zudoku 0.0.0-f40ea27 → 0.0.0-f42e3678

package/lib/zudoku.auth-openid.js

@@ -1,14 +1,17 @@
-import { j as ne } from "./jsx-runtime-C5mzlN2N.js";
-import { g as Le } from "./invariant-DAFpPywt.js";
-import { C as Ue } from "./ClientOnly-E7hGysn1.js";
-import { j as xe, u as S } from "./hook-Bd0yS8M0.js";
-import { C as Ce, O as re, A as R, a as Ie } from "./errors-CF2X_x5o.js";
-var O = { exports: {} }, je = O.exports, oe;
-function De() {
+import { j as D } from "./jsx-runtime-C5mzlN2N.js";
+import { g as Le } from "./invariant-Bm-FVUQE.js";
+import { E as Ue } from "./index-A5Qdwj1B.js";
+import { C as xe } from "./ClientOnly-E7hGysn1.js";
+import { j as Ce } from "./ZudokuContext-CLl5w57E.js";
+import { C as Ie, O as re, A as R } from "./errors-Cs7hKmdL.js";
+import { C as je, O as Oe } from "./OAuthErrorPage-DJzGiIBt.js";
+import { u as S } from "./hook-DbUCLQNg.js";
+var J = { exports: {} }, De = J.exports, oe;
+function Je() {
   return oe || (oe = 1, function(t) {
     (function(e, n) {
       t.exports ? t.exports = n() : e.log = n();
-    })(je, function() {
+    })(De, function() {
       var e = function() {
       }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
         "trace",
@@ -17,28 +20,28 @@ function De() {
         "warn",
         "error"
       ], r = {}, i = null;
-      function c(l, m) {
-        var u = l[m];
-        if (typeof u.bind == "function")
-          return u.bind(l);
+      function u(l, m) {
+        var c = l[m];
+        if (typeof c.bind == "function")
+          return c.bind(l);
         try {
-          return Function.prototype.bind.call(u, l);
+          return Function.prototype.bind.call(c, l);
         } catch {
           return function() {
-            return Function.prototype.apply.apply(u, [l, arguments]);
+            return Function.prototype.apply.apply(c, [l, arguments]);
           };
         }
       }
-      function f() {
+      function d() {
         console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
       }
       function y(l) {
-        return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? f : console[l] !== void 0 ? c(console, l) : console.log !== void 0 ? c(console, "log") : e;
+        return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? d : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
       }
       function p() {
         for (var l = this.getLevel(), m = 0; m < s.length; m++) {
-          var u = s[m];
-          this[u] = m < l ? e : this.methodFactory(u, l, this.name);
+          var c = s[m];
+          this[c] = m < l ? e : this.methodFactory(c, l, this.name);
         }
         if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
           return "No console available for logging";
@@ -48,14 +51,14 @@ function De() {
           typeof console !== n && (p.call(this), this[l].apply(this, arguments));
         };
       }
-      function b(l, m, u) {
+      function b(l, m, c) {
         return y(l) || k.apply(this, arguments);
       }
       function h(l, m) {
-        var u = this, j, K, L, _ = "loglevel";
+        var c = this, j, H, L, _ = "loglevel";
         typeof l == "string" ? _ += ":" + l : typeof l == "symbol" && (_ = void 0);
-        function Ee(d) {
-          var g = (s[d] || "silent").toUpperCase();
+        function Ee(f) {
+          var g = (s[f] || "silent").toUpperCase();
           if (!(typeof window === n || !_)) {
             try {
               window.localStorage[_] = g;
@@ -68,22 +71,22 @@ function De() {
             }
           }
         }
-        function X() {
-          var d;
+        function ee() {
+          var f;
           if (!(typeof window === n || !_)) {
             try {
-              d = window.localStorage[_];
+              f = window.localStorage[_];
             } catch {
             }
-            if (typeof d === n)
+            if (typeof f === n)
               try {
-                var g = window.document.cookie, D = encodeURIComponent(_), te = g.indexOf(D + "=");
-                te !== -1 && (d = /^([^;]+)/.exec(
-                  g.slice(te + D.length + 1)
+                var g = window.document.cookie, O = encodeURIComponent(_), ne = g.indexOf(O + "=");
+                ne !== -1 && (f = /^([^;]+)/.exec(
+                  g.slice(ne + O.length + 1)
                 )[1]);
               } catch {
               }
-            return u.levels[d] === void 0 && (d = void 0), d;
+            return c.levels[f] === void 0 && (f = void 0), f;
           }
         }
         function Re() {
@@ -98,49 +101,49 @@ function De() {
             }
           }
         }
-        function U(d) {
-          var g = d;
-          if (typeof g == "string" && u.levels[g.toUpperCase()] !== void 0 && (g = u.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= u.levels.SILENT)
+        function U(f) {
+          var g = f;
+          if (typeof g == "string" && c.levels[g.toUpperCase()] !== void 0 && (g = c.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= c.levels.SILENT)
             return g;
-          throw new TypeError("log.setLevel() called with invalid level: " + d);
+          throw new TypeError("log.setLevel() called with invalid level: " + f);
         }
-        u.name = l, u.levels = {
+        c.name = l, c.levels = {
           TRACE: 0,
           DEBUG: 1,
           INFO: 2,
           WARN: 3,
           ERROR: 4,
           SILENT: 5
-        }, u.methodFactory = m || b, u.getLevel = function() {
-          return L ?? K ?? j;
-        }, u.setLevel = function(d, g) {
-          return L = U(d), g !== !1 && Ee(L), p.call(u);
-        }, u.setDefaultLevel = function(d) {
-          K = U(d), X() || u.setLevel(d, !1);
-        }, u.resetLevel = function() {
-          L = null, Re(), p.call(u);
-        }, u.enableAll = function(d) {
-          u.setLevel(u.levels.TRACE, d);
-        }, u.disableAll = function(d) {
-          u.setLevel(u.levels.SILENT, d);
-        }, u.rebuild = function() {
-          if (i !== u && (j = U(i.getLevel())), p.call(u), i === u)
-            for (var d in r)
-              r[d].rebuild();
+        }, c.methodFactory = m || b, c.getLevel = function() {
+          return L ?? H ?? j;
+        }, c.setLevel = function(f, g) {
+          return L = U(f), g !== !1 && Ee(L), p.call(c);
+        }, c.setDefaultLevel = function(f) {
+          H = U(f), ee() || c.setLevel(f, !1);
+        }, c.resetLevel = function() {
+          L = null, Re(), p.call(c);
+        }, c.enableAll = function(f) {
+          c.setLevel(c.levels.TRACE, f);
+        }, c.disableAll = function(f) {
+          c.setLevel(c.levels.SILENT, f);
+        }, c.rebuild = function() {
+          if (i !== c && (j = U(i.getLevel())), p.call(c), i === c)
+            for (var f in r)
+              r[f].rebuild();
         }, j = U(
           i ? i.getLevel() : "WARN"
         );
-        var ee = X();
-        ee != null && (L = U(ee)), p.call(u);
+        var te = ee();
+        te != null && (L = U(te)), p.call(c);
       }
       i = new h(), i.getLogger = function(m) {
         if (typeof m != "symbol" && typeof m != "string" || m === "")
           throw new TypeError("You must supply a name when creating a logger.");
-        var u = r[m];
-        return u || (u = r[m] = new h(
+        var c = r[m];
+        return c || (c = r[m] = new h(
           m,
           i.methodFactory
-        )), u;
+        )), c;
       };
       var P = typeof window !== n ? window.log : void 0;
       return i.noConflict = function() {
@@ -149,13 +152,13 @@ function De() {
         return r;
       }, i.default = i, i;
     });
-  }(O)), O.exports;
+  }(J)), J.exports;
 }
-var Oe = De();
-const ie = /* @__PURE__ */ Le(Oe);
-let M;
-(typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (M = "oauth4webapi/v2.17.0");
-function q(t, e) {
+var ze = Je();
+const ie = /* @__PURE__ */ Le(ze);
+let B;
+(typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (B = "oauth4webapi/v2.17.0");
+function V(t, e) {
   if (t == null)
     return !1;
   try {
@@ -164,19 +167,19 @@ function q(t, e) {
     return !1;
   }
 }
-const z = Symbol(), Je = Symbol(), V = Symbol(), ze = Symbol(), Ne = Symbol(), We = Symbol(), Ke = new TextEncoder(), He = new TextDecoder();
+const N = Symbol(), Ne = Symbol(), G = Symbol(), We = Symbol(), Ke = Symbol(), He = Symbol(), $e = new TextEncoder(), Fe = new TextDecoder();
 function E(t) {
-  return typeof t == "string" ? Ke.encode(t) : He.decode(t);
+  return typeof t == "string" ? $e.encode(t) : Fe.decode(t);
 }
 const se = 32768;
-function $e(t) {
+function Me(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
   for (let n = 0; n < t.byteLength; n += se)
     e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function Fe(t) {
+function Be(t) {
   try {
     const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
     for (let o = 0; o < e.length; o++)
@@ -187,9 +190,9 @@ function Fe(t) {
   }
 }
 function A(t) {
-  return typeof t == "string" ? Fe(t) : $e(t);
+  return typeof t == "string" ? Be(t) : Me(t);
 }
-class Me {
+class qe {
   constructor(e) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
@@ -218,22 +221,22 @@ class v extends Error {
     super(e ?? "operation not supported"), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
   }
 }
-class Be extends Error {
+class Ve extends Error {
   constructor(e, n) {
     super(e, n), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
   }
 }
-const a = Be, we = new Me(100);
+const a = Ve, we = new qe(100);
 function me(t) {
   return t instanceof CryptoKey;
 }
-function qe(t) {
+function Ge(t) {
   return me(t) && t.type === "private";
 }
-function Ve(t) {
+function Ye(t) {
   return me(t) && t.type === "public";
 }
-function G(t) {
+function Y(t) {
   try {
     const e = t.headers.get("dpop-nonce");
     e && we.set(new URL(t.url).origin, e);
@@ -244,21 +247,21 @@ function G(t) {
 function x(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function N(t) {
-  q(t, Headers) && (t = Object.fromEntries(t.entries()));
+function W(t) {
+  V(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (M && !e.has("user-agent") && e.set("user-agent", M), e.has("authorization"))
+  if (B && !e.has("user-agent") && e.set("user-agent", B), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function Ge(t) {
+function Ze(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
 }
-async function Ye(t, e) {
+async function Qe(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
@@ -275,25 +278,25 @@ async function Ye(t, e) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const o = N(e?.headers);
-  return o.set("accept", "application/json"), (e?.[V] || fetch)(n.href, {
+  const o = W(e?.headers);
+  return o.set("accept", "application/json"), (e?.[G] || fetch)(n.href, {
     headers: Object.fromEntries(o.entries()),
     method: "GET",
     redirect: "manual",
     signal: null
-  }).then(G);
+  }).then(Y);
 }
 function w(t) {
   return typeof t == "string" && t.length !== 0;
 }
-async function Ze(t, e) {
+async function Xe(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!q(e, Response))
+  if (!V(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  Q(e);
+  X(e);
   let n;
   try {
     n = await e.json();
@@ -308,16 +311,16 @@ async function Ze(t, e) {
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
   return n;
 }
-function Y() {
+function Z() {
   return A(crypto.getRandomValues(new Uint8Array(32)));
 }
-function Qe() {
-  return Y();
+function et() {
+  return Z();
 }
-function Xe() {
-  return Y();
+function tt() {
+  return Z();
 }
-async function et(t) {
+async function nt(t) {
   if (!w(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   return A(await crypto.subtle.digest("SHA-256", E(t)));
@@ -325,11 +328,11 @@ async function et(t) {
 function ae(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function tt(t, e) {
+function rt(t, e) {
   const n = ae(t), o = ae(e);
   return `Basic ${btoa(`${n}:${o}`)}`;
 }
-function nt(t) {
+function ot(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -341,7 +344,7 @@ function nt(t) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function rt(t) {
+function it(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -353,7 +356,7 @@ function rt(t) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function ot(t) {
+function st(t) {
   switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -365,14 +368,14 @@ function ot(t) {
       throw new v("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function it(t) {
+function at(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
-      return nt(t);
+      return ot(t);
     case "RSASSA-PKCS1-v1_5":
-      return rt(t);
+      return it(t);
     case "ECDSA":
-      return ot(t);
+      return st(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -380,15 +383,15 @@ function it(t) {
       throw new v("unsupported CryptoKey algorithm name");
   }
 }
-function W(t) {
-  const e = t?.[z];
+function K(t) {
+  const e = t?.[N];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
 function ge(t) {
-  const e = t?.[Je];
+  const e = t?.[Ne];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
-function Z() {
+function Q() {
   return Math.floor(Date.now() / 1e3);
 }
 function C(t) {
@@ -414,11 +417,11 @@ function ue(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function st(t, e, n, o, s) {
+async function ct(t, e, n, o, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      o.set("authorization", tt(e.client_id, ce(e.client_secret)));
+      o.set("authorization", rt(e.client_id, ce(e.client_secret)));
       break;
     }
     case "client_secret_post": {
@@ -437,43 +440,43 @@ async function st(t, e, n, o, s) {
       throw new v("unsupported client token_endpoint_auth_method");
   }
 }
-async function at(t, e, n) {
+async function ut(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
   const o = `${A(E(JSON.stringify(t)))}.${A(E(JSON.stringify(e)))}`, s = A(await crypto.subtle.sign(Ae(n), n, E(o)));
   return `${o}.${s}`;
 }
-async function ct(t, e, n, o, s, r) {
-  const { privateKey: i, publicKey: c, nonce: f = we.get(n.origin) } = e;
-  if (!qe(i))
+async function lt(t, e, n, o, s, r) {
+  const { privateKey: i, publicKey: u, nonce: d = we.get(n.origin) } = e;
+  if (!Ge(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!Ve(c))
+  if (!Ye(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
-  if (f !== void 0 && !w(f))
+  if (d !== void 0 && !w(d))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
-  if (!c.extractable)
+  if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const y = Z() + s, p = {
-    alg: it(i),
+  const y = Q() + s, p = {
+    alg: at(i),
     typ: "dpop+jwt",
-    jwk: await lt(c)
+    jwk: await ft(u)
   }, k = {
     iat: y,
-    jti: Y(),
+    jti: Z(),
     htm: o,
-    nonce: f,
+    nonce: d,
     htu: `${n.origin}${n.pathname}`,
     ath: r ? A(await crypto.subtle.digest("SHA-256", E(r))) : void 0
   };
-  e[ze]?.(p, k), t.set("dpop", await at(p, k, i));
+  e[We]?.(p, k), t.set("dpop", await ut(p, k, i));
 }
-let J;
-async function ut(t) {
-  const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), c = { kty: e, e: n, n: o, x: s, y: r, crv: i };
-  return J.set(t, c), c;
+let z;
+async function dt(t) {
+  const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: o, x: s, y: r, crv: i };
+  return z.set(t, u), u;
 }
-async function lt(t) {
-  return J || (J = /* @__PURE__ */ new WeakMap()), J.get(t) || ut(t);
+async function ft(t) {
+  return z || (z = /* @__PURE__ */ new WeakMap()), z.get(t) || dt(t);
 }
 function le(t, e, n) {
   if (typeof t != "string")
@@ -484,47 +487,47 @@ function ye(t, e, n = !1) {
   return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? le(t.mtls_endpoint_aliases[e], e, n) : le(t[e], e, n);
 }
 function be(t, e) {
-  return !!(t.use_mtls_endpoint_aliases || e?.[We]);
+  return !!(t.use_mtls_endpoint_aliases || e?.[He]);
 }
-function B(t) {
+function q(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function dt(t, e, n, o, s, r) {
+async function ht(t, e, n, o, s, r) {
   if (!w(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = N(o), r?.DPoP === void 0 ? o.set("authorization", `Bearer ${t}`) : (await ct(o, r.DPoP, n, e.toUpperCase(), W({ [z]: r?.[z] }), t), o.set("authorization", `DPoP ${t}`)), (r?.[V] || fetch)(n.href, {
+  return o = W(o), r?.DPoP === void 0 ? o.set("authorization", `Bearer ${t}`) : (await lt(o, r.DPoP, n, e.toUpperCase(), K({ [N]: r?.[N] }), t), o.set("authorization", `DPoP ${t}`)), (r?.[G] || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: r?.signal ? Ge(r.signal) : null
-  }).then(G);
+    signal: r?.signal ? Ze(r.signal) : null
+  }).then(Y);
 }
-async function ht(t, e, n, o) {
+async function pt(t, e, n, o) {
   C(t), I(e);
-  const s = ye(t, "userinfo_endpoint", be(e, o)), r = N(o?.headers);
-  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), dt(n, "GET", s, r, null, {
+  const s = ye(t, "userinfo_endpoint", be(e, o)), r = W(o?.headers);
+  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), ht(n, "GET", s, r, null, {
     ...o,
-    [z]: W(e)
+    [N]: K(e)
   });
 }
-async function ft(t, e, n, o, s, r, i) {
-  return await st(t, e, s, r), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), (i?.[V] || fetch)(o.href, {
+async function wt(t, e, n, o, s, r, i) {
+  return await ct(t, e, s, r), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), (i?.[G] || fetch)(o.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: n,
     redirect: "manual",
     signal: null
-  }).then(G);
+  }).then(Y);
 }
 async function _e(t, e, n, o, s) {
   const r = ye(t, "token_endpoint", be(e, s));
   o.set("grant_type", n);
-  const i = N(s?.headers);
-  return i.set("accept", "application/json"), ft(t, e, "POST", r, o, i, s);
+  const i = W(s?.headers);
+  return i.set("accept", "application/json"), wt(t, e, "POST", r, o, i, s);
 }
 async function de(t, e, n, o) {
   if (C(t), I(e), !w(n))
@@ -533,7 +536,7 @@ async function de(t, e, n, o) {
   return s.set("refresh_token", n), _e(t, e, "refresh_token", s, o);
 }
 const ve = /* @__PURE__ */ new WeakMap();
-function pt(t) {
+function mt(t) {
   if (!t.id_token)
     return;
   const e = ve.get(t);
@@ -542,15 +545,15 @@ function pt(t) {
   return e[0];
 }
 async function Se(t, e, n, o = !1, s = !1) {
-  if (C(t), I(e), !q(n, Response))
+  if (C(t), I(e), !V(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await Tt(n))
+    if (i = await kt(n))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  Q(n);
+  X(n);
   let r;
   try {
     r = await n.json();
@@ -575,7 +578,7 @@ async function Se(t, e, n, o = !1, s = !1) {
     if (r.id_token !== void 0 && !w(r.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i, jwt: c } = await Et(r.id_token, Rt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, W(e), ge(e), e[Ne]).then(_t.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(mt.bind(void 0, t.issuer)).then(wt.bind(void 0, e.client_id));
+      const { claims: i, jwt: u } = await Pt(r.id_token, Lt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, K(e), ge(e), e[Ke]).then(St.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(yt.bind(void 0, t.issuer)).then(gt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1) {
         if (i.azp === void 0)
           throw new a('ID Token "aud" (audience) claim includes additional untrusted audiences');
@@ -584,15 +587,15 @@ async function Se(t, e, n, o = !1, s = !1) {
       }
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      ve.set(r, [i, c]);
+      ve.set(r, [i, u]);
     }
   }
   return r;
 }
-async function he(t, e, n) {
+async function fe(t, e, n) {
   return Se(t, e, n);
 }
-function wt(t, e) {
+function gt(t, e) {
   if (Array.isArray(e.claims.aud)) {
     if (!e.claims.aud.includes(t))
       throw new a('unexpected JWT "aud" (audience) claim value');
@@ -600,16 +603,16 @@ function wt(t, e) {
     throw new a('unexpected JWT "aud" (audience) claim value');
   return e;
 }
-function mt(t, e) {
+function yt(t, e) {
   if (e.claims.iss !== t)
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
 const Te = /* @__PURE__ */ new WeakSet();
-function gt(t) {
+function bt(t) {
   return Te.add(t), t;
 }
-async function yt(t, e, n, o, s, r) {
+async function _t(t, e, n, o, s, r) {
   if (C(t), I(e), !Te.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!w(o))
@@ -619,10 +622,10 @@ async function yt(t, e, n, o, s, r) {
   const i = T(n, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
-  const c = new URLSearchParams(r?.additionalParameters);
-  return c.set("redirect_uri", o), c.set("code_verifier", s), c.set("code", i), _e(t, e, "authorization_code", c, r);
+  const u = new URLSearchParams(r?.additionalParameters);
+  return u.set("redirect_uri", o), u.set("code_verifier", s), u.set("code", i), _e(t, e, "authorization_code", u, r);
 }
-const bt = {
+const vt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -638,33 +641,33 @@ const bt = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function _t(t, e) {
+function St(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${bt[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${vt[n]}) claim missing`);
   return e;
 }
-const vt = Symbol(), H = Symbol();
-async function St(t, e, n, o, s) {
+const Tt = Symbol(), $ = Symbol();
+async function At(t, e, n, o, s) {
   const r = await Se(t, e, n);
-  if (B(r))
+  if (q(r))
     return r;
   if (!w(r.id_token))
     throw new a('"response" body "id_token" property must be a non-empty string');
-  s ?? (s = e.default_max_age ?? H);
-  const i = pt(r);
-  if ((e.require_auth_time || s !== H) && i.auth_time === void 0)
+  s ?? (s = e.default_max_age ?? $);
+  const i = mt(r);
+  if ((e.require_auth_time || s !== $) && i.auth_time === void 0)
     throw new a('ID Token "auth_time" (authentication time) claim missing');
-  if (s !== H) {
+  if (s !== $) {
     if (typeof s != "number" || s < 0)
       throw new TypeError('"maxAge" must be a non-negative number');
-    const c = Z() + W(e), f = ge(e);
-    if (i.auth_time + s < c - f)
+    const u = Q() + K(e), d = ge(e);
+    if (i.auth_time + s < u - d)
       throw new a("too much time has elapsed since the last End-User authentication");
   }
   switch (o) {
     case void 0:
-    case vt:
+    case Tt:
       if (i.nonce !== void 0)
         throw new a('unexpected ID Token "nonce" claim value');
       break;
@@ -678,13 +681,13 @@ async function St(t, e, n, o, s) {
   }
   return r;
 }
-function Q(t) {
+function X(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function Tt(t) {
+async function kt(t) {
   if (t.status > 399 && t.status < 500) {
-    Q(t);
+    X(t);
     try {
       const e = await t.json();
       if (x(e) && typeof e.error == "string" && e.error.length)
@@ -693,11 +696,11 @@ async function Tt(t) {
     }
   }
 }
-function fe(t) {
+function he(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function At(t) {
+function Et(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -714,10 +717,10 @@ function Ae(t) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: At(t.algorithm.namedCurve)
+        hash: Et(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (fe(t.algorithm), t.algorithm.hash.name) {
+      switch (he(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
@@ -729,7 +732,7 @@ function Ae(t) {
           throw new v();
       }
     case "RSASSA-PKCS1-v1_5":
-      return fe(t.algorithm), t.algorithm.name;
+      return he(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
       return t.algorithm.name;
@@ -737,16 +740,16 @@ function Ae(t) {
   throw new v();
 }
 const ke = Symbol();
-async function kt(t, e, n, o) {
+async function Rt(t, e, n, o) {
   const s = `${t}.${e}`;
   if (!await crypto.subtle.verify(Ae(n), n, o, E(s)))
     throw new a("JWT signature verification failed");
 }
-async function Et(t, e, n, o, s, r) {
-  let { 0: i, 1: c, 2: f, length: y } = t.split(".");
+async function Pt(t, e, n, o, s, r) {
+  let { 0: i, 1: u, 2: d, length: y } = t.split(".");
   if (y === 5)
     if (r !== void 0)
-      t = await r(t), { 0: i, 1: c, 2: f, length: y } = t.split(".");
+      t = await r(t), { 0: i, 1: u, 2: d, length: y } = t.split(".");
     else
       throw new v("JWE structure JWTs are not supported");
   if (y !== 3)
@@ -761,18 +764,18 @@ async function Et(t, e, n, o, s, r) {
     throw new a("JWT Header must be a top level object");
   if (e(p), p.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const k = A(f);
+  const k = A(d);
   let b;
-  n !== ke && (b = await n(p), await kt(i, c, b, k));
+  n !== ke && (b = await n(p), await Rt(i, u, b, k));
   let h;
   try {
-    h = JSON.parse(E(A(c)));
+    h = JSON.parse(E(A(u)));
   } catch (l) {
     throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: l });
   }
   if (!x(h))
     throw new a("JWT Payload must be a top level object");
-  const P = Z() + o;
+  const P = Q() + o;
   if (h.exp !== void 0) {
     if (typeof h.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
@@ -793,7 +796,7 @@ async function Et(t, e, n, o, s, r) {
     throw new a('unexpected JWT "aud" (audience) claim type');
   return { header: p, claims: h, signature: k, key: b, jwt: t };
 }
-function Rt(t, e, n) {
+function Lt(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
@@ -813,8 +816,8 @@ function T(t, e) {
     throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
-const Pt = Symbol(), Lt = Symbol();
-function Ut(t, e, n, o) {
+const Ut = Symbol(), xt = Symbol();
+function Ct(t, e, n, o) {
   if (C(t), I(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
   if (T(n, "response"))
@@ -826,11 +829,11 @@ function Ut(t, e, n, o) {
     throw new a('unexpected "iss" (issuer) response parameter value');
   switch (o) {
     case void 0:
-    case Lt:
+    case xt:
       if (r !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case Pt:
+    case Ut:
       break;
     default:
       if (!w(o))
@@ -847,13 +850,13 @@ function Ut(t, e, n, o) {
       error_description: T(n, "error_description"),
       error_uri: T(n, "error_uri")
     };
-  const c = T(n, "id_token"), f = T(n, "token");
-  if (c !== void 0 || f !== void 0)
+  const u = T(n, "id_token"), d = T(n, "token");
+  if (u !== void 0 || d !== void 0)
     throw new v("implicit and hybrid flows are not supported");
-  return gt(new URLSearchParams(n));
+  return bt(new URLSearchParams(n));
 }
-const $ = "code-verifier", F = "oauth-state", pe = "/oauth/callback";
-class xt extends Ce {
+const F = "code-verifier", M = "oauth-state", pe = "/oauth/callback";
+class It extends Ie {
   client;
   issuer;
   authorizationServer;
@@ -871,18 +874,18 @@ class xt extends Ce {
     redirectToAfterSignUp: s,
     redirectToAfterSignIn: r,
     redirectToAfterSignOut: i = "/",
-    basePath: c,
-    scopes: f
+    basePath: u,
+    scopes: d
   }) {
     super(), this.client = {
       client_id: o,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.callbackUrlPath = xe(c, pe), this.scopes = f ?? ["openid", "profile", "email"], this.redirectToAfterSignUp = s, this.redirectToAfterSignIn = r, this.redirectToAfterSignOut = i;
+    }, this.audience = n, this.issuer = e, this.callbackUrlPath = Ce(u, pe), this.scopes = d ?? ["openid", "profile", "email"], this.redirectToAfterSignUp = s, this.redirectToAfterSignIn = r, this.redirectToAfterSignOut = i;
   }
   async getAuthServer() {
     if (!this.authorizationServer) {
-      const e = new URL(this.issuer), n = await Ye(e);
-      this.authorizationServer = await Ze(
+      const e = new URL(this.issuer), n = await Qe(e);
+      this.authorizationServer = await Xe(
         e,
         n
       );
@@ -894,7 +897,7 @@ class xt extends Ce {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (B(e))
+    if (q(e))
       throw ie.error("Bad Token Response", e), new re("Bad Token Response", e);
     if (!e.expires_in)
       throw new R("No expires_in in response");
@@ -909,40 +912,49 @@ class xt extends Ce {
       providerData: n
     });
   }
-  async signUp({ redirectTo: e } = {}) {
+  async signUp({
+    redirectTo: e,
+    replace: n = !1
+  } = {}) {
     return this.authorize({
       redirectTo: this.redirectToAfterSignUp ?? e ?? "/",
+      replace: n,
       isSignUp: !0
     });
   }
-  async signIn({ redirectTo: e } = {}) {
+  async signIn({
+    redirectTo: e,
+    replace: n = !1
+  } = {}) {
     return this.authorize({
-      redirectTo: this.redirectToAfterSignIn ?? e ?? "/"
+      redirectTo: this.redirectToAfterSignIn ?? e ?? "/",
+      replace: n
     });
   }
   async authorize({
     redirectTo: e,
-    isSignUp: n = !1
+    isSignUp: n = !1,
+    replace: o = !1
   }) {
-    const o = "S256", s = await this.getAuthServer();
-    if (!s.authorization_endpoint)
+    const s = "S256", r = await this.getAuthServer();
+    if (!r.authorization_endpoint)
       throw new R("No authorization endpoint");
-    const r = Qe(), i = await et(r);
-    sessionStorage.setItem($, r);
-    const c = new URL(
-      s.authorization_endpoint
+    const i = et(), u = await nt(i);
+    sessionStorage.setItem(F, i);
+    const d = new URL(
+      r.authorization_endpoint
     );
     sessionStorage.setItem("redirect-to", e);
-    const f = new URL(window.location.origin);
-    f.pathname = this.callbackUrlPath, f.search = "", c.searchParams.set("client_id", this.client.client_id), c.searchParams.set("redirect_uri", f.toString()), c.searchParams.set("response_type", "code"), c.searchParams.set("scope", this.scopes.join(" ")), c.searchParams.set("code_challenge", i), c.searchParams.set(
+    const y = new URL(window.location.origin);
+    y.pathname = this.callbackUrlPath, y.search = "", d.searchParams.set("client_id", this.client.client_id), d.searchParams.set("redirect_uri", y.toString()), d.searchParams.set("response_type", "code"), d.searchParams.set("scope", this.scopes.join(" ")), d.searchParams.set("code_challenge", u), d.searchParams.set(
       "code_challenge_method",
-      o
-    ), this.audience && c.searchParams.set("audience", this.audience), this.onAuthorizationUrl?.(c, {
+      s
+    ), this.audience && d.searchParams.set("audience", this.audience), this.onAuthorizationUrl?.(d, {
       isSignIn: !n,
       isSignUp: n
     });
-    const y = Xe();
-    sessionStorage.setItem(F, y), c.searchParams.set("state", y), location.href = c.href;
+    const p = tt();
+    sessionStorage.setItem(M, p), d.searchParams.set("state", p), o ? location.replace(d.href) : location.href = d.href;
   }
   async getAccessToken() {
     const e = await this.getAuthServer(), { providerData: n } = S.getState();
@@ -961,7 +973,7 @@ class xt extends Ce {
         e,
         this.client,
         o.refreshToken
-      ), r = await he(
+      ), r = await fe(
         e,
         this.client,
         s
@@ -1015,7 +1027,7 @@ class xt extends Ce {
           o,
           this.client,
           n.refreshToken
-        ), r = await he(
+        ), r = await fe(
           o,
           this.client,
           s
@@ -1036,38 +1048,38 @@ class xt extends Ce {
     S.setState({ isPending: !1 });
   };
   handleCallback = async () => {
-    const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(F);
-    if (sessionStorage.removeItem(F), n !== o)
+    const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(M);
+    if (sessionStorage.removeItem(M), n !== o)
       throw new R("Invalid state parameter");
-    const s = sessionStorage.getItem($);
-    if (sessionStorage.removeItem($), !s)
+    const s = sessionStorage.getItem(F);
+    if (sessionStorage.removeItem(F), !s)
       throw new R("No code verifier found in state.");
-    const r = await this.getAuthServer(), i = Ut(
+    const r = await this.getAuthServer(), i = Ct(
       r,
       this.client,
       e.searchParams,
       n ?? void 0
     );
-    if (B(i))
+    if (q(i))
       throw ie.error("Error validating OAuth response", i), new re(
         "Error validating OAuth response",
         i
       );
-    const c = new URL(e);
-    c.pathname = this.callbackUrlPath, c.search = "";
-    const f = await yt(
+    const u = new URL(e);
+    u.pathname = this.callbackUrlPath, u.search = "";
+    const d = await _t(
       r,
       this.client,
       i,
-      c.toString(),
+      u.toString(),
       s
-    ), y = await St(
+    ), y = await At(
       r,
       this.client,
-      f
+      d
     );
     this.setTokensFromResponse(y);
-    const p = await this.getAccessToken(), b = await (await ht(
+    const p = await this.getAccessToken(), b = await (await pt(
       r,
       this.client,
       p
@@ -1091,15 +1103,21 @@ class xt extends Ce {
       ...super.getRoutes(),
       {
         path: pe,
-        element: /* @__PURE__ */ ne.jsx(Ue, { children: /* @__PURE__ */ ne.jsx(Ie, { handleCallback: this.handleCallback }) })
+        element: /* @__PURE__ */ D.jsx(xe, { children: /* @__PURE__ */ D.jsx(
+          Ue,
+          {
+            fallbackRender: ({ error: e }) => /* @__PURE__ */ D.jsx(Oe, { error: e }),
+            children: /* @__PURE__ */ D.jsx(je, { handleCallback: this.handleCallback })
+          }
+        ) })
       }
     ];
   }
 }
-const Jt = (t) => new xt(t);
+const Ht = (t) => new It(t);
 export {
   pe as OPENID_CALLBACK_PATH,
-  xt as OpenIDAuthenticationProvider,
-  Jt as default
+  It as OpenIDAuthenticationProvider,
+  Ht as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map