zudoku 0.3.0-dev.70 → 0.3.0-dev.72

package/lib/zudoku.auth-openid.js

@@ -1,11 +1,11 @@
 var Re = Object.defineProperty;
 var Pe = (t, e, n) => e in t ? Re(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var y = (t, e, n) => Pe(t, typeof e != "symbol" ? e + "" : e, n);
-import { b as xe, j as A } from "./jsx-runtime-BIr0WBt_.js";
+var m = (t, e, n) => Pe(t, typeof e != "symbol" ? e + "" : e, n);
+import { b as xe, j as E } from "./jsx-runtime-D0NHp7nI.js";
 import { c as Ue, a as Le } from "./_commonjsHelpers-BVfed4GL.js";
-import { A as Ce } from "./AuthenticationPlugin-RvXALgvS.js";
+import { A as Ce } from "./AuthenticationPlugin-BuCQtecV.js";
 import { useRef as je, useState as Ie, useEffect as ze } from "react";
-import { u as re } from "./state-DKdaQzvh.js";
+import { u as oe } from "./state-DsXXkBLH.js";
 var he = { exports: {} };
 (function(t) {
   (function(e, n) {
@@ -19,8 +19,8 @@ var he = { exports: {} };
       "warn",
       "error"
     ], o = {}, i = null;
-    function u(l, f) {
-      var c = l[f];
+    function u(l, p) {
+      var c = l[p];
       if (typeof c.bind == "function")
         return c.bind(l);
       try {
@@ -31,16 +31,16 @@ var he = { exports: {} };
         };
       }
     }
-    function g() {
+    function f() {
       console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
     }
-    function m(l) {
-      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && r ? g : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
+    function y(l) {
+      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && r ? f : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
     }
     function b() {
-      for (var l = this.getLevel(), f = 0; f < s.length; f++) {
-        var c = s[f];
-        this[c] = f < l ? e : this.methodFactory(c, l, this.name);
+      for (var l = this.getLevel(), p = 0; p < s.length; p++) {
+        var c = s[p];
+        this[c] = p < l ? e : this.methodFactory(c, l, this.name);
       }
       if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
         return "No console available for logging";
@@ -50,27 +50,27 @@ var he = { exports: {} };
         typeof console !== n && (b.call(this), this[l].apply(this, arguments));
       };
     }
-    function h(l, f, c) {
-      return m(l) || _.apply(this, arguments);
+    function h(l, p, c) {
+      return y(l) || _.apply(this, arguments);
     }
-    function U(l, f) {
+    function U(l, p) {
       var c = this, z, $, P, v = "loglevel";
       typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
       function Te(d) {
-        var p = (s[d] || "silent").toUpperCase();
+        var w = (s[d] || "silent").toUpperCase();
         if (!(typeof window === n || !v)) {
           try {
-            window.localStorage[v] = p;
+            window.localStorage[v] = w;
             return;
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(v) + "=" + p + ";";
+            window.document.cookie = encodeURIComponent(v) + "=" + w + ";";
           } catch {
           }
         }
       }
-      function ee() {
+      function te() {
         var d;
         if (!(typeof window === n || !v)) {
           try {
@@ -79,16 +79,16 @@ var he = { exports: {} };
           }
           if (typeof d === n)
             try {
-              var p = window.document.cookie, J = encodeURIComponent(v), ne = p.indexOf(J + "=");
-              ne !== -1 && (d = /^([^;]+)/.exec(
-                p.slice(ne + J.length + 1)
+              var w = window.document.cookie, J = encodeURIComponent(v), re = w.indexOf(J + "=");
+              re !== -1 && (d = /^([^;]+)/.exec(
+                w.slice(re + J.length + 1)
               )[1]);
             } catch {
             }
           return c.levels[d] === void 0 && (d = void 0), d;
         }
       }
-      function Ae() {
+      function Ee() {
         if (!(typeof window === n || !v)) {
           try {
             window.localStorage.removeItem(v);
@@ -101,9 +101,9 @@ var he = { exports: {} };
         }
       }
       function L(d) {
-        var p = d;
-        if (typeof p == "string" && c.levels[p.toUpperCase()] !== void 0 && (p = c.levels[p.toUpperCase()]), typeof p == "number" && p >= 0 && p <= c.levels.SILENT)
-          return p;
+        var w = d;
+        if (typeof w == "string" && c.levels[w.toUpperCase()] !== void 0 && (w = c.levels[w.toUpperCase()]), typeof w == "number" && w >= 0 && w <= c.levels.SILENT)
+          return w;
         throw new TypeError("log.setLevel() called with invalid level: " + d);
       }
       c.name = l, c.levels = {
@@ -113,14 +113,14 @@ var he = { exports: {} };
         WARN: 3,
         ERROR: 4,
         SILENT: 5
-      }, c.methodFactory = f || h, c.getLevel = function() {
+      }, c.methodFactory = p || h, c.getLevel = function() {
         return P ?? $ ?? z;
-      }, c.setLevel = function(d, p) {
-        return P = L(d), p !== !1 && Te(P), b.call(c);
+      }, c.setLevel = function(d, w) {
+        return P = L(d), w !== !1 && Te(P), b.call(c);
       }, c.setDefaultLevel = function(d) {
-        $ = L(d), ee() || c.setLevel(d, !1);
+        $ = L(d), te() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
-        P = null, Ae(), b.call(c);
+        P = null, Ee(), b.call(c);
       }, c.enableAll = function(d) {
         c.setLevel(c.levels.TRACE, d);
       }, c.disableAll = function(d) {
@@ -132,15 +132,15 @@ var he = { exports: {} };
       }, z = L(
         i ? i.getLevel() : "WARN"
       );
-      var te = ee();
-      te != null && (P = L(te)), b.call(c);
+      var ne = te();
+      ne != null && (P = L(ne)), b.call(c);
     }
-    i = new U(), i.getLogger = function(f) {
-      if (typeof f != "symbol" && typeof f != "string" || f === "")
+    i = new U(), i.getLogger = function(p) {
+      if (typeof p != "symbol" && typeof p != "string" || p === "")
         throw new TypeError("You must supply a name when creating a logger.");
-      var c = o[f];
-      return c || (c = o[f] = new U(
-        f,
+      var c = o[p];
+      return c || (c = o[p] = new U(
+        p,
         i.methodFactory
       )), c;
     };
@@ -153,11 +153,11 @@ var he = { exports: {} };
   });
 })(he);
 var Je = he.exports;
-const oe = /* @__PURE__ */ Le(Je);
-let M;
+const ie = /* @__PURE__ */ Le(Je);
+let B;
 var O, de;
-(typeof navigator > "u" || !((de = (O = navigator.userAgent) == null ? void 0 : O.startsWith) != null && de.call(O, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
-function q(t, e) {
+(typeof navigator > "u" || !((de = (O = navigator.userAgent) == null ? void 0 : O.startsWith) != null && de.call(O, "Mozilla/5.0 "))) && (B = "oauth4webapi/v2.11.1");
+function V(t, e) {
   if (t == null)
     return !1;
   try {
@@ -166,16 +166,16 @@ function q(t, e) {
     return !1;
   }
 }
-const K = Symbol(), Oe = Symbol(), V = Symbol(), Ne = new TextEncoder(), Ke = new TextDecoder();
-function E(t) {
+const K = Symbol(), Oe = Symbol(), Y = Symbol(), Ne = new TextEncoder(), Ke = new TextDecoder();
+function A(t) {
   return typeof t == "string" ? Ne.encode(t) : Ke.decode(t);
 }
-const ie = 32768;
+const se = 32768;
 function We(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
-  for (let n = 0; n < t.byteLength; n += ie)
-    e.push(String.fromCharCode.apply(null, t.subarray(n, n + ie)));
+  for (let n = 0; n < t.byteLength; n += se)
+    e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
 function De(t) {
@@ -237,7 +237,7 @@ function we(t) {
 function Fe(t) {
   return pe(t) && t.type === "public";
 }
-function Y(t) {
+function Z(t) {
   try {
     const e = t.headers.get("dpop-nonce");
     e && fe.set(new URL(t.url).origin, e);
@@ -249,15 +249,15 @@ function C(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
 function W(t) {
-  q(t, Headers) && (t = Object.fromEntries(t.entries()));
+  V(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (M && !e.has("user-agent") && e.set("user-agent", M), e.has("authorization"))
+  if (B && !e.has("user-agent") && e.set("user-agent", B), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function Z(t) {
+function Q(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
@@ -280,24 +280,24 @@ async function Me(t, e) {
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
   const r = W(e == null ? void 0 : e.headers);
-  return r.set("accept", "application/json"), ((e == null ? void 0 : e[V]) || fetch)(n.href, {
+  return r.set("accept", "application/json"), ((e == null ? void 0 : e[Y]) || fetch)(n.href, {
     headers: Object.fromEntries(r.entries()),
     method: "GET",
     redirect: "manual",
-    signal: e != null && e.signal ? Z(e.signal) : null
-  }).then(Y);
+    signal: e != null && e.signal ? Q(e.signal) : null
+  }).then(Z);
 }
-function w(t) {
+function g(t) {
   return typeof t == "string" && t.length !== 0;
 }
 async function Be(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!q(e, Response))
+  if (!V(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  X(e);
+  ee(e);
   let n;
   try {
     n = await e.json();
@@ -306,7 +306,7 @@ async function Be(t, e) {
   }
   if (!C(n))
     throw new a('"response" body must be a top level object');
-  if (!w(n.issuer))
+  if (!g(n.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
   if (new URL(n.issuer).href !== t.href)
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
@@ -322,24 +322,24 @@ function qe() {
   return D();
 }
 async function Ve(t) {
-  if (!w(t))
+  if (!g(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return T(await crypto.subtle.digest("SHA-256", E(t)));
+  return T(await crypto.subtle.digest("SHA-256", A(t)));
 }
 function Ye(t) {
   if (t instanceof CryptoKey)
     return { key: t };
   if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
     return {};
-  if (t.kid !== void 0 && !w(t.kid))
+  if (t.kid !== void 0 && !g(t.kid))
     throw new TypeError('"kid" must be a non-empty string');
   return { key: t.key, kid: t.kid };
 }
-function se(t) {
+function ae(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
 function Ze(t, e) {
-  const n = se(t), r = se(e);
+  const n = ae(t), r = ae(e);
   return `Basic ${btoa(`${n}:${r}`)}`;
 }
 function Qe(t) {
@@ -401,11 +401,11 @@ function tt(t) {
   const e = t == null ? void 0 : t[Oe];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
-function Q() {
+function X() {
   return Math.floor(Date.now() / 1e3);
 }
 function nt(t, e) {
-  const n = Q() + H(e);
+  const n = X() + H(e);
   return {
     jti: D(),
     aud: [t.issuer, t.token_endpoint],
@@ -425,19 +425,19 @@ async function rt(t, e, n, r) {
 function j(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"as" must be an object');
-  if (!w(t.issuer))
+  if (!g(t.issuer))
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
 function I(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
-  if (!w(t.client_id))
+  if (!g(t.client_id))
     throw new TypeError('"client.client_id" property must be a non-empty string');
   return !0;
 }
-function ae(t) {
-  if (!w(t))
+function ce(t) {
+  if (!g(t))
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
 }
@@ -445,7 +445,7 @@ function F(t, e) {
   if (e !== void 0)
     throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
-function ce(t, e) {
+function ue(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
@@ -453,15 +453,15 @@ async function ot(t, e, n, r, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      F("client_secret_basic", s), r.set("authorization", Ze(e.client_id, ae(e.client_secret)));
+      F("client_secret_basic", s), r.set("authorization", Ze(e.client_id, ce(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      F("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ae(e.client_secret));
+      F("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
       break;
     }
     case "private_key_jwt": {
-      if (ce("private_key_jwt", e.client_secret), s === void 0)
+      if (ue("private_key_jwt", e.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
       const { key: o, kid: i } = Ye(s);
       if (!we(o))
@@ -472,7 +472,7 @@ async function ot(t, e, n, r, s) {
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ce(e.token_endpoint_auth_method, e.client_secret), F(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
+      ue(e.token_endpoint_auth_method, e.client_secret), F(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
       break;
     }
     default:
@@ -482,30 +482,30 @@ async function ot(t, e, n, r, s) {
 async function me(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const r = `${T(E(JSON.stringify(t)))}.${T(E(JSON.stringify(e)))}`, s = T(await crypto.subtle.sign(Se(n), n, E(r)));
+  const r = `${T(A(JSON.stringify(t)))}.${T(A(JSON.stringify(e)))}`, s = T(await crypto.subtle.sign(Se(n), n, A(r)));
   return `${r}.${s}`;
 }
 async function it(t, e, n, r, s, o) {
-  const { privateKey: i, publicKey: u, nonce: g = fe.get(n.origin) } = e;
+  const { privateKey: i, publicKey: u, nonce: f = fe.get(n.origin) } = e;
   if (!we(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
   if (!Fe(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
-  if (g !== void 0 && !w(g))
+  if (f !== void 0 && !g(f))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const m = Q() + s, b = await me({
+  const y = X() + s, b = await me({
     alg: ge(i),
     typ: "dpop+jwt",
     jwk: await at(u)
   }, {
-    iat: m,
+    iat: y,
     jti: D(),
     htm: r,
-    nonce: g,
+    nonce: f,
     htu: `${n.origin}${n.pathname}`,
-    ath: o ? T(await crypto.subtle.digest("SHA-256", E(o))) : void 0
+    ath: o ? T(await crypto.subtle.digest("SHA-256", A(o))) : void 0
   }, i);
   t.set("dpop", b);
 }
@@ -525,22 +525,22 @@ function ct(t, e, n) {
 function ye(t, e, n) {
   return ct(t[e], e);
 }
-function B(t) {
+function G(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
 async function ut(t, e, n, r, s, o) {
-  if (!w(t))
+  if (!g(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return r = W(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await it(r, o.DPoP, n, "GET", H({ [K]: o == null ? void 0 : o[K] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[V]) || fetch)(n.href, {
+  return r = W(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await it(r, o.DPoP, n, "GET", H({ [K]: o == null ? void 0 : o[K] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[Y]) || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: e,
     redirect: "manual",
-    signal: o != null && o.signal ? Z(o.signal) : null
-  }).then(Y);
+    signal: o != null && o.signal ? Q(o.signal) : null
+  }).then(Z);
 }
 async function lt(t, e, n, r) {
   j(t), I(e);
@@ -551,13 +551,13 @@ async function lt(t, e, n, r) {
   });
 }
 async function dt(t, e, n, r, s, o, i) {
-  return await ot(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[V]) || fetch)(r.href, {
+  return await ot(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[Y]) || fetch)(r.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: n,
     redirect: "manual",
-    signal: i != null && i.signal ? Z(i.signal) : null
-  }).then(Y);
+    signal: i != null && i.signal ? Q(i.signal) : null
+  }).then(Z);
 }
 async function _e(t, e, n, r, s) {
   const o = ye(t, "token_endpoint");
@@ -566,14 +566,14 @@ async function _e(t, e, n, r, s) {
   return i.set("accept", "application/json"), dt(t, e, "POST", o, r, i, s);
 }
 async function ht(t, e, n, r) {
-  if (j(t), I(e), !w(n))
+  if (j(t), I(e), !g(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const s = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
   return s.set("refresh_token", n), _e(t, e, "refresh_token", s, r);
 }
 const ft = /* @__PURE__ */ new WeakMap();
 async function be(t, e, n, r = !1, s = !1) {
-  if (j(t), I(e), !q(n, Response))
+  if (j(t), I(e), !V(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
@@ -581,7 +581,7 @@ async function be(t, e, n, r = !1, s = !1) {
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  X(n);
+  ee(n);
   let o;
   try {
     o = await n.json();
@@ -590,23 +590,23 @@ async function be(t, e, n, r = !1, s = !1) {
   }
   if (!C(o))
     throw new a('"response" body must be a top level object');
-  if (!w(o.access_token))
+  if (!g(o.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
-  if (!w(o.token_type))
+  if (!g(o.token_type))
     throw new a('"response" body "token_type" property must be a non-empty string');
   if (o.token_type = o.token_type.toLowerCase(), o.token_type !== "dpop" && o.token_type !== "bearer")
     throw new S("unsupported `token_type` value");
   if (o.expires_in !== void 0 && (typeof o.expires_in != "number" || o.expires_in <= 0))
     throw new a('"response" body "expires_in" property must be a positive number');
-  if (!s && o.refresh_token !== void 0 && !w(o.refresh_token))
+  if (!s && o.refresh_token !== void 0 && !g(o.refresh_token))
     throw new a('"response" body "refresh_token" property must be a non-empty string');
   if (o.scope !== void 0 && typeof o.scope != "string")
     throw new a('"response" body "scope" property must be a string');
   if (!r) {
-    if (o.id_token !== void 0 && !w(o.id_token))
+    if (o.id_token !== void 0 && !g(o.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (o.id_token) {
-      const { claims: i } = await Tt(o.id_token, At.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, H(e), tt(e)).then(bt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, t.issuer)).then(wt.bind(void 0, e.client_id));
+      const { claims: i } = await Tt(o.id_token, Et.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, H(e), tt(e)).then(bt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, t.issuer)).then(wt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
@@ -639,9 +639,9 @@ function mt(t) {
 async function yt(t, e, n, r, s, o) {
   if (j(t), I(e), !ve.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
-  if (!w(r))
+  if (!g(r))
     throw new TypeError('"redirectUri" must be a non-empty string');
-  if (!w(s))
+  if (!g(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   const i = k(n, "code");
   if (!i)
@@ -673,7 +673,7 @@ function bt(t, e) {
 }
 async function vt(t, e, n) {
   const r = await be(t, e, n, !0);
-  if (B(r))
+  if (G(r))
     return r;
   if (r.id_token !== void 0) {
     if (typeof r.id_token == "string" && r.id_token.length)
@@ -682,13 +682,13 @@ async function vt(t, e, n) {
   }
   return r;
 }
-function X(t) {
+function ee(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
 async function St(t) {
   if (t.status > 399 && t.status < 500) {
-    X(t);
+    ee(t);
     try {
       const e = await t.json();
       if (C(e) && typeof e.error == "string" && e.error.length)
@@ -697,7 +697,7 @@ async function St(t) {
     }
   }
 }
-function ue(t) {
+function le(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
@@ -721,7 +721,7 @@ function Se(t) {
         hash: kt(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (ue(t.algorithm), t.algorithm.hash.name) {
+      switch (le(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
@@ -733,7 +733,7 @@ function Se(t) {
           throw new S();
       }
     case "RSASSA-PKCS1-v1_5":
-      return ue(t.algorithm), t.algorithm.name;
+      return le(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
       return t.algorithm.name;
@@ -742,38 +742,38 @@ function Se(t) {
 }
 const ke = Symbol();
 async function Tt(t, e, n, r, s) {
-  const { 0: o, 1: i, 2: u, length: g } = t.split(".");
-  if (g === 5)
+  const { 0: o, 1: i, 2: u, length: f } = t.split(".");
+  if (f === 5)
     throw new S("JWE structure JWTs are not supported");
-  if (g !== 3)
+  if (f !== 3)
     throw new a("Invalid JWT");
-  let m;
+  let y;
   try {
-    m = JSON.parse(E(T(o)));
+    y = JSON.parse(A(T(o)));
   } catch (R) {
     throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: R });
   }
-  if (!C(m))
+  if (!C(y))
     throw new a("JWT Header must be a top level object");
-  if (e(m), m.crit !== void 0)
+  if (e(y), y.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
   const b = T(u);
   let _;
   if (n !== ke) {
-    _ = await n(m);
+    _ = await n(y);
     const R = `${o}.${i}`;
-    if (!await crypto.subtle.verify(Se(_), _, b, E(R)))
+    if (!await crypto.subtle.verify(Se(_), _, b, A(R)))
       throw new a("JWT signature verification failed");
   }
   let h;
   try {
-    h = JSON.parse(E(T(i)));
+    h = JSON.parse(A(T(i)));
   } catch (R) {
     throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: R });
   }
   if (!C(h))
     throw new a("JWT Payload must be a top level object");
-  const U = Q() + r;
+  const U = X() + r;
   if (h.exp !== void 0) {
     if (typeof h.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
@@ -792,9 +792,9 @@ async function Tt(t, e, n, r, s) {
   }
   if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: m, claims: h, signature: b, key: _ };
+  return { header: y, claims: h, signature: b, key: _ };
 }
-function At(t, e, n) {
+function Et(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
@@ -814,7 +814,7 @@ function k(t, e) {
     throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
-const Et = Symbol(), Rt = Symbol();
+const At = Symbol(), Rt = Symbol();
 function Pt(t, e, n, r) {
   if (j(t), I(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
@@ -831,10 +831,10 @@ function Pt(t, e, n, r) {
       if (o !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case Et:
+    case At:
       break;
     default:
-      if (!w(r))
+      if (!g(r))
         throw new a('"expectedState" must be a non-empty string');
       if (o === void 0)
         throw new a('response parameter "state" missing');
@@ -848,14 +848,14 @@ function Pt(t, e, n, r) {
       error_description: k(n, "error_description"),
       error_uri: k(n, "error_uri")
     };
-  const u = k(n, "id_token"), g = k(n, "token");
-  if (u !== void 0 || g !== void 0)
+  const u = k(n, "id_token"), f = k(n, "token");
+  if (u !== void 0 || f !== void 0)
     throw new S("implicit and hybrid flows are not supported");
   return mt(new URLSearchParams(n));
 }
 class x extends Error {
 }
-class G extends x {
+class q extends x {
   constructor(e, n, r) {
     super(e, r), this.error = n;
   }
@@ -870,32 +870,32 @@ function xt({
     }).catch((o) => {
       r(o);
     }));
-  }, []), n ? n instanceof G ? /* @__PURE__ */ A.jsxs("div", { children: [
-    /* @__PURE__ */ A.jsx("h2", { children: "Error" }),
-    /* @__PURE__ */ A.jsxs("pre", { children: [
+  }, []), n ? n instanceof q ? /* @__PURE__ */ E.jsxs("div", { children: [
+    /* @__PURE__ */ E.jsx("h2", { children: "Error" }),
+    /* @__PURE__ */ E.jsxs("pre", { children: [
       n.error.error,
       n.error.error_description,
       n.error.error_uri
     ] })
-  ] }) : /* @__PURE__ */ A.jsxs("div", { children: [
-    /* @__PURE__ */ A.jsx("h2", { children: "Error" }),
-    /* @__PURE__ */ A.jsxs("pre", { children: [
+  ] }) : /* @__PURE__ */ E.jsxs("div", { children: [
+    /* @__PURE__ */ E.jsx("h2", { children: "Error" }),
+    /* @__PURE__ */ E.jsxs("pre", { children: [
       n.message,
       n.stack
     ] })
-  ] }) : /* @__PURE__ */ A.jsx("div", { children: "Loading..." });
+  ] }) : /* @__PURE__ */ E.jsx("div", { children: "Loading..." });
 }
-const le = "code-verifier";
+const M = "code-verifier";
 class Ut extends Ce {
-  constructor(e, n) {
-    super(), this.callbackUrlPath = e, this.handleCallback = n;
+  constructor(e, n, r) {
+    super(), this.callbackUrlPath = e, this.handleCallback = n, this.initialize = r;
   }
   getRoutes() {
     return [
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ A.jsx(xt, { handleCallback: this.handleCallback })
+        element: /* @__PURE__ */ E.jsx(xt, { handleCallback: this.handleCallback })
       }
     ];
   }
@@ -903,27 +903,45 @@ class Ut extends Ce {
 class Lt {
   constructor({
     issuer: e,
-    authorizationEndpoint: n,
-    tokenEndpoint: r,
-    clientId: s,
-    redirectToAfterSignUp: o,
-    redirectToAfterSignIn: i,
-    redirectToAfterSignOut: u
+    audience: n,
+    authorizationEndpoint: r,
+    tokenEndpoint: s,
+    clientId: o,
+    redirectToAfterSignUp: i,
+    redirectToAfterSignIn: u,
+    redirectToAfterSignOut: f
   }) {
-    y(this, "client");
-    y(this, "issuer");
-    y(this, "authorizationEndpoint");
-    y(this, "tokenEndpoint");
-    y(this, "authorizationServer");
-    y(this, "tokens");
-    y(this, "callbackUrlPath", "/oauth/callback");
-    y(this, "logoutRedirectUrlPath", "/");
-    y(this, "redirectToAfterSignUp");
-    y(this, "redirectToAfterSignIn");
-    y(this, "redirectToAfterSignOut");
-    y(this, "handleCallback", async () => {
-      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = localStorage.getItem(le);
-      if (!r)
+    m(this, "client");
+    m(this, "issuer");
+    m(this, "authorizationEndpoint");
+    m(this, "tokenEndpoint");
+    m(this, "authorizationServer");
+    m(this, "tokens");
+    m(this, "callbackUrlPath", "/oauth/callback");
+    m(this, "logoutRedirectUrlPath", "/");
+    m(this, "redirectToAfterSignUp");
+    m(this, "redirectToAfterSignIn");
+    m(this, "redirectToAfterSignOut");
+    m(this, "audience");
+    m(this, "signOut", async () => {
+      oe.setState({
+        isAuthenticated: !1,
+        isPending: !1,
+        profile: void 0
+      }), localStorage.removeItem("auto-login");
+      const e = await this.getAuthServer(), n = new URL(
+        window.location.origin + this.redirectToAfterSignOut
+      );
+      n.pathname = this.logoutRedirectUrlPath;
+      let r;
+      e.end_session_endpoint ? (r = new URL(e.end_session_endpoint), r.searchParams.set(
+        "post_logout_redirect_uri",
+        n.toString()
+      )) : r = n;
+    });
+    m(this, "handleCallback", async () => {
+      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = sessionStorage.getItem(M);
+      if (sessionStorage.removeItem(M), !r)
         throw new x(
           "Code verifier not found. Invalid auth state."
         );
@@ -933,29 +951,29 @@ class Lt {
         e.searchParams,
         n ?? void 0
       );
-      if (B(o))
-        throw oe.error("Error validating OAuth response", o), new G(
+      if (G(o))
+        throw ie.error("Error validating OAuth response", o), new q(
           "Error validating OAuth response",
           o
         );
       const i = new URL(e);
-      i.pathname = this.redirectToAfterSignIn ?? this.callbackUrlPath, i.search = "";
+      i.pathname = this.redirectToAfterSignIn, i.search = "";
       const u = await yt(
         s,
         this.client,
         o,
         i.toString(),
         r
-      ), g = await vt(
+      ), f = await vt(
         s,
         this.client,
         u
       );
-      this.setTokensFromResponse(g);
-      const m = await this.getAccessToken(), _ = await (await lt(
+      this.setTokensFromResponse(f);
+      const y = await this.getAccessToken(), _ = await (await lt(
         s,
         this.client,
-        m
+        y
       )).json(), h = {
         sub: _.sub,
         email: _.email,
@@ -963,16 +981,16 @@ class Lt {
         emailVerified: _.email_verified ?? !1,
         pictureUrl: _.picture
       };
-      return re.setState({
+      return oe.setState({
         isAuthenticated: !0,
         isPending: !1,
         profile: h
-      }), localStorage.getItem("sign-up") ? this.redirectToAfterSignUp : this.redirectToAfterSignIn;
+      }), localStorage.setItem("auto-login", "1"), sessionStorage.getItem("redirect-to") ?? "/";
     });
     this.client = {
-      client_id: s,
+      client_id: o,
       token_endpoint_auth_method: "none"
-    }, this.issuer = e, this.authorizationEndpoint = n, this.tokenEndpoint = r, this.redirectToAfterSignUp = o ?? "/", this.redirectToAfterSignIn = i ?? "/", this.redirectToAfterSignOut = u ?? "/";
+    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = r, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = f ?? "/";
   }
   async getAuthServer() {
     if (!this.authorizationServer)
@@ -997,8 +1015,8 @@ class Lt {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (B(e))
-      throw oe.error("Bad Token Response", e), new G("Bad Token Response", e);
+    if (G(e))
+      throw ie.error("Bad Token Response", e), new q("Bad Token Response", e);
     if (!e.expires_in)
       throw new x("No expires_in in response");
     this.tokens = {
@@ -1006,32 +1024,38 @@ class Lt {
       refreshToken: e.refresh_token,
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
-    };
+    }, sessionStorage.setItem("openid-token", JSON.stringify(this.tokens));
   }
-  async signUp() {
-    return this.authorize(!0);
+  async signUp({ redirectTo: e } = {}) {
+    return this.authorize({
+      redirectTo: e ?? this.redirectToAfterSignUp
+    });
   }
-  async signIn() {
-    return this.authorize();
+  async signIn({ redirectTo: e } = {}) {
+    return this.authorize({
+      redirectTo: e ?? this.redirectToAfterSignIn
+    });
   }
-  async authorize(e = !1) {
-    var g;
+  async authorize({
+    redirectTo: e
+  }) {
+    var f;
     const n = "S256", r = await this.getAuthServer();
-    if (e ? localStorage.setItem("sign-up", "true") : localStorage.removeItem("sign-up"), !r.authorization_endpoint)
+    if (!r.authorization_endpoint)
       throw new x("No authorization endpoint");
     const s = Ge(), o = await Ve(s);
-    localStorage.setItem(le, s);
+    sessionStorage.setItem(M, s);
     const i = new URL(
-      e ? r.registration_endpoint ?? r.authorization_endpoint : r.authorization_endpoint
-    ), u = new URL(
-      (e ? window.location.origin + this.redirectToAfterSignUp : window.location.origin + this.redirectToAfterSignIn) ?? window.location.href
+      r.authorization_endpoint
     );
+    sessionStorage.setItem("redirect-to", e);
+    const u = new URL(window.location.origin);
     if (u.pathname = this.callbackUrlPath, u.search = "", i.searchParams.set("client_id", this.client.client_id), i.searchParams.set("redirect_uri", u.toString()), i.searchParams.set("response_type", "code"), i.searchParams.set("scope", "openid+profile+email"), i.searchParams.set("code_challenge", o), i.searchParams.set(
       "code_challenge_method",
       n
-    ), ((g = r.code_challenge_methods_supported) == null ? void 0 : g.includes("S256")) !== !0) {
-      const m = qe();
-      i.searchParams.set("state", m);
+    ), this.audience && i.searchParams.set("audience", this.audience), ((f = r.code_challenge_methods_supported) == null ? void 0 : f.includes("S256")) !== !0) {
+      const y = qe();
+      i.searchParams.set("state", y);
     }
     location.href = i.href;
   }
@@ -1057,26 +1081,13 @@ class Lt {
     }
     return this.tokens.accessToken;
   }
-  async signOut() {
-    re.setState({
-      isAuthenticated: !1,
-      isPending: !1,
-      profile: void 0
-    });
-    const e = await this.getAuthServer(), n = new URL(
-      window.location.origin + this.redirectToAfterSignOut
-    );
-    n.pathname = this.logoutRedirectUrlPath;
-    let r;
-    e.end_session_endpoint ? (r = new URL(e.end_session_endpoint), r.searchParams.set(
-      "post_logout_redirect_uri",
-      n.toString()
-    )) : r = n;
-  }
   getAuthenticationPlugin() {
     return new Ut(
       this.callbackUrlPath,
-      () => this.handleCallback()
+      async () => this.handleCallback(),
+      async () => {
+        typeof localStorage < "u" && localStorage.getItem("auto-login") && (localStorage.removeItem("auto-login"), await this.authorize({ redirectTo: window.location.pathname }));
+      }
     );
   }
 }