && await this.hooks.setDpopNonce(o), !this.hasUseDpopNonceError(e)) return e;
+    if (!o || !t.onUseDpopNonceError) throw new nn(o);
+    return t.onUseDpopNonceError();
+  }
+  async internalFetchWithAuth(e, t, o, r) {
+    const i = this.buildBaseRequest(e, t);
+    await this.prepareRequest(i, r);
+    const a = await this.config.fetch(i);
+    return this.handleResponse(a, o);
+  }
+  fetchWithAuth(e, t, o) {
+    const r = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, r), { onUseDpopNonceError: void 0 }), o) };
+    return this.internalFetchWithAuth(e, t, r, o);
+  }
+}
+class zi {
+  constructor(e, t) {
+    this.myAccountFetcher = e, this.apiBase = t;
+  }
+  async connectAccount(e) {
+    const t = await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase, "v1/connected-accounts/connect"), { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
+    return this._handleResponse(t);
+  }
+  async completeAccount(e) {
+    const t = await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase, "v1/connected-accounts/complete"), { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(e) });
+    return this._handleResponse(t);
+  }
+  async _handleResponse(e) {
+    let t;
+    try {
+      t = await e.text(), t = JSON.parse(t);
+    } catch (o) {
+      throw new Ft({ type: "invalid_json", status: e.status, title: "Invalid JSON response", detail: t || String(o) });
+    }
+    if (e.ok) return t;
+    throw new Ft(t);
+  }
+}
+class Ft extends Error {
+  constructor(e) {
+    let { type: t, status: o, title: r, detail: i, validation_errors: a } = e;
+    super(i), this.name = "MyAccountApiError", this.type = t, this.status = o, this.title = r, this.detail = i, this.validation_errors = a, Object.setPrototypeOf(this, Ft.prototype);
+  }
+}
+const Hi = { otp: { authenticatorTypes: ["otp"] }, sms: { authenticatorTypes: ["oob"], oobChannels: ["sms"] }, email: { authenticatorTypes: ["oob"], oobChannels: ["email"] }, push: { authenticatorTypes: ["oob"], oobChannels: ["auth0"] }, voice: { authenticatorTypes: ["oob"], oobChannels: ["voice"] } }, Mi = "http://auth0.com/oauth/grant-type/mfa-otp", Ji = "http://auth0.com/oauth/grant-type/mfa-oob", Zi = "http://auth0.com/oauth/grant-type/mfa-recovery-code";
+function vr(n, e) {
+  this.v = n, this.k = e;
+}
+function C(n, e, t) {
+  if (typeof n == "function" ? n === e : n.has(e)) return arguments.length < 3 ? e : t;
+  throw new TypeError("Private element is not present on this object");
+}
+function Vi(n) {
+  return new vr(n, 0);
+}
+function br(n, e) {
+  if (e.has(n)) throw new TypeError("Cannot initialize the same private elements twice on an object");
+}
+function y(n, e) {
+  return n.get(C(n, e));
+}
+function W(n, e, t) {
+  br(n, e), e.set(n, t);
+}
+function P(n, e, t) {
+  return n.set(C(n, e), t), t;
+}
+function b(n, e, t) {
+  return (e = (function(o) {
+    var r = (function(i, a) {
+      if (typeof i != "object" || !i) return i;
+      var s = i[Symbol.toPrimitive];
+      if (s !== void 0) {
+        var c = s.call(i, a);
+        if (typeof c != "object") return c;
+        throw new TypeError("@@toPrimitive must return a primitive value.");
+      }
+      return (a === "string" ? String : Number)(i);
+    })(o, "string");
+    return typeof r == "symbol" ? r : r + "";
+  })(e)) in n ? Object.defineProperty(n, e, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : n[e] = t, n;
+}
+function Wo(n, e) {
+  var t = Object.keys(n);
+  if (Object.getOwnPropertySymbols) {
+    var o = Object.getOwnPropertySymbols(n);
+    e && (o = o.filter(function(r) {
+      return Object.getOwnPropertyDescriptor(n, r).enumerable;
+    })), t.push.apply(t, o);
+  }
+  return t;
+}
+function _(n) {
+  for (var e = 1; e < arguments.length; e++) {
+    var t = arguments[e] != null ? arguments[e] : {};
+    e % 2 ? Wo(Object(t), !0).forEach(function(o) {
+      b(n, o, t[o]);
+    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(n, Object.getOwnPropertyDescriptors(t)) : Wo(Object(t)).forEach(function(o) {
+      Object.defineProperty(n, o, Object.getOwnPropertyDescriptor(t, o));
+    });
+  }
+  return n;
+}
+function Uo(n, e) {
+  if (n == null) return {};
+  var t, o, r = (function(a, s) {
+    if (a == null) return {};
+    var c = {};
+    for (var l in a) if ({}.hasOwnProperty.call(a, l)) {
+      if (s.indexOf(l) !== -1) continue;
+      c[l] = a[l];
+    }
+    return c;
+  })(n, e);
+  if (Object.getOwnPropertySymbols) {
+    var i = Object.getOwnPropertySymbols(n);
+    for (o = 0; o < i.length; o++) t = i[o], e.indexOf(t) === -1 && {}.propertyIsEnumerable.call(n, t) && (r[t] = n[t]);
+  }
+  return r;
+}
+function Fi(n) {
+  return function() {
+    return new lt(n.apply(this, arguments));
+  };
+}
+function lt(n) {
+  var e, t;
+  function o(i, a) {
+    try {
+      var s = n[i](a), c = s.value, l = c instanceof vr;
+      Promise.resolve(l ? c.v : c).then(function(u) {
+        if (l) {
+          var p = i === "return" && c.k ? i : "next";
+          if (!c.k || u.done) return o(p, u);
+          u = n[p](u).value;
+        }
+        r(!!s.done, u);
+      }, function(u) {
+        o("throw", u);
+      });
+    } catch (u) {
+      r(2, u);
+    }
+  }
+  function r(i, a) {
+    i === 2 ? e.reject(a) : e.resolve({ value: a, done: i }), (e = e.next) ? o(e.key, e.arg) : t = null;
+  }
+  this._invoke = function(i, a) {
+    return new Promise(function(s, c) {
+      var l = { key: i, arg: a, resolve: s, reject: c, next: null };
+      t ? t = t.next = l : (e = t = l, o(i, a));
+    });
+  }, typeof n.return != "function" && (this.return = void 0);
+}
+var It, gn;
+let Ln;
+lt.prototype[typeof Symbol == "function" && Symbol.asyncIterator || "@@asyncIterator"] = function() {
+  return this;
+}, lt.prototype.next = function(n) {
+  return this._invoke("next", n);
+}, lt.prototype.throw = function(n) {
+  return this._invoke("throw", n);
+}, lt.prototype.return = function(n) {
+  return this._invoke("return", n);
+}, (typeof navigator > "u" || (It = navigator.userAgent) === null || It === void 0 || (gn = It.startsWith) === null || gn === void 0 || !gn.call(It, "Mozilla/5.0 ")) && (Ln = "".concat("oauth4webapi", "/").concat("v3.8.5"));
+function ot(n, e) {
+  if (n == null) return !1;
+  try {
+    return n instanceof e || Object.getPrototypeOf(n)[Symbol.toStringTag] === e.prototype[Symbol.toStringTag];
+  } catch {
+    return !1;
+  }
+}
+const M = "ERR_INVALID_ARG_VALUE", X = "ERR_INVALID_ARG_TYPE";
+function x(n, e, t) {
+  const o = new TypeError(n, { cause: t });
+  return Object.assign(o, { code: e }), o;
+}
+const Q = Symbol(), zn = Symbol(), Hn = Symbol(), ae = Symbol(), ye = Symbol(), Xi = new TextEncoder(), Gi = new TextDecoder();
+function Be(n) {
+  return typeof n == "string" ? Xi.encode(n) : Gi.decode(n);
+}
+let Mn, kr;
+Uint8Array.prototype.toBase64 ? Mn = (n) => (n instanceof ArrayBuffer && (n = new Uint8Array(n)), n.toBase64({ alphabet: "base64url", omitPadding: !0 })) : Mn = (e) => {
+  e instanceof ArrayBuffer && (e = new Uint8Array(e));
+  const t = [];
+  for (let o = 0; o < e.byteLength; o += 32768) t.push(String.fromCharCode.apply(null, e.subarray(o, o + 32768)));
+  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+};
+function Ne(n) {
+  return typeof n == "string" ? kr(n) : Mn(n);
+}
+kr = Uint8Array.fromBase64 ? (n) => {
+  try {
+    return Uint8Array.fromBase64(n, { alphabet: "base64url" });
+  } catch (e) {
+    throw x("The input to be decoded is not correctly encoded.", M, e);
+  }
+} : (n) => {
+  try {
+    const e = atob(n.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), t = new Uint8Array(e.length);
+    for (let o = 0; o < e.length; o++) t[o] = e.charCodeAt(o);
+    return t;
+  } catch (e) {
+    throw x("The input to be decoded is not correctly encoded.", M, e);
+  }
+};
+class q extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "code", void 0), this.name = this.constructor.name, this.code = Vn, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+class ao extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "code", void 0), this.name = this.constructor.name, t != null && t.code && (this.code = t == null ? void 0 : t.code), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+function E(n, e, t) {
+  return new ao(n, { code: e, cause: t });
+}
+function Yi(n, e) {
+  if ((function(t, o) {
+    if (!(t instanceof CryptoKey)) throw x("".concat(o, " must be a CryptoKey"), X);
+  })(n, e), n.type !== "private") throw x("".concat(e, " must be a private CryptoKey"), M);
+}
+function Xt(n) {
+  return n !== null && typeof n == "object" && !Array.isArray(n);
+}
+function on(n) {
+  ot(n, Headers) && (n = Object.fromEntries(n.entries()));
+  const e = new Headers(n ?? {});
+  if (Ln && !e.has("user-agent") && e.set("user-agent", Ln), e.has("authorization")) throw x('"options.headers" must not include the "authorization" header name', M);
+  return e;
+}
+function _r(n, e) {
+  if (e !== void 0) {
+    if (typeof e == "function" && (e = e(n.href)), !(e instanceof AbortSignal)) throw x('"options.signal" must return or be an instance of AbortSignal', X);
+    return e;
+  }
+}
+function Ko(n) {
+  return n.includes("//") ? n.replace("//", "/") : n;
+}
+async function qi(n, e) {
+  return (async function(t, o, r, i) {
+    if (!(t instanceof URL)) throw x('"'.concat(o, '" must be an instance of URL'), X);
+    so(t, (i == null ? void 0 : i[Q]) !== !0);
+    const a = r(new URL(t.href)), s = on(i == null ? void 0 : i.headers);
+    return s.set("accept", "application/json"), ((i == null ? void 0 : i[ae]) || fetch)(a.href, { body: void 0, headers: Object.fromEntries(s.entries()), method: "GET", redirect: "manual", signal: _r(a, i == null ? void 0 : i.signal) });
+  })(n, "issuerIdentifier", (t) => {
+    switch (e == null ? void 0 : e.algorithm) {
+      case void 0:
+      case "oidc":
+        (function(o, r) {
+          o.pathname = Ko("".concat(o.pathname, "/").concat(r));
+        })(t, ".well-known/openid-configuration");
+        break;
+      case "oauth2":
+        (function(o, r) {
+          let i = arguments.length > 2 && arguments[2] !== void 0 && arguments[2];
+          o.pathname === "/" ? o.pathname = r : o.pathname = Ko("".concat(r, "/").concat(i ? o.pathname : o.pathname.replace(/(\/)$/, "")));
+        })(t, ".well-known/oauth-authorization-server");
+        break;
+      default:
+        throw x('"options.algorithm" must be "oidc" (default), or "oauth2"', M);
+    }
+    return t;
+  }, e);
+}
+function Te(n, e, t, o, r) {
+  try {
+    if (typeof n != "number" || !Number.isFinite(n)) throw x("".concat(t, " must be a number"), X, r);
+    if (n > 0) return;
+    if (e) {
+      if (n !== 0) throw x("".concat(t, " must be a non-negative number"), M, r);
+      return;
+    }
+    throw x("".concat(t, " must be a positive number"), M, r);
+  } catch (i) {
+    throw o ? E(i.message, o, r) : i;
+  }
+}
+function U(n, e, t, o) {
+  try {
+    if (typeof n != "string") throw x("".concat(e, " must be a string"), X, o);
+    if (n.length === 0) throw x("".concat(e, " must not be empty"), M, o);
+  } catch (r) {
+    throw t ? E(r.message, t, o) : r;
+  }
+}
+function Sr(n) {
+  (function(e, t) {
+    if (Ar(e) !== t) throw (function(o) {
+      let r = '"response" content-type must be ';
+      for (var i = arguments.length, a = new Array(i > 1 ? i - 1 : 0), s = 1; s < i; s++) a[s - 1] = arguments[s];
+      if (a.length > 2) {
+        const c = a.pop();
+        r += "".concat(a.join(", "), ", or ").concat(c);
+      } else a.length === 2 ? r += "".concat(a[0], " or ").concat(a[1]) : r += a[0];
+      return E(r, Ir, o);
+    })(e, t);
+  })(n, "application/json");
+}
+function Tr() {
+  return Ne(crypto.getRandomValues(new Uint8Array(32)));
+}
+function Bi(n) {
+  switch (n.algorithm.name) {
+    case "RSA-PSS":
+      return (function(e) {
+        switch (e.algorithm.hash.name) {
+          case "SHA-256":
+            return "PS256";
+          case "SHA-384":
+            return "PS384";
+          case "SHA-512":
+            return "PS512";
+          default:
+            throw new q("unsupported RsaHashedKeyAlgorithm hash name", { cause: e });
+        }
+      })(n);
+    case "RSASSA-PKCS1-v1_5":
+      return (function(e) {
+        switch (e.algorithm.hash.name) {
+          case "SHA-256":
+            return "RS256";
+          case "SHA-384":
+            return "RS384";
+          case "SHA-512":
+            return "RS512";
+          default:
+            throw new q("unsupported RsaHashedKeyAlgorithm hash name", { cause: e });
+        }
+      })(n);
+    case "ECDSA":
+      return (function(e) {
+        switch (e.algorithm.namedCurve) {
+          case "P-256":
+            return "ES256";
+          case "P-384":
+            return "ES384";
+          case "P-521":
+            return "ES512";
+          default:
+            throw new q("unsupported EcKeyAlgorithm namedCurve", { cause: e });
+        }
+      })(n);
+    case "Ed25519":
+    case "ML-DSA-44":
+    case "ML-DSA-65":
+    case "ML-DSA-87":
+      return n.algorithm.name;
+    case "EdDSA":
+      return "Ed25519";
+    default:
+      throw new q("unsupported CryptoKey algorithm name", { cause: n });
+  }
+}
+function Gt(n) {
+  const e = n == null ? void 0 : n[zn];
+  return typeof e == "number" && Number.isFinite(e) ? e : 0;
+}
+function Jn(n) {
+  const e = n == null ? void 0 : n[Hn];
+  return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
+}
+function Yt() {
+  return Math.floor(Date.now() / 1e3);
+}
+function re(n) {
+  if (typeof n != "object" || n === null) throw x('"as" must be an object', X);
+  U(n.issuer, '"as.issuer"');
+}
+function ie(n) {
+  if (typeof n != "object" || n === null) throw x('"client" must be an object', X);
+  U(n.client_id, '"client.client_id"');
+}
+function Do(n) {
+  return U(n, '"clientSecret"'), (e, t, o, r) => {
+    o.set("client_id", t.client_id), o.set("client_secret", n);
+  };
+}
+function Qi(n, e) {
+  const { key: t, kid: o } = (r = n) instanceof CryptoKey ? { key: r } : (r == null ? void 0 : r.key) instanceof CryptoKey ? (r.kid !== void 0 && U(r.kid, '"kid"'), { key: r.key, kid: r.kid }) : {};
+  var r;
+  return Yi(t, '"clientPrivateKey.key"'), async (i, a, s, c) => {
+    const l = { alg: Bi(t), kid: o }, u = (function(p, h) {
+      const d = Yt() + Gt(h);
+      return { jti: Tr(), aud: p.issuer, exp: d + 60, iat: d, nbf: d, iss: h.client_id, sub: h.client_id };
+    })(i, a);
+    s.set("client_id", a.client_id), s.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), s.set("client_assertion", await (async function(p, h, d) {
+      if (!d.usages.includes("sign")) throw x('CryptoKey instances used for signing assertions must include "sign" in their "usages"', M);
+      const g = "".concat(Ne(Be(JSON.stringify(p))), ".").concat(Ne(Be(JSON.stringify(h)))), f = Ne(await crypto.subtle.sign((function(m) {
+        switch (m.algorithm.name) {
+          case "ECDSA":
+            return { name: m.algorithm.name, hash: ga(m) };
+          case "RSA-PSS":
+            switch (zo(m), m.algorithm.hash.name) {
+              case "SHA-256":
+              case "SHA-384":
+              case "SHA-512":
+                return { name: m.algorithm.name, saltLength: parseInt(m.algorithm.hash.name.slice(-3), 10) >> 3 };
+              default:
+                throw new q("unsupported RSA-PSS hash name", { cause: m });
+            }
+          case "RSASSA-PKCS1-v1_5":
+            return zo(m), m.algorithm.name;
+          case "ML-DSA-44":
+          case "ML-DSA-65":
+          case "ML-DSA-87":
+          case "Ed25519":
+            return m.algorithm.name;
+        }
+        throw new q("unsupported CryptoKey algorithm name", { cause: m });
+      })(d), d, Be(g)));
+      return "".concat(g, ".").concat(f);
+    })(l, u, t));
+  };
+}
+const $i = URL.parse ? (n, e) => URL.parse(n, e) : (n, e) => {
+  try {
+    return new URL(n, e);
+  } catch {
+    return null;
+  }
+};
+function so(n, e) {
+  if (e && n.protocol !== "https:") throw E("only requests to HTTPS are allowed", xr, n);
+  if (n.protocol !== "https:" && n.protocol !== "http:") throw E("only HTTP and HTTPS requests are allowed", Or, n);
+}
+function No(n, e, t, o) {
+  let r;
+  if (typeof n != "string" || !(r = $i(n))) throw E("authorization server metadata does not contain a valid ".concat(t ? '"as.mtls_endpoint_aliases.'.concat(e, '"') : '"as.'.concat(e, '"')), n === void 0 ? fa : ya, { attribute: t ? "mtls_endpoint_aliases.".concat(e) : e });
+  return so(r, o), r;
+}
+function vt(n, e, t, o) {
+  return t && n.mtls_endpoint_aliases && e in n.mtls_endpoint_aliases ? No(n.mtls_endpoint_aliases[e], e, t, o) : No(n[e], e, t, o);
+}
+class rn extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "cause", void 0), b(this, "code", void 0), b(this, "error", void 0), b(this, "status", void 0), b(this, "error_description", void 0), b(this, "response", void 0), this.name = this.constructor.name, this.code = pa, this.cause = t.cause, this.error = t.cause.error, this.status = t.response.status, this.error_description = t.cause.error_description, Object.defineProperty(this, "response", { enumerable: !1, value: t.response }), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+class Er extends Error {
+  constructor(e, t) {
+    var o, r;
+    super(e, t), b(this, "cause", void 0), b(this, "code", void 0), b(this, "error", void 0), b(this, "error_description", void 0), this.name = this.constructor.name, this.code = ma, this.cause = t.cause, this.error = t.cause.get("error"), this.error_description = (o = t.cause.get("error_description")) !== null && o !== void 0 ? o : void 0, (r = Error.captureStackTrace) === null || r === void 0 || r.call(Error, this, this.constructor);
+  }
+}
+class co extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "cause", void 0), b(this, "code", void 0), b(this, "response", void 0), b(this, "status", void 0), this.name = this.constructor.name, this.code = da, this.cause = t.cause, this.status = t.response.status, this.response = t.response, Object.defineProperty(this, "response", { enumerable: !1 }), (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+const qt = "[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+", ea = "(" + qt + ')\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"', ta = "(" + qt + ")\\s*=\\s*(" + qt + ")", na = new RegExp("^[,\\s]*(" + qt + ")"), oa = new RegExp("^[,\\s]*" + ea + "[,\\s]*(.*)"), ra = new RegExp("^[,\\s]*" + ta + "[,\\s]*(.*)"), ia = new RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");
+async function uo(n, e, t) {
+  if (n.status !== e) {
+    let r;
+    var o;
+    throw (function(i) {
+      let a;
+      if (a = (function(s) {
+        if (!ot(s, Response)) throw x('"response" must be an instance of Response', X);
+        const c = s.headers.get("www-authenticate");
+        if (c === null) return;
+        const l = [];
+        let u = c;
+        for (; u; ) {
+          var p;
+          let h = u.match(na);
+          const d = (p = h) === null || p === void 0 ? void 0 : p[1].toLowerCase();
+          if (!d) return;
+          const g = u.substring(h[0].length);
+          if (g && !g.match(/^[\s,]/)) return;
+          const f = g.match(/^\s+(.*)$/), m = !!f;
+          u = f ? f[1] : void 0;
+          const w = {};
+          let k;
+          if (m) for (; u; ) {
+            let T, v;
+            if (h = u.match(oa)) {
+              if ([, T, v, u] = h, v.includes("\\")) try {
+                v = JSON.parse('"'.concat(v, '"'));
+              } catch {
+              }
+              w[T.toLowerCase()] = v;
+            } else {
+              if (!(h = u.match(ra))) {
+                if (h = u.match(ia)) {
+                  if (Object.keys(w).length) break;
+                  [, k, u] = h;
+                  break;
+                }
+                return;
+              }
+              [, T, v, u] = h, w[T.toLowerCase()] = v;
+            }
+          }
+          else u = g || void 0;
+          const S = { scheme: d, parameters: w };
+          k && (S.token68 = k), l.push(S);
+        }
+        return l.length ? l : void 0;
+      })(i)) throw new co("server responded with a challenge in the WWW-Authenticate HTTP Header", { cause: a, response: i });
+    })(n), (r = await (async function(i) {
+      if (i.status > 399 && i.status < 500) {
+        kt(i), Sr(i);
+        try {
+          const a = await i.clone().json();
+          if (Xt(a) && typeof a.error == "string" && a.error.length) return a;
+        } catch {
+        }
+      }
+    })(n)) ? (await ((o = n.body) === null || o === void 0 ? void 0 : o.cancel()), new rn("server responded with an error in the response body", { cause: r, response: n })) : E('"response" is not a conform '.concat(t, " response (unexpected HTTP status code)"), po, n);
+  }
+}
+function Pr(n) {
+  if (!ho.has(n)) throw x('"options.DPoP" is not a valid DPoPHandle', M);
+}
+function Ar(n) {
+  var e;
+  return (e = n.headers.get("content-type")) === null || e === void 0 ? void 0 : e.split(";")[0];
+}
+async function lo(n, e, t, o, r, i, a) {
+  return await t(n, e, r, i), i.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((a == null ? void 0 : a[ae]) || fetch)(o.href, { body: r, headers: Object.fromEntries(i.entries()), method: "POST", redirect: "manual", signal: _r(o, a == null ? void 0 : a.signal) });
+}
+async function bt(n, e, t, o, r, i) {
+  var a;
+  const s = vt(n, "token_endpoint", e.use_mtls_endpoint_aliases, (i == null ? void 0 : i[Q]) !== !0);
+  r.set("grant_type", o);
+  const c = on(i == null ? void 0 : i.headers);
+  c.set("accept", "application/json"), (i == null ? void 0 : i.DPoP) !== void 0 && (Pr(i.DPoP), await i.DPoP.addProof(s, c, "POST"));
+  const l = await lo(n, e, t, s, r, c, i);
+  return i == null || (a = i.DPoP) === null || a === void 0 || a.cacheNonce(l, s), l;
+}
+const Rr = /* @__PURE__ */ new WeakMap(), aa = /* @__PURE__ */ new WeakMap();
+function Zn(n) {
+  if (!n.id_token) return;
+  const e = Rr.get(n);
+  if (!e) throw x('"ref" was already garbage collected or did not resolve from the proper sources', M);
+  return e;
+}
+async function et(n, e, t, o, r, i) {
+  if (re(n), ie(e), !ot(t, Response)) throw x('"response" must be an instance of Response', X);
+  await uo(t, 200, "Token Endpoint"), kt(t);
+  const a = await an(t);
+  if (U(a.access_token, '"response" body "access_token" property', A, { body: a }), U(a.token_type, '"response" body "token_type" property', A, { body: a }), a.token_type = a.token_type.toLowerCase(), a.expires_in !== void 0) {
+    let s = typeof a.expires_in != "number" ? parseFloat(a.expires_in) : a.expires_in;
+    Te(s, !0, '"response" body "expires_in" property', A, { body: a }), a.expires_in = s;
+  }
+  if (a.refresh_token !== void 0 && U(a.refresh_token, '"response" body "refresh_token" property', A, { body: a }), a.scope !== void 0 && typeof a.scope != "string") throw E('"response" body "scope" property must be a string', A, { body: a });
+  if (a.id_token !== void 0) {
+    U(a.id_token, '"response" body "id_token" property', A, { body: a });
+    const s = ["aud", "exp", "iat", "iss", "sub"];
+    e.require_auth_time === !0 && s.push("auth_time"), e.default_max_age !== void 0 && (Te(e.default_max_age, !0, '"client.default_max_age"'), s.push("auth_time")), o != null && o.length && s.push(...o);
+    const { claims: c, jwt: l } = await (async function(u, p, h, d, g) {
+      let f, m, { 0: w, 1: k, length: S } = u.split(".");
+      if (S === 5) {
+        if (g === void 0) throw new q("JWE decryption is not configured", { cause: u });
+        u = await g(u), { 0: w, 1: k, length: S } = u.split(".");
+      }
+      if (S !== 3) throw E("Invalid JWT", A, u);
+      try {
+        f = JSON.parse(Be(Ne(w)));
+      } catch (v) {
+        throw E("failed to parse JWT Header body as base64url encoded JSON", Bt, v);
+      }
+      if (!Xt(f)) throw E("JWT Header must be a top level object", A, u);
+      if (p(f), f.crit !== void 0) throw new q('no JWT "crit" header parameter extensions are supported', { cause: { header: f } });
+      try {
+        m = JSON.parse(Be(Ne(k)));
+      } catch (v) {
+        throw E("failed to parse JWT Payload body as base64url encoded JSON", Bt, v);
+      }
+      if (!Xt(m)) throw E("JWT Payload must be a top level object", A, u);
+      const T = Yt() + h;
+      if (m.exp !== void 0) {
+        if (typeof m.exp != "number") throw E('unexpected JWT "exp" (expiration time) claim type', A, { claims: m });
+        if (m.exp <= T - d) throw E('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp', gt, { claims: m, now: T, tolerance: d, claim: "exp" });
+      }
+      if (m.iat !== void 0 && typeof m.iat != "number") throw E('unexpected JWT "iat" (issued at) claim type', A, { claims: m });
+      if (m.iss !== void 0 && typeof m.iss != "string") throw E('unexpected JWT "iss" (issuer) claim type', A, { claims: m });
+      if (m.nbf !== void 0) {
+        if (typeof m.nbf != "number") throw E('unexpected JWT "nbf" (not before) claim type', A, { claims: m });
+        if (m.nbf > T + d) throw E('unexpected JWT "nbf" (not before) claim value', gt, { claims: m, now: T, tolerance: d, claim: "nbf" });
+      }
+      if (m.aud !== void 0 && typeof m.aud != "string" && !Array.isArray(m.aud)) throw E('unexpected JWT "aud" (audience) claim type', A, { claims: m });
+      return { header: f, claims: m, jwt: u };
+    })(a.id_token, va.bind(void 0, e.id_token_signed_response_alg, n.id_token_signing_alg_values_supported, "RS256"), Gt(e), Jn(e), r).then(la.bind(void 0, s)).then(ca.bind(void 0, n)).then(sa.bind(void 0, e.client_id));
+    if (Array.isArray(c.aud) && c.aud.length !== 1) {
+      if (c.azp === void 0) throw E('ID Token "aud" (audience) claim includes additional untrusted audiences', fe, { claims: c, claim: "aud" });
+      if (c.azp !== e.client_id) throw E('unexpected ID Token "azp" (authorized party) claim value', fe, { expected: e.client_id, claims: c, claim: "azp" });
+    }
+    c.auth_time !== void 0 && Te(c.auth_time, !0, 'ID Token "auth_time" (authentication time)', A, { claims: c }), aa.set(t, l), Rr.set(a, c);
+  }
+  if ((i == null ? void 0 : i[a.token_type]) !== void 0) i[a.token_type](t, a);
+  else if (a.token_type !== "dpop" && a.token_type !== "bearer") throw new q("unsupported `token_type` value", { cause: { body: a } });
+  return a;
+}
+function sa(n, e) {
+  if (Array.isArray(e.claims.aud)) {
+    if (!e.claims.aud.includes(n)) throw E('unexpected JWT "aud" (audience) claim value', fe, { expected: n, claims: e.claims, claim: "aud" });
+  } else if (e.claims.aud !== n) throw E('unexpected JWT "aud" (audience) claim value', fe, { expected: n, claims: e.claims, claim: "aud" });
+  return e;
+}
+function ca(n, e) {
+  var t, o;
+  const r = (t = (o = n[Cr]) === null || o === void 0 ? void 0 : o.call(n, e)) !== null && t !== void 0 ? t : n.issuer;
+  if (e.claims.iss !== r) throw E('unexpected JWT "iss" (issuer) claim value', fe, { expected: r, claims: e.claims, claim: "iss" });
+  return e;
+}
+const ho = /* @__PURE__ */ new WeakSet(), Lo = Symbol(), ua = { aud: "audience", c_hash: "code hash", client_id: "client id", exp: "expiration time", iat: "issued at", iss: "issuer", jti: "jwt id", nonce: "nonce", s_hash: "state hash", sub: "subject", ath: "access token hash", htm: "http method", htu: "http uri", cnf: "confirmation", auth_time: "authentication time" };
+function la(n, e) {
+  for (const t of n) if (e.claims[t] === void 0) throw E('JWT "'.concat(t, '" (').concat(ua[t], ") claim missing"), A, { claims: e.claims });
+  return e;
+}
+const wn = Symbol(), vn = Symbol();
+async function ha(n, e, t, o) {
+  return typeof (o == null ? void 0 : o.expectedNonce) == "string" || typeof (o == null ? void 0 : o.maxAge) == "number" || o != null && o.requireIdToken ? (async function(r, i, a, s, c, l, u) {
+    const p = [];
+    switch (s) {
+      case void 0:
+        s = wn;
+        break;
+      case wn:
+        break;
+      default:
+        U(s, '"expectedNonce" argument'), p.push("nonce");
+    }
+    switch (c != null || (c = i.default_max_age), c) {
+      case void 0:
+        c = vn;
+        break;
+      case vn:
+        break;
+      default:
+        Te(c, !0, '"maxAge" argument'), p.push("auth_time");
+    }
+    const h = await et(r, i, a, p, l, u);
+    U(h.id_token, '"response" body "id_token" property', A, { body: h });
+    const d = Zn(h);
+    if (c !== vn) {
+      const g = Yt() + Gt(i), f = Jn(i);
+      if (d.auth_time + c < g - f) throw E("too much time has elapsed since the last End-User authentication", gt, { claims: d, now: g, tolerance: f, claim: "auth_time" });
+    }
+    if (s === wn) {
+      if (d.nonce !== void 0) throw E('unexpected ID Token "nonce" claim value', fe, { expected: void 0, claims: d, claim: "nonce" });
+    } else if (d.nonce !== s) throw E('unexpected ID Token "nonce" claim value', fe, { expected: s, claims: d, claim: "nonce" });
+    return h;
+  })(n, e, t, o.expectedNonce, o.maxAge, o[ye], o.recognizedTokenTypes) : (async function(r, i, a, s, c) {
+    const l = await et(r, i, a, void 0, s, c), u = Zn(l);
+    if (u) {
+      if (i.default_max_age !== void 0) {
+        Te(i.default_max_age, !0, '"client.default_max_age"');
+        const p = Yt() + Gt(i), h = Jn(i);
+        if (u.auth_time + i.default_max_age < p - h) throw E("too much time has elapsed since the last End-User authentication", gt, { claims: u, now: p, tolerance: h, claim: "auth_time" });
+      }
+      if (u.nonce !== void 0) throw E('unexpected ID Token "nonce" claim value', fe, { expected: void 0, claims: u, claim: "nonce" });
+    }
+    return l;
+  })(n, e, t, o == null ? void 0 : o[ye], o == null ? void 0 : o.recognizedTokenTypes);
+}
+const da = "OAUTH_WWW_AUTHENTICATE_CHALLENGE", pa = "OAUTH_RESPONSE_BODY_ERROR", Vn = "OAUTH_UNSUPPORTED_OPERATION", ma = "OAUTH_AUTHORIZATION_RESPONSE_ERROR", Bt = "OAUTH_PARSE_ERROR", A = "OAUTH_INVALID_RESPONSE", Ir = "OAUTH_RESPONSE_IS_NOT_JSON", po = "OAUTH_RESPONSE_IS_NOT_CONFORM", xr = "OAUTH_HTTP_REQUEST_FORBIDDEN", Or = "OAUTH_REQUEST_PROTOCOL_FORBIDDEN", gt = "OAUTH_JWT_TIMESTAMP_CHECK_FAILED", fe = "OAUTH_JWT_CLAIM_COMPARISON_FAILED", Fn = "OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED", fa = "OAUTH_MISSING_SERVER_METADATA", ya = "OAUTH_INVALID_SERVER_METADATA";
+function kt(n) {
+  if (n.bodyUsed) throw x('"response" body has been used already', M);
+}
+function zo(n) {
+  const { algorithm: e } = n;
+  if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new q("unsupported ".concat(e.name, " modulusLength"), { cause: n });
+}
+function ga(n) {
+  const { algorithm: e } = n;
+  switch (e.namedCurve) {
+    case "P-256":
+      return "SHA-256";
+    case "P-384":
+      return "SHA-384";
+    case "P-521":
+      return "SHA-512";
+    default:
+      throw new q("unsupported ECDSA namedCurve", { cause: n });
+  }
+}
+async function wa(n) {
+  if (n.method !== "POST") throw x("form_post responses are expected to use the POST method", M, { cause: n });
+  if (Ar(n) !== "application/x-www-form-urlencoded") throw x("form_post responses are expected to use the application/x-www-form-urlencoded content-type", M, { cause: n });
+  return (async function(e) {
+    if (e.bodyUsed) throw x("form_post Request instances must contain a readable body", M, { cause: e });
+    return e.text();
+  })(n);
+}
+function va(n, e, t, o) {
+  if (n === void 0) if (Array.isArray(e)) {
+    if (!e.includes(o.alg)) throw E('unexpected JWT "alg" header parameter', A, { header: o, expected: e, reason: "authorization server metadata" });
+  } else {
+    if (t === void 0) throw E('missing client or server configuration to verify used JWT "alg" header parameter', void 0, { client: n, issuer: e, fallback: t });
+    if (typeof t == "string" ? o.alg !== t : typeof t == "function" ? !t(o.alg) : !t.includes(o.alg)) throw E('unexpected JWT "alg" header parameter', A, { header: o, expected: t, reason: "default value" });
+  }
+  else if (typeof n == "string" ? o.alg !== n : !n.includes(o.alg)) throw E('unexpected JWT "alg" header parameter', A, { header: o, expected: n, reason: "client configuration" });
+}
+function We(n, e) {
+  const { 0: t, length: o } = n.getAll(e);
+  if (o > 1) throw E('"'.concat(e, '" parameter must be provided only once'), A);
+  return t;
+}
+const ba = Symbol(), ka = Symbol();
+function _a(n, e, t, o) {
+  if (re(n), ie(e), t instanceof URL && (t = t.searchParams), !(t instanceof URLSearchParams)) throw x('"parameters" must be an instance of URLSearchParams, or URL', X);
+  if (We(t, "response")) throw E('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()', A, { parameters: t });
+  const r = We(t, "iss"), i = We(t, "state");
+  if (!r && n.authorization_response_iss_parameter_supported) throw E('response parameter "iss" (issuer) missing', A, { parameters: t });
+  if (r && r !== n.issuer) throw E('unexpected "iss" (issuer) response parameter value', A, { expected: n.issuer, parameters: t });
+  switch (o) {
+    case void 0:
+    case ka:
+      if (i !== void 0) throw E('unexpected "state" response parameter encountered', A, { expected: void 0, parameters: t });
+      break;
+    case ba:
+      break;
+    default:
+      if (U(o, '"expectedState" argument'), i !== o) throw E(i === void 0 ? 'response parameter "state" missing' : 'unexpected "state" response parameter value', A, { expected: o, parameters: t });
+  }
+  if (We(t, "error")) throw new Er("authorization response from the server is an error", { cause: t });
+  const a = We(t, "id_token"), s = We(t, "token");
+  if (a !== void 0 || s !== void 0) throw new q("implicit and hybrid flows are not supported");
+  return c = new URLSearchParams(t), ho.add(c), c;
+  var c;
+}
+async function an(n) {
+  let e, t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : Sr;
+  try {
+    e = await n.json();
+  } catch (o) {
+    throw t(n), E('failed to parse "response" body as JSON', Bt, o);
+  }
+  if (!Xt(e)) throw E('"response" body must be a top level object', A, { body: e });
+  return e;
+}
+const bn = Symbol(), Cr = Symbol(), Ho = new TextEncoder(), wt = new TextDecoder();
+function kn(n) {
+  const e = new Uint8Array(n.length);
+  for (let t = 0; t < n.length; t++) {
+    const o = n.charCodeAt(t);
+    if (o > 127) throw new TypeError("non-ASCII string encountered in encode()");
+    e[t] = o;
+  }
+  return e;
+}
+function jr(n) {
+  if (Uint8Array.fromBase64) return Uint8Array.fromBase64(n);
+  const e = atob(n), t = new Uint8Array(e.length);
+  for (let o = 0; o < e.length; o++) t[o] = e.charCodeAt(o);
+  return t;
+}
+function sn(n) {
+  if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof n == "string" ? n : wt.decode(n), { alphabet: "base64url" });
+  let e = n;
+  e instanceof Uint8Array && (e = wt.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/");
+  try {
+    return jr(e);
+  } catch {
+    throw new TypeError("The input to be decoded is not correctly encoded.");
+  }
+}
+const ke = function(n) {
+  return new TypeError("CryptoKey does not support this operation, its ".concat(arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "algorithm.name", " must be ").concat(n));
+}, Je = (n, e) => n.name === e;
+function _n(n, e) {
+  var t;
+  if (t = n.hash, parseInt(t.name.slice(4), 10) !== e) throw ke("SHA-".concat(e), "algorithm.hash");
+}
+function Sa(n, e, t) {
+  switch (e) {
+    case "HS256":
+    case "HS384":
+    case "HS512":
+      if (!Je(n.algorithm, "HMAC")) throw ke("HMAC");
+      _n(n.algorithm, parseInt(e.slice(2), 10));
+      break;
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      if (!Je(n.algorithm, "RSASSA-PKCS1-v1_5")) throw ke("RSASSA-PKCS1-v1_5");
+      _n(n.algorithm, parseInt(e.slice(2), 10));
+      break;
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      if (!Je(n.algorithm, "RSA-PSS")) throw ke("RSA-PSS");
+      _n(n.algorithm, parseInt(e.slice(2), 10));
+      break;
+    case "Ed25519":
+    case "EdDSA":
+      if (!Je(n.algorithm, "Ed25519")) throw ke("Ed25519");
+      break;
+    case "ML-DSA-44":
+    case "ML-DSA-65":
+    case "ML-DSA-87":
+      if (!Je(n.algorithm, e)) throw ke(e);
+      break;
+    case "ES256":
+    case "ES384":
+    case "ES512": {
+      if (!Je(n.algorithm, "ECDSA")) throw ke("ECDSA");
+      const o = (function(r) {
+        switch (r) {
+          case "ES256":
+            return "P-256";
+          case "ES384":
+            return "P-384";
+          case "ES512":
+            return "P-521";
+          default:
+            throw new Error("unreachable");
+        }
+      })(e);
+      if (n.algorithm.namedCurve !== o) throw ke(o, "algorithm.namedCurve");
+      break;
+    }
+    default:
+      throw new TypeError("CryptoKey does not support this operation");
+  }
+  (function(o, r) {
+    if (!o.usages.includes(r)) throw new TypeError("CryptoKey does not support this operation, its usages must include ".concat(r, "."));
+  })(n, t);
+}
+function Wr(n, e) {
+  for (var t = arguments.length, o = new Array(t > 2 ? t - 2 : 0), r = 2; r < t; r++) o[r - 2] = arguments[r];
+  if ((o = o.filter(Boolean)).length > 2) {
+    const a = o.pop();
+    n += "one of type ".concat(o.join(", "), ", or ").concat(a, ".");
+  } else o.length === 2 ? n += "one of type ".concat(o[0], " or ").concat(o[1], ".") : n += "of type ".concat(o[0], ".");
+  if (e == null) n += " Received ".concat(e);
+  else if (typeof e == "function" && e.name) n += " Received function ".concat(e.name);
+  else if (typeof e == "object" && e != null) {
+    var i;
+    (i = e.constructor) !== null && i !== void 0 && i.name && (n += " Received an instance of ".concat(e.constructor.name));
+  }
+  return n;
+}
+const Mo = function(n, e) {
+  for (var t = arguments.length, o = new Array(t > 2 ? t - 2 : 0), r = 2; r < t; r++) o[r - 2] = arguments[r];
+  return Wr("Key for the ".concat(n, " algorithm must be "), e, ...o);
+};
+class L extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+b(L, "code", "ERR_JOSE_GENERIC");
+class $ extends L {
+  constructor(e, t) {
+    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : "unspecified", r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : "unspecified";
+    super(e, { cause: { claim: o, reason: r, payload: t } }), b(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), b(this, "claim", void 0), b(this, "reason", void 0), b(this, "payload", void 0), this.claim = o, this.reason = r, this.payload = t;
+  }
+}
+b($, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
+class Xn extends L {
+  constructor(e, t) {
+    let o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : "unspecified", r = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : "unspecified";
+    super(e, { cause: { claim: o, reason: r, payload: t } }), b(this, "code", "ERR_JWT_EXPIRED"), b(this, "claim", void 0), b(this, "reason", void 0), b(this, "payload", void 0), this.claim = o, this.reason = r, this.payload = t;
+  }
+}
+b(Xn, "code", "ERR_JWT_EXPIRED");
+class Ur extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+  }
+}
+b(Ur, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+class Y extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JOSE_NOT_SUPPORTED");
+  }
+}
+b(Y, "code", "ERR_JOSE_NOT_SUPPORTED");
+b(class extends L {
+  constructor() {
+    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "decryption operation failed", arguments.length > 1 ? arguments[1] : void 0), b(this, "code", "ERR_JWE_DECRYPTION_FAILED");
+  }
+}, "code", "ERR_JWE_DECRYPTION_FAILED");
+b(class extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JWE_INVALID");
+  }
+}, "code", "ERR_JWE_INVALID");
+class D extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JWS_INVALID");
+  }
+}
+b(D, "code", "ERR_JWS_INVALID");
+class mo extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JWT_INVALID");
+  }
+}
+b(mo, "code", "ERR_JWT_INVALID");
+b(class extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JWK_INVALID");
+  }
+}, "code", "ERR_JWK_INVALID");
+class fo extends L {
+  constructor() {
+    super(...arguments), b(this, "code", "ERR_JWKS_INVALID");
+  }
+}
+b(fo, "code", "ERR_JWKS_INVALID");
+class yo extends L {
+  constructor() {
+    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "no applicable key found in the JSON Web Key Set", arguments.length > 1 ? arguments[1] : void 0), b(this, "code", "ERR_JWKS_NO_MATCHING_KEY");
+  }
+}
+b(yo, "code", "ERR_JWKS_NO_MATCHING_KEY");
+class Kr extends L {
+  constructor() {
+    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "multiple matching keys found in the JSON Web Key Set", arguments.length > 1 ? arguments[1] : void 0), b(this, Symbol.asyncIterator, void 0), b(this, "code", "ERR_JWKS_MULTIPLE_MATCHING_KEYS");
+  }
+}
+b(Kr, "code", "ERR_JWKS_MULTIPLE_MATCHING_KEYS");
+class Dr extends L {
+  constructor() {
+    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "request timed out", arguments.length > 1 ? arguments[1] : void 0), b(this, "code", "ERR_JWKS_TIMEOUT");
+  }
+}
+b(Dr, "code", "ERR_JWKS_TIMEOUT");
+class Nr extends L {
+  constructor() {
+    super(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "signature verification failed", arguments.length > 1 ? arguments[1] : void 0), b(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+  }
+}
+b(Nr, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+const Lr = (n) => {
+  if ((n == null ? void 0 : n[Symbol.toStringTag]) === "CryptoKey") return !0;
+  try {
+    return n instanceof CryptoKey;
+  } catch {
+    return !1;
+  }
+}, zr = (n) => (n == null ? void 0 : n[Symbol.toStringTag]) === "KeyObject", Jo = (n) => Lr(n) || zr(n);
+function Zo(n, e, t) {
+  try {
+    return sn(n);
+  } catch {
+    throw new t("Failed to base64url decode the ".concat(e));
+  }
+}
+function Pe(n) {
+  if (typeof (e = n) != "object" || e === null || Object.prototype.toString.call(n) !== "[object Object]") return !1;
+  var e;
+  if (Object.getPrototypeOf(n) === null) return !0;
+  let t = n;
+  for (; Object.getPrototypeOf(t) !== null; ) t = Object.getPrototypeOf(t);
+  return Object.getPrototypeOf(n) === t;
+}
+const Gn = (n) => Pe(n) && typeof n.kty == "string";
+async function Ta(n, e, t) {
+  if (e instanceof Uint8Array) {
+    if (!n.startsWith("HS")) throw new TypeError((function(o) {
+      for (var r = arguments.length, i = new Array(r > 1 ? r - 1 : 0), a = 1; a < r; a++) i[a - 1] = arguments[a];
+      return Wr("Key must be ", o, ...i);
+    })(e, "CryptoKey", "KeyObject", "JSON Web Key"));
+    return crypto.subtle.importKey("raw", e, { hash: "SHA-".concat(n.slice(-3)), name: "HMAC" }, !1, [t]);
+  }
+  return Sa(e, n, t), e;
+}
+async function Ea(n, e, t, o) {
+  const r = await Ta(n, e, "verify");
+  (function(a, s) {
+    if (a.startsWith("RS") || a.startsWith("PS")) {
+      const { modulusLength: c } = s.algorithm;
+      if (typeof c != "number" || c < 2048) throw new TypeError("".concat(a, " requires key modulusLength to be 2048 bits or larger"));
+    }
+  })(n, r);
+  const i = (function(a, s) {
+    const c = "SHA-".concat(a.slice(-3));
+    switch (a) {
+      case "HS256":
+      case "HS384":
+      case "HS512":
+        return { hash: c, name: "HMAC" };
+      case "PS256":
+      case "PS384":
+      case "PS512":
+        return { hash: c, name: "RSA-PSS", saltLength: parseInt(a.slice(-3), 10) >> 3 };
+      case "RS256":
+      case "RS384":
+      case "RS512":
+        return { hash: c, name: "RSASSA-PKCS1-v1_5" };
+      case "ES256":
+      case "ES384":
+      case "ES512":
+        return { hash: c, name: "ECDSA", namedCurve: s.namedCurve };
+      case "Ed25519":
+      case "EdDSA":
+        return { name: "Ed25519" };
+      case "ML-DSA-44":
+      case "ML-DSA-65":
+      case "ML-DSA-87":
+        return { name: a };
+      default:
+        throw new Y("alg ".concat(a, " is not supported either by JOSE or your javascript runtime"));
+    }
+  })(n, r.algorithm);
+  try {
+    return await crypto.subtle.verify(i, r, t, o);
+  } catch {
+    return !1;
+  }
+}
+const xt = 'Invalid or unsupported JWK "alg" (Algorithm) Parameter value';
+async function Ht(n) {
+  var e, t;
+  if (!n.alg) throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
+  const { algorithm: o, keyUsages: r } = (function(a) {
+    let s, c;
+    switch (a.kty) {
+      case "AKP":
+        switch (a.alg) {
+          case "ML-DSA-44":
+          case "ML-DSA-65":
+          case "ML-DSA-87":
+            s = { name: a.alg }, c = a.priv ? ["sign"] : ["verify"];
+            break;
+          default:
+            throw new Y(xt);
+        }
+        break;
+      case "RSA":
+        switch (a.alg) {
+          case "PS256":
+          case "PS384":
+          case "PS512":
+            s = { name: "RSA-PSS", hash: "SHA-".concat(a.alg.slice(-3)) }, c = a.d ? ["sign"] : ["verify"];
+            break;
+          case "RS256":
+          case "RS384":
+          case "RS512":
+            s = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-".concat(a.alg.slice(-3)) }, c = a.d ? ["sign"] : ["verify"];
+            break;
+          case "RSA-OAEP":
+          case "RSA-OAEP-256":
+          case "RSA-OAEP-384":
+          case "RSA-OAEP-512":
+            s = { name: "RSA-OAEP", hash: "SHA-".concat(parseInt(a.alg.slice(-3), 10) || 1) }, c = a.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
+            break;
+          default:
+            throw new Y(xt);
+        }
+        break;
+      case "EC":
+        switch (a.alg) {
+          case "ES256":
+          case "ES384":
+          case "ES512":
+            s = { name: "ECDSA", namedCurve: { ES256: "P-256", ES384: "P-384", ES512: "P-521" }[a.alg] }, c = a.d ? ["sign"] : ["verify"];
+            break;
+          case "ECDH-ES":
+          case "ECDH-ES+A128KW":
+          case "ECDH-ES+A192KW":
+          case "ECDH-ES+A256KW":
+            s = { name: "ECDH", namedCurve: a.crv }, c = a.d ? ["deriveBits"] : [];
+            break;
+          default:
+            throw new Y(xt);
+        }
+        break;
+      case "OKP":
+        switch (a.alg) {
+          case "Ed25519":
+          case "EdDSA":
+            s = { name: "Ed25519" }, c = a.d ? ["sign"] : ["verify"];
+            break;
+          case "ECDH-ES":
+          case "ECDH-ES+A128KW":
+          case "ECDH-ES+A192KW":
+          case "ECDH-ES+A256KW":
+            s = { name: a.crv }, c = a.d ? ["deriveBits"] : [];
+            break;
+          default:
+            throw new Y(xt);
+        }
+        break;
+      default:
+        throw new Y('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+    }
+    return { algorithm: s, keyUsages: c };
+  })(n), i = _({}, n);
+  return i.kty !== "AKP" && delete i.alg, delete i.use, crypto.subtle.importKey("jwk", i, o, (e = n.ext) !== null && e !== void 0 ? e : !n.d && !n.priv, (t = n.key_ops) !== null && t !== void 0 ? t : r);
+}
+const Ze = "given KeyObject instance cannot be used for this algorithm";
+let Se;
+const Vo = async function(n, e, t) {
+  let o = arguments.length > 3 && arguments[3] !== void 0 && arguments[3];
+  Se || (Se = /* @__PURE__ */ new WeakMap());
+  let r = Se.get(n);
+  if (r != null && r[t]) return r[t];
+  const i = await Ht(_(_({}, e), {}, { alg: t }));
+  return o && Object.freeze(n), r ? r[t] = i : Se.set(n, { [t]: i }), i;
+};
+async function Pa(n, e) {
+  if (n instanceof Uint8Array || Lr(n)) return n;
+  if (zr(n)) {
+    if (n.type === "secret") return n.export();
+    if ("toCryptoKey" in n && typeof n.toCryptoKey == "function") try {
+      return ((o, r) => {
+        Se || (Se = /* @__PURE__ */ new WeakMap());
+        let i = Se.get(o);
+        if (i != null && i[r]) return i[r];
+        const a = o.type === "public", s = !!a;
+        let c;
+        if (o.asymmetricKeyType === "x25519") {
+          switch (r) {
+            case "ECDH-ES":
+            case "ECDH-ES+A128KW":
+            case "ECDH-ES+A192KW":
+            case "ECDH-ES+A256KW":
+              break;
+            default:
+              throw new TypeError(Ze);
+          }
+          c = o.toCryptoKey(o.asymmetricKeyType, s, a ? [] : ["deriveBits"]);
+        }
+        if (o.asymmetricKeyType === "ed25519") {
+          if (r !== "EdDSA" && r !== "Ed25519") throw new TypeError(Ze);
+          c = o.toCryptoKey(o.asymmetricKeyType, s, [a ? "verify" : "sign"]);
+        }
+        switch (o.asymmetricKeyType) {
+          case "ml-dsa-44":
+          case "ml-dsa-65":
+          case "ml-dsa-87":
+            if (r !== o.asymmetricKeyType.toUpperCase()) throw new TypeError(Ze);
+            c = o.toCryptoKey(o.asymmetricKeyType, s, [a ? "verify" : "sign"]);
+        }
+        if (o.asymmetricKeyType === "rsa") {
+          let u;
+          switch (r) {
+            case "RSA-OAEP":
+              u = "SHA-1";
+              break;
+            case "RS256":
+            case "PS256":
+            case "RSA-OAEP-256":
+              u = "SHA-256";
+              break;
+            case "RS384":
+            case "PS384":
+            case "RSA-OAEP-384":
+              u = "SHA-384";
+              break;
+            case "RS512":
+            case "PS512":
+            case "RSA-OAEP-512":
+              u = "SHA-512";
+              break;
+            default:
+              throw new TypeError(Ze);
+          }
+          if (r.startsWith("RSA-OAEP")) return o.toCryptoKey({ name: "RSA-OAEP", hash: u }, s, a ? ["encrypt"] : ["decrypt"]);
+          c = o.toCryptoKey({ name: r.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5", hash: u }, s, [a ? "verify" : "sign"]);
+        }
+        if (o.asymmetricKeyType === "ec") {
+          var l;
+          const u = (/* @__PURE__ */ new Map([["prime256v1", "P-256"], ["secp384r1", "P-384"], ["secp521r1", "P-521"]])).get((l = o.asymmetricKeyDetails) === null || l === void 0 ? void 0 : l.namedCurve);
+          if (!u) throw new TypeError(Ze);
+          const p = { ES256: "P-256", ES384: "P-384", ES512: "P-521" };
+          p[r] && u === p[r] && (c = o.toCryptoKey({ name: "ECDSA", namedCurve: u }, s, [a ? "verify" : "sign"])), r.startsWith("ECDH-ES") && (c = o.toCryptoKey({ name: "ECDH", namedCurve: u }, s, a ? [] : ["deriveBits"]));
+        }
+        if (!c) throw new TypeError(Ze);
+        return i ? i[r] = c : Se.set(o, { [r]: c }), c;
+      })(n, e);
+    } catch (o) {
+      if (o instanceof TypeError) throw o;
+    }
+    let t = n.export({ format: "jwk" });
+    return Vo(n, t, e);
+  }
+  if (Gn(n)) return n.k ? sn(n.k) : Vo(n, n, e, !0);
+  throw new Error("unreachable");
+}
+const Sn = (n, e) => {
+  if (n.byteLength !== e.length) return !1;
+  for (let t = 0; t < n.byteLength; t++) if (n[t] !== e[t]) return !1;
+  return !0;
+}, pt = (n) => {
+  const e = n.data[n.pos++];
+  if (128 & e) {
+    const t = 127 & e;
+    let o = 0;
+    for (let r = 0; r < t; r++) o = o << 8 | n.data[n.pos++];
+    return o;
+  }
+  return e;
+}, mt = (n, e, t) => {
+  if (n.data[n.pos++] !== e) throw new Error(t);
+}, Fo = (n, e) => {
+  const t = n.data.subarray(n.pos, n.pos + e);
+  return n.pos += e, t;
+}, Aa = (n) => {
+  const e = ((r) => {
+    mt(r, 6, "Expected algorithm OID");
+    const i = pt(r);
+    return Fo(r, i);
+  })(n);
+  if (Sn(e, [43, 101, 110])) return "X25519";
+  if (!Sn(e, [42, 134, 72, 206, 61, 2, 1])) throw new Error("Unsupported key algorithm");
+  mt(n, 6, "Expected curve OID");
+  const t = pt(n), o = Fo(n, t);
+  for (const { name: r, oid: i } of [{ name: "P-256", oid: [42, 134, 72, 206, 61, 3, 1, 7] }, { name: "P-384", oid: [43, 129, 4, 0, 34] }, { name: "P-521", oid: [43, 129, 4, 0, 35] }]) if (Sn(o, i)) return r;
+  throw new Error("Unsupported named curve");
+}, Ra = async (n, e, t, o) => {
+  var r;
+  let i, a;
+  const s = () => ["sign"];
+  switch (t) {
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      i = { name: "RSA-PSS", hash: "SHA-".concat(t.slice(-3)) }, a = s();
+      break;
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      i = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-".concat(t.slice(-3)) }, a = s();
+      break;
+    case "RSA-OAEP":
+    case "RSA-OAEP-256":
+    case "RSA-OAEP-384":
+    case "RSA-OAEP-512":
+      i = { name: "RSA-OAEP", hash: "SHA-".concat(parseInt(t.slice(-3), 10) || 1) }, a = ["decrypt", "unwrapKey"];
+      break;
+    case "ES256":
+    case "ES384":
+    case "ES512":
+      i = { name: "ECDSA", namedCurve: { ES256: "P-256", ES384: "P-384", ES512: "P-521" }[t] }, a = s();
+      break;
+    case "ECDH-ES":
+    case "ECDH-ES+A128KW":
+    case "ECDH-ES+A192KW":
+    case "ECDH-ES+A256KW":
+      try {
+        const c = o.getNamedCurve(e);
+        i = c === "X25519" ? { name: "X25519" } : { name: "ECDH", namedCurve: c };
+      } catch {
+        throw new Y("Invalid or unsupported key format");
+      }
+      a = ["deriveBits"];
+      break;
+    case "Ed25519":
+    case "EdDSA":
+      i = { name: "Ed25519" }, a = s();
+      break;
+    case "ML-DSA-44":
+    case "ML-DSA-65":
+    case "ML-DSA-87":
+      i = { name: t }, a = s();
+      break;
+    default:
+      throw new Y('Invalid or unsupported "alg" (Algorithm) value');
+  }
+  return crypto.subtle.importKey(n, e, i, (r = o == null ? void 0 : o.extractable) !== null && r !== void 0 ? r : !1, a);
+}, Ia = (n, e, t) => {
+  var o;
+  const r = ((a, s) => jr(a.replace(s, "")))(n, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);
+  let i = t;
+  return e != null && (o = e.startsWith) !== null && o !== void 0 && o.call(e, "ECDH-ES") && (i || (i = {}), i.getNamedCurve = (a) => {
+    const s = { data: a, pos: 0 };
+    return (function(c) {
+      mt(c, 48, "Invalid PKCS#8 structure"), pt(c), mt(c, 2, "Expected version field");
+      const l = pt(c);
+      c.pos += l, mt(c, 48, "Expected algorithm identifier"), pt(c);
+    })(s), Aa(s);
+  }), Ra("pkcs8", r, e, i);
+}, Ve = (n) => n == null ? void 0 : n[Symbol.toStringTag], Tn = (n, e, t) => {
+  if (e.use !== void 0) {
+    let i;
+    switch (t) {
+      case "sign":
+      case "verify":
+        i = "sig";
+        break;
+      case "encrypt":
+      case "decrypt":
+        i = "enc";
+    }
+    if (e.use !== i) throw new TypeError('Invalid key for this operation, its "use" must be "'.concat(i, '" when present'));
+  }
+  if (e.alg !== void 0 && e.alg !== n) throw new TypeError('Invalid key for this operation, its "alg" must be "'.concat(n, '" when present'));
+  if (Array.isArray(e.key_ops)) {
+    var o, r;
+    let i;
+    switch (!0) {
+      case t === "verify":
+      case n === "dir":
+      case n.includes("CBC-HS"):
+        i = t;
+        break;
+      case n.startsWith("PBES2"):
+        i = "deriveBits";
+        break;
+      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(n):
+        i = !n.includes("GCM") && n.endsWith("KW") ? "unwrapKey" : t;
+        break;
+      case t === "encrypt":
+        i = "wrapKey";
+        break;
+      case t === "decrypt":
+        i = n.startsWith("RSA") ? "unwrapKey" : "deriveBits";
+    }
+    if (i && ((o = e.key_ops) === null || o === void 0 || (r = o.includes) === null || r === void 0 ? void 0 : r.call(o, i)) === !1) throw new TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(i, '" when present'));
+  }
+  return !0;
+};
+function xa(n, e, t) {
+  switch (n.substring(0, 2)) {
+    case "A1":
+    case "A2":
+    case "di":
+    case "HS":
+    case "PB":
+      ((o, r, i) => {
+        if (!(r instanceof Uint8Array)) {
+          if (Gn(r)) {
+            if (((a) => a.kty === "oct" && typeof a.k == "string")(r) && Tn(o, r, i)) return;
+            throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
+          }
+          if (!Jo(r)) throw new TypeError(Mo(o, r, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+          if (r.type !== "secret") throw new TypeError("".concat(Ve(r), ' instances for symmetric algorithms must be of type "secret"'));
+        }
+      })(n, e, t);
+      break;
+    default:
+      ((o, r, i) => {
+        if (Gn(r)) switch (i) {
+          case "decrypt":
+          case "sign":
+            if (((a) => a.kty !== "oct" && (a.kty === "AKP" && typeof a.priv == "string" || typeof a.d == "string"))(r) && Tn(o, r, i)) return;
+            throw new TypeError("JSON Web Key for this operation must be a private JWK");
+          case "encrypt":
+          case "verify":
+            if (((a) => a.kty !== "oct" && a.d === void 0 && a.priv === void 0)(r) && Tn(o, r, i)) return;
+            throw new TypeError("JSON Web Key for this operation must be a public JWK");
+        }
+        if (!Jo(r)) throw new TypeError(Mo(o, r, "CryptoKey", "KeyObject", "JSON Web Key"));
+        if (r.type === "secret") throw new TypeError("".concat(Ve(r), ' instances for asymmetric algorithms must not be of type "secret"'));
+        if (r.type === "public") switch (i) {
+          case "sign":
+            throw new TypeError("".concat(Ve(r), ' instances for asymmetric algorithm signing must be of type "private"'));
+          case "decrypt":
+            throw new TypeError("".concat(Ve(r), ' instances for asymmetric algorithm decryption must be of type "private"'));
+        }
+        if (r.type === "private") switch (i) {
+          case "verify":
+            throw new TypeError("".concat(Ve(r), ' instances for asymmetric algorithm verifying must be of type "public"'));
+          case "encrypt":
+            throw new TypeError("".concat(Ve(r), ' instances for asymmetric algorithm encryption must be of type "public"'));
+        }
+      })(n, e, t);
+  }
+}
+var Ot, En;
+let le, Xo;
+(typeof navigator > "u" || (Ot = navigator.userAgent) === null || Ot === void 0 || (En = Ot.startsWith) === null || En === void 0 || !En.call(Ot, "Mozilla/5.0 ")) && (Xo = "".concat("openid-client", "/").concat("v6.8.2"), le = { "user-agent": Xo });
+const N = (n) => Mt.get(n);
+let Mt, Ct;
+function Hr(n) {
+  return n !== void 0 ? Do(n) : (Ct || (Ct = /* @__PURE__ */ new WeakMap()), (e, t, o, r) => {
+    let i;
+    return (i = Ct.get(t)) || ((function(a, s) {
+      if (typeof a != "string") throw he("".concat(s, " must be a string"), St);
+      if (a.length === 0) throw he("".concat(s, " must not be empty"), _t);
+    })(t.client_secret, '"metadata.client_secret"'), i = Do(t.client_secret), Ct.set(t, i)), i(e, t, o, r);
+  });
+}
+const ue = ae, _t = "ERR_INVALID_ARG_VALUE", St = "ERR_INVALID_ARG_TYPE";
+function he(n, e, t) {
+  const o = new TypeError(n, { cause: t });
+  return Object.assign(o, { code: e }), o;
+}
+function Oa(n) {
+  return (async function(e) {
+    return U(e, "codeVerifier"), Ne(await crypto.subtle.digest("SHA-256", Be(e)));
+  })(n);
+}
+function Ca() {
+  return Tr();
+}
+class Qt extends Error {
+  constructor(e, t) {
+    var o;
+    super(e, t), b(this, "code", void 0), this.name = this.constructor.name, this.code = t == null ? void 0 : t.code, (o = Error.captureStackTrace) === null || o === void 0 || o.call(Error, this, this.constructor);
+  }
+}
+function J(n, e, t) {
+  return new Qt(n, { cause: e, code: t });
+}
+function Z(n) {
+  if (n instanceof TypeError || n instanceof Qt || n instanceof rn || n instanceof Er || n instanceof co) throw n;
+  if (n instanceof ao) switch (n.code) {
+    case xr:
+      throw J("only requests to HTTPS are allowed", n, n.code);
+    case Or:
+      throw J("only requests to HTTP or HTTPS are allowed", n, n.code);
+    case po:
+      throw J("unexpected HTTP response status code", n.cause, n.code);
+    case Ir:
+      throw J("unexpected response content-type", n.cause, n.code);
+    case Bt:
+      throw J("parsing error occured", n, n.code);
+    case A:
+      throw J("invalid response encountered", n, n.code);
+    case fe:
+      throw J("unexpected JWT claim value encountered", n, n.code);
+    case Fn:
+      throw J("unexpected JSON attribute value encountered", n, n.code);
+    case gt:
+      throw J("JWT timestamp claim value failed validation", n, n.code);
+    default:
+      throw J(n.message, n, n.code);
+  }
+  if (n instanceof q) throw J("unsupported operation", n, n.code);
+  if (n instanceof DOMException) switch (n.name) {
+    case "OperationError":
+      throw J("runtime operation error", n, Vn);
+    case "NotSupportedError":
+      throw J("runtime unsupported operation", n, Vn);
+    case "TimeoutError":
+      throw J("operation timed out", n, "OAUTH_TIMEOUT");
+    case "AbortError":
+      throw J("operation aborted", n, "OAUTH_ABORT");
+  }
+  throw new Qt("something went wrong", { cause: n });
+}
+async function ja(n, e, t, o, r) {
+  const i = await (async function(c, l) {
+    var u, p;
+    if (!(c instanceof URL)) throw he('"server" must be an instance of URL', St);
+    const h = !c.href.includes("/.well-known/"), d = (u = l == null ? void 0 : l.timeout) !== null && u !== void 0 ? u : 30, g = AbortSignal.timeout(1e3 * d), f = await (h ? qi(c, { algorithm: l == null ? void 0 : l.algorithm, [ae]: l == null ? void 0 : l[ue], [Q]: l == null || (p = l.execute) === null || p === void 0 ? void 0 : p.includes(qo), signal: g, headers: new Headers(le) }) : ((l == null ? void 0 : l[ue]) || fetch)((so(c, l == null || (m = l.execute) === null || m === void 0 || !m.includes(qo)), c.href), { headers: Object.fromEntries(new Headers(_({ accept: "application/json" }, le)).entries()), body: void 0, method: "GET", redirect: "manual", signal: g })).then((w) => (async function(k, S) {
+      const T = k;
+      if (!(T instanceof URL) && T !== bn) throw x('"expectedIssuerIdentifier" must be an instance of URL', X);
+      if (!ot(S, Response)) throw x('"response" must be an instance of Response', X);
+      if (S.status !== 200) throw E('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)', po, S);
+      kt(S);
+      const v = await an(S);
+      if (U(v.issuer, '"response" body "issuer" property', A, { body: v }), T !== bn && new URL(v.issuer).href !== T.href) throw E('"response" body "issuer" property does not match the expected value', Fn, { expected: T.href, body: v, attribute: "issuer" });
+      return v;
+    })(bn, w)).catch(Z);
+    var m;
+    return h && new URL(f.issuer).href !== c.href && ((function(w, k, S) {
+      return !(w.origin !== "https://login.microsoftonline.com" || S != null && S.algorithm && S.algorithm !== "oidc" || (k[Mr] = !0, 0));
+    })(c, f, l) || (function(w, k) {
+      return !(!w.hostname.endsWith(".b2clogin.com") || k != null && k.algorithm && k.algorithm !== "oidc");
+    })(c, l) || (() => {
+      throw new Qt("discovered metadata issuer does not match the expected issuer", { code: Fn, cause: { expected: c.href, body: f, attribute: "issuer" } });
+    })()), f;
+  })(n, r), a = new tt(i, e, t, o);
+  let s = N(a);
+  if (r != null && r[ue] && (s.fetch = r[ue]), r != null && r.timeout && (s.timeout = r.timeout), r != null && r.execute) for (const c of r.execute) c(a);
+  return a;
+}
+new TextDecoder();
+const Mr = Symbol();
+class tt {
+  constructor(e, t, o, r) {
+    var i, a, s, c, l;
+    if (typeof t != "string" || !t.length) throw he('"clientId" must be a non-empty string', St);
+    if (typeof o == "string" && (o = { client_secret: o }), ((i = o) === null || i === void 0 ? void 0 : i.client_id) !== void 0 && t !== o.client_id) throw he('"clientId" and "metadata.client_id" must be the same', _t);
+    const u = _(_({}, structuredClone(o)), {}, { client_id: t });
+    let p;
+    u[zn] = (a = (s = o) === null || s === void 0 ? void 0 : s[zn]) !== null && a !== void 0 ? a : 0, u[Hn] = (c = (l = o) === null || l === void 0 ? void 0 : l[Hn]) !== null && c !== void 0 ? c : 30, p = r || (typeof u.client_secret == "string" && u.client_secret.length ? Hr(u.client_secret) : (f, m, w, k) => {
+      w.set("client_id", m.client_id);
+    });
+    let h = Object.freeze(u);
+    const d = structuredClone(e);
+    Mr in e && (d[Cr] = (f) => {
+      let { claims: { tid: m } } = f;
+      return e.issuer.replace("{tenantid}", m);
+    });
+    let g = Object.freeze(d);
+    Mt || (Mt = /* @__PURE__ */ new WeakMap()), Mt.set(this, { __proto__: null, as: g, c: h, auth: p, tlsOnly: !0, jwksCache: {} });
+  }
+  serverMetadata() {
+    const e = structuredClone(N(this).as);
+    return (function(t) {
+      Object.defineProperties(t, /* @__PURE__ */ (function(o) {
+        return { supportsPKCE: { __proto__: null, value() {
+          var r;
+          let i = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : "S256";
+          return ((r = o.code_challenge_methods_supported) === null || r === void 0 ? void 0 : r.includes(i)) === !0;
+        } } };
+      })(t));
+    })(e), e;
+  }
+  clientMetadata() {
+    return structuredClone(N(this).c);
+  }
+  get timeout() {
+    return N(this).timeout;
+  }
+  set timeout(e) {
+    N(this).timeout = e;
+  }
+  get [ue]() {
+    return N(this).fetch;
+  }
+  set [ue](e) {
+    N(this).fetch = e;
+  }
+}
+function Tt(n) {
+  Object.defineProperties(n, (function(e) {
+    let t;
+    if (e.expires_in !== void 0) {
+      const o = /* @__PURE__ */ new Date();
+      o.setSeconds(o.getSeconds() + e.expires_in), t = o.getTime();
+    }
+    return { expiresIn: { __proto__: null, value() {
+      if (t) {
+        const o = Date.now();
+        return t > o ? Math.floor((t - o) / 1e3) : 0;
+      }
+    } }, claims: { __proto__: null, value() {
+      try {
+        return Zn(this);
+      } catch {
+        return;
+      }
+    } } };
+  })(n));
+}
+async function Go(n, e, t) {
+  var o;
+  let r = arguments.length > 3 && arguments[3] !== void 0 && arguments[3];
+  const i = (o = n.headers.get("retry-after")) === null || o === void 0 ? void 0 : o.trim();
+  if (i === void 0) return;
+  let a;
+  if (/^\d+$/.test(i)) a = parseInt(i, 10);
+  else {
+    const s = new Date(i);
+    if (Number.isFinite(s.getTime())) {
+      const c = /* @__PURE__ */ new Date(), l = s.getTime() - c.getTime();
+      l > 0 && (a = Math.ceil(l / 1e3));
+    }
+  }
+  if (r && !Number.isFinite(a)) throw new ao("invalid Retry-After header value", { cause: n });
+  a > e && await Jr(a - e, t);
+}
+function Jr(n, e) {
+  return new Promise((t, o) => {
+    const r = (i) => {
+      try {
+        e.throwIfAborted();
+      } catch (s) {
+        return void o(s);
+      }
+      if (i <= 0) return void t();
+      const a = Math.min(i, 5);
+      setTimeout(() => r(i - a), 1e3 * a);
+    };
+    r(n);
+  });
+}
+async function Yo(n, e) {
+  ge(n);
+  const { as: t, c: o, auth: r, fetch: i, tlsOnly: a, timeout: s } = N(n);
+  return (async function(c, l, u, p, h) {
+    re(c), ie(l);
+    const d = vt(c, "backchannel_authentication_endpoint", l.use_mtls_endpoint_aliases, (h == null ? void 0 : h[Q]) !== !0), g = new URLSearchParams(p);
+    g.set("client_id", l.client_id);
+    const f = on(h == null ? void 0 : h.headers);
+    return f.set("accept", "application/json"), lo(c, l, u, d, g, f, h);
+  })(t, o, r, e, { [ae]: i, [Q]: !a, headers: new Headers(le), signal: ze(s) }).then((c) => (async function(l, u, p) {
+    if (re(l), ie(u), !ot(p, Response)) throw x('"response" must be an instance of Response', X);
+    await uo(p, 200, "Backchannel Authentication Endpoint"), kt(p);
+    const h = await an(p);
+    U(h.auth_req_id, '"response" body "auth_req_id" property', A, { body: h });
+    let d = typeof h.expires_in != "number" ? parseFloat(h.expires_in) : h.expires_in;
+    return Te(d, !0, '"response" body "expires_in" property', A, { body: h }), h.expires_in = d, h.interval !== void 0 && Te(h.interval, !1, '"response" body "interval" property', A, { body: h }), h;
+  })(t, o, c)).catch(Z);
+}
+async function Zr(n, e, t, o) {
+  var r, i;
+  ge(n), t = new URLSearchParams(t);
+  let a = (r = e.interval) !== null && r !== void 0 ? r : 5;
+  const s = (i = o == null ? void 0 : o.signal) !== null && i !== void 0 ? i : AbortSignal.timeout(1e3 * e.expires_in);
+  try {
+    await Jr(a, s);
+  } catch (v) {
+    Z(v);
+  }
+  const { as: c, c: l, auth: u, fetch: p, tlsOnly: h, nonRepudiation: d, timeout: g, decrypt: f } = N(n), m = (v, R) => Zr(n, _(_({}, e), {}, { interval: v }), t, _(_({}, o), {}, { signal: s, flag: R })), w = await (async function(v, R, z, K, we) {
+    re(v), ie(R), U(K, '"authReqId"');
+    const V = new URLSearchParams(we == null ? void 0 : we.additionalParameters);
+    return V.set("auth_req_id", K), bt(v, R, z, "urn:openid:params:grant-type:ciba", V, we);
+  })(c, l, u, e.auth_req_id, { [ae]: p, [Q]: !h, additionalParameters: t, DPoP: o == null ? void 0 : o.DPoP, headers: new Headers(le), signal: s.aborted ? s : ze(g) }).catch(Z);
+  var k;
+  if (w.status === 503 && w.headers.has("retry-after")) return await Go(w, a, s, !0), await ((k = w.body) === null || k === void 0 ? void 0 : k.cancel()), m(a);
+  const S = (async function(v, R, z, K) {
+    return et(v, R, z, void 0, K == null ? void 0 : K[ye], K == null ? void 0 : K.recognizedTokenTypes);
+  })(c, l, w, { [ye]: f });
+  let T;
+  try {
+    T = await S;
+  } catch (v) {
+    if (Et(v, o)) return m(a, Ee);
+    if (v instanceof rn) switch (v.error) {
+      case "slow_down":
+        a += 5;
+      case "authorization_pending":
+        return await Go(v.response, a, s), m(a);
+    }
+    Z(v);
+  }
+  return T.id_token && await (d == null ? void 0 : d(w)), Tt(T), T;
+}
+function qo(n) {
+  N(n).tlsOnly = !1;
+}
+async function Vr(n, e, t, o, r) {
+  if (ge(n), !((r == null ? void 0 : r.flag) === Ee || e instanceof URL || (function(v, R) {
+    try {
+      return Object.getPrototypeOf(v)[Symbol.toStringTag] === R;
+    } catch {
+      return !1;
+    }
+  })(e, "Request"))) throw he('"currentUrl" must be an instance of URL, or Request', St);
+  let i, a;
+  const { as: s, c, auth: l, fetch: u, tlsOnly: p, jarm: h, hybrid: d, nonRepudiation: g, timeout: f, decrypt: m, implicit: w } = N(n);
+  if ((r == null ? void 0 : r.flag) === Ee) i = r.authResponse, a = r.redirectUri;
+  else {
+    if (!(e instanceof URL)) {
+      const v = e;
+      switch (e = new URL(e.url), v.method) {
+        case "GET":
+          break;
+        case "POST":
+          const R = new URLSearchParams(await wa(v));
+          if (d) e.hash = R.toString();
+          else for (const [z, K] of R.entries()) e.searchParams.append(z, K);
+          break;
+        default:
+          throw he("unexpected Request HTTP method", _t);
+      }
+    }
+    switch (a = (function(v) {
+      return (v = new URL(v)).search = "", v.hash = "", v.href;
+    })(e), !0) {
+      case !!h:
+        i = await h(e, t == null ? void 0 : t.expectedState);
+        break;
+      case !!d:
+        i = await d(e, t == null ? void 0 : t.expectedNonce, t == null ? void 0 : t.expectedState, t == null ? void 0 : t.maxAge);
+        break;
+      case !!w:
+        throw new TypeError("authorizationCodeGrant() cannot be used by response_type=id_token clients");
+      default:
+        try {
+          i = _a(s, c, e.searchParams, t == null ? void 0 : t.expectedState);
+        } catch (v) {
+          Z(v);
+        }
+    }
+  }
+  const k = await (async function(v, R, z, K, we, V, He) {
+    if (re(v), ie(R), !ho.has(K)) throw x('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()', M);
+    U(we, '"redirectUri"');
+    const ko = We(K, "code");
+    if (!ko) throw E('no authorization code in "callbackParameters"', A);
+    const Pt = new URLSearchParams(He == null ? void 0 : He.additionalParameters);
+    return Pt.set("redirect_uri", we), Pt.set("code", ko), V !== Lo && (U(V, '"codeVerifier"'), Pt.set("code_verifier", V)), bt(v, R, z, "authorization_code", Pt, He);
+  })(s, c, l, i, a, (t == null ? void 0 : t.pkceCodeVerifier) || Lo, { additionalParameters: o, [ae]: u, [Q]: !p, DPoP: r == null ? void 0 : r.DPoP, headers: new Headers(le), signal: ze(f) }).catch(Z);
+  typeof (t == null ? void 0 : t.expectedNonce) != "string" && typeof (t == null ? void 0 : t.maxAge) != "number" || (t.idTokenExpected = !0);
+  const S = ha(s, c, k, { expectedNonce: t == null ? void 0 : t.expectedNonce, maxAge: t == null ? void 0 : t.maxAge, requireIdToken: t == null ? void 0 : t.idTokenExpected, [ye]: m });
+  let T;
+  try {
+    T = await S;
+  } catch (v) {
+    if (Et(v, r)) return Vr(n, void 0, t, o, _(_({}, r), {}, { flag: Ee, authResponse: i, redirectUri: a }));
+    Z(v);
+  }
+  return T.id_token && await (g == null ? void 0 : g(k)), Tt(T), T;
+}
+async function Fr(n, e, t, o) {
+  ge(n), t = new URLSearchParams(t);
+  const { as: r, c: i, auth: a, fetch: s, tlsOnly: c, nonRepudiation: l, timeout: u, decrypt: p } = N(n), h = await (async function(f, m, w, k, S) {
+    re(f), ie(m), U(k, '"refreshToken"');
+    const T = new URLSearchParams(S == null ? void 0 : S.additionalParameters);
+    return T.set("refresh_token", k), bt(f, m, w, "refresh_token", T, S);
+  })(r, i, a, e, { [ae]: s, [Q]: !c, additionalParameters: t, DPoP: o == null ? void 0 : o.DPoP, headers: new Headers(le), signal: ze(u) }).catch(Z), d = (async function(f, m, w, k) {
+    return et(f, m, w, void 0, k == null ? void 0 : k[ye], k == null ? void 0 : k.recognizedTokenTypes);
+  })(r, i, h, { [ye]: p });
+  let g;
+  try {
+    g = await d;
+  } catch (f) {
+    if (Et(f, o)) return Fr(n, e, t, _(_({}, o), {}, { flag: Ee }));
+    Z(f);
+  }
+  return g.id_token && await (l == null ? void 0 : l(h)), Tt(g), g;
+}
+async function Xr(n, e, t) {
+  ge(n), e = new URLSearchParams(e);
+  const { as: o, c: r, auth: i, fetch: a, tlsOnly: s, timeout: c } = N(n), l = await (async function(h, d, g, f, m) {
+    return re(h), ie(d), bt(h, d, g, "client_credentials", new URLSearchParams(f), m);
+  })(o, r, i, e, { [ae]: a, [Q]: !s, DPoP: t == null ? void 0 : t.DPoP, headers: new Headers(le), signal: ze(c) }).catch(Z), u = (async function(h, d, g, f) {
+    return et(h, d, g, void 0, void 0, void 0);
+  })(o, r, l);
+  let p;
+  try {
+    p = await u;
+  } catch (h) {
+    if (Et(h, t)) return Xr(n, e, _(_({}, t), {}, { flag: Ee }));
+    Z(h);
+  }
+  return Tt(p), p;
+}
+function Yn(n, e) {
+  ge(n);
+  const { as: t, c: o, tlsOnly: r, hybrid: i, jarm: a, implicit: s } = N(n), c = vt(t, "authorization_endpoint", !1, r);
+  if ((e = new URLSearchParams(e)).has("client_id") || e.set("client_id", o.client_id), !e.has("request_uri") && !e.has("request")) {
+    if (e.has("response_type") || e.set("response_type", i ? "code id_token" : s ? "id_token" : "code"), s && !e.has("nonce")) throw he("response_type=id_token clients must provide a nonce parameter in their authorization request parameters", _t);
+    a && e.set("response_mode", "jwt");
+  }
+  for (const [l, u] of e.entries()) c.searchParams.append(l, u);
+  return c;
+}
+async function Gr(n, e, t) {
+  ge(n);
+  const o = Yn(n, e), { as: r, c: i, auth: a, fetch: s, tlsOnly: c, timeout: l } = N(n), u = await (async function(d, g, f, m, w) {
+    var k;
+    re(d), ie(g);
+    const S = vt(d, "pushed_authorization_request_endpoint", g.use_mtls_endpoint_aliases, (w == null ? void 0 : w[Q]) !== !0), T = new URLSearchParams(m);
+    T.set("client_id", g.client_id);
+    const v = on(w == null ? void 0 : w.headers);
+    v.set("accept", "application/json"), (w == null ? void 0 : w.DPoP) !== void 0 && (Pr(w.DPoP), await w.DPoP.addProof(S, v, "POST"));
+    const R = await lo(d, g, f, S, T, v, w);
+    return w == null || (k = w.DPoP) === null || k === void 0 || k.cacheNonce(R, S), R;
+  })(r, i, a, o.searchParams, { [ae]: s, [Q]: !c, DPoP: t == null ? void 0 : t.DPoP, headers: new Headers(le), signal: ze(l) }).catch(Z), p = (async function(d, g, f) {
+    if (re(d), ie(g), !ot(f, Response)) throw x('"response" must be an instance of Response', X);
+    await uo(f, 201, "Pushed Authorization Request Endpoint"), kt(f);
+    const m = await an(f);
+    U(m.request_uri, '"response" body "request_uri" property', A, { body: m });
+    let w = typeof m.expires_in != "number" ? parseFloat(m.expires_in) : m.expires_in;
+    return Te(w, !0, '"response" body "expires_in" property', A, { body: m }), m.expires_in = w, m;
+  })(r, i, u);
+  let h;
+  try {
+    h = await p;
+  } catch (d) {
+    if (Et(d, t)) return Gr(n, e, _(_({}, t), {}, { flag: Ee }));
+    Z(d);
+  }
+  return Yn(n, { request_uri: h.request_uri });
+}
+function ge(n) {
+  if (!(n instanceof tt)) throw he('"config" must be an instance of Configuration', St);
+  if (Object.getPrototypeOf(n) !== tt.prototype) throw he("subclassing Configuration is not allowed", _t);
+}
+function ze(n) {
+  return n ? AbortSignal.timeout(1e3 * n) : void 0;
+}
+function Et(n, e) {
+  return !(e == null || !e.DPoP || e.flag === Ee) && (function(t) {
+    if (t instanceof co) {
+      const { 0: o, length: r } = t.cause;
+      return r === 1 && o.scheme === "dpop" && o.parameters.error === "use_dpop_nonce";
+    }
+    return t instanceof rn && t.error === "use_dpop_nonce";
+  })(n);
+}
+Object.freeze(tt.prototype);
+const Ee = Symbol();
+async function $t(n, e, t, o) {
+  ge(n);
+  const { as: r, c: i, auth: a, fetch: s, tlsOnly: c, timeout: l, decrypt: u } = N(n), p = await (async function(h, d, g, f, m, w) {
+    return re(h), ie(d), U(f, '"grantType"'), bt(h, d, g, f, new URLSearchParams(m), w);
+  })(r, i, a, e, new URLSearchParams(t), { [ae]: s, [Q]: !c, DPoP: void 0, headers: new Headers(le), signal: ze(l) }).then((h) => {
+    let d;
+    return e === "urn:ietf:params:oauth:grant-type:token-exchange" && (d = { n_a: () => {
+    } }), (async function(g, f, m, w) {
+      return et(g, f, m, void 0, w == null ? void 0 : w[ye], w == null ? void 0 : w.recognizedTokenTypes);
+    })(r, i, h, { [ye]: u, recognizedTokenTypes: d });
+  }).catch(Z);
+  return Tt(p), p;
+}
+async function Wa(n, e, t) {
+  if (!Pe(n)) throw new D("Flattened JWS must be an object");
+  if (n.protected === void 0 && n.header === void 0) throw new D('Flattened JWS must have either of the "protected" or "header" members');
+  if (n.protected !== void 0 && typeof n.protected != "string") throw new D("JWS Protected Header incorrect type");
+  if (n.payload === void 0) throw new D("JWS Payload missing");
+  if (typeof n.signature != "string") throw new D("JWS Signature missing or incorrect type");
+  if (n.header !== void 0 && !Pe(n.header)) throw new D("JWS Unprotected Header incorrect type");
+  let o = {};
+  if (n.protected) try {
+    const f = sn(n.protected);
+    o = JSON.parse(wt.decode(f));
+  } catch {
+    throw new D("JWS Protected Header is invalid");
+  }
+  if (!(function() {
+    for (var f = arguments.length, m = new Array(f), w = 0; w < f; w++) m[w] = arguments[w];
+    const k = m.filter(Boolean);
+    if (k.length === 0 || k.length === 1) return !0;
+    let S;
+    for (const T of k) {
+      const v = Object.keys(T);
+      if (S && S.size !== 0) for (const R of v) {
+        if (S.has(R)) return !1;
+        S.add(R);
+      }
+      else S = new Set(v);
+    }
+    return !0;
+  })(o, n.header)) throw new D("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const r = _(_({}, o), n.header), i = (function(f, m, w, k, S) {
+    if (S.crit !== void 0 && (k == null ? void 0 : k.crit) === void 0) throw new f('"crit" (Critical) Header Parameter MUST be integrity protected');
+    if (!k || k.crit === void 0) return /* @__PURE__ */ new Set();
+    if (!Array.isArray(k.crit) || k.crit.length === 0 || k.crit.some((v) => typeof v != "string" || v.length === 0)) throw new f('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+    let T;
+    T = w !== void 0 ? new Map([...Object.entries(w), ...m.entries()]) : m;
+    for (const v of k.crit) {
+      if (!T.has(v)) throw new Y('Extension Header Parameter "'.concat(v, '" is not recognized'));
+      if (S[v] === void 0) throw new f('Extension Header Parameter "'.concat(v, '" is missing'));
+      if (T.get(v) && k[v] === void 0) throw new f('Extension Header Parameter "'.concat(v, '" MUST be integrity protected'));
+    }
+    return new Set(k.crit);
+  })(D, /* @__PURE__ */ new Map([["b64", !0]]), t == null ? void 0 : t.crit, o, r);
+  let a = !0;
+  if (i.has("b64") && (a = o.b64, typeof a != "boolean")) throw new D('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: s } = r;
+  if (typeof s != "string" || !s) throw new D('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const c = t && (function(f, m) {
+    if (m !== void 0 && (!Array.isArray(m) || m.some((w) => typeof w != "string"))) throw new TypeError('"'.concat(f, '" option must be an array of strings'));
+    if (m) return new Set(m);
+  })("algorithms", t.algorithms);
+  if (c && !c.has(s)) throw new Ur('"alg" (Algorithm) Header Parameter value not allowed');
+  if (a) {
+    if (typeof n.payload != "string") throw new D("JWS Payload must be a string");
+  } else if (typeof n.payload != "string" && !(n.payload instanceof Uint8Array)) throw new D("JWS Payload must be a string or an Uint8Array instance");
+  let l = !1;
+  typeof e == "function" && (e = await e(o, n), l = !0), xa(s, e, "verify");
+  const u = (function() {
+    for (var f = arguments.length, m = new Array(f), w = 0; w < f; w++) m[w] = arguments[w];
+    const k = m.reduce((v, R) => {
+      let { length: z } = R;
+      return v + z;
+    }, 0), S = new Uint8Array(k);
+    let T = 0;
+    for (const v of m) S.set(v, T), T += v.length;
+    return S;
+  })(n.protected !== void 0 ? kn(n.protected) : new Uint8Array(), kn("."), typeof n.payload == "string" ? a ? kn(n.payload) : Ho.encode(n.payload) : n.payload), p = Zo(n.signature, "signature", D), h = await Pa(e, s);
+  if (!await Ea(s, h, p, u)) throw new Nr();
+  let d;
+  d = a ? Zo(n.payload, "payload", D) : typeof n.payload == "string" ? Ho.encode(n.payload) : n.payload;
+  const g = { payload: d };
+  return n.protected !== void 0 && (g.protectedHeader = o), n.header !== void 0 && (g.unprotectedHeader = n.header), l ? _(_({}, g), {}, { key: h }) : g;
+}
+const Ua = 86400, Ka = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+function Bo(n) {
+  const e = Ka.exec(n);
+  if (!e || e[4] && e[1]) throw new TypeError("Invalid time period format");
+  const t = parseFloat(e[2]);
+  let o;
+  switch (e[3].toLowerCase()) {
+    case "sec":
+    case "secs":
+    case "second":
+    case "seconds":
+    case "s":
+      o = Math.round(t);
+      break;
+    case "minute":
+    case "minutes":
+    case "min":
+    case "mins":
+    case "m":
+      o = Math.round(60 * t);
+      break;
+    case "hour":
+    case "hours":
+    case "hr":
+    case "hrs":
+    case "h":
+      o = Math.round(3600 * t);
+      break;
+    case "day":
+    case "days":
+    case "d":
+      o = Math.round(t * Ua);
+      break;
+    case "week":
+    case "weeks":
+    case "w":
+      o = Math.round(604800 * t);
+      break;
+    default:
+      o = Math.round(31557600 * t);
+  }
+  return e[1] === "-" || e[4] === "ago" ? -o : o;
+}
+const Qo = (n) => n.includes("/") ? n.toLowerCase() : "application/".concat(n.toLowerCase());
+function Da(n, e) {
+  let t, o = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : {};
+  try {
+    t = JSON.parse(wt.decode(e));
+  } catch {
+  }
+  if (!Pe(t)) throw new mo("JWT Claims Set must be a top-level JSON object");
+  const { typ: r } = o;
+  if (r && (typeof n.typ != "string" || Qo(n.typ) !== Qo(r))) throw new $('unexpected "typ" JWT header value', t, "typ", "check_failed");
+  const { requiredClaims: i = [], issuer: a, subject: s, audience: c, maxTokenAge: l } = o, u = [...i];
+  l !== void 0 && u.push("iat"), c !== void 0 && u.push("aud"), s !== void 0 && u.push("sub"), a !== void 0 && u.push("iss");
+  for (const w of new Set(u.reverse())) if (!(w in t)) throw new $('missing required "'.concat(w, '" claim'), t, w, "missing");
+  if (a && !(Array.isArray(a) ? a : [a]).includes(t.iss)) throw new $('unexpected "iss" claim value', t, "iss", "check_failed");
+  if (s && t.sub !== s) throw new $('unexpected "sub" claim value', t, "sub", "check_failed");
+  if (c && (p = t.aud, h = typeof c == "string" ? [c] : c, !(typeof p == "string" ? h.includes(p) : Array.isArray(p) && h.some(Set.prototype.has.bind(new Set(p)))))) throw new $('unexpected "aud" claim value', t, "aud", "check_failed");
+  var p, h;
+  let d;
+  switch (typeof o.clockTolerance) {
+    case "string":
+      d = Bo(o.clockTolerance);
+      break;
+    case "number":
+      d = o.clockTolerance;
+      break;
+    case "undefined":
+      d = 0;
+      break;
+    default:
+      throw new TypeError("Invalid clockTolerance option type");
+  }
+  const { currentDate: g } = o, f = (m = g || /* @__PURE__ */ new Date(), Math.floor(m.getTime() / 1e3));
+  var m;
+  if ((t.iat !== void 0 || l) && typeof t.iat != "number") throw new $('"iat" claim must be a number', t, "iat", "invalid");
+  if (t.nbf !== void 0) {
+    if (typeof t.nbf != "number") throw new $('"nbf" claim must be a number', t, "nbf", "invalid");
+    if (t.nbf > f + d) throw new $('"nbf" claim timestamp check failed', t, "nbf", "check_failed");
+  }
+  if (t.exp !== void 0) {
+    if (typeof t.exp != "number") throw new $('"exp" claim must be a number', t, "exp", "invalid");
+    if (t.exp <= f - d) throw new Xn('"exp" claim timestamp check failed', t, "exp", "check_failed");
+  }
+  if (l) {
+    const w = f - t.iat;
+    if (w - d > (typeof l == "number" ? l : Bo(l))) throw new Xn('"iat" claim timestamp check failed (too far in the past)', t, "iat", "check_failed");
+    if (w < 0 - d) throw new $('"iat" claim timestamp check failed (it should be in the past)', t, "iat", "check_failed");
+  }
+  return t;
+}
+async function Na(n, e, t) {
+  var o;
+  const r = await (async function(a, s, c) {
+    if (a instanceof Uint8Array && (a = wt.decode(a)), typeof a != "string") throw new D("Compact JWS must be a string or Uint8Array");
+    const { 0: l, 1: u, 2: p, length: h } = a.split(".");
+    if (h !== 3) throw new D("Invalid Compact JWS");
+    const d = await Wa({ payload: u, protected: l, signature: p }, s, c), g = { payload: d.payload, protectedHeader: d.protectedHeader };
+    return typeof s == "function" ? _(_({}, g), {}, { key: d.key }) : g;
+  })(n, e, t);
+  if ((o = r.protectedHeader.crit) !== null && o !== void 0 && o.includes("b64") && r.protectedHeader.b64 === !1) throw new mo("JWTs MUST NOT use unencoded payload");
+  const i = { payload: Da(r.protectedHeader, r.payload, t), protectedHeader: r.protectedHeader };
+  return typeof e == "function" ? _(_({}, i), {}, { key: r.key }) : i;
+}
+function La(n) {
+  return Pe(n);
+}
+var jt, Pn, Wt = /* @__PURE__ */ new WeakMap(), An = /* @__PURE__ */ new WeakMap();
+class za {
+  constructor(e) {
+    if (W(this, Wt, void 0), W(this, An, /* @__PURE__ */ new WeakMap()), !(function(t) {
+      return t && typeof t == "object" && Array.isArray(t.keys) && t.keys.every(La);
+    })(e)) throw new fo("JSON Web Key Set malformed");
+    P(Wt, this, structuredClone(e));
+  }
+  jwks() {
+    return y(Wt, this);
+  }
+  async getKey(e, t) {
+    const { alg: o, kid: r } = _(_({}, e), t == null ? void 0 : t.header), i = (function(l) {
+      switch (typeof l == "string" && l.slice(0, 2)) {
+        case "RS":
+        case "PS":
+          return "RSA";
+        case "ES":
+          return "EC";
+        case "Ed":
+          return "OKP";
+        case "ML":
+          return "AKP";
+        default:
+          throw new Y('Unsupported "alg" value for a JSON Web Key Set');
+      }
+    })(o), a = y(Wt, this).keys.filter((l) => {
+      let u = i === l.kty;
+      if (u && typeof r == "string" && (u = r === l.kid), !u || typeof l.alg != "string" && i !== "AKP" || (u = o === l.alg), u && typeof l.use == "string" && (u = l.use === "sig"), u && Array.isArray(l.key_ops) && (u = l.key_ops.includes("verify")), u) switch (o) {
+        case "ES256":
+          u = l.crv === "P-256";
+          break;
+        case "ES384":
+          u = l.crv === "P-384";
+          break;
+        case "ES512":
+          u = l.crv === "P-521";
+          break;
+        case "Ed25519":
+        case "EdDSA":
+          u = l.crv === "Ed25519";
+      }
+      return u;
+    }), { 0: s, length: c } = a;
+    if (c === 0) throw new yo();
+    if (c !== 1) {
+      const l = new Kr(), u = y(An, this);
+      throw l[Symbol.asyncIterator] = Fi(function* () {
+        for (const p of a) try {
+          yield yield Vi($o(u, p, o));
+        } catch {
+        }
+      }), l;
+    }
+    return $o(y(An, this), s, o);
+  }
+}
+async function $o(n, e, t) {
+  const o = n.get(e) || n.set(e, {}).get(e);
+  if (o[t] === void 0) {
+    const r = await (async function(i, a, s) {
+      var c;
+      if (!Pe(i)) throw new TypeError("JWK must be an object");
+      let l;
+      switch (a != null || (a = i.alg), l != null || (l = (c = void 0) !== null && c !== void 0 ? c : i.ext), i.kty) {
+        case "oct":
+          if (typeof i.k != "string" || !i.k) throw new TypeError('missing "k" (Key Value) Parameter value');
+          return sn(i.k);
+        case "RSA":
+          if ("oth" in i && i.oth !== void 0) throw new Y('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
+          return Ht(_(_({}, i), {}, { alg: a, ext: l }));
+        case "AKP":
+          if (typeof i.alg != "string" || !i.alg) throw new TypeError('missing "alg" (Algorithm) Parameter value');
+          if (a !== void 0 && a !== i.alg) throw new TypeError("JWK alg and alg option value mismatch");
+          return Ht(_(_({}, i), {}, { ext: l }));
+        case "EC":
+        case "OKP":
+          return Ht(_(_({}, i), {}, { alg: a, ext: l }));
+        default:
+          throw new Y('Unsupported "kty" (Key Type) Parameter value');
+      }
+    })(_(_({}, e), {}, { ext: !0 }), t);
+    if (r instanceof Uint8Array || r.type !== "public") throw new fo("JSON Web Key Set members must be public keys");
+    o[t] = r;
+  }
+  return o[t];
+}
+function er(n) {
+  const e = new za(n), t = async (o, r) => e.getKey(o, r);
+  return Object.defineProperties(t, { jwks: { value: () => structuredClone(e.jwks()), enumerable: !1, configurable: !1, writable: !1 } }), t;
+}
+let qn;
+(typeof navigator > "u" || (jt = navigator.userAgent) === null || jt === void 0 || (Pn = jt.startsWith) === null || Pn === void 0 || !Pn.call(jt, "Mozilla/5.0 ")) && (qn = "".concat("jose", "/").concat("v6.2.2"));
+const Yr = Symbol(), Jt = Symbol();
+var Rn = /* @__PURE__ */ new WeakMap(), In = /* @__PURE__ */ new WeakMap(), xn = /* @__PURE__ */ new WeakMap(), Ut = /* @__PURE__ */ new WeakMap(), Ie = /* @__PURE__ */ new WeakMap(), pe = /* @__PURE__ */ new WeakMap(), ve = /* @__PURE__ */ new WeakMap(), On = /* @__PURE__ */ new WeakMap(), xe = /* @__PURE__ */ new WeakMap(), Oe = /* @__PURE__ */ new WeakMap();
+class Ha {
+  constructor(e, t) {
+    if (W(this, Rn, void 0), W(this, In, void 0), W(this, xn, void 0), W(this, Ut, void 0), W(this, Ie, void 0), W(this, pe, void 0), W(this, ve, void 0), W(this, On, void 0), W(this, xe, void 0), W(this, Oe, void 0), !(e instanceof URL)) throw new TypeError("url must be an instance of URL");
+    var o, r;
+    P(Rn, this, new URL(e.href)), P(In, this, typeof (t == null ? void 0 : t.timeoutDuration) == "number" ? t == null ? void 0 : t.timeoutDuration : 5e3), P(xn, this, typeof (t == null ? void 0 : t.cooldownDuration) == "number" ? t == null ? void 0 : t.cooldownDuration : 3e4), P(Ut, this, typeof (t == null ? void 0 : t.cacheMaxAge) == "number" ? t == null ? void 0 : t.cacheMaxAge : 6e5), P(ve, this, new Headers(t == null ? void 0 : t.headers)), qn && !y(ve, this).has("User-Agent") && y(ve, this).set("User-Agent", qn), y(ve, this).has("accept") || (y(ve, this).set("accept", "application/json"), y(ve, this).append("accept", "application/jwk-set+json")), P(On, this, t == null ? void 0 : t[Yr]), (t == null ? void 0 : t[Jt]) !== void 0 && (P(Oe, this, t == null ? void 0 : t[Jt]), o = t == null ? void 0 : t[Jt], r = y(Ut, this), typeof o == "object" && o !== null && "uat" in o && typeof o.uat == "number" && !(Date.now() - o.uat >= r) && "jwks" in o && Pe(o.jwks) && Array.isArray(o.jwks.keys) && Array.prototype.every.call(o.jwks.keys, Pe) && (P(Ie, this, y(Oe, this).uat), P(xe, this, er(y(Oe, this).jwks))));
+  }
+  pendingFetch() {
+    return !!y(pe, this);
+  }
+  coolingDown() {
+    return typeof y(Ie, this) == "number" && Date.now() < y(Ie, this) + y(xn, this);
+  }
+  fresh() {
+    return typeof y(Ie, this) == "number" && Date.now() < y(Ie, this) + y(Ut, this);
+  }
+  jwks() {
+    var e;
+    return (e = y(xe, this)) === null || e === void 0 ? void 0 : e.jwks();
+  }
+  async getKey(e, t) {
+    y(xe, this) && this.fresh() || await this.reload();
+    try {
+      return await y(xe, this).call(this, e, t);
+    } catch (o) {
+      if (o instanceof yo && this.coolingDown() === !1) return await this.reload(), y(xe, this).call(this, e, t);
+      throw o;
+    }
+  }
+  async reload() {
+    y(pe, this) && (typeof WebSocketPair < "u" || typeof navigator < "u" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime < "u" && EdgeRuntime === "vercel") && P(pe, this, void 0), y(pe, this) || P(pe, this, (async function(e, t, o) {
+      const i = await (arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : fetch)(e, { method: "GET", signal: o, redirect: "manual", headers: t }).catch((a) => {
+        throw a.name === "TimeoutError" ? new Dr() : a;
+      });
+      if (i.status !== 200) throw new L("Expected 200 OK from the JSON Web Key Set HTTP response");
+      try {
+        return await i.json();
+      } catch {
+        throw new L("Failed to parse the JSON Web Key Set HTTP response as JSON");
+      }
+    })(y(Rn, this).href, y(ve, this), AbortSignal.timeout(y(In, this)), y(On, this)).then((e) => {
+      P(xe, this, er(e)), y(Oe, this) && (y(Oe, this).uat = Date.now(), y(Oe, this).jwks = e), P(Ie, this, Date.now()), P(pe, this, void 0);
+    }).catch((e) => {
+      throw P(pe, this, void 0), e;
+    })), await y(pe, this);
+  }
+}
+const Ma = ["mfaToken"], Ja = ["mfaToken"];
+var Ce, Kt, je, B, Dt, Nt, ee, se, Ye, I, me, ct, ft, Qe, Lt, O, tr = class extends Error {
+  constructor(n, e) {
+    super(e), b(this, "code", void 0), this.name = "NotSupportedError", this.code = n;
+  }
+}, de = class extends Error {
+  constructor(n, e, t) {
+    super(e), b(this, "cause", void 0), b(this, "code", void 0), this.code = n, this.cause = t && { error: t.error, error_description: t.error_description, message: t.message };
+  }
+}, Za = class extends de {
+  constructor(n, e) {
+    super("token_by_code_error", n, e), this.name = "TokenByCodeError";
+  }
+}, Va = class extends de {
+  constructor(n, e) {
+    super("token_by_client_credentials_error", n, e), this.name = "TokenByClientCredentialsError";
+  }
+}, Fa = class extends de {
+  constructor(n, e) {
+    super("token_by_refresh_token_error", n, e), this.name = "TokenByRefreshTokenError";
+  }
+}, Xa = class extends de {
+  constructor(n, e) {
+    super("token_by_password_error", n, e), this.name = "TokenByPasswordError";
+  }
+}, Cn = class extends de {
+  constructor(n, e) {
+    super("token_for_connection_error", n, e), this.name = "TokenForConnectionErrorCode";
+  }
+}, ce = class extends de {
+  constructor(n, e) {
+    super("token_exchange_error", n, e), this.name = "TokenExchangeError";
+  }
+}, be = class extends Error {
+  constructor(n) {
+    super(n), b(this, "code", "verify_logout_token_error"), this.name = "VerifyLogoutTokenError";
+  }
+}, jn = class extends de {
+  constructor(n) {
+    super("backchannel_authentication_error", "There was an error when trying to use Client-Initiated Backchannel Authentication.", n), b(this, "code", "backchannel_authentication_error"), this.name = "BackchannelAuthenticationError";
+  }
+}, Ga = class extends de {
+  constructor(n) {
+    super("build_authorization_url_error", "There was an error when trying to build the authorization URL.", n), this.name = "BuildAuthorizationUrlError";
+  }
+}, Ya = class extends de {
+  constructor(n) {
+    super("build_link_user_url_error", "There was an error when trying to build the Link User URL.", n), this.name = "BuildLinkUserUrlError";
+  }
+}, qa = class extends de {
+  constructor(n) {
+    super("build_unlink_user_url_error", "There was an error when trying to build the Unlink User URL.", n), this.name = "BuildUnlinkUserUrlError";
+  }
+}, Ba = class extends Error {
+  constructor() {
+    super("The client secret or client assertion signing key must be provided."), b(this, "code", "missing_client_auth_error"), this.name = "MissingClientAuthError";
+  }
+};
+function Bn(n) {
+  return Object.entries(n).filter((e) => {
+    let [, t] = e;
+    return t !== void 0;
+  }).reduce((e, t) => _(_({}, e), {}, { [t[0]]: t[1] }), {});
+}
+var cn = class extends Error {
+  constructor(n, e, t) {
+    super(e), b(this, "cause", void 0), b(this, "code", void 0), this.code = n, this.cause = t && { error: t.error, error_description: t.error_description, message: t.message };
+  }
+}, qr = class extends cn {
+  constructor(n, e) {
+    super("mfa_list_authenticators_error", n, e), this.name = "MfaListAuthenticatorsError";
+  }
+}, Br = class extends cn {
+  constructor(n, e) {
+    super("mfa_enrollment_error", n, e), this.name = "MfaEnrollmentError";
+  }
+}, Qa = class extends cn {
+  constructor(n, e) {
+    super("mfa_delete_authenticator_error", n, e), this.name = "MfaDeleteAuthenticatorError";
+  }
+}, Qr = class extends cn {
+  constructor(n, e) {
+    super("mfa_challenge_error", n, e), this.name = "MfaChallengeError";
+  }
+};
+function $a(n) {
+  return { id: n.id, authenticatorType: n.authenticator_type, active: n.active, name: n.name, oobChannels: n.oob_channels, type: n.type };
+}
+var es = (Ce = /* @__PURE__ */ new WeakMap(), Kt = /* @__PURE__ */ new WeakMap(), je = /* @__PURE__ */ new WeakMap(), class {
+  constructor(n) {
+    var e;
+    W(this, Ce, void 0), W(this, Kt, void 0), W(this, je, void 0), P(Ce, this, "https://".concat(n.domain)), P(Kt, this, n.clientId), P(je, this, (e = n.customFetch) !== null && e !== void 0 ? e : function() {
+      return fetch(...arguments);
+    });
+  }
+  async listAuthenticators(n) {
+    const e = "".concat(y(Ce, this), "/mfa/authenticators"), { mfaToken: t } = n, o = await y(je, this).call(this, e, { method: "GET", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" } });
+    if (!o.ok) {
+      const r = await o.json();
+      throw new qr(r.error_description || "Failed to list authenticators", r);
+    }
+    return (await o.json()).map($a);
+  }
+  async enrollAuthenticator(n) {
+    const e = "".concat(y(Ce, this), "/mfa/associate"), { mfaToken: t } = n, o = Uo(n, Ma), r = { authenticator_types: o.authenticatorTypes };
+    "oobChannels" in o && (r.oob_channels = o.oobChannels), "phoneNumber" in o && o.phoneNumber && (r.phone_number = o.phoneNumber), "email" in o && o.email && (r.email = o.email);
+    const i = await y(je, this).call(this, e, { method: "POST", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" }, body: JSON.stringify(r) });
+    if (!i.ok) {
+      const a = await i.json();
+      throw new Br(a.error_description || "Failed to enroll authenticator", a);
+    }
+    return (function(a) {
+      if (a.authenticator_type === "otp") return { authenticatorType: "otp", secret: a.secret, barcodeUri: a.barcode_uri, recoveryCodes: a.recovery_codes, id: a.id };
+      if (a.authenticator_type === "oob") return { authenticatorType: "oob", oobChannel: a.oob_channel, oobCode: a.oob_code, bindingMethod: a.binding_method, id: a.id, barcodeUri: a.barcode_uri, recoveryCodes: a.recovery_codes };
+      throw new Error("Unexpected authenticator type: ".concat(a.authenticator_type));
+    })(await i.json());
+  }
+  async deleteAuthenticator(n) {
+    const { authenticatorId: e, mfaToken: t } = n, o = "".concat(y(Ce, this), "/mfa/authenticators/").concat(encodeURIComponent(e)), r = await y(je, this).call(this, o, { method: "DELETE", headers: { Authorization: "Bearer ".concat(t), "Content-Type": "application/json" } });
+    if (!r.ok) {
+      const i = await r.json();
+      throw new Qa(i.error_description || "Failed to delete authenticator", i);
+    }
+  }
+  async challengeAuthenticator(n) {
+    const e = "".concat(y(Ce, this), "/mfa/challenge"), { mfaToken: t } = n, o = Uo(n, Ja), r = { mfa_token: t, client_id: y(Kt, this), challenge_type: o.challengeType };
+    o.authenticatorId && (r.authenticator_id = o.authenticatorId);
+    const i = await y(je, this).call(this, e, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(r) });
+    if (!i.ok) {
+      const a = await i.json();
+      throw new Qr(a.error_description || "Failed to challenge authenticator", a);
+    }
+    return (function(a) {
+      const s = { challengeType: a.challenge_type };
+      return a.oob_code !== void 0 && (s.oobCode = a.oob_code), a.binding_method !== void 0 && (s.bindingMethod = a.binding_method), s;
+    })(await i.json());
+  }
+}), _e = class $r {
+  constructor(e, t, o, r, i, a, s) {
+    b(this, "accessToken", void 0), b(this, "idToken", void 0), b(this, "refreshToken", void 0), b(this, "expiresAt", void 0), b(this, "scope", void 0), b(this, "claims", void 0), b(this, "authorizationDetails", void 0), b(this, "tokenType", void 0), b(this, "issuedTokenType", void 0), this.accessToken = e, this.idToken = o, this.refreshToken = r, this.expiresAt = t, this.scope = i, this.claims = a, this.authorizationDetails = s;
+  }
+  static fromTokenEndpointResponse(e) {
+    const t = e.id_token ? e.claims() : void 0, o = new $r(e.access_token, Math.floor(Date.now() / 1e3) + Number(e.expires_in), e.id_token, e.refresh_token, e.scope, t, e.authorization_details);
+    return o.tokenType = e.token_type, o.issuedTokenType = e.issued_token_type, o;
+  }
+}, ts = (B = /* @__PURE__ */ new WeakMap(), Dt = /* @__PURE__ */ new WeakMap(), Nt = /* @__PURE__ */ new WeakMap(), class {
+  constructor(n, e) {
+    W(this, B, /* @__PURE__ */ new Map()), W(this, Dt, void 0), W(this, Nt, void 0), P(Nt, this, Math.max(1, Math.floor(n))), P(Dt, this, Math.max(0, Math.floor(e)));
+  }
+  get(n) {
+    const e = y(B, this).get(n);
+    if (e) {
+      if (!(Date.now() >= e.expiresAt)) return y(B, this).delete(n), y(B, this).set(n, e), e.value;
+      y(B, this).delete(n);
+    }
+  }
+  set(n, e) {
+    for (y(B, this).has(n) && y(B, this).delete(n), y(B, this).set(n, { value: e, expiresAt: Date.now() + y(Dt, this) }); y(B, this).size > y(Nt, this); ) {
+      const t = y(B, this).keys().next().value;
+      if (t === void 0) break;
+      y(B, this).delete(t);
+    }
+  }
+}), nr = /* @__PURE__ */ new Map();
+function or(n) {
+  return { ttlMs: 1e3 * (typeof (n == null ? void 0 : n.ttl) == "number" ? n.ttl : 600), maxEntries: typeof (n == null ? void 0 : n.maxEntries) == "number" && n.maxEntries > 0 ? n.maxEntries : 100 };
+}
+var rr = class {
+  static createDiscoveryCache(n) {
+    const e = (t = n.maxEntries, o = n.ttlMs, "".concat(t, ":").concat(o));
+    var t, o;
+    let r = (i = e, nr.get(i));
+    var i;
+    return r || (r = new ts(n.maxEntries, n.ttlMs), nr.set(e, r)), r;
+  }
+  static createJwksCache() {
+    return {};
+  }
+}, Qn = "openid profile email offline_access", ns = Object.freeze(/* @__PURE__ */ new Set(["grant_type", "client_id", "client_secret", "client_assertion", "client_assertion_type", "subject_token", "subject_token_type", "requested_token_type", "actor_token", "actor_token_type", "audience", "aud", "resource", "resources", "resource_indicator", "scope", "connection", "login_hint", "organization", "assertion"]));
+function ei(n) {
+  if (n == null) throw new ce("subject_token is required");
+  if (typeof n != "string") throw new ce("subject_token must be a string");
+  if (n.trim().length === 0) throw new ce("subject_token cannot be blank or whitespace");
+  if (n !== n.trim()) throw new ce("subject_token must not include leading or trailing whitespace");
+  if (/^bearer\s+/i.test(n)) throw new ce("subject_token must not include the 'Bearer ' prefix");
+}
+function ti(n, e) {
+  if (e) {
+    for (const [t, o] of Object.entries(e)) if (!ns.has(t)) if (Array.isArray(o)) {
+      if (o.length > 20) throw new ce("Parameter '".concat(t, "' exceeds maximum array size of ").concat(20));
+      o.forEach((r) => {
+        n.append(t, r);
+      });
+    } else n.append(t, o);
+  }
+}
+var ni = "urn:ietf:params:oauth:token-type:access_token", os = (ee = /* @__PURE__ */ new WeakMap(), se = /* @__PURE__ */ new WeakMap(), Ye = /* @__PURE__ */ new WeakMap(), I = /* @__PURE__ */ new WeakMap(), me = /* @__PURE__ */ new WeakMap(), ct = /* @__PURE__ */ new WeakMap(), ft = /* @__PURE__ */ new WeakMap(), Qe = /* @__PURE__ */ new WeakMap(), Lt = /* @__PURE__ */ new WeakMap(), O = /* @__PURE__ */ new WeakSet(), class {
+  constructor(n) {
+    var e, t, o, r;
+    if ((function(a, s) {
+      br(a, s), s.add(a);
+    })(this, O), W(this, ee, void 0), W(this, se, void 0), W(this, Ye, void 0), W(this, I, void 0), W(this, me, void 0), W(this, ct, void 0), W(this, ft, void 0), W(this, Qe, void 0), W(this, Lt, void 0), b(this, "mfa", void 0), P(I, this, n), n.useMtls && !n.customFetch) throw new tr("mtls_without_custom_fetch_not_supported", "Using mTLS without a custom fetch implementation is not supported");
+    P(me, this, (function(a, s) {
+      if (s.enabled === !1) return a;
+      const c = { name: s.name, version: s.version }, l = btoa(JSON.stringify(c));
+      return async (u, p) => {
+        const h = u instanceof Request ? new Headers(u.headers) : new Headers();
+        return p != null && p.headers && new Headers(p.headers).forEach((d, g) => {
+          h.set(g, d);
+        }), h.set("Auth0-Client", l), a(u, _(_({}, p), {}, { headers: h }));
+      };
+    })((e = n.customFetch) !== null && e !== void 0 ? e : function() {
+      return fetch(...arguments);
+    }, ((t = n.telemetry) == null ? void 0 : t.enabled) === !1 ? t : { enabled: !0, name: (o = t == null ? void 0 : t.name) !== null && o !== void 0 ? o : "@auth0/auth0-auth-js", version: (r = t == null ? void 0 : t.version) !== null && r !== void 0 ? r : "1.6.0" }));
+    const i = or(n.discoveryCache);
+    P(ft, this, rr.createDiscoveryCache(i)), P(Qe, this, /* @__PURE__ */ new Map()), P(Lt, this, rr.createJwksCache()), this.mfa = new es({ domain: y(I, this).domain, clientId: y(I, this).clientId, customFetch: y(me, this) });
+  }
+  async getServerMetadata() {
+    const { serverMetadata: n } = await C(O, this, F).call(this);
+    return n;
+  }
+  async buildAuthorizationUrl(n) {
+    const { serverMetadata: e } = await C(O, this, F).call(this);
+    if (n != null && n.pushedAuthorizationRequests && !e.pushed_authorization_request_endpoint) throw new tr("par_not_supported_error", "The Auth0 tenant does not have pushed authorization requests enabled. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-par");
+    try {
+      return await C(O, this, Wn).call(this, n);
+    } catch (t) {
+      throw new Ga(t);
+    }
+  }
+  async buildLinkUserUrl(n) {
+    try {
+      const e = await C(O, this, Wn).call(this, { authorizationParams: _(_({}, n.authorizationParams), {}, { requested_connection: n.connection, requested_connection_scope: n.connectionScope, scope: "openid link_account offline_access", id_token_hint: n.idToken }) });
+      return { linkUserUrl: e.authorizationUrl, codeVerifier: e.codeVerifier };
+    } catch (e) {
+      throw new Ya(e);
+    }
+  }
+  async buildUnlinkUserUrl(n) {
+    try {
+      const e = await C(O, this, Wn).call(this, { authorizationParams: _(_({}, n.authorizationParams), {}, { requested_connection: n.connection, scope: "openid unlink_account", id_token_hint: n.idToken }) });
+      return { unlinkUserUrl: e.authorizationUrl, codeVerifier: e.codeVerifier };
+    } catch (e) {
+      throw new qa(e);
+    }
+  }
+  async backchannelAuthentication(n) {
+    const { configuration: e, serverMetadata: t } = await C(O, this, F).call(this), o = Bn(_(_({}, y(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), r = new URLSearchParams(_(_({ scope: Qn }, o), {}, { client_id: y(I, this).clientId, binding_message: n.bindingMessage, login_hint: JSON.stringify({ format: "iss_sub", iss: t.issuer, sub: n.loginHint.sub }) }));
+    n.requestedExpiry && r.append("requested_expiry", n.requestedExpiry.toString()), n.authorizationDetails && r.append("authorization_details", JSON.stringify(n.authorizationDetails));
+    try {
+      const i = await Yo(e, r), a = await Zr(e, i);
+      return _e.fromTokenEndpointResponse(a);
+    } catch (i) {
+      throw new jn(i);
+    }
+  }
+  async initiateBackchannelAuthentication(n) {
+    const { configuration: e, serverMetadata: t } = await C(O, this, F).call(this), o = Bn(_(_({}, y(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), r = new URLSearchParams(_(_({ scope: Qn }, o), {}, { client_id: y(I, this).clientId, binding_message: n.bindingMessage, login_hint: JSON.stringify({ format: "iss_sub", iss: t.issuer, sub: n.loginHint.sub }) }));
+    n.requestedExpiry && r.append("requested_expiry", n.requestedExpiry.toString()), n.authorizationDetails && r.append("authorization_details", JSON.stringify(n.authorizationDetails));
+    try {
+      const i = await Yo(e, r);
+      return { authReqId: i.auth_req_id, expiresIn: i.expires_in, interval: i.interval };
+    } catch (i) {
+      throw new jn(i);
+    }
+  }
+  async backchannelAuthenticationGrant(n) {
+    let { authReqId: e } = n;
+    const { configuration: t } = await C(O, this, F).call(this), o = new URLSearchParams({ auth_req_id: e });
+    try {
+      const r = await $t(t, "urn:openid:params:grant-type:ciba", o);
+      return _e.fromTokenEndpointResponse(r);
+    } catch (r) {
+      throw new jn(r);
+    }
+  }
+  async getTokenForConnection(n) {
+    var e;
+    if (n.refreshToken && n.accessToken) throw new Cn("Either a refresh or access token should be specified, but not both.");
+    const t = (e = n.accessToken) !== null && e !== void 0 ? e : n.refreshToken;
+    if (!t) throw new Cn("Either a refresh or access token must be specified.");
+    try {
+      return await this.exchangeToken({ connection: n.connection, subjectToken: t, subjectTokenType: n.accessToken ? ni : "urn:ietf:params:oauth:token-type:refresh_token", loginHint: n.loginHint });
+    } catch (o) {
+      throw o instanceof ce ? new Cn(o.message, o.cause) : o;
+    }
+  }
+  async exchangeToken(n) {
+    return "connection" in n ? C(O, this, is).call(this, n) : C(O, this, as).call(this, n);
+  }
+  async getTokenByCode(n, e) {
+    const { configuration: t } = await C(O, this, F).call(this);
+    try {
+      const o = await Vr(t, n, { pkceCodeVerifier: e.codeVerifier });
+      return _e.fromTokenEndpointResponse(o);
+    } catch (o) {
+      throw new Za("There was an error while trying to request a token.", o);
+    }
+  }
+  async getTokenByRefreshToken(n) {
+    const { configuration: e } = await C(O, this, F).call(this), t = new URLSearchParams();
+    n.audience && t.append("audience", n.audience), n.scope && t.append("scope", n.scope);
+    try {
+      const o = await Fr(e, n.refreshToken, t);
+      return _e.fromTokenEndpointResponse(o);
+    } catch (o) {
+      throw new Fa("The access token has expired and there was an error while trying to refresh it.", o);
+    }
+  }
+  async getTokenByPassword(n) {
+    const { configuration: e } = await C(O, this, F).call(this), t = new URLSearchParams({ username: n.username, password: n.password });
+    n.audience && t.append("audience", n.audience), n.scope && t.append("scope", n.scope), n.realm && t.append("realm", n.realm);
+    let o = e;
+    if (n.auth0ForwardedFor) {
+      const r = await C(O, this, go).call(this);
+      o = new tt(e.serverMetadata(), y(I, this).clientId, y(I, this).clientSecret, r), o[ue] = (i, a) => y(me, this).call(this, i, _(_({}, a), {}, { headers: _(_({}, a.headers), {}, { "auth0-forwarded-for": n.auth0ForwardedFor }) }));
+    }
+    try {
+      const r = await $t(o, "password", t);
+      return _e.fromTokenEndpointResponse(r);
+    } catch (r) {
+      throw new Xa("There was an error while trying to request a token.", r);
+    }
+  }
+  async getTokenByClientCredentials(n) {
+    const { configuration: e } = await C(O, this, F).call(this);
+    try {
+      const t = new URLSearchParams({ audience: n.audience });
+      n.organization && t.append("organization", n.organization);
+      const o = await Xr(e, t);
+      return _e.fromTokenEndpointResponse(o);
+    } catch (t) {
+      throw new Va("There was an error while trying to request a token.", t);
+    }
+  }
+  async buildLogoutUrl(n) {
+    const { configuration: e, serverMetadata: t } = await C(O, this, F).call(this);
+    if (!t.end_session_endpoint) {
+      const o = new URL("https://".concat(y(I, this).domain, "/v2/logout"));
+      return o.searchParams.set("returnTo", n.returnTo), o.searchParams.set("client_id", y(I, this).clientId), o;
+    }
+    return (function(o, r) {
+      ge(o);
+      const { as: i, c: a, tlsOnly: s } = N(o), c = vt(i, "end_session_endpoint", !1, s);
+      (r = new URLSearchParams(r)).has("client_id") || r.set("client_id", a.client_id);
+      for (const [l, u] of r.entries()) c.searchParams.append(l, u);
+      return c;
+    })(e, { post_logout_redirect_uri: n.returnTo });
+  }
+  async verifyLogoutToken(n) {
+    const { serverMetadata: e } = await C(O, this, F).call(this), t = or(y(I, this).discoveryCache), o = e.jwks_uri;
+    y(ct, this) || P(ct, this, (function(i, a) {
+      const s = new Ha(i, a), c = async (l, u) => s.getKey(l, u);
+      return Object.defineProperties(c, { coolingDown: { get: () => s.coolingDown(), enumerable: !0, configurable: !1 }, fresh: { get: () => s.fresh(), enumerable: !0, configurable: !1 }, reload: { value: () => s.reload(), enumerable: !0, configurable: !1, writable: !1 }, reloading: { get: () => s.pendingFetch(), enumerable: !0, configurable: !1 }, jwks: { value: () => s.jwks(), enumerable: !0, configurable: !1, writable: !1 } }), c;
+    })(new URL(o), { cacheMaxAge: t.ttlMs, [Yr]: y(me, this), [Jt]: y(Lt, this) }));
+    const { payload: r } = await Na(n.logoutToken, y(ct, this), { issuer: e.issuer, audience: y(I, this).clientId, algorithms: ["RS256"], requiredClaims: ["iat"] });
+    if (!("sid" in r) && !("sub" in r)) throw new be('either "sid" or "sub" (or both) claims must be present');
+    if ("sid" in r && typeof r.sid != "string") throw new be('"sid" claim must be a string');
+    if ("sub" in r && typeof r.sub != "string") throw new be('"sub" claim must be a string');
+    if ("nonce" in r) throw new be('"nonce" claim is prohibited');
+    if (!("events" in r)) throw new be('"events" claim is missing');
+    if (typeof r.events != "object" || r.events === null) throw new be('"events" claim must be an object');
+    if (!("http://schemas.openid.net/event/backchannel-logout" in r.events)) throw new be('"http://schemas.openid.net/event/backchannel-logout" member is missing in the "events" claim');
+    if (typeof r.events["http://schemas.openid.net/event/backchannel-logout"] != "object") throw new be('"http://schemas.openid.net/event/backchannel-logout" member in the "events" claim must be an object');
+    return { sid: r.sid, sub: r.sub };
+  }
+});
+function rs() {
+  const n = y(I, this).domain.toLowerCase();
+  return "".concat(n, "|mtls:").concat(y(I, this).useMtls ? "1" : "0");
+}
+async function ir(n) {
+  const e = await C(O, this, go).call(this), t = new tt(n, y(I, this).clientId, y(I, this).clientSecret, e);
+  return t[ue] = y(me, this), t;
+}
+async function F() {
+  if (y(ee, this) && y(se, this)) return { configuration: y(ee, this), serverMetadata: y(se, this) };
+  const n = C(O, this, rs).call(this), e = y(ft, this).get(n);
+  if (e) return P(se, this, e.serverMetadata), P(ee, this, await C(O, this, ir).call(this, e.serverMetadata)), { configuration: y(ee, this), serverMetadata: y(se, this) };
+  const t = y(Qe, this).get(n);
+  if (t) {
+    const i = await t;
+    return P(se, this, i.serverMetadata), P(ee, this, await C(O, this, ir).call(this, i.serverMetadata)), { configuration: y(ee, this), serverMetadata: y(se, this) };
+  }
+  const o = (async () => {
+    const i = await C(O, this, go).call(this), a = await ja(new URL("https://".concat(y(I, this).domain)), y(I, this).clientId, { use_mtls_endpoint_aliases: y(I, this).useMtls }, i, { [ue]: y(me, this) }), s = a.serverMetadata();
+    return y(ft, this).set(n, { serverMetadata: s }), { configuration: a, serverMetadata: s };
+  })(), r = o.then((i) => {
+    let { serverMetadata: a } = i;
+    return { serverMetadata: a };
+  });
+  r.catch(() => {
+  }), y(Qe, this).set(n, r);
+  try {
+    const { configuration: i, serverMetadata: a } = await o;
+    P(ee, this, i), P(se, this, a), y(ee, this)[ue] = y(me, this);
+  } finally {
+    y(Qe, this).delete(n);
+  }
+  return { configuration: y(ee, this), serverMetadata: y(se, this) };
+}
+async function is(n) {
+  var e, t;
+  const { configuration: o } = await C(O, this, F).call(this);
+  if ("audience" in n || "resource" in n) throw new ce("audience and resource parameters are not supported for Token Vault exchanges");
+  ei(n.subjectToken);
+  const r = new URLSearchParams({ connection: n.connection, subject_token: n.subjectToken, subject_token_type: (e = n.subjectTokenType) !== null && e !== void 0 ? e : ni, requested_token_type: (t = n.requestedTokenType) !== null && t !== void 0 ? t : "http://auth0.com/oauth/token-type/federated-connection-access-token" });
+  n.loginHint && r.append("login_hint", n.loginHint), n.scope && r.append("scope", n.scope), ti(r, n.extra);
+  try {
+    const i = await $t(o, "urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token", r);
+    return _e.fromTokenEndpointResponse(i);
+  } catch (i) {
+    throw new ce("Failed to exchange token for connection '".concat(n.connection, "'."), i);
+  }
+}
+async function as(n) {
+  const { configuration: e } = await C(O, this, F).call(this);
+  ei(n.subjectToken);
+  const t = new URLSearchParams({ subject_token_type: n.subjectTokenType, subject_token: n.subjectToken });
+  n.audience && t.append("audience", n.audience), n.scope && t.append("scope", n.scope), n.requestedTokenType && t.append("requested_token_type", n.requestedTokenType), n.organization && t.append("organization", n.organization), ti(t, n.extra);
+  try {
+    const o = await $t(e, "urn:ietf:params:oauth:grant-type:token-exchange", t);
+    return _e.fromTokenEndpointResponse(o);
+  } catch (o) {
+    throw new ce("Failed to exchange token of type '".concat(n.subjectTokenType, "'").concat(n.audience ? " for audience '".concat(n.audience, "'") : "", "."), o);
+  }
+}
+async function go() {
+  return y(Ye, this) || P(Ye, this, (async () => {
+    if (!y(I, this).clientSecret && !y(I, this).clientAssertionSigningKey && !y(I, this).useMtls) throw new Ba();
+    if (y(I, this).useMtls) return (e, t, o, r) => {
+      o.set("client_id", t.client_id);
+    };
+    let n = y(I, this).clientAssertionSigningKey;
+    return !n || n instanceof CryptoKey || (n = await (async function(e, t, o) {
+      if (typeof e != "string" || e.indexOf("-----BEGIN PRIVATE KEY-----") !== 0) throw new TypeError('"pkcs8" must be PKCS#8 formatted string');
+      return Ia(e, t, o);
+    })(n, y(I, this).clientAssertionSigningAlg || "RS256")), n ? (function(e, t) {
+      return Qi(e);
+    })(n) : Hr(y(I, this).clientSecret);
+  })().catch((n) => {
+    throw P(Ye, this, void 0), n;
+  })), y(Ye, this);
+}
+async function Wn(n) {
+  const { configuration: e } = await C(O, this, F).call(this), t = Ca(), o = await Oa(t), r = Bn(_(_({}, y(I, this).authorizationParams), n == null ? void 0 : n.authorizationParams)), i = new URLSearchParams(_(_({ scope: Qn }, r), {}, { client_id: y(I, this).clientId, code_challenge: o, code_challenge_method: "S256" }));
+  return { authorizationUrl: n != null && n.pushedAuthorizationRequests ? await Gr(e, i) : await Yn(e, i), codeVerifier: t };
+}
+class Ae extends j {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, Ae.prototype);
+  }
+  static fromPayload(e) {
+    let { error: t, error_description: o } = e;
+    return new Ae(t, o);
+  }
+}
+class en extends Ae {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, en.prototype);
+  }
+}
+class wo extends Ae {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, wo.prototype);
+  }
+}
+class vo extends Ae {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, vo.prototype);
+  }
+}
+class qe extends Ae {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, qe.prototype);
+  }
+}
+class bo extends Ae {
+  constructor(e, t) {
+    super(e, t), Object.setPrototypeOf(this, bo.prototype);
+  }
+}
+class ss {
+  constructor() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : 6e5;
+    this.contexts = /* @__PURE__ */ new Map(), this.ttlMs = e;
+  }
+  set(e, t) {
+    this.cleanup(), this.contexts.set(e, Object.assign(Object.assign({}, t), { createdAt: Date.now() }));
+  }
+  get(e) {
+    const t = this.contexts.get(e);
+    if (t) {
+      if (!(Date.now() - t.createdAt > this.ttlMs)) return t;
+      this.contexts.delete(e);
+    }
+  }
+  remove(e) {
+    this.contexts.delete(e);
+  }
+  cleanup() {
+    const e = Date.now();
+    for (const [t, o] of this.contexts) e - o.createdAt > this.ttlMs && this.contexts.delete(t);
+  }
+  get size() {
+    return this.contexts.size;
+  }
+}
+class cs {
+  constructor(e, t) {
+    this.authJsMfaClient = e, this.auth0Client = t, this.contextManager = new ss();
+  }
+  setMFAAuthDetails(e, t, o, r) {
+    this.contextManager.set(e, { scope: t, audience: o, mfaRequirements: r });
+  }
+  async getAuthenticators(e) {
+    var t, o;
+    const r = this.contextManager.get(e);
+    if (!(!((t = r == null ? void 0 : r.mfaRequirements) === null || t === void 0) && t.challenge) || r.mfaRequirements.challenge.length === 0) throw new en("invalid_request", "challengeType is required and must contain at least one challenge type, please check mfa_required error payload");
+    const i = r.mfaRequirements.challenge.map((a) => a.type);
+    try {
+      return (await this.authJsMfaClient.listAuthenticators({ mfaToken: e })).filter((a) => !!a.type && i.includes(a.type));
+    } catch (a) {
+      throw a instanceof qr ? new en((o = a.cause) === null || o === void 0 ? void 0 : o.error, a.message) : a;
+    }
+  }
+  async enroll(e) {
+    var t;
+    const o = (function(r) {
+      const i = Hi[r.factorType];
+      return Object.assign(Object.assign(Object.assign({ mfaToken: r.mfaToken, authenticatorTypes: i.authenticatorTypes }, i.oobChannels && { oobChannels: i.oobChannels }), "phoneNumber" in r && { phoneNumber: r.phoneNumber }), "email" in r && { email: r.email });
+    })(e);
+    try {
+      return await this.authJsMfaClient.enrollAuthenticator(o);
+    } catch (r) {
+      throw r instanceof Br ? new wo((t = r.cause) === null || t === void 0 ? void 0 : t.error, r.message) : r;
+    }
+  }
+  async challenge(e) {
+    var t;
+    try {
+      const o = { challengeType: e.challengeType, mfaToken: e.mfaToken };
+      return e.authenticatorId && (o.authenticatorId = e.authenticatorId), await this.authJsMfaClient.challengeAuthenticator(o);
+    } catch (o) {
+      throw o instanceof Qr ? new vo((t = o.cause) === null || t === void 0 ? void 0 : t.error, o.message) : o;
+    }
+  }
+  async getEnrollmentFactors(e) {
+    const t = this.contextManager.get(e);
+    if (!t || !t.mfaRequirements) throw new bo("mfa_context_not_found", "MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");
+    return t.mfaRequirements.enroll && t.mfaRequirements.enroll.length !== 0 ? t.mfaRequirements.enroll : [];
+  }
+  async verify(e) {
+    const t = this.contextManager.get(e.mfaToken);
+    if (!t) throw new qe("mfa_context_not_found", "MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");
+    const o = (function(a) {
+      return "otp" in a && a.otp ? Mi : "oobCode" in a && a.oobCode ? Ji : "recoveryCode" in a && a.recoveryCode ? Zi : void 0;
+    })(e);
+    if (!o) throw new qe("invalid_request", "Unable to determine grant type. Provide one of: otp, oobCode, or recoveryCode.");
+    const r = t.scope, i = t.audience;
+    try {
+      const a = await this.auth0Client._requestTokenForMfa({ grant_type: o, mfaToken: e.mfaToken, scope: r, audience: i, otp: e.otp, oob_code: e.oobCode, binding_code: e.bindingCode, recovery_code: e.recoveryCode });
+      return this.contextManager.remove(e.mfaToken), a;
+    } catch (a) {
+      if (a instanceof $e) this.setMFAAuthDetails(a.mfa_token, r, i, a.mfa_requirements);
+      else if (a instanceof qe) throw new qe(a.error, a.error_description);
+      throw a;
+    }
+  }
+}
+class us {
+  constructor(e) {
+    let t, o;
+    if (this.userCache = new fr().enclosedCache, this.defaultOptions = { authorizationParams: { scope: "openid profile email" }, useRefreshTokensFallback: !1, useFormData: !0 }, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
+      if (!Vt()) throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
+      if (Vt().subtle === void 0) throw new Error(`
+      auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
+    `);
+    })(), this.lockManager = (pn || (pn = li()), pn), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) o = e.cache;
+    else {
+      if (t = e.cacheLocation || _o, !Oo(t)) throw new Error('Invalid cache location "'.concat(t, '"'));
+      o = Oo(t)();
+    }
+    var r;
+    this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : Un, this.cookieStorage = e.legacySameSiteCookie === !1 ? Xe : Oi, this.orgHintCookieName = (r = this.options.clientId, "auth0.".concat(r, ".organization_hint")), this.isAuthenticatedCookieName = ((l) => "auth0.".concat(l, ".is.authenticated"))(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
+    const i = e.useCookiesForTransactions ? this.cookieStorage : Ci;
+    var a;
+    this.scope = (function(l, u) {
+      for (var p = arguments.length, h = new Array(p > 2 ? p - 2 : 0), d = 2; d < p; d++) h[d - 2] = arguments[d];
+      if (typeof l != "object") return { [H]: zt(u, l, ...h) };
+      let g = { [H]: zt(u, ...h) };
+      return Object.keys(l).forEach((f) => {
+        const m = l[f];
+        g[f] = zt(u, m, ...h);
+      }), g;
+    })(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new Ei(i, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || ar, this.cacheManager = new Ti(o, o.allKeys ? void 0 : new Ui(o, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Ni(this.options.clientId) : void 0, this.domainUrl = (a = this.options.domain, /^https?:\/\//.test(a) ? a : "https://".concat(a)), this.tokenIssuer = ((l, u) => l ? l.startsWith("https://") ? l : "https://".concat(l, "/") : "".concat(u, "/"))(this.options.issuer, this.domainUrl);
+    const s = "".concat(this.domainUrl, "/me/"), c = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({ authorizationParams: { scope: "create:me:connected_accounts", audience: s }, detailedResponse: !0 }) }));
+    this.myAccountApi = new zi(c, s), this.authJsClient = new os({ domain: this.options.domain, clientId: this.options.clientId }), this.mfa = new cs(this.authJsClient.mfa, this), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === _o && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new Wi(), this.worker.postMessage({ type: "init", allowedBaseUrl: this.domainUrl }));
+  }
+  getConfiguration() {
+    return Object.freeze({ domain: this.options.domain, clientId: this.options.clientId });
+  }
+  _url(e) {
+    const t = this.options.auth0Client || Kn, o = Dn(t, !0), r = encodeURIComponent(btoa(JSON.stringify(o)));
+    return "".concat(this.domainUrl).concat(e, "&auth0Client=").concat(r);
+  }
+  _authorizeUrl(e) {
+    return this._url("/authorize?".concat(ut(e)));
+  }
+  async _verifyIdToken(e, t, o) {
+    const r = await this.nowProvider();
+    return Ai({ iss: this.tokenIssuer, aud: this.options.clientId, id_token: e, nonce: t, organization: o, leeway: this.options.leeway, max_age: (i = this.options.authorizationParams.max_age, typeof i != "string" ? i : parseInt(i, 10) || void 0), now: r });
+    var i;
+  }
+  _processOrgHint(e) {
+    e ? this.cookieStorage.save(this.orgHintCookieName, e, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
+  }
+  _extractSessionTransferToken(e) {
+    return new URLSearchParams(window.location.search).get(e) || void 0;
+  }
+  _clearSessionTransferTokenFromUrl(e) {
+    try {
+      const t = new URL(window.location.href);
+      t.searchParams.has(e) && (t.searchParams.delete(e), window.history.replaceState({}, "", t.toString()));
+    } catch {
+    }
+  }
+  _applySessionTransferToken(e) {
+    const t = this.options.sessionTransferTokenQueryParamName;
+    if (!t || e.session_transfer_token) return e;
+    const o = this._extractSessionTransferToken(t);
+    return o ? (this._clearSessionTransferTokenFromUrl(t), Object.assign(Object.assign({}, e), { session_transfer_token: o })) : e;
+  }
+  async _prepareAuthorizeUrl(e, t, o) {
+    var r;
+    const i = un(rt()), a = un(rt()), s = rt(), c = await So(s), l = Eo(c), u = await ((r = this.dpop) === null || r === void 0 ? void 0 : r.calculateThumbprint()), p = ((d, g, f, m, w, k, S, T, v) => Object.assign(Object.assign(Object.assign({ client_id: d.clientId }, d.authorizationParams), f), { scope: Rt(g, f.scope, f.audience), response_type: "code", response_mode: T || "query", state: m, nonce: w, redirect_uri: S || d.authorizationParams.redirect_uri, code_challenge: k, code_challenge_method: "S256", dpop_jkt: v }))(this.options, this.scope, e, i, a, l, e.redirect_uri || this.options.authorizationParams.redirect_uri || o, t == null ? void 0 : t.response_mode, u), h = this._authorizeUrl(p);
+    return { nonce: a, code_verifier: s, scope: p.scope, audience: p.audience || H, redirect_uri: p.redirect_uri, state: i, url: h };
+  }
+  async loginWithPopup(e, t) {
+    var o;
+    if (e = e || {}, !(t = t || {}).popup && (t.popup = ((c) => {
+      const l = window.screenX + (window.innerWidth - 400) / 2, u = window.screenY + (window.innerHeight - 600) / 2;
+      return window.open(c, "auth0:authorize:popup", "left=".concat(l, ",top=").concat(u, ",width=").concat(400, ",height=").concat(600, ",resizable,scrollbars=yes,status=1"));
+    })(""), !t.popup)) throw new oo();
+    const r = this._applySessionTransferToken(e.authorizationParams || {}), i = await this._prepareAuthorizeUrl(r, { response_mode: "web_message" }, window.location.origin);
+    t.popup.location.href = i.url;
+    const a = await ((c, l) => new Promise((u, p) => {
+      let h;
+      const d = setInterval(() => {
+        c.popup && c.popup.closed && (clearInterval(d), clearTimeout(g), window.removeEventListener("message", h, !1), p(new no(c.popup)));
+      }, 1e3), g = setTimeout(() => {
+        clearInterval(d), p(new to(c.popup)), window.removeEventListener("message", h, !1);
+      }, 1e3 * (c.timeoutInSeconds || 60));
+      h = function(f) {
+        if (f.origin === l && f.data && f.data.type === "authorization_response") {
+          if (clearTimeout(g), clearInterval(d), window.removeEventListener("message", h, !1), c.closePopup !== !1 && c.popup.close(), f.data.response.error) return p(j.fromPayload(f.data.response));
+          u(f.data.response);
+        }
+      }, window.addEventListener("message", h);
+    }))(Object.assign(Object.assign({}, t), { timeoutInSeconds: t.timeoutInSeconds || this.options.authorizeTimeoutInSeconds || 60 }), new URL(i.url).origin);
+    if (i.state !== a.state) throw new j("state_mismatch", "Invalid state");
+    const s = ((o = e.authorizationParams) === null || o === void 0 ? void 0 : o.organization) || this.options.authorizationParams.organization;
+    await this._requestToken({ audience: i.audience, scope: i.scope, code_verifier: i.code_verifier, grant_type: "authorization_code", code: a.code, redirect_uri: i.redirect_uri }, { nonceIn: i.nonce, organization: s });
+  }
+  async getUser() {
+    var e;
+    const t = await this._getIdTokenFromCache();
+    return (e = t == null ? void 0 : t.decodedToken) === null || e === void 0 ? void 0 : e.user;
+  }
+  async getIdTokenClaims() {
+    var e;
+    const t = await this._getIdTokenFromCache();
+    return (e = t == null ? void 0 : t.decodedToken) === null || e === void 0 ? void 0 : e.claims;
+  }
+  async loginWithRedirect() {
+    var e;
+    const t = Co(arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {}), { openUrl: o, fragment: r, appState: i } = t, a = te(t, ["openUrl", "fragment", "appState"]), s = ((e = a.authorizationParams) === null || e === void 0 ? void 0 : e.organization) || this.options.authorizationParams.organization, c = this._applySessionTransferToken(a.authorizationParams || {}), l = await this._prepareAuthorizeUrl(c), { url: u } = l, p = te(l, ["url"]);
+    this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, p), { appState: i, response_type: Ue.Code }), s && { organization: s }));
+    const h = r ? "".concat(u, "#").concat(r) : u;
+    o ? await o(h) : window.location.assign(h);
+  }
+  async handleRedirectCallback() {
+    const e = (arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : window.location.href).split("?").slice(1);
+    if (e.length === 0) throw new Error("There are no query params available for parsing.");
+    const t = this.transactionManager.get();
+    if (!t) throw new j("missing_transaction", "Invalid state");
+    this.transactionManager.remove();
+    const o = ((r) => {
+      r.indexOf("#") > -1 && (r = r.substring(0, r.indexOf("#")));
+      const i = new URLSearchParams(r);
+      return { state: i.get("state"), code: i.get("code") || void 0, connect_code: i.get("connect_code") || void 0, error: i.get("error") || void 0, error_description: i.get("error_description") || void 0 };
+    })(e.join(""));
+    return t.response_type === Ue.ConnectCode ? this._handleConnectAccountRedirectCallback(o, t) : this._handleLoginRedirectCallback(o, t);
+  }
+  async _handleLoginRedirectCallback(e, t) {
+    const { code: o, state: r, error: i, error_description: a } = e;
+    if (i) throw new $n(i, a || i, r, t.appState);
+    if (!t.code_verifier || t.state && t.state !== r) throw new j("state_mismatch", "Invalid state");
+    const s = t.organization, c = t.nonce, l = t.redirect_uri;
+    return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code: o }, l ? { redirect_uri: l } : {}), { nonceIn: c, organization: s }), { appState: t.appState, response_type: Ue.Code };
+  }
+  async _handleConnectAccountRedirectCallback(e, t) {
+    const { connect_code: o, state: r, error: i, error_description: a } = e;
+    if (i) throw new eo(i, a || i, t.connection, r, t.appState);
+    if (!o) throw new j("missing_connect_code", "Missing connect code");
+    if (!(t.code_verifier && t.state && t.auth_session && t.redirect_uri && t.state === r)) throw new j("state_mismatch", "Invalid state");
+    const s = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code: o, redirect_uri: t.redirect_uri, code_verifier: t.code_verifier });
+    return Object.assign(Object.assign({}, s), { appState: t.appState, response_type: Ue.ConnectCode });
+  }
+  async checkSession(e) {
+    if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
+      if (!this.cookieStorage.get(xo)) return;
+      this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(xo);
+    }
+    try {
+      await this.getTokenSilently(e);
+    } catch {
+    }
+  }
+  async getTokenSilently() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
+    var t, o;
+    const r = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Rt(this.scope, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, ((o = e.authorizationParams) === null || o === void 0 ? void 0 : o.audience) || this.options.authorizationParams.audience) }) }), i = await ((a, s) => {
+      let c = yn[s];
+      return c || (c = a().finally(() => {
+        delete yn[s], c = null;
+      }), yn[s] = c), c;
+    })(() => this._getTokenSilently(r), "".concat(this.options.clientId, "::").concat(r.authorizationParams.audience, "::").concat(r.authorizationParams.scope));
+    return e.detailedResponse ? i : i == null ? void 0 : i.access_token;
+  }
+  async _getTokenSilently(e) {
+    const { cacheMode: t } = e, o = te(e, ["cacheMode"]);
+    if (t !== "off") {
+      const s = await this._getEntryFromCache({ scope: o.authorizationParams.scope, audience: o.authorizationParams.audience || H, clientId: this.options.clientId, cacheMode: t });
+      if (s) return s;
+    }
+    if (t === "cache-only") return;
+    const r = (i = this.options.clientId, a = o.authorizationParams.audience || "default", "".concat("auth0.lock.getTokenSilently", ".").concat(i, ".").concat(a));
+    var i, a;
+    try {
+      return await this.lockManager.runWithLock(r, 5e3, async () => {
+        if (t !== "off") {
+          const d = await this._getEntryFromCache({ scope: o.authorizationParams.scope, audience: o.authorizationParams.audience || H, clientId: this.options.clientId });
+          if (d) return d;
+        }
+        const s = this.options.useRefreshTokens ? await this._getTokenUsingRefreshToken(o) : await this._getTokenFromIFrame(o), { id_token: c, token_type: l, access_token: u, oauthTokenScope: p, expires_in: h } = s;
+        return Object.assign(Object.assign({ id_token: c, token_type: l, access_token: u }, p ? { scope: p } : null), { expires_in: h });
+      });
+    } catch (s) {
+      if (this._isInteractiveError(s) && this.options.interactiveErrorHandler === "popup") return await this._handleInteractiveErrorWithPopup(o);
+      throw s;
+    }
+  }
+  _isInteractiveError(e) {
+    return e instanceof $e || e instanceof j && this._isIframeMfaError(e);
+  }
+  _isIframeMfaError(e) {
+    return e.error === "login_required" && e.error_description === "Multifactor authentication required";
+  }
+  async _handleInteractiveErrorWithPopup(e) {
+    try {
+      await this.loginWithPopup({ authorizationParams: e.authorizationParams });
+      const t = await this._getEntryFromCache({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || H, clientId: this.options.clientId });
+      if (!t) throw new j("interactive_handler_cache_miss", "Token not found in cache after interactive authentication");
+      return t;
+    } catch (t) {
+      throw t;
+    }
+  }
+  async getTokenWithPopup() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {}, t = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : {};
+    var o, r;
+    const i = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Rt(this.scope, (o = e.authorizationParams) === null || o === void 0 ? void 0 : o.scope, ((r = e.authorizationParams) === null || r === void 0 ? void 0 : r.audience) || this.options.authorizationParams.audience) }) });
+    return t = Object.assign(Object.assign({}, oi), t), await this.loginWithPopup(i, t), (await this.cacheManager.get(new G({ scope: i.authorizationParams.scope, audience: i.authorizationParams.audience || H, clientId: this.options.clientId }), void 0, this.options.useMrrt)).access_token;
+  }
+  async isAuthenticated() {
+    return !!await this.getUser();
+  }
+  _buildLogoutUrl(e) {
+    e.clientId !== null ? e.clientId = e.clientId || this.options.clientId : delete e.clientId;
+    const t = e.logoutParams || {}, { federated: o } = t, r = te(t, ["federated"]), i = o ? "&federated" : "";
+    return this._url("/v2/logout?".concat(ut(Object.assign({ clientId: e.clientId }, r)))) + i;
+  }
+  async revokeRefreshToken() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
+    if (!this.options.useRefreshTokens) return;
+    const t = e.audience || this.options.authorizationParams.audience || H, o = await this.cacheManager.getRefreshTokensByAudience(t, this.options.clientId);
+    await (async function(r, i) {
+      let { baseUrl: a, timeout: s, auth0Client: c, useFormData: l, refreshTokens: u, audience: p, client_id: h, onRefreshTokenRevoked: d } = r;
+      const g = s || Un, f = "refresh_token", m = "".concat(a, "/oauth/revoke"), w = { "Content-Type": l ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(Dn(c || Kn))) };
+      if (i) {
+        const k = { client_id: h, token_type_hint: f }, S = l ? ut(k) : JSON.stringify(k);
+        return dr({ type: "revoke", timeout: g, fetchUrl: m, fetchOptions: { method: "POST", body: S, headers: w }, useFormData: l, auth: { audience: p ?? H } }, i);
+      }
+      for (const k of u) {
+        const S = { client_id: h, token_type_hint: f, token: k }, T = l ? ut(S) : JSON.stringify(S), v = await pr(m, { method: "POST", body: T, headers: w }, g);
+        if (!v.ok) {
+          let R, z;
+          try {
+            ({ error: R, error_description: z } = JSON.parse(await v.text()));
+          } catch {
+          }
+          throw new j(R || "revoke_error", z || "HTTP error ".concat(v.status));
+        }
+        await (d == null ? void 0 : d(k));
+      }
+    })({ baseUrl: this.domainUrl, timeout: this.httpTimeoutMs, auth0Client: this.options.auth0Client, useFormData: this.options.useFormData, client_id: this.options.clientId, refreshTokens: o, audience: t, onRefreshTokenRevoked: (r) => this.cacheManager.stripRefreshToken(r) }, this.worker);
+  }
+  async logout() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
+    var t;
+    const o = Co(e), { openUrl: r } = o, i = te(o, ["openUrl"]);
+    e.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(e.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove(Fe), await ((t = this.dpop) === null || t === void 0 ? void 0 : t.clear());
+    const a = this._buildLogoutUrl(i);
+    r ? await r(a) : r !== !1 && window.location.assign(a);
+  }
+  async _getTokenFromIFrame(e) {
+    const t = (o = this.options.clientId, "".concat("auth0.lock.getTokenFromIFrame", ".").concat(o));
+    var o;
+    try {
+      return await this.lockManager.runWithLock(t, 5e3, async () => {
+        const r = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), i = this.cookieStorage.get(this.orgHintCookieName);
+        i && !r.organization && (r.organization = i);
+        const { url: a, state: s, nonce: c, code_verifier: l, redirect_uri: u, scope: p, audience: h } = await this._prepareAuthorizeUrl(r, { response_mode: "web_message" }, window.location.origin);
+        if (window.crossOriginIsolated) throw new j("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
+        const d = e.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
+        let g;
+        try {
+          g = new URL(this.domainUrl).origin;
+        } catch {
+          g = this.domainUrl;
+        }
+        const f = await (function(w, k) {
+          let S = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : 60;
+          return new Promise((T, v) => {
+            const R = window.document.createElement("iframe");
+            R.setAttribute("width", "0"), R.setAttribute("height", "0"), R.style.display = "none";
+            const z = () => {
+              window.document.body.contains(R) && (window.document.body.removeChild(R), window.removeEventListener("message", K, !1));
+            };
+            let K;
+            const we = setTimeout(() => {
+              v(new nt()), z();
+            }, 1e3 * S);
+            K = function(V) {
+              if (V.origin != k || !V.data || V.data.type !== "authorization_response") return;
+              const He = V.source;
+              He && He.close(), V.data.response.error ? v(j.fromPayload(V.data.response)) : T(V.data.response), clearTimeout(we), window.removeEventListener("message", K, !1), setTimeout(z, 2e3);
+            }, window.addEventListener("message", K, !1), window.document.body.appendChild(R), R.setAttribute("src", w);
+          });
+        })(a, g, d);
+        if (s !== f.state) throw new j("state_mismatch", "Invalid state");
+        const m = await this._requestToken(Object.assign(Object.assign({}, e.authorizationParams), { code_verifier: l, code: f.code, grant_type: "authorization_code", redirect_uri: u, timeout: e.authorizationParams.timeout || this.httpTimeoutMs }), { nonceIn: c, organization: r.organization });
+        return Object.assign(Object.assign({}, m), { scope: p, oauthTokenScope: m.scope, audience: h });
+      });
+    } catch (r) {
+      throw r.error === "login_required" && (r instanceof j && this._isIframeMfaError(r) && this.options.interactiveErrorHandler === "popup" || this.logout({ openUrl: !1 })), r;
+    }
+  }
+  async _getTokenUsingRefreshToken(e) {
+    var t, o;
+    const r = await this.cacheManager.get(new G({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || H, clientId: this.options.clientId }), void 0, this.options.useMrrt);
+    if (!(r && r.refresh_token || this.worker)) {
+      if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
+      throw new tn(e.authorizationParams.audience || H, e.authorizationParams.scope);
+    }
+    const i = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, a = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, s = ((h, d, g, f) => {
+      var m;
+      if (h && g && f) {
+        if (d.audience !== g) return d.scope;
+        const w = f.split(" "), k = ((m = d.scope) === null || m === void 0 ? void 0 : m.split(" ")) || [], S = k.every((T) => w.includes(T));
+        return w.length >= k.length && S ? f : d.scope;
+      }
+      return d.scope;
+    })(this.options.useMrrt, e.authorizationParams, r == null ? void 0 : r.audience, r == null ? void 0 : r.scope);
+    try {
+      const h = await this._requestToken(Object.assign(Object.assign(Object.assign({}, e.authorizationParams), { grant_type: "refresh_token", refresh_token: r && r.refresh_token, redirect_uri: i }), a && { timeout: a }), { scopesToRequest: s });
+      if (h.refresh_token && (r != null && r.refresh_token) && await this.cacheManager.updateEntry(r.refresh_token, h.refresh_token), this.options.useMrrt && (c = r == null ? void 0 : r.audience, l = r == null ? void 0 : r.scope, u = e.authorizationParams.audience, p = e.authorizationParams.scope, (c !== u || !jo(p, l)) && !jo(s, h.scope))) {
+        if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
+        await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
+        const d = ((g, f) => {
+          const m = (g == null ? void 0 : g.split(" ")) || [], w = (f == null ? void 0 : f.split(" ")) || [];
+          return m.filter((k) => w.indexOf(k) == -1).join(",");
+        })(s, h.scope);
+        throw new ro(e.authorizationParams.audience || "default", d);
+      }
+      return Object.assign(Object.assign({}, h), { scope: e.authorizationParams.scope, oauthTokenScope: h.scope, audience: e.authorizationParams.audience || H });
+    } catch (h) {
+      if (h.message) {
+        if (h.message.includes("user is blocked")) throw await this.logout({ openUrl: !1 }), h;
+        if ((h.message.includes("Missing Refresh Token") || h.message.includes("invalid refresh token")) && this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
+      }
+      throw h instanceof $e && this.mfa.setMFAAuthDetails(h.mfa_token, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, (o = e.authorizationParams) === null || o === void 0 ? void 0 : o.audience, h.mfa_requirements), h;
+    }
+    var c, l, u, p;
+  }
+  async _saveEntryInCache(e) {
+    const { id_token: t, decodedToken: o } = e, r = te(e, ["id_token", "decodedToken"]);
+    this.userCache.set(Fe, { id_token: t, decodedToken: o }), await this.cacheManager.setIdToken(this.options.clientId, e.id_token, e.decodedToken), await this.cacheManager.set(r);
+  }
+  async _getIdTokenFromCache() {
+    const e = this.options.authorizationParams.audience || H, t = this.scope[e], o = await this.cacheManager.getIdToken(new G({ clientId: this.options.clientId, audience: e, scope: t })), r = this.userCache.get(Fe);
+    return o && o.id_token === (r == null ? void 0 : r.id_token) ? r : (this.userCache.set(Fe, o), o);
+  }
+  async _getEntryFromCache(e) {
+    let { scope: t, audience: o, clientId: r, cacheMode: i } = e;
+    const a = await this.cacheManager.get(new G({ scope: t, audience: o, clientId: r }), 60, this.options.useMrrt, i);
+    if (a && a.access_token) {
+      const { token_type: s, access_token: c, oauthTokenScope: l, expires_in: u } = a, p = await this._getIdTokenFromCache();
+      return p && Object.assign(Object.assign({ id_token: p.id_token, token_type: s || "Bearer", access_token: c }, l ? { scope: l } : null), { expires_in: u });
+    }
+  }
+  async _requestToken(e, t) {
+    var o, r;
+    const { nonceIn: i, organization: a, scopesToRequest: s } = t || {}, c = await _i(Object.assign(Object.assign({ baseUrl: this.domainUrl, client_id: this.options.clientId, auth0Client: this.options.auth0Client, useFormData: this.options.useFormData, timeout: this.httpTimeoutMs, useMrrt: this.options.useMrrt, dpop: this.dpop }, e), { scope: s || e.scope }), this.worker), l = await this._verifyIdToken(c.id_token, i, a);
+    if (e.grant_type === "authorization_code") {
+      const u = await this._getIdTokenFromCache();
+      !((r = (o = u == null ? void 0 : u.decodedToken) === null || o === void 0 ? void 0 : o.claims) === null || r === void 0) && r.sub && u.decodedToken.claims.sub !== l.claims.sub && (await this.cacheManager.clear(this.options.clientId), this.userCache.remove(Fe));
+    }
+    return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, c), { decodedToken: l, scope: e.scope, audience: e.audience || H }), c.scope ? { oauthTokenScope: c.scope } : null), { client_id: this.options.clientId })), this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this._processOrgHint(a || l.claims.org_id), Object.assign(Object.assign({}, c), { decodedToken: l });
+  }
+  async loginWithCustomTokenExchange(e) {
+    return this._requestToken(Object.assign(Object.assign({}, e), { grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", subject_token: e.subject_token, subject_token_type: e.subject_token_type, scope: Rt(this.scope, e.scope, e.audience || this.options.authorizationParams.audience), audience: e.audience || this.options.authorizationParams.audience, organization: e.organization || this.options.authorizationParams.organization }));
+  }
+  async exchangeToken(e) {
+    return this.loginWithCustomTokenExchange(e);
+  }
+  _assertDpop(e) {
+    if (!e) throw new Error("`useDpop` option must be enabled before using DPoP.");
+  }
+  getDpopNonce(e) {
+    return this._assertDpop(this.dpop), this.dpop.getNonce(e);
+  }
+  setDpopNonce(e, t) {
+    return this._assertDpop(this.dpop), this.dpop.setNonce(e, t);
+  }
+  generateDpopProof(e) {
+    return this._assertDpop(this.dpop), this.dpop.generateProof(e);
+  }
+  createFetcher() {
+    let e = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : {};
+    return new Li(e, { isDpopEnabled: () => !!this.options.useDpop, getAccessToken: (t) => {
+      var o;
+      return this.getTokenSilently({ authorizationParams: { scope: (o = t == null ? void 0 : t.scope) === null || o === void 0 ? void 0 : o.join(" "), audience: t == null ? void 0 : t.audience }, detailedResponse: !0 });
+    }, getDpopNonce: () => this.getDpopNonce(e.dpopNonceId), setDpopNonce: (t) => this.setDpopNonce(t, e.dpopNonceId), generateDpopProof: (t) => this.generateDpopProof(t) });
+  }
+  async connectAccountWithRedirect(e) {
+    const { openUrl: t, appState: o, connection: r, scopes: i, authorization_params: a, redirectUri: s = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
+    if (!r) throw new Error("connection is required");
+    const c = un(rt()), l = rt(), u = await So(l), p = Eo(u), { connect_uri: h, connect_params: d, auth_session: g } = await this.myAccountApi.connectAccount({ connection: r, scopes: i, redirect_uri: s, state: c, code_challenge: p, code_challenge_method: "S256", authorization_params: a });
+    this.transactionManager.create({ state: c, code_verifier: l, auth_session: g, redirect_uri: s, appState: o, connection: r, response_type: Ue.ConnectCode });
+    const f = new URL(h);
+    f.searchParams.set("ticket", d.ticket), t ? await t(f.toString()) : window.location.assign(f);
+  }
+  async _requestTokenForMfa(e, t) {
+    const { mfaToken: o } = e, r = te(e, ["mfaToken"]);
+    return this._requestToken(Object.assign(Object.assign({}, r), { mfa_token: o }), t);
+  }
+}
+export {
+  us as Auth0Client,
+  $n as AuthenticationError,
+  G as CacheKey,
+  eo as ConnectError,
+  j as GenericError,
+  fr as InMemoryCache,
+  Si as LocalStorageCache,
+  cs as MfaApiClient,
+  vo as MfaChallengeError,
+  wo as MfaEnrollmentError,
+  bo as MfaEnrollmentFactorsError,
+  Ae as MfaError,
+  en as MfaListAuthenticatorsError,
+  $e as MfaRequiredError,
+  qe as MfaVerifyError,
+  tn as MissingRefreshTokenError,
+  Ft as MyAccountApiError,
+  no as PopupCancelledError,
+  oo as PopupOpenError,
+  to as PopupTimeoutError,
+  Ue as ResponseType,
+  nt as TimeoutError,
+  nn as UseDpopNonceError
+};
+//# sourceMappingURL=auth0-spa-js.production.esm-Cr9w0sUa.js.map