npm - zudoku - Versions diffs - 0.3.0-dev.60 → 0.3.0-dev.62 - Mend

zudoku 0.3.0-dev.60 → 0.3.0-dev.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/lib/zudoku.auth-openid.js CHANGED Viewed

@@ -1,112 +1,112 @@
 var Re = Object.defineProperty;
-var Pe = (e, t, n) => t in e ? Re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
-var S = (e, t, n) => Pe(e, typeof t != "symbol" ? t + "" : t, n);
+var Pe = (t, e, n) => e in t ? Re(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
+var y = (t, e, n) => Pe(t, typeof e != "symbol" ? e + "" : e, n);
 import { b as xe, j as T } from "./jsx-runtime-BIr0WBt_.js";
-import { c as Le, a as Ue } from "./_commonjsHelpers-BVfed4GL.js";
-import { A as Ce } from "./AuthenticationPlugin-CG6Bw32B.js";
-import { useRef as je, useState as Je, useEffect as ze } from "react";
+import { c as Ue, a as Le } from "./_commonjsHelpers-BVfed4GL.js";
+import { A as Ce } from "./AuthenticationPlugin-RvXALgvS.js";
+import { useRef as je, useState as ze, useEffect as Je } from "react";
 import { u as re } from "./state-DKdaQzvh.js";
 var he = { exports: {} };
-(function(e) {
-  (function(t, n) {
-    e.exports ? e.exports = n() : t.log = n();
-  })(Le, function() {
-    var t = function() {
-    }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
+(function(t) {
+  (function(e, n) {
+    t.exports ? t.exports = n() : e.log = n();
+  })(Ue, function() {
+    var e = function() {
+    }, n = "undefined", r = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
       "trace",
       "debug",
       "info",
       "warn",
       "error"
-    ], r = {}, i = null;
-    function d(u, f) {
-      var c = u[f];
+    ], o = {}, i = null;
+    function u(l, f) {
+      var c = l[f];
       if (typeof c.bind == "function")
-        return c.bind(u);
+        return c.bind(l);
       try {
-        return Function.prototype.bind.call(c, u);
+        return Function.prototype.bind.call(c, l);
       } catch {
         return function() {
-          return Function.prototype.apply.apply(c, [u, arguments]);
+          return Function.prototype.apply.apply(c, [l, arguments]);
         };
       }
     }
     function g() {
       console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
     }
-    function m(u) {
-      return u === "debug" && (u = "log"), typeof console === n ? !1 : u === "trace" && o ? g : console[u] !== void 0 ? d(console, u) : console.log !== void 0 ? d(console, "log") : t;
+    function m(l) {
+      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && r ? g : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
     }
     function b() {
-      for (var u = this.getLevel(), f = 0; f < s.length; f++) {
+      for (var l = this.getLevel(), f = 0; f < s.length; f++) {
         var c = s[f];
-        this[c] = f < u ? t : this.methodFactory(c, u, this.name);
+        this[c] = f < l ? e : this.methodFactory(c, l, this.name);
       }
-      if (this.log = this.debug, typeof console === n && u < this.levels.SILENT)
+      if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
         return "No console available for logging";
     }
-    function y(u) {
+    function _(l) {
       return function() {
-        typeof console !== n && (b.call(this), this[u].apply(this, arguments));
+        typeof console !== n && (b.call(this), this[l].apply(this, arguments));
       };
     }
-    function h(u, f, c) {
-      return m(u) || y.apply(this, arguments);
+    function h(l, f, c) {
+      return m(l) || _.apply(this, arguments);
     }
-    function L(u, f) {
-      var c = this, z, $, P, _ = "loglevel";
-      typeof u == "string" ? _ += ":" + u : typeof u == "symbol" && (_ = void 0);
-      function Ee(l) {
-        var p = (s[l] || "silent").toUpperCase();
-        if (!(typeof window === n || !_)) {
+    function U(l, f) {
+      var c = this, J, $, P, v = "loglevel";
+      typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
+      function Ee(d) {
+        var p = (s[d] || "silent").toUpperCase();
+        if (!(typeof window === n || !v)) {
           try {
-            window.localStorage[_] = p;
+            window.localStorage[v] = p;
             return;
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(_) + "=" + p + ";";
+            window.document.cookie = encodeURIComponent(v) + "=" + p + ";";
           } catch {
           }
         }
       }
       function ee() {
-        var l;
-        if (!(typeof window === n || !_)) {
+        var d;
+        if (!(typeof window === n || !v)) {
           try {
-            l = window.localStorage[_];
+            d = window.localStorage[v];
           } catch {
           }
-          if (typeof l === n)
+          if (typeof d === n)
             try {
-              var p = window.document.cookie, O = encodeURIComponent(_), ne = p.indexOf(O + "=");
-              ne !== -1 && (l = /^([^;]+)/.exec(
+              var p = window.document.cookie, O = encodeURIComponent(v), ne = p.indexOf(O + "=");
+              ne !== -1 && (d = /^([^;]+)/.exec(
                 p.slice(ne + O.length + 1)
               )[1]);
             } catch {
             }
-          return c.levels[l] === void 0 && (l = void 0), l;
+          return c.levels[d] === void 0 && (d = void 0), d;
         }
       }
       function Te() {
-        if (!(typeof window === n || !_)) {
+        if (!(typeof window === n || !v)) {
           try {
-            window.localStorage.removeItem(_);
+            window.localStorage.removeItem(v);
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(_) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
+            window.document.cookie = encodeURIComponent(v) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
           } catch {
           }
         }
       }
-      function U(l) {
-        var p = l;
+      function L(d) {
+        var p = d;
         if (typeof p == "string" && c.levels[p.toUpperCase()] !== void 0 && (p = c.levels[p.toUpperCase()]), typeof p == "number" && p >= 0 && p <= c.levels.SILENT)
           return p;
-        throw new TypeError("log.setLevel() called with invalid level: " + l);
+        throw new TypeError("log.setLevel() called with invalid level: " + d);
       }
-      c.name = u, c.levels = {
+      c.name = l, c.levels = {
         TRACE: 0,
         DEBUG: 1,
         INFO: 2,
@@ -114,32 +114,32 @@ var he = { exports: {} };
         ERROR: 4,
         SILENT: 5
       }, c.methodFactory = f || h, c.getLevel = function() {
-        return P ?? $ ?? z;
-      }, c.setLevel = function(l, p) {
-        return P = U(l), p !== !1 && Ee(P), b.call(c);
-      }, c.setDefaultLevel = function(l) {
-        $ = U(l), ee() || c.setLevel(l, !1);
+        return P ?? $ ?? J;
+      }, c.setLevel = function(d, p) {
+        return P = L(d), p !== !1 && Ee(P), b.call(c);
+      }, c.setDefaultLevel = function(d) {
+        $ = L(d), ee() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
         P = null, Te(), b.call(c);
-      }, c.enableAll = function(l) {
-        c.setLevel(c.levels.TRACE, l);
-      }, c.disableAll = function(l) {
-        c.setLevel(c.levels.SILENT, l);
+      }, c.enableAll = function(d) {
+        c.setLevel(c.levels.TRACE, d);
+      }, c.disableAll = function(d) {
+        c.setLevel(c.levels.SILENT, d);
       }, c.rebuild = function() {
-        if (i !== c && (z = U(i.getLevel())), b.call(c), i === c)
-          for (var l in r)
-            r[l].rebuild();
-      }, z = U(
+        if (i !== c && (J = L(i.getLevel())), b.call(c), i === c)
+          for (var d in o)
+            o[d].rebuild();
+      }, J = L(
         i ? i.getLevel() : "WARN"
       );
       var te = ee();
-      te != null && (P = U(te)), b.call(c);
+      te != null && (P = L(te)), b.call(c);
     }
-    i = new L(), i.getLogger = function(f) {
+    i = new U(), i.getLogger = function(f) {
       if (typeof f != "symbol" && typeof f != "string" || f === "")
         throw new TypeError("You must supply a name when creating a logger.");
-      var c = r[f];
-      return c || (c = r[f] = new L(
+      var c = o[f];
+      return c || (c = o[f] = new U(
         f,
         i.methodFactory
       )), c;
@@ -148,127 +148,127 @@ var he = { exports: {} };
     return i.noConflict = function() {
       return typeof window !== n && window.log === i && (window.log = R), i;
     }, i.getLoggers = function() {
-      return r;
+      return o;
     }, i.default = i, i;
   });
 })(he);
 var Oe = he.exports;
-const oe = /* @__PURE__ */ Ue(Oe);
+const oe = /* @__PURE__ */ Le(Oe);
 let M;
 var I, de;
 (typeof navigator > "u" || !((de = (I = navigator.userAgent) == null ? void 0 : I.startsWith) != null && de.call(I, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
-function q(e, t) {
-  if (e == null)
+function q(t, e) {
+  if (t == null)
     return !1;
   try {
-    return e instanceof t || Object.getPrototypeOf(e)[Symbol.toStringTag] === t.prototype[Symbol.toStringTag];
+    return t instanceof e || Object.getPrototypeOf(t)[Symbol.toStringTag] === e.prototype[Symbol.toStringTag];
   } catch {
     return !1;
   }
 }
 const K = Symbol(), Ie = Symbol(), V = Symbol(), Ne = new TextEncoder(), Ke = new TextDecoder();
-function A(e) {
-  return typeof e == "string" ? Ne.encode(e) : Ke.decode(e);
+function A(t) {
+  return typeof t == "string" ? Ne.encode(t) : Ke.decode(t);
 }
 const ie = 32768;
-function We(e) {
-  e instanceof ArrayBuffer && (e = new Uint8Array(e));
-  const t = [];
-  for (let n = 0; n < e.byteLength; n += ie)
-    t.push(String.fromCharCode.apply(null, e.subarray(n, n + ie)));
-  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function De(e) {
+function We(t) {
+  t instanceof ArrayBuffer && (t = new Uint8Array(t));
+  const e = [];
+  for (let n = 0; n < t.byteLength; n += ie)
+    e.push(String.fromCharCode.apply(null, t.subarray(n, n + ie)));
+  return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function De(t) {
   try {
-    const t = atob(e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(t.length);
-    for (let o = 0; o < t.length; o++)
-      n[o] = t.charCodeAt(o);
+    const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
+    for (let r = 0; r < e.length; r++)
+      n[r] = e.charCodeAt(r);
     return n;
-  } catch (t) {
-    throw new a("The input to be decoded is not correctly encoded.", { cause: t });
+  } catch (e) {
+    throw new a("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function E(e) {
-  return typeof e == "string" ? De(e) : We(e);
+function E(t) {
+  return typeof t == "string" ? De(t) : We(t);
 }
 class He {
-  constructor(t) {
-    this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = t;
+  constructor(e) {
+    this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
-  get(t) {
-    let n = this.cache.get(t);
+  get(e) {
+    let n = this.cache.get(e);
     if (n)
       return n;
-    if (n = this._cache.get(t))
-      return this.update(t, n), n;
+    if (n = this._cache.get(e))
+      return this.update(e, n), n;
   }
-  has(t) {
-    return this.cache.has(t) || this._cache.has(t);
+  has(e) {
+    return this.cache.has(e) || this._cache.has(e);
   }
-  set(t, n) {
-    return this.cache.has(t) ? this.cache.set(t, n) : this.update(t, n), this;
+  set(e, n) {
+    return this.cache.has(e) ? this.cache.set(e, n) : this.update(e, n), this;
   }
-  delete(t) {
-    return this.cache.has(t) ? this.cache.delete(t) : this._cache.has(t) ? this._cache.delete(t) : !1;
+  delete(e) {
+    return this.cache.has(e) ? this.cache.delete(e) : this._cache.has(e) ? this._cache.delete(e) : !1;
   }
-  update(t, n) {
-    this.cache.set(t, n), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
+  update(e, n) {
+    this.cache.set(e, n), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
   }
 }
-class v extends Error {
-  constructor(t) {
+class S extends Error {
+  constructor(e) {
     var n;
-    super(t ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
+    super(e ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
 class $e extends Error {
-  constructor(t, n) {
-    var o;
-    super(t, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
+  constructor(e, n) {
+    var r;
+    super(e, n), this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
 const a = $e, fe = new He(100);
-function pe(e) {
-  return e instanceof CryptoKey;
+function pe(t) {
+  return t instanceof CryptoKey;
 }
-function we(e) {
-  return pe(e) && e.type === "private";
+function we(t) {
+  return pe(t) && t.type === "private";
 }
-function Fe(e) {
-  return pe(e) && e.type === "public";
+function Fe(t) {
+  return pe(t) && t.type === "public";
 }
-function Y(e) {
+function Y(t) {
   try {
-    const t = e.headers.get("dpop-nonce");
-    t && fe.set(new URL(e.url).origin, t);
+    const e = t.headers.get("dpop-nonce");
+    e && fe.set(new URL(t.url).origin, e);
   } catch {
   }
-  return e;
+  return t;
 }
-function C(e) {
-  return !(e === null || typeof e != "object" || Array.isArray(e));
+function C(t) {
+  return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function W(e) {
-  q(e, Headers) && (e = Object.fromEntries(e.entries()));
-  const t = new Headers(e);
-  if (M && !t.has("user-agent") && t.set("user-agent", M), t.has("authorization"))
+function W(t) {
+  q(t, Headers) && (t = Object.fromEntries(t.entries()));
+  const e = new Headers(t);
+  if (M && !e.has("user-agent") && e.set("user-agent", M), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
-  if (t.has("dpop"))
+  if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
-  return t;
+  return e;
 }
-function Z(e) {
-  if (typeof e == "function" && (e = e()), !(e instanceof AbortSignal))
+function Z(t) {
+  if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
-  return e;
+  return t;
 }
-async function Me(e, t) {
-  if (!(e instanceof URL))
+async function Me(t, e) {
+  if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
-  if (e.protocol !== "https:" && e.protocol !== "http:")
+  if (t.protocol !== "https:" && t.protocol !== "http:")
     throw new TypeError('"issuer.protocol" must be "https:" or "http:"');
-  const n = new URL(e.href);
-  switch (t == null ? void 0 : t.algorithm) {
+  const n = new URL(t.href);
+  switch (e == null ? void 0 : e.algorithm) {
     case void 0:
     case "oidc":
       n.pathname = `${n.pathname}/.well-known/openid-configuration`.replace("//", "/");
@@ -279,36 +279,36 @@ async function Me(e, t) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const o = W(t == null ? void 0 : t.headers);
-  return o.set("accept", "application/json"), ((t == null ? void 0 : t[V]) || fetch)(n.href, {
-    headers: Object.fromEntries(o.entries()),
+  const r = W(e == null ? void 0 : e.headers);
+  return r.set("accept", "application/json"), ((e == null ? void 0 : e[V]) || fetch)(n.href, {
+    headers: Object.fromEntries(r.entries()),
     method: "GET",
     redirect: "manual",
-    signal: t != null && t.signal ? Z(t.signal) : null
+    signal: e != null && e.signal ? Z(e.signal) : null
   }).then(Y);
 }
-function w(e) {
-  return typeof e == "string" && e.length !== 0;
+function w(t) {
+  return typeof t == "string" && t.length !== 0;
 }
-async function Be(e, t) {
-  if (!(e instanceof URL))
+async function Be(t, e) {
+  if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!q(t, Response))
+  if (!q(e, Response))
     throw new TypeError('"response" must be an instance of Response');
-  if (t.status !== 200)
+  if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  X(t);
+  X(e);
   let n;
   try {
-    n = await t.json();
-  } catch (o) {
-    throw new a('failed to parse "response" body as JSON', { cause: o });
+    n = await e.json();
+  } catch (r) {
+    throw new a('failed to parse "response" body as JSON', { cause: r });
   }
   if (!C(n))
     throw new a('"response" body must be a top level object');
   if (!w(n.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
-  if (new URL(n.issuer).href !== e.href)
+  if (new URL(n.issuer).href !== t.href)
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
   return n;
 }
@@ -321,29 +321,29 @@ function Ge() {
 function qe() {
   return D();
 }
-async function Ve(e) {
-  if (!w(e))
+async function Ve(t) {
+  if (!w(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return E(await crypto.subtle.digest("SHA-256", A(e)));
+  return E(await crypto.subtle.digest("SHA-256", A(t)));
 }
-function Ye(e) {
-  if (e instanceof CryptoKey)
-    return { key: e };
-  if (!((e == null ? void 0 : e.key) instanceof CryptoKey))
+function Ye(t) {
+  if (t instanceof CryptoKey)
+    return { key: t };
+  if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
     return {};
-  if (e.kid !== void 0 && !w(e.kid))
+  if (t.kid !== void 0 && !w(t.kid))
     throw new TypeError('"kid" must be a non-empty string');
-  return { key: e.key, kid: e.kid };
+  return { key: t.key, kid: t.kid };
 }
-function se(e) {
-  return encodeURIComponent(e).replace(/%20/g, "+");
+function se(t) {
+  return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function Ze(e, t) {
-  const n = se(e), o = se(t);
-  return `Basic ${btoa(`${n}:${o}`)}`;
+function Ze(t, e) {
+  const n = se(t), r = se(e);
+  return `Basic ${btoa(`${n}:${r}`)}`;
 }
-function Qe(e) {
-  switch (e.algorithm.hash.name) {
+function Qe(t) {
+  switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
     case "SHA-384":
@@ -351,11 +351,11 @@ function Qe(e) {
     case "SHA-512":
       return "PS512";
     default:
-      throw new v("unsupported RsaHashedKeyAlgorithm hash name");
+      throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Xe(e) {
-  switch (e.algorithm.hash.name) {
+function Xe(t) {
+  switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
     case "SHA-384":
@@ -363,11 +363,11 @@ function Xe(e) {
     case "SHA-512":
       return "RS512";
     default:
-      throw new v("unsupported RsaHashedKeyAlgorithm hash name");
+      throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function et(e) {
-  switch (e.algorithm.namedCurve) {
+function et(t) {
+  switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
     case "P-384":
@@ -375,205 +375,205 @@ function et(e) {
     case "P-521":
       return "ES512";
     default:
-      throw new v("unsupported EcKeyAlgorithm namedCurve");
+      throw new S("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function ge(e) {
-  switch (e.algorithm.name) {
+function ge(t) {
+  switch (t.algorithm.name) {
     case "RSA-PSS":
-      return Qe(e);
+      return Qe(t);
     case "RSASSA-PKCS1-v1_5":
-      return Xe(e);
+      return Xe(t);
     case "ECDSA":
-      return et(e);
+      return et(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
     default:
-      throw new v("unsupported CryptoKey algorithm name");
+      throw new S("unsupported CryptoKey algorithm name");
   }
 }
-function H(e) {
-  const t = e == null ? void 0 : e[K];
-  return typeof t == "number" && Number.isFinite(t) ? t : 0;
+function H(t) {
+  const e = t == null ? void 0 : t[K];
+  return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
-function tt(e) {
-  const t = e == null ? void 0 : e[Ie];
-  return typeof t == "number" && Number.isFinite(t) && Math.sign(t) !== -1 ? t : 30;
+function tt(t) {
+  const e = t == null ? void 0 : t[Ie];
+  return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
 function Q() {
   return Math.floor(Date.now() / 1e3);
 }
-function nt(e, t) {
-  const n = Q() + H(t);
+function nt(t, e) {
+  const n = Q() + H(e);
   return {
     jti: D(),
-    aud: [e.issuer, e.token_endpoint],
+    aud: [t.issuer, t.token_endpoint],
     exp: n + 60,
     iat: n,
     nbf: n,
-    iss: t.client_id,
-    sub: t.client_id
+    iss: e.client_id,
+    sub: e.client_id
   };
 }
-async function rt(e, t, n, o) {
+async function rt(t, e, n, r) {
   return me({
     alg: ge(n),
-    kid: o
-  }, nt(e, t), n);
+    kid: r
+  }, nt(t, e), n);
 }
-function j(e) {
-  if (typeof e != "object" || e === null)
+function j(t) {
+  if (typeof t != "object" || t === null)
     throw new TypeError('"as" must be an object');
-  if (!w(e.issuer))
+  if (!w(t.issuer))
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function J(e) {
-  if (typeof e != "object" || e === null)
+function z(t) {
+  if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
-  if (!w(e.client_id))
+  if (!w(t.client_id))
     throw new TypeError('"client.client_id" property must be a non-empty string');
   return !0;
 }
-function ae(e) {
-  if (!w(e))
+function ae(t) {
+  if (!w(t))
     throw new TypeError('"client.client_secret" property must be a non-empty string');
-  return e;
+  return t;
 }
-function F(e, t) {
-  if (t !== void 0)
-    throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${e} client authentication method is used.`);
+function F(t, e) {
+  if (e !== void 0)
+    throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
-function ce(e, t) {
-  if (t !== void 0)
-    throw new TypeError(`"client.client_secret" property must not be provided when ${e} client authentication method is used.`);
+function ce(t, e) {
+  if (e !== void 0)
+    throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function ot(e, t, n, o, s) {
-  switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), t.token_endpoint_auth_method) {
+async function ot(t, e, n, r, s) {
+  switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      F("client_secret_basic", s), o.set("authorization", Ze(t.client_id, ae(t.client_secret)));
+      F("client_secret_basic", s), r.set("authorization", Ze(e.client_id, ae(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      F("client_secret_post", s), n.set("client_id", t.client_id), n.set("client_secret", ae(t.client_secret));
+      F("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ae(e.client_secret));
       break;
     }
     case "private_key_jwt": {
-      if (ce("private_key_jwt", t.client_secret), s === void 0)
+      if (ce("private_key_jwt", e.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: r, kid: i } = Ye(s);
-      if (!we(r))
+      const { key: o, kid: i } = Ye(s);
+      if (!we(o))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", t.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await rt(e, t, r, i));
+      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await rt(t, e, o, i));
       break;
     }
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ce(t.token_endpoint_auth_method, t.client_secret), F(t.token_endpoint_auth_method, s), n.set("client_id", t.client_id);
+      ce(e.token_endpoint_auth_method, e.client_secret), F(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
       break;
     }
     default:
-      throw new v("unsupported client token_endpoint_auth_method");
+      throw new S("unsupported client token_endpoint_auth_method");
   }
 }
-async function me(e, t, n) {
+async function me(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${E(A(JSON.stringify(e)))}.${E(A(JSON.stringify(t)))}`, s = E(await crypto.subtle.sign(Se(n), n, A(o)));
-  return `${o}.${s}`;
+  const r = `${E(A(JSON.stringify(t)))}.${E(A(JSON.stringify(e)))}`, s = E(await crypto.subtle.sign(Se(n), n, A(r)));
+  return `${r}.${s}`;
 }
-async function it(e, t, n, o, s, r) {
-  const { privateKey: i, publicKey: d, nonce: g = fe.get(n.origin) } = t;
+async function it(t, e, n, r, s, o) {
+  const { privateKey: i, publicKey: u, nonce: g = fe.get(n.origin) } = e;
   if (!we(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!Fe(d))
+  if (!Fe(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
   if (g !== void 0 && !w(g))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
-  if (!d.extractable)
+  if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
   const m = Q() + s, b = await me({
     alg: ge(i),
     typ: "dpop+jwt",
-    jwk: await at(d)
+    jwk: await at(u)
   }, {
     iat: m,
     jti: D(),
-    htm: o,
+    htm: r,
     nonce: g,
     htu: `${n.origin}${n.pathname}`,
-    ath: r ? E(await crypto.subtle.digest("SHA-256", A(r))) : void 0
+    ath: o ? E(await crypto.subtle.digest("SHA-256", A(o))) : void 0
   }, i);
-  e.set("dpop", b);
+  t.set("dpop", b);
 }
 let N;
-async function st(e) {
-  const { kty: t, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", e), d = { kty: t, e: n, n: o, x: s, y: r, crv: i };
-  return N.set(e, d), d;
+async function st(t) {
+  const { kty: e, e: n, n: r, x: s, y: o, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: r, x: s, y: o, crv: i };
+  return N.set(t, u), u;
 }
-async function at(e) {
-  return N || (N = /* @__PURE__ */ new WeakMap()), N.get(e) || st(e);
+async function at(t) {
+  return N || (N = /* @__PURE__ */ new WeakMap()), N.get(t) || st(t);
 }
-function ct(e, t, n) {
-  if (typeof e != "string")
-    throw new TypeError(`"as.${t}" must be a string`);
-  return new URL(e);
+function ct(t, e, n) {
+  if (typeof t != "string")
+    throw new TypeError(`"as.${e}" must be a string`);
+  return new URL(t);
 }
-function ye(e, t, n) {
-  return ct(e[t], t);
+function ye(t, e, n) {
+  return ct(t[e], e);
 }
-function B(e) {
-  const t = e;
-  return typeof t != "object" || Array.isArray(t) || t === null ? !1 : t.error !== void 0;
+function B(t) {
+  const e = t;
+  return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function ut(e, t, n, o, s, r) {
-  if (!w(e))
+async function ut(t, e, n, r, s, o) {
+  if (!w(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = W(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${e}`) : (await it(o, r.DPoP, n, "GET", H({ [K]: r == null ? void 0 : r[K] }), e), o.set("authorization", `DPoP ${e}`)), ((r == null ? void 0 : r[V]) || fetch)(n.href, {
+  return r = W(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await it(r, o.DPoP, n, "GET", H({ [K]: o == null ? void 0 : o[K] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[V]) || fetch)(n.href, {
     body: s,
-    headers: Object.fromEntries(o.entries()),
-    method: t,
+    headers: Object.fromEntries(r.entries()),
+    method: e,
     redirect: "manual",
-    signal: r != null && r.signal ? Z(r.signal) : null
+    signal: o != null && o.signal ? Z(o.signal) : null
   }).then(Y);
 }
-async function lt(e, t, n, o) {
-  j(e), J(t);
-  const s = ye(e, "userinfo_endpoint"), r = W(o == null ? void 0 : o.headers);
-  return t.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), ut(n, "GET", s, r, null, {
-    ...o,
-    [K]: H(t)
+async function lt(t, e, n, r) {
+  j(t), z(e);
+  const s = ye(t, "userinfo_endpoint"), o = W(r == null ? void 0 : r.headers);
+  return e.userinfo_signed_response_alg ? o.set("accept", "application/jwt") : (o.set("accept", "application/json"), o.append("accept", "application/jwt")), ut(n, "GET", s, o, null, {
+    ...r,
+    [K]: H(e)
   });
 }
-async function dt(e, t, n, o, s, r, i) {
-  return await ot(e, t, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[V]) || fetch)(o.href, {
+async function dt(t, e, n, r, s, o, i) {
+  return await ot(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[V]) || fetch)(r.href, {
     body: s,
-    headers: Object.fromEntries(r.entries()),
+    headers: Object.fromEntries(o.entries()),
     method: n,
     redirect: "manual",
     signal: i != null && i.signal ? Z(i.signal) : null
   }).then(Y);
 }
-async function be(e, t, n, o, s) {
-  const r = ye(e, "token_endpoint");
-  o.set("grant_type", n);
+async function _e(t, e, n, r, s) {
+  const o = ye(t, "token_endpoint");
+  r.set("grant_type", n);
   const i = W(s == null ? void 0 : s.headers);
-  return i.set("accept", "application/json"), dt(e, t, "POST", r, o, i, s);
+  return i.set("accept", "application/json"), dt(t, e, "POST", o, r, i, s);
 }
-async function ht(e, t, n, o) {
-  if (j(e), J(t), !w(n))
+async function ht(t, e, n, r) {
+  if (j(t), z(e), !w(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
-  const s = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
-  return s.set("refresh_token", n), be(e, t, "refresh_token", s, o);
+  const s = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
+  return s.set("refresh_token", n), _e(t, e, "refresh_token", s, r);
 }
 const ft = /* @__PURE__ */ new WeakMap();
-async function _e(e, t, n, o = !1, s = !1) {
-  if (j(e), J(t), !q(n, Response))
+async function be(t, e, n, r = !1, s = !1) {
+  if (j(t), z(e), !q(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
@@ -582,74 +582,74 @@ async function _e(e, t, n, o = !1, s = !1) {
     throw new a('"response" is not a conform Token Endpoint response');
   }
   X(n);
-  let r;
+  let o;
   try {
-    r = await n.json();
+    o = await n.json();
   } catch (i) {
     throw new a('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!C(r))
+  if (!C(o))
     throw new a('"response" body must be a top level object');
-  if (!w(r.access_token))
+  if (!w(o.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
-  if (!w(r.token_type))
+  if (!w(o.token_type))
     throw new a('"response" body "token_type" property must be a non-empty string');
-  if (r.token_type = r.token_type.toLowerCase(), r.token_type !== "dpop" && r.token_type !== "bearer")
-    throw new v("unsupported `token_type` value");
-  if (r.expires_in !== void 0 && (typeof r.expires_in != "number" || r.expires_in <= 0))
+  if (o.token_type = o.token_type.toLowerCase(), o.token_type !== "dpop" && o.token_type !== "bearer")
+    throw new S("unsupported `token_type` value");
+  if (o.expires_in !== void 0 && (typeof o.expires_in != "number" || o.expires_in <= 0))
     throw new a('"response" body "expires_in" property must be a positive number');
-  if (!s && r.refresh_token !== void 0 && !w(r.refresh_token))
+  if (!s && o.refresh_token !== void 0 && !w(o.refresh_token))
     throw new a('"response" body "refresh_token" property must be a non-empty string');
-  if (r.scope !== void 0 && typeof r.scope != "string")
+  if (o.scope !== void 0 && typeof o.scope != "string")
     throw new a('"response" body "scope" property must be a string');
-  if (!o) {
-    if (r.id_token !== void 0 && !w(r.id_token))
+  if (!r) {
+    if (o.id_token !== void 0 && !w(o.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
-    if (r.id_token) {
-      const { claims: i } = await Et(r.id_token, Tt.bind(void 0, t.id_token_signed_response_alg, e.id_token_signing_alg_values_supported), ke, H(t), tt(t)).then(_t.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, e.issuer)).then(wt.bind(void 0, t.client_id));
-      if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== t.client_id)
+    if (o.id_token) {
+      const { claims: i } = await Et(o.id_token, Tt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, H(e), tt(e)).then(bt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, t.issuer)).then(wt.bind(void 0, e.client_id));
+      if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      ft.set(r, i);
+      ft.set(o, i);
     }
   }
-  return r;
+  return o;
 }
-async function pt(e, t, n) {
-  return _e(e, t, n);
+async function pt(t, e, n) {
+  return be(t, e, n);
 }
-function wt(e, t) {
-  if (Array.isArray(t.claims.aud)) {
-    if (!t.claims.aud.includes(e))
+function wt(t, e) {
+  if (Array.isArray(e.claims.aud)) {
+    if (!e.claims.aud.includes(t))
       throw new a('unexpected JWT "aud" (audience) claim value');
-  } else if (t.claims.aud !== e)
+  } else if (e.claims.aud !== t)
     throw new a('unexpected JWT "aud" (audience) claim value');
-  return t;
+  return e;
 }
-function gt(e, t) {
-  if (t.claims.iss !== e)
+function gt(t, e) {
+  if (e.claims.iss !== t)
     throw new a('unexpected JWT "iss" (issuer) claim value');
-  return t;
+  return e;
 }
 const ve = /* @__PURE__ */ new WeakSet();
-function mt(e) {
-  return ve.add(e), e;
+function mt(t) {
+  return ve.add(t), t;
 }
-async function yt(e, t, n, o, s, r) {
-  if (j(e), J(t), !ve.has(n))
+async function yt(t, e, n, r, s, o) {
+  if (j(t), z(e), !ve.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
-  if (!w(o))
+  if (!w(r))
     throw new TypeError('"redirectUri" must be a non-empty string');
   if (!w(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   const i = k(n, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
-  const d = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
-  return d.set("redirect_uri", o), d.set("code_verifier", s), d.set("code", i), be(e, t, "authorization_code", d, r);
+  const u = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
+  return u.set("redirect_uri", r), u.set("code_verifier", s), u.set("code", i), _e(t, e, "authorization_code", u, o);
 }
-const bt = {
+const _t = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -665,44 +665,44 @@ const bt = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function _t(e, t) {
-  for (const n of e)
-    if (t.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${bt[n]}) claim missing`);
-  return t;
+function bt(t, e) {
+  for (const n of t)
+    if (e.claims[n] === void 0)
+      throw new a(`JWT "${n}" (${_t[n]}) claim missing`);
+  return e;
 }
-async function vt(e, t, n) {
-  const o = await _e(e, t, n, !0);
-  if (B(o))
-    return o;
-  if (o.id_token !== void 0) {
-    if (typeof o.id_token == "string" && o.id_token.length)
+async function vt(t, e, n) {
+  const r = await be(t, e, n, !0);
+  if (B(r))
+    return r;
+  if (r.id_token !== void 0) {
+    if (typeof r.id_token == "string" && r.id_token.length)
       throw new a("Unexpected ID Token returned, use processAuthorizationCodeOpenIDResponse() for OpenID Connect callback processing");
-    delete o.id_token;
+    delete r.id_token;
   }
-  return o;
+  return r;
 }
-function X(e) {
-  if (e.bodyUsed)
+function X(t) {
+  if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function St(e) {
-  if (e.status > 399 && e.status < 500) {
-    X(e);
+async function St(t) {
+  if (t.status > 399 && t.status < 500) {
+    X(t);
     try {
-      const t = await e.json();
-      if (C(t) && typeof t.error == "string" && t.error.length)
-        return t.error_description !== void 0 && typeof t.error_description != "string" && delete t.error_description, t.error_uri !== void 0 && typeof t.error_uri != "string" && delete t.error_uri, t.algs !== void 0 && typeof t.algs != "string" && delete t.algs, t.scope !== void 0 && typeof t.scope != "string" && delete t.scope, t;
+      const e = await t.json();
+      if (C(e) && typeof e.error == "string" && e.error.length)
+        return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
   }
 }
-function ue(e) {
-  if (typeof e.modulusLength != "number" || e.modulusLength < 2048)
-    throw new a(`${e.name} modulusLength must be at least 2048 bits`);
+function ue(t) {
+  if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
+    throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function kt(e) {
-  switch (e) {
+function kt(t) {
+  switch (t) {
     case "P-256":
       return "SHA-256";
     case "P-384":
@@ -710,59 +710,59 @@ function kt(e) {
     case "P-521":
       return "SHA-512";
     default:
-      throw new v();
+      throw new S();
   }
 }
-function Se(e) {
-  switch (e.algorithm.name) {
+function Se(t) {
+  switch (t.algorithm.name) {
     case "ECDSA":
       return {
-        name: e.algorithm.name,
-        hash: kt(e.algorithm.namedCurve)
+        name: t.algorithm.name,
+        hash: kt(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (ue(e.algorithm), e.algorithm.hash.name) {
+      switch (ue(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
           return {
-            name: e.algorithm.name,
-            saltLength: parseInt(e.algorithm.hash.name.slice(-3), 10) >> 3
+            name: t.algorithm.name,
+            saltLength: parseInt(t.algorithm.hash.name.slice(-3), 10) >> 3
           };
         default:
-          throw new v();
+          throw new S();
       }
     case "RSASSA-PKCS1-v1_5":
-      return ue(e.algorithm), e.algorithm.name;
+      return ue(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
-      return e.algorithm.name;
+      return t.algorithm.name;
   }
-  throw new v();
+  throw new S();
 }
 const ke = Symbol();
-async function Et(e, t, n, o, s) {
-  const { 0: r, 1: i, 2: d, length: g } = e.split(".");
+async function Et(t, e, n, r, s) {
+  const { 0: o, 1: i, 2: u, length: g } = t.split(".");
   if (g === 5)
-    throw new v("JWE structure JWTs are not supported");
+    throw new S("JWE structure JWTs are not supported");
   if (g !== 3)
     throw new a("Invalid JWT");
   let m;
   try {
-    m = JSON.parse(A(E(r)));
+    m = JSON.parse(A(E(o)));
   } catch (R) {
     throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: R });
   }
   if (!C(m))
     throw new a("JWT Header must be a top level object");
-  if (t(m), m.crit !== void 0)
+  if (e(m), m.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const b = E(d);
-  let y;
+  const b = E(u);
+  let _;
   if (n !== ke) {
-    y = await n(m);
-    const R = `${r}.${i}`;
-    if (!await crypto.subtle.verify(Se(y), y, b, A(R)))
+    _ = await n(m);
+    const R = `${o}.${i}`;
+    if (!await crypto.subtle.verify(Se(_), _, b, A(R)))
       throw new a("JWT signature verification failed");
   }
   let h;
@@ -773,11 +773,11 @@ async function Et(e, t, n, o, s) {
   }
   if (!C(h))
     throw new a("JWT Payload must be a top level object");
-  const L = Q() + o;
+  const U = Q() + r;
   if (h.exp !== void 0) {
     if (typeof h.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
-    if (h.exp <= L - s)
+    if (h.exp <= U - s)
       throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
   if (h.iat !== void 0 && typeof h.iat != "number")
@@ -787,58 +787,58 @@ async function Et(e, t, n, o, s) {
   if (h.nbf !== void 0) {
     if (typeof h.nbf != "number")
       throw new a('unexpected JWT "nbf" (not before) claim type');
-    if (h.nbf > L + s)
+    if (h.nbf > U + s)
       throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
   if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: m, claims: h, signature: b, key: y };
+  return { header: m, claims: h, signature: b, key: _ };
 }
-function Tt(e, t, n) {
-  if (e !== void 0) {
-    if (n.alg !== e)
+function Tt(t, e, n) {
+  if (t !== void 0) {
+    if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
     return;
   }
-  if (Array.isArray(t)) {
-    if (!t.includes(n.alg))
+  if (Array.isArray(e)) {
+    if (!e.includes(n.alg))
       throw new a('unexpected JWT "alg" header parameter');
     return;
   }
   if (n.alg !== "RS256")
     throw new a('unexpected JWT "alg" header parameter');
 }
-function k(e, t) {
-  const { 0: n, length: o } = e.getAll(t);
-  if (o > 1)
-    throw new a(`"${t}" parameter must be provided only once`);
+function k(t, e) {
+  const { 0: n, length: r } = t.getAll(e);
+  if (r > 1)
+    throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
 const At = Symbol(), Rt = Symbol();
-function Pt(e, t, n, o) {
-  if (j(e), J(t), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+function Pt(t, e, n, r) {
+  if (j(t), z(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
   if (k(n, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const s = k(n, "iss"), r = k(n, "state");
-  if (!s && e.authorization_response_iss_parameter_supported)
+  const s = k(n, "iss"), o = k(n, "state");
+  if (!s && t.authorization_response_iss_parameter_supported)
     throw new a('response parameter "iss" (issuer) missing');
-  if (s && s !== e.issuer)
+  if (s && s !== t.issuer)
     throw new a('unexpected "iss" (issuer) response parameter value');
-  switch (o) {
+  switch (r) {
     case void 0:
     case Rt:
-      if (r !== void 0)
+      if (o !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
     case At:
       break;
     default:
-      if (!w(o))
+      if (!w(r))
         throw new a('"expectedState" must be a non-empty string');
-      if (r === void 0)
+      if (o === void 0)
         throw new a('response parameter "state" missing');
-      if (r !== o)
+      if (o !== r)
         throw new a('unexpected "state" response parameter value');
   }
   const i = k(n, "error");
@@ -848,27 +848,27 @@ function Pt(e, t, n, o) {
       error_description: k(n, "error_description"),
       error_uri: k(n, "error_uri")
     };
-  const d = k(n, "id_token"), g = k(n, "token");
-  if (d !== void 0 || g !== void 0)
-    throw new v("implicit and hybrid flows are not supported");
+  const u = k(n, "id_token"), g = k(n, "token");
+  if (u !== void 0 || g !== void 0)
+    throw new S("implicit and hybrid flows are not supported");
   return mt(new URLSearchParams(n));
 }
 class x extends Error {
 }
 class G extends x {
-  constructor(t, n, o) {
-    super(t, o), this.error = n;
+  constructor(e, n, r) {
+    super(e, r), this.error = n;
   }
 }
 function xt({
-  handleCallback: e
+  handleCallback: t
 }) {
-  const t = je(!1), [n, o] = Je(void 0), s = xe();
-  return ze(() => {
-    t.current || (t.current = !0, e().then(() => {
+  const e = je(!1), [n, r] = ze(void 0), s = xe();
+  return Je(() => {
+    e.current || (e.current = !0, t().then(() => {
       s("/");
-    }).catch((r) => {
-      o(r);
+    }).catch((o) => {
+      r(o);
     }));
   }, []), n ? n instanceof G ? /* @__PURE__ */ T.jsxs("div", { children: [
     /* @__PURE__ */ T.jsx("h2", { children: "Error" }),
@@ -886,9 +886,9 @@ function xt({
   ] }) : /* @__PURE__ */ T.jsx("div", { children: "Loading..." });
 }
 const le = "code-verifier";
-class Lt extends Ce {
-  constructor(t, n) {
-    super(), this.callbackUrlPath = t, this.handleCallback = n;
+class Ut extends Ce {
+  constructor(e, n) {
+    super(), this.callbackUrlPath = e, this.handleCallback = n;
   }
   getRoutes() {
     return [
@@ -900,62 +900,68 @@ class Lt extends Ce {
     ];
   }
 }
-class Ut {
+class Lt {
   constructor({
-    issuer: t,
+    issuer: e,
     authorizationEndpoint: n,
-    tokenEndpoint: o,
-    clientId: s
+    tokenEndpoint: r,
+    clientId: s,
+    redirectToAfterSignUp: o,
+    redirectToAfterSignIn: i,
+    redirectToAfterSignOut: u
   }) {
-    S(this, "client");
-    S(this, "issuer");
-    S(this, "authorizationEndpoint");
-    S(this, "tokenEndpoint");
-    S(this, "authorizationServer");
-    S(this, "tokens");
-    S(this, "callbackUrlPath", "/oauth/callback");
-    S(this, "logoutRedirectUrlPath", "/");
-    S(this, "handleCallback", async () => {
-      const t = new URL(window.location.href), n = t.searchParams.get("state"), o = localStorage.getItem(le);
-      if (!o)
+    y(this, "client");
+    y(this, "issuer");
+    y(this, "authorizationEndpoint");
+    y(this, "tokenEndpoint");
+    y(this, "authorizationServer");
+    y(this, "tokens");
+    y(this, "callbackUrlPath", "/oauth/callback");
+    y(this, "logoutRedirectUrlPath", "/");
+    y(this, "redirectToAfterSignUp");
+    y(this, "redirectToAfterSignIn");
+    y(this, "redirectToAfterSignOut");
+    y(this, "handleCallback", async () => {
+      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = localStorage.getItem(le);
+      if (!r)
         throw new x(
           "Code verifier not found. Invalid auth state."
         );
-      const s = await this.getAuthServer(), r = Pt(
+      const s = await this.getAuthServer(), o = Pt(
         s,
         this.client,
-        t.searchParams,
+        e.searchParams,
         n ?? void 0
       );
-      if (B(r))
-        throw oe.error("Error validating OAuth response", r), new G(
+      if (B(o))
+        throw oe.error("Error validating OAuth response", o), new G(
           "Error validating OAuth response",
-          r
+          o
         );
-      const i = new URL(t);
+      const i = new URL(e);
       i.pathname = this.callbackUrlPath, i.search = "";
-      const d = await yt(
+      const u = await yt(
         s,
         this.client,
-        r,
+        o,
         i.toString(),
-        o
+        r
       ), g = await vt(
         s,
         this.client,
-        d
+        u
       );
       this.setTokensFromResponse(g);
-      const m = await this.getAccessToken(), y = await (await lt(
+      const m = await this.getAccessToken(), _ = await (await lt(
         s,
         this.client,
         m
       )).json(), h = {
-        sub: y.sub,
-        email: y.email,
-        name: y.name,
-        emailVerified: y.email_verified ?? !1,
-        pictureUrl: y.picture
+        sub: _.sub,
+        email: _.email,
+        name: _.name,
+        emailVerified: _.email_verified ?? !1,
+        pictureUrl: _.picture
       };
       re.setState({
         isAuthenticated: !0,
@@ -966,7 +972,7 @@ class Ut {
     this.client = {
       client_id: s,
       token_endpoint_auth_method: "none"
-    }, this.issuer = t, this.authorizationEndpoint = n, this.tokenEndpoint = o;
+    }, this.issuer = e, this.authorizationEndpoint = n, this.tokenEndpoint = r, this.redirectToAfterSignUp = o ?? "/", this.redirectToAfterSignIn = i ?? "/", this.redirectToAfterSignOut = u ?? "/";
   }
   async getAuthServer() {
     if (!this.authorizationServer)
@@ -978,9 +984,9 @@ class Ut {
           code_challenge_methods_supported: []
         };
       else {
-        const t = new URL(this.issuer), n = await Me(t);
+        const e = new URL(this.issuer), n = await Me(e);
         this.authorizationServer = await Be(
-          t,
+          e,
           n
         );
       }
@@ -990,39 +996,47 @@ class Ut {
    * Sets the tokens from various OAuth responses
    * @param response
    */
-  setTokensFromResponse(t) {
-    if (B(t))
-      throw oe.error("Bad Token Response", t), new G("Bad Token Response", t);
-    if (!t.expires_in)
+  setTokensFromResponse(e) {
+    if (B(e))
+      throw oe.error("Bad Token Response", e), new G("Bad Token Response", e);
+    if (!e.expires_in)
       throw new x("No expires_in in response");
     this.tokens = {
-      accessToken: t.access_token,
-      refreshToken: t.refresh_token,
-      expiresOn: new Date(Date.now() + t.expires_in * 1e3),
-      tokenType: t.token_type
+      accessToken: e.access_token,
+      refreshToken: e.refresh_token,
+      expiresOn: new Date(Date.now() + e.expires_in * 1e3),
+      tokenType: e.token_type
     };
   }
-  async login() {
-    var d;
-    const t = "S256", n = await this.getAuthServer();
-    if (!n.authorization_endpoint)
+  async signUp() {
+    return this.authorize(!0);
+  }
+  async signIn() {
+    return this.authorize();
+  }
+  async authorize(e = !1) {
+    var g;
+    const n = "S256", r = await this.getAuthServer();
+    if (!r.authorization_endpoint)
       throw new x("No authorization endpoint");
-    const o = Ge(), s = await Ve(o);
-    localStorage.setItem(le, o);
-    const r = new URL(
-      n.authorization_endpoint
-    ), i = new URL(window.location.href);
-    if (i.pathname = this.callbackUrlPath, i.search = "", r.searchParams.set("client_id", this.client.client_id), r.searchParams.set("redirect_uri", i.toString()), r.searchParams.set("response_type", "code"), r.searchParams.set("scope", "openid+profile+email"), r.searchParams.set("code_challenge", s), r.searchParams.set(
+    const s = Ge(), o = await Ve(s);
+    localStorage.setItem(le, s);
+    const i = new URL(
+      e ? r.registration_endpoint ?? r.authorization_endpoint : r.authorization_endpoint
+    ), u = new URL(
+      (e ? window.location.origin + this.redirectToAfterSignUp : window.location.origin + this.redirectToAfterSignIn) ?? window.location.href
+    );
+    if (u.pathname = this.callbackUrlPath, u.search = "", i.searchParams.set("client_id", this.client.client_id), i.searchParams.set("redirect_uri", u.toString()), i.searchParams.set("response_type", "code"), i.searchParams.set("scope", "openid+profile+email"), i.searchParams.set("code_challenge", o), i.searchParams.set(
       "code_challenge_method",
-      t
-    ), ((d = n.code_challenge_methods_supported) == null ? void 0 : d.includes("S256")) !== !0) {
-      const g = qe();
-      r.searchParams.set("state", g);
+      n
+    ), ((g = r.code_challenge_methods_supported) == null ? void 0 : g.includes("S256")) !== !0) {
+      const m = qe();
+      i.searchParams.set("state", m);
     }
-    location.href = r.href;
+    location.href = i.href;
   }
   async getAccessToken() {
-    const t = await this.getAuthServer();
+    const e = await this.getAuthServer();
     if (!this.tokens)
       throw new x("User is not authenticated");
     if (this.tokens.expiresOn < /* @__PURE__ */ new Date()) {
@@ -1031,42 +1045,44 @@ class Ut {
           "Token expired and no refresh token available"
         );
       const n = await ht(
-        t,
+        e,
         this.client,
         this.tokens.refreshToken
-      ), o = await pt(
-        t,
+      ), r = await pt(
+        e,
         this.client,
         n
       );
-      this.setTokensFromResponse(o);
+      this.setTokensFromResponse(r);
     }
     return this.tokens.accessToken;
   }
-  async logout() {
+  async signOut() {
     re.setState({
       isAuthenticated: !1,
       isPending: !1,
       profile: void 0
     });
-    const t = await this.getAuthServer(), n = new URL(window.location.href);
+    const e = await this.getAuthServer(), n = new URL(
+      window.location.origin + this.redirectToAfterSignOut
+    );
     n.pathname = this.logoutRedirectUrlPath;
-    let o;
-    t.end_session_endpoint ? (o = new URL(t.end_session_endpoint), o.searchParams.set(
+    let r;
+    e.end_session_endpoint ? (r = new URL(e.end_session_endpoint), r.searchParams.set(
       "post_logout_redirect_uri",
       n.toString()
-    )) : o = n;
+    )) : r = n;
   }
   getAuthenticationPlugin() {
-    return new Lt(
+    return new Ut(
       this.callbackUrlPath,
       () => this.handleCallback()
     );
   }
 }
-const Nt = (e) => new Ut(e);
+const Nt = (t) => new Lt(t);
 export {
-  Ut as OpenIDAuthenticationProvider,
+  Lt as OpenIDAuthenticationProvider,
   Nt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map