zudoku 0.24.0 → 0.25.0

package/lib/zudoku.auth-openid.js

@@ -1,19 +1,20 @@
 var je = Object.defineProperty;
 var Je = (t, e, n) => e in t ? je(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
 var _ = (t, e, n) => Je(t, typeof e != "symbol" ? e + "" : e, n);
-import { j as we } from "./jsx-runtime-Dx-03ztt.js";
+import { j as G } from "./jsx-runtime-Dx-03ztt.js";
 import { g as Oe } from "./_commonjsHelpers-BkfeUUK-.js";
-import { A as ze } from "./AuthenticationPlugin-DVLEc6cm.js";
-import { u as De } from "./ZudokuContext-hmLMUdf2.js";
-import { N as Ne } from "./chunk-D52XG6IA-Dl7HLe6j.js";
-import { Z as Ke } from "./invariant-Caa8-XvF.js";
-import { u as L } from "./state-CFQsUZUP.js";
-var N = { exports: {} }, We = N.exports, ie;
-function He() {
-  return ie || (ie = 1, function(t) {
+import { C as ze } from "./ClientOnly-E7hGysn1.js";
+import { A as De } from "./AuthenticationPlugin-DVLEc6cm.js";
+import { u as Ne } from "./ZudokuContext-hmLMUdf2.js";
+import { N as Ke } from "./chunk-D52XG6IA-Dl7HLe6j.js";
+import { Z as We } from "./invariant-Caa8-XvF.js";
+import { u as x } from "./state-CFQsUZUP.js";
+var N = { exports: {} }, He = N.exports, ae;
+function $e() {
+  return ae || (ae = 1, function(t) {
     (function(e, n) {
       t.exports ? t.exports = n() : e.log = n();
-    })(We, function() {
+    })(He, function() {
       var e = function() {
       }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), a = [
         "trace",
@@ -59,7 +60,7 @@ function He() {
       function h(l, m) {
         var u = this, O, M, R, v = "loglevel";
         typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
-        function xe(d) {
+        function Ce(d) {
           var g = (a[d] || "silent").toUpperCase();
           if (!(typeof window === n || !v)) {
             try {
@@ -73,7 +74,7 @@ function He() {
             }
           }
         }
-        function ne() {
+        function re() {
           var d;
           if (!(typeof window === n || !v)) {
             try {
@@ -82,16 +83,16 @@ function He() {
             }
             if (typeof d === n)
               try {
-                var g = window.document.cookie, z = encodeURIComponent(v), oe = g.indexOf(z + "=");
-                oe !== -1 && (d = /^([^;]+)/.exec(
-                  g.slice(oe + z.length + 1)
+                var g = window.document.cookie, z = encodeURIComponent(v), ie = g.indexOf(z + "=");
+                ie !== -1 && (d = /^([^;]+)/.exec(
+                  g.slice(ie + z.length + 1)
                 )[1]);
               } catch {
               }
             return u.levels[d] === void 0 && (d = void 0), d;
           }
         }
-        function Ce() {
+        function Le() {
           if (!(typeof window === n || !v)) {
             try {
               window.localStorage.removeItem(v);
@@ -119,11 +120,11 @@ function He() {
         }, u.methodFactory = m || T, u.getLevel = function() {
           return R ?? M ?? O;
         }, u.setLevel = function(d, g) {
-          return R = U(d), g !== !1 && xe(R), f.call(u);
+          return R = U(d), g !== !1 && Ce(R), f.call(u);
         }, u.setDefaultLevel = function(d) {
-          M = U(d), ne() || u.setLevel(d, !1);
+          M = U(d), re() || u.setLevel(d, !1);
         }, u.resetLevel = function() {
-          R = null, Ce(), f.call(u);
+          R = null, Le(), f.call(u);
         }, u.enableAll = function(d) {
           u.setLevel(u.levels.TRACE, d);
         }, u.disableAll = function(d) {
@@ -135,8 +136,8 @@ function He() {
         }, O = U(
           i ? i.getLevel() : "WARN"
         );
-        var re = ne();
-        re != null && (R = U(re)), f.call(u);
+        var oe = re();
+        oe != null && (R = U(oe)), f.call(u);
       }
       i = new h(), i.getLogger = function(m) {
         if (typeof m != "symbol" && typeof m != "string" || m === "")
@@ -156,12 +157,12 @@ function He() {
     });
   }(N)), N.exports;
 }
-var $e = He();
-const ae = /* @__PURE__ */ Oe($e);
-let G;
-var D, pe;
-(typeof navigator > "u" || !((pe = (D = navigator.userAgent) == null ? void 0 : D.startsWith) != null && pe.call(D, "Mozilla/5.0 "))) && (G = "oauth4webapi/v2.17.0");
-function Y(t, e) {
+var Fe = $e();
+const se = /* @__PURE__ */ Oe(Fe);
+let Z;
+var D, we;
+(typeof navigator > "u" || !((we = (D = navigator.userAgent) == null ? void 0 : D.startsWith) != null && we.call(D, "Mozilla/5.0 "))) && (Z = "oauth4webapi/v2.17.0");
+function Q(t, e) {
   if (t == null)
     return !1;
   try {
@@ -170,19 +171,19 @@ function Y(t, e) {
     return !1;
   }
 }
-const W = Symbol(), Fe = Symbol(), Q = Symbol(), me = Symbol(), Me = Symbol(), qe = Symbol(), Be = new TextEncoder(), Ve = new TextDecoder();
+const W = Symbol(), Me = Symbol(), X = Symbol(), me = Symbol(), qe = Symbol(), Be = Symbol(), Ve = new TextEncoder(), Ge = new TextDecoder();
 function E(t) {
-  return typeof t == "string" ? Be.encode(t) : Ve.decode(t);
+  return typeof t == "string" ? Ve.encode(t) : Ge.decode(t);
 }
-const se = 32768;
-function Ge(t) {
+const ce = 32768;
+function Ze(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
-  for (let n = 0; n < t.byteLength; n += se)
-    e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
+  for (let n = 0; n < t.byteLength; n += ce)
+    e.push(String.fromCharCode.apply(null, t.subarray(n, n + ce)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function Ze(t) {
+function Ye(t) {
   try {
     const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
     for (let o = 0; o < e.length; o++)
@@ -193,9 +194,9 @@ function Ze(t) {
   }
 }
 function A(t) {
-  return typeof t == "string" ? Ze(t) : Ge(t);
+  return typeof t == "string" ? Ye(t) : Ze(t);
 }
-class Ye {
+class Qe {
   constructor(e) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
@@ -225,23 +226,23 @@ class S extends Error {
     super(e ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
-class Qe extends Error {
+class Xe extends Error {
   constructor(e, n) {
     var o;
     super(e, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-const s = Qe, ge = new Ye(100);
+const s = Xe, ge = new Qe(100);
 function ye(t) {
   return t instanceof CryptoKey;
 }
 function _e(t) {
   return ye(t) && t.type === "private";
 }
-function Xe(t) {
+function et(t) {
   return ye(t) && t.type === "public";
 }
-function X(t) {
+function ee(t) {
   try {
     const e = t.headers.get("dpop-nonce");
     e && ge.set(new URL(t.url).origin, e);
@@ -249,24 +250,24 @@ function X(t) {
   }
   return t;
 }
-function x(t) {
+function C(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
 function H(t) {
-  Y(t, Headers) && (t = Object.fromEntries(t.entries()));
+  Q(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (G && !e.has("user-agent") && e.set("user-agent", G), e.has("authorization"))
+  if (Z && !e.has("user-agent") && e.set("user-agent", Z), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function ee(t) {
+function te(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
 }
-async function et(t, e) {
+async function tt(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
@@ -284,31 +285,31 @@ async function et(t, e) {
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
   const o = H(e == null ? void 0 : e.headers);
-  return o.set("accept", "application/json"), ((e == null ? void 0 : e[Q]) || fetch)(n.href, {
+  return o.set("accept", "application/json"), ((e == null ? void 0 : e[X]) || fetch)(n.href, {
     headers: Object.fromEntries(o.entries()),
     method: "GET",
     redirect: "manual",
-    signal: e != null && e.signal ? ee(e.signal) : null
-  }).then(X);
+    signal: e != null && e.signal ? te(e.signal) : null
+  }).then(ee);
 }
 function w(t) {
   return typeof t == "string" && t.length !== 0;
 }
-async function tt(t, e) {
+async function nt(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!Y(e, Response))
+  if (!Q(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new s('"response" is not a conform Authorization Server Metadata response');
-  te(e);
+  ne(e);
   let n;
   try {
     n = await e.json();
   } catch (o) {
     throw new s('failed to parse "response" body as JSON', { cause: o });
   }
-  if (!x(n))
+  if (!C(n))
     throw new s('"response" body must be a top level object');
   if (!w(n.issuer))
     throw new s('"response" body "issuer" property must be a non-empty string');
@@ -319,18 +320,18 @@ async function tt(t, e) {
 function $() {
   return A(crypto.getRandomValues(new Uint8Array(32)));
 }
-function nt() {
+function rt() {
   return $();
 }
-function rt() {
+function ot() {
   return $();
 }
-async function ot(t) {
+async function it(t) {
   if (!w(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   return A(await crypto.subtle.digest("SHA-256", E(t)));
 }
-function it(t) {
+function at(t) {
   if (t instanceof CryptoKey)
     return { key: t };
   if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
@@ -343,14 +344,14 @@ function it(t) {
     modifyAssertion: t[me]
   };
 }
-function ce(t) {
+function ue(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function at(t, e) {
-  const n = ce(t), o = ce(e);
+function st(t, e) {
+  const n = ue(t), o = ue(e);
   return `Basic ${btoa(`${n}:${o}`)}`;
 }
-function st(t) {
+function ct(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -362,7 +363,7 @@ function st(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function ct(t) {
+function ut(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -374,7 +375,7 @@ function ct(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function ut(t) {
+function lt(t) {
   switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -389,11 +390,11 @@ function ut(t) {
 function be(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
-      return st(t);
-    case "RSASSA-PKCS1-v1_5":
       return ct(t);
-    case "ECDSA":
+    case "RSASSA-PKCS1-v1_5":
       return ut(t);
+    case "ECDSA":
+      return lt(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -401,19 +402,19 @@ function be(t) {
       throw new S("unsupported CryptoKey algorithm name");
   }
 }
-function C(t) {
+function L(t) {
   const e = t == null ? void 0 : t[W];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
 function ve(t) {
-  const e = t == null ? void 0 : t[Fe];
+  const e = t == null ? void 0 : t[Me];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
 function F() {
   return Math.floor(Date.now() / 1e3);
 }
-function lt(t, e) {
-  const n = F() + C(e);
+function dt(t, e) {
+  const n = F() + L(e);
   return {
     jti: $(),
     aud: [t.issuer, t.token_endpoint],
@@ -424,8 +425,8 @@ function lt(t, e) {
     sub: e.client_id
   };
 }
-async function dt(t, e, n, o, a) {
-  const r = { alg: be(n), kid: o }, i = lt(t, e);
+async function ht(t, e, n, o, a) {
+  const r = { alg: be(n), kid: o }, i = dt(t, e);
   return a == null || a(r, i), Se(r, i, n);
 }
 function I(t) {
@@ -442,7 +443,7 @@ function j(t) {
     throw new TypeError('"client.client_id" property must be a non-empty string');
   return !0;
 }
-function ue(t) {
+function le(t) {
   if (!w(t))
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
@@ -451,34 +452,34 @@ function q(t, e) {
   if (e !== void 0)
     throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
-function le(t, e) {
+function de(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function ht(t, e, n, o, a) {
+async function ft(t, e, n, o, a) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      q("client_secret_basic", a), o.set("authorization", at(e.client_id, ue(e.client_secret)));
+      q("client_secret_basic", a), o.set("authorization", st(e.client_id, le(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      q("client_secret_post", a), n.set("client_id", e.client_id), n.set("client_secret", ue(e.client_secret));
+      q("client_secret_post", a), n.set("client_id", e.client_id), n.set("client_secret", le(e.client_secret));
       break;
     }
     case "private_key_jwt": {
-      if (le("private_key_jwt", e.client_secret), a === void 0)
+      if (de("private_key_jwt", e.client_secret), a === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: r, kid: i, modifyAssertion: c } = it(a);
+      const { key: r, kid: i, modifyAssertion: c } = at(a);
       if (!_e(r))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await dt(t, e, r, i, c));
+      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await ht(t, e, r, i, c));
       break;
     }
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      le(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, a), n.set("client_id", e.client_id);
+      de(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, a), n.set("client_id", e.client_id);
       break;
     }
     default:
@@ -491,12 +492,12 @@ async function Se(t, e, n) {
   const o = `${A(E(JSON.stringify(t)))}.${A(E(JSON.stringify(e)))}`, a = A(await crypto.subtle.sign(Ue(n), n, E(o)));
   return `${o}.${a}`;
 }
-async function ft(t, e, n, o, a, r) {
+async function pt(t, e, n, o, a, r) {
   var T;
   const { privateKey: i, publicKey: c, nonce: p = ge.get(n.origin) } = e;
   if (!_e(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!Xe(c))
+  if (!et(c))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
   if (p !== void 0 && !w(p))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
@@ -505,7 +506,7 @@ async function ft(t, e, n, o, a, r) {
   const b = F() + a, f = {
     alg: be(i),
     typ: "dpop+jwt",
-    jwk: await wt(c)
+    jwk: await mt(c)
   }, y = {
     iat: b,
     jti: $(),
@@ -517,72 +518,72 @@ async function ft(t, e, n, o, a, r) {
   (T = e[me]) == null || T.call(e, f, y), t.set("dpop", await Se(f, y, i));
 }
 let K;
-async function pt(t) {
+async function wt(t) {
   const { kty: e, e: n, n: o, x: a, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), c = { kty: e, e: n, n: o, x: a, y: r, crv: i };
   return K.set(t, c), c;
 }
-async function wt(t) {
-  return K || (K = /* @__PURE__ */ new WeakMap()), K.get(t) || pt(t);
+async function mt(t) {
+  return K || (K = /* @__PURE__ */ new WeakMap()), K.get(t) || wt(t);
 }
-function de(t, e, n) {
+function he(t, e, n) {
   if (typeof t != "string")
     throw n ? new TypeError(`"as.mtls_endpoint_aliases.${e}" must be a string`) : new TypeError(`"as.${e}" must be a string`);
   return new URL(t);
 }
 function Te(t, e, n = !1) {
-  return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? de(t.mtls_endpoint_aliases[e], e, n) : de(t[e], e, n);
+  return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? he(t.mtls_endpoint_aliases[e], e, n) : he(t[e], e, n);
 }
 function ke(t, e) {
-  return !!(t.use_mtls_endpoint_aliases || e != null && e[qe]);
+  return !!(t.use_mtls_endpoint_aliases || e != null && e[Be]);
 }
-function Z(t) {
+function Y(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function mt(t, e, n, o, a, r) {
+async function gt(t, e, n, o, a, r) {
   if (!w(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = H(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await ft(o, r.DPoP, n, e.toUpperCase(), C({ [W]: r == null ? void 0 : r[W] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[Q]) || fetch)(n.href, {
+  return o = H(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await pt(o, r.DPoP, n, e.toUpperCase(), L({ [W]: r == null ? void 0 : r[W] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[X]) || fetch)(n.href, {
     body: a,
     headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: r != null && r.signal ? ee(r.signal) : null
-  }).then(X);
+    signal: r != null && r.signal ? te(r.signal) : null
+  }).then(ee);
 }
-async function gt(t, e, n, o) {
+async function yt(t, e, n, o) {
   I(t), j(e);
   const a = Te(t, "userinfo_endpoint", ke(e, o)), r = H(o == null ? void 0 : o.headers);
-  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), mt(n, "GET", a, r, null, {
+  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), gt(n, "GET", a, r, null, {
     ...o,
-    [W]: C(e)
+    [W]: L(e)
   });
 }
-async function yt(t, e, n, o, a, r, i) {
-  return await ht(t, e, a, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[Q]) || fetch)(o.href, {
+async function _t(t, e, n, o, a, r, i) {
+  return await ft(t, e, a, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[X]) || fetch)(o.href, {
     body: a,
     headers: Object.fromEntries(r.entries()),
     method: n,
     redirect: "manual",
-    signal: i != null && i.signal ? ee(i.signal) : null
-  }).then(X);
+    signal: i != null && i.signal ? te(i.signal) : null
+  }).then(ee);
 }
 async function Ae(t, e, n, o, a) {
   const r = Te(t, "token_endpoint", ke(e, a));
   o.set("grant_type", n);
   const i = H(a == null ? void 0 : a.headers);
-  return i.set("accept", "application/json"), yt(t, e, "POST", r, o, i, a);
+  return i.set("accept", "application/json"), _t(t, e, "POST", r, o, i, a);
 }
-async function _t(t, e, n, o) {
+async function bt(t, e, n, o) {
   if (I(t), j(e), !w(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const a = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
   return a.set("refresh_token", n), Ae(t, e, "refresh_token", a, o);
 }
 const Ee = /* @__PURE__ */ new WeakMap();
-function bt(t) {
+function vt(t) {
   if (!t.id_token)
     return;
   const e = Ee.get(t);
@@ -591,22 +592,22 @@ function bt(t) {
   return e[0];
 }
 async function Re(t, e, n, o = !1, a = !1) {
-  if (I(t), j(e), !Y(n, Response))
+  if (I(t), j(e), !Q(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await Lt(n))
+    if (i = await Ct(n))
       return i;
     throw new s('"response" is not a conform Token Endpoint response');
   }
-  te(n);
+  ne(n);
   let r;
   try {
     r = await n.json();
   } catch (i) {
     throw new s('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!x(r))
+  if (!C(r))
     throw new s('"response" body must be a top level object');
   if (!w(r.access_token))
     throw new s('"response" body "access_token" property must be a non-empty string');
@@ -624,7 +625,7 @@ async function Re(t, e, n, o = !1, a = !1) {
     if (r.id_token !== void 0 && !w(r.id_token))
       throw new s('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i, jwt: c } = await It(r.id_token, jt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Le, C(e), ve(e), e[Me]).then(Rt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(Tt.bind(void 0, t.issuer)).then(St.bind(void 0, e.client_id));
+      const { claims: i, jwt: c } = await jt(r.id_token, Jt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), xe, L(e), ve(e), e[qe]).then(Pt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(kt.bind(void 0, t.issuer)).then(Tt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1) {
         if (i.azp === void 0)
           throw new s('ID Token "aud" (audience) claim includes additional untrusted audiences');
@@ -638,10 +639,10 @@ async function Re(t, e, n, o = !1, a = !1) {
   }
   return r;
 }
-async function vt(t, e, n) {
+async function St(t, e, n) {
   return Re(t, e, n);
 }
-function St(t, e) {
+function Tt(t, e) {
   if (Array.isArray(e.claims.aud)) {
     if (!e.claims.aud.includes(t))
       throw new s('unexpected JWT "aud" (audience) claim value');
@@ -649,16 +650,16 @@ function St(t, e) {
     throw new s('unexpected JWT "aud" (audience) claim value');
   return e;
 }
-function Tt(t, e) {
+function kt(t, e) {
   if (e.claims.iss !== t)
     throw new s('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
 const Pe = /* @__PURE__ */ new WeakSet();
-function kt(t) {
+function At(t) {
   return Pe.add(t), t;
 }
-async function At(t, e, n, o, a, r) {
+async function Et(t, e, n, o, a, r) {
   if (I(t), j(e), !Pe.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!w(o))
@@ -671,7 +672,7 @@ async function At(t, e, n, o, a, r) {
   const c = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
   return c.set("redirect_uri", o), c.set("code_verifier", a), c.set("code", i), Ae(t, e, "authorization_code", c, r);
 }
-const Et = {
+const Rt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -687,33 +688,33 @@ const Et = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function Rt(t, e) {
+function Pt(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new s(`JWT "${n}" (${Et[n]}) claim missing`);
+      throw new s(`JWT "${n}" (${Rt[n]}) claim missing`);
   return e;
 }
-const Pt = Symbol(), B = Symbol();
-async function Ut(t, e, n, o, a) {
+const Ut = Symbol(), B = Symbol();
+async function xt(t, e, n, o, a) {
   const r = await Re(t, e, n);
-  if (Z(r))
+  if (Y(r))
     return r;
   if (!w(r.id_token))
     throw new s('"response" body "id_token" property must be a non-empty string');
   a ?? (a = e.default_max_age ?? B);
-  const i = bt(r);
+  const i = vt(r);
   if ((e.require_auth_time || a !== B) && i.auth_time === void 0)
     throw new s('ID Token "auth_time" (authentication time) claim missing');
   if (a !== B) {
     if (typeof a != "number" || a < 0)
       throw new TypeError('"maxAge" must be a non-negative number');
-    const c = F() + C(e), p = ve(e);
+    const c = F() + L(e), p = ve(e);
     if (i.auth_time + a < c - p)
       throw new s("too much time has elapsed since the last End-User authentication");
   }
   switch (o) {
     case void 0:
-    case Pt:
+    case Ut:
       if (i.nonce !== void 0)
         throw new s('unexpected ID Token "nonce" claim value');
       break;
@@ -727,26 +728,26 @@ async function Ut(t, e, n, o, a) {
   }
   return r;
 }
-function te(t) {
+function ne(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function Lt(t) {
+async function Ct(t) {
   if (t.status > 399 && t.status < 500) {
-    te(t);
+    ne(t);
     try {
       const e = await t.json();
-      if (x(e) && typeof e.error == "string" && e.error.length)
+      if (C(e) && typeof e.error == "string" && e.error.length)
         return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
   }
 }
-function he(t) {
+function fe(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new s(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function xt(t) {
+function Lt(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -763,10 +764,10 @@ function Ue(t) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: xt(t.algorithm.namedCurve)
+        hash: Lt(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (he(t.algorithm), t.algorithm.hash.name) {
+      switch (fe(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
@@ -778,20 +779,20 @@ function Ue(t) {
           throw new S();
       }
     case "RSASSA-PKCS1-v1_5":
-      return he(t.algorithm), t.algorithm.name;
+      return fe(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
       return t.algorithm.name;
   }
   throw new S();
 }
-const Le = Symbol();
-async function Ct(t, e, n, o) {
+const xe = Symbol();
+async function It(t, e, n, o) {
   const a = `${t}.${e}`;
   if (!await crypto.subtle.verify(Ue(n), n, o, E(a)))
     throw new s("JWT signature verification failed");
 }
-async function It(t, e, n, o, a, r) {
+async function jt(t, e, n, o, a, r) {
   let { 0: i, 1: c, 2: p, length: b } = t.split(".");
   if (b === 5)
     if (r !== void 0)
@@ -806,20 +807,20 @@ async function It(t, e, n, o, a, r) {
   } catch (l) {
     throw new s("failed to parse JWT Header body as base64url encoded JSON", { cause: l });
   }
-  if (!x(f))
+  if (!C(f))
     throw new s("JWT Header must be a top level object");
   if (e(f), f.crit !== void 0)
     throw new s('unexpected JWT "crit" header parameter');
   const y = A(p);
   let T;
-  n !== Le && (T = await n(f), await Ct(i, c, T, y));
+  n !== xe && (T = await n(f), await It(i, c, T, y));
   let h;
   try {
     h = JSON.parse(E(A(c)));
   } catch (l) {
     throw new s("failed to parse JWT Payload body as base64url encoded JSON", { cause: l });
   }
-  if (!x(h))
+  if (!C(h))
     throw new s("JWT Payload must be a top level object");
   const J = F() + o;
   if (h.exp !== void 0) {
@@ -842,7 +843,7 @@ async function It(t, e, n, o, a, r) {
     throw new s('unexpected JWT "aud" (audience) claim type');
   return { header: f, claims: h, signature: y, key: T, jwt: t };
 }
-function jt(t, e, n) {
+function Jt(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new s('unexpected JWT "alg" header parameter');
@@ -862,8 +863,8 @@ function k(t, e) {
     throw new s(`"${e}" parameter must be provided only once`);
   return n;
 }
-const Jt = Symbol(), Ot = Symbol();
-function zt(t, e, n, o) {
+const Ot = Symbol(), zt = Symbol();
+function Dt(t, e, n, o) {
   if (I(t), j(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
   if (k(n, "response"))
@@ -875,11 +876,11 @@ function zt(t, e, n, o) {
     throw new s('unexpected "iss" (issuer) response parameter value');
   switch (o) {
     case void 0:
-    case Ot:
+    case zt:
       if (r !== void 0)
         throw new s('unexpected "state" response parameter encountered');
       break;
-    case Jt:
+    case Ot:
       break;
     default:
       if (!w(o))
@@ -899,19 +900,19 @@ function zt(t, e, n, o) {
   const c = k(n, "id_token"), p = k(n, "token");
   if (c !== void 0 || p !== void 0)
     throw new S("implicit and hybrid flows are not supported");
-  return kt(new URLSearchParams(n));
+  return At(new URLSearchParams(n));
 }
-function Dt({
+function Nt({
   handleCallback: t
 }) {
-  const e = De({
+  const e = Ne({
     retry: !1,
     queryKey: ["oauth-callback"],
     queryFn: async () => {
       try {
         return await t();
       } catch (n) {
-        throw new Ke("Could not validate user", {
+        throw new We("Could not validate user", {
           cause: n,
           title: "Authentication Error",
           developerHint: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly."
@@ -919,17 +920,17 @@ function Dt({
       }
     }
   });
-  return /* @__PURE__ */ we.jsx(Ne, { to: e.data });
+  return /* @__PURE__ */ G.jsx(Ke, { to: e.data });
 }
 class P extends Error {
 }
-class fe extends P {
+class pe extends P {
   constructor(e, n, o) {
     super(e, o), this.error = n;
   }
 }
 const V = "code-verifier";
-class Nt extends ze {
+class Kt extends De {
   constructor(e, n) {
     super(), this.callbackUrlPath = e, this.handleCallback = n;
   }
@@ -938,12 +939,12 @@ class Nt extends ze {
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ we.jsx(Dt, { handleCallback: this.handleCallback })
+        element: /* @__PURE__ */ G.jsx(ze, { children: /* @__PURE__ */ G.jsx(Nt, { handleCallback: this.handleCallback }) })
       }
     ];
   }
 }
-class Kt {
+class Wt {
   constructor({
     issuer: e,
     audience: n,
@@ -963,7 +964,7 @@ class Kt {
     _(this, "redirectToAfterSignOut");
     _(this, "audience");
     _(this, "signOut", async () => {
-      L.setState({
+      x.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0,
@@ -983,32 +984,32 @@ class Kt {
       const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(V);
       if (sessionStorage.removeItem(V), !o)
         throw new P("No code verifier found in state.");
-      const a = await this.getAuthServer(), r = zt(
+      const a = await this.getAuthServer(), r = Dt(
         a,
         this.client,
         e.searchParams,
         n ?? void 0
       );
-      if (Z(r))
-        throw ae.error("Error validating OAuth response", r), new fe(
+      if (Y(r))
+        throw se.error("Error validating OAuth response", r), new pe(
           "Error validating OAuth response",
           r
         );
       const i = new URL(e);
       i.pathname = this.redirectToAfterSignIn, i.search = "";
-      const c = await At(
+      const c = await Et(
         a,
         this.client,
         r,
         i.toString(),
         o
-      ), p = await Ut(
+      ), p = await xt(
         a,
         this.client,
         c
       );
       this.setTokensFromResponse(p);
-      const b = await this.getAccessToken(), y = await (await gt(
+      const b = await this.getAccessToken(), y = await (await yt(
         a,
         this.client,
         b
@@ -1019,7 +1020,7 @@ class Kt {
         emailVerified: y.email_verified ?? !1,
         pictureUrl: y.picture
       };
-      L.setState({
+      x.setState({
         isAuthenticated: !0,
         isPending: !1,
         profile: T
@@ -1034,8 +1035,8 @@ class Kt {
   }
   async getAuthServer() {
     if (!this.authorizationServer) {
-      const e = new URL(this.issuer), n = await et(e);
-      this.authorizationServer = await tt(
+      const e = new URL(this.issuer), n = await tt(e);
+      this.authorizationServer = await nt(
         e,
         n
       );
@@ -1047,8 +1048,8 @@ class Kt {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (Z(e))
-      throw ae.error("Bad Token Response", e), new fe("Bad Token Response", e);
+    if (Y(e))
+      throw se.error("Bad Token Response", e), new pe("Bad Token Response", e);
     if (!e.expires_in)
       throw new P("No expires_in in response");
     const n = {
@@ -1058,7 +1059,7 @@ class Kt {
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
     };
-    L.setState({
+    x.setState({
       providerData: n
     });
   }
@@ -1081,7 +1082,7 @@ class Kt {
     const o = "S256", a = await this.getAuthServer();
     if (!a.authorization_endpoint)
       throw new P("No authorization endpoint");
-    const r = nt(), i = await ot(r);
+    const r = rt(), i = await it(r);
     sessionStorage.setItem(V, r);
     const c = new URL(
       a.authorization_endpoint
@@ -1095,29 +1096,29 @@ class Kt {
       isSignIn: !n,
       isSignUp: n
     }), ((f = a.code_challenge_methods_supported) == null ? void 0 : f.includes("S256")) !== !0) {
-      const y = rt();
+      const y = ot();
       c.searchParams.set("state", y);
     }
     location.href = c.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer(), { providerData: n } = L.getState();
+    const e = await this.getAuthServer(), { providerData: n } = x.getState();
     if (!n)
       throw new P("User is not authenticated");
     const o = n;
     if (new Date(o.expiresOn) < /* @__PURE__ */ new Date()) {
       if (!o.refreshToken)
-        return L.setState({
+        return x.setState({
           isAuthenticated: !1,
           isPending: !1,
           profile: null,
           providerData: null
         }), "";
-      const a = await _t(
+      const a = await bt(
         e,
         this.client,
         o.refreshToken
-      ), r = await vt(
+      ), r = await St(
         e,
         this.client,
         a
@@ -1129,12 +1130,12 @@ class Kt {
       return o.accessToken;
   }
   getAuthenticationPlugin() {
-    return new Nt(this.callbackUrlPath, this.handleCallback);
+    return new Kt(this.callbackUrlPath, this.handleCallback);
   }
 }
-const Gt = (t) => new Kt(t);
+const Yt = (t) => new Wt(t);
 export {
-  Kt as OpenIDAuthenticationProvider,
-  Gt as default
+  Wt as OpenIDAuthenticationProvider,
+  Yt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map