solid-ui 2.4.27-9d7e618e → 2.4.27-9ee704cb

package/dist/solid-ui.js

@@ -2655,7 +2655,7 @@ var ChatChannel = /*#__PURE__*/function () {
         var oldMsg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : null;
         var deleteIt = arguments.length > 2 ? arguments[2] : undefined;
         return /*#__PURE__*/_regenerator["default"].mark(function _callee2() {
-          var sts, now, timestamp, dateStamp, chatDocument, message, me, msg, oldMsgMaker, errMsg, privateKey, _errMsg;
+          var sts, now, timestamp, dateStamp, chatDocument, message, me, msg, oldMsgMaker, errMsg, privateKey, sig, _errMsg;
           return _regenerator["default"].wrap(function _callee2$(_context2) {
             while (1) switch (_context2.prev = _context2.next) {
               case 0:
@@ -2666,8 +2666,8 @@ var ChatChannel = /*#__PURE__*/function () {
                 chatDocument = oldMsg ? oldMsg.doc() : _this.dateFolder.leafDocumentFromDate(now);
                 message = _solidLogic.store.sym(chatDocument.uri + '#' + 'Msg' + timestamp); // const content = store.literal(text)
                 me = _solidLogic.authn.currentUser(); // If already logged on
-                msg = _signature.getBlankMsg;
-                msg.id = message;
+                msg = (0, _signature.getBlankMsg)();
+                msg.id = message.uri;
                 if (!oldMsg) {
                   _context2.next = 22;
                   break;
@@ -2682,7 +2682,7 @@ var ChatChannel = /*#__PURE__*/function () {
                 if (deleteIt) {
                   // we need to add a specific signature, else anyone can delete a msg ?
                   sts.push($rdf.st(message, ns.schema('dateDeleted'), dateStamp, chatDocument));
-                  msg.dateDeleted = dateStamp;
+                  // msg.dateDeleted = dateStamp
                 }
                 _context2.next = 20;
                 break;
@@ -2701,40 +2701,48 @@ var ChatChannel = /*#__PURE__*/function () {
                 sts.push($rdf.st(message, ns.sioc('content'), _solidLogic.store.literal(text), chatDocument));
                 msg.content = text;
                 sts.push($rdf.st(message, ns.dct('created'), dateStamp, chatDocument));
-                msg.created = dateStamp;
+                msg.created = dateStamp.value;
                 if (!me) {
-                  _context2.next = 34;
+                  _context2.next = 35;
                   break;
                 }
                 sts.push($rdf.st(message, ns.foaf('maker'), me, chatDocument));
-                msg.maker = me;
-                // privateKey the cached private key of me, cache should be deleted after a certain time
+                msg.maker = me.uri;
+                // privateKey the cached private key of me, cached in store
                 _context2.next = 32;
                 return (0, _keys.getPrivateKey)(me);
               case 32:
                 privateKey = _context2.sent;
-                sts.push($rdf.st(message, $rdf.sym("".concat(_signature.SEC, "Proof")), $rdf.sym((0, _signature.signMsg)(msg, privateKey), chatDocument)));
-              case 34:
-                _context2.prev = 34;
-                _context2.next = 37;
+                // me.uri)
+                // const privateKey0 = 'a11bc5d2eee6cdb3b37f5473a712cad905ccfb13fb2ccdbf1be0a1ac4fdc7d2a'
+                sig = (0, _signature.signMsg)(msg, privateKey); // const pubKey0 = '023a9da707bee1302f66083c9d95673ff969b41607a66f52686fa774d64ceb87'
+                /* const pubKey = await getPublicKey(me)
+                const verify = verifySignature(sig, msg, pubKey) // alain to remove
+                debug.warn('sig ' + sig)
+                debug.warn('verifySign ' + verify)
+                debug.warn(msg) */
+                sts.push($rdf.st(message, $rdf.sym("".concat(_signature.SEC, "Proof")), $rdf.lit(sig), chatDocument));
+              case 35:
+                _context2.prev = 35;
+                _context2.next = 38;
                 return _solidLogic.store.updater.update([], sts);
-              case 37:
-                _context2.next = 45;
+              case 38:
+                _context2.next = 46;
                 break;
-              case 39:
-                _context2.prev = 39;
-                _context2.t0 = _context2["catch"](34);
+              case 40:
+                _context2.prev = 40;
+                _context2.t0 = _context2["catch"](35);
                 _errMsg = 'Error saving chat message: ' + _context2.t0;
                 debug.warn(_errMsg);
                 alert(_errMsg);
                 throw new Error(_errMsg);
-              case 45:
-                return _context2.abrupt("return", message);
               case 46:
+                return _context2.abrupt("return", message);
+              case 47:
               case "end":
                 return _context2.stop();
             }
-          }, _callee2, null, [[34, 39]]);
+          }, _callee2, null, [[35, 40]]);
         })();
       });
       function updateMessage(_x2) {
@@ -4035,6 +4043,8 @@ var _utils = __webpack_require__(/*! @noble/hashes/utils */ "./node_modules/@nob
 var _signature = __webpack_require__(/*! ./signature */ "./lib/chat/signature.js");
 var _solidLogic = __webpack_require__(/*! solid-logic */ "./node_modules/solid-logic/lib/index.js");
 var $rdf = _interopRequireWildcard(__webpack_require__(/*! rdflib */ "./node_modules/rdflib/esm/index.js"));
+var _accessData = __webpack_require__(/*! ../utils/keyHelpers/accessData */ "./lib/utils/keyHelpers/accessData.js");
+var _acl = __webpack_require__(/*! ../utils/keyHelpers/acl */ "./lib/utils/keyHelpers/acl.js");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== "object" && typeof obj !== "function") { return { "default": obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj["default"] = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 function generatePrivateKey() {
@@ -4043,112 +4053,209 @@ function generatePrivateKey() {
 function generatePublicKey(privateKey) {
   return (0, _utils.bytesToHex)(_secp256k.schnorr.getPublicKey(privateKey));
 }
-function getPublicKey(webId) {
-  var publicKey = publicKeyExists(webId);
-  return publicKey === null || publicKey === void 0 ? void 0 : publicKey.uri;
-}
-function publicKeyExists(webId) {
-  // find publickey
-  var url = new URL(webId);
-  url.hash = '';
-  _solidLogic.store.fetcher.load(url.href);
-  var publicKey = _solidLogic.store.any(_solidLogic.store.sym(webId), _solidLogic.store.sym(_signature.CERT + 'publicKey'));
-  return publicKey;
-}
-function privateKeyExists(_x) {
-  return _privateKeyExists.apply(this, arguments);
+
+/**
+ * getPublicKey
+ * used for displaying messages in chat, therefore does not
+ * create a new key if not found
+ * @param webId
+ * @returns string | undefined
+ */
+function getPublicKey(_x) {
+  return _getPublicKey.apply(this, arguments);
 }
-function _privateKeyExists() {
-  _privateKeyExists = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee(webId) {
-    var url, privateKeyUrl, privateKey, _err$response, data, contentType, response;
-    return _regenerator["default"].wrap(function _callee$(_context) {
-      while (1) switch (_context.prev = _context.next) {
+function _getPublicKey() {
+  _getPublicKey = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee2(webId) {
+    var publicKeyDoc, key;
+    return _regenerator["default"].wrap(function _callee2$(_context2) {
+      while (1) switch (_context2.prev = _context2.next) {
         case 0:
-          url = new URL(webId);
-          privateKeyUrl = url.hostname + '/profile/privateKey.ttl';
-          _context.prev = 2;
-          _solidLogic.store.fetcher.load(privateKeyUrl);
-          privateKey = _solidLogic.store.any(_solidLogic.store.sym(webId), _solidLogic.store.sym(_signature.CERT + 'privateKey'));
-          return _context.abrupt("return", privateKey);
+          _context2.next = 2;
+          return _solidLogic.store.fetcher.load(webId);
+        case 2:
+          _context2.next = 4;
+          return (0, _accessData.pubKeyUrl)(webId);
+        case 4:
+          publicKeyDoc = _context2.sent;
+          _context2.prev = 5;
+          _context2.next = 8;
+          return _solidLogic.store.fetcher.load(publicKeyDoc);
         case 8:
-          _context.prev = 8;
-          _context.t0 = _context["catch"](2);
-          if (!((_context.t0 === null || _context.t0 === void 0 ? void 0 : (_err$response = _context.t0.response) === null || _err$response === void 0 ? void 0 : _err$response.status) === 404)) {
-            _context.next = 25;
-            break;
-          }
-          _context.prev = 11;
-          // create privateKey resource
-          data = '';
-          contentType = 'text/ttl';
-          _context.next = 16;
-          return _solidLogic.store.fetcher.webOperation('PUT', privateKeyUrl, {
-            data: data,
-            contentType: contentType
-          });
-        case 16:
-          response = _context.sent;
-          _context.next = 23;
-          break;
-        case 19:
-          _context.prev = 19;
-          _context.t1 = _context["catch"](11);
-          debug.log('createIfNotExists doc FAILED: ' + privateKeyUrl + ': ' + _context.t1);
-          throw _context.t1;
-        case 23:
-          delete _solidLogic.store.fetcher.requested[privateKeyUrl]; // delete cached 404 error
-          return _context.abrupt("return", undefined);
-        case 25:
-          debug.log('createIfNotExists doc FAILED: ' + privateKeyUrl + ': ' + _context.t0);
-          throw _context.t0;
-        case 27:
+          // url.href)
+          key = _solidLogic.store.any(webId, _solidLogic.store.sym(_signature.CERT + 'PublicKey'));
+          return _context2.abrupt("return", key === null || key === void 0 ? void 0 : key.value);
+        case 12:
+          _context2.prev = 12;
+          _context2.t0 = _context2["catch"](5);
+          return _context2.abrupt("return", undefined);
+        case 15:
         case "end":
-          return _context.stop();
+          return _context2.stop();
       }
-    }, _callee, null, [[2, 8], [11, 19]]);
+    }, _callee2, null, [[5, 12]]);
   }));
-  return _privateKeyExists.apply(this, arguments);
+  return _getPublicKey.apply(this, arguments);
 }
 function getPrivateKey(_x2) {
   return _getPrivateKey.apply(this, arguments);
 }
 function _getPrivateKey() {
-  _getPrivateKey = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee2(webId) {
-    var url, privateKeyUrl, publicKey, privateKey, del, add;
-    return _regenerator["default"].wrap(function _callee2$(_context2) {
-      while (1) switch (_context2.prev = _context2.next) {
+  _getPrivateKey = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee3(webId) {
+    var publicKeyDoc, privateKeyDoc, publicKey, privateKey, validPublicKey, del, add, newPublicKey, keyContainer;
+    return _regenerator["default"].wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
         case 0:
-          url = new URL(webId);
-          privateKeyUrl = url.hostname + '/profile/privateKey.ttl'; // find publickey
-          publicKey = publicKeyExists(webId); // find privateKey
-          _context2.next = 5;
-          return privateKeyExists(webId);
-        case 5:
-          privateKey = _context2.sent;
-          if (!(!privateKey || !publicKey)) {
-            _context2.next = 17;
+          _context3.next = 2;
+          return _solidLogic.store.fetcher.load(webId);
+        case 2:
+          _context3.next = 4;
+          return (0, _accessData.pubKeyUrl)(webId);
+        case 4:
+          publicKeyDoc = _context3.sent;
+          _context3.next = 7;
+          return (0, _accessData.privKeyUrl)(webId);
+        case 7:
+          privateKeyDoc = _context3.sent;
+          _context3.next = 10;
+          return (0, _accessData.getExistingPublicKey)(webId, publicKeyDoc);
+        case 10:
+          publicKey = _context3.sent;
+          _context3.next = 13;
+          return (0, _accessData.getExistingPrivateKey)(webId, privateKeyDoc);
+        case 13:
+          privateKey = _context3.sent;
+          // is publicKey valid ?
+          validPublicKey = true;
+          if (privateKey && publicKey !== generatePublicKey(privateKey)) {
+            if (confirm('This is strange the publicKey is not valid for\n' + (webId === null || webId === void 0 ? void 0 : webId.uri) + '\'shall we repair keeping the private key ?')) validPublicKey = false;
+          }
+
+          // create key pair or repair publicKey
+          if (!(!privateKey || !publicKey || !validPublicKey)) {
+            _context3.next = 34;
             break;
           }
           del = [];
-          add = [];
-          if (privateKey) del.push($rdf.st($rdf.sym(webId), $rdf.sym(_signature.CERT + 'privateKey'), privateKey, $rdf.sym(privateKeyUrl)));
-          if (publicKey) del.push($rdf.st($rdf.sym(webId), $rdf.sym(_signature.CERT + 'publicKey'), publicKey, $rdf.sym(url.href)));
-          privateKey = _solidLogic.store.sym(generatePrivateKey());
-          publicKey = _solidLogic.store.sym(generatePublicKey(privateKey.uri));
-          add.push($rdf.st($rdf.sym(webId), $rdf.sym(_signature.CERT + 'privateKey'), $rdf.literal(privateKey.uri), $rdf.sym(privateKeyUrl)));
-          add.push($rdf.st($rdf.sym(webId), $rdf.sym(_signature.CERT + 'publicKey'), $rdf.literal(publicKey.uri), $rdf.sym(url.href)));
-          _context2.next = 17;
-          return _solidLogic.store.updater.updateMany(del, add);
-        case 17:
-          return _context2.abrupt("return", privateKey.uri);
-        case 18:
+          add = []; // if (privateKey) del.push($rdf.st(webId, store.sym(CERT + 'PrivateKey'), $rdf.lit(privateKey), store.sym(privateKeyDoc)))
+          if (privateKey) {
+            _context3.next = 24;
+            break;
+          }
+          // add = []
+          privateKey = generatePrivateKey();
+          add = [$rdf.st(webId, _solidLogic.store.sym(_signature.CERT + 'PrivateKey'), $rdf.literal(privateKey), _solidLogic.store.sym(privateKeyDoc))];
+          _context3.next = 24;
+          return saveKey(privateKeyDoc, [], add, webId.uri);
+        case 24:
+          if (!(!publicKey || !validPublicKey)) {
+            _context3.next = 31;
+            break;
+          }
+          del = [];
+          // delete invalid public key
+          if (publicKey) {
+            del = [$rdf.st(webId, _solidLogic.store.sym(_signature.CERT + 'PublicKey'), $rdf.lit(publicKey), _solidLogic.store.sym(publicKeyDoc))];
+            debug.log(del);
+          }
+          // update new valid key
+          newPublicKey = generatePublicKey(privateKey);
+          add = [$rdf.st(webId, _solidLogic.store.sym(_signature.CERT + 'PublicKey'), $rdf.literal(newPublicKey), _solidLogic.store.sym(publicKeyDoc))];
+          _context3.next = 31;
+          return saveKey(publicKeyDoc, del, add);
+        case 31:
+          keyContainer = privateKeyDoc.substring(0, privateKeyDoc.lastIndexOf('/') + 1);
+          _context3.next = 34;
+          return (0, _acl.setAcl)(keyContainer, (0, _acl.keyContainerAclBody)(webId.uri));
+        case 34:
+          return _context3.abrupt("return", privateKey);
+        case 35:
         case "end":
-          return _context2.stop();
+          return _context3.stop();
       }
-    }, _callee2);
+    }, _callee3);
   }));
   return _getPrivateKey.apply(this, arguments);
 }
+var deleteKeyAcl = /*#__PURE__*/function () {
+  var _ref = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee(keyDoc) {
+    var keyAclDoc, response;
+    return _regenerator["default"].wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          _context.next = 2;
+          return _solidLogic.store.fetcher.load(keyDoc);
+        case 2:
+          keyAclDoc = _solidLogic.store.any(_solidLogic.store.sym(keyDoc), _solidLogic.store.sym('http://www.iana.org/assignments/link-relations/acl'));
+          if (!keyAclDoc) {
+            _context.next = 16;
+            break;
+          }
+          _context.prev = 4;
+          _context.next = 7;
+          return _solidLogic.store.fetcher.webOperation('DELETE', keyAclDoc.value);
+        case 7:
+          response = _context.sent;
+          // this may fail if webId is not an owner
+          debug.log('delete ' + keyAclDoc.value + ' ' + response.status); // should test 404 and 2xx
+          _context.next = 16;
+          break;
+        case 11:
+          _context.prev = 11;
+          _context.t0 = _context["catch"](4);
+          if (!(_context.t0.response.status !== 404)) {
+            _context.next = 15;
+            break;
+          }
+          throw new Error(_context.t0);
+        case 15:
+          debug.log('delete ' + keyAclDoc.value + ' ' + _context.t0.response.status); // should test 404 and 2xx
+        case 16:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee, null, [[4, 11]]);
+  }));
+  return function deleteKeyAcl(_x3) {
+    return _ref.apply(this, arguments);
+  };
+}();
+
+/**
+ * delete acl if keydoc exists
+ * create/edit keyDoc
+ * set keyDoc acl
+ */
+function saveKey(_x4, _x5, _x6) {
+  return _saveKey.apply(this, arguments);
+}
+function _saveKey() {
+  _saveKey = (0, _asyncToGenerator2["default"])(function (keyDoc, del, add) {
+    var me = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : '';
+    return /*#__PURE__*/_regenerator["default"].mark(function _callee4() {
+      var aclBody;
+      return _regenerator["default"].wrap(function _callee4$(_context4) {
+        while (1) switch (_context4.prev = _context4.next) {
+          case 0:
+            _context4.next = 2;
+            return deleteKeyAcl(keyDoc);
+          case 2:
+            _context4.next = 4;
+            return _solidLogic.store.updater.updateMany(del, add);
+          case 4:
+            // or a promise store.updater.update ?
+            // create READ only ACL
+            aclBody = (0, _acl.keyAclBody)(keyDoc, me);
+            _context4.next = 7;
+            return (0, _acl.setAcl)(keyDoc, aclBody);
+          case 7:
+          case "end":
+            return _context4.stop();
+        }
+      }, _callee4);
+    })();
+  });
+  return _saveKey.apply(this, arguments);
+}
 //# sourceMappingURL=keys.js.map
 
 /***/ }),
@@ -4201,7 +4308,11 @@ var messageBodyStyle = style.messageBodyStyle;
 var label = utils.label;
 
 /**
+ * elementForImageURI
  * HTML component for an image
+ * @param imageUri
+ * @param options { inlineImageHeightEms }
+ * @returns HTMLAnchorElement For Image
  */
 function elementForImageURI(imageUri, options) {
   var img = dom.createElement('img');
@@ -4231,21 +4342,27 @@ var anchor = function anchor(text, term) {
   a.textContent = text;
   return a;
 };
-function nick(person) {
+function nickname(person) {
   var s = _solidLogic.store.any(person, ns.foaf('nick'));
   if (s) return '' + s.value;
   return '' + label(person);
 }
 
 /**
+ * creatorAndDate
  * Displays creator and date for a chat message
  * inside the `td1` element
+ * @param td1
+ * @param creator
+ * @param date
+ * @param message
+ * @returns HTMLAnchorElement For Image
  */
 function creatorAndDate(td1, creator, date, message) {
-  var nickAnchor = td1.appendChild(anchor(nick(creator), creator));
+  var nickAnchor = td1.appendChild(anchor(nickname(creator), creator));
   if (creator.uri) {
     _solidLogic.store.fetcher.nowOrWhenFetched(creator.doc(), undefined, function (_ok, _body) {
-      nickAnchor.textContent = nick(creator);
+      nickAnchor.textContent = nickname(creator);
     });
   }
   td1.appendChild(dom.createElement('br'));
@@ -4253,14 +4370,20 @@ function creatorAndDate(td1, creator, date, message) {
 }
 
 /**
+ * creatorAndDateHorizontal
  * Horizontally displays creator and date for a chat message
  * inside the `td1` element
+ * @param td1
+ * @param creator
+ * @param date
+ * @param message
+ * @returns HTMLAnchorElement For Image
  */
 function creatorAndDateHorizontal(td1, creator, date, message) {
   var nickAnchor = td1.appendChild(anchor(label(creator), creator));
   if (creator.uri) {
     _solidLogic.store.fetcher.nowOrWhenFetched(creator.doc(), undefined, function (_ok, _body) {
-      nickAnchor.textContent = nick(creator);
+      nickAnchor.textContent = nickname(creator);
     });
   }
   var dateBit = td1.appendChild(anchor(date, message));
@@ -4270,33 +4393,61 @@ function creatorAndDateHorizontal(td1, creator, date, message) {
 }
 
 /**
+ * renderMessageRow
  * Renders a chat message, read-only mode
+ * @param channelObject
+ * @param message
+ * @param fresh
+ * @param options
+ * @param userContext
+ * @returns Message Row HTML Table Element
  */
 function renderMessageRow(channelObject, message, fresh, options, userContext) {
+  var unsignedMessage = false;
   var colorizeByAuthor = options.colorizeByAuthor === '1' || options.colorizeByAuthor === true;
   var creator = _solidLogic.store.any(message, ns.foaf('maker'));
   var date = _solidLogic.store.any(message, ns.dct('created'));
   var latestVersion = (0, _chatLogic.mostRecentVersion)(message);
-  var content = _solidLogic.store.any(latestVersion, ns.sioc('content'));
-  var signature = _solidLogic.store.any(message, $rdf.sym("".concat(_signature.SEC, "Proof")));
+  var latestVersionCreator = _solidLogic.store.any(latestVersion, ns.foaf('maker'));
 
-  // verify signature
+  // use latest content if same owner, else use original
+  var msgId = creator.uri === latestVersionCreator.uri ? latestVersion : message;
+  var content = _solidLogic.store.any(msgId, ns.sioc('content'));
+  var signature = _solidLogic.store.any(msgId, $rdf.sym("".concat(_signature.SEC, "Proof")));
+
+  // set message object
   var msg = (0, _signature.getBlankMsg)();
-  msg.id = message;
-  msg.created = date;
-  // this is not correct.
-  // If the message has been edited/deleted we must verify the latest message and may be the intermediate ones
-  msg.content = content;
-  msg.maker = creator;
-
-  // pubKey could be store in a cache for all makers
-  var pubKey = (0, _keys.getPublicKey)(creator); // alain no
-  if (!(0, _signature.verifySignature)(signature, msg, pubKey)) throw new Error();
+  msg.id = msgId.uri;
+  msg.created = _solidLogic.store.any(msgId, ns.dct('created')).value;
+  msg.content = content.value;
+  msg.maker = creator.uri;
+
+  // unsigned message
+  if (!(signature !== null && signature !== void 0 && signature.value)) {
+    unsignedMessage = true;
+    debug.warn(msgId.uri + ' is unsigned'); // TODO replace with UI (colored message ?)
+  } else {
+    // signed message, get public key and check signature
+    (0, _keys.getPublicKey)(creator).then(function (publicKey) {
+      debug.log(creator.uri + '\n' + msg.created + '\n' + msg.id + '\n' + publicKey);
+      if (!publicKey) {
+        // TODO try to recreate the publicKey
+        // if(me.uri === creator.uri) await getPrivateKey(creator)
+        debug.warn('message is signed but ' + creator.uri + ' is missing publicKey');
+      }
+      // check that publicKey is a valid hex string
+      var regex = /[0-9A-Fa-f]{6}/g;
+      if (!(publicKey !== null && publicKey !== void 0 && publicKey.match(regex))) debug.warn('invalid publicKey hex string\n' + creator.uri + '\n' + publicKey);
+      // verify signature
+      else if (signature !== null && signature !== void 0 && signature.value && !(0, _signature.verifySignature)(signature === null || signature === void 0 ? void 0 : signature.value, msg, publicKey)) debug.warn('invalid signature\n' + msg.id);
+    });
+  }
   var originalMessage = (0, _chatLogic.originalVersion)(message);
   var edited = !message.sameTerm(originalMessage);
   var sortDate = _solidLogic.store.the(originalMessage, ns.dct('created'), null, originalMessage.doc()); // In message
 
   var messageRow = dom.createElement('tr');
+  if (unsignedMessage) messageRow.setAttribute('style', 'background-color: red');
   messageRow.AJAR_date = sortDate.value;
   messageRow.AJAR_subject = message;
   var td1 = dom.createElement('td');
@@ -4385,7 +4536,8 @@ function renderMessageRow(channelObject, message, fresh, options, userContext) {
     toolsTD.appendChild(tools);
   });
   return messageRow;
-}
+} // END OF RENDERMESSAGE
+
 function switchToEditor(messageRow, message, channelObject, userContext) {
   var messageTable = messageRow.parentNode;
   var editRow = renderMessageEditor(channelObject, messageTable, userContext, channelObject.options, (0, _chatLogic.mostRecentVersion)(message));
@@ -5085,13 +5237,11 @@ Object.defineProperty(exports, "__esModule", ({
   value: true
 }));
 exports.SEC = exports.CERT = void 0;
-exports.finishMsg = finishMsg;
 exports.getBlankMsg = getBlankMsg;
 exports.getMsgHash = getMsgHash;
 exports.serializeMsg = serializeMsg;
 exports.signMsg = signMsg;
 exports.utf8Encoder = exports.utf8Decoder = void 0;
-exports.validateMsg = validateMsg;
 exports.verifySignature = verifySignature;
 var _secp256k = __webpack_require__(/*! @noble/curves/secp256k1 */ "./node_modules/@noble/curves/secp256k1.js");
 var _utils = __webpack_require__(/*! @noble/hashes/utils */ "./node_modules/@noble/hashes/utils.js");
@@ -5105,7 +5255,7 @@ var utf8Encoder = new TextEncoder();
 exports.utf8Encoder = utf8Encoder;
 var SEC = 'https://w3id.org/security#'; // Proof, VerificationMethod
 exports.SEC = SEC;
-var CERT = 'http://www.w3.org/ns/auth/cert#'; // PrivatKey, PublicKey
+var CERT = 'http://www.w3.org/ns/auth/cert#'; // PrivateKey, PublicKey
 
 /* eslint-disable no-unused-vars */
 /* export enum Kind {
@@ -5137,19 +5287,22 @@ function getBlankMsg() {
     id: '',
     created: '',
     dateDeleted: '',
+    // TODO to remove if not used
     content: '',
     maker: '',
-    sig: ''
+    sig: '' // TODO to remove if not used
   };
 }
-function finishMsg(t, privateKey) {
-  // to update to chat message triples
-  var message = t;
-  // message.pubkey = getPublicKey(privateKey)
-  message.id = getMsgHash(message);
-  message.sig = signMsg(message, privateKey);
-  return message;
-}
+
+/* export function finishMsg (t: MsgTemplate, privateKey: string): Message {
+  // to update to chat message triples
+  const message = t as Message
+  // message.pubkey = getPublicKey(privateKey)
+  message.id = getMsgHash(message)
+  message.sig = signMsg(message, privateKey)
+  return message
+} */
+
 function serializeMsg(msg) {
   // to update to chat messages triples
   /* if (!validateMsg(msg))
@@ -5161,27 +5314,29 @@ function getMsgHash(message) {
   var msgHash = (0, _sha.sha256)(utf8Encoder.encode(serializeMsg(message)));
   return (0, _utils.bytesToHex)(msgHash);
 }
-var isRecord = function isRecord(obj) {
-  return obj instanceof Object;
-};
-function validateMsg(message) {
-  /* if (!isRecord(message)) return false
+
+// const isRecord = (obj: unknown): obj is Record<string, unknown> => obj instanceof Object
+
+/* export function validateMsg<T> (message: T): message is T & UnsignedMsg {
+  if (!isRecord(message)) return false
   if (typeof message.kind !== 'number') return false
   if (typeof message.content !== 'string') return false
   if (typeof message.created_at !== 'number') return false
   if (typeof message.pubkey !== 'string') return false
   if (!message.pubkey.match(/^[a-f0-9]{64}$/)) return false
-    if (!Array.isArray(message.tags)) return false
+
+  if (!Array.isArray(message.tags)) return false
   for (let i = 0; i < message.tags.length; i++) {
     let tag = message.tags[i]
     if (!Array.isArray(tag)) return false
     for (let j = 0; j < tag.length; j++) {
       if (typeof tag[j] === 'object') return false
     }
-  } */
+  }
+
+  return true
+} */
 
-  return true;
-}
 function verifySignature(sig, message, pubKey) {
   return _secp256k.schnorr.verify(sig, getMsgHash(message), pubKey);
 }
@@ -13110,6 +13265,328 @@ function predParentOf(node) {
 
 /***/ }),
 
+/***/ "./lib/utils/keyHelpers/accessData.js":
+/*!********************************************!*\
+  !*** ./lib/utils/keyHelpers/accessData.js ***!
+  \********************************************/
+/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
+
+"use strict";
+
+
+var _interopRequireDefault = __webpack_require__(/*! @babel/runtime/helpers/interopRequireDefault */ "./node_modules/@babel/runtime/helpers/interopRequireDefault.js");
+var _typeof = __webpack_require__(/*! @babel/runtime/helpers/typeof */ "./node_modules/@babel/runtime/helpers/typeof.js");
+Object.defineProperty(exports, "__esModule", ({
+  value: true
+}));
+exports.getExistingPrivateKey = getExistingPrivateKey;
+exports.getExistingPublicKey = getExistingPublicKey;
+exports.getKeyIfExists = getKeyIfExists;
+exports.pubKeyUrl = exports.privKeyUrl = exports.getPodRoot = void 0;
+var _regenerator = _interopRequireDefault(__webpack_require__(/*! @babel/runtime/regenerator */ "./node_modules/@babel/runtime/regenerator/index.js"));
+var _asyncToGenerator2 = _interopRequireDefault(__webpack_require__(/*! @babel/runtime/helpers/asyncToGenerator */ "./node_modules/@babel/runtime/helpers/asyncToGenerator.js"));
+var debug = _interopRequireWildcard(__webpack_require__(/*! ../../debug */ "./lib/debug.js"));
+var _signature = __webpack_require__(/*! ../../chat/signature */ "./lib/chat/signature.js");
+var _solidLogic = __webpack_require__(/*! solid-logic */ "./node_modules/solid-logic/lib/index.js");
+var ns = _interopRequireWildcard(__webpack_require__(/*! ../../ns */ "./lib/ns.js"));
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== "object" && typeof obj !== "function") { return { "default": obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj["default"] = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+var getPodRoot = /*#__PURE__*/function () {
+  var _ref = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee(webId) {
+    var webIdURL, storages, podRoot, path, _res$headers$get, res;
+    return _regenerator["default"].wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          webIdURL = new URL(webId.uri); // find storages in webId document
+          _context.next = 3;
+          return _solidLogic.store.fetcher.load(webId.uri);
+        case 3:
+          storages = _solidLogic.store.each(webId, ns.space('storage'), null, webId.doc());
+          if (storages !== null && storages !== void 0 && storages.length) {
+            _context.next = 19;
+            break;
+          }
+          // find storage recursively in webId URL
+          path = webIdURL.pathname;
+        case 6:
+          if (!path.length) {
+            _context.next = 17;
+            break;
+          }
+          path = path.substring(0, path.lastIndexOf('/'));
+          podRoot = _solidLogic.store.sym(webIdURL.origin + path + '/');
+          _context.next = 11;
+          return _solidLogic.store.fetcher.webOperation('HEAD', podRoot.uri);
+        case 11:
+          res = _context.sent;
+          if (!((_res$headers$get = res.headers.get('link')) !== null && _res$headers$get !== void 0 && _res$headers$get.includes(ns.space('Storage').value))) {
+            _context.next = 14;
+            break;
+          }
+          return _context.abrupt("break", 17);
+        case 14:
+          if (!path) debug.warn("Current user storage not found for\n".concat(webId));
+          _context.next = 6;
+          break;
+        case 17:
+          _context.next = 21;
+          break;
+        case 19:
+          // give preference to storage in webId root
+          podRoot = storages.find(function (storage) {
+            return webIdURL.origin === new URL(storage.value).origin;
+          });
+          if (!podRoot) podRoot = storages[0];
+        case 21:
+          return _context.abrupt("return", podRoot);
+        case 22:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee);
+  }));
+  return function getPodRoot(_x) {
+    return _ref.apply(this, arguments);
+  };
+}();
+exports.getPodRoot = getPodRoot;
+var pubKeyUrl = /*#__PURE__*/function () {
+  var _ref2 = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee2(webId) {
+    return _regenerator["default"].wrap(function _callee2$(_context2) {
+      while (1) switch (_context2.prev = _context2.next) {
+        case 0:
+          _context2.prev = 0;
+          _context2.next = 3;
+          return getPodRoot(webId);
+        case 3:
+          _context2.t0 = _context2.sent.value;
+          return _context2.abrupt("return", _context2.t0 + 'profile/keys/publicKey.ttl');
+        case 7:
+          _context2.prev = 7;
+          _context2.t1 = _context2["catch"](0);
+          throw new Error(_context2.t1);
+        case 10:
+        case "end":
+          return _context2.stop();
+      }
+    }, _callee2, null, [[0, 7]]);
+  }));
+  return function pubKeyUrl(_x2) {
+    return _ref2.apply(this, arguments);
+  };
+}();
+exports.pubKeyUrl = pubKeyUrl;
+function getExistingPublicKey(_x3, _x4) {
+  return _getExistingPublicKey.apply(this, arguments);
+}
+function _getExistingPublicKey() {
+  _getExistingPublicKey = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee4(webId, publicKeyUrl) {
+    return _regenerator["default"].wrap(function _callee4$(_context4) {
+      while (1) switch (_context4.prev = _context4.next) {
+        case 0:
+          _context4.next = 2;
+          return getKeyIfExists(webId, publicKeyUrl, 'PublicKey');
+        case 2:
+          return _context4.abrupt("return", _context4.sent);
+        case 3:
+        case "end":
+          return _context4.stop();
+      }
+    }, _callee4);
+  }));
+  return _getExistingPublicKey.apply(this, arguments);
+}
+var privKeyUrl = /*#__PURE__*/function () {
+  var _ref3 = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee3(webId) {
+    var _store$any, _settings;
+    var settings, _settings2, podRoot;
+    return _regenerator["default"].wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
+        case 0:
+          settings = (_store$any = _solidLogic.store.any(webId, ns.space('preferencesFile'), null, webId.doc())) === null || _store$any === void 0 ? void 0 : _store$any.value;
+          settings = (_settings = settings) === null || _settings === void 0 ? void 0 : _settings.split('/').slice(0, -1).join('/');
+          _context3.prev = 2;
+          _context3.next = 5;
+          return getPodRoot(webId);
+        case 5:
+          podRoot = _context3.sent;
+          if ((_settings2 = settings) !== null && _settings2 !== void 0 && _settings2.startsWith(podRoot.value)) {
+            _context3.next = 8;
+            break;
+          }
+          throw new Error("/settings/ is expected to be in ".concat(podRoot.value));
+        case 8:
+          return _context3.abrupt("return", "".concat(settings, "/keys/privateKey.ttl"));
+        case 11:
+          _context3.prev = 11;
+          _context3.t0 = _context3["catch"](2);
+          throw new Error(_context3.t0);
+        case 14:
+        case "end":
+          return _context3.stop();
+      }
+    }, _callee3, null, [[2, 11]]);
+  }));
+  return function privKeyUrl(_x5) {
+    return _ref3.apply(this, arguments);
+  };
+}();
+exports.privKeyUrl = privKeyUrl;
+function getExistingPrivateKey(_x6, _x7) {
+  return _getExistingPrivateKey.apply(this, arguments);
+}
+function _getExistingPrivateKey() {
+  _getExistingPrivateKey = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee5(webId, privateKeyUrl) {
+    return _regenerator["default"].wrap(function _callee5$(_context5) {
+      while (1) switch (_context5.prev = _context5.next) {
+        case 0:
+          _context5.next = 2;
+          return getKeyIfExists(webId, privateKeyUrl, 'PrivateKey');
+        case 2:
+          return _context5.abrupt("return", _context5.sent);
+        case 3:
+        case "end":
+          return _context5.stop();
+      }
+    }, _callee5);
+  }));
+  return _getExistingPrivateKey.apply(this, arguments);
+}
+function getKeyIfExists(_x8, _x9, _x10) {
+  return _getKeyIfExists.apply(this, arguments);
+}
+function _getKeyIfExists() {
+  _getKeyIfExists = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee6(webId, keyUrl, keyType) {
+    var key;
+    return _regenerator["default"].wrap(function _callee6$(_context6) {
+      while (1) switch (_context6.prev = _context6.next) {
+        case 0:
+          _context6.prev = 0;
+          _context6.next = 3;
+          return _solidLogic.store.fetcher.load(keyUrl);
+        case 3:
+          key = _solidLogic.store.any(webId, _solidLogic.store.sym(_signature.CERT + keyType));
+          return _context6.abrupt("return", key === null || key === void 0 ? void 0 : key.value);
+        case 7:
+          _context6.prev = 7;
+          _context6.t0 = _context6["catch"](0);
+          debug.log('createIfNotExists doc FAILED: ' + keyUrl + ': ' + _context6.t0);
+          throw _context6.t0;
+        case 11:
+        case "end":
+          return _context6.stop();
+      }
+    }, _callee6, null, [[0, 7]]);
+  }));
+  return _getKeyIfExists.apply(this, arguments);
+}
+//# sourceMappingURL=accessData.js.map
+
+/***/ }),
+
+/***/ "./lib/utils/keyHelpers/acl.js":
+/*!*************************************!*\
+  !*** ./lib/utils/keyHelpers/acl.js ***!
+  \*************************************/
+/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
+
+"use strict";
+
+
+var _interopRequireDefault = __webpack_require__(/*! @babel/runtime/helpers/interopRequireDefault */ "./node_modules/@babel/runtime/helpers/interopRequireDefault.js");
+var _typeof = __webpack_require__(/*! @babel/runtime/helpers/typeof */ "./node_modules/@babel/runtime/helpers/typeof.js");
+Object.defineProperty(exports, "__esModule", ({
+  value: true
+}));
+exports.keyContainerAclBody = exports.keyAclBody = void 0;
+exports.setAcl = setAcl;
+var _regenerator = _interopRequireDefault(__webpack_require__(/*! @babel/runtime/regenerator */ "./node_modules/@babel/runtime/regenerator/index.js"));
+var _asyncToGenerator2 = _interopRequireDefault(__webpack_require__(/*! @babel/runtime/helpers/asyncToGenerator */ "./node_modules/@babel/runtime/helpers/asyncToGenerator.js"));
+var debug = _interopRequireWildcard(__webpack_require__(/*! ../../debug */ "./lib/debug.js"));
+var _solidLogic = __webpack_require__(/*! solid-logic */ "./node_modules/solid-logic/lib/index.js");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== "object" && typeof obj !== "function") { return { "default": obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj["default"] = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+/**
+ * set ACL
+ * @param keyDoc
+ * @param aclBody
+ */
+function setAcl(_x, _x2) {
+  return _setAcl.apply(this, arguments);
+}
+/**
+ * key container ACL
+ * @param me
+ * @returns aclBody
+ */
+function _setAcl() {
+  _setAcl = (0, _asyncToGenerator2["default"])( /*#__PURE__*/_regenerator["default"].mark(function _callee(keyDoc, aclBody) {
+    var keyAclDoc, _err$response;
+    return _regenerator["default"].wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          _context.next = 2;
+          return _solidLogic.store.fetcher.load(keyDoc);
+        case 2:
+          // FIXME: check the Why value on this quad:
+          debug.log(_solidLogic.store.statementsMatching(_solidLogic.store.sym(keyDoc), _solidLogic.store.sym('http://www.iana.org/assignments/link-relations/acl')));
+          keyAclDoc = _solidLogic.store.any(_solidLogic.store.sym(keyDoc), _solidLogic.store.sym('http://www.iana.org/assignments/link-relations/acl'));
+          if (keyAclDoc) {
+            _context.next = 6;
+            break;
+          }
+          throw new Error('Key ACL doc not found!');
+        case 6:
+          _context.prev = 6;
+          _context.next = 9;
+          return _solidLogic.store.fetcher.webOperation('PUT', keyAclDoc.value, {
+            data: aclBody,
+            contentType: 'text/turtle'
+          });
+        case 9:
+          _context.next = 16;
+          break;
+        case 11:
+          _context.prev = 11;
+          _context.t0 = _context["catch"](6);
+          if (!((_context.t0 === null || _context.t0 === void 0 ? void 0 : (_err$response = _context.t0.response) === null || _err$response === void 0 ? void 0 : _err$response.status) !== 404)) {
+            _context.next = 15;
+            break;
+          }
+          throw new Error(_context.t0);
+        case 15:
+          debug.log('delete ' + keyAclDoc.value + ' ' + _context.t0.response.status); // should test 404 and 2xx
+        case 16:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee, null, [[6, 11]]);
+  }));
+  return _setAcl.apply(this, arguments);
+}
+var keyContainerAclBody = function keyContainerAclBody(me) {
+  var aclBody = "\n@prefix : <#>.\n@prefix acl: <http://www.w3.org/ns/auth/acl#>.\n@prefix foaf: <http://xmlns.com/foaf/0.1/>.\n@prefix key: <./>.\n\n:ReadWrite\n    a acl:Authorization;\n    acl:accessTo key:;\n    acl:default key:;\n    acl:agent <".concat(me, ">;\n    acl:mode acl:Read, acl:Write.\n");
+  return aclBody;
+};
+
+/**
+ * Read only ACL
+ * @param keyDoc
+ * @param me
+ * @returns aclBody
+ */
+exports.keyContainerAclBody = keyContainerAclBody;
+var keyAclBody = function keyAclBody(keyDoc, me) {
+  var keyAgent = 'acl:agentClass foaf:Agent'; // publicKey
+  if (me !== null && me !== void 0 && me.length) keyAgent = "acl:agent <".concat(me, ">"); // privateKey
+  var aclBody = "\n@prefix foaf: <http://xmlns.com/foaf/0.1/>.\n@prefix acl: <http://www.w3.org/ns/auth/acl#>.\n<#Read>\n    a acl:Authorization;\n    ".concat(keyAgent, ";\n    acl:accessTo <").concat(keyDoc.split('/').pop(), ">;\n    acl:mode acl:Read.\n");
+  return aclBody;
+};
+exports.keyAclBody = keyAclBody;
+//# sourceMappingURL=acl.js.map
+
+/***/ }),
+
 /***/ "./lib/utils/label.js":
 /*!****************************!*\
   !*** ./lib/utils/label.js ***!
@@ -13238,8 +13715,8 @@ Object.defineProperty(exports, "__esModule", ({
 }));
 exports.versionInfo = void 0;
 var versionInfo = {
-  buildTime: '2023-04-19T18:00:23Z',
-  commit: '9d7e618ee7fcecf32422bd474b50a9bd5f142647',
+  buildTime: '2023-05-22T23:33:26Z',
+  commit: '9ee704cb3d4f7cee133d5ac15202f5978853c92a',
   npmInfo: {
     'solid-ui': '2.4.27',
     npm: '8.19.4',
@@ -25402,6 +25879,8 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony import */ var _inrupt_oidc_client__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! @inrupt/oidc-client */ "./node_modules/@inrupt/oidc-client/lib/oidc-client.min.js");
 /* harmony import */ var _inrupt_oidc_client__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(_inrupt_oidc_client__WEBPACK_IMPORTED_MODULE_0__);
 /* harmony import */ var _inrupt_solid_client_authn_core__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! @inrupt/solid-client-authn-core */ "./node_modules/@inrupt/solid-client-authn-core/dist/index.mjs");
+/* harmony import */ var _inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.mjs");
+
 
 
 
@@ -25555,7 +26034,7 @@ async function getTokens(issuer, client, data, dpop) {
         headers,
         body: new URLSearchParams(requestBody).toString(),
     };
-    const rawTokenResponse = await await fetch(issuer.tokenEndpoint, tokenRequestInit);
+    const rawTokenResponse = await (0,_inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__.fetch)(issuer.tokenEndpoint, tokenRequestInit);
     const jsonTokenResponse = (await rawTokenResponse.json());
     const tokenResponse = validateTokenEndpointResponse(jsonTokenResponse, dpop);
     const webId = await (0,_inrupt_solid_client_authn_core__WEBPACK_IMPORTED_MODULE_1__.getWebidFromTokenPayload)(tokenResponse.id_token, issuer.jwksUri, issuer.issuer, client.clientId);
@@ -25639,7 +26118,7 @@ async function refresh(refreshToken, issuer, client, dpopKey) {
     else if (isValidUrl(client.clientId)) {
         requestBody.client_id = client.clientId;
     }
-    const rawResponse = await fetch(issuer.tokenEndpoint, {
+    const rawResponse = await (0,_inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__.fetch)(issuer.tokenEndpoint, {
         method: "POST",
         body: new URLSearchParams(requestBody).toString(),
         headers: {
@@ -25754,8 +26233,9 @@ e.read=function(t,e,r,n,i){var o,s,a=8*i-n-1,u=(1<<a)-1,c=u>>1,h=-7,l=r?i-1:0,f=
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 const solid_client_authn_core_1 = __webpack_require__(/*! @inrupt/solid-client-authn-core */ "./node_modules/@inrupt/solid-client-authn-core/dist/index.js");
+const universal_fetch_1 = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js");
 const oidc_client_ext_1 = __webpack_require__(/*! @inrupt/oidc-client-ext */ "./node_modules/@inrupt/oidc-client-ext/dist/index.es.js");
-const globalFetch = (request, init) => window.fetch(request, init);
+const globalFetch = (request, init) => (0, universal_fetch_1.fetch)(request, init);
 class ClientAuthentication {
     constructor(loginHandler, redirectHandler, logoutHandler, sessionInfoManager, issuerConfigFetcher) {
         this.loginHandler = loginHandler;
@@ -26249,6 +26729,7 @@ exports["default"] = ClientRegistrar;
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.WELL_KNOWN_OPENID_CONFIG = void 0;
 const solid_client_authn_core_1 = __webpack_require__(/*! @inrupt/solid-client-authn-core */ "./node_modules/@inrupt/solid-client-authn-core/dist/index.js");
+const universal_fetch_1 = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js");
 exports.WELL_KNOWN_OPENID_CONFIG = ".well-known/openid-configuration";
 const issuerConfigKeyMap = {
     issuer: {
@@ -26355,7 +26836,7 @@ class IssuerConfigFetcher {
     async fetchConfig(issuer) {
         let issuerConfig;
         const openIdConfigUrl = new URL(exports.WELL_KNOWN_OPENID_CONFIG, issuer.endsWith("/") ? issuer : `${issuer}/`).href;
-        const issuerConfigRequestBody = await window.fetch(openIdConfigUrl);
+        const issuerConfigRequestBody = await (0, universal_fetch_1.fetch)(openIdConfigUrl);
         try {
             issuerConfig = processConfig(await issuerConfigRequestBody.json());
         }
@@ -26458,6 +26939,7 @@ exports["default"] = Redirector;
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.AuthCodeRedirectHandler = void 0;
+const universal_fetch_1 = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js");
 const solid_client_authn_core_1 = __webpack_require__(/*! @inrupt/solid-client-authn-core */ "./node_modules/@inrupt/solid-client-authn-core/dist/index.js");
 const oidc_client_ext_1 = __webpack_require__(/*! @inrupt/oidc-client-ext */ "./node_modules/@inrupt/oidc-client-ext/dist/index.es.js");
 class AuthCodeRedirectHandler {
@@ -26521,7 +27003,7 @@ class AuthCodeRedirectHandler {
                 tokenRefresher: this.tokerRefresher,
             };
         }
-        const authFetch = await (0, solid_client_authn_core_1.buildAuthenticatedFetch)(fetch, tokens.accessToken, {
+        const authFetch = await (0, solid_client_authn_core_1.buildAuthenticatedFetch)(universal_fetch_1.fetch, tokens.accessToken, {
             dpopKey: tokens.dpopKey,
             refreshOptions,
             eventEmitter,
@@ -26759,11 +27241,12 @@ exports.SessionInfoManager = exports.clear = exports.getUnauthenticatedSession =
 const solid_client_authn_core_1 = __webpack_require__(/*! @inrupt/solid-client-authn-core */ "./node_modules/@inrupt/solid-client-authn-core/dist/index.js");
 const uuid_1 = __webpack_require__(/*! uuid */ "./node_modules/@inrupt/solid-client-authn-browser/node_modules/uuid/dist/commonjs-browser/index.js");
 const oidc_client_ext_1 = __webpack_require__(/*! @inrupt/oidc-client-ext */ "./node_modules/@inrupt/oidc-client-ext/dist/index.es.js");
+const universal_fetch_1 = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js");
 function getUnauthenticatedSession() {
     return {
         isLoggedIn: false,
         sessionId: (0, uuid_1.v4)(),
-        fetch,
+        fetch: universal_fetch_1.fetch,
     };
 }
 exports.getUnauthenticatedSession = getUnauthenticatedSession;
@@ -27916,513 +28399,513 @@ exports["default"] = _default;
 
 
 var events = __webpack_require__(/*! events */ "./node_modules/events/events.js");
-var crossFetch = __webpack_require__(/*! cross-fetch */ "./node_modules/cross-fetch/dist/browser-ponyfill.js");
+var universalFetch = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js");
 var jose = __webpack_require__(/*! jose */ "./node_modules/jose/dist/browser/index.js");
 var uuid = __webpack_require__(/*! uuid */ "./node_modules/@inrupt/solid-client-authn-core/node_modules/uuid/dist/commonjs-browser/index.js");
 
-const SOLID_CLIENT_AUTHN_KEY_PREFIX = "solidClientAuthn:";
-const PREFERRED_SIGNING_ALG = ["ES256", "RS256"];
-const EVENTS = {
-    ERROR: "error",
-    LOGIN: "login",
-    LOGOUT: "logout",
-    NEW_REFRESH_TOKEN: "newRefreshToken",
-    SESSION_EXPIRED: "sessionExpired",
-    SESSION_EXTENDED: "sessionExtended",
-    SESSION_RESTORED: "sessionRestore",
-    TIMEOUT_SET: "timeoutSet",
-};
-const REFRESH_BEFORE_EXPIRATION_SECONDS = 5;
-const SCOPE_OPENID = "openid";
-const SCOPE_OFFLINE = "offline_access";
-const SCOPE_WEBID = "webid";
+const SOLID_CLIENT_AUTHN_KEY_PREFIX = "solidClientAuthn:";
+const PREFERRED_SIGNING_ALG = ["ES256", "RS256"];
+const EVENTS = {
+    ERROR: "error",
+    LOGIN: "login",
+    LOGOUT: "logout",
+    NEW_REFRESH_TOKEN: "newRefreshToken",
+    SESSION_EXPIRED: "sessionExpired",
+    SESSION_EXTENDED: "sessionExtended",
+    SESSION_RESTORED: "sessionRestore",
+    TIMEOUT_SET: "timeoutSet",
+};
+const REFRESH_BEFORE_EXPIRATION_SECONDS = 5;
+const SCOPE_OPENID = "openid";
+const SCOPE_OFFLINE = "offline_access";
+const SCOPE_WEBID = "webid";
 const DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(" ");
 
-const buildProxyHandler = (toExclude, errorMessage) => ({
-    get(target, prop, receiver) {
-        if (!Object.getOwnPropertyNames(events.EventEmitter).includes(prop) &&
-            Object.getOwnPropertyNames(toExclude).includes(prop)) {
-            throw new Error(`${errorMessage}: [${prop}] is not supported`);
-        }
-        return Reflect.get(target, prop, receiver);
-    },
+const buildProxyHandler = (toExclude, errorMessage) => ({
+    get(target, prop, receiver) {
+        if (!Object.getOwnPropertyNames(events.EventEmitter).includes(prop) &&
+            Object.getOwnPropertyNames(toExclude).includes(prop)) {
+            throw new Error(`${errorMessage}: [${prop}] is not supported`);
+        }
+        return Reflect.get(target, prop, receiver);
+    },
 });
 
-class AggregateHandler {
-    constructor(handleables) {
-        this.handleables = handleables;
-    }
-    async getProperHandler(params) {
-        const canHandleList = await Promise.all(this.handleables.map((handleable) => handleable.canHandle(...params)));
-        for (let i = 0; i < canHandleList.length; i += 1) {
-            if (canHandleList[i]) {
-                return this.handleables[i];
-            }
-        }
-        return null;
-    }
-    async canHandle(...params) {
-        return (await this.getProperHandler(params)) !== null;
-    }
-    async handle(...params) {
-        const handler = await this.getProperHandler(params);
-        if (handler) {
-            return handler.handle(...params);
-        }
-        throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${params
-            .map((param) => {
-            try {
-                return JSON.stringify(param);
-            }
-            catch (err) {
-                return param.toString();
-            }
-        })
-            .join(", ")}`);
-    }
+class AggregateHandler {
+    constructor(handleables) {
+        this.handleables = handleables;
+    }
+    async getProperHandler(params) {
+        const canHandleList = await Promise.all(this.handleables.map((handleable) => handleable.canHandle(...params)));
+        for (let i = 0; i < canHandleList.length; i += 1) {
+            if (canHandleList[i]) {
+                return this.handleables[i];
+            }
+        }
+        return null;
+    }
+    async canHandle(...params) {
+        return (await this.getProperHandler(params)) !== null;
+    }
+    async handle(...params) {
+        const handler = await this.getProperHandler(params);
+        if (handler) {
+            return handler.handle(...params);
+        }
+        throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${params
+            .map((param) => {
+            try {
+                return JSON.stringify(param);
+            }
+            catch (err) {
+                return param.toString();
+            }
+        })
+            .join(", ")}`);
+    }
 }
 
-async function fetchJwks(jwksIri, issuerIri) {
-    const jwksResponse = await crossFetch.fetch(jwksIri);
-    if (jwksResponse.status !== 200) {
-        throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
-    }
-    let jwk;
-    try {
-        jwk = (await jwksResponse.json()).keys[0];
-    }
-    catch (e) {
-        throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
-    }
-    return jwk;
-}
-async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
-    const jwk = await fetchJwks(jwksIri, issuerIri);
-    let payload;
-    try {
-        const { payload: verifiedPayload } = await jose.jwtVerify(idToken, await jose.importJWK(jwk), {
-            issuer: issuerIri,
-            audience: clientId,
-        });
-        payload = verifiedPayload;
-    }
-    catch (e) {
-        throw new Error(`Token verification failed: ${e.stack}`);
-    }
-    if (typeof payload.webid === "string") {
-        return payload.webid;
-    }
-    if (typeof payload.sub !== "string") {
-        throw new Error(`The token ${JSON.stringify(payload)} is invalid: it has no 'webid' claim and no 'sub' claim.`);
-    }
-    try {
-        new URL(payload.sub);
-        return payload.sub;
-    }
-    catch (e) {
-        throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`);
-    }
+async function fetchJwks(jwksIri, issuerIri) {
+    const jwksResponse = await universalFetch.fetch(jwksIri);
+    if (jwksResponse.status !== 200) {
+        throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
+    }
+    let jwk;
+    try {
+        jwk = (await jwksResponse.json()).keys[0];
+    }
+    catch (e) {
+        throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
+    }
+    return jwk;
+}
+async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
+    const jwk = await fetchJwks(jwksIri, issuerIri);
+    let payload;
+    try {
+        const { payload: verifiedPayload } = await jose.jwtVerify(idToken, await jose.importJWK(jwk), {
+            issuer: issuerIri,
+            audience: clientId,
+        });
+        payload = verifiedPayload;
+    }
+    catch (e) {
+        throw new Error(`Token verification failed: ${e.stack}`);
+    }
+    if (typeof payload.webid === "string") {
+        return payload.webid;
+    }
+    if (typeof payload.sub !== "string") {
+        throw new Error(`The token ${JSON.stringify(payload)} is invalid: it has no 'webid' claim and no 'sub' claim.`);
+    }
+    try {
+        new URL(payload.sub);
+        return payload.sub;
+    }
+    catch (e) {
+        throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`);
+    }
 }
 
-function isValidRedirectUrl(redirectUrl) {
-    try {
-        const urlObject = new URL(redirectUrl);
-        return urlObject.hash === "";
-    }
-    catch (e) {
-        return false;
-    }
+function isValidRedirectUrl(redirectUrl) {
+    try {
+        const urlObject = new URL(redirectUrl);
+        return urlObject.hash === "";
+    }
+    catch (e) {
+        return false;
+    }
 }
 
-function isSupportedTokenType(token) {
-    return typeof token === "string" && ["DPoP", "Bearer"].includes(token);
+function isSupportedTokenType(token) {
+    return typeof token === "string" && ["DPoP", "Bearer"].includes(token);
 }
 
 const USER_SESSION_PREFIX = "solidClientAuthenticationUser";
 
-function isValidUrl(url) {
-    try {
-        new URL(url);
-        return true;
-    }
-    catch (_a) {
-        return false;
-    }
-}
-function determineSigningAlg(supported, preferred) {
-    var _a;
-    return ((_a = preferred.find((signingAlg) => {
-        return supported.includes(signingAlg);
-    })) !== null && _a !== void 0 ? _a : null);
-}
-function determineClientType(options, issuerConfig) {
-    if (options.clientId !== undefined && !isValidUrl(options.clientId)) {
-        return "static";
-    }
-    if (issuerConfig.scopesSupported.includes("webid") &&
-        options.clientId !== undefined &&
-        isValidUrl(options.clientId)) {
-        return "solid-oidc";
-    }
-    return "dynamic";
-}
-async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
-    const clientType = determineClientType(options, issuerConfig);
-    if (clientType === "dynamic") {
-        return clientRegistrar.getClient({
-            sessionId: options.sessionId,
-            clientName: options.clientName,
-            redirectUrl: options.redirectUrl,
-        }, issuerConfig);
-    }
-    await storageUtility.setForUser(options.sessionId, {
-        clientId: options.clientId,
-    });
-    if (options.clientSecret) {
-        await storageUtility.setForUser(options.sessionId, {
-            clientSecret: options.clientSecret,
-        });
-    }
-    if (options.clientName) {
-        await storageUtility.setForUser(options.sessionId, {
-            clientName: options.clientName,
-        });
-    }
-    return {
-        clientId: options.clientId,
-        clientSecret: options.clientSecret,
-        clientName: options.clientName,
-        clientType,
-    };
+function isValidUrl(url) {
+    try {
+        new URL(url);
+        return true;
+    }
+    catch (_a) {
+        return false;
+    }
+}
+function determineSigningAlg(supported, preferred) {
+    var _a;
+    return ((_a = preferred.find((signingAlg) => {
+        return supported.includes(signingAlg);
+    })) !== null && _a !== void 0 ? _a : null);
+}
+function determineClientType(options, issuerConfig) {
+    if (options.clientId !== undefined && !isValidUrl(options.clientId)) {
+        return "static";
+    }
+    if (issuerConfig.scopesSupported.includes("webid") &&
+        options.clientId !== undefined &&
+        isValidUrl(options.clientId)) {
+        return "solid-oidc";
+    }
+    return "dynamic";
+}
+async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
+    const clientType = determineClientType(options, issuerConfig);
+    if (clientType === "dynamic") {
+        return clientRegistrar.getClient({
+            sessionId: options.sessionId,
+            clientName: options.clientName,
+            redirectUrl: options.redirectUrl,
+        }, issuerConfig);
+    }
+    await storageUtility.setForUser(options.sessionId, {
+        clientId: options.clientId,
+    });
+    if (options.clientSecret) {
+        await storageUtility.setForUser(options.sessionId, {
+            clientSecret: options.clientSecret,
+        });
+    }
+    if (options.clientName) {
+        await storageUtility.setForUser(options.sessionId, {
+            clientName: options.clientName,
+        });
+    }
+    return {
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        clientName: options.clientName,
+        clientType,
+    };
 }
 
-async function getSessionIdFromOauthState(storageUtility, oauthState) {
-    return storageUtility.getForUser(oauthState, "sessionId");
-}
-async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
-    try {
-        const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
-            storageUtility.getForUser(sessionId, "issuer", {
-                errorIfNull: true,
-            }),
-            storageUtility.getForUser(sessionId, "codeVerifier"),
-            storageUtility.getForUser(sessionId, "redirectUrl"),
-            storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
-        ]);
-        await storageUtility.deleteForUser(sessionId, "codeVerifier");
-        const issuerConfig = await configFetcher.fetchConfig(issuerIri);
-        return {
-            codeVerifier,
-            redirectUrl: storedRedirectIri,
-            issuerConfig,
-            dpop: dpop === "true",
-        };
-    }
-    catch (e) {
-        throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
-    }
-}
-async function saveSessionInfoToStorage(storageUtility, sessionId, webId, isLoggedIn, refreshToken, secure, dpopKey) {
-    if (refreshToken !== undefined) {
-        await storageUtility.setForUser(sessionId, { refreshToken }, { secure });
-    }
-    if (webId !== undefined) {
-        await storageUtility.setForUser(sessionId, { webId }, { secure });
-    }
-    if (isLoggedIn !== undefined) {
-        await storageUtility.setForUser(sessionId, { isLoggedIn }, { secure });
-    }
-    if (dpopKey !== undefined) {
-        await storageUtility.setForUser(sessionId, {
-            publicKey: JSON.stringify(dpopKey.publicKey),
-            privateKey: JSON.stringify(await jose.exportJWK(dpopKey.privateKey)),
-        }, { secure });
-    }
-}
-class StorageUtility {
-    constructor(secureStorage, insecureStorage) {
-        this.secureStorage = secureStorage;
-        this.insecureStorage = insecureStorage;
-    }
-    getKey(userId) {
-        return `solidClientAuthenticationUser:${userId}`;
-    }
-    async getUserData(userId, secure) {
-        const stored = await (secure
-            ? this.secureStorage
-            : this.insecureStorage).get(this.getKey(userId));
-        if (stored === undefined) {
-            return {};
-        }
-        try {
-            return JSON.parse(stored);
-        }
-        catch (err) {
-            throw new Error(`Data for user [${userId}] in [${secure ? "secure" : "unsecure"}] storage is corrupted - expected valid JSON, but got: ${stored}`);
-        }
-    }
-    async setUserData(userId, data, secure) {
-        await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data));
-    }
-    async get(key, options) {
-        const value = await ((options === null || options === void 0 ? void 0 : options.secure)
-            ? this.secureStorage
-            : this.insecureStorage).get(key);
-        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
-            throw new Error(`[${key}] is not stored`);
-        }
-        return value;
-    }
-    async set(key, value, options) {
-        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).set(key, value);
-    }
-    async delete(key, options) {
-        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(key);
-    }
-    async getForUser(userId, key, options) {
-        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        let value;
-        if (!userData || !userData[key]) {
-            value = undefined;
-        }
-        value = userData[key];
-        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
-            throw new Error(`Field [${key}] for user [${userId}] is not stored`);
-        }
-        return value || undefined;
-    }
-    async setForUser(userId, values, options) {
-        let userData;
-        try {
-            userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        }
-        catch (_a) {
-            userData = {};
-        }
-        await this.setUserData(userId, { ...userData, ...values }, options === null || options === void 0 ? void 0 : options.secure);
-    }
-    async deleteForUser(userId, key, options) {
-        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        delete userData[key];
-        await this.setUserData(userId, userData, options === null || options === void 0 ? void 0 : options.secure);
-    }
-    async deleteAllUserData(userId, options) {
-        await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
-    }
+async function getSessionIdFromOauthState(storageUtility, oauthState) {
+    return storageUtility.getForUser(oauthState, "sessionId");
+}
+async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
+    try {
+        const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
+            storageUtility.getForUser(sessionId, "issuer", {
+                errorIfNull: true,
+            }),
+            storageUtility.getForUser(sessionId, "codeVerifier"),
+            storageUtility.getForUser(sessionId, "redirectUrl"),
+            storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
+        ]);
+        await storageUtility.deleteForUser(sessionId, "codeVerifier");
+        const issuerConfig = await configFetcher.fetchConfig(issuerIri);
+        return {
+            codeVerifier,
+            redirectUrl: storedRedirectIri,
+            issuerConfig,
+            dpop: dpop === "true",
+        };
+    }
+    catch (e) {
+        throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
+    }
+}
+async function saveSessionInfoToStorage(storageUtility, sessionId, webId, isLoggedIn, refreshToken, secure, dpopKey) {
+    if (refreshToken !== undefined) {
+        await storageUtility.setForUser(sessionId, { refreshToken }, { secure });
+    }
+    if (webId !== undefined) {
+        await storageUtility.setForUser(sessionId, { webId }, { secure });
+    }
+    if (isLoggedIn !== undefined) {
+        await storageUtility.setForUser(sessionId, { isLoggedIn }, { secure });
+    }
+    if (dpopKey !== undefined) {
+        await storageUtility.setForUser(sessionId, {
+            publicKey: JSON.stringify(dpopKey.publicKey),
+            privateKey: JSON.stringify(await jose.exportJWK(dpopKey.privateKey)),
+        }, { secure });
+    }
+}
+class StorageUtility {
+    constructor(secureStorage, insecureStorage) {
+        this.secureStorage = secureStorage;
+        this.insecureStorage = insecureStorage;
+    }
+    getKey(userId) {
+        return `solidClientAuthenticationUser:${userId}`;
+    }
+    async getUserData(userId, secure) {
+        const stored = await (secure
+            ? this.secureStorage
+            : this.insecureStorage).get(this.getKey(userId));
+        if (stored === undefined) {
+            return {};
+        }
+        try {
+            return JSON.parse(stored);
+        }
+        catch (err) {
+            throw new Error(`Data for user [${userId}] in [${secure ? "secure" : "unsecure"}] storage is corrupted - expected valid JSON, but got: ${stored}`);
+        }
+    }
+    async setUserData(userId, data, secure) {
+        await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data));
+    }
+    async get(key, options) {
+        const value = await ((options === null || options === void 0 ? void 0 : options.secure)
+            ? this.secureStorage
+            : this.insecureStorage).get(key);
+        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
+            throw new Error(`[${key}] is not stored`);
+        }
+        return value;
+    }
+    async set(key, value, options) {
+        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).set(key, value);
+    }
+    async delete(key, options) {
+        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(key);
+    }
+    async getForUser(userId, key, options) {
+        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        let value;
+        if (!userData || !userData[key]) {
+            value = undefined;
+        }
+        value = userData[key];
+        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
+            throw new Error(`Field [${key}] for user [${userId}] is not stored`);
+        }
+        return value || undefined;
+    }
+    async setForUser(userId, values, options) {
+        let userData;
+        try {
+            userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        }
+        catch (_a) {
+            userData = {};
+        }
+        await this.setUserData(userId, { ...userData, ...values }, options === null || options === void 0 ? void 0 : options.secure);
+    }
+    async deleteForUser(userId, key, options) {
+        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        delete userData[key];
+        await this.setUserData(userId, userData, options === null || options === void 0 ? void 0 : options.secure);
+    }
+    async deleteAllUserData(userId, options) {
+        await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
+    }
 }
 
-class InMemoryStorage {
-    constructor() {
-        this.map = {};
-    }
-    async get(key) {
-        return this.map[key] || undefined;
-    }
-    async set(key, value) {
-        this.map[key] = value;
-    }
-    async delete(key) {
-        delete this.map[key];
-    }
+class InMemoryStorage {
+    constructor() {
+        this.map = {};
+    }
+    async get(key) {
+        return this.map[key] || undefined;
+    }
+    async set(key, value) {
+        this.map[key] = value;
+    }
+    async delete(key) {
+        delete this.map[key];
+    }
 }
 
-class ConfigurationError extends Error {
-    constructor(message) {
-        super(message);
-    }
+class ConfigurationError extends Error {
+    constructor(message) {
+        super(message);
+    }
 }
 
-class NotImplementedError extends Error {
-    constructor(methodName) {
-        super(`[${methodName}] is not implemented`);
-    }
+class NotImplementedError extends Error {
+    constructor(methodName) {
+        super(`[${methodName}] is not implemented`);
+    }
 }
 
-class InvalidResponseError extends Error {
-    constructor(missingFields) {
-        super(`Invalid response from OIDC provider: missing fields ${missingFields}`);
-        this.missingFields = missingFields;
-    }
+class InvalidResponseError extends Error {
+    constructor(missingFields) {
+        super(`Invalid response from OIDC provider: missing fields ${missingFields}`);
+        this.missingFields = missingFields;
+    }
 }
 
-class OidcProviderError extends Error {
-    constructor(message, error, errorDescription) {
-        super(message);
-        this.error = error;
-        this.errorDescription = errorDescription;
-    }
+class OidcProviderError extends Error {
+    constructor(message, error, errorDescription) {
+        super(message);
+        this.error = error;
+        this.errorDescription = errorDescription;
+    }
 }
 
-function normalizeHTU(audience) {
-    const audienceUrl = new URL(audience);
-    return new URL(audienceUrl.pathname, audienceUrl.origin).toString();
-}
-async function createDpopHeader(audience, method, dpopKey) {
-    return new jose.SignJWT({
-        htu: normalizeHTU(audience),
-        htm: method.toUpperCase(),
-        jti: uuid.v4(),
-    })
-        .setProtectedHeader({
-        alg: PREFERRED_SIGNING_ALG[0],
-        jwk: dpopKey.publicKey,
-        typ: "dpop+jwt",
-    })
-        .setIssuedAt()
-        .sign(dpopKey.privateKey, {});
-}
-async function generateDpopKeyPair() {
-    const { privateKey, publicKey } = await jose.generateKeyPair(PREFERRED_SIGNING_ALG[0]);
-    const dpopKeyPair = {
-        privateKey,
-        publicKey: await jose.exportJWK(publicKey),
-    };
-    [dpopKeyPair.publicKey.alg] = PREFERRED_SIGNING_ALG;
-    return dpopKeyPair;
+function normalizeHTU(audience) {
+    const audienceUrl = new URL(audience);
+    return new URL(audienceUrl.pathname, audienceUrl.origin).toString();
+}
+async function createDpopHeader(audience, method, dpopKey) {
+    return new jose.SignJWT({
+        htu: normalizeHTU(audience),
+        htm: method.toUpperCase(),
+        jti: uuid.v4(),
+    })
+        .setProtectedHeader({
+        alg: PREFERRED_SIGNING_ALG[0],
+        jwk: dpopKey.publicKey,
+        typ: "dpop+jwt",
+    })
+        .setIssuedAt()
+        .sign(dpopKey.privateKey, {});
+}
+async function generateDpopKeyPair() {
+    const { privateKey, publicKey } = await jose.generateKeyPair(PREFERRED_SIGNING_ALG[0]);
+    const dpopKeyPair = {
+        privateKey,
+        publicKey: await jose.exportJWK(publicKey),
+    };
+    [dpopKeyPair.publicKey.alg] = PREFERRED_SIGNING_ALG;
+    return dpopKeyPair;
 }
 
-const DEFAULT_EXPIRATION_TIME_SECONDS = 600;
-function isExpectedAuthError(statusCode) {
-    return [401, 403].includes(statusCode);
-}
-async function buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions) {
-    var _a;
-    const headers = new crossFetch.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
-    headers.set("Authorization", `DPoP ${authToken}`);
-    headers.set("DPoP", await createDpopHeader(targetUrl, (_a = defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.method) !== null && _a !== void 0 ? _a : "get", dpopKey));
-    return {
-        ...defaultOptions,
-        headers,
-    };
-}
-async function buildAuthenticatedHeaders(targetUrl, authToken, dpopKey, defaultOptions) {
-    if (dpopKey !== undefined) {
-        return buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions);
-    }
-    const headers = new crossFetch.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
-    headers.set("Authorization", `Bearer ${authToken}`);
-    return {
-        ...defaultOptions,
-        headers,
-    };
-}
-async function makeAuthenticatedRequest(unauthFetch, accessToken, url, defaultRequestInit, dpopKey) {
-    return unauthFetch(url, await buildAuthenticatedHeaders(url.toString(), accessToken, dpopKey, defaultRequestInit));
-}
-async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
-    var _a;
-    const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);
-    eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.SESSION_EXTENDED, (_a = tokenSet.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_EXPIRATION_TIME_SECONDS);
-    if (typeof tokenSet.refreshToken === "string") {
-        eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
-    }
-    return {
-        accessToken: tokenSet.accessToken,
-        refreshToken: tokenSet.refreshToken,
-        expiresIn: tokenSet.expiresIn,
-    };
-}
-const computeRefreshDelay = (expiresIn) => {
-    if (expiresIn !== undefined) {
-        return expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS > 0
-            ?
-                expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS
-            : expiresIn;
-    }
-    return DEFAULT_EXPIRATION_TIME_SECONDS;
-};
-async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
-    var _a;
-    let currentAccessToken = accessToken;
-    let latestTimeout;
-    const currentRefreshOptions = options === null || options === void 0 ? void 0 : options.refreshOptions;
-    if (currentRefreshOptions !== undefined) {
-        const proactivelyRefreshToken = async () => {
-            var _a, _b, _c, _d;
-            try {
-                const { accessToken: refreshedAccessToken, refreshToken, expiresIn, } = await refreshAccessToken(currentRefreshOptions, options.dpopKey, options.eventEmitter);
-                currentAccessToken = refreshedAccessToken;
-                if (refreshToken !== undefined) {
-                    currentRefreshOptions.refreshToken = refreshToken;
-                }
-                clearTimeout(latestTimeout);
-                latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1000);
-                (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
-            }
-            catch (e) {
-                if (e instanceof OidcProviderError) {
-                    (_b = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _b === void 0 ? void 0 : _b.emit(EVENTS.ERROR, e.error, e.errorDescription);
-                    (_c = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _c === void 0 ? void 0 : _c.emit(EVENTS.SESSION_EXPIRED);
-                }
-                if (e instanceof InvalidResponseError &&
-                    e.missingFields.includes("access_token")) {
-                    (_d = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _d === void 0 ? void 0 : _d.emit(EVENTS.SESSION_EXPIRED);
-                }
-            }
-        };
-        latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(options.expiresIn) * 1000);
-        (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
-    }
-    else if (options !== undefined && options.eventEmitter !== undefined) {
-        const expirationTimeout = setTimeout(() => {
-            options.eventEmitter.emit(EVENTS.SESSION_EXPIRED);
-        }, computeRefreshDelay(options.expiresIn) * 1000);
-        options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
-    }
-    return async (url, requestInit) => {
-        let response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
-        const failedButNotExpectedAuthError = !response.ok && !isExpectedAuthError(response.status);
-        if (response.ok || failedButNotExpectedAuthError) {
-            return response;
-        }
-        const hasBeenRedirected = response.url !== url;
-        if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== undefined) {
-            response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, response.url, requestInit, options.dpopKey);
-        }
-        return response;
-    };
+const DEFAULT_EXPIRATION_TIME_SECONDS = 600;
+function isExpectedAuthError(statusCode) {
+    return [401, 403].includes(statusCode);
+}
+async function buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions) {
+    var _a;
+    const headers = new universalFetch.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
+    headers.set("Authorization", `DPoP ${authToken}`);
+    headers.set("DPoP", await createDpopHeader(targetUrl, (_a = defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.method) !== null && _a !== void 0 ? _a : "get", dpopKey));
+    return {
+        ...defaultOptions,
+        headers,
+    };
+}
+async function buildAuthenticatedHeaders(targetUrl, authToken, dpopKey, defaultOptions) {
+    if (dpopKey !== undefined) {
+        return buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions);
+    }
+    const headers = new universalFetch.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
+    headers.set("Authorization", `Bearer ${authToken}`);
+    return {
+        ...defaultOptions,
+        headers,
+    };
+}
+async function makeAuthenticatedRequest(unauthFetch, accessToken, url, defaultRequestInit, dpopKey) {
+    return unauthFetch(url, await buildAuthenticatedHeaders(url.toString(), accessToken, dpopKey, defaultRequestInit));
+}
+async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
+    var _a;
+    const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);
+    eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.SESSION_EXTENDED, (_a = tokenSet.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_EXPIRATION_TIME_SECONDS);
+    if (typeof tokenSet.refreshToken === "string") {
+        eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
+    }
+    return {
+        accessToken: tokenSet.accessToken,
+        refreshToken: tokenSet.refreshToken,
+        expiresIn: tokenSet.expiresIn,
+    };
+}
+const computeRefreshDelay = (expiresIn) => {
+    if (expiresIn !== undefined) {
+        return expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS > 0
+            ?
+                expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS
+            : expiresIn;
+    }
+    return DEFAULT_EXPIRATION_TIME_SECONDS;
+};
+async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
+    var _a;
+    let currentAccessToken = accessToken;
+    let latestTimeout;
+    const currentRefreshOptions = options === null || options === void 0 ? void 0 : options.refreshOptions;
+    if (currentRefreshOptions !== undefined) {
+        const proactivelyRefreshToken = async () => {
+            var _a, _b, _c, _d;
+            try {
+                const { accessToken: refreshedAccessToken, refreshToken, expiresIn, } = await refreshAccessToken(currentRefreshOptions, options.dpopKey, options.eventEmitter);
+                currentAccessToken = refreshedAccessToken;
+                if (refreshToken !== undefined) {
+                    currentRefreshOptions.refreshToken = refreshToken;
+                }
+                clearTimeout(latestTimeout);
+                latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1000);
+                (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+            }
+            catch (e) {
+                if (e instanceof OidcProviderError) {
+                    (_b = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _b === void 0 ? void 0 : _b.emit(EVENTS.ERROR, e.error, e.errorDescription);
+                    (_c = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _c === void 0 ? void 0 : _c.emit(EVENTS.SESSION_EXPIRED);
+                }
+                if (e instanceof InvalidResponseError &&
+                    e.missingFields.includes("access_token")) {
+                    (_d = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _d === void 0 ? void 0 : _d.emit(EVENTS.SESSION_EXPIRED);
+                }
+            }
+        };
+        latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(options.expiresIn) * 1000);
+        (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+    }
+    else if (options !== undefined && options.eventEmitter !== undefined) {
+        const expirationTimeout = setTimeout(() => {
+            options.eventEmitter.emit(EVENTS.SESSION_EXPIRED);
+        }, computeRefreshDelay(options.expiresIn) * 1000);
+        options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
+    }
+    return async (url, requestInit) => {
+        let response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
+        const failedButNotExpectedAuthError = !response.ok && !isExpectedAuthError(response.status);
+        if (response.ok || failedButNotExpectedAuthError) {
+            return response;
+        }
+        const hasBeenRedirected = response.url !== url;
+        if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== undefined) {
+            response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, response.url, requestInit, options.dpopKey);
+        }
+        return response;
+    };
 }
 
-const StorageUtilityGetResponse = "getResponse";
-const StorageUtilityMock = {
-    get: async (key, options) => StorageUtilityGetResponse,
-    set: async (key, value) => {
-    },
-    delete: async (key) => {
-    },
-    getForUser: async (userId, key, options) => StorageUtilityGetResponse,
-    setForUser: async (userId, values, options) => {
-    },
-    deleteForUser: async (userId, key, options) => {
-    },
-    deleteAllUserData: async (userId, options) => {
-    },
-};
-const mockStorage = (stored) => {
-    const store = stored;
-    return {
-        get: async (key) => {
-            if (store[key] === undefined) {
-                return undefined;
-            }
-            if (typeof store[key] === "string") {
-                return store[key];
-            }
-            return JSON.stringify(store[key]);
-        },
-        set: async (key, value) => {
-            store[key] = value;
-        },
-        delete: async (key) => {
-            delete store[key];
-        },
-    };
-};
-const mockStorageUtility = (stored, isSecure = false) => {
-    if (isSecure) {
-        return new StorageUtility(mockStorage(stored), mockStorage({}));
-    }
-    return new StorageUtility(mockStorage({}), mockStorage(stored));
+const StorageUtilityGetResponse = "getResponse";
+const StorageUtilityMock = {
+    get: async (key, options) => StorageUtilityGetResponse,
+    set: async (key, value) => {
+    },
+    delete: async (key) => {
+    },
+    getForUser: async (userId, key, options) => StorageUtilityGetResponse,
+    setForUser: async (userId, values, options) => {
+    },
+    deleteForUser: async (userId, key, options) => {
+    },
+    deleteAllUserData: async (userId, options) => {
+    },
+};
+const mockStorage = (stored) => {
+    const store = stored;
+    return {
+        get: async (key) => {
+            if (store[key] === undefined) {
+                return undefined;
+            }
+            if (typeof store[key] === "string") {
+                return store[key];
+            }
+            return JSON.stringify(store[key]);
+        },
+        set: async (key, value) => {
+            store[key] = value;
+        },
+        delete: async (key) => {
+            delete store[key];
+        },
+    };
+};
+const mockStorageUtility = (stored, isSecure = false) => {
+    if (isSecure) {
+        return new StorageUtility(mockStorage(stored), mockStorage({}));
+    }
+    return new StorageUtility(mockStorage({}), mockStorage(stored));
 };
 
 exports.AggregateHandler = AggregateHandler;
@@ -29646,6 +30129,29 @@ function validate(uuid) {
 
 /* harmony default export */ const __WEBPACK_DEFAULT_EXPORT__ = (validate);
 
+/***/ }),
+
+/***/ "./node_modules/@inrupt/universal-fetch/dist/index-browser.js":
+/*!********************************************************************!*\
+  !*** ./node_modules/@inrupt/universal-fetch/dist/index-browser.js ***!
+  \********************************************************************/
+/***/ ((__unused_webpack_module, exports) => {
+
+"use strict";
+
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+
+var indexBrowser = globalThis.fetch;
+const { fetch, Response, Request, Headers } = globalThis;
+
+exports.Headers = Headers;
+exports.Request = Request;
+exports.Response = Response;
+exports["default"] = indexBrowser;
+exports.fetch = fetch;
+
+
 /***/ }),
 
 /***/ "./node_modules/@noble/curves/_shortw_utils.js":
@@ -60290,522 +60796,545 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   "saveSessionInfoToStorage": () => (/* binding */ saveSessionInfoToStorage)
 /* harmony export */ });
 /* harmony import */ var events__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! events */ "./node_modules/events/events.js");
-/* harmony import */ var cross_fetch__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! cross-fetch */ "./node_modules/cross-fetch/dist/browser-ponyfill.js");
-/* harmony import */ var jose__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! jose */ "./node_modules/jose/dist/browser/index.js");
+/* harmony import */ var _inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! @inrupt/universal-fetch */ "./node_modules/@inrupt/universal-fetch/dist/index-browser.mjs");
+/* harmony import */ var jose__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! jose */ "./node_modules/jose/dist/browser/index.js");
 /* harmony import */ var uuid__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! uuid */ "./node_modules/@inrupt/solid-client-authn-core/node_modules/uuid/dist/esm-browser/v4.js");
 
 
 
 
 
-const SOLID_CLIENT_AUTHN_KEY_PREFIX = "solidClientAuthn:";
-const PREFERRED_SIGNING_ALG = ["ES256", "RS256"];
-const EVENTS = {
-    ERROR: "error",
-    LOGIN: "login",
-    LOGOUT: "logout",
-    NEW_REFRESH_TOKEN: "newRefreshToken",
-    SESSION_EXPIRED: "sessionExpired",
-    SESSION_EXTENDED: "sessionExtended",
-    SESSION_RESTORED: "sessionRestore",
-    TIMEOUT_SET: "timeoutSet",
-};
-const REFRESH_BEFORE_EXPIRATION_SECONDS = 5;
-const SCOPE_OPENID = "openid";
-const SCOPE_OFFLINE = "offline_access";
-const SCOPE_WEBID = "webid";
+const SOLID_CLIENT_AUTHN_KEY_PREFIX = "solidClientAuthn:";
+const PREFERRED_SIGNING_ALG = ["ES256", "RS256"];
+const EVENTS = {
+    ERROR: "error",
+    LOGIN: "login",
+    LOGOUT: "logout",
+    NEW_REFRESH_TOKEN: "newRefreshToken",
+    SESSION_EXPIRED: "sessionExpired",
+    SESSION_EXTENDED: "sessionExtended",
+    SESSION_RESTORED: "sessionRestore",
+    TIMEOUT_SET: "timeoutSet",
+};
+const REFRESH_BEFORE_EXPIRATION_SECONDS = 5;
+const SCOPE_OPENID = "openid";
+const SCOPE_OFFLINE = "offline_access";
+const SCOPE_WEBID = "webid";
 const DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(" ");
 
-const buildProxyHandler = (toExclude, errorMessage) => ({
-    get(target, prop, receiver) {
-        if (!Object.getOwnPropertyNames(events__WEBPACK_IMPORTED_MODULE_0__.EventEmitter).includes(prop) &&
-            Object.getOwnPropertyNames(toExclude).includes(prop)) {
-            throw new Error(`${errorMessage}: [${prop}] is not supported`);
-        }
-        return Reflect.get(target, prop, receiver);
-    },
+const buildProxyHandler = (toExclude, errorMessage) => ({
+    get(target, prop, receiver) {
+        if (!Object.getOwnPropertyNames(events__WEBPACK_IMPORTED_MODULE_0__.EventEmitter).includes(prop) &&
+            Object.getOwnPropertyNames(toExclude).includes(prop)) {
+            throw new Error(`${errorMessage}: [${prop}] is not supported`);
+        }
+        return Reflect.get(target, prop, receiver);
+    },
 });
 
-class AggregateHandler {
-    constructor(handleables) {
-        this.handleables = handleables;
-    }
-    async getProperHandler(params) {
-        const canHandleList = await Promise.all(this.handleables.map((handleable) => handleable.canHandle(...params)));
-        for (let i = 0; i < canHandleList.length; i += 1) {
-            if (canHandleList[i]) {
-                return this.handleables[i];
-            }
-        }
-        return null;
-    }
-    async canHandle(...params) {
-        return (await this.getProperHandler(params)) !== null;
-    }
-    async handle(...params) {
-        const handler = await this.getProperHandler(params);
-        if (handler) {
-            return handler.handle(...params);
-        }
-        throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${params
-            .map((param) => {
-            try {
-                return JSON.stringify(param);
-            }
-            catch (err) {
-                return param.toString();
-            }
-        })
-            .join(", ")}`);
-    }
+class AggregateHandler {
+    constructor(handleables) {
+        this.handleables = handleables;
+    }
+    async getProperHandler(params) {
+        const canHandleList = await Promise.all(this.handleables.map((handleable) => handleable.canHandle(...params)));
+        for (let i = 0; i < canHandleList.length; i += 1) {
+            if (canHandleList[i]) {
+                return this.handleables[i];
+            }
+        }
+        return null;
+    }
+    async canHandle(...params) {
+        return (await this.getProperHandler(params)) !== null;
+    }
+    async handle(...params) {
+        const handler = await this.getProperHandler(params);
+        if (handler) {
+            return handler.handle(...params);
+        }
+        throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${params
+            .map((param) => {
+            try {
+                return JSON.stringify(param);
+            }
+            catch (err) {
+                return param.toString();
+            }
+        })
+            .join(", ")}`);
+    }
 }
 
-async function fetchJwks(jwksIri, issuerIri) {
-    const jwksResponse = await (0,cross_fetch__WEBPACK_IMPORTED_MODULE_1__.fetch)(jwksIri);
-    if (jwksResponse.status !== 200) {
-        throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
-    }
-    let jwk;
-    try {
-        jwk = (await jwksResponse.json()).keys[0];
-    }
-    catch (e) {
-        throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
-    }
-    return jwk;
-}
-async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
-    const jwk = await fetchJwks(jwksIri, issuerIri);
-    let payload;
-    try {
-        const { payload: verifiedPayload } = await (0,jose__WEBPACK_IMPORTED_MODULE_2__.jwtVerify)(idToken, await (0,jose__WEBPACK_IMPORTED_MODULE_2__.importJWK)(jwk), {
-            issuer: issuerIri,
-            audience: clientId,
-        });
-        payload = verifiedPayload;
-    }
-    catch (e) {
-        throw new Error(`Token verification failed: ${e.stack}`);
-    }
-    if (typeof payload.webid === "string") {
-        return payload.webid;
-    }
-    if (typeof payload.sub !== "string") {
-        throw new Error(`The token ${JSON.stringify(payload)} is invalid: it has no 'webid' claim and no 'sub' claim.`);
-    }
-    try {
-        new URL(payload.sub);
-        return payload.sub;
-    }
-    catch (e) {
-        throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`);
-    }
+async function fetchJwks(jwksIri, issuerIri) {
+    const jwksResponse = await (0,_inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__.fetch)(jwksIri);
+    if (jwksResponse.status !== 200) {
+        throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
+    }
+    let jwk;
+    try {
+        jwk = (await jwksResponse.json()).keys[0];
+    }
+    catch (e) {
+        throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
+    }
+    return jwk;
+}
+async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
+    const jwk = await fetchJwks(jwksIri, issuerIri);
+    let payload;
+    try {
+        const { payload: verifiedPayload } = await (0,jose__WEBPACK_IMPORTED_MODULE_1__.jwtVerify)(idToken, await (0,jose__WEBPACK_IMPORTED_MODULE_1__.importJWK)(jwk), {
+            issuer: issuerIri,
+            audience: clientId,
+        });
+        payload = verifiedPayload;
+    }
+    catch (e) {
+        throw new Error(`Token verification failed: ${e.stack}`);
+    }
+    if (typeof payload.webid === "string") {
+        return payload.webid;
+    }
+    if (typeof payload.sub !== "string") {
+        throw new Error(`The token ${JSON.stringify(payload)} is invalid: it has no 'webid' claim and no 'sub' claim.`);
+    }
+    try {
+        new URL(payload.sub);
+        return payload.sub;
+    }
+    catch (e) {
+        throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`);
+    }
 }
 
-function isValidRedirectUrl(redirectUrl) {
-    try {
-        const urlObject = new URL(redirectUrl);
-        return urlObject.hash === "";
-    }
-    catch (e) {
-        return false;
-    }
+function isValidRedirectUrl(redirectUrl) {
+    try {
+        const urlObject = new URL(redirectUrl);
+        return urlObject.hash === "";
+    }
+    catch (e) {
+        return false;
+    }
 }
 
-function isSupportedTokenType(token) {
-    return typeof token === "string" && ["DPoP", "Bearer"].includes(token);
+function isSupportedTokenType(token) {
+    return typeof token === "string" && ["DPoP", "Bearer"].includes(token);
 }
 
 const USER_SESSION_PREFIX = "solidClientAuthenticationUser";
 
-function isValidUrl(url) {
-    try {
-        new URL(url);
-        return true;
-    }
-    catch (_a) {
-        return false;
-    }
-}
-function determineSigningAlg(supported, preferred) {
-    var _a;
-    return ((_a = preferred.find((signingAlg) => {
-        return supported.includes(signingAlg);
-    })) !== null && _a !== void 0 ? _a : null);
-}
-function determineClientType(options, issuerConfig) {
-    if (options.clientId !== undefined && !isValidUrl(options.clientId)) {
-        return "static";
-    }
-    if (issuerConfig.scopesSupported.includes("webid") &&
-        options.clientId !== undefined &&
-        isValidUrl(options.clientId)) {
-        return "solid-oidc";
-    }
-    return "dynamic";
-}
-async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
-    const clientType = determineClientType(options, issuerConfig);
-    if (clientType === "dynamic") {
-        return clientRegistrar.getClient({
-            sessionId: options.sessionId,
-            clientName: options.clientName,
-            redirectUrl: options.redirectUrl,
-        }, issuerConfig);
-    }
-    await storageUtility.setForUser(options.sessionId, {
-        clientId: options.clientId,
-    });
-    if (options.clientSecret) {
-        await storageUtility.setForUser(options.sessionId, {
-            clientSecret: options.clientSecret,
-        });
-    }
-    if (options.clientName) {
-        await storageUtility.setForUser(options.sessionId, {
-            clientName: options.clientName,
-        });
-    }
-    return {
-        clientId: options.clientId,
-        clientSecret: options.clientSecret,
-        clientName: options.clientName,
-        clientType,
-    };
+function isValidUrl(url) {
+    try {
+        new URL(url);
+        return true;
+    }
+    catch (_a) {
+        return false;
+    }
+}
+function determineSigningAlg(supported, preferred) {
+    var _a;
+    return ((_a = preferred.find((signingAlg) => {
+        return supported.includes(signingAlg);
+    })) !== null && _a !== void 0 ? _a : null);
+}
+function determineClientType(options, issuerConfig) {
+    if (options.clientId !== undefined && !isValidUrl(options.clientId)) {
+        return "static";
+    }
+    if (issuerConfig.scopesSupported.includes("webid") &&
+        options.clientId !== undefined &&
+        isValidUrl(options.clientId)) {
+        return "solid-oidc";
+    }
+    return "dynamic";
+}
+async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
+    const clientType = determineClientType(options, issuerConfig);
+    if (clientType === "dynamic") {
+        return clientRegistrar.getClient({
+            sessionId: options.sessionId,
+            clientName: options.clientName,
+            redirectUrl: options.redirectUrl,
+        }, issuerConfig);
+    }
+    await storageUtility.setForUser(options.sessionId, {
+        clientId: options.clientId,
+    });
+    if (options.clientSecret) {
+        await storageUtility.setForUser(options.sessionId, {
+            clientSecret: options.clientSecret,
+        });
+    }
+    if (options.clientName) {
+        await storageUtility.setForUser(options.sessionId, {
+            clientName: options.clientName,
+        });
+    }
+    return {
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        clientName: options.clientName,
+        clientType,
+    };
 }
 
-async function getSessionIdFromOauthState(storageUtility, oauthState) {
-    return storageUtility.getForUser(oauthState, "sessionId");
-}
-async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
-    try {
-        const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
-            storageUtility.getForUser(sessionId, "issuer", {
-                errorIfNull: true,
-            }),
-            storageUtility.getForUser(sessionId, "codeVerifier"),
-            storageUtility.getForUser(sessionId, "redirectUrl"),
-            storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
-        ]);
-        await storageUtility.deleteForUser(sessionId, "codeVerifier");
-        const issuerConfig = await configFetcher.fetchConfig(issuerIri);
-        return {
-            codeVerifier,
-            redirectUrl: storedRedirectIri,
-            issuerConfig,
-            dpop: dpop === "true",
-        };
-    }
-    catch (e) {
-        throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
-    }
-}
-async function saveSessionInfoToStorage(storageUtility, sessionId, webId, isLoggedIn, refreshToken, secure, dpopKey) {
-    if (refreshToken !== undefined) {
-        await storageUtility.setForUser(sessionId, { refreshToken }, { secure });
-    }
-    if (webId !== undefined) {
-        await storageUtility.setForUser(sessionId, { webId }, { secure });
-    }
-    if (isLoggedIn !== undefined) {
-        await storageUtility.setForUser(sessionId, { isLoggedIn }, { secure });
-    }
-    if (dpopKey !== undefined) {
-        await storageUtility.setForUser(sessionId, {
-            publicKey: JSON.stringify(dpopKey.publicKey),
-            privateKey: JSON.stringify(await (0,jose__WEBPACK_IMPORTED_MODULE_2__.exportJWK)(dpopKey.privateKey)),
-        }, { secure });
-    }
-}
-class StorageUtility {
-    constructor(secureStorage, insecureStorage) {
-        this.secureStorage = secureStorage;
-        this.insecureStorage = insecureStorage;
-    }
-    getKey(userId) {
-        return `solidClientAuthenticationUser:${userId}`;
-    }
-    async getUserData(userId, secure) {
-        const stored = await (secure
-            ? this.secureStorage
-            : this.insecureStorage).get(this.getKey(userId));
-        if (stored === undefined) {
-            return {};
-        }
-        try {
-            return JSON.parse(stored);
-        }
-        catch (err) {
-            throw new Error(`Data for user [${userId}] in [${secure ? "secure" : "unsecure"}] storage is corrupted - expected valid JSON, but got: ${stored}`);
-        }
-    }
-    async setUserData(userId, data, secure) {
-        await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data));
-    }
-    async get(key, options) {
-        const value = await ((options === null || options === void 0 ? void 0 : options.secure)
-            ? this.secureStorage
-            : this.insecureStorage).get(key);
-        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
-            throw new Error(`[${key}] is not stored`);
-        }
-        return value;
-    }
-    async set(key, value, options) {
-        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).set(key, value);
-    }
-    async delete(key, options) {
-        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(key);
-    }
-    async getForUser(userId, key, options) {
-        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        let value;
-        if (!userData || !userData[key]) {
-            value = undefined;
-        }
-        value = userData[key];
-        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
-            throw new Error(`Field [${key}] for user [${userId}] is not stored`);
-        }
-        return value || undefined;
-    }
-    async setForUser(userId, values, options) {
-        let userData;
-        try {
-            userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        }
-        catch (_a) {
-            userData = {};
-        }
-        await this.setUserData(userId, { ...userData, ...values }, options === null || options === void 0 ? void 0 : options.secure);
-    }
-    async deleteForUser(userId, key, options) {
-        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
-        delete userData[key];
-        await this.setUserData(userId, userData, options === null || options === void 0 ? void 0 : options.secure);
-    }
-    async deleteAllUserData(userId, options) {
-        await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
-    }
+async function getSessionIdFromOauthState(storageUtility, oauthState) {
+    return storageUtility.getForUser(oauthState, "sessionId");
+}
+async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
+    try {
+        const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
+            storageUtility.getForUser(sessionId, "issuer", {
+                errorIfNull: true,
+            }),
+            storageUtility.getForUser(sessionId, "codeVerifier"),
+            storageUtility.getForUser(sessionId, "redirectUrl"),
+            storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
+        ]);
+        await storageUtility.deleteForUser(sessionId, "codeVerifier");
+        const issuerConfig = await configFetcher.fetchConfig(issuerIri);
+        return {
+            codeVerifier,
+            redirectUrl: storedRedirectIri,
+            issuerConfig,
+            dpop: dpop === "true",
+        };
+    }
+    catch (e) {
+        throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
+    }
+}
+async function saveSessionInfoToStorage(storageUtility, sessionId, webId, isLoggedIn, refreshToken, secure, dpopKey) {
+    if (refreshToken !== undefined) {
+        await storageUtility.setForUser(sessionId, { refreshToken }, { secure });
+    }
+    if (webId !== undefined) {
+        await storageUtility.setForUser(sessionId, { webId }, { secure });
+    }
+    if (isLoggedIn !== undefined) {
+        await storageUtility.setForUser(sessionId, { isLoggedIn }, { secure });
+    }
+    if (dpopKey !== undefined) {
+        await storageUtility.setForUser(sessionId, {
+            publicKey: JSON.stringify(dpopKey.publicKey),
+            privateKey: JSON.stringify(await (0,jose__WEBPACK_IMPORTED_MODULE_1__.exportJWK)(dpopKey.privateKey)),
+        }, { secure });
+    }
+}
+class StorageUtility {
+    constructor(secureStorage, insecureStorage) {
+        this.secureStorage = secureStorage;
+        this.insecureStorage = insecureStorage;
+    }
+    getKey(userId) {
+        return `solidClientAuthenticationUser:${userId}`;
+    }
+    async getUserData(userId, secure) {
+        const stored = await (secure
+            ? this.secureStorage
+            : this.insecureStorage).get(this.getKey(userId));
+        if (stored === undefined) {
+            return {};
+        }
+        try {
+            return JSON.parse(stored);
+        }
+        catch (err) {
+            throw new Error(`Data for user [${userId}] in [${secure ? "secure" : "unsecure"}] storage is corrupted - expected valid JSON, but got: ${stored}`);
+        }
+    }
+    async setUserData(userId, data, secure) {
+        await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data));
+    }
+    async get(key, options) {
+        const value = await ((options === null || options === void 0 ? void 0 : options.secure)
+            ? this.secureStorage
+            : this.insecureStorage).get(key);
+        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
+            throw new Error(`[${key}] is not stored`);
+        }
+        return value;
+    }
+    async set(key, value, options) {
+        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).set(key, value);
+    }
+    async delete(key, options) {
+        return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(key);
+    }
+    async getForUser(userId, key, options) {
+        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        let value;
+        if (!userData || !userData[key]) {
+            value = undefined;
+        }
+        value = userData[key];
+        if (value === undefined && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
+            throw new Error(`Field [${key}] for user [${userId}] is not stored`);
+        }
+        return value || undefined;
+    }
+    async setForUser(userId, values, options) {
+        let userData;
+        try {
+            userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        }
+        catch (_a) {
+            userData = {};
+        }
+        await this.setUserData(userId, { ...userData, ...values }, options === null || options === void 0 ? void 0 : options.secure);
+    }
+    async deleteForUser(userId, key, options) {
+        const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+        delete userData[key];
+        await this.setUserData(userId, userData, options === null || options === void 0 ? void 0 : options.secure);
+    }
+    async deleteAllUserData(userId, options) {
+        await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
+    }
 }
 
-class InMemoryStorage {
-    constructor() {
-        this.map = {};
-    }
-    async get(key) {
-        return this.map[key] || undefined;
-    }
-    async set(key, value) {
-        this.map[key] = value;
-    }
-    async delete(key) {
-        delete this.map[key];
-    }
+class InMemoryStorage {
+    constructor() {
+        this.map = {};
+    }
+    async get(key) {
+        return this.map[key] || undefined;
+    }
+    async set(key, value) {
+        this.map[key] = value;
+    }
+    async delete(key) {
+        delete this.map[key];
+    }
 }
 
-class ConfigurationError extends Error {
-    constructor(message) {
-        super(message);
-    }
+class ConfigurationError extends Error {
+    constructor(message) {
+        super(message);
+    }
 }
 
-class NotImplementedError extends Error {
-    constructor(methodName) {
-        super(`[${methodName}] is not implemented`);
-    }
+class NotImplementedError extends Error {
+    constructor(methodName) {
+        super(`[${methodName}] is not implemented`);
+    }
 }
 
-class InvalidResponseError extends Error {
-    constructor(missingFields) {
-        super(`Invalid response from OIDC provider: missing fields ${missingFields}`);
-        this.missingFields = missingFields;
-    }
+class InvalidResponseError extends Error {
+    constructor(missingFields) {
+        super(`Invalid response from OIDC provider: missing fields ${missingFields}`);
+        this.missingFields = missingFields;
+    }
 }
 
-class OidcProviderError extends Error {
-    constructor(message, error, errorDescription) {
-        super(message);
-        this.error = error;
-        this.errorDescription = errorDescription;
-    }
+class OidcProviderError extends Error {
+    constructor(message, error, errorDescription) {
+        super(message);
+        this.error = error;
+        this.errorDescription = errorDescription;
+    }
 }
 
-function normalizeHTU(audience) {
-    const audienceUrl = new URL(audience);
-    return new URL(audienceUrl.pathname, audienceUrl.origin).toString();
-}
-async function createDpopHeader(audience, method, dpopKey) {
-    return new jose__WEBPACK_IMPORTED_MODULE_2__.SignJWT({
-        htu: normalizeHTU(audience),
-        htm: method.toUpperCase(),
-        jti: (0,uuid__WEBPACK_IMPORTED_MODULE_3__["default"])(),
-    })
-        .setProtectedHeader({
-        alg: PREFERRED_SIGNING_ALG[0],
-        jwk: dpopKey.publicKey,
-        typ: "dpop+jwt",
-    })
-        .setIssuedAt()
-        .sign(dpopKey.privateKey, {});
-}
-async function generateDpopKeyPair() {
-    const { privateKey, publicKey } = await (0,jose__WEBPACK_IMPORTED_MODULE_2__.generateKeyPair)(PREFERRED_SIGNING_ALG[0]);
-    const dpopKeyPair = {
-        privateKey,
-        publicKey: await (0,jose__WEBPACK_IMPORTED_MODULE_2__.exportJWK)(publicKey),
-    };
-    [dpopKeyPair.publicKey.alg] = PREFERRED_SIGNING_ALG;
-    return dpopKeyPair;
+function normalizeHTU(audience) {
+    const audienceUrl = new URL(audience);
+    return new URL(audienceUrl.pathname, audienceUrl.origin).toString();
+}
+async function createDpopHeader(audience, method, dpopKey) {
+    return new jose__WEBPACK_IMPORTED_MODULE_1__.SignJWT({
+        htu: normalizeHTU(audience),
+        htm: method.toUpperCase(),
+        jti: (0,uuid__WEBPACK_IMPORTED_MODULE_3__["default"])(),
+    })
+        .setProtectedHeader({
+        alg: PREFERRED_SIGNING_ALG[0],
+        jwk: dpopKey.publicKey,
+        typ: "dpop+jwt",
+    })
+        .setIssuedAt()
+        .sign(dpopKey.privateKey, {});
+}
+async function generateDpopKeyPair() {
+    const { privateKey, publicKey } = await (0,jose__WEBPACK_IMPORTED_MODULE_1__.generateKeyPair)(PREFERRED_SIGNING_ALG[0]);
+    const dpopKeyPair = {
+        privateKey,
+        publicKey: await (0,jose__WEBPACK_IMPORTED_MODULE_1__.exportJWK)(publicKey),
+    };
+    [dpopKeyPair.publicKey.alg] = PREFERRED_SIGNING_ALG;
+    return dpopKeyPair;
 }
 
-const DEFAULT_EXPIRATION_TIME_SECONDS = 600;
-function isExpectedAuthError(statusCode) {
-    return [401, 403].includes(statusCode);
-}
-async function buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions) {
-    var _a;
-    const headers = new cross_fetch__WEBPACK_IMPORTED_MODULE_1__.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
-    headers.set("Authorization", `DPoP ${authToken}`);
-    headers.set("DPoP", await createDpopHeader(targetUrl, (_a = defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.method) !== null && _a !== void 0 ? _a : "get", dpopKey));
-    return {
-        ...defaultOptions,
-        headers,
-    };
-}
-async function buildAuthenticatedHeaders(targetUrl, authToken, dpopKey, defaultOptions) {
-    if (dpopKey !== undefined) {
-        return buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions);
-    }
-    const headers = new cross_fetch__WEBPACK_IMPORTED_MODULE_1__.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
-    headers.set("Authorization", `Bearer ${authToken}`);
-    return {
-        ...defaultOptions,
-        headers,
-    };
-}
-async function makeAuthenticatedRequest(unauthFetch, accessToken, url, defaultRequestInit, dpopKey) {
-    return unauthFetch(url, await buildAuthenticatedHeaders(url.toString(), accessToken, dpopKey, defaultRequestInit));
-}
-async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
-    var _a;
-    const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);
-    eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.SESSION_EXTENDED, (_a = tokenSet.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_EXPIRATION_TIME_SECONDS);
-    if (typeof tokenSet.refreshToken === "string") {
-        eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
-    }
-    return {
-        accessToken: tokenSet.accessToken,
-        refreshToken: tokenSet.refreshToken,
-        expiresIn: tokenSet.expiresIn,
-    };
-}
-const computeRefreshDelay = (expiresIn) => {
-    if (expiresIn !== undefined) {
-        return expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS > 0
-            ?
-                expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS
-            : expiresIn;
-    }
-    return DEFAULT_EXPIRATION_TIME_SECONDS;
-};
-async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
-    var _a;
-    let currentAccessToken = accessToken;
-    let latestTimeout;
-    const currentRefreshOptions = options === null || options === void 0 ? void 0 : options.refreshOptions;
-    if (currentRefreshOptions !== undefined) {
-        const proactivelyRefreshToken = async () => {
-            var _a, _b, _c, _d;
-            try {
-                const { accessToken: refreshedAccessToken, refreshToken, expiresIn, } = await refreshAccessToken(currentRefreshOptions, options.dpopKey, options.eventEmitter);
-                currentAccessToken = refreshedAccessToken;
-                if (refreshToken !== undefined) {
-                    currentRefreshOptions.refreshToken = refreshToken;
-                }
-                clearTimeout(latestTimeout);
-                latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1000);
-                (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
-            }
-            catch (e) {
-                if (e instanceof OidcProviderError) {
-                    (_b = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _b === void 0 ? void 0 : _b.emit(EVENTS.ERROR, e.error, e.errorDescription);
-                    (_c = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _c === void 0 ? void 0 : _c.emit(EVENTS.SESSION_EXPIRED);
-                }
-                if (e instanceof InvalidResponseError &&
-                    e.missingFields.includes("access_token")) {
-                    (_d = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _d === void 0 ? void 0 : _d.emit(EVENTS.SESSION_EXPIRED);
-                }
-            }
-        };
-        latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(options.expiresIn) * 1000);
-        (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
-    }
-    else if (options !== undefined && options.eventEmitter !== undefined) {
-        const expirationTimeout = setTimeout(() => {
-            options.eventEmitter.emit(EVENTS.SESSION_EXPIRED);
-        }, computeRefreshDelay(options.expiresIn) * 1000);
-        options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
-    }
-    return async (url, requestInit) => {
-        let response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
-        const failedButNotExpectedAuthError = !response.ok && !isExpectedAuthError(response.status);
-        if (response.ok || failedButNotExpectedAuthError) {
-            return response;
-        }
-        const hasBeenRedirected = response.url !== url;
-        if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== undefined) {
-            response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, response.url, requestInit, options.dpopKey);
-        }
-        return response;
-    };
+const DEFAULT_EXPIRATION_TIME_SECONDS = 600;
+function isExpectedAuthError(statusCode) {
+    return [401, 403].includes(statusCode);
+}
+async function buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions) {
+    var _a;
+    const headers = new _inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
+    headers.set("Authorization", `DPoP ${authToken}`);
+    headers.set("DPoP", await createDpopHeader(targetUrl, (_a = defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.method) !== null && _a !== void 0 ? _a : "get", dpopKey));
+    return {
+        ...defaultOptions,
+        headers,
+    };
+}
+async function buildAuthenticatedHeaders(targetUrl, authToken, dpopKey, defaultOptions) {
+    if (dpopKey !== undefined) {
+        return buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions);
+    }
+    const headers = new _inrupt_universal_fetch__WEBPACK_IMPORTED_MODULE_2__.Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
+    headers.set("Authorization", `Bearer ${authToken}`);
+    return {
+        ...defaultOptions,
+        headers,
+    };
+}
+async function makeAuthenticatedRequest(unauthFetch, accessToken, url, defaultRequestInit, dpopKey) {
+    return unauthFetch(url, await buildAuthenticatedHeaders(url.toString(), accessToken, dpopKey, defaultRequestInit));
+}
+async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
+    var _a;
+    const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);
+    eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.SESSION_EXTENDED, (_a = tokenSet.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_EXPIRATION_TIME_SECONDS);
+    if (typeof tokenSet.refreshToken === "string") {
+        eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
+    }
+    return {
+        accessToken: tokenSet.accessToken,
+        refreshToken: tokenSet.refreshToken,
+        expiresIn: tokenSet.expiresIn,
+    };
+}
+const computeRefreshDelay = (expiresIn) => {
+    if (expiresIn !== undefined) {
+        return expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS > 0
+            ?
+                expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS
+            : expiresIn;
+    }
+    return DEFAULT_EXPIRATION_TIME_SECONDS;
+};
+async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
+    var _a;
+    let currentAccessToken = accessToken;
+    let latestTimeout;
+    const currentRefreshOptions = options === null || options === void 0 ? void 0 : options.refreshOptions;
+    if (currentRefreshOptions !== undefined) {
+        const proactivelyRefreshToken = async () => {
+            var _a, _b, _c, _d;
+            try {
+                const { accessToken: refreshedAccessToken, refreshToken, expiresIn, } = await refreshAccessToken(currentRefreshOptions, options.dpopKey, options.eventEmitter);
+                currentAccessToken = refreshedAccessToken;
+                if (refreshToken !== undefined) {
+                    currentRefreshOptions.refreshToken = refreshToken;
+                }
+                clearTimeout(latestTimeout);
+                latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1000);
+                (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+            }
+            catch (e) {
+                if (e instanceof OidcProviderError) {
+                    (_b = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _b === void 0 ? void 0 : _b.emit(EVENTS.ERROR, e.error, e.errorDescription);
+                    (_c = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _c === void 0 ? void 0 : _c.emit(EVENTS.SESSION_EXPIRED);
+                }
+                if (e instanceof InvalidResponseError &&
+                    e.missingFields.includes("access_token")) {
+                    (_d = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _d === void 0 ? void 0 : _d.emit(EVENTS.SESSION_EXPIRED);
+                }
+            }
+        };
+        latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(options.expiresIn) * 1000);
+        (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+    }
+    else if (options !== undefined && options.eventEmitter !== undefined) {
+        const expirationTimeout = setTimeout(() => {
+            options.eventEmitter.emit(EVENTS.SESSION_EXPIRED);
+        }, computeRefreshDelay(options.expiresIn) * 1000);
+        options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
+    }
+    return async (url, requestInit) => {
+        let response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
+        const failedButNotExpectedAuthError = !response.ok && !isExpectedAuthError(response.status);
+        if (response.ok || failedButNotExpectedAuthError) {
+            return response;
+        }
+        const hasBeenRedirected = response.url !== url;
+        if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== undefined) {
+            response = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, response.url, requestInit, options.dpopKey);
+        }
+        return response;
+    };
 }
 
-const StorageUtilityGetResponse = "getResponse";
-const StorageUtilityMock = {
-    get: async (key, options) => StorageUtilityGetResponse,
-    set: async (key, value) => {
-    },
-    delete: async (key) => {
-    },
-    getForUser: async (userId, key, options) => StorageUtilityGetResponse,
-    setForUser: async (userId, values, options) => {
-    },
-    deleteForUser: async (userId, key, options) => {
-    },
-    deleteAllUserData: async (userId, options) => {
-    },
-};
-const mockStorage = (stored) => {
-    const store = stored;
-    return {
-        get: async (key) => {
-            if (store[key] === undefined) {
-                return undefined;
-            }
-            if (typeof store[key] === "string") {
-                return store[key];
-            }
-            return JSON.stringify(store[key]);
-        },
-        set: async (key, value) => {
-            store[key] = value;
-        },
-        delete: async (key) => {
-            delete store[key];
-        },
-    };
-};
-const mockStorageUtility = (stored, isSecure = false) => {
-    if (isSecure) {
-        return new StorageUtility(mockStorage(stored), mockStorage({}));
-    }
-    return new StorageUtility(mockStorage({}), mockStorage(stored));
+const StorageUtilityGetResponse = "getResponse";
+const StorageUtilityMock = {
+    get: async (key, options) => StorageUtilityGetResponse,
+    set: async (key, value) => {
+    },
+    delete: async (key) => {
+    },
+    getForUser: async (userId, key, options) => StorageUtilityGetResponse,
+    setForUser: async (userId, values, options) => {
+    },
+    deleteForUser: async (userId, key, options) => {
+    },
+    deleteAllUserData: async (userId, options) => {
+    },
+};
+const mockStorage = (stored) => {
+    const store = stored;
+    return {
+        get: async (key) => {
+            if (store[key] === undefined) {
+                return undefined;
+            }
+            if (typeof store[key] === "string") {
+                return store[key];
+            }
+            return JSON.stringify(store[key]);
+        },
+        set: async (key, value) => {
+            store[key] = value;
+        },
+        delete: async (key) => {
+            delete store[key];
+        },
+    };
+};
+const mockStorageUtility = (stored, isSecure = false) => {
+    if (isSecure) {
+        return new StorageUtility(mockStorage(stored), mockStorage({}));
+    }
+    return new StorageUtility(mockStorage({}), mockStorage(stored));
 };
 
 
 
 
+/***/ }),
+
+/***/ "./node_modules/@inrupt/universal-fetch/dist/index-browser.mjs":
+/*!*********************************************************************!*\
+  !*** ./node_modules/@inrupt/universal-fetch/dist/index-browser.mjs ***!
+  \*********************************************************************/
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+"use strict";
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   "Headers": () => (/* binding */ Headers),
+/* harmony export */   "Request": () => (/* binding */ Request),
+/* harmony export */   "Response": () => (/* binding */ Response),
+/* harmony export */   "default": () => (/* binding */ indexBrowser),
+/* harmony export */   "fetch": () => (/* binding */ fetch)
+/* harmony export */ });
+var indexBrowser = globalThis.fetch;
+const { fetch, Response, Request, Headers } = globalThis;
+
+
+
+
 /***/ }),
 
 /***/ "./node_modules/jose/dist/browser/index.js":
@@ -61873,14 +62402,17 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   "createRemoteJWKSet": () => (/* binding */ createRemoteJWKSet)
 /* harmony export */ });
 /* harmony import */ var _runtime_fetch_jwks_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ../runtime/fetch_jwks.js */ "./node_modules/jose/dist/browser/runtime/fetch_jwks.js");
-/* harmony import */ var _runtime_env_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../runtime/env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
-/* harmony import */ var _local_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ./local.js */ "./node_modules/jose/dist/browser/jwks/local.js");
-
+/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
+/* harmony import */ var _local_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ./local.js */ "./node_modules/jose/dist/browser/jwks/local.js");
 
 
 
-class RemoteJWKSet extends _local_js__WEBPACK_IMPORTED_MODULE_3__.LocalJWKSet {
+function isCloudflareWorkers() {
+    return (typeof WebSocketPair !== 'undefined' ||
+        (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||
+        (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));
+}
+class RemoteJWKSet extends _local_js__WEBPACK_IMPORTED_MODULE_2__.LocalJWKSet {
     constructor(url, options) {
         super({ keys: [] });
         this._jwks = undefined;
@@ -61913,7 +62445,7 @@ class RemoteJWKSet extends _local_js__WEBPACK_IMPORTED_MODULE_3__.LocalJWKSet {
             return await super.getKey(protectedHeader, token);
         }
         catch (err) {
-            if (err instanceof _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JWKSNoMatchingKey) {
+            if (err instanceof _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JWKSNoMatchingKey) {
                 if (this.coolingDown() === false) {
                     await this.reload();
                     return super.getKey(protectedHeader, token);
@@ -61923,13 +62455,13 @@ class RemoteJWKSet extends _local_js__WEBPACK_IMPORTED_MODULE_3__.LocalJWKSet {
         }
     }
     async reload() {
-        if (this._pendingFetch && (0,_runtime_env_js__WEBPACK_IMPORTED_MODULE_1__.isCloudflareWorkers)()) {
+        if (this._pendingFetch && isCloudflareWorkers()) {
             this._pendingFetch = undefined;
         }
         this._pendingFetch || (this._pendingFetch = (0,_runtime_fetch_jwks_js__WEBPACK_IMPORTED_MODULE_0__["default"])(this._url, this._timeoutDuration, this._options)
             .then((json) => {
-            if (!(0,_local_js__WEBPACK_IMPORTED_MODULE_3__.isJWKSLike)(json)) {
-                throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JWKSInvalid('JSON Web Key Set malformed');
+            if (!(0,_local_js__WEBPACK_IMPORTED_MODULE_2__.isJWKSLike)(json)) {
+                throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JWKSInvalid('JSON Web Key Set malformed');
             }
             this._jwks = { keys: json.keys };
             this._jwksTimestamp = Date.now();
@@ -63117,8 +63649,6 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   "checkEncCryptoKey": () => (/* binding */ checkEncCryptoKey),
 /* harmony export */   "checkSigCryptoKey": () => (/* binding */ checkSigCryptoKey)
 /* harmony export */ });
-/* harmony import */ var _runtime_env_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ../runtime/env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-
 function unusable(name, prop = 'algorithm.name') {
     return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
 }
@@ -63193,11 +63723,6 @@ function checkSigCryptoKey(key, alg, ...usages) {
         }
         case 'EdDSA': {
             if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {
-                if ((0,_runtime_env_js__WEBPACK_IMPORTED_MODULE_0__.isCloudflareWorkers)()) {
-                    if (isAlgorithm(key.algorithm, 'NODE-ED25519'))
-                        break;
-                    throw unusable('Ed25519, Ed448, or NODE-ED25519');
-                }
                 throw unusable('Ed25519 or Ed448');
             }
             break;
@@ -64028,14 +64553,12 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   "toPKCS8": () => (/* binding */ toPKCS8),
 /* harmony export */   "toSPKI": () => (/* binding */ toSPKI)
 /* harmony export */ });
-/* harmony import */ var _env_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
-/* harmony import */ var _lib_invalid_key_input_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ../lib/invalid_key_input.js */ "./node_modules/jose/dist/browser/lib/invalid_key_input.js");
-/* harmony import */ var _base64url_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ./base64url.js */ "./node_modules/jose/dist/browser/runtime/base64url.js");
-/* harmony import */ var _lib_format_pem_js__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(/*! ../lib/format_pem.js */ "./node_modules/jose/dist/browser/lib/format_pem.js");
-/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_5__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
-/* harmony import */ var _is_key_like_js__WEBPACK_IMPORTED_MODULE_6__ = __webpack_require__(/*! ./is_key_like.js */ "./node_modules/jose/dist/browser/runtime/is_key_like.js");
-
+/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
+/* harmony import */ var _lib_invalid_key_input_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../lib/invalid_key_input.js */ "./node_modules/jose/dist/browser/lib/invalid_key_input.js");
+/* harmony import */ var _base64url_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ./base64url.js */ "./node_modules/jose/dist/browser/runtime/base64url.js");
+/* harmony import */ var _lib_format_pem_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ../lib/format_pem.js */ "./node_modules/jose/dist/browser/lib/format_pem.js");
+/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
+/* harmony import */ var _is_key_like_js__WEBPACK_IMPORTED_MODULE_5__ = __webpack_require__(/*! ./is_key_like.js */ "./node_modules/jose/dist/browser/runtime/is_key_like.js");
 
 
 
@@ -64043,8 +64566,8 @@ __webpack_require__.r(__webpack_exports__);
 
 
 const genericExport = async (keyType, keyFormat, key) => {
-    if (!(0,_webcrypto_js__WEBPACK_IMPORTED_MODULE_1__.isCryptoKey)(key)) {
-        throw new TypeError((0,_lib_invalid_key_input_js__WEBPACK_IMPORTED_MODULE_2__["default"])(key, ..._is_key_like_js__WEBPACK_IMPORTED_MODULE_6__.types));
+    if (!(0,_webcrypto_js__WEBPACK_IMPORTED_MODULE_0__.isCryptoKey)(key)) {
+        throw new TypeError((0,_lib_invalid_key_input_js__WEBPACK_IMPORTED_MODULE_1__["default"])(key, ..._is_key_like_js__WEBPACK_IMPORTED_MODULE_5__.types));
     }
     if (!key.extractable) {
         throw new TypeError('CryptoKey is not extractable');
@@ -64052,7 +64575,7 @@ const genericExport = async (keyType, keyFormat, key) => {
     if (key.type !== keyType) {
         throw new TypeError(`key is not a ${keyType} key`);
     }
-    return (0,_lib_format_pem_js__WEBPACK_IMPORTED_MODULE_4__["default"])((0,_base64url_js__WEBPACK_IMPORTED_MODULE_3__.encodeBase64)(new Uint8Array(await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);
+    return (0,_lib_format_pem_js__WEBPACK_IMPORTED_MODULE_3__["default"])((0,_base64url_js__WEBPACK_IMPORTED_MODULE_2__.encodeBase64)(new Uint8Array(await _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);
 };
 const toSPKI = (key) => {
     return genericExport('public', 'spki', key);
@@ -64090,11 +64613,11 @@ const getNamedCurve = (keyData) => {
         case findOid(keyData, [0x2b, 0x65, 0x71]):
             return 'Ed448';
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_5__.JOSENotSupported('Invalid or unsupported EC Key Curve or OKP Key Sub Type');
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_4__.JOSENotSupported('Invalid or unsupported EC Key Curve or OKP Key Sub Type');
     }
 };
 const genericImport = async (replace, keyFormat, pem, alg, options) => {
-    var _a, _b;
+    var _a;
     let algorithm;
     let keyUsages;
     const keyData = new Uint8Array(atob(pem.replace(replace, ''))
@@ -64150,20 +64673,9 @@ const genericImport = async (replace, keyFormat, pem, alg, options) => {
             keyUsages = isPublic ? ['verify'] : ['sign'];
             break;
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_5__.JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
-    }
-    try {
-        return await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.importKey(keyFormat, keyData, algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);
-    }
-    catch (err) {
-        if (algorithm.name === 'Ed25519' &&
-            (err === null || err === void 0 ? void 0 : err.name) === 'NotSupportedError' &&
-            (0,_env_js__WEBPACK_IMPORTED_MODULE_0__.isCloudflareWorkers)()) {
-            algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };
-            return await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.importKey(keyFormat, keyData, algorithm, (_b = options === null || options === void 0 ? void 0 : options.extractable) !== null && _b !== void 0 ? _b : false, keyUsages);
-        }
-        throw err;
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_4__.JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
     }
+    return _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.importKey(keyFormat, keyData, algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);
 };
 const fromPKCS8 = (pem, alg, options) => {
     return genericImport(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, 'pkcs8', pem, alg, options);
@@ -64232,12 +64744,12 @@ function parseElement(bytes) {
 }
 function spkiFromX509(buf) {
     const tbsCertificate = getElement(getElement(parseElement(buf).contents)[0].contents);
-    return (0,_base64url_js__WEBPACK_IMPORTED_MODULE_3__.encodeBase64)(tbsCertificate[tbsCertificate[0].raw[0] === 0xa0 ? 6 : 5].raw);
+    return (0,_base64url_js__WEBPACK_IMPORTED_MODULE_2__.encodeBase64)(tbsCertificate[tbsCertificate[0].raw[0] === 0xa0 ? 6 : 5].raw);
 }
 function getSPKI(x509) {
     const pem = x509.replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '');
-    const raw = (0,_base64url_js__WEBPACK_IMPORTED_MODULE_3__.decodeBase64)(pem);
-    return (0,_lib_format_pem_js__WEBPACK_IMPORTED_MODULE_4__["default"])(spkiFromX509(raw), 'PUBLIC KEY');
+    const raw = (0,_base64url_js__WEBPACK_IMPORTED_MODULE_2__.decodeBase64)(pem);
+    return (0,_lib_format_pem_js__WEBPACK_IMPORTED_MODULE_3__["default"])(spkiFromX509(raw), 'PUBLIC KEY');
 }
 const fromX509 = (pem, alg, options) => {
     let spki;
@@ -64665,26 +65177,6 @@ const encrypt = async (enc, plaintext, cek, iv, aad) => {
 /* harmony default export */ const __WEBPACK_DEFAULT_EXPORT__ = (encrypt);
 
 
-/***/ }),
-
-/***/ "./node_modules/jose/dist/browser/runtime/env.js":
-/*!*******************************************************!*\
-  !*** ./node_modules/jose/dist/browser/runtime/env.js ***!
-  \*******************************************************/
-/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
-
-"use strict";
-__webpack_require__.r(__webpack_exports__);
-/* harmony export */ __webpack_require__.d(__webpack_exports__, {
-/* harmony export */   "isCloudflareWorkers": () => (/* binding */ isCloudflareWorkers)
-/* harmony export */ });
-function isCloudflareWorkers() {
-    return (typeof WebSocketPair !== 'undefined' ||
-        (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||
-        (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));
-}
-
-
 /***/ }),
 
 /***/ "./node_modules/jose/dist/browser/runtime/fetch_jwks.js":
@@ -64749,11 +65241,9 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   "generateKeyPair": () => (/* binding */ generateKeyPair),
 /* harmony export */   "generateSecret": () => (/* binding */ generateSecret)
 /* harmony export */ });
-/* harmony import */ var _env_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
-/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
-/* harmony import */ var _random_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ./random.js */ "./node_modules/jose/dist/browser/runtime/random.js");
-
+/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
+/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
+/* harmony import */ var _random_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ./random.js */ "./node_modules/jose/dist/browser/runtime/random.js");
 
 
 
@@ -64774,7 +65264,7 @@ async function generateSecret(alg, options) {
         case 'A192CBC-HS384':
         case 'A256CBC-HS512':
             length = parseInt(alg.slice(-3), 10);
-            return (0,_random_js__WEBPACK_IMPORTED_MODULE_3__["default"])(new Uint8Array(length >> 3));
+            return (0,_random_js__WEBPACK_IMPORTED_MODULE_2__["default"])(new Uint8Array(length >> 3));
         case 'A128KW':
         case 'A192KW':
         case 'A256KW':
@@ -64793,20 +65283,20 @@ async function generateSecret(alg, options) {
             keyUsages = ['encrypt', 'decrypt'];
             break;
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
     }
-    return _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.generateKey(algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);
+    return _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.generateKey(algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);
 }
 function getModulusLengthOption(options) {
     var _a;
     const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;
     if (typeof modulusLength !== 'number' || modulusLength < 2048) {
-        throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
+        throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
     }
     return modulusLength;
 }
 async function generateKeyPair(alg, options) {
-    var _a, _b, _c, _d;
+    var _a, _b, _c;
     let algorithm;
     let keyUsages;
     switch (alg) {
@@ -64865,7 +65355,7 @@ async function generateKeyPair(alg, options) {
                     algorithm = { name: crv };
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported crv option provided');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported crv option provided');
             }
             break;
         case 'ECDH-ES':
@@ -64886,25 +65376,14 @@ async function generateKeyPair(alg, options) {
                     algorithm = { name: crv };
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
             }
             break;
         }
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-    }
-    try {
-        return (await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.generateKey(algorithm, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages));
-    }
-    catch (err) {
-        if (algorithm.name === 'Ed25519' &&
-            (err === null || err === void 0 ? void 0 : err.name) === 'NotSupportedError' &&
-            (0,_env_js__WEBPACK_IMPORTED_MODULE_0__.isCloudflareWorkers)()) {
-            algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };
-            return (await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.generateKey(algorithm, (_d = options === null || options === void 0 ? void 0 : options.extractable) !== null && _d !== void 0 ? _d : false, keyUsages));
-        }
-        throw err;
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
     }
+    return (_webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.generateKey(algorithm, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages));
 }
 
 
@@ -64979,11 +65458,9 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   "default": () => (__WEBPACK_DEFAULT_EXPORT__)
 /* harmony export */ });
-/* harmony import */ var _env_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
-/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
-/* harmony import */ var _base64url_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ./base64url.js */ "./node_modules/jose/dist/browser/runtime/base64url.js");
-
+/* harmony import */ var _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./webcrypto.js */ "./node_modules/jose/dist/browser/runtime/webcrypto.js");
+/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
+/* harmony import */ var _base64url_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ./base64url.js */ "./node_modules/jose/dist/browser/runtime/base64url.js");
 
 
 
@@ -65002,7 +65479,7 @@ function subtleMapping(jwk) {
                 case 'A128CBC-HS256':
                 case 'A192CBC-HS384':
                 case 'A256CBC-HS512':
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`);
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`);
                 case 'A128GCM':
                 case 'A192GCM':
                 case 'A256GCM':
@@ -65025,7 +65502,7 @@ function subtleMapping(jwk) {
                     keyUsages = ['deriveBits'];
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
             }
             break;
         }
@@ -65054,7 +65531,7 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
             }
             break;
         }
@@ -65080,7 +65557,7 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['deriveBits'] : [];
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
             }
             break;
         }
@@ -65098,12 +65575,12 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['deriveBits'] : [];
                     break;
                 default:
-                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
             }
             break;
         }
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_2__.JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
     }
     return { algorithm, keyUsages };
 }
@@ -65119,23 +65596,12 @@ const parse = async (jwk) => {
         (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages,
     ];
     if (algorithm.name === 'PBKDF2') {
-        return _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.importKey('raw', (0,_base64url_js__WEBPACK_IMPORTED_MODULE_3__.decode)(jwk.k), ...rest);
+        return _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.importKey('raw', (0,_base64url_js__WEBPACK_IMPORTED_MODULE_2__.decode)(jwk.k), ...rest);
     }
     const keyData = { ...jwk };
     delete keyData.alg;
     delete keyData.use;
-    try {
-        return await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.importKey('jwk', keyData, ...rest);
-    }
-    catch (err) {
-        if (algorithm.name === 'Ed25519' &&
-            (err === null || err === void 0 ? void 0 : err.name) === 'NotSupportedError' &&
-            (0,_env_js__WEBPACK_IMPORTED_MODULE_0__.isCloudflareWorkers)()) {
-            rest[0] = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };
-            return await _webcrypto_js__WEBPACK_IMPORTED_MODULE_1__["default"].subtle.importKey('jwk', keyData, ...rest);
-        }
-        throw err;
-    }
+    return _webcrypto_js__WEBPACK_IMPORTED_MODULE_0__["default"].subtle.importKey('jwk', keyData, ...rest);
 };
 /* harmony default export */ const __WEBPACK_DEFAULT_EXPORT__ = (parse);
 
@@ -65377,9 +65843,7 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   "default": () => (/* binding */ subtleDsa)
 /* harmony export */ });
-/* harmony import */ var _env_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ./env.js */ "./node_modules/jose/dist/browser/runtime/env.js");
-/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
-
+/* harmony import */ var _util_errors_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ../util/errors.js */ "./node_modules/jose/dist/browser/util/errors.js");
 
 function subtleDsa(alg, algorithm) {
     const hash = `SHA-${alg.slice(-3)}`;
@@ -65401,12 +65865,9 @@ function subtleDsa(alg, algorithm) {
         case 'ES512':
             return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };
         case 'EdDSA':
-            if ((0,_env_js__WEBPACK_IMPORTED_MODULE_0__.isCloudflareWorkers)() && algorithm.name === 'NODE-ED25519') {
-                return { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };
-            }
             return { name: algorithm.name };
         default:
-            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_1__.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+            throw new _util_errors_js__WEBPACK_IMPORTED_MODULE_0__.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
     }
 }