zudoku 0.23.3 → 0.23.4

package/lib/zudoku.auth-openid.js

@@ -1,10 +1,10 @@
 var je = Object.defineProperty;
 var Je = (t, e, n) => e in t ? je(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var b = (t, e, n) => Je(t, typeof e != "symbol" ? e + "" : e, n);
+var _ = (t, e, n) => Je(t, typeof e != "symbol" ? e + "" : e, n);
 import { j as we } from "./jsx-runtime-Dx-03ztt.js";
 import { g as Oe } from "./_commonjsHelpers-BkfeUUK-.js";
-import { A as ze } from "./AuthenticationPlugin-DQy635W9.js";
-import { g as De } from "./utils-R0j3Raw1.js";
+import { A as ze } from "./AuthenticationPlugin-fB7viE7A.js";
+import { u as De } from "./utils-B4O1uet5.js";
 import { N as Ne } from "./chunk-D52XG6IA-Dl7HLe6j.js";
 import { Z as Ke } from "./invariant-Caa8-XvF.js";
 import { u as L } from "./state-CFQsUZUP.js";
@@ -22,8 +22,8 @@ function He() {
         "warn",
         "error"
       ], r = {}, i = null;
-      function c(l, g) {
-        var u = l[g];
+      function c(l, m) {
+        var u = l[m];
         if (typeof u.bind == "function")
           return u.bind(l);
         try {
@@ -37,13 +37,13 @@ function He() {
       function p() {
         console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
       }
-      function _(l) {
+      function b(l) {
         return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? p : console[l] !== void 0 ? c(console, l) : console.log !== void 0 ? c(console, "log") : e;
       }
       function f() {
-        for (var l = this.getLevel(), g = 0; g < a.length; g++) {
-          var u = a[g];
-          this[u] = g < l ? e : this.methodFactory(u, l, this.name);
+        for (var l = this.getLevel(), m = 0; m < a.length; m++) {
+          var u = a[m];
+          this[u] = m < l ? e : this.methodFactory(u, l, this.name);
         }
         if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
           return "No console available for logging";
@@ -53,22 +53,22 @@ function He() {
           typeof console !== n && (f.call(this), this[l].apply(this, arguments));
         };
       }
-      function T(l, g, u) {
-        return _(l) || y.apply(this, arguments);
+      function T(l, m, u) {
+        return b(l) || y.apply(this, arguments);
       }
-      function h(l, g) {
+      function h(l, m) {
         var u = this, O, M, R, v = "loglevel";
         typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
         function xe(d) {
-          var m = (a[d] || "silent").toUpperCase();
+          var g = (a[d] || "silent").toUpperCase();
           if (!(typeof window === n || !v)) {
             try {
-              window.localStorage[v] = m;
+              window.localStorage[v] = g;
               return;
             } catch {
             }
             try {
-              window.document.cookie = encodeURIComponent(v) + "=" + m + ";";
+              window.document.cookie = encodeURIComponent(v) + "=" + g + ";";
             } catch {
             }
           }
@@ -82,9 +82,9 @@ function He() {
             }
             if (typeof d === n)
               try {
-                var m = window.document.cookie, z = encodeURIComponent(v), oe = m.indexOf(z + "=");
+                var g = window.document.cookie, z = encodeURIComponent(v), oe = g.indexOf(z + "=");
                 oe !== -1 && (d = /^([^;]+)/.exec(
-                  m.slice(oe + z.length + 1)
+                  g.slice(oe + z.length + 1)
                 )[1]);
               } catch {
               }
@@ -104,9 +104,9 @@ function He() {
           }
         }
         function U(d) {
-          var m = d;
-          if (typeof m == "string" && u.levels[m.toUpperCase()] !== void 0 && (m = u.levels[m.toUpperCase()]), typeof m == "number" && m >= 0 && m <= u.levels.SILENT)
-            return m;
+          var g = d;
+          if (typeof g == "string" && u.levels[g.toUpperCase()] !== void 0 && (g = u.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= u.levels.SILENT)
+            return g;
           throw new TypeError("log.setLevel() called with invalid level: " + d);
         }
         u.name = l, u.levels = {
@@ -116,10 +116,10 @@ function He() {
           WARN: 3,
           ERROR: 4,
           SILENT: 5
-        }, u.methodFactory = g || T, u.getLevel = function() {
+        }, u.methodFactory = m || T, u.getLevel = function() {
           return R ?? M ?? O;
-        }, u.setLevel = function(d, m) {
-          return R = U(d), m !== !1 && xe(R), f.call(u);
+        }, u.setLevel = function(d, g) {
+          return R = U(d), g !== !1 && xe(R), f.call(u);
         }, u.setDefaultLevel = function(d) {
           M = U(d), ne() || u.setLevel(d, !1);
         }, u.resetLevel = function() {
@@ -138,12 +138,12 @@ function He() {
         var re = ne();
         re != null && (R = U(re)), f.call(u);
       }
-      i = new h(), i.getLogger = function(g) {
-        if (typeof g != "symbol" && typeof g != "string" || g === "")
+      i = new h(), i.getLogger = function(m) {
+        if (typeof m != "symbol" && typeof m != "string" || m === "")
           throw new TypeError("You must supply a name when creating a logger.");
-        var u = r[g];
-        return u || (u = r[g] = new h(
-          g,
+        var u = r[m];
+        return u || (u = r[m] = new h(
+          m,
           i.methodFactory
         )), u;
       };
@@ -170,7 +170,7 @@ function Y(t, e) {
     return !1;
   }
 }
-const W = Symbol(), Fe = Symbol(), Q = Symbol(), ge = Symbol(), Me = Symbol(), qe = Symbol(), Be = new TextEncoder(), Ve = new TextDecoder();
+const W = Symbol(), Fe = Symbol(), Q = Symbol(), me = Symbol(), Me = Symbol(), qe = Symbol(), Be = new TextEncoder(), Ve = new TextDecoder();
 function E(t) {
   return typeof t == "string" ? Be.encode(t) : Ve.decode(t);
 }
@@ -231,11 +231,11 @@ class Qe extends Error {
     super(e, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-const s = Qe, me = new Ye(100);
+const s = Qe, ge = new Ye(100);
 function ye(t) {
   return t instanceof CryptoKey;
 }
-function be(t) {
+function _e(t) {
   return ye(t) && t.type === "private";
 }
 function Xe(t) {
@@ -244,7 +244,7 @@ function Xe(t) {
 function X(t) {
   try {
     const e = t.headers.get("dpop-nonce");
-    e && me.set(new URL(t.url).origin, e);
+    e && ge.set(new URL(t.url).origin, e);
   } catch {
   }
   return t;
@@ -340,7 +340,7 @@ function it(t) {
   return {
     key: t.key,
     kid: t.kid,
-    modifyAssertion: t[ge]
+    modifyAssertion: t[me]
   };
 }
 function ce(t) {
@@ -386,7 +386,7 @@ function ut(t) {
       throw new S("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function _e(t) {
+function be(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
       return st(t);
@@ -425,7 +425,7 @@ function lt(t, e) {
   };
 }
 async function dt(t, e, n, o, a) {
-  const r = { alg: _e(n), kid: o }, i = lt(t, e);
+  const r = { alg: be(n), kid: o }, i = lt(t, e);
   return a == null || a(r, i), Se(r, i, n);
 }
 function I(t) {
@@ -470,7 +470,7 @@ async function ht(t, e, n, o, a) {
       if (le("private_key_jwt", e.client_secret), a === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
       const { key: r, kid: i, modifyAssertion: c } = it(a);
-      if (!be(r))
+      if (!_e(r))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
       n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await dt(t, e, r, i, c));
       break;
@@ -493,8 +493,8 @@ async function Se(t, e, n) {
 }
 async function ft(t, e, n, o, a, r) {
   var T;
-  const { privateKey: i, publicKey: c, nonce: p = me.get(n.origin) } = e;
-  if (!be(i))
+  const { privateKey: i, publicKey: c, nonce: p = ge.get(n.origin) } = e;
+  if (!_e(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
   if (!Xe(c))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
@@ -502,19 +502,19 @@ async function ft(t, e, n, o, a, r) {
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!c.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const _ = F() + a, f = {
-    alg: _e(i),
+  const b = F() + a, f = {
+    alg: be(i),
     typ: "dpop+jwt",
     jwk: await wt(c)
   }, y = {
-    iat: _,
+    iat: b,
     jti: $(),
     htm: o,
     nonce: p,
     htu: `${n.origin}${n.pathname}`,
     ath: r ? A(await crypto.subtle.digest("SHA-256", E(r))) : void 0
   };
-  (T = e[ge]) == null || T.call(e, f, y), t.set("dpop", await Se(f, y, i));
+  (T = e[me]) == null || T.call(e, f, y), t.set("dpop", await Se(f, y, i));
 }
 let K;
 async function pt(t) {
@@ -539,7 +539,7 @@ function Z(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function gt(t, e, n, o, a, r) {
+async function mt(t, e, n, o, a, r) {
   if (!w(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
@@ -552,10 +552,10 @@ async function gt(t, e, n, o, a, r) {
     signal: r != null && r.signal ? ee(r.signal) : null
   }).then(X);
 }
-async function mt(t, e, n, o) {
+async function gt(t, e, n, o) {
   I(t), j(e);
   const a = Te(t, "userinfo_endpoint", ke(e, o)), r = H(o == null ? void 0 : o.headers);
-  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), gt(n, "GET", a, r, null, {
+  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), mt(n, "GET", a, r, null, {
     ...o,
     [W]: C(e)
   });
@@ -575,14 +575,14 @@ async function Ae(t, e, n, o, a) {
   const i = H(a == null ? void 0 : a.headers);
   return i.set("accept", "application/json"), yt(t, e, "POST", r, o, i, a);
 }
-async function bt(t, e, n, o) {
+async function _t(t, e, n, o) {
   if (I(t), j(e), !w(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const a = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
   return a.set("refresh_token", n), Ae(t, e, "refresh_token", a, o);
 }
 const Ee = /* @__PURE__ */ new WeakMap();
-function _t(t) {
+function bt(t) {
   if (!t.id_token)
     return;
   const e = Ee.get(t);
@@ -701,7 +701,7 @@ async function Ut(t, e, n, o, a) {
   if (!w(r.id_token))
     throw new s('"response" body "id_token" property must be a non-empty string');
   a ?? (a = e.default_max_age ?? B);
-  const i = _t(r);
+  const i = bt(r);
   if ((e.require_auth_time || a !== B) && i.auth_time === void 0)
     throw new s('ID Token "auth_time" (authentication time) claim missing');
   if (a !== B) {
@@ -792,13 +792,13 @@ async function Ct(t, e, n, o) {
     throw new s("JWT signature verification failed");
 }
 async function It(t, e, n, o, a, r) {
-  let { 0: i, 1: c, 2: p, length: _ } = t.split(".");
-  if (_ === 5)
+  let { 0: i, 1: c, 2: p, length: b } = t.split(".");
+  if (b === 5)
     if (r !== void 0)
-      t = await r(t), { 0: i, 1: c, 2: p, length: _ } = t.split(".");
+      t = await r(t), { 0: i, 1: c, 2: p, length: b } = t.split(".");
     else
       throw new S("JWE structure JWTs are not supported");
-  if (_ !== 3)
+  if (b !== 3)
     throw new s("Invalid JWT");
   let f;
   try {
@@ -952,17 +952,17 @@ class Kt {
     redirectToAfterSignIn: r,
     redirectToAfterSignOut: i
   }) {
-    b(this, "client");
-    b(this, "issuer");
-    b(this, "authorizationServer");
-    b(this, "callbackUrlPath", "/oauth/callback");
-    b(this, "logoutRedirectUrlPath", "/");
-    b(this, "onAuthorizationUrl");
-    b(this, "redirectToAfterSignUp");
-    b(this, "redirectToAfterSignIn");
-    b(this, "redirectToAfterSignOut");
-    b(this, "audience");
-    b(this, "signOut", async () => {
+    _(this, "client");
+    _(this, "issuer");
+    _(this, "authorizationServer");
+    _(this, "callbackUrlPath", "/oauth/callback");
+    _(this, "logoutRedirectUrlPath", "/");
+    _(this, "onAuthorizationUrl");
+    _(this, "redirectToAfterSignUp");
+    _(this, "redirectToAfterSignIn");
+    _(this, "redirectToAfterSignOut");
+    _(this, "audience");
+    _(this, "signOut", async () => {
       L.setState({
         isAuthenticated: !1,
         isPending: !1,
@@ -979,7 +979,7 @@ class Kt {
         n.toString()
       )) : o = n;
     });
-    b(this, "handleCallback", async () => {
+    _(this, "handleCallback", async () => {
       const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(V);
       if (sessionStorage.removeItem(V), !o)
         throw new P("No code verifier found in state.");
@@ -1008,10 +1008,10 @@ class Kt {
         c
       );
       this.setTokensFromResponse(p);
-      const _ = await this.getAccessToken(), y = await (await mt(
+      const b = await this.getAccessToken(), y = await (await gt(
         a,
         this.client,
-        _
+        b
       )).json(), T = {
         sub: y.sub,
         email: y.email,
@@ -1054,6 +1054,7 @@ class Kt {
     const n = {
       accessToken: e.access_token,
       refreshToken: e.refresh_token,
+      idToken: e.id_token,
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
     };
@@ -1076,7 +1077,7 @@ class Kt {
     redirectTo: e,
     isSignUp: n = !1
   }) {
-    var _, f;
+    var b, f;
     const o = "S256", a = await this.getAuthServer();
     if (!a.authorization_endpoint)
       throw new P("No authorization endpoint");
@@ -1090,7 +1091,7 @@ class Kt {
     if (p.pathname = this.callbackUrlPath, p.search = "", c.searchParams.set("client_id", this.client.client_id), c.searchParams.set("redirect_uri", p.toString()), c.searchParams.set("response_type", "code"), c.searchParams.set("scope", "openid profile email"), c.searchParams.set("code_challenge", i), c.searchParams.set(
       "code_challenge_method",
       o
-    ), this.audience && c.searchParams.set("audience", this.audience), (_ = this.onAuthorizationUrl) == null || _.call(this, c, {
+    ), this.audience && c.searchParams.set("audience", this.audience), (b = this.onAuthorizationUrl) == null || b.call(this, c, {
       isSignIn: !n,
       isSignUp: n
     }), ((f = a.code_challenge_methods_supported) == null ? void 0 : f.includes("S256")) !== !0) {
@@ -1112,7 +1113,7 @@ class Kt {
           profile: null,
           providerData: null
         }), "";
-      const a = await bt(
+      const a = await _t(
         e,
         this.client,
         o.refreshToken