mada-design-system 1.3.2 → 1.4.0

package/index.es110.js

@@ -1,2410 +1,508 @@
-import { jwtDecode as Te } from "./index.es196.js";
-var Pe = {
-  debug: () => {
+var B = Symbol.for("immer-nothing"), R = Symbol.for("immer-draftable"), u = Symbol.for("immer-state"), Y = process.env.NODE_ENV !== "production" ? [
+  // All error codes, starting by 0:
+  function(e) {
+    return `The plugin for '${e}' has not been loaded into Immer. To enable the plugin, import and call \`enable${e}()\` when initializing your application.`;
   },
-  info: () => {
+  function(e) {
+    return `produce can only be called on things that are draftable: plain objects, arrays, Map, Set or classes that are marked with '[immerable]: true'. Got '${e}'`;
   },
-  warn: () => {
+  "This object has been frozen and should not be mutated",
+  function(e) {
+    return "Cannot use a proxy that has been revoked. Did you pass an object from inside an immer function to an async process? " + e;
   },
-  error: () => {
-  }
-}, b, k, D = /* @__PURE__ */ ((e) => (e[e.NONE = 0] = "NONE", e[e.ERROR = 1] = "ERROR", e[e.WARN = 2] = "WARN", e[e.INFO = 3] = "INFO", e[e.DEBUG = 4] = "DEBUG", e))(D || {});
-((e) => {
-  function t() {
-    b = 3, k = Pe;
-  }
-  e.reset = t;
-  function s(r) {
-    if (!(0 <= r && r <= 4))
-      throw new Error("Invalid log level");
-    b = r;
-  }
-  e.setLevel = s;
-  function i(r) {
-    k = r;
-  }
-  e.setLogger = i;
-})(D || (D = {}));
-var g = class y {
-  constructor(t) {
-    this._name = t;
-  }
-  /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */
-  debug(...t) {
-    b >= 4 && k.debug(y._format(this._name, this._method), ...t);
-  }
-  info(...t) {
-    b >= 3 && k.info(y._format(this._name, this._method), ...t);
-  }
-  warn(...t) {
-    b >= 2 && k.warn(y._format(this._name, this._method), ...t);
-  }
-  error(...t) {
-    b >= 1 && k.error(y._format(this._name, this._method), ...t);
-  }
-  /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */
-  throw(t) {
-    throw this.error(t), t;
-  }
-  create(t) {
-    const s = Object.create(this);
-    return s._method = t, s.debug("begin"), s;
-  }
-  static createStatic(t, s) {
-    const i = new y(`${t}.${s}`);
-    return i.debug("begin"), i;
-  }
-  static _format(t, s) {
-    const i = `[${t}]`;
-    return s ? `${i} ${s}:` : i;
-  }
-  /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */
-  // helpers for static class methods
-  static debug(t, ...s) {
-    b >= 4 && k.debug(y._format(t), ...s);
-  }
-  static info(t, ...s) {
-    b >= 3 && k.info(y._format(t), ...s);
-  }
-  static warn(t, ...s) {
-    b >= 2 && k.warn(y._format(t), ...s);
-  }
-  static error(t, ...s) {
-    b >= 1 && k.error(y._format(t), ...s);
-  }
-  /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */
-};
-D.reset();
-var H = class {
-  // IMPORTANT: doesn't validate the token
-  static decode(e) {
-    try {
-      return Te(e);
-    } catch (t) {
-      throw g.error("JwtUtils.decode", t), t;
-    }
-  }
-  static async generateSignedJwt(e, t, s) {
-    const i = _.encodeBase64Url(new TextEncoder().encode(JSON.stringify(e))), r = _.encodeBase64Url(new TextEncoder().encode(JSON.stringify(t))), o = `${i}.${r}`, n = await window.crypto.subtle.sign(
-      {
-        name: "ECDSA",
-        hash: { name: "SHA-256" }
-      },
-      s,
-      new TextEncoder().encode(o)
-    ), a = _.encodeBase64Url(new Uint8Array(n));
-    return `${o}.${a}`;
-  }
-  static async generateSignedJwtWithHmac(e, t, s) {
-    const i = _.encodeBase64Url(new TextEncoder().encode(JSON.stringify(e))), r = _.encodeBase64Url(new TextEncoder().encode(JSON.stringify(t))), o = `${i}.${r}`, n = await window.crypto.subtle.sign(
-      "HMAC",
-      s,
-      new TextEncoder().encode(o)
-    ), a = _.encodeBase64Url(new Uint8Array(n));
-    return `${o}.${a}`;
-  }
-}, Re = "10000000-1000-4000-8000-100000000000", K = (e) => btoa([...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")), ie = class m {
-  static _randomWord() {
-    const t = new Uint32Array(1);
-    return crypto.getRandomValues(t), t[0];
-  }
-  /**
-   * Generates RFC4122 version 4 guid
-   */
-  static generateUUIDv4() {
-    return Re.replace(
-      /[018]/g,
-      (s) => (+s ^ m._randomWord() & 15 >> +s / 4).toString(16)
-    ).replace(/-/g, "");
-  }
-  /**
-   * PKCE: Generate a code verifier
-   */
-  static generateCodeVerifier() {
-    return m.generateUUIDv4() + m.generateUUIDv4() + m.generateUUIDv4();
-  }
-  /**
-   * PKCE: Generate a code challenge
-   */
-  static async generateCodeChallenge(t) {
-    if (!crypto.subtle)
-      throw new Error("Crypto.subtle is available only in secure contexts (HTTPS).");
-    try {
-      const i = new TextEncoder().encode(t), r = await crypto.subtle.digest("SHA-256", i);
-      return K(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-    } catch (s) {
-      throw g.error("CryptoUtils.generateCodeChallenge", s), s;
-    }
-  }
-  /**
-   * Generates a base64-encoded string for a basic auth header
-   */
-  static generateBasicAuth(t, s) {
-    const r = new TextEncoder().encode([t, s].join(":"));
-    return K(r);
-  }
-  /**
-   * Generates a hash of a string using a given algorithm
-   * @param alg
-   * @param message
-   */
-  static async hash(t, s) {
-    const i = new TextEncoder().encode(s), r = await crypto.subtle.digest(t, i);
-    return new Uint8Array(r);
-  }
-  /**
-   * Generates a rfc7638 compliant jwk thumbprint
-   * @param jwk
-   */
-  static async customCalculateJwkThumbprint(t) {
-    let s;
-    switch (t.kty) {
-      case "RSA":
-        s = {
-          e: t.e,
-          kty: t.kty,
-          n: t.n
-        };
-        break;
-      case "EC":
-        s = {
-          crv: t.crv,
-          kty: t.kty,
-          x: t.x,
-          y: t.y
-        };
-        break;
-      case "OKP":
-        s = {
-          crv: t.crv,
-          kty: t.kty,
-          x: t.x
-        };
-        break;
-      case "oct":
-        s = {
-          crv: t.k,
-          kty: t.kty
-        };
-        break;
-      default:
-        throw new Error("Unknown jwk type");
-    }
-    const i = await m.hash("SHA-256", JSON.stringify(s));
-    return m.encodeBase64Url(i);
-  }
-  static async generateDPoPProof({
-    url: t,
-    accessToken: s,
-    httpMethod: i,
-    keyPair: r,
-    nonce: o
-  }) {
-    let n, a;
-    const c = {
-      jti: window.crypto.randomUUID(),
-      htm: i ?? "GET",
-      htu: t,
-      iat: Math.floor(Date.now() / 1e3)
-    };
-    s && (n = await m.hash("SHA-256", s), a = m.encodeBase64Url(n), c.ath = a), o && (c.nonce = o);
-    try {
-      const l = await crypto.subtle.exportKey("jwk", r.publicKey), d = {
-        alg: "ES256",
-        typ: "dpop+jwt",
-        jwk: {
-          crv: l.crv,
-          kty: l.kty,
-          x: l.x,
-          y: l.y
-        }
-      };
-      return await H.generateSignedJwt(d, c, r.privateKey);
-    } catch (l) {
-      throw l instanceof TypeError ? new Error(`Error exporting dpop public key: ${l.message}`) : l;
-    }
-  }
-  static async generateDPoPJkt(t) {
-    try {
-      const s = await crypto.subtle.exportKey("jwk", t.publicKey);
-      return await m.customCalculateJwkThumbprint(s);
-    } catch (s) {
-      throw s instanceof TypeError ? new Error(`Could not retrieve dpop keys from storage: ${s.message}`) : s;
-    }
-  }
-  static async generateDPoPKeys() {
-    return await window.crypto.subtle.generateKey(
-      {
-        name: "ECDSA",
-        namedCurve: "P-256"
-      },
-      !1,
-      ["sign", "verify"]
-    );
-  }
-  /**
-   * Generates a client assertion JWT for client_secret_jwt authentication
-   * @param client_id The client identifier
-   * @param client_secret The client secret
-   * @param audience The token endpoint URL (audience)
-   * @param algorithm The HMAC algorithm to use (HS256, HS384, HS512). Defaults to HS256
-   */
-  static async generateClientAssertionJwt(t, s, i, r = "HS256") {
-    const o = Math.floor(Date.now() / 1e3), n = {
-      alg: r,
-      typ: "JWT"
-    }, a = {
-      iss: t,
-      sub: t,
-      aud: i,
-      jti: m.generateUUIDv4(),
-      exp: o + 300,
-      // 5 minutes
-      iat: o
-    }, l = {
-      HS256: "SHA-256",
-      HS384: "SHA-384",
-      HS512: "SHA-512"
-    }[r];
-    if (!l)
-      throw new Error(`Unsupported algorithm: ${r}. Supported algorithms are: HS256, HS384, HS512`);
-    const d = new TextEncoder(), h = await crypto.subtle.importKey(
-      "raw",
-      d.encode(s),
-      { name: "HMAC", hash: l },
-      !1,
-      ["sign"]
-    );
-    return await H.generateSignedJwtWithHmac(n, a, h);
-  }
-};
-ie.encodeBase64Url = (e) => K(e).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-var _ = ie, I = class {
-  constructor(e) {
-    this._name = e, this._callbacks = [], this._logger = new g(`Event('${this._name}')`);
-  }
-  addHandler(e) {
-    return this._callbacks.push(e), () => this.removeHandler(e);
-  }
-  removeHandler(e) {
-    const t = this._callbacks.lastIndexOf(e);
-    t >= 0 && this._callbacks.splice(t, 1);
-  }
-  async raise(...e) {
-    this._logger.debug("raise:", ...e);
-    for (const t of this._callbacks)
-      await t(...e);
-  }
-}, Z = class {
-  /**
-   * Populates a map of window features with a placement centered in front of
-   * the current window. If no explicit width is given, a default value is
-   * binned into [800, 720, 600, 480, 360] based on the current window's width.
-   */
-  static center({ ...e }) {
-    var t, s, i;
-    return e.width == null && (e.width = (t = [800, 720, 600, 480].find((r) => r <= window.outerWidth / 1.618)) != null ? t : 360), (s = e.left) != null || (e.left = Math.max(0, Math.round(window.screenX + (window.outerWidth - e.width) / 2))), e.height != null && ((i = e.top) != null || (e.top = Math.max(0, Math.round(window.screenY + (window.outerHeight - e.height) / 2)))), e;
-  }
-  static serialize(e) {
-    return Object.entries(e).filter(([, t]) => t != null).map(([t, s]) => `${t}=${typeof s != "boolean" ? s : s ? "yes" : "no"}`).join(",");
-  }
-}, T = class j extends I {
-  constructor() {
-    super(...arguments), this._logger = new g(`Timer('${this._name}')`), this._timerHandle = null, this._expiration = 0, this._callback = () => {
-      const t = this._expiration - j.getEpochTime();
-      this._logger.debug("timer completes in", t), this._expiration <= j.getEpochTime() && (this.cancel(), super.raise());
-    };
-  }
-  // get the time
-  static getEpochTime() {
-    return Math.floor(Date.now() / 1e3);
-  }
-  init(t) {
-    const s = this._logger.create("init");
-    t = Math.max(Math.floor(t), 1);
-    const i = j.getEpochTime() + t;
-    if (this.expiration === i && this._timerHandle) {
-      s.debug("skipping since already initialized for expiration at", this.expiration);
-      return;
-    }
-    this.cancel(), s.debug("using duration", t), this._expiration = i;
-    const r = Math.min(t, 5);
-    this._timerHandle = setInterval(this._callback, r * 1e3);
-  }
-  get expiration() {
-    return this._expiration;
-  }
-  cancel() {
-    this._logger.create("cancel"), this._timerHandle && (clearInterval(this._timerHandle), this._timerHandle = null);
-  }
-}, L = class {
-  static readParams(e, t = "query") {
-    if (!e) throw new TypeError("Invalid URL");
-    const i = new URL(e, "http://127.0.0.1")[t === "fragment" ? "hash" : "search"];
-    return new URLSearchParams(i.slice(1));
-  }
-}, N = ";", q = class extends Error {
-  constructor(e, t) {
-    var s, i, r;
-    if (super(e.error_description || e.error || ""), this.form = t, this.name = "ErrorResponse", !e.error)
-      throw g.error("ErrorResponse", "No error passed"), new Error("No error passed");
-    this.error = e.error, this.error_description = (s = e.error_description) != null ? s : null, this.error_uri = (i = e.error_uri) != null ? i : null, this.state = e.userState, this.session_state = (r = e.session_state) != null ? r : null, this.url_state = e.url_state;
-  }
-}, G = class extends Error {
-  constructor(e) {
-    super(e), this.name = "ErrorTimeout";
-  }
-}, Ie = class {
-  constructor(e) {
-    this._logger = new g("AccessTokenEvents"), this._expiringTimer = new T("Access token expiring"), this._expiredTimer = new T("Access token expired"), this._expiringNotificationTimeInSeconds = e.expiringNotificationTimeInSeconds;
-  }
-  async load(e) {
-    const t = this._logger.create("load");
-    if (e.access_token && e.expires_in !== void 0) {
-      const s = e.expires_in;
-      if (t.debug("access token present, remaining duration:", s), s > 0) {
-        let r = s - this._expiringNotificationTimeInSeconds;
-        r <= 0 && (r = 1), t.debug("registering expiring timer, raising in", r, "seconds"), this._expiringTimer.init(r);
-      } else
-        t.debug("canceling existing expiring timer because we're past expiration."), this._expiringTimer.cancel();
-      const i = s + 1;
-      t.debug("registering expired timer, raising in", i, "seconds"), this._expiredTimer.init(i);
-    } else
-      this._expiringTimer.cancel(), this._expiredTimer.cancel();
-  }
-  async unload() {
-    this._logger.debug("unload: canceling existing access token timers"), this._expiringTimer.cancel(), this._expiredTimer.cancel();
-  }
-  /**
-   * Add callback: Raised prior to the access token expiring.
-   */
-  addAccessTokenExpiring(e) {
-    return this._expiringTimer.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised prior to the access token expiring.
-   */
-  removeAccessTokenExpiring(e) {
-    this._expiringTimer.removeHandler(e);
-  }
-  /**
-   * Add callback: Raised after the access token has expired.
-   */
-  addAccessTokenExpired(e) {
-    return this._expiredTimer.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised after the access token has expired.
-   */
-  removeAccessTokenExpired(e) {
-    this._expiredTimer.removeHandler(e);
-  }
-}, Ce = class {
-  constructor(e, t, s, i, r) {
-    this._callback = e, this._client_id = t, this._intervalInSeconds = i, this._stopOnError = r, this._logger = new g("CheckSessionIFrame"), this._timer = null, this._session_state = null, this._message = (n) => {
-      n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (this._logger.error("error message from check session op iframe"), this._stopOnError && this.stop()) : n.data === "changed" ? (this._logger.debug("changed message from check session op iframe"), this.stop(), this._callback()) : this._logger.debug(n.data + " message from check session op iframe"));
-    };
-    const o = new URL(s);
-    this._frame_origin = o.origin, this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "fixed", this._frame.style.left = "-1000px", this._frame.style.top = "0", this._frame.width = "0", this._frame.height = "0", this._frame.src = o.href;
-  }
-  load() {
-    return new Promise((e) => {
-      this._frame.onload = () => {
-        e();
-      }, window.document.body.appendChild(this._frame), window.addEventListener("message", this._message, !1);
-    });
-  }
-  start(e) {
-    if (this._session_state === e)
-      return;
-    this._logger.create("start"), this.stop(), this._session_state = e;
-    const t = () => {
-      !this._frame.contentWindow || !this._session_state || this._frame.contentWindow.postMessage(this._client_id + " " + this._session_state, this._frame_origin);
-    };
-    t(), this._timer = setInterval(t, this._intervalInSeconds * 1e3);
-  }
-  stop() {
-    this._logger.create("stop"), this._session_state = null, this._timer && (clearInterval(this._timer), this._timer = null);
-  }
-}, re = class {
-  constructor() {
-    this._logger = new g("InMemoryWebStorage"), this._data = {};
-  }
-  clear() {
-    this._logger.create("clear"), this._data = {};
-  }
-  getItem(e) {
-    return this._logger.create(`getItem('${e}')`), this._data[e];
-  }
-  setItem(e, t) {
-    this._logger.create(`setItem('${e}')`), this._data[e] = t;
-  }
-  removeItem(e) {
-    this._logger.create(`removeItem('${e}')`), delete this._data[e];
-  }
-  get length() {
-    return Object.getOwnPropertyNames(this._data).length;
-  }
-  key(e) {
-    return Object.getOwnPropertyNames(this._data)[e];
-  }
-}, F = class extends Error {
-  constructor(e, t) {
-    super(t), this.name = "ErrorDPoPNonce", this.nonce = e;
-  }
-}, Q = class {
-  constructor(e = [], t = null, s = {}) {
-    this._jwtHandler = t, this._extraHeaders = s, this._logger = new g("JsonService"), this._contentTypes = [], this._contentTypes.push(...e, "application/json"), t && this._contentTypes.push("application/jwt");
-  }
-  async fetchWithTimeout(e, t = {}) {
-    const { timeoutInSeconds: s, ...i } = t;
-    if (!s)
-      return await fetch(e, i);
-    const r = new AbortController(), o = setTimeout(() => r.abort(), s * 1e3);
-    try {
-      return await fetch(e, {
-        ...t,
-        signal: r.signal
-      });
-    } catch (n) {
-      throw n instanceof DOMException && n.name === "AbortError" ? new G("Network timed out") : n;
-    } finally {
-      clearTimeout(o);
-    }
-  }
-  async getJson(e, {
-    token: t,
-    credentials: s,
-    timeoutInSeconds: i
-  } = {}) {
-    const r = this._logger.create("getJson"), o = {
-      Accept: this._contentTypes.join(", ")
-    };
-    t && (r.debug("token passed, setting Authorization header"), o.Authorization = "Bearer " + t), this._appendExtraHeaders(o);
-    let n;
-    try {
-      r.debug("url:", e), n = await this.fetchWithTimeout(e, { method: "GET", headers: o, timeoutInSeconds: i, credentials: s });
-    } catch (l) {
-      throw r.error("Network Error"), l;
-    }
-    r.debug("HTTP response received, status", n.status);
-    const a = n.headers.get("Content-Type");
-    if (a && !this._contentTypes.find((l) => a.startsWith(l)) && r.throw(new Error(`Invalid response Content-Type: ${a ?? "undefined"}, from URL: ${e}`)), n.ok && this._jwtHandler && (a != null && a.startsWith("application/jwt")))
-      return await this._jwtHandler(await n.text());
-    let c;
-    try {
-      c = await n.json();
-    } catch (l) {
-      throw r.error("Error parsing JSON response", l), n.ok ? l : new Error(`${n.statusText} (${n.status})`);
-    }
-    if (!n.ok)
-      throw r.error("Error from server:", c), c.error ? new q(c) : new Error(`${n.statusText} (${n.status}): ${JSON.stringify(c)}`);
-    return c;
-  }
-  async postForm(e, {
-    body: t,
-    basicAuth: s,
-    timeoutInSeconds: i,
-    initCredentials: r,
-    extraHeaders: o
-  }) {
-    const n = this._logger.create("postForm"), a = {
-      Accept: this._contentTypes.join(", "),
-      "Content-Type": "application/x-www-form-urlencoded",
-      ...o
-    };
-    s !== void 0 && (a.Authorization = "Basic " + s), this._appendExtraHeaders(a);
-    let c;
-    try {
-      n.debug("url:", e), c = await this.fetchWithTimeout(e, { method: "POST", headers: a, body: t, timeoutInSeconds: i, credentials: r });
-    } catch (u) {
-      throw n.error("Network error"), u;
-    }
-    n.debug("HTTP response received, status", c.status);
-    const l = c.headers.get("Content-Type");
-    if (l && !this._contentTypes.find((u) => l.startsWith(u)))
-      throw new Error(`Invalid response Content-Type: ${l ?? "undefined"}, from URL: ${e}`);
-    const d = await c.text();
-    let h = {};
-    if (d)
-      try {
-        h = JSON.parse(d);
-      } catch (u) {
-        throw n.error("Error parsing JSON response", u), c.ok ? u : new Error(`${c.statusText} (${c.status})`);
-      }
-    if (!c.ok) {
-      if (n.error("Error from server:", h), c.headers.has("dpop-nonce")) {
-        const u = c.headers.get("dpop-nonce");
-        throw new F(u, `${JSON.stringify(h)}`);
-      }
-      throw h.error ? new q(h, t) : new Error(`${c.statusText} (${c.status}): ${JSON.stringify(h)}`);
-    }
-    return h;
-  }
-  _appendExtraHeaders(e) {
-    const t = this._logger.create("appendExtraHeaders"), s = Object.keys(this._extraHeaders), i = [
-      "accept",
-      "content-type"
-    ], r = [
-      "authorization"
-    ];
-    s.length !== 0 && s.forEach((o) => {
-      if (i.includes(o.toLocaleLowerCase())) {
-        t.warn("Protected header could not be set", o, i);
-        return;
-      }
-      if (r.includes(o.toLocaleLowerCase()) && Object.keys(e).includes(o)) {
-        t.warn("Header could not be overridden", o, r);
-        return;
-      }
-      const n = typeof this._extraHeaders[o] == "function" ? this._extraHeaders[o]() : this._extraHeaders[o];
-      n && n !== "" && (e[o] = n);
-    });
-  }
-}, xe = class {
-  constructor(e) {
-    this._settings = e, this._logger = new g("MetadataService"), this._signingKeys = null, this._metadata = null, this._metadataUrl = this._settings.metadataUrl, this._jsonService = new Q(
-      ["application/jwk-set+json"],
-      null,
-      this._settings.extraHeaders
-    ), this._settings.signingKeys && (this._logger.debug("using signingKeys from settings"), this._signingKeys = this._settings.signingKeys), this._settings.metadata && (this._logger.debug("using metadata from settings"), this._metadata = this._settings.metadata), this._settings.fetchRequestCredentials && (this._logger.debug("using fetchRequestCredentials from settings"), this._fetchRequestCredentials = this._settings.fetchRequestCredentials);
-  }
-  resetSigningKeys() {
-    this._signingKeys = null;
-  }
-  async getMetadata() {
-    const e = this._logger.create("getMetadata");
-    if (this._metadata)
-      return e.debug("using cached values"), this._metadata;
-    if (!this._metadataUrl)
-      throw e.throw(new Error("No authority or metadataUrl configured on settings")), null;
-    e.debug("getting metadata from", this._metadataUrl);
-    const t = await this._jsonService.getJson(this._metadataUrl, { credentials: this._fetchRequestCredentials, timeoutInSeconds: this._settings.requestTimeoutInSeconds });
-    return e.debug("merging remote JSON with seed metadata"), this._metadata = Object.assign({}, t, this._settings.metadataSeed), this._metadata;
-  }
-  getIssuer() {
-    return this._getMetadataProperty("issuer");
-  }
-  getAuthorizationEndpoint() {
-    return this._getMetadataProperty("authorization_endpoint");
-  }
-  getUserInfoEndpoint() {
-    return this._getMetadataProperty("userinfo_endpoint");
-  }
-  getTokenEndpoint(e = !0) {
-    return this._getMetadataProperty("token_endpoint", e);
-  }
-  getCheckSessionIframe() {
-    return this._getMetadataProperty("check_session_iframe", !0);
-  }
-  getEndSessionEndpoint() {
-    return this._getMetadataProperty("end_session_endpoint", !0);
-  }
-  getRevocationEndpoint(e = !0) {
-    return this._getMetadataProperty("revocation_endpoint", e);
-  }
-  getKeysEndpoint(e = !0) {
-    return this._getMetadataProperty("jwks_uri", e);
-  }
-  async _getMetadataProperty(e, t = !1) {
-    const s = this._logger.create(`_getMetadataProperty('${e}')`), i = await this.getMetadata();
-    if (s.debug("resolved"), i[e] === void 0) {
-      if (t === !0) {
-        s.warn("Metadata does not contain optional property");
-        return;
-      }
-      s.throw(new Error("Metadata does not contain property " + e));
-    }
-    return i[e];
-  }
-  async getSigningKeys() {
-    const e = this._logger.create("getSigningKeys");
-    if (this._signingKeys)
-      return e.debug("returning signingKeys from cache"), this._signingKeys;
-    const t = await this.getKeysEndpoint(!1);
-    e.debug("got jwks_uri", t);
-    const s = await this._jsonService.getJson(t, { timeoutInSeconds: this._settings.requestTimeoutInSeconds });
-    if (e.debug("got key set", s), !Array.isArray(s.keys))
-      throw e.throw(new Error("Missing keys on keyset")), null;
-    return this._signingKeys = s.keys, this._signingKeys;
-  }
-}, ne = class {
-  constructor({
-    prefix: e = "oidc.",
-    store: t = localStorage
-  } = {}) {
-    this._logger = new g("WebStorageStateStore"), this._store = t, this._prefix = e;
-  }
-  async set(e, t) {
-    this._logger.create(`set('${e}')`), e = this._prefix + e, await this._store.setItem(e, t);
-  }
-  async get(e) {
-    return this._logger.create(`get('${e}')`), e = this._prefix + e, await this._store.getItem(e);
-  }
-  async remove(e) {
-    this._logger.create(`remove('${e}')`), e = this._prefix + e;
-    const t = await this._store.getItem(e);
-    return await this._store.removeItem(e), t;
-  }
-  async getAllKeys() {
-    this._logger.create("getAllKeys");
-    const e = await this._store.length, t = [];
-    for (let s = 0; s < e; s++) {
-      const i = await this._store.key(s);
-      i && i.indexOf(this._prefix) === 0 && t.push(i.substr(this._prefix.length));
-    }
-    return t;
-  }
-}, Ue = "code", Ae = "openid", Oe = "client_secret_post", qe = 900, z = class {
-  constructor({
-    // metadata related
-    authority: e,
-    metadataUrl: t,
-    metadata: s,
-    signingKeys: i,
-    metadataSeed: r,
-    // client related
-    client_id: o,
-    client_secret: n,
-    response_type: a = Ue,
-    scope: c = Ae,
-    redirect_uri: l,
-    post_logout_redirect_uri: d,
-    client_authentication: h = Oe,
-    token_endpoint_auth_signing_alg: u = "HS256",
-    // optional protocol
-    prompt: w,
-    display: C,
-    max_age: x,
-    ui_locales: U,
-    acr_values: A,
-    resource: P,
-    response_mode: O,
-    // behavior flags
-    filterProtocolClaims: R = !0,
-    loadUserInfo: S = !1,
-    requestTimeoutInSeconds: p,
-    staleStateAgeInSeconds: E = qe,
-    mergeClaimsStrategy: v = { array: "replace" },
-    disablePKCE: f = !1,
-    // other behavior
-    stateStore: M,
-    revokeTokenAdditionalContentTypes: fe,
-    fetchRequestCredentials: X,
-    refreshTokenAllowedScope: me,
-    // extra
-    extraQueryParams: Se = {},
-    extraTokenParams: ve = {},
-    extraHeaders: ye = {},
-    dpop: be,
-    omitScopeWhenRequesting: ke = !1
-  }) {
-    var Y;
-    if (this.authority = e, t ? this.metadataUrl = t : (this.metadataUrl = e, e && (this.metadataUrl.endsWith("/") || (this.metadataUrl += "/"), this.metadataUrl += ".well-known/openid-configuration")), this.metadata = s, this.metadataSeed = r, this.signingKeys = i, this.client_id = o, this.client_secret = n, this.response_type = a, this.scope = c, this.redirect_uri = l, this.post_logout_redirect_uri = d, this.client_authentication = h, this.token_endpoint_auth_signing_alg = u, this.prompt = w, this.display = C, this.max_age = x, this.ui_locales = U, this.acr_values = A, this.resource = P, this.response_mode = O, this.filterProtocolClaims = R ?? !0, this.loadUserInfo = !!S, this.staleStateAgeInSeconds = E, this.mergeClaimsStrategy = v, this.omitScopeWhenRequesting = ke, this.disablePKCE = !!f, this.revokeTokenAdditionalContentTypes = fe, this.fetchRequestCredentials = X || "same-origin", this.requestTimeoutInSeconds = p, M)
-      this.stateStore = M;
-    else {
-      const Ee = typeof window < "u" ? window.localStorage : new re();
-      this.stateStore = new ne({ store: Ee });
-    }
-    if (this.refreshTokenAllowedScope = me, this.extraQueryParams = Se, this.extraTokenParams = ve, this.extraHeaders = ye, this.dpop = be, this.dpop && !((Y = this.dpop) != null && Y.store))
-      throw new Error("A DPoPStore is required when dpop is enabled");
-  }
-}, Ne = class {
-  constructor(e, t) {
-    this._settings = e, this._metadataService = t, this._logger = new g("UserInfoService"), this._getClaimsFromJwt = async (s) => {
-      const i = this._logger.create("_getClaimsFromJwt");
-      try {
-        const r = H.decode(s);
-        return i.debug("JWT decoding successful"), r;
-      } catch (r) {
-        throw i.error("Error parsing JWT response"), r;
-      }
-    }, this._jsonService = new Q(
-      void 0,
-      this._getClaimsFromJwt,
-      this._settings.extraHeaders
-    );
-  }
-  async getClaims(e) {
-    const t = this._logger.create("getClaims");
-    e || this._logger.throw(new Error("No token passed"));
-    const s = await this._metadataService.getUserInfoEndpoint();
-    t.debug("got userinfo url", s);
-    const i = await this._jsonService.getJson(s, {
-      token: e,
-      credentials: this._settings.fetchRequestCredentials,
-      timeoutInSeconds: this._settings.requestTimeoutInSeconds
-    });
-    return t.debug("got claims", i), i;
-  }
-}, oe = class {
-  constructor(e, t) {
-    this._settings = e, this._metadataService = t, this._logger = new g("TokenClient"), this._jsonService = new Q(
-      this._settings.revokeTokenAdditionalContentTypes,
-      null,
-      this._settings.extraHeaders
-    );
-  }
-  /**
-   * Exchange code.
-   *
-   * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
-   */
-  async exchangeCode({
-    grant_type: e = "authorization_code",
-    redirect_uri: t = this._settings.redirect_uri,
-    client_id: s = this._settings.client_id,
-    client_secret: i = this._settings.client_secret,
-    extraHeaders: r,
-    ...o
-  }) {
-    const n = this._logger.create("exchangeCode");
-    s || n.throw(new Error("A client_id is required")), t || n.throw(new Error("A redirect_uri is required")), o.code || n.throw(new Error("A code is required"));
-    const a = new URLSearchParams({ grant_type: e, redirect_uri: t });
-    for (const [h, u] of Object.entries(o))
-      u != null && a.set(h, u);
-    if ((this._settings.client_authentication === "client_secret_basic" || this._settings.client_authentication === "client_secret_jwt") && i == null)
-      throw n.throw(new Error("A client_secret is required")), null;
-    let c;
-    const l = await this._metadataService.getTokenEndpoint(!1);
-    switch (this._settings.client_authentication) {
-      case "client_secret_basic":
-        c = _.generateBasicAuth(s, i);
-        break;
-      case "client_secret_post":
-        a.append("client_id", s), i && a.append("client_secret", i);
-        break;
-      case "client_secret_jwt": {
-        const h = await _.generateClientAssertionJwt(s, i, l, this._settings.token_endpoint_auth_signing_alg);
-        a.append("client_id", s), a.append("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), a.append("client_assertion", h);
-        break;
-      }
-    }
-    n.debug("got token endpoint");
-    const d = await this._jsonService.postForm(l, {
-      body: a,
-      basicAuth: c,
-      timeoutInSeconds: this._settings.requestTimeoutInSeconds,
-      initCredentials: this._settings.fetchRequestCredentials,
-      extraHeaders: r
-    });
-    return n.debug("got response"), d;
-  }
-  /**
-   * Exchange credentials.
-   *
-   * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2
-   */
-  async exchangeCredentials({
-    grant_type: e = "password",
-    client_id: t = this._settings.client_id,
-    client_secret: s = this._settings.client_secret,
-    scope: i = this._settings.scope,
-    ...r
-  }) {
-    const o = this._logger.create("exchangeCredentials");
-    t || o.throw(new Error("A client_id is required"));
-    const n = new URLSearchParams({ grant_type: e });
-    this._settings.omitScopeWhenRequesting || n.set("scope", i);
-    for (const [d, h] of Object.entries(r))
-      h != null && n.set(d, h);
-    if ((this._settings.client_authentication === "client_secret_basic" || this._settings.client_authentication === "client_secret_jwt") && s == null)
-      throw o.throw(new Error("A client_secret is required")), null;
-    let a;
-    const c = await this._metadataService.getTokenEndpoint(!1);
-    switch (this._settings.client_authentication) {
-      case "client_secret_basic":
-        a = _.generateBasicAuth(t, s);
-        break;
-      case "client_secret_post":
-        n.append("client_id", t), s && n.append("client_secret", s);
-        break;
-      case "client_secret_jwt": {
-        const d = await _.generateClientAssertionJwt(t, s, c, this._settings.token_endpoint_auth_signing_alg);
-        n.append("client_id", t), n.append("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.append("client_assertion", d);
-        break;
-      }
-    }
-    o.debug("got token endpoint");
-    const l = await this._jsonService.postForm(c, { body: n, basicAuth: a, timeoutInSeconds: this._settings.requestTimeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials });
-    return o.debug("got response"), l;
-  }
-  /**
-   * Exchange a refresh token.
-   *
-   * @see https://www.rfc-editor.org/rfc/rfc6749#section-6
-   */
-  async exchangeRefreshToken({
-    grant_type: e = "refresh_token",
-    client_id: t = this._settings.client_id,
-    client_secret: s = this._settings.client_secret,
-    timeoutInSeconds: i,
-    extraHeaders: r,
-    ...o
-  }) {
-    const n = this._logger.create("exchangeRefreshToken");
-    t || n.throw(new Error("A client_id is required")), o.refresh_token || n.throw(new Error("A refresh_token is required"));
-    const a = new URLSearchParams({ grant_type: e });
-    for (const [h, u] of Object.entries(o))
-      Array.isArray(u) ? u.forEach((w) => a.append(h, w)) : u != null && a.set(h, u);
-    if ((this._settings.client_authentication === "client_secret_basic" || this._settings.client_authentication === "client_secret_jwt") && s == null)
-      throw n.throw(new Error("A client_secret is required")), null;
-    let c;
-    const l = await this._metadataService.getTokenEndpoint(!1);
-    switch (this._settings.client_authentication) {
-      case "client_secret_basic":
-        c = _.generateBasicAuth(t, s);
-        break;
-      case "client_secret_post":
-        a.append("client_id", t), s && a.append("client_secret", s);
-        break;
-      case "client_secret_jwt": {
-        const h = await _.generateClientAssertionJwt(t, s, l, this._settings.token_endpoint_auth_signing_alg);
-        a.append("client_id", t), a.append("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), a.append("client_assertion", h);
-        break;
-      }
-    }
-    n.debug("got token endpoint");
-    const d = await this._jsonService.postForm(l, { body: a, basicAuth: c, timeoutInSeconds: i, initCredentials: this._settings.fetchRequestCredentials, extraHeaders: r });
-    return n.debug("got response"), d;
-  }
-  /**
-   * Revoke an access or refresh token.
-   *
-   * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
-   */
-  async revoke(e) {
-    var t;
-    const s = this._logger.create("revoke");
-    e.token || s.throw(new Error("A token is required"));
-    const i = await this._metadataService.getRevocationEndpoint(!1);
-    s.debug(`got revocation endpoint, revoking ${(t = e.token_type_hint) != null ? t : "default token type"}`);
-    const r = new URLSearchParams();
-    for (const [o, n] of Object.entries(e))
-      n != null && r.set(o, n);
-    r.set("client_id", this._settings.client_id), this._settings.client_secret && r.set("client_secret", this._settings.client_secret), await this._jsonService.postForm(i, { body: r, timeoutInSeconds: this._settings.requestTimeoutInSeconds }), s.debug("got response");
-  }
-}, Me = class {
-  constructor(e, t, s) {
-    this._settings = e, this._metadataService = t, this._claimsService = s, this._logger = new g("ResponseValidator"), this._userInfoService = new Ne(this._settings, this._metadataService), this._tokenClient = new oe(this._settings, this._metadataService);
-  }
-  async validateSigninResponse(e, t, s) {
-    const i = this._logger.create("validateSigninResponse");
-    this._processSigninState(e, t), i.debug("state processed"), await this._processCode(e, t, s), i.debug("code processed"), e.isOpenId && this._validateIdTokenAttributes(e), i.debug("tokens validated"), await this._processClaims(e, t == null ? void 0 : t.skipUserInfo, e.isOpenId), i.debug("claims processed");
-  }
-  async validateCredentialsResponse(e, t) {
-    const s = this._logger.create("validateCredentialsResponse"), i = e.isOpenId && !!e.id_token;
-    i && this._validateIdTokenAttributes(e), s.debug("tokens validated"), await this._processClaims(e, t, i), s.debug("claims processed");
-  }
-  async validateRefreshResponse(e, t) {
-    var s, i;
-    const r = this._logger.create("validateRefreshResponse");
-    e.userState = t.data, (s = e.session_state) != null || (e.session_state = t.session_state), (i = e.scope) != null || (e.scope = t.scope), e.isOpenId && e.id_token && (this._validateIdTokenAttributes(e, t.id_token), r.debug("ID Token validated")), e.id_token || (e.id_token = t.id_token, e.profile = t.profile);
-    const o = e.isOpenId && !!e.id_token;
-    await this._processClaims(e, !1, o), r.debug("claims processed");
-  }
-  validateSignoutResponse(e, t) {
-    const s = this._logger.create("validateSignoutResponse");
-    if (t.id !== e.state && s.throw(new Error("State does not match")), s.debug("state validated"), e.userState = t.data, e.error)
-      throw s.warn("Response was error", e.error), new q(e);
-  }
-  _processSigninState(e, t) {
-    var s;
-    const i = this._logger.create("_processSigninState");
-    if (t.id !== e.state && i.throw(new Error("State does not match")), t.client_id || i.throw(new Error("No client_id on state")), t.authority || i.throw(new Error("No authority on state")), this._settings.authority !== t.authority && i.throw(new Error("authority mismatch on settings vs. signin state")), this._settings.client_id && this._settings.client_id !== t.client_id && i.throw(new Error("client_id mismatch on settings vs. signin state")), i.debug("state validated"), e.userState = t.data, e.url_state = t.url_state, (s = e.scope) != null || (e.scope = t.scope), e.error)
-      throw i.warn("Response was error", e.error), new q(e);
-    t.code_verifier && !e.code && i.throw(new Error("Expected code in response"));
-  }
-  async _processClaims(e, t = !1, s = !0) {
-    const i = this._logger.create("_processClaims");
-    if (e.profile = this._claimsService.filterProtocolClaims(e.profile), t || !this._settings.loadUserInfo || !e.access_token) {
-      i.debug("not loading user info");
-      return;
-    }
-    i.debug("loading user info");
-    const r = await this._userInfoService.getClaims(e.access_token);
-    i.debug("user info claims received from user info endpoint"), s && r.sub !== e.profile.sub && i.throw(new Error("subject from UserInfo response does not match subject in ID Token")), e.profile = this._claimsService.mergeClaims(e.profile, this._claimsService.filterProtocolClaims(r)), i.debug("user info claims received, updated profile:", e.profile);
-  }
-  async _processCode(e, t, s) {
-    const i = this._logger.create("_processCode");
-    if (e.code) {
-      i.debug("Validating code");
-      const r = await this._tokenClient.exchangeCode({
-        client_id: t.client_id,
-        client_secret: t.client_secret,
-        code: e.code,
-        redirect_uri: t.redirect_uri,
-        code_verifier: t.code_verifier,
-        extraHeaders: s,
-        ...t.extraTokenParams
+  "An immer producer returned a new value *and* modified its draft. Either return a new value *or* modify the draft.",
+  "Immer forbids circular references",
+  "The first or second argument to `produce` must be a function",
+  "The third argument to `produce` must be a function or undefined",
+  "First argument to `createDraft` must be a plain object, an array, or an immerable object",
+  "First argument to `finishDraft` must be a draft returned by `createDraft`",
+  function(e) {
+    return `'current' expects a draft, got: ${e}`;
+  },
+  "Object.defineProperty() cannot be used on an Immer draft",
+  "Object.setPrototypeOf() cannot be used on an Immer draft",
+  "Immer only supports deleting array indices",
+  "Immer only supports setting array indices and the 'length' property",
+  function(e) {
+    return `'original' expects a draft, got: ${e}`;
+  }
+  // Note: if more errors are added, the errorOffset in Patches.ts should be increased
+  // See Patches.ts for additional errors
+] : [];
+function f(e, ...t) {
+  if (process.env.NODE_ENV !== "production") {
+    const r = Y[e], n = typeof r == "function" ? r.apply(null, t) : r;
+    throw new Error(`[Immer] ${n}`);
+  }
+  throw new Error(
+    `[Immer] minified error nr: ${e}. Full error at: https://bit.ly/3cXEKWf`
+  );
+}
+var h = Object.getPrototypeOf;
+function m(e) {
+  return !!e && !!e[u];
+}
+function _(e) {
+  var t;
+  return e ? G(e) || Array.isArray(e) || !!e[R] || !!((t = e.constructor) != null && t[R]) || b(e) || v(e) : !1;
+}
+var Z = Object.prototype.constructor.toString(), x = /* @__PURE__ */ new WeakMap();
+function G(e) {
+  if (!e || typeof e != "object")
+    return !1;
+  const t = Object.getPrototypeOf(e);
+  if (t === null || t === Object.prototype)
+    return !0;
+  const r = Object.hasOwnProperty.call(t, "constructor") && t.constructor;
+  if (r === Object)
+    return !0;
+  if (typeof r != "function")
+    return !1;
+  let n = x.get(r);
+  return n === void 0 && (n = Function.toString.call(r), x.set(r, n)), n === Z;
+}
+function z(e, t, r = !0) {
+  S(e) === 0 ? (r ? Reflect.ownKeys(e) : Object.keys(e)).forEach((i) => {
+    t(i, e[i], e);
+  }) : e.forEach((n, i) => t(i, n, e));
+}
+function S(e) {
+  const t = e[u];
+  return t ? t.type_ : Array.isArray(e) ? 1 : b(e) ? 2 : v(e) ? 3 : 0;
+}
+function E(e, t) {
+  return S(e) === 2 ? e.has(t) : Object.prototype.hasOwnProperty.call(e, t);
+}
+function H(e, t, r) {
+  const n = S(e);
+  n === 2 ? e.set(t, r) : n === 3 ? e.add(r) : e[t] = r;
+}
+function L(e, t) {
+  return e === t ? e !== 0 || 1 / e === 1 / t : e !== e && t !== t;
+}
+function b(e) {
+  return e instanceof Map;
+}
+function v(e) {
+  return e instanceof Set;
+}
+function l(e) {
+  return e.copy_ || e.base_;
+}
+function N(e, t) {
+  if (b(e))
+    return new Map(e);
+  if (v(e))
+    return new Set(e);
+  if (Array.isArray(e))
+    return Array.prototype.slice.call(e);
+  const r = G(e);
+  if (t === !0 || t === "class_only" && !r) {
+    const n = Object.getOwnPropertyDescriptors(e);
+    delete n[u];
+    let i = Reflect.ownKeys(n);
+    for (let o = 0; o < i.length; o++) {
+      const s = i[o], c = n[s];
+      c.writable === !1 && (c.writable = !0, c.configurable = !0), (c.get || c.set) && (n[s] = {
+        configurable: !0,
+        writable: !0,
+        // could live with !!desc.set as well here...
+        enumerable: c.enumerable,
+        value: e[s]
       });
-      Object.assign(e, r);
-    } else
-      i.debug("No code to process");
-  }
-  _validateIdTokenAttributes(e, t) {
-    var s;
-    const i = this._logger.create("_validateIdTokenAttributes");
-    i.debug("decoding ID Token JWT");
-    const r = H.decode((s = e.id_token) != null ? s : "");
-    if (r.sub || i.throw(new Error("ID Token is missing a subject claim")), t) {
-      const o = H.decode(t);
-      r.sub !== o.sub && i.throw(new Error("sub in id_token does not match current sub")), r.auth_time && r.auth_time !== o.auth_time && i.throw(new Error("auth_time in id_token does not match original auth_time")), r.azp && r.azp !== o.azp && i.throw(new Error("azp in id_token does not match original azp")), !r.azp && o.azp && i.throw(new Error("azp not in id_token, but present in original id_token"));
-    }
-    e.profile = r;
-  }
-}, $ = class B {
-  constructor(t) {
-    this.id = t.id || _.generateUUIDv4(), this.data = t.data, t.created && t.created > 0 ? this.created = t.created : this.created = T.getEpochTime(), this.request_type = t.request_type, this.url_state = t.url_state;
-  }
-  toStorageString() {
-    return new g("State").create("toStorageString"), JSON.stringify({
-      id: this.id,
-      data: this.data,
-      created: this.created,
-      request_type: this.request_type,
-      url_state: this.url_state
-    });
-  }
-  static fromStorageString(t) {
-    return g.createStatic("State", "fromStorageString"), Promise.resolve(new B(JSON.parse(t)));
-  }
-  static async clearStaleState(t, s) {
-    const i = g.createStatic("State", "clearStaleState"), r = T.getEpochTime() - s, o = await t.getAllKeys();
-    i.debug("got keys", o);
-    for (let n = 0; n < o.length; n++) {
-      const a = o[n], c = await t.get(a);
-      let l = !1;
-      if (c)
-        try {
-          const d = await B.fromStorageString(c);
-          i.debug("got item from key:", a, d.created), d.created <= r && (l = !0);
-        } catch (d) {
-          i.error("Error parsing state for key:", a, d), l = !0;
-        }
-      else
-        i.debug("no item in storage for key:", a), l = !0;
-      l && (i.debug("removed item for key:", a), t.remove(a));
     }
-  }
-}, ae = class V extends $ {
-  constructor(t) {
-    super(t), this.code_verifier = t.code_verifier, this.code_challenge = t.code_challenge, this.authority = t.authority, this.client_id = t.client_id, this.redirect_uri = t.redirect_uri, this.scope = t.scope, this.client_secret = t.client_secret, this.extraTokenParams = t.extraTokenParams, this.response_mode = t.response_mode, this.skipUserInfo = t.skipUserInfo;
-  }
-  static async create(t) {
-    const s = t.code_verifier === !0 ? _.generateCodeVerifier() : t.code_verifier || void 0, i = s ? await _.generateCodeChallenge(s) : void 0;
-    return new V({
-      ...t,
-      code_verifier: s,
-      code_challenge: i
-    });
-  }
-  toStorageString() {
-    return new g("SigninState").create("toStorageString"), JSON.stringify({
-      id: this.id,
-      data: this.data,
-      created: this.created,
-      request_type: this.request_type,
-      url_state: this.url_state,
-      code_verifier: this.code_verifier,
-      authority: this.authority,
-      client_id: this.client_id,
-      redirect_uri: this.redirect_uri,
-      scope: this.scope,
-      client_secret: this.client_secret,
-      extraTokenParams: this.extraTokenParams,
-      response_mode: this.response_mode,
-      skipUserInfo: this.skipUserInfo
-    });
-  }
-  static fromStorageString(t) {
-    g.createStatic("SigninState", "fromStorageString");
-    const s = JSON.parse(t);
-    return V.create(s);
-  }
-}, ce = class le {
-  constructor(t) {
-    this.url = t.url, this.state = t.state;
-  }
-  static async create({
-    // mandatory
-    url: t,
-    authority: s,
-    client_id: i,
-    redirect_uri: r,
-    response_type: o,
-    scope: n,
-    // optional
-    state_data: a,
-    response_mode: c,
-    request_type: l,
-    client_secret: d,
-    nonce: h,
-    url_state: u,
-    resource: w,
-    skipUserInfo: C,
-    extraQueryParams: x,
-    extraTokenParams: U,
-    disablePKCE: A,
-    dpopJkt: P,
-    omitScopeWhenRequesting: O,
-    ...R
-  }) {
-    if (!t)
-      throw this._logger.error("create: No url passed"), new Error("url");
-    if (!i)
-      throw this._logger.error("create: No client_id passed"), new Error("client_id");
-    if (!r)
-      throw this._logger.error("create: No redirect_uri passed"), new Error("redirect_uri");
-    if (!o)
-      throw this._logger.error("create: No response_type passed"), new Error("response_type");
-    if (!n)
-      throw this._logger.error("create: No scope passed"), new Error("scope");
-    if (!s)
-      throw this._logger.error("create: No authority passed"), new Error("authority");
-    const S = await ae.create({
-      data: a,
-      request_type: l,
-      url_state: u,
-      code_verifier: !A,
-      client_id: i,
-      authority: s,
-      redirect_uri: r,
-      response_mode: c,
-      client_secret: d,
-      scope: n,
-      extraTokenParams: U,
-      skipUserInfo: C
-    }), p = new URL(t);
-    p.searchParams.append("client_id", i), p.searchParams.append("redirect_uri", r), p.searchParams.append("response_type", o), O || p.searchParams.append("scope", n), h && p.searchParams.append("nonce", h), P && p.searchParams.append("dpop_jkt", P);
-    let E = S.id;
-    u && (E = `${E}${N}${u}`), p.searchParams.append("state", E), S.code_challenge && (p.searchParams.append("code_challenge", S.code_challenge), p.searchParams.append("code_challenge_method", "S256")), w && (Array.isArray(w) ? w : [w]).forEach((f) => p.searchParams.append("resource", f));
-    for (const [v, f] of Object.entries({ response_mode: c, ...R, ...x }))
-      f != null && p.searchParams.append(v, f.toString());
-    return new le({
-      url: p.href,
-      state: S
-    });
-  }
+    return Object.create(h(e), n);
+  } else {
+    const n = h(e);
+    if (n !== null && r)
+      return { ...e };
+    const i = Object.create(n);
+    return Object.assign(i, e);
+  }
+}
+function j(e, t = !1) {
+  return I(e) || m(e) || !_(e) || (S(e) > 1 && Object.defineProperties(e, {
+    set: w,
+    add: w,
+    clear: w,
+    delete: w
+  }), Object.freeze(e), t && Object.values(e).forEach((r) => j(r, !0))), e;
+}
+function V() {
+  f(2);
+}
+var w = {
+  value: V
 };
-ce._logger = new g("SigninRequest");
-var He = ce, je = "openid", J = class {
-  constructor(e) {
-    if (this.access_token = "", this.token_type = "", this.profile = {}, this.state = e.get("state"), this.session_state = e.get("session_state"), this.state) {
-      const t = decodeURIComponent(this.state).split(N);
-      this.state = t[0], t.length > 1 && (this.url_state = t.slice(1).join(N));
-    }
-    this.error = e.get("error"), this.error_description = e.get("error_description"), this.error_uri = e.get("error_uri"), this.code = e.get("code");
-  }
-  get expires_in() {
-    if (this.expires_at !== void 0)
-      return this.expires_at - T.getEpochTime();
-  }
-  set expires_in(e) {
-    typeof e == "string" && (e = Number(e)), e !== void 0 && e >= 0 && (this.expires_at = Math.floor(e) + T.getEpochTime());
-  }
-  get isOpenId() {
-    var e;
-    return ((e = this.scope) == null ? void 0 : e.split(" ").includes(je)) || !!this.id_token;
-  }
-}, De = class {
-  constructor({
-    url: e,
-    state_data: t,
-    id_token_hint: s,
-    post_logout_redirect_uri: i,
-    extraQueryParams: r,
-    request_type: o,
-    client_id: n,
-    url_state: a
-  }) {
-    if (this._logger = new g("SignoutRequest"), !e)
-      throw this._logger.error("ctor: No url passed"), new Error("url");
-    const c = new URL(e);
-    if (s && c.searchParams.append("id_token_hint", s), n && c.searchParams.append("client_id", n), i && (c.searchParams.append("post_logout_redirect_uri", i), t || a)) {
-      this.state = new $({ data: t, request_type: o, url_state: a });
-      let l = this.state.id;
-      a && (l = `${l}${N}${a}`), c.searchParams.append("state", l);
-    }
-    for (const [l, d] of Object.entries({ ...r }))
-      d != null && c.searchParams.append(l, d.toString());
-    this.url = c.href;
-  }
-}, $e = class {
-  constructor(e) {
-    if (this.state = e.get("state"), this.state) {
-      const t = decodeURIComponent(this.state).split(N);
-      this.state = t[0], t.length > 1 && (this.url_state = t.slice(1).join(N));
-    }
-    this.error = e.get("error"), this.error_description = e.get("error_description"), this.error_uri = e.get("error_uri");
-  }
-}, Je = [
-  "nbf",
-  "jti",
-  "auth_time",
-  "nonce",
-  "acr",
-  "amr",
-  "azp",
-  "at_hash"
-  // https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken
-], We = ["sub", "iss", "aud", "exp", "iat"], Ke = class {
-  constructor(e) {
-    this._settings = e, this._logger = new g("ClaimsService");
-  }
-  filterProtocolClaims(e) {
-    const t = { ...e };
-    if (this._settings.filterProtocolClaims) {
-      let s;
-      Array.isArray(this._settings.filterProtocolClaims) ? s = this._settings.filterProtocolClaims : s = Je;
-      for (const i of s)
-        We.includes(i) || delete t[i];
-    }
+function I(e) {
+  return e === null || typeof e != "object" ? !0 : Object.isFrozen(e);
+}
+var ee = {};
+function d(e) {
+  const t = ee[e];
+  return t || f(0, e), t;
+}
+var p;
+function X() {
+  return p;
+}
+function te(e, t) {
+  return {
+    drafts_: [],
+    parent_: e,
+    immer_: t,
+    // Whenever the modified draft contains a draft from another scope, we
+    // need to prevent auto-freezing so the unowned draft can be finalized.
+    canAutoFreeze_: !0,
+    unfinalizedDrafts_: 0
+  };
+}
+function U(e, t) {
+  t && (d("Patches"), e.patches_ = [], e.inversePatches_ = [], e.patchListener_ = t);
+}
+function A(e) {
+  k(e), e.drafts_.forEach(re), e.drafts_ = null;
+}
+function k(e) {
+  e === p && (p = e.parent_);
+}
+function $(e) {
+  return p = te(p, e);
+}
+function re(e) {
+  const t = e[u];
+  t.type_ === 0 || t.type_ === 1 ? t.revoke_() : t.revoked_ = !0;
+}
+function K(e, t) {
+  t.unfinalizedDrafts_ = t.drafts_.length;
+  const r = t.drafts_[0];
+  return e !== void 0 && e !== r ? (r[u].modified_ && (A(t), f(4)), _(e) && (e = O(t, e), t.parent_ || g(t, e)), t.patches_ && d("Patches").generateReplacementPatches_(
+    r[u].base_,
+    e,
+    t.patches_,
+    t.inversePatches_
+  )) : e = O(t, r, []), A(t), t.patches_ && t.patchListener_(t.patches_, t.inversePatches_), e !== B ? e : void 0;
+}
+function O(e, t, r) {
+  if (I(t))
     return t;
+  const n = e.immer_.shouldUseStrictIteration(), i = t[u];
+  if (!i)
+    return z(
+      t,
+      (o, s) => W(e, i, t, o, s, r),
+      n
+    ), t;
+  if (i.scope_ !== e)
+    return t;
+  if (!i.modified_)
+    return g(e, i.base_, !0), i.base_;
+  if (!i.finalized_) {
+    i.finalized_ = !0, i.scope_.unfinalizedDrafts_--;
+    const o = i.copy_;
+    let s = o, c = !1;
+    i.type_ === 3 && (s = new Set(o), o.clear(), c = !0), z(
+      s,
+      (a, y) => W(
+        e,
+        i,
+        o,
+        a,
+        y,
+        r,
+        c
+      ),
+      n
+    ), g(e, o, !1), r && e.patches_ && d("Patches").generatePatches_(
+      i,
+      r,
+      e.patches_,
+      e.inversePatches_
+    );
   }
-  mergeClaims(e, t) {
-    const s = { ...e };
-    for (const [i, r] of Object.entries(t))
-      if (s[i] !== r)
-        if (Array.isArray(s[i]) || Array.isArray(r))
-          if (this._settings.mergeClaimsStrategy.array == "replace")
-            s[i] = r;
-          else {
-            const o = Array.isArray(s[i]) ? s[i] : [s[i]];
-            for (const n of Array.isArray(r) ? r : [r])
-              o.includes(n) || o.push(n);
-            s[i] = o;
-          }
-        else typeof s[i] == "object" && typeof r == "object" ? s[i] = this.mergeClaims(s[i], r) : s[i] = r;
-    return s;
-  }
-}, de = class {
-  constructor(e, t) {
-    this.keys = e, this.nonce = t;
-  }
-}, Le = class {
-  constructor(e, t) {
-    this._logger = new g("OidcClient"), this.settings = e instanceof z ? e : new z(e), this.metadataService = t ?? new xe(this.settings), this._claimsService = new Ke(this.settings), this._validator = new Me(this.settings, this.metadataService, this._claimsService), this._tokenClient = new oe(this.settings, this.metadataService);
-  }
-  async createSigninRequest({
-    state: e,
-    request: t,
-    request_uri: s,
-    request_type: i,
-    id_token_hint: r,
-    login_hint: o,
-    skipUserInfo: n,
-    nonce: a,
-    url_state: c,
-    response_type: l = this.settings.response_type,
-    scope: d = this.settings.scope,
-    redirect_uri: h = this.settings.redirect_uri,
-    prompt: u = this.settings.prompt,
-    display: w = this.settings.display,
-    max_age: C = this.settings.max_age,
-    ui_locales: x = this.settings.ui_locales,
-    acr_values: U = this.settings.acr_values,
-    resource: A = this.settings.resource,
-    response_mode: P = this.settings.response_mode,
-    extraQueryParams: O = this.settings.extraQueryParams,
-    extraTokenParams: R = this.settings.extraTokenParams,
-    dpopJkt: S,
-    omitScopeWhenRequesting: p = this.settings.omitScopeWhenRequesting
-  }) {
-    const E = this._logger.create("createSigninRequest");
-    if (l !== "code")
-      throw new Error("Only the Authorization Code flow (with PKCE) is supported");
-    const v = await this.metadataService.getAuthorizationEndpoint();
-    E.debug("Received authorization endpoint", v);
-    const f = await He.create({
-      url: v,
-      authority: this.settings.authority,
-      client_id: this.settings.client_id,
-      redirect_uri: h,
-      response_type: l,
-      scope: d,
-      state_data: e,
-      url_state: c,
-      prompt: u,
-      display: w,
-      max_age: C,
-      ui_locales: x,
-      id_token_hint: r,
-      login_hint: o,
-      acr_values: U,
-      dpopJkt: S,
-      resource: A,
-      request: t,
-      request_uri: s,
-      extraQueryParams: O,
-      extraTokenParams: R,
-      request_type: i,
-      response_mode: P,
-      client_secret: this.settings.client_secret,
-      skipUserInfo: n,
-      nonce: a,
-      disablePKCE: this.settings.disablePKCE,
-      omitScopeWhenRequesting: p
-    });
-    await this.clearStaleState();
-    const M = f.state;
-    return await this.settings.stateStore.set(M.id, M.toStorageString()), f;
-  }
-  async readSigninResponseState(e, t = !1) {
-    const s = this._logger.create("readSigninResponseState"), i = new J(L.readParams(e, this.settings.response_mode));
-    if (!i.state)
-      throw s.throw(new Error("No state in response")), null;
-    const r = await this.settings.stateStore[t ? "remove" : "get"](i.state);
-    if (!r)
-      throw s.throw(new Error("No matching state found in storage")), null;
-    return { state: await ae.fromStorageString(r), response: i };
-  }
-  async processSigninResponse(e, t, s = !0) {
-    const i = this._logger.create("processSigninResponse"), { state: r, response: o } = await this.readSigninResponseState(e, s);
-    if (i.debug("received state from storage; validating response"), this.settings.dpop && this.settings.dpop.store) {
-      const n = await this.getDpopProof(this.settings.dpop.store);
-      t = { ...t, DPoP: n };
-    }
-    try {
-      await this._validator.validateSigninResponse(o, r, t);
-    } catch (n) {
-      if (n instanceof F && this.settings.dpop) {
-        const a = await this.getDpopProof(this.settings.dpop.store, n.nonce);
-        t.DPoP = a, await this._validator.validateSigninResponse(o, r, t);
-      } else
-        throw n;
-    }
-    return o;
-  }
-  async getDpopProof(e, t) {
-    let s, i;
-    return (await e.getAllKeys()).includes(this.settings.client_id) ? (i = await e.get(this.settings.client_id), i.nonce !== t && t && (i.nonce = t, await e.set(this.settings.client_id, i))) : (s = await _.generateDPoPKeys(), i = new de(s, t), await e.set(this.settings.client_id, i)), await _.generateDPoPProof({
-      url: await this.metadataService.getTokenEndpoint(!1),
-      httpMethod: "POST",
-      keyPair: i.keys,
-      nonce: i.nonce
-    });
-  }
-  async processResourceOwnerPasswordCredentials({
-    username: e,
-    password: t,
-    skipUserInfo: s = !1,
-    extraTokenParams: i = {}
-  }) {
-    const r = await this._tokenClient.exchangeCredentials({ username: e, password: t, ...i }), o = new J(new URLSearchParams());
-    return Object.assign(o, r), await this._validator.validateCredentialsResponse(o, s), o;
-  }
-  async useRefreshToken({
-    state: e,
-    redirect_uri: t,
-    resource: s,
-    timeoutInSeconds: i,
-    extraHeaders: r,
-    extraTokenParams: o
-  }) {
-    var n;
-    const a = this._logger.create("useRefreshToken");
-    let c;
-    if (this.settings.refreshTokenAllowedScope === void 0)
-      c = e.scope;
-    else {
-      const h = this.settings.refreshTokenAllowedScope.split(" ");
-      c = (((n = e.scope) == null ? void 0 : n.split(" ")) || []).filter((w) => h.includes(w)).join(" ");
-    }
-    if (this.settings.dpop && this.settings.dpop.store) {
-      const h = await this.getDpopProof(this.settings.dpop.store);
-      r = { ...r, DPoP: h };
-    }
-    let l;
-    try {
-      l = await this._tokenClient.exchangeRefreshToken({
-        refresh_token: e.refresh_token,
-        // provide the (possible filtered) scope list
-        scope: c,
-        redirect_uri: t,
-        resource: s,
-        timeoutInSeconds: i,
-        extraHeaders: r,
-        ...o
-      });
-    } catch (h) {
-      if (h instanceof F && this.settings.dpop)
-        r.DPoP = await this.getDpopProof(this.settings.dpop.store, h.nonce), l = await this._tokenClient.exchangeRefreshToken({
-          refresh_token: e.refresh_token,
-          // provide the (possible filtered) scope list
-          scope: c,
-          redirect_uri: t,
-          resource: s,
-          timeoutInSeconds: i,
-          extraHeaders: r,
-          ...o
-        });
+  return i.copy_;
+}
+function W(e, t, r, n, i, o, s) {
+  if (i == null || typeof i != "object" && !s)
+    return;
+  const c = I(i);
+  if (!(c && !s)) {
+    if (process.env.NODE_ENV !== "production" && i === r && f(5), m(i)) {
+      const a = o && t && t.type_ !== 3 && // Set objects are atomic since they have no keys.
+      !E(t.assigned_, n) ? o.concat(n) : void 0, y = O(e, i, a);
+      if (H(r, n, y), m(y))
+        e.canAutoFreeze_ = !1;
       else
-        throw h;
-    }
-    const d = new J(new URLSearchParams());
-    return Object.assign(d, l), a.debug("validating response", d), await this._validator.validateRefreshResponse(d, {
-      ...e,
-      // override the scope in the state handed over to the validator
-      // so it can set the granted scope to the requested scope in case none is included in the response
-      scope: c
-    }), d;
-  }
-  async createSignoutRequest({
-    state: e,
-    id_token_hint: t,
-    client_id: s,
-    request_type: i,
-    url_state: r,
-    post_logout_redirect_uri: o = this.settings.post_logout_redirect_uri,
-    extraQueryParams: n = this.settings.extraQueryParams
-  } = {}) {
-    const a = this._logger.create("createSignoutRequest"), c = await this.metadataService.getEndSessionEndpoint();
-    if (!c)
-      throw a.throw(new Error("No end session endpoint")), null;
-    a.debug("Received end session endpoint", c), !s && o && !t && (s = this.settings.client_id);
-    const l = new De({
-      url: c,
-      id_token_hint: t,
-      client_id: s,
-      post_logout_redirect_uri: o,
-      state_data: e,
-      extraQueryParams: n,
-      request_type: i,
-      url_state: r
-    });
-    await this.clearStaleState();
-    const d = l.state;
-    return d && (a.debug("Signout request has state to persist"), await this.settings.stateStore.set(d.id, d.toStorageString())), l;
-  }
-  async readSignoutResponseState(e, t = !1) {
-    const s = this._logger.create("readSignoutResponseState"), i = new $e(L.readParams(e, this.settings.response_mode));
-    if (!i.state) {
-      if (s.debug("No state in response"), i.error)
-        throw s.warn("Response was error:", i.error), new q(i);
-      return { state: void 0, response: i };
-    }
-    const r = await this.settings.stateStore[t ? "remove" : "get"](i.state);
-    if (!r)
-      throw s.throw(new Error("No matching state found in storage")), null;
-    return { state: await $.fromStorageString(r), response: i };
-  }
-  async processSignoutResponse(e) {
-    const t = this._logger.create("processSignoutResponse"), { state: s, response: i } = await this.readSignoutResponseState(e, !0);
-    return s ? (t.debug("Received state from storage; validating response"), this._validator.validateSignoutResponse(i, s)) : t.debug("No state from storage; skipping response validation"), i;
-  }
-  clearStaleState() {
-    return this._logger.create("clearStaleState"), $.clearStaleState(this.settings.stateStore, this.settings.staleStateAgeInSeconds);
-  }
-  async revokeToken(e, t) {
-    return this._logger.create("revokeToken"), await this._tokenClient.revoke({
-      token: e,
-      token_type_hint: t
-    });
-  }
-}, Fe = class {
-  constructor(e) {
-    this._userManager = e, this._logger = new g("SessionMonitor"), this._start = async (t) => {
-      const s = t.session_state;
-      if (!s)
         return;
-      const i = this._logger.create("_start");
-      if (t.profile ? (this._sub = t.profile.sub, i.debug("session_state", s, ", sub", this._sub)) : (this._sub = void 0, i.debug("session_state", s, ", anonymous user")), this._checkSessionIFrame) {
-        this._checkSessionIFrame.start(s);
+    } else s && r.add(i);
+    if (_(i) && !c) {
+      if (!e.immer_.autoFreeze_ && e.unfinalizedDrafts_ < 1 || t && t.base_ && t.base_[n] === i && c)
         return;
-      }
-      try {
-        const r = await this._userManager.metadataService.getCheckSessionIframe();
-        if (r) {
-          i.debug("initializing check session iframe");
-          const o = this._userManager.settings.client_id, n = this._userManager.settings.checkSessionIntervalInSeconds, a = this._userManager.settings.stopCheckSessionOnError, c = new Ce(this._callback, o, r, n, a);
-          await c.load(), this._checkSessionIFrame = c, c.start(s);
-        } else
-          i.warn("no check session iframe found in the metadata");
-      } catch (r) {
-        i.error("Error from getCheckSessionIframe:", r instanceof Error ? r.message : r);
-      }
-    }, this._stop = () => {
-      const t = this._logger.create("_stop");
-      if (this._sub = void 0, this._checkSessionIFrame && this._checkSessionIFrame.stop(), this._userManager.settings.monitorAnonymousSession) {
-        const s = setInterval(async () => {
-          clearInterval(s);
-          try {
-            const i = await this._userManager.querySessionStatus();
-            if (i) {
-              const r = {
-                session_state: i.session_state,
-                profile: i.sub ? {
-                  sub: i.sub
-                } : null
-              };
-              this._start(r);
-            }
-          } catch (i) {
-            t.error("error from querySessionStatus", i instanceof Error ? i.message : i);
-          }
-        }, 1e3);
-      }
-    }, this._callback = async () => {
-      const t = this._logger.create("_callback");
-      try {
-        const s = await this._userManager.querySessionStatus();
-        let i = !0;
-        s && this._checkSessionIFrame ? s.sub === this._sub ? (i = !1, this._checkSessionIFrame.start(s.session_state), t.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state", s.session_state), await this._userManager.events._raiseUserSessionChanged()) : t.debug("different subject signed into OP", s.sub) : t.debug("subject no longer signed into OP"), i ? this._sub ? await this._userManager.events._raiseUserSignedOut() : await this._userManager.events._raiseUserSignedIn() : t.debug("no change in session detected, no event to raise");
-      } catch (s) {
-        this._sub && (t.debug("Error calling queryCurrentSigninSession; raising signed out event", s), await this._userManager.events._raiseUserSignedOut());
-      }
-    }, e || this._logger.throw(new Error("No user manager passed")), this._userManager.events.addUserLoaded(this._start), this._userManager.events.addUserUnloaded(this._stop), this._init().catch((t) => {
-      this._logger.error(t);
-    });
-  }
-  async _init() {
-    this._logger.create("_init");
-    const e = await this._userManager.getUser();
-    if (e)
-      this._start(e);
-    else if (this._userManager.settings.monitorAnonymousSession) {
-      const t = await this._userManager.querySessionStatus();
-      if (t) {
-        const s = {
-          session_state: t.session_state,
-          profile: t.sub ? {
-            sub: t.sub
-          } : null
+      O(e, i), (!t || !t.scope_.parent_) && typeof n != "symbol" && (b(r) ? r.has(n) : Object.prototype.propertyIsEnumerable.call(r, n)) && g(e, i);
+    }
+  }
+}
+function g(e, t, r = !1) {
+  !e.parent_ && e.immer_.autoFreeze_ && e.canAutoFreeze_ && j(t, r);
+}
+function ne(e, t) {
+  const r = Array.isArray(e), n = {
+    type_: r ? 1 : 0,
+    // Track which produce call this is associated with.
+    scope_: t ? t.scope_ : X(),
+    // True for both shallow and deep changes.
+    modified_: !1,
+    // Used during finalization.
+    finalized_: !1,
+    // Track which properties have been assigned (true) or deleted (false).
+    assigned_: {},
+    // The parent draft state.
+    parent_: t,
+    // The base state.
+    base_: e,
+    // The base proxy.
+    draft_: null,
+    // set below
+    // The base copy with any updated values.
+    copy_: null,
+    // Called by the `produce` function.
+    revoke_: null,
+    isManual_: !1
+  };
+  let i = n, o = T;
+  r && (i = [n], o = P);
+  const { revoke: s, proxy: c } = Proxy.revocable(i, o);
+  return n.draft_ = c, n.revoke_ = s, c;
+}
+var T = {
+  get(e, t) {
+    if (t === u)
+      return e;
+    const r = l(e);
+    if (!E(r, t))
+      return ie(e, r, t);
+    const n = r[t];
+    return e.finalized_ || !_(n) ? n : n === D(e.base_, t) ? (F(e), e.copy_[t] = M(n, e)) : n;
+  },
+  has(e, t) {
+    return t in l(e);
+  },
+  ownKeys(e) {
+    return Reflect.ownKeys(l(e));
+  },
+  set(e, t, r) {
+    const n = q(l(e), t);
+    if (n != null && n.set)
+      return n.set.call(e.draft_, r), !0;
+    if (!e.modified_) {
+      const i = D(l(e), t), o = i == null ? void 0 : i[u];
+      if (o && o.base_ === r)
+        return e.copy_[t] = r, e.assigned_[t] = !1, !0;
+      if (L(r, i) && (r !== void 0 || E(e.base_, t)))
+        return !0;
+      F(e), C(e);
+    }
+    return e.copy_[t] === r && // special case: handle new props with value 'undefined'
+    (r !== void 0 || t in e.copy_) || // special case: NaN
+    Number.isNaN(r) && Number.isNaN(e.copy_[t]) || (e.copy_[t] = r, e.assigned_[t] = !0), !0;
+  },
+  deleteProperty(e, t) {
+    return D(e.base_, t) !== void 0 || t in e.base_ ? (e.assigned_[t] = !1, F(e), C(e)) : delete e.assigned_[t], e.copy_ && delete e.copy_[t], !0;
+  },
+  // Note: We never coerce `desc.value` into an Immer draft, because we can't make
+  // the same guarantee in ES5 mode.
+  getOwnPropertyDescriptor(e, t) {
+    const r = l(e), n = Reflect.getOwnPropertyDescriptor(r, t);
+    return n && {
+      writable: !0,
+      configurable: e.type_ !== 1 || t !== "length",
+      enumerable: n.enumerable,
+      value: r[t]
+    };
+  },
+  defineProperty() {
+    f(11);
+  },
+  getPrototypeOf(e) {
+    return h(e.base_);
+  },
+  setPrototypeOf() {
+    f(12);
+  }
+}, P = {};
+z(T, (e, t) => {
+  P[e] = function() {
+    return arguments[0] = arguments[0][0], t.apply(this, arguments);
+  };
+});
+P.deleteProperty = function(e, t) {
+  return process.env.NODE_ENV !== "production" && isNaN(parseInt(t)) && f(13), P.set.call(this, e, t, void 0);
+};
+P.set = function(e, t, r) {
+  return process.env.NODE_ENV !== "production" && t !== "length" && isNaN(parseInt(t)) && f(14), T.set.call(this, e[0], t, r, e[0]);
+};
+function D(e, t) {
+  const r = e[u];
+  return (r ? l(r) : e)[t];
+}
+function ie(e, t, r) {
+  var i;
+  const n = q(t, r);
+  return n ? "value" in n ? n.value : (
+    // This is a very special case, if the prop is a getter defined by the
+    // prototype, we should invoke it with the draft as context!
+    (i = n.get) == null ? void 0 : i.call(e.draft_)
+  ) : void 0;
+}
+function q(e, t) {
+  if (!(t in e))
+    return;
+  let r = h(e);
+  for (; r; ) {
+    const n = Object.getOwnPropertyDescriptor(r, t);
+    if (n)
+      return n;
+    r = h(r);
+  }
+}
+function C(e) {
+  e.modified_ || (e.modified_ = !0, e.parent_ && C(e.parent_));
+}
+function F(e) {
+  e.copy_ || (e.copy_ = N(
+    e.base_,
+    e.scope_.immer_.useStrictShallowCopy_
+  ));
+}
+var oe = class {
+  constructor(e) {
+    this.autoFreeze_ = !0, this.useStrictShallowCopy_ = !1, this.useStrictIteration_ = !0, this.produce = (t, r, n) => {
+      if (typeof t == "function" && typeof r != "function") {
+        const o = r;
+        r = t;
+        const s = this;
+        return function(a = o, ...y) {
+          return s.produce(a, (Q) => r.call(this, Q, ...y));
         };
-        this._start(s);
       }
-    }
-  }
-}, W = class he {
-  constructor(t) {
-    var s;
-    this.id_token = t.id_token, this.session_state = (s = t.session_state) != null ? s : null, this.access_token = t.access_token, this.refresh_token = t.refresh_token, this.token_type = t.token_type, this.scope = t.scope, this.profile = t.profile, this.expires_at = t.expires_at, this.state = t.userState, this.url_state = t.url_state;
-  }
-  /** Computed number of seconds the access token has remaining. */
-  get expires_in() {
-    if (this.expires_at !== void 0)
-      return this.expires_at - T.getEpochTime();
-  }
-  set expires_in(t) {
-    t !== void 0 && (this.expires_at = Math.floor(t) + T.getEpochTime());
-  }
-  /** Computed value indicating if the access token is expired. */
-  get expired() {
-    const t = this.expires_in;
-    if (t !== void 0)
-      return t <= 0;
-  }
-  /** Array representing the parsed values from the `scope`. */
-  get scopes() {
-    var t, s;
-    return (s = (t = this.scope) == null ? void 0 : t.split(" ")) != null ? s : [];
-  }
-  toStorageString() {
-    return new g("User").create("toStorageString"), JSON.stringify({
-      id_token: this.id_token,
-      session_state: this.session_state,
-      access_token: this.access_token,
-      refresh_token: this.refresh_token,
-      token_type: this.token_type,
-      scope: this.scope,
-      profile: this.profile,
-      expires_at: this.expires_at
-    });
-  }
-  static fromStorageString(t) {
-    return g.createStatic("User", "fromStorageString"), new he(JSON.parse(t));
-  }
-}, ee = "oidc-client", ge = class {
-  constructor() {
-    this._abort = new I("Window navigation aborted"), this._disposeHandlers = /* @__PURE__ */ new Set(), this._window = null;
-  }
-  async navigate(e) {
-    const t = this._logger.create("navigate");
-    if (!this._window)
-      throw new Error("Attempted to navigate on a disposed window");
-    t.debug("setting URL in window"), this._window.location.replace(e.url);
-    const { url: s, keepOpen: i } = await new Promise((r, o) => {
-      const n = (c) => {
-        var l;
-        const d = c.data, h = (l = e.scriptOrigin) != null ? l : window.location.origin;
-        if (!(c.origin !== h || (d == null ? void 0 : d.source) !== ee)) {
-          try {
-            const u = L.readParams(d.url, e.response_mode).get("state");
-            if (u || t.warn("no state found in response url"), c.source !== this._window && u !== e.state)
-              return;
-          } catch {
-            this._dispose(), o(new Error("Invalid response from window"));
-          }
-          r(d);
+      typeof r != "function" && f(6), n !== void 0 && typeof n != "function" && f(7);
+      let i;
+      if (_(t)) {
+        const o = $(this), s = M(t, void 0);
+        let c = !0;
+        try {
+          i = r(s), c = !1;
+        } finally {
+          c ? A(o) : k(o);
         }
-      };
-      window.addEventListener("message", n, !1), this._disposeHandlers.add(() => window.removeEventListener("message", n, !1));
-      const a = new BroadcastChannel(`oidc-client-popup-${e.state}`);
-      a.addEventListener("message", n, !1), this._disposeHandlers.add(() => a.close()), this._disposeHandlers.add(this._abort.addHandler((c) => {
-        this._dispose(), o(c);
-      }));
-    });
-    return t.debug("got response from window"), this._dispose(), i || this.close(), { url: s };
-  }
-  _dispose() {
-    this._logger.create("_dispose");
-    for (const e of this._disposeHandlers)
-      e();
-    this._disposeHandlers.clear();
-  }
-  static _notifyParent(e, t, s = !1, i = window.location.origin) {
-    const r = {
-      source: ee,
-      url: t,
-      keepOpen: s
-    }, o = new g("_notifyParent");
-    if (e)
-      o.debug("With parent. Using parent.postMessage."), e.postMessage(r, i);
-    else {
-      o.debug("No parent. Using BroadcastChannel.");
-      const n = new URL(t).searchParams.get("state");
-      if (!n)
-        throw new Error("No parent and no state in URL. Can't complete notification.");
-      const a = new BroadcastChannel(`oidc-client-popup-${n}`);
-      a.postMessage(r), a.close();
-    }
-  }
-}, ue = {
-  location: !1,
-  toolbar: !1,
-  height: 640,
-  closePopupWindowAfterInSeconds: -1
-}, _e = "_blank", ze = 60, Be = 2, pe = 10, Ve = class extends z {
-  constructor(e) {
-    const {
-      popup_redirect_uri: t = e.redirect_uri,
-      popup_post_logout_redirect_uri: s = e.post_logout_redirect_uri,
-      popupWindowFeatures: i = ue,
-      popupWindowTarget: r = _e,
-      redirectMethod: o = "assign",
-      redirectTarget: n = "self",
-      iframeNotifyParentOrigin: a = e.iframeNotifyParentOrigin,
-      iframeScriptOrigin: c = e.iframeScriptOrigin,
-      requestTimeoutInSeconds: l,
-      silent_redirect_uri: d = e.redirect_uri,
-      silentRequestTimeoutInSeconds: h,
-      automaticSilentRenew: u = !0,
-      validateSubOnSilentRenew: w = !0,
-      includeIdTokenInSilentRenew: C = !1,
-      monitorSession: x = !1,
-      monitorAnonymousSession: U = !1,
-      checkSessionIntervalInSeconds: A = Be,
-      query_status_response_type: P = "code",
-      stopCheckSessionOnError: O = !0,
-      revokeTokenTypes: R = ["access_token", "refresh_token"],
-      revokeTokensOnSignout: S = !1,
-      includeIdTokenInSilentSignout: p = !1,
-      accessTokenExpiringNotificationTimeInSeconds: E = ze,
-      userStore: v
-    } = e;
-    if (super(e), this.popup_redirect_uri = t, this.popup_post_logout_redirect_uri = s, this.popupWindowFeatures = i, this.popupWindowTarget = r, this.redirectMethod = o, this.redirectTarget = n, this.iframeNotifyParentOrigin = a, this.iframeScriptOrigin = c, this.silent_redirect_uri = d, this.silentRequestTimeoutInSeconds = h || l || pe, this.automaticSilentRenew = u, this.validateSubOnSilentRenew = w, this.includeIdTokenInSilentRenew = C, this.monitorSession = x, this.monitorAnonymousSession = U, this.checkSessionIntervalInSeconds = A, this.stopCheckSessionOnError = O, this.query_status_response_type = P, this.revokeTokenTypes = R, this.revokeTokensOnSignout = S, this.includeIdTokenInSilentSignout = p, this.accessTokenExpiringNotificationTimeInSeconds = E, v)
-      this.userStore = v;
-    else {
-      const f = typeof window < "u" ? window.sessionStorage : new re();
-      this.userStore = new ne({ store: f });
-    }
-  }
-}, te = class we extends ge {
-  constructor({
-    silentRequestTimeoutInSeconds: t = pe
-  }) {
-    super(), this._logger = new g("IFrameWindow"), this._timeoutInSeconds = t, this._frame = we.createHiddenIframe(), this._window = this._frame.contentWindow;
-  }
-  static createHiddenIframe() {
-    const t = window.document.createElement("iframe");
-    return t.style.visibility = "hidden", t.style.position = "fixed", t.style.left = "-1000px", t.style.top = "0", t.width = "0", t.height = "0", window.document.body.appendChild(t), t;
-  }
-  async navigate(t) {
-    this._logger.debug("navigate: Using timeout of:", this._timeoutInSeconds);
-    const s = setTimeout(() => void this._abort.raise(new G("IFrame timed out without a response")), this._timeoutInSeconds * 1e3);
-    return this._disposeHandlers.add(() => clearTimeout(s)), await super.navigate(t);
-  }
-  close() {
-    var t;
-    this._frame && (this._frame.parentNode && (this._frame.addEventListener("load", (s) => {
-      var i;
-      const r = s.target;
-      (i = r.parentNode) == null || i.removeChild(r), this._abort.raise(new Error("IFrame removed from DOM"));
-    }, !0), (t = this._frame.contentWindow) == null || t.location.replace("about:blank")), this._frame = null), this._window = null;
-  }
-  static notifyParent(t, s) {
-    return super._notifyParent(window.parent, t, !1, s);
-  }
-}, Ge = class {
-  constructor(e) {
-    this._settings = e, this._logger = new g("IFrameNavigator");
-  }
-  async prepare({
-    silentRequestTimeoutInSeconds: e = this._settings.silentRequestTimeoutInSeconds
-  }) {
-    return new te({ silentRequestTimeoutInSeconds: e });
-  }
-  async callback(e) {
-    this._logger.create("callback"), te.notifyParent(e, this._settings.iframeNotifyParentOrigin);
-  }
-}, Qe = 500, Xe = 1e3, se = class extends ge {
-  constructor({
-    popupWindowTarget: e = _e,
-    popupWindowFeatures: t = {},
-    popupSignal: s,
-    popupAbortOnClose: i
-  }) {
-    super(), this._logger = new g("PopupWindow");
-    const r = Z.center({ ...ue, ...t });
-    this._window = window.open(void 0, e, Z.serialize(r)), this.abortOnClose = !!i, s && s.addEventListener("abort", () => {
-      var o;
-      this._abort.raise(new Error((o = s.reason) != null ? o : "Popup aborted"));
-    }), t.closePopupWindowAfterInSeconds && t.closePopupWindowAfterInSeconds > 0 && setTimeout(() => {
-      if (!this._window || typeof this._window.closed != "boolean" || this._window.closed) {
-        this._abort.raise(new Error("Popup blocked by user"));
-        return;
-      }
-      this.close();
-    }, t.closePopupWindowAfterInSeconds * Xe);
-  }
-  async navigate(e) {
-    var t;
-    (t = this._window) == null || t.focus();
-    const s = setInterval(() => {
-      (!this._window || this._window.closed) && (this._logger.debug("Popup closed by user or isolated by redirect"), i(), this._disposeHandlers.delete(i), this.abortOnClose && this._abort.raise(new Error("Popup closed by user")));
-    }, Qe), i = () => clearInterval(s);
-    return this._disposeHandlers.add(i), await super.navigate(e);
-  }
-  close() {
-    this._window && (this._window.closed || (this._window.close(), this._abort.raise(new Error("Popup closed")))), this._window = null;
-  }
-  static notifyOpener(e, t) {
-    super._notifyParent(window.opener, e, t), !t && !window.opener && window.close();
-  }
-}, Ye = class {
-  constructor(e) {
-    this._settings = e, this._logger = new g("PopupNavigator");
-  }
-  async prepare({
-    popupWindowFeatures: e = this._settings.popupWindowFeatures,
-    popupWindowTarget: t = this._settings.popupWindowTarget,
-    popupSignal: s,
-    popupAbortOnClose: i
-  }) {
-    return new se({
-      popupWindowFeatures: e,
-      popupWindowTarget: t,
-      popupSignal: s,
-      popupAbortOnClose: i
-    });
-  }
-  async callback(e, { keepOpen: t = !1 }) {
-    this._logger.create("callback"), se.notifyOpener(e, t);
-  }
-}, Ze = class {
-  constructor(e) {
-    this._settings = e, this._logger = new g("RedirectNavigator");
-  }
-  async prepare({
-    redirectMethod: e = this._settings.redirectMethod,
-    redirectTarget: t = this._settings.redirectTarget
-  }) {
-    var s;
-    this._logger.create("prepare");
-    let i = window.self;
-    t === "top" && (i = (s = window.top) != null ? s : window.self);
-    const r = i.location[e].bind(i.location);
-    let o;
-    return {
-      navigate: async (n) => (this._logger.create("navigate"), await new Promise((c, l) => {
-        o = l, window.addEventListener("pageshow", () => c(window.location.href)), r(n.url);
-      })),
-      close: () => {
-        this._logger.create("close"), o == null || o(new Error("Redirect aborted")), i.stop();
-      }
-    };
-  }
-  async callback() {
-  }
-}, et = class extends Ie {
-  constructor(e) {
-    super({ expiringNotificationTimeInSeconds: e.accessTokenExpiringNotificationTimeInSeconds }), this._logger = new g("UserManagerEvents"), this._userLoaded = new I("User loaded"), this._userUnloaded = new I("User unloaded"), this._silentRenewError = new I("Silent renew error"), this._userSignedIn = new I("User signed in"), this._userSignedOut = new I("User signed out"), this._userSessionChanged = new I("User session changed");
-  }
-  async load(e, t = !0) {
-    await super.load(e), t && await this._userLoaded.raise(e);
-  }
-  async unload() {
-    await super.unload(), await this._userUnloaded.raise();
-  }
-  /**
-   * Add callback: Raised when a user session has been established (or re-established).
-   */
-  addUserLoaded(e) {
-    return this._userLoaded.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when a user session has been established (or re-established).
-   */
-  removeUserLoaded(e) {
-    return this._userLoaded.removeHandler(e);
-  }
-  /**
-   * Add callback: Raised when a user session has been terminated.
-   */
-  addUserUnloaded(e) {
-    return this._userUnloaded.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when a user session has been terminated.
-   */
-  removeUserUnloaded(e) {
-    return this._userUnloaded.removeHandler(e);
-  }
-  /**
-   * Add callback: Raised when the automatic silent renew has failed.
-   */
-  addSilentRenewError(e) {
-    return this._silentRenewError.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when the automatic silent renew has failed.
-   */
-  removeSilentRenewError(e) {
-    return this._silentRenewError.removeHandler(e);
-  }
-  /**
-   * @internal
-   */
-  async _raiseSilentRenewError(e) {
-    await this._silentRenewError.raise(e);
-  }
-  /**
-   * Add callback: Raised when the user is signed in (when `monitorSession` is set).
-   * @see {@link UserManagerSettings.monitorSession}
-   */
-  addUserSignedIn(e) {
-    return this._userSignedIn.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when the user is signed in (when `monitorSession` is set).
-   */
-  removeUserSignedIn(e) {
-    this._userSignedIn.removeHandler(e);
-  }
-  /**
-   * @internal
-   */
-  async _raiseUserSignedIn() {
-    await this._userSignedIn.raise();
-  }
-  /**
-   * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).
-   * @see {@link UserManagerSettings.monitorSession}
-   */
-  addUserSignedOut(e) {
-    return this._userSignedOut.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).
-   */
-  removeUserSignedOut(e) {
-    this._userSignedOut.removeHandler(e);
-  }
-  /**
-   * @internal
-   */
-  async _raiseUserSignedOut() {
-    await this._userSignedOut.raise();
-  }
-  /**
-   * Add callback: Raised when the user session changed (when `monitorSession` is set).
-   * @see {@link UserManagerSettings.monitorSession}
-   */
-  addUserSessionChanged(e) {
-    return this._userSessionChanged.addHandler(e);
-  }
-  /**
-   * Remove callback: Raised when the user session changed (when `monitorSession` is set).
-   */
-  removeUserSessionChanged(e) {
-    this._userSessionChanged.removeHandler(e);
-  }
-  /**
-   * @internal
-   */
-  async _raiseUserSessionChanged() {
-    await this._userSessionChanged.raise();
-  }
-}, tt = class {
-  constructor(e) {
-    this._userManager = e, this._logger = new g("SilentRenewService"), this._isStarted = !1, this._retryTimer = new T("Retry Silent Renew"), this._tokenExpiring = async () => {
-      const t = this._logger.create("_tokenExpiring");
-      try {
-        await this._userManager.signinSilent(), t.debug("silent token renewal successful");
-      } catch (s) {
-        if (s instanceof G) {
-          t.warn("ErrorTimeout from signinSilent:", s, "retry in 5s"), this._retryTimer.init(5);
-          return;
+        return U(o, n), K(i, o);
+      } else if (!t || typeof t != "object") {
+        if (i = r(t), i === void 0 && (i = t), i === B && (i = void 0), this.autoFreeze_ && j(i, !0), n) {
+          const o = [], s = [];
+          d("Patches").generateReplacementPatches_(t, i, o, s), n(o, s);
         }
-        t.error("Error from signinSilent:", s), await this._userManager.events._raiseSilentRenewError(s);
-      }
-    };
-  }
-  async start() {
-    const e = this._logger.create("start");
-    if (!this._isStarted) {
-      this._isStarted = !0, this._userManager.events.addAccessTokenExpiring(this._tokenExpiring), this._retryTimer.addHandler(this._tokenExpiring);
-      try {
-        await this._userManager.getUser();
-      } catch (t) {
-        e.error("getUser error", t);
-      }
-    }
-  }
-  stop() {
-    this._isStarted && (this._retryTimer.cancel(), this._retryTimer.removeHandler(this._tokenExpiring), this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring), this._isStarted = !1);
-  }
-}, st = class {
-  constructor(e) {
-    this.refresh_token = e.refresh_token, this.id_token = e.id_token, this.session_state = e.session_state, this.scope = e.scope, this.profile = e.profile, this.data = e.state;
-  }
-}, rt = class {
-  constructor(e, t, s, i) {
-    this._logger = new g("UserManager"), this.settings = new Ve(e), this._client = new Le(e), this._redirectNavigator = t ?? new Ze(this.settings), this._popupNavigator = s ?? new Ye(this.settings), this._iframeNavigator = i ?? new Ge(this.settings), this._events = new et(this.settings), this._silentRenewService = new tt(this), this.settings.automaticSilentRenew && this.startSilentRenew(), this._sessionMonitor = null, this.settings.monitorSession && (this._sessionMonitor = new Fe(this));
-  }
-  /**
-   * Get object used to register for events raised by the `UserManager`.
-   */
-  get events() {
-    return this._events;
-  }
-  /**
-   * Get object used to access the metadata configuration of the identity provider.
-   */
-  get metadataService() {
-    return this._client.metadataService;
-  }
-  /**
-   * Load the `User` object for the currently authenticated user.
-   *
-   * @param raiseEvent - If `true`, the `UserLoaded` event will be raised. Defaults to false.
-   * @returns A promise
-   */
-  async getUser(e = !1) {
-    const t = this._logger.create("getUser"), s = await this._loadUser();
-    return s ? (t.info("user loaded"), await this._events.load(s, e), s) : (t.info("user not found in storage"), null);
-  }
-  /**
-   * Remove from any storage the currently authenticated user.
-   *
-   * @returns A promise
-   */
-  async removeUser() {
-    const e = this._logger.create("removeUser");
-    await this.storeUser(null), e.info("user removed from storage"), await this._events.unload();
-  }
-  /**
-   * Trigger a redirect of the current window to the authorization endpoint.
-   *
-   * @returns A promise
-   *
-   * @throws `Error` In cases of wrong authentication.
-   */
-  async signinRedirect(e = {}) {
-    var t;
-    this._logger.create("signinRedirect");
-    const {
-      redirectMethod: s,
-      ...i
-    } = e;
-    let r;
-    (t = this.settings.dpop) != null && t.bind_authorization_code && (r = await this.generateDPoPJkt(this.settings.dpop));
-    const o = await this._redirectNavigator.prepare({ redirectMethod: s });
-    await this._signinStart({
-      request_type: "si:r",
-      dpopJkt: r,
-      ...i
-    }, o);
-  }
-  /**
-   * Process the response (callback) from the authorization endpoint.
-   * It is recommended to use {@link UserManager.signinCallback} instead.
-   *
-   * @returns A promise containing the authenticated `User`.
-   *
-   * @see {@link UserManager.signinCallback}
-   */
-  async signinRedirectCallback(e = window.location.href) {
-    const t = this._logger.create("signinRedirectCallback"), s = await this._signinEnd(e);
-    return s.profile && s.profile.sub ? t.info("success, signed in subject", s.profile.sub) : t.info("no subject"), s;
-  }
-  /**
-   * Trigger the signin with user/password.
-   *
-   * @returns A promise containing the authenticated `User`.
-   * @throws {@link ErrorResponse} In cases of wrong authentication.
-   */
-  async signinResourceOwnerCredentials({
-    username: e,
-    password: t,
-    skipUserInfo: s = !1
-  }) {
-    const i = this._logger.create("signinResourceOwnerCredential"), r = await this._client.processResourceOwnerPasswordCredentials({
-      username: e,
-      password: t,
-      skipUserInfo: s,
-      extraTokenParams: this.settings.extraTokenParams
-    });
-    i.debug("got signin response");
-    const o = await this._buildUser(r);
-    return o.profile && o.profile.sub ? i.info("success, signed in subject", o.profile.sub) : i.info("no subject"), o;
-  }
-  /**
-   * Trigger a request (via a popup window) to the authorization endpoint.
+        return i;
+      } else
+        f(1, t);
+    }, this.produceWithPatches = (t, r) => {
+      if (typeof t == "function")
+        return (s, ...c) => this.produceWithPatches(s, (a) => t(a, ...c));
+      let n, i;
+      return [this.produce(t, r, (s, c) => {
+        n = s, i = c;
+      }), n, i];
+    }, typeof (e == null ? void 0 : e.autoFreeze) == "boolean" && this.setAutoFreeze(e.autoFreeze), typeof (e == null ? void 0 : e.useStrictShallowCopy) == "boolean" && this.setUseStrictShallowCopy(e.useStrictShallowCopy), typeof (e == null ? void 0 : e.useStrictIteration) == "boolean" && this.setUseStrictIteration(e.useStrictIteration);
+  }
+  createDraft(e) {
+    _(e) || f(8), m(e) && (e = se(e));
+    const t = $(this), r = M(e, void 0);
+    return r[u].isManual_ = !0, k(t), r;
+  }
+  finishDraft(e, t) {
+    const r = e && e[u];
+    (!r || !r.isManual_) && f(9);
+    const { scope_: n } = r;
+    return U(n, t), K(void 0, n);
+  }
+  /**
+   * Pass true to automatically freeze all copies created by Immer.
    *
-   * @returns A promise containing the authenticated `User`.
-   * @throws `Error` In cases of wrong authentication.
+   * By default, auto-freezing is enabled.
    */
-  async signinPopup(e = {}) {
-    var t;
-    const s = this._logger.create("signinPopup");
-    let i;
-    (t = this.settings.dpop) != null && t.bind_authorization_code && (i = await this.generateDPoPJkt(this.settings.dpop));
-    const {
-      popupWindowFeatures: r,
-      popupWindowTarget: o,
-      popupSignal: n,
-      popupAbortOnClose: a,
-      ...c
-    } = e, l = this.settings.popup_redirect_uri;
-    l || s.throw(new Error("No popup_redirect_uri configured"));
-    const d = await this._popupNavigator.prepare({ popupWindowFeatures: r, popupWindowTarget: o, popupSignal: n, popupAbortOnClose: a }), h = await this._signin({
-      request_type: "si:p",
-      redirect_uri: l,
-      display: "popup",
-      dpopJkt: i,
-      ...c
-    }, d);
-    return h && (h.profile && h.profile.sub ? s.info("success, signed in subject", h.profile.sub) : s.info("no subject")), h;
+  setAutoFreeze(e) {
+    this.autoFreeze_ = e;
   }
   /**
-   * Notify the opening window of response (callback) from the authorization endpoint.
-   * It is recommended to use {@link UserManager.signinCallback} instead.
-   *
-   * @returns A promise
+   * Pass true to enable strict shallow copy.
    *
-   * @see {@link UserManager.signinCallback}
+   * By default, immer does not copy the object descriptors such as getter, setter and non-enumrable properties.
    */
-  async signinPopupCallback(e = window.location.href, t = !1) {
-    const s = this._logger.create("signinPopupCallback");
-    await this._popupNavigator.callback(e, { keepOpen: t }), s.info("success");
+  setUseStrictShallowCopy(e) {
+    this.useStrictShallowCopy_ = e;
   }
   /**
-   * Trigger a silent request (via refresh token or an iframe) to the authorization endpoint.
+   * Pass false to use faster iteration that skips non-enumerable properties
+   * but still handles symbols for compatibility.
    *
-   * @returns A promise that contains the authenticated `User`.
+   * By default, strict iteration is enabled (includes all own properties).
    */
-  async signinSilent(e = {}) {
-    var t, s;
-    const i = this._logger.create("signinSilent"), {
-      silentRequestTimeoutInSeconds: r,
-      ...o
-    } = e;
-    let n = await this._loadUser();
-    if (!e.forceIframeAuth && (n != null && n.refresh_token)) {
-      i.debug("using refresh token");
-      const h = new st(n);
-      return await this._useRefreshToken({
-        state: h,
-        redirect_uri: o.redirect_uri,
-        resource: o.resource,
-        extraTokenParams: o.extraTokenParams,
-        timeoutInSeconds: r
-      });
-    }
-    let a;
-    (t = this.settings.dpop) != null && t.bind_authorization_code && (a = await this.generateDPoPJkt(this.settings.dpop));
-    const c = this.settings.silent_redirect_uri;
-    c || i.throw(new Error("No silent_redirect_uri configured"));
-    let l;
-    n && this.settings.validateSubOnSilentRenew && (i.debug("subject prior to silent renew:", n.profile.sub), l = n.profile.sub);
-    const d = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds: r });
-    return n = await this._signin({
-      request_type: "si:s",
-      redirect_uri: c,
-      prompt: "none",
-      id_token_hint: this.settings.includeIdTokenInSilentRenew ? n == null ? void 0 : n.id_token : void 0,
-      dpopJkt: a,
-      ...o
-    }, d, l), n && ((s = n.profile) != null && s.sub ? i.info("success, signed in subject", n.profile.sub) : i.info("no subject")), n;
+  setUseStrictIteration(e) {
+    this.useStrictIteration_ = e;
   }
-  async _useRefreshToken(e) {
-    const t = await this._client.useRefreshToken({
-      timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,
-      ...e
-    }), s = new W({ ...e.state, ...t });
-    return await this.storeUser(s), await this._events.load(s), s;
-  }
-  /**
-   *
-   * Notify the parent window of response (callback) from the authorization endpoint.
-   * It is recommended to use {@link UserManager.signinCallback} instead.
-   *
-   * @returns A promise
-   *
-   * @see {@link UserManager.signinCallback}
-   */
-  async signinSilentCallback(e = window.location.href) {
-    const t = this._logger.create("signinSilentCallback");
-    await this._iframeNavigator.callback(e), t.info("success");
+  shouldUseStrictIteration() {
+    return this.useStrictIteration_;
   }
-  /**
-   * Process any response (callback) from the authorization endpoint, by dispatching the request_type
-   * and executing one of the following functions:
-   * - {@link UserManager.signinRedirectCallback}
-   * - {@link UserManager.signinPopupCallback}
-   * - {@link UserManager.signinSilentCallback}
-   *
-   * @throws `Error` If request_type is unknown or signin cannot be processed.
-   */
-  async signinCallback(e = window.location.href) {
-    const { state: t } = await this._client.readSigninResponseState(e);
-    switch (t.request_type) {
-      case "si:r":
-        return await this.signinRedirectCallback(e);
-      case "si:p":
-        await this.signinPopupCallback(e);
-        break;
-      case "si:s":
-        await this.signinSilentCallback(e);
+  applyPatches(e, t) {
+    let r;
+    for (r = t.length - 1; r >= 0; r--) {
+      const i = t[r];
+      if (i.path.length === 0 && i.op === "replace") {
+        e = i.value;
         break;
-      default:
-        throw new Error("invalid response_type in state");
-    }
-  }
-  /**
-   * Process any response (callback) from the end session endpoint, by dispatching the request_type
-   * and executing one of the following functions:
-   * - {@link UserManager.signoutRedirectCallback}
-   * - {@link UserManager.signoutPopupCallback}
-   * - {@link UserManager.signoutSilentCallback}
-   *
-   * @throws `Error` If request_type is unknown or signout cannot be processed.
-   */
-  async signoutCallback(e = window.location.href, t = !1) {
-    const { state: s } = await this._client.readSignoutResponseState(e);
-    if (s)
-      switch (s.request_type) {
-        case "so:r":
-          return await this.signoutRedirectCallback(e);
-        case "so:p":
-          await this.signoutPopupCallback(e, t);
-          break;
-        case "so:s":
-          await this.signoutSilentCallback(e);
-          break;
-        default:
-          throw new Error("invalid response_type in state");
       }
-  }
-  /**
-   * Query OP for user's current signin status.
-   *
-   * @returns A promise object with session_state and subject identifier.
-   */
-  async querySessionStatus(e = {}) {
-    const t = this._logger.create("querySessionStatus"), {
-      silentRequestTimeoutInSeconds: s,
-      ...i
-    } = e, r = this.settings.silent_redirect_uri;
-    r || t.throw(new Error("No silent_redirect_uri configured"));
-    const o = await this._loadUser(), n = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds: s }), a = await this._signinStart({
-      request_type: "si:s",
-      // this acts like a signin silent
-      redirect_uri: r,
-      prompt: "none",
-      id_token_hint: this.settings.includeIdTokenInSilentRenew ? o == null ? void 0 : o.id_token : void 0,
-      response_type: this.settings.query_status_response_type,
-      scope: "openid",
-      skipUserInfo: !0,
-      ...i
-    }, n);
-    try {
-      const c = {}, l = await this._client.processSigninResponse(a.url, c);
-      return t.debug("got signin response"), l.session_state && l.profile.sub ? (t.info("success for subject", l.profile.sub), {
-        session_state: l.session_state,
-        sub: l.profile.sub
-      }) : (t.info("success, user not authenticated"), null);
-    } catch (c) {
-      if (this.settings.monitorAnonymousSession && c instanceof q)
-        switch (c.error) {
-          case "login_required":
-          case "consent_required":
-          case "interaction_required":
-          case "account_selection_required":
-            return t.info("success for anonymous user"), {
-              session_state: c.session_state
-            };
-        }
-      throw c;
     }
-  }
-  async _signin(e, t, s) {
-    const i = await this._signinStart(e, t);
-    return await this._signinEnd(i.url, s);
-  }
-  async _signinStart(e, t) {
-    const s = this._logger.create("_signinStart");
-    try {
-      const i = await this._client.createSigninRequest(e);
-      return s.debug("got signin request"), await t.navigate({
-        url: i.url,
-        state: i.state.id,
-        response_mode: i.state.response_mode,
-        scriptOrigin: this.settings.iframeScriptOrigin
-      });
-    } catch (i) {
-      throw s.debug("error after preparing navigator, closing navigator window"), t.close(), i;
-    }
-  }
-  async _signinEnd(e, t) {
-    const s = this._logger.create("_signinEnd"), i = {}, r = await this._client.processSigninResponse(e, i);
-    return s.debug("got signin response"), await this._buildUser(r, t);
-  }
-  async _buildUser(e, t) {
-    const s = this._logger.create("_buildUser"), i = new W(e);
-    if (t) {
-      if (t !== i.profile.sub)
-        throw s.debug("current user does not match user returned from signin. sub from signin:", i.profile.sub), new q({ ...e, error: "login_required" });
-      s.debug("current user matches user returned from signin");
-    }
-    return await this.storeUser(i), s.debug("user stored"), await this._events.load(i), i;
-  }
-  /**
-   * Trigger a redirect of the current window to the end session endpoint.
-   *
-   * @returns A promise
-   */
-  async signoutRedirect(e = {}) {
-    const t = this._logger.create("signoutRedirect"), {
-      redirectMethod: s,
-      ...i
-    } = e, r = await this._redirectNavigator.prepare({ redirectMethod: s });
-    await this._signoutStart({
-      request_type: "so:r",
-      post_logout_redirect_uri: this.settings.post_logout_redirect_uri,
-      ...i
-    }, r), t.info("success");
-  }
-  /**
-   * Process response (callback) from the end session endpoint.
-   * It is recommended to use {@link UserManager.signoutCallback} instead.
-   *
-   * @returns A promise containing signout response
-   *
-   * @see {@link UserManager.signoutCallback}
-   */
-  async signoutRedirectCallback(e = window.location.href) {
-    const t = this._logger.create("signoutRedirectCallback"), s = await this._signoutEnd(e);
-    return t.info("success"), s;
-  }
-  /**
-   * Trigger a redirect of a popup window to the end session endpoint.
-   *
-   * @returns A promise
-   */
-  async signoutPopup(e = {}) {
-    const t = this._logger.create("signoutPopup"), {
-      popupWindowFeatures: s,
-      popupWindowTarget: i,
-      popupSignal: r,
-      ...o
-    } = e, n = this.settings.popup_post_logout_redirect_uri, a = await this._popupNavigator.prepare({ popupWindowFeatures: s, popupWindowTarget: i, popupSignal: r });
-    await this._signout({
-      request_type: "so:p",
-      post_logout_redirect_uri: n,
-      // we're putting a dummy entry in here because we
-      // need a unique id from the state for notification
-      // to the parent window, which is necessary if we
-      // plan to return back to the client after signout
-      // and so we can close the popup after signout
-      state: n == null ? void 0 : {},
-      ...o
-    }, a), t.info("success");
-  }
-  /**
-   * Process response (callback) from the end session endpoint from a popup window.
-   * It is recommended to use {@link UserManager.signoutCallback} instead.
-   *
-   * @returns A promise
-   *
-   * @see {@link UserManager.signoutCallback}
-   */
-  async signoutPopupCallback(e = window.location.href, t = !1) {
-    const s = this._logger.create("signoutPopupCallback");
-    await this._popupNavigator.callback(e, { keepOpen: t }), s.info("success");
-  }
-  async _signout(e, t) {
-    const s = await this._signoutStart(e, t);
-    return await this._signoutEnd(s.url);
-  }
-  async _signoutStart(e = {}, t) {
-    var s;
-    const i = this._logger.create("_signoutStart");
-    try {
-      const r = await this._loadUser();
-      i.debug("loaded current user from storage"), this.settings.revokeTokensOnSignout && await this._revokeInternal(r);
-      const o = e.id_token_hint || r && r.id_token;
-      o && (i.debug("setting id_token_hint in signout request"), e.id_token_hint = o), await this.removeUser(), i.debug("user removed, creating signout request");
-      const n = await this._client.createSignoutRequest(e);
-      return i.debug("got signout request"), await t.navigate({
-        url: n.url,
-        state: (s = n.state) == null ? void 0 : s.id,
-        scriptOrigin: this.settings.iframeScriptOrigin
-      });
-    } catch (r) {
-      throw i.debug("error after preparing navigator, closing navigator window"), t.close(), r;
-    }
-  }
-  async _signoutEnd(e) {
-    const t = this._logger.create("_signoutEnd"), s = await this._client.processSignoutResponse(e);
-    return t.debug("got signout response"), s;
-  }
-  /**
-   * Trigger a silent request (via an iframe) to the end session endpoint.
-   *
-   * @returns A promise
-   */
-  async signoutSilent(e = {}) {
-    var t;
-    const s = this._logger.create("signoutSilent"), {
-      silentRequestTimeoutInSeconds: i,
-      ...r
-    } = e, o = this.settings.includeIdTokenInSilentSignout ? (t = await this._loadUser()) == null ? void 0 : t.id_token : void 0, n = this.settings.popup_post_logout_redirect_uri, a = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds: i });
-    await this._signout({
-      request_type: "so:s",
-      post_logout_redirect_uri: n,
-      id_token_hint: o,
-      ...r
-    }, a), s.info("success");
-  }
-  /**
-   * Notify the parent window of response (callback) from the end session endpoint.
-   * It is recommended to use {@link UserManager.signoutCallback} instead.
-   *
-   * @returns A promise
-   *
-   * @see {@link UserManager.signoutCallback}
-   */
-  async signoutSilentCallback(e = window.location.href) {
-    const t = this._logger.create("signoutSilentCallback");
-    await this._iframeNavigator.callback(e), t.info("success");
-  }
-  async revokeTokens(e) {
-    const t = await this._loadUser();
-    await this._revokeInternal(t, e);
-  }
-  async _revokeInternal(e, t = this.settings.revokeTokenTypes) {
-    const s = this._logger.create("_revokeInternal");
-    if (!e) return;
-    const i = t.filter((r) => typeof e[r] == "string");
-    if (!i.length) {
-      s.debug("no need to revoke due to no token(s)");
-      return;
-    }
-    for (const r of i)
-      await this._client.revokeToken(
-        e[r],
-        r
-      ), s.info(`${r} revoked successfully`), r !== "access_token" && (e[r] = null);
-    await this.storeUser(e), s.debug("user stored"), await this._events.load(e);
-  }
-  /**
-   * Enables silent renew for the `UserManager`.
-   */
-  startSilentRenew() {
-    this._logger.create("startSilentRenew"), this._silentRenewService.start();
-  }
-  /**
-   * Disables silent renew for the `UserManager`.
-   */
-  stopSilentRenew() {
-    this._silentRenewService.stop();
-  }
-  get _userStoreKey() {
-    return `user:${this.settings.authority}:${this.settings.client_id}`;
-  }
-  async _loadUser() {
-    const e = this._logger.create("_loadUser"), t = await this.settings.userStore.get(this._userStoreKey);
-    return t ? (e.debug("user storageString loaded"), W.fromStorageString(t)) : (e.debug("no user storageString"), null);
-  }
-  async storeUser(e) {
-    const t = this._logger.create("storeUser");
-    if (e) {
-      t.debug("storing user");
-      const s = e.toStorageString();
-      await this.settings.userStore.set(this._userStoreKey, s);
-    } else
-      this._logger.debug("removing user"), await this.settings.userStore.remove(this._userStoreKey), this.settings.dpop && await this.settings.dpop.store.remove(this.settings.client_id);
-  }
-  /**
-   * Removes stale state entries in storage for incomplete authorize requests.
-   */
-  async clearStaleState() {
-    await this._client.clearStaleState();
-  }
-  /**
-   * Dynamically generates a DPoP proof for a given user, URL and optional Http method.
-   * This method is useful when you need to make a request to a resource server
-   * with fetch or similar, and you need to include a DPoP proof in a DPoP header.
-   * @param url - The URL to generate the DPoP proof for
-   * @param user - The user to generate the DPoP proof for
-   * @param httpMethod - Optional, defaults to "GET"
-   * @param nonce - Optional nonce provided by the resource server
-   *
-   * @returns A promise containing the DPoP proof or undefined if DPoP is not enabled/no user is found.
-   */
-  async dpopProof(e, t, s, i) {
-    var r, o;
-    const n = await ((o = (r = this.settings.dpop) == null ? void 0 : r.store) == null ? void 0 : o.get(this.settings.client_id));
-    if (n)
-      return await _.generateDPoPProof({
-        url: e,
-        accessToken: t == null ? void 0 : t.access_token,
-        httpMethod: s,
-        keyPair: n.keys,
-        nonce: i
-      });
-  }
-  async generateDPoPJkt(e) {
-    let t = await e.store.get(this.settings.client_id);
-    if (!t) {
-      const s = await _.generateDPoPKeys();
-      t = new de(s), await e.store.set(this.settings.client_id, t);
-    }
-    return await _.generateDPoPJkt(t.keys);
+    r > -1 && (t = t.slice(r + 1));
+    const n = d("Patches").applyPatches_;
+    return m(e) ? n(e, t) : this.produce(
+      e,
+      (i) => n(i, t)
+    );
   }
 };
+function M(e, t) {
+  const r = b(e) ? d("MapSet").proxyMap_(e, t) : v(e) ? d("MapSet").proxySet_(e, t) : ne(e, t);
+  return (t ? t.scope_ : X()).drafts_.push(r), r;
+}
+function se(e) {
+  return m(e) || f(10, e), J(e);
+}
+function J(e) {
+  if (!_(e) || I(e))
+    return e;
+  const t = e[u];
+  let r, n = !0;
+  if (t) {
+    if (!t.modified_)
+      return t.base_;
+    t.finalized_ = !0, r = N(e, t.scope_.immer_.useStrictShallowCopy_), n = t.scope_.immer_.shouldUseStrictIteration();
+  } else
+    r = N(e, !0);
+  return z(
+    r,
+    (i, o) => {
+      H(r, i, J(o));
+    },
+    n
+  ), t && (t.finalized_ = !1), r;
+}
+var ce = new oe(), fe = ce.produce;
 export {
-  Ie as AccessTokenEvents,
-  Ce as CheckSessionIFrame,
-  de as DPoPState,
-  q as ErrorResponse,
-  G as ErrorTimeout,
-  re as InMemoryWebStorage,
-  D as Log,
-  g as Logger,
-  xe as MetadataService,
-  Le as OidcClient,
-  z as OidcClientSettingsStore,
-  Fe as SessionMonitor,
-  J as SigninResponse,
-  ae as SigninState,
-  $e as SignoutResponse,
-  $ as State,
-  W as User,
-  rt as UserManager,
-  Ve as UserManagerSettingsStore,
-  ne as WebStorageStateStore
+  oe as Immer,
+  se as current,
+  j as freeze,
+  R as immerable,
+  m as isDraft,
+  _ as isDraftable,
+  B as nothing,
+  fe as produce
 };