zudoku 0.3.0-dev.58 → 0.3.0-dev.59

package/lib/zudoku.auth-openid.js

@@ -1,9 +1,10 @@
 var Re = Object.defineProperty;
-var xe = (e, t, n) => t in e ? Re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
-var S = (e, t, n) => xe(e, typeof t != "symbol" ? t + "" : t, n);
-import { a as Pe, j as T } from "./jsx-runtime-CJZJivg2.js";
+var Pe = (e, t, n) => t in e ? Re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
+var S = (e, t, n) => Pe(e, typeof t != "symbol" ? t + "" : t, n);
+import { b as xe, j as T } from "./jsx-runtime-BIr0WBt_.js";
 import { c as Le, a as Ue } from "./_commonjsHelpers-BVfed4GL.js";
-import { useRef as Ce, useState as je, useEffect as ze } from "react";
+import { A as Ce } from "./AuthenticationPlugin-CG6Bw32B.js";
+import { useRef as je, useState as Je, useEffect as ze } from "react";
 import { u as re } from "./state-DKdaQzvh.js";
 var he = { exports: {} };
 (function(e) {
@@ -36,7 +37,7 @@ var he = { exports: {} };
     function m(u) {
       return u === "debug" && (u = "log"), typeof console === n ? !1 : u === "trace" && o ? g : console[u] !== void 0 ? d(console, u) : console.log !== void 0 ? d(console, "log") : t;
     }
-    function _() {
+    function b() {
       for (var u = this.getLevel(), f = 0; f < s.length; f++) {
         var c = s[f];
         this[c] = f < u ? t : this.methodFactory(c, u, this.name);
@@ -46,39 +47,39 @@ var he = { exports: {} };
     }
     function y(u) {
       return function() {
-        typeof console !== n && (_.call(this), this[u].apply(this, arguments));
+        typeof console !== n && (b.call(this), this[u].apply(this, arguments));
       };
     }
     function h(u, f, c) {
       return m(u) || y.apply(this, arguments);
     }
     function L(u, f) {
-      var c = this, J, $, x, b = "loglevel";
-      typeof u == "string" ? b += ":" + u : typeof u == "symbol" && (b = void 0);
-      function ke(l) {
+      var c = this, z, $, P, _ = "loglevel";
+      typeof u == "string" ? _ += ":" + u : typeof u == "symbol" && (_ = void 0);
+      function Ee(l) {
         var p = (s[l] || "silent").toUpperCase();
-        if (!(typeof window === n || !b)) {
+        if (!(typeof window === n || !_)) {
           try {
-            window.localStorage[b] = p;
+            window.localStorage[_] = p;
             return;
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(b) + "=" + p + ";";
+            window.document.cookie = encodeURIComponent(_) + "=" + p + ";";
           } catch {
           }
         }
       }
       function ee() {
         var l;
-        if (!(typeof window === n || !b)) {
+        if (!(typeof window === n || !_)) {
           try {
-            l = window.localStorage[b];
+            l = window.localStorage[_];
           } catch {
           }
           if (typeof l === n)
             try {
-              var p = window.document.cookie, O = encodeURIComponent(b), ne = p.indexOf(O + "=");
+              var p = window.document.cookie, O = encodeURIComponent(_), ne = p.indexOf(O + "=");
               ne !== -1 && (l = /^([^;]+)/.exec(
                 p.slice(ne + O.length + 1)
               )[1]);
@@ -88,13 +89,13 @@ var he = { exports: {} };
         }
       }
       function Te() {
-        if (!(typeof window === n || !b)) {
+        if (!(typeof window === n || !_)) {
           try {
-            window.localStorage.removeItem(b);
+            window.localStorage.removeItem(_);
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(b) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
+            window.document.cookie = encodeURIComponent(_) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
           } catch {
           }
         }
@@ -113,26 +114,26 @@ var he = { exports: {} };
         ERROR: 4,
         SILENT: 5
       }, c.methodFactory = f || h, c.getLevel = function() {
-        return x ?? $ ?? J;
+        return P ?? $ ?? z;
       }, c.setLevel = function(l, p) {
-        return x = U(l), p !== !1 && ke(x), _.call(c);
+        return P = U(l), p !== !1 && Ee(P), b.call(c);
       }, c.setDefaultLevel = function(l) {
         $ = U(l), ee() || c.setLevel(l, !1);
       }, c.resetLevel = function() {
-        x = null, Te(), _.call(c);
+        P = null, Te(), b.call(c);
       }, c.enableAll = function(l) {
         c.setLevel(c.levels.TRACE, l);
       }, c.disableAll = function(l) {
         c.setLevel(c.levels.SILENT, l);
       }, c.rebuild = function() {
-        if (i !== c && (J = U(i.getLevel())), _.call(c), i === c)
+        if (i !== c && (z = U(i.getLevel())), b.call(c), i === c)
           for (var l in r)
             r[l].rebuild();
-      }, J = U(
+      }, z = U(
         i ? i.getLevel() : "WARN"
       );
       var te = ee();
-      te != null && (x = U(te)), _.call(c);
+      te != null && (P = U(te)), b.call(c);
     }
     i = new L(), i.getLogger = function(f) {
       if (typeof f != "symbol" && typeof f != "string" || f === "")
@@ -151,8 +152,8 @@ var he = { exports: {} };
     }, i.default = i, i;
   });
 })(he);
-var Je = he.exports;
-const oe = /* @__PURE__ */ Ue(Je);
+var Oe = he.exports;
+const oe = /* @__PURE__ */ Ue(Oe);
 let M;
 var I, de;
 (typeof navigator > "u" || !((de = (I = navigator.userAgent) == null ? void 0 : I.startsWith) != null && de.call(I, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
@@ -165,19 +166,19 @@ function q(e, t) {
     return !1;
   }
 }
-const K = Symbol(), Oe = Symbol(), V = Symbol(), Ie = new TextEncoder(), Ne = new TextDecoder();
+const K = Symbol(), Ie = Symbol(), V = Symbol(), Ne = new TextEncoder(), Ke = new TextDecoder();
 function A(e) {
-  return typeof e == "string" ? Ie.encode(e) : Ne.decode(e);
+  return typeof e == "string" ? Ne.encode(e) : Ke.decode(e);
 }
 const ie = 32768;
-function Ke(e) {
+function We(e) {
   e instanceof ArrayBuffer && (e = new Uint8Array(e));
   const t = [];
   for (let n = 0; n < e.byteLength; n += ie)
     t.push(String.fromCharCode.apply(null, e.subarray(n, n + ie)));
   return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function We(e) {
+function De(e) {
   try {
     const t = atob(e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(t.length);
     for (let o = 0; o < t.length; o++)
@@ -187,10 +188,10 @@ function We(e) {
     throw new a("The input to be decoded is not correctly encoded.", { cause: t });
   }
 }
-function k(e) {
-  return typeof e == "string" ? We(e) : Ke(e);
+function E(e) {
+  return typeof e == "string" ? De(e) : We(e);
 }
-class De {
+class He {
   constructor(t) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = t;
   }
@@ -220,20 +221,20 @@ class v extends Error {
     super(t ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
-class He extends Error {
+class $e extends Error {
   constructor(t, n) {
     var o;
     super(t, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-const a = He, fe = new De(100);
+const a = $e, fe = new He(100);
 function pe(e) {
   return e instanceof CryptoKey;
 }
 function we(e) {
   return pe(e) && e.type === "private";
 }
-function $e(e) {
+function Fe(e) {
   return pe(e) && e.type === "public";
 }
 function Y(e) {
@@ -261,7 +262,7 @@ function Z(e) {
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return e;
 }
-async function Fe(e, t) {
+async function Me(e, t) {
   if (!(e instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (e.protocol !== "https:" && e.protocol !== "http:")
@@ -289,7 +290,7 @@ async function Fe(e, t) {
 function w(e) {
   return typeof e == "string" && e.length !== 0;
 }
-async function Me(e, t) {
+async function Be(e, t) {
   if (!(e instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
   if (!q(t, Response))
@@ -312,20 +313,20 @@ async function Me(e, t) {
   return n;
 }
 function D() {
-  return k(crypto.getRandomValues(new Uint8Array(32)));
+  return E(crypto.getRandomValues(new Uint8Array(32)));
 }
-function Be() {
+function Ge() {
   return D();
 }
-function Ge() {
+function qe() {
   return D();
 }
-async function qe(e) {
+async function Ve(e) {
   if (!w(e))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return k(await crypto.subtle.digest("SHA-256", A(e)));
+  return E(await crypto.subtle.digest("SHA-256", A(e)));
 }
-function Ve(e) {
+function Ye(e) {
   if (e instanceof CryptoKey)
     return { key: e };
   if (!((e == null ? void 0 : e.key) instanceof CryptoKey))
@@ -337,11 +338,11 @@ function Ve(e) {
 function se(e) {
   return encodeURIComponent(e).replace(/%20/g, "+");
 }
-function Ye(e, t) {
+function Ze(e, t) {
   const n = se(e), o = se(t);
   return `Basic ${btoa(`${n}:${o}`)}`;
 }
-function Ze(e) {
+function Qe(e) {
   switch (e.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -353,7 +354,7 @@ function Ze(e) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Qe(e) {
+function Xe(e) {
   switch (e.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -365,7 +366,7 @@ function Qe(e) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Xe(e) {
+function et(e) {
   switch (e.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -380,11 +381,11 @@ function Xe(e) {
 function ge(e) {
   switch (e.algorithm.name) {
     case "RSA-PSS":
-      return Ze(e);
-    case "RSASSA-PKCS1-v1_5":
       return Qe(e);
-    case "ECDSA":
+    case "RSASSA-PKCS1-v1_5":
       return Xe(e);
+    case "ECDSA":
+      return et(e);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -396,14 +397,14 @@ function H(e) {
   const t = e == null ? void 0 : e[K];
   return typeof t == "number" && Number.isFinite(t) ? t : 0;
 }
-function et(e) {
-  const t = e == null ? void 0 : e[Oe];
+function tt(e) {
+  const t = e == null ? void 0 : e[Ie];
   return typeof t == "number" && Number.isFinite(t) && Math.sign(t) !== -1 ? t : 30;
 }
 function Q() {
   return Math.floor(Date.now() / 1e3);
 }
-function tt(e, t) {
+function nt(e, t) {
   const n = Q() + H(t);
   return {
     jti: D(),
@@ -415,11 +416,11 @@ function tt(e, t) {
     sub: t.client_id
   };
 }
-async function nt(e, t, n, o) {
+async function rt(e, t, n, o) {
   return me({
     alg: ge(n),
     kid: o
-  }, tt(e, t), n);
+  }, nt(e, t), n);
 }
 function j(e) {
   if (typeof e != "object" || e === null)
@@ -428,7 +429,7 @@ function j(e) {
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function z(e) {
+function J(e) {
   if (typeof e != "object" || e === null)
     throw new TypeError('"client" must be an object');
   if (!w(e.client_id))
@@ -448,11 +449,11 @@ function ce(e, t) {
   if (t !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${e} client authentication method is used.`);
 }
-async function rt(e, t, n, o, s) {
+async function ot(e, t, n, o, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), t.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      F("client_secret_basic", s), o.set("authorization", Ye(t.client_id, ae(t.client_secret)));
+      F("client_secret_basic", s), o.set("authorization", Ze(t.client_id, ae(t.client_secret)));
       break;
     }
     case "client_secret_post": {
@@ -462,10 +463,10 @@ async function rt(e, t, n, o, s) {
     case "private_key_jwt": {
       if (ce("private_key_jwt", t.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: r, kid: i } = Ve(s);
+      const { key: r, kid: i } = Ye(s);
       if (!we(r))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", t.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await nt(e, t, r, i));
+      n.set("client_id", t.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await rt(e, t, r, i));
       break;
     }
     case "tls_client_auth":
@@ -481,59 +482,59 @@ async function rt(e, t, n, o, s) {
 async function me(e, t, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${k(A(JSON.stringify(e)))}.${k(A(JSON.stringify(t)))}`, s = k(await crypto.subtle.sign(Se(n), n, A(o)));
+  const o = `${E(A(JSON.stringify(e)))}.${E(A(JSON.stringify(t)))}`, s = E(await crypto.subtle.sign(Se(n), n, A(o)));
   return `${o}.${s}`;
 }
-async function ot(e, t, n, o, s, r) {
+async function it(e, t, n, o, s, r) {
   const { privateKey: i, publicKey: d, nonce: g = fe.get(n.origin) } = t;
   if (!we(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!$e(d))
+  if (!Fe(d))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
   if (g !== void 0 && !w(g))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!d.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const m = Q() + s, _ = await me({
+  const m = Q() + s, b = await me({
     alg: ge(i),
     typ: "dpop+jwt",
-    jwk: await st(d)
+    jwk: await at(d)
   }, {
     iat: m,
     jti: D(),
     htm: o,
     nonce: g,
     htu: `${n.origin}${n.pathname}`,
-    ath: r ? k(await crypto.subtle.digest("SHA-256", A(r))) : void 0
+    ath: r ? E(await crypto.subtle.digest("SHA-256", A(r))) : void 0
   }, i);
-  e.set("dpop", _);
+  e.set("dpop", b);
 }
 let N;
-async function it(e) {
+async function st(e) {
   const { kty: t, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", e), d = { kty: t, e: n, n: o, x: s, y: r, crv: i };
   return N.set(e, d), d;
 }
-async function st(e) {
-  return N || (N = /* @__PURE__ */ new WeakMap()), N.get(e) || it(e);
+async function at(e) {
+  return N || (N = /* @__PURE__ */ new WeakMap()), N.get(e) || st(e);
 }
-function at(e, t, n) {
+function ct(e, t, n) {
   if (typeof e != "string")
     throw new TypeError(`"as.${t}" must be a string`);
   return new URL(e);
 }
 function ye(e, t, n) {
-  return at(e[t], t);
+  return ct(e[t], t);
 }
 function B(e) {
   const t = e;
   return typeof t != "object" || Array.isArray(t) || t === null ? !1 : t.error !== void 0;
 }
-async function ct(e, t, n, o, s, r) {
+async function ut(e, t, n, o, s, r) {
   if (!w(e))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = W(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${e}`) : (await ot(o, r.DPoP, n, "GET", H({ [K]: r == null ? void 0 : r[K] }), e), o.set("authorization", `DPoP ${e}`)), ((r == null ? void 0 : r[V]) || fetch)(n.href, {
+  return o = W(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${e}`) : (await it(o, r.DPoP, n, "GET", H({ [K]: r == null ? void 0 : r[K] }), e), o.set("authorization", `DPoP ${e}`)), ((r == null ? void 0 : r[V]) || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: t,
@@ -541,16 +542,16 @@ async function ct(e, t, n, o, s, r) {
     signal: r != null && r.signal ? Z(r.signal) : null
   }).then(Y);
 }
-async function ut(e, t, n, o) {
-  j(e), z(t);
+async function lt(e, t, n, o) {
+  j(e), J(t);
   const s = ye(e, "userinfo_endpoint"), r = W(o == null ? void 0 : o.headers);
-  return t.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), ct(n, "GET", s, r, null, {
+  return t.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), ut(n, "GET", s, r, null, {
     ...o,
     [K]: H(t)
   });
 }
-async function lt(e, t, n, o, s, r, i) {
-  return await rt(e, t, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[V]) || fetch)(o.href, {
+async function dt(e, t, n, o, s, r, i) {
+  return await ot(e, t, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[V]) || fetch)(o.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: n,
@@ -558,25 +559,25 @@ async function lt(e, t, n, o, s, r, i) {
     signal: i != null && i.signal ? Z(i.signal) : null
   }).then(Y);
 }
-async function _e(e, t, n, o, s) {
+async function be(e, t, n, o, s) {
   const r = ye(e, "token_endpoint");
   o.set("grant_type", n);
   const i = W(s == null ? void 0 : s.headers);
-  return i.set("accept", "application/json"), lt(e, t, "POST", r, o, i, s);
+  return i.set("accept", "application/json"), dt(e, t, "POST", r, o, i, s);
 }
-async function dt(e, t, n, o) {
-  if (j(e), z(t), !w(n))
+async function ht(e, t, n, o) {
+  if (j(e), J(t), !w(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const s = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
-  return s.set("refresh_token", n), _e(e, t, "refresh_token", s, o);
+  return s.set("refresh_token", n), be(e, t, "refresh_token", s, o);
 }
-const ht = /* @__PURE__ */ new WeakMap();
-async function be(e, t, n, o = !1, s = !1) {
-  if (j(e), z(t), !q(n, Response))
+const ft = /* @__PURE__ */ new WeakMap();
+async function _e(e, t, n, o = !1, s = !1) {
+  if (j(e), J(t), !q(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await vt(n))
+    if (i = await St(n))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
@@ -605,20 +606,20 @@ async function be(e, t, n, o = !1, s = !1) {
     if (r.id_token !== void 0 && !w(r.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i } = await Et(r.id_token, kt.bind(void 0, t.id_token_signed_response_alg, e.id_token_signing_alg_values_supported), Ee, H(t), et(t)).then(_t.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(wt.bind(void 0, e.issuer)).then(pt.bind(void 0, t.client_id));
+      const { claims: i } = await Et(r.id_token, Tt.bind(void 0, t.id_token_signed_response_alg, e.id_token_signing_alg_values_supported), ke, H(t), tt(t)).then(_t.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, e.issuer)).then(wt.bind(void 0, t.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== t.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      ht.set(r, i);
+      ft.set(r, i);
     }
   }
   return r;
 }
-async function ft(e, t, n) {
-  return be(e, t, n);
+async function pt(e, t, n) {
+  return _e(e, t, n);
 }
-function pt(e, t) {
+function wt(e, t) {
   if (Array.isArray(t.claims.aud)) {
     if (!t.claims.aud.includes(e))
       throw new a('unexpected JWT "aud" (audience) claim value');
@@ -626,29 +627,29 @@ function pt(e, t) {
     throw new a('unexpected JWT "aud" (audience) claim value');
   return t;
 }
-function wt(e, t) {
+function gt(e, t) {
   if (t.claims.iss !== e)
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return t;
 }
 const ve = /* @__PURE__ */ new WeakSet();
-function gt(e) {
+function mt(e) {
   return ve.add(e), e;
 }
-async function mt(e, t, n, o, s, r) {
-  if (j(e), z(t), !ve.has(n))
+async function yt(e, t, n, o, s, r) {
+  if (j(e), J(t), !ve.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!w(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
   if (!w(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  const i = E(n, "code");
+  const i = k(n, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
   const d = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
-  return d.set("redirect_uri", o), d.set("code_verifier", s), d.set("code", i), _e(e, t, "authorization_code", d, r);
+  return d.set("redirect_uri", o), d.set("code_verifier", s), d.set("code", i), be(e, t, "authorization_code", d, r);
 }
-const yt = {
+const bt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -667,11 +668,11 @@ const yt = {
 function _t(e, t) {
   for (const n of e)
     if (t.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${yt[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${bt[n]}) claim missing`);
   return t;
 }
-async function bt(e, t, n) {
-  const o = await be(e, t, n, !0);
+async function vt(e, t, n) {
+  const o = await _e(e, t, n, !0);
   if (B(o))
     return o;
   if (o.id_token !== void 0) {
@@ -685,7 +686,7 @@ function X(e) {
   if (e.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function vt(e) {
+async function St(e) {
   if (e.status > 399 && e.status < 500) {
     X(e);
     try {
@@ -700,7 +701,7 @@ function ue(e) {
   if (typeof e.modulusLength != "number" || e.modulusLength < 2048)
     throw new a(`${e.name} modulusLength must be at least 2048 bits`);
 }
-function St(e) {
+function kt(e) {
   switch (e) {
     case "P-256":
       return "SHA-256";
@@ -717,7 +718,7 @@ function Se(e) {
     case "ECDSA":
       return {
         name: e.algorithm.name,
-        hash: St(e.algorithm.namedCurve)
+        hash: kt(e.algorithm.namedCurve)
       };
     case "RSA-PSS":
       switch (ue(e.algorithm), e.algorithm.hash.name) {
@@ -739,7 +740,7 @@ function Se(e) {
   }
   throw new v();
 }
-const Ee = Symbol();
+const ke = Symbol();
 async function Et(e, t, n, o, s) {
   const { 0: r, 1: i, 2: d, length: g } = e.split(".");
   if (g === 5)
@@ -748,7 +749,7 @@ async function Et(e, t, n, o, s) {
     throw new a("Invalid JWT");
   let m;
   try {
-    m = JSON.parse(A(k(r)));
+    m = JSON.parse(A(E(r)));
   } catch (R) {
     throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: R });
   }
@@ -756,17 +757,17 @@ async function Et(e, t, n, o, s) {
     throw new a("JWT Header must be a top level object");
   if (t(m), m.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const _ = k(d);
+  const b = E(d);
   let y;
-  if (n !== Ee) {
+  if (n !== ke) {
     y = await n(m);
     const R = `${r}.${i}`;
-    if (!await crypto.subtle.verify(Se(y), y, _, A(R)))
+    if (!await crypto.subtle.verify(Se(y), y, b, A(R)))
       throw new a("JWT signature verification failed");
   }
   let h;
   try {
-    h = JSON.parse(A(k(i)));
+    h = JSON.parse(A(E(i)));
   } catch (R) {
     throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: R });
   }
@@ -791,9 +792,9 @@ async function Et(e, t, n, o, s) {
   }
   if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: m, claims: h, signature: _, key: y };
+  return { header: m, claims: h, signature: b, key: y };
 }
-function kt(e, t, n) {
+function Tt(e, t, n) {
   if (e !== void 0) {
     if (n.alg !== e)
       throw new a('unexpected JWT "alg" header parameter');
@@ -807,30 +808,30 @@ function kt(e, t, n) {
   if (n.alg !== "RS256")
     throw new a('unexpected JWT "alg" header parameter');
 }
-function E(e, t) {
+function k(e, t) {
   const { 0: n, length: o } = e.getAll(t);
   if (o > 1)
     throw new a(`"${t}" parameter must be provided only once`);
   return n;
 }
-const Tt = Symbol(), At = Symbol();
-function Rt(e, t, n, o) {
-  if (j(e), z(t), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+const At = Symbol(), Rt = Symbol();
+function Pt(e, t, n, o) {
+  if (j(e), J(t), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
-  if (E(n, "response"))
+  if (k(n, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const s = E(n, "iss"), r = E(n, "state");
+  const s = k(n, "iss"), r = k(n, "state");
   if (!s && e.authorization_response_iss_parameter_supported)
     throw new a('response parameter "iss" (issuer) missing');
   if (s && s !== e.issuer)
     throw new a('unexpected "iss" (issuer) response parameter value');
   switch (o) {
     case void 0:
-    case At:
+    case Rt:
       if (r !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case Tt:
+    case At:
       break;
     default:
       if (!w(o))
@@ -840,21 +841,21 @@ function Rt(e, t, n, o) {
       if (r !== o)
         throw new a('unexpected "state" response parameter value');
   }
-  const i = E(n, "error");
+  const i = k(n, "error");
   if (i)
     return {
       error: i,
-      error_description: E(n, "error_description"),
-      error_uri: E(n, "error_uri")
+      error_description: k(n, "error_description"),
+      error_uri: k(n, "error_uri")
     };
-  const d = E(n, "id_token"), g = E(n, "token");
+  const d = k(n, "id_token"), g = k(n, "token");
   if (d !== void 0 || g !== void 0)
     throw new v("implicit and hybrid flows are not supported");
-  return gt(new URLSearchParams(n));
+  return mt(new URLSearchParams(n));
 }
-class P extends Error {
+class x extends Error {
 }
-class G extends P {
+class G extends x {
   constructor(t, n, o) {
     super(t, o), this.error = n;
   }
@@ -862,7 +863,7 @@ class G extends P {
 function xt({
   handleCallback: e
 }) {
-  const t = Ce(!1), [n, o] = je(void 0), s = Pe();
+  const t = je(!1), [n, o] = Je(void 0), s = xe();
   return ze(() => {
     t.current || (t.current = !0, e().then(() => {
       s("/");
@@ -885,7 +886,21 @@ function xt({
   ] }) : /* @__PURE__ */ T.jsx("div", { children: "Loading..." });
 }
 const le = "code-verifier";
-class Pt {
+class Lt extends Ce {
+  constructor(t, n) {
+    super(), this.callbackUrlPath = t, this.handleCallback = n;
+  }
+  getRoutes() {
+    return [
+      ...super.getRoutes(),
+      {
+        path: this.callbackUrlPath,
+        element: /* @__PURE__ */ T.jsx(xt, { handleCallback: this.handleCallback })
+      }
+    ];
+  }
+}
+class Ut {
   constructor({
     issuer: t,
     authorizationEndpoint: n,
@@ -903,10 +918,10 @@ class Pt {
     S(this, "handleCallback", async () => {
       const t = new URL(window.location.href), n = t.searchParams.get("state"), o = localStorage.getItem(le);
       if (!o)
-        throw new P(
+        throw new x(
           "Code verifier not found. Invalid auth state."
         );
-      const s = await this.getAuthServer(), r = Rt(
+      const s = await this.getAuthServer(), r = Pt(
         s,
         this.client,
         t.searchParams,
@@ -919,19 +934,19 @@ class Pt {
         );
       const i = new URL(t);
       i.pathname = this.callbackUrlPath, i.search = "";
-      const d = await mt(
+      const d = await yt(
         s,
         this.client,
         r,
         i.toString(),
         o
-      ), g = await bt(
+      ), g = await vt(
         s,
         this.client,
         d
       );
       this.setTokensFromResponse(g);
-      const m = await this.getAccessToken(), y = await (await ut(
+      const m = await this.getAccessToken(), y = await (await lt(
         s,
         this.client,
         m
@@ -963,8 +978,8 @@ class Pt {
           code_challenge_methods_supported: []
         };
       else {
-        const t = new URL(this.issuer), n = await Fe(t);
-        this.authorizationServer = await Me(
+        const t = new URL(this.issuer), n = await Me(t);
+        this.authorizationServer = await Be(
           t,
           n
         );
@@ -979,7 +994,7 @@ class Pt {
     if (B(t))
       throw oe.error("Bad Token Response", t), new G("Bad Token Response", t);
     if (!t.expires_in)
-      throw new P("No expires_in in response");
+      throw new x("No expires_in in response");
     this.tokens = {
       accessToken: t.access_token,
       refreshToken: t.refresh_token,
@@ -987,14 +1002,12 @@ class Pt {
       tokenType: t.token_type
     };
   }
-  async initialize() {
-  }
   async login() {
     var d;
     const t = "S256", n = await this.getAuthServer();
     if (!n.authorization_endpoint)
-      throw new P("No authorization endpoint");
-    const o = Be(), s = await qe(o);
+      throw new x("No authorization endpoint");
+    const o = Ge(), s = await Ve(o);
     localStorage.setItem(le, o);
     const r = new URL(
       n.authorization_endpoint
@@ -1003,7 +1016,7 @@ class Pt {
       "code_challenge_method",
       t
     ), ((d = n.code_challenge_methods_supported) == null ? void 0 : d.includes("S256")) !== !0) {
-      const g = Ge();
+      const g = qe();
       r.searchParams.set("state", g);
     }
     location.href = r.href;
@@ -1011,17 +1024,17 @@ class Pt {
   async getAccessToken() {
     const t = await this.getAuthServer();
     if (!this.tokens)
-      throw new P("User is not authenticated");
+      throw new x("User is not authenticated");
     if (this.tokens.expiresOn < /* @__PURE__ */ new Date()) {
       if (!this.tokens.refreshToken)
-        throw new P(
+        throw new x(
           "Token expired and no refresh token available"
         );
-      const n = await dt(
+      const n = await ht(
         t,
         this.client,
         this.tokens.refreshToken
-      ), o = await ft(
+      ), o = await pt(
         t,
         this.client,
         n
@@ -1044,18 +1057,16 @@ class Pt {
       n.toString()
     )) : o = n;
   }
-  getRoutes() {
-    return [
-      {
-        path: this.callbackUrlPath,
-        element: /* @__PURE__ */ T.jsx(xt, { handleCallback: this.handleCallback })
-      }
-    ];
+  getAuthenticationPlugin() {
+    return new Lt(
+      this.callbackUrlPath,
+      () => this.handleCallback()
+    );
   }
 }
-const Jt = (e) => new Pt(e);
+const Nt = (e) => new Ut(e);
 export {
-  Pt as OpenIDAuthenticationProvider,
-  Jt as default
+  Ut as OpenIDAuthenticationProvider,
+  Nt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map