zudoku 0.3.0-dev.74 → 0.3.0-dev.76

package/lib/zudoku.auth-openid.js

@@ -1,12 +1,11 @@
-var Re = Object.defineProperty;
-var Pe = (t, e, n) => e in t ? Re(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var m = (t, e, n) => Pe(t, typeof e != "symbol" ? e + "" : e, n);
-import { b as xe, j as E } from "./jsx-runtime-D0NHp7nI.js";
-import { c as Ue, a as Le } from "./_commonjsHelpers-BVfed4GL.js";
-import { A as Ce } from "./AuthenticationPlugin-BuCQtecV.js";
-import { useRef as je, useState as Ie, useEffect as ze } from "react";
-import { u as oe } from "./state-DsXXkBLH.js";
-var he = { exports: {} };
+var Ee = Object.defineProperty;
+var Re = (t, e, n) => e in t ? Ee(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
+var m = (t, e, n) => Re(t, typeof e != "symbol" ? e + "" : e, n);
+import { j as Pe } from "./jsx-runtime-CJBdjYYx.js";
+import { c as Ue, a as xe } from "./_commonjsHelpers-BVfed4GL.js";
+import { A as Le } from "./AuthenticationPlugin-CngUn5DP.js";
+import { u as ne } from "./state-DsXXkBLH.js";
+var de = { exports: {} };
 (function(t) {
   (function(e, n) {
     t.exports ? t.exports = n() : e.log = n();
@@ -53,8 +52,8 @@ var he = { exports: {} };
     function h(l, p, c) {
       return y(l) || _.apply(this, arguments);
     }
-    function U(l, p) {
-      var c = this, z, $, P, v = "loglevel";
+    function P(l, p) {
+      var c = this, I, H, R, v = "loglevel";
       typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
       function Te(d) {
         var w = (s[d] || "silent").toUpperCase();
@@ -70,7 +69,7 @@ var he = { exports: {} };
           }
         }
       }
-      function te() {
+      function X() {
         var d;
         if (!(typeof window === n || !v)) {
           try {
@@ -79,16 +78,16 @@ var he = { exports: {} };
           }
           if (typeof d === n)
             try {
-              var w = window.document.cookie, J = encodeURIComponent(v), re = w.indexOf(J + "=");
-              re !== -1 && (d = /^([^;]+)/.exec(
-                w.slice(re + J.length + 1)
+              var w = window.document.cookie, j = encodeURIComponent(v), te = w.indexOf(j + "=");
+              te !== -1 && (d = /^([^;]+)/.exec(
+                w.slice(te + j.length + 1)
               )[1]);
             } catch {
             }
           return c.levels[d] === void 0 && (d = void 0), d;
         }
       }
-      function Ee() {
+      function ke() {
         if (!(typeof window === n || !v)) {
           try {
             window.localStorage.removeItem(v);
@@ -100,7 +99,7 @@ var he = { exports: {} };
           }
         }
       }
-      function L(d) {
+      function U(d) {
         var w = d;
         if (typeof w == "string" && c.levels[w.toUpperCase()] !== void 0 && (w = c.levels[w.toUpperCase()]), typeof w == "number" && w >= 0 && w <= c.levels.SILENT)
           return w;
@@ -114,50 +113,50 @@ var he = { exports: {} };
         ERROR: 4,
         SILENT: 5
       }, c.methodFactory = p || h, c.getLevel = function() {
-        return P ?? $ ?? z;
+        return R ?? H ?? I;
       }, c.setLevel = function(d, w) {
-        return P = L(d), w !== !1 && Te(P), b.call(c);
+        return R = U(d), w !== !1 && Te(R), b.call(c);
       }, c.setDefaultLevel = function(d) {
-        $ = L(d), te() || c.setLevel(d, !1);
+        H = U(d), X() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
-        P = null, Ee(), b.call(c);
+        R = null, ke(), b.call(c);
       }, c.enableAll = function(d) {
         c.setLevel(c.levels.TRACE, d);
       }, c.disableAll = function(d) {
         c.setLevel(c.levels.SILENT, d);
       }, c.rebuild = function() {
-        if (i !== c && (z = L(i.getLevel())), b.call(c), i === c)
+        if (i !== c && (I = U(i.getLevel())), b.call(c), i === c)
           for (var d in o)
             o[d].rebuild();
-      }, z = L(
+      }, I = U(
         i ? i.getLevel() : "WARN"
       );
-      var ne = te();
-      ne != null && (P = L(ne)), b.call(c);
+      var ee = X();
+      ee != null && (R = U(ee)), b.call(c);
     }
-    i = new U(), i.getLogger = function(p) {
+    i = new P(), i.getLogger = function(p) {
       if (typeof p != "symbol" && typeof p != "string" || p === "")
         throw new TypeError("You must supply a name when creating a logger.");
       var c = o[p];
-      return c || (c = o[p] = new U(
+      return c || (c = o[p] = new P(
         p,
         i.methodFactory
       )), c;
     };
-    var R = typeof window !== n ? window.log : void 0;
+    var E = typeof window !== n ? window.log : void 0;
     return i.noConflict = function() {
-      return typeof window !== n && window.log === i && (window.log = R), i;
+      return typeof window !== n && window.log === i && (window.log = E), i;
     }, i.getLoggers = function() {
       return o;
     }, i.default = i, i;
   });
-})(he);
-var Je = he.exports;
-const ie = /* @__PURE__ */ Le(Je);
-let B;
-var O, de;
-(typeof navigator > "u" || !((de = (O = navigator.userAgent) == null ? void 0 : O.startsWith) != null && de.call(O, "Mozilla/5.0 "))) && (B = "oauth4webapi/v2.11.1");
-function V(t, e) {
+})(de);
+var Ce = de.exports;
+const re = /* @__PURE__ */ xe(Ce);
+let M;
+var z, le;
+(typeof navigator > "u" || !((le = (z = navigator.userAgent) == null ? void 0 : z.startsWith) != null && le.call(z, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
+function G(t, e) {
   if (t == null)
     return !1;
   try {
@@ -166,19 +165,19 @@ function V(t, e) {
     return !1;
   }
 }
-const K = Symbol(), Oe = Symbol(), Y = Symbol(), Ne = new TextEncoder(), Ke = new TextDecoder();
+const N = Symbol(), Ie = Symbol(), q = Symbol(), je = new TextEncoder(), ze = new TextDecoder();
 function A(t) {
-  return typeof t == "string" ? Ne.encode(t) : Ke.decode(t);
+  return typeof t == "string" ? je.encode(t) : ze.decode(t);
 }
-const se = 32768;
-function We(t) {
+const oe = 32768;
+function Je(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
-  for (let n = 0; n < t.byteLength; n += se)
-    e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
+  for (let n = 0; n < t.byteLength; n += oe)
+    e.push(String.fromCharCode.apply(null, t.subarray(n, n + oe)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function De(t) {
+function Oe(t) {
   try {
     const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
     for (let r = 0; r < e.length; r++)
@@ -188,10 +187,10 @@ function De(t) {
     throw new a("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function T(t) {
-  return typeof t == "string" ? De(t) : We(t);
+function k(t) {
+  return typeof t == "string" ? Oe(t) : Je(t);
 }
-class He {
+class Ne {
   constructor(e) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
@@ -221,48 +220,48 @@ class S extends Error {
     super(e ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
-class $e extends Error {
+class Ke extends Error {
   constructor(e, n) {
     var r;
     super(e, n), this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
-const a = $e, fe = new He(100);
-function pe(t) {
+const a = Ke, he = new Ne(100);
+function fe(t) {
   return t instanceof CryptoKey;
 }
-function we(t) {
-  return pe(t) && t.type === "private";
+function pe(t) {
+  return fe(t) && t.type === "private";
 }
-function Fe(t) {
-  return pe(t) && t.type === "public";
+function We(t) {
+  return fe(t) && t.type === "public";
 }
-function Z(t) {
+function V(t) {
   try {
     const e = t.headers.get("dpop-nonce");
-    e && fe.set(new URL(t.url).origin, e);
+    e && he.set(new URL(t.url).origin, e);
   } catch {
   }
   return t;
 }
-function C(t) {
+function x(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function W(t) {
-  V(t, Headers) && (t = Object.fromEntries(t.entries()));
+function K(t) {
+  G(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (B && !e.has("user-agent") && e.set("user-agent", B), e.has("authorization"))
+  if (M && !e.has("user-agent") && e.set("user-agent", M), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function Q(t) {
+function Y(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
 }
-async function Me(t, e) {
+async function De(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
@@ -279,32 +278,32 @@ async function Me(t, e) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const r = W(e == null ? void 0 : e.headers);
-  return r.set("accept", "application/json"), ((e == null ? void 0 : e[Y]) || fetch)(n.href, {
+  const r = K(e == null ? void 0 : e.headers);
+  return r.set("accept", "application/json"), ((e == null ? void 0 : e[q]) || fetch)(n.href, {
     headers: Object.fromEntries(r.entries()),
     method: "GET",
     redirect: "manual",
-    signal: e != null && e.signal ? Q(e.signal) : null
-  }).then(Z);
+    signal: e != null && e.signal ? Y(e.signal) : null
+  }).then(V);
 }
 function g(t) {
   return typeof t == "string" && t.length !== 0;
 }
-async function Be(t, e) {
+async function He(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!V(e, Response))
+  if (!G(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  ee(e);
+  Q(e);
   let n;
   try {
     n = await e.json();
   } catch (r) {
     throw new a('failed to parse "response" body as JSON', { cause: r });
   }
-  if (!C(n))
+  if (!x(n))
     throw new a('"response" body must be a top level object');
   if (!g(n.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
@@ -312,21 +311,21 @@ async function Be(t, e) {
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
   return n;
 }
-function D() {
-  return T(crypto.getRandomValues(new Uint8Array(32)));
+function W() {
+  return k(crypto.getRandomValues(new Uint8Array(32)));
 }
-function Ge() {
-  return D();
+function $e() {
+  return W();
 }
-function qe() {
-  return D();
+function Fe() {
+  return W();
 }
-async function Ve(t) {
+async function Me(t) {
   if (!g(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return T(await crypto.subtle.digest("SHA-256", A(t)));
+  return k(await crypto.subtle.digest("SHA-256", A(t)));
 }
-function Ye(t) {
+function Be(t) {
   if (t instanceof CryptoKey)
     return { key: t };
   if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
@@ -335,14 +334,14 @@ function Ye(t) {
     throw new TypeError('"kid" must be a non-empty string');
   return { key: t.key, kid: t.kid };
 }
-function ae(t) {
+function ie(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function Ze(t, e) {
-  const n = ae(t), r = ae(e);
+function Ge(t, e) {
+  const n = ie(t), r = ie(e);
   return `Basic ${btoa(`${n}:${r}`)}`;
 }
-function Qe(t) {
+function qe(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -354,7 +353,7 @@ function Qe(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Xe(t) {
+function Ve(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -366,7 +365,7 @@ function Xe(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function et(t) {
+function Ye(t) {
   switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -378,14 +377,14 @@ function et(t) {
       throw new S("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function ge(t) {
+function we(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
-      return Qe(t);
+      return qe(t);
     case "RSASSA-PKCS1-v1_5":
-      return Xe(t);
+      return Ve(t);
     case "ECDSA":
-      return et(t);
+      return Ye(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -393,21 +392,21 @@ function ge(t) {
       throw new S("unsupported CryptoKey algorithm name");
   }
 }
-function H(t) {
-  const e = t == null ? void 0 : t[K];
+function D(t) {
+  const e = t == null ? void 0 : t[N];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
-function tt(t) {
-  const e = t == null ? void 0 : t[Oe];
+function Ze(t) {
+  const e = t == null ? void 0 : t[Ie];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
-function X() {
+function Z() {
   return Math.floor(Date.now() / 1e3);
 }
-function nt(t, e) {
-  const n = X() + H(e);
+function Qe(t, e) {
+  const n = Z() + D(e);
   return {
-    jti: D(),
+    jti: W(),
     aud: [t.issuer, t.token_endpoint],
     exp: n + 60,
     iat: n,
@@ -416,179 +415,179 @@ function nt(t, e) {
     sub: e.client_id
   };
 }
-async function rt(t, e, n, r) {
-  return me({
-    alg: ge(n),
+async function Xe(t, e, n, r) {
+  return ge({
+    alg: we(n),
     kid: r
-  }, nt(t, e), n);
+  }, Qe(t, e), n);
 }
-function j(t) {
+function L(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"as" must be an object');
   if (!g(t.issuer))
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function I(t) {
+function C(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
   if (!g(t.client_id))
     throw new TypeError('"client.client_id" property must be a non-empty string');
   return !0;
 }
-function ce(t) {
+function se(t) {
   if (!g(t))
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
 }
-function F(t, e) {
+function $(t, e) {
   if (e !== void 0)
     throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
-function ue(t, e) {
+function ae(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function ot(t, e, n, r, s) {
+async function et(t, e, n, r, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      F("client_secret_basic", s), r.set("authorization", Ze(e.client_id, ce(e.client_secret)));
+      $("client_secret_basic", s), r.set("authorization", Ge(e.client_id, se(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      F("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
+      $("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", se(e.client_secret));
       break;
     }
     case "private_key_jwt": {
-      if (ue("private_key_jwt", e.client_secret), s === void 0)
+      if (ae("private_key_jwt", e.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: o, kid: i } = Ye(s);
-      if (!we(o))
+      const { key: o, kid: i } = Be(s);
+      if (!pe(o))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await rt(t, e, o, i));
+      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await Xe(t, e, o, i));
       break;
     }
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ue(e.token_endpoint_auth_method, e.client_secret), F(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
+      ae(e.token_endpoint_auth_method, e.client_secret), $(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
       break;
     }
     default:
       throw new S("unsupported client token_endpoint_auth_method");
   }
 }
-async function me(t, e, n) {
+async function ge(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const r = `${T(A(JSON.stringify(t)))}.${T(A(JSON.stringify(e)))}`, s = T(await crypto.subtle.sign(Se(n), n, A(r)));
+  const r = `${k(A(JSON.stringify(t)))}.${k(A(JSON.stringify(e)))}`, s = k(await crypto.subtle.sign(ve(n), n, A(r)));
   return `${r}.${s}`;
 }
-async function it(t, e, n, r, s, o) {
-  const { privateKey: i, publicKey: u, nonce: f = fe.get(n.origin) } = e;
-  if (!we(i))
+async function tt(t, e, n, r, s, o) {
+  const { privateKey: i, publicKey: u, nonce: f = he.get(n.origin) } = e;
+  if (!pe(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!Fe(u))
+  if (!We(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
   if (f !== void 0 && !g(f))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const y = X() + s, b = await me({
-    alg: ge(i),
+  const y = Z() + s, b = await ge({
+    alg: we(i),
     typ: "dpop+jwt",
-    jwk: await at(u)
+    jwk: await rt(u)
   }, {
     iat: y,
-    jti: D(),
+    jti: W(),
     htm: r,
     nonce: f,
     htu: `${n.origin}${n.pathname}`,
-    ath: o ? T(await crypto.subtle.digest("SHA-256", A(o))) : void 0
+    ath: o ? k(await crypto.subtle.digest("SHA-256", A(o))) : void 0
   }, i);
   t.set("dpop", b);
 }
-let N;
-async function st(t) {
+let J;
+async function nt(t) {
   const { kty: e, e: n, n: r, x: s, y: o, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: r, x: s, y: o, crv: i };
-  return N.set(t, u), u;
+  return J.set(t, u), u;
 }
-async function at(t) {
-  return N || (N = /* @__PURE__ */ new WeakMap()), N.get(t) || st(t);
+async function rt(t) {
+  return J || (J = /* @__PURE__ */ new WeakMap()), J.get(t) || nt(t);
 }
-function ct(t, e, n) {
+function ot(t, e, n) {
   if (typeof t != "string")
     throw new TypeError(`"as.${e}" must be a string`);
   return new URL(t);
 }
-function ye(t, e, n) {
-  return ct(t[e], e);
+function me(t, e, n) {
+  return ot(t[e], e);
 }
-function G(t) {
+function B(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function ut(t, e, n, r, s, o) {
+async function it(t, e, n, r, s, o) {
   if (!g(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return r = W(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await it(r, o.DPoP, n, "GET", H({ [K]: o == null ? void 0 : o[K] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[Y]) || fetch)(n.href, {
+  return r = K(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await tt(r, o.DPoP, n, "GET", D({ [N]: o == null ? void 0 : o[N] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[q]) || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: e,
     redirect: "manual",
-    signal: o != null && o.signal ? Q(o.signal) : null
-  }).then(Z);
+    signal: o != null && o.signal ? Y(o.signal) : null
+  }).then(V);
 }
-async function lt(t, e, n, r) {
-  j(t), I(e);
-  const s = ye(t, "userinfo_endpoint"), o = W(r == null ? void 0 : r.headers);
-  return e.userinfo_signed_response_alg ? o.set("accept", "application/jwt") : (o.set("accept", "application/json"), o.append("accept", "application/jwt")), ut(n, "GET", s, o, null, {
+async function st(t, e, n, r) {
+  L(t), C(e);
+  const s = me(t, "userinfo_endpoint"), o = K(r == null ? void 0 : r.headers);
+  return e.userinfo_signed_response_alg ? o.set("accept", "application/jwt") : (o.set("accept", "application/json"), o.append("accept", "application/jwt")), it(n, "GET", s, o, null, {
     ...r,
-    [K]: H(e)
+    [N]: D(e)
   });
 }
-async function dt(t, e, n, r, s, o, i) {
-  return await ot(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[Y]) || fetch)(r.href, {
+async function at(t, e, n, r, s, o, i) {
+  return await et(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[q]) || fetch)(r.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: n,
     redirect: "manual",
-    signal: i != null && i.signal ? Q(i.signal) : null
-  }).then(Z);
+    signal: i != null && i.signal ? Y(i.signal) : null
+  }).then(V);
 }
-async function _e(t, e, n, r, s) {
-  const o = ye(t, "token_endpoint");
+async function ye(t, e, n, r, s) {
+  const o = me(t, "token_endpoint");
   r.set("grant_type", n);
-  const i = W(s == null ? void 0 : s.headers);
-  return i.set("accept", "application/json"), dt(t, e, "POST", o, r, i, s);
+  const i = K(s == null ? void 0 : s.headers);
+  return i.set("accept", "application/json"), at(t, e, "POST", o, r, i, s);
 }
-async function ht(t, e, n, r) {
-  if (j(t), I(e), !g(n))
+async function ct(t, e, n, r) {
+  if (L(t), C(e), !g(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const s = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
-  return s.set("refresh_token", n), _e(t, e, "refresh_token", s, r);
+  return s.set("refresh_token", n), ye(t, e, "refresh_token", s, r);
 }
-const ft = /* @__PURE__ */ new WeakMap();
-async function be(t, e, n, r = !1, s = !1) {
-  if (j(t), I(e), !V(n, Response))
+const ut = /* @__PURE__ */ new WeakMap();
+async function _e(t, e, n, r = !1, s = !1) {
+  if (L(t), C(e), !G(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await St(n))
+    if (i = await yt(n))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  ee(n);
+  Q(n);
   let o;
   try {
     o = await n.json();
   } catch (i) {
     throw new a('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!C(o))
+  if (!x(o))
     throw new a('"response" body must be a top level object');
   if (!g(o.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
@@ -606,20 +605,20 @@ async function be(t, e, n, r = !1, s = !1) {
     if (o.id_token !== void 0 && !g(o.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (o.id_token) {
-      const { claims: i } = await Tt(o.id_token, Et.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), ke, H(e), tt(e)).then(bt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(gt.bind(void 0, t.issuer)).then(wt.bind(void 0, e.client_id));
+      const { claims: i } = await bt(o.id_token, vt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Se, D(e), Ze(e)).then(gt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(ht.bind(void 0, t.issuer)).then(dt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      ft.set(o, i);
+      ut.set(o, i);
     }
   }
   return o;
 }
-async function pt(t, e, n) {
-  return be(t, e, n);
+async function lt(t, e, n) {
+  return _e(t, e, n);
 }
-function wt(t, e) {
+function dt(t, e) {
   if (Array.isArray(e.claims.aud)) {
     if (!e.claims.aud.includes(t))
       throw new a('unexpected JWT "aud" (audience) claim value');
@@ -627,29 +626,29 @@ function wt(t, e) {
     throw new a('unexpected JWT "aud" (audience) claim value');
   return e;
 }
-function gt(t, e) {
+function ht(t, e) {
   if (e.claims.iss !== t)
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const ve = /* @__PURE__ */ new WeakSet();
-function mt(t) {
-  return ve.add(t), t;
+const be = /* @__PURE__ */ new WeakSet();
+function ft(t) {
+  return be.add(t), t;
 }
-async function yt(t, e, n, r, s, o) {
-  if (j(t), I(e), !ve.has(n))
+async function pt(t, e, n, r, s, o) {
+  if (L(t), C(e), !be.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!g(r))
     throw new TypeError('"redirectUri" must be a non-empty string');
   if (!g(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  const i = k(n, "code");
+  const i = T(n, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
   const u = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
-  return u.set("redirect_uri", r), u.set("code_verifier", s), u.set("code", i), _e(t, e, "authorization_code", u, o);
+  return u.set("redirect_uri", r), u.set("code_verifier", s), u.set("code", i), ye(t, e, "authorization_code", u, o);
 }
-const _t = {
+const wt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -665,15 +664,15 @@ const _t = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function bt(t, e) {
+function gt(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${_t[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${wt[n]}) claim missing`);
   return e;
 }
-async function vt(t, e, n) {
-  const r = await be(t, e, n, !0);
-  if (G(r))
+async function mt(t, e, n) {
+  const r = await _e(t, e, n, !0);
+  if (B(r))
     return r;
   if (r.id_token !== void 0) {
     if (typeof r.id_token == "string" && r.id_token.length)
@@ -682,26 +681,26 @@ async function vt(t, e, n) {
   }
   return r;
 }
-function ee(t) {
+function Q(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function St(t) {
+async function yt(t) {
   if (t.status > 399 && t.status < 500) {
-    ee(t);
+    Q(t);
     try {
       const e = await t.json();
-      if (C(e) && typeof e.error == "string" && e.error.length)
+      if (x(e) && typeof e.error == "string" && e.error.length)
         return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
   }
 }
-function le(t) {
+function ce(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function kt(t) {
+function _t(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -713,15 +712,15 @@ function kt(t) {
       throw new S();
   }
 }
-function Se(t) {
+function ve(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: kt(t.algorithm.namedCurve)
+        hash: _t(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (le(t.algorithm), t.algorithm.hash.name) {
+      switch (ce(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
@@ -733,15 +732,15 @@ function Se(t) {
           throw new S();
       }
     case "RSASSA-PKCS1-v1_5":
-      return le(t.algorithm), t.algorithm.name;
+      return ce(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
       return t.algorithm.name;
   }
   throw new S();
 }
-const ke = Symbol();
-async function Tt(t, e, n, r, s) {
+const Se = Symbol();
+async function bt(t, e, n, r, s) {
   const { 0: o, 1: i, 2: u, length: f } = t.split(".");
   if (f === 5)
     throw new S("JWE structure JWTs are not supported");
@@ -749,35 +748,35 @@ async function Tt(t, e, n, r, s) {
     throw new a("Invalid JWT");
   let y;
   try {
-    y = JSON.parse(A(T(o)));
-  } catch (R) {
-    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: R });
+    y = JSON.parse(A(k(o)));
+  } catch (E) {
+    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: E });
   }
-  if (!C(y))
+  if (!x(y))
     throw new a("JWT Header must be a top level object");
   if (e(y), y.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const b = T(u);
+  const b = k(u);
   let _;
-  if (n !== ke) {
+  if (n !== Se) {
     _ = await n(y);
-    const R = `${o}.${i}`;
-    if (!await crypto.subtle.verify(Se(_), _, b, A(R)))
+    const E = `${o}.${i}`;
+    if (!await crypto.subtle.verify(ve(_), _, b, A(E)))
       throw new a("JWT signature verification failed");
   }
   let h;
   try {
-    h = JSON.parse(A(T(i)));
-  } catch (R) {
-    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: R });
+    h = JSON.parse(A(k(i)));
+  } catch (E) {
+    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: E });
   }
-  if (!C(h))
+  if (!x(h))
     throw new a("JWT Payload must be a top level object");
-  const U = X() + r;
+  const P = Z() + r;
   if (h.exp !== void 0) {
     if (typeof h.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
-    if (h.exp <= U - s)
+    if (h.exp <= P - s)
       throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
   if (h.iat !== void 0 && typeof h.iat != "number")
@@ -787,14 +786,14 @@ async function Tt(t, e, n, r, s) {
   if (h.nbf !== void 0) {
     if (typeof h.nbf != "number")
       throw new a('unexpected JWT "nbf" (not before) claim type');
-    if (h.nbf > U + s)
+    if (h.nbf > P + s)
       throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
   if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
   return { header: y, claims: h, signature: b, key: _ };
 }
-function Et(t, e, n) {
+function vt(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
@@ -808,30 +807,30 @@ function Et(t, e, n) {
   if (n.alg !== "RS256")
     throw new a('unexpected JWT "alg" header parameter');
 }
-function k(t, e) {
+function T(t, e) {
   const { 0: n, length: r } = t.getAll(e);
   if (r > 1)
     throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
-const At = Symbol(), Rt = Symbol();
-function Pt(t, e, n, r) {
-  if (j(t), I(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+const St = Symbol(), Tt = Symbol();
+function kt(t, e, n, r) {
+  if (L(t), C(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
-  if (k(n, "response"))
+  if (T(n, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const s = k(n, "iss"), o = k(n, "state");
+  const s = T(n, "iss"), o = T(n, "state");
   if (!s && t.authorization_response_iss_parameter_supported)
     throw new a('response parameter "iss" (issuer) missing');
   if (s && s !== t.issuer)
     throw new a('unexpected "iss" (issuer) response parameter value');
   switch (r) {
     case void 0:
-    case Rt:
+    case Tt:
       if (o !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case At:
+    case St:
       break;
     default:
       if (!g(r))
@@ -841,66 +840,41 @@ function Pt(t, e, n, r) {
       if (o !== r)
         throw new a('unexpected "state" response parameter value');
   }
-  const i = k(n, "error");
+  const i = T(n, "error");
   if (i)
     return {
       error: i,
-      error_description: k(n, "error_description"),
-      error_uri: k(n, "error_uri")
+      error_description: T(n, "error_description"),
+      error_uri: T(n, "error_uri")
     };
-  const u = k(n, "id_token"), f = k(n, "token");
+  const u = T(n, "id_token"), f = T(n, "token");
   if (u !== void 0 || f !== void 0)
     throw new S("implicit and hybrid flows are not supported");
-  return mt(new URLSearchParams(n));
+  return ft(new URLSearchParams(n));
 }
-class x extends Error {
+class O extends Error {
 }
-class q extends x {
+class ue extends O {
   constructor(e, n, r) {
     super(e, r), this.error = n;
   }
 }
-function xt({
-  handleCallback: t
-}) {
-  const e = je(!1), [n, r] = Ie(void 0), s = xe();
-  return ze(() => {
-    e.current || (e.current = !0, t().then((o) => {
-      s(o);
-    }).catch((o) => {
-      r(o);
-    }));
-  }, []), n ? n instanceof q ? /* @__PURE__ */ E.jsxs("div", { children: [
-    /* @__PURE__ */ E.jsx("h2", { children: "Error" }),
-    /* @__PURE__ */ E.jsxs("pre", { children: [
-      n.error.error,
-      n.error.error_description,
-      n.error.error_uri
-    ] })
-  ] }) : /* @__PURE__ */ E.jsxs("div", { children: [
-    /* @__PURE__ */ E.jsx("h2", { children: "Error" }),
-    /* @__PURE__ */ E.jsxs("pre", { children: [
-      n.message,
-      n.stack
-    ] })
-  ] }) : /* @__PURE__ */ E.jsx("div", { children: "Loading..." });
-}
-const M = "code-verifier";
-class Ut extends Ce {
-  constructor(e, n, r) {
-    super(), this.callbackUrlPath = e, this.handleCallback = n, this.initialize = r;
+const F = "code-verifier";
+class At extends Le {
+  constructor(e, n) {
+    super(), this.callbackUrlPath = e, this.initialize = n;
   }
   getRoutes() {
     return [
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ E.jsx(xt, { handleCallback: this.handleCallback })
+        element: /* @__PURE__ */ Pe.jsx("div", {})
       }
     ];
   }
 }
-class Lt {
+class Et {
   constructor({
     issuer: e,
     audience: n,
@@ -924,7 +898,7 @@ class Lt {
     m(this, "redirectToAfterSignOut");
     m(this, "audience");
     m(this, "signOut", async () => {
-      oe.setState({
+      ne.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0
@@ -940,37 +914,35 @@ class Lt {
       )) : r = n;
     });
     m(this, "handleCallback", async () => {
-      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = sessionStorage.getItem(M);
-      if (sessionStorage.removeItem(M), !r)
-        throw new x(
-          "Code verifier not found. Invalid auth state."
-        );
-      const s = await this.getAuthServer(), o = Pt(
+      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = sessionStorage.getItem(F);
+      if (sessionStorage.removeItem(F), !r)
+        return;
+      const s = await this.getAuthServer(), o = kt(
         s,
         this.client,
         e.searchParams,
         n ?? void 0
       );
-      if (G(o))
-        throw ie.error("Error validating OAuth response", o), new q(
+      if (B(o))
+        throw re.error("Error validating OAuth response", o), new ue(
           "Error validating OAuth response",
           o
         );
       const i = new URL(e);
       i.pathname = this.redirectToAfterSignIn, i.search = "";
-      const u = await yt(
+      const u = await pt(
         s,
         this.client,
         o,
         i.toString(),
         r
-      ), f = await vt(
+      ), f = await mt(
         s,
         this.client,
         u
       );
       this.setTokensFromResponse(f);
-      const y = await this.getAccessToken(), _ = await (await lt(
+      const y = await this.getAccessToken(), _ = await (await st(
         s,
         this.client,
         y
@@ -981,7 +953,7 @@ class Lt {
         emailVerified: _.email_verified ?? !1,
         pictureUrl: _.picture
       };
-      return oe.setState({
+      return ne.setState({
         isAuthenticated: !0,
         isPending: !1,
         profile: h
@@ -1002,8 +974,8 @@ class Lt {
           code_challenge_methods_supported: []
         };
       else {
-        const e = new URL(this.issuer), n = await Me(e);
-        this.authorizationServer = await Be(
+        const e = new URL(this.issuer), n = await De(e);
+        this.authorizationServer = await He(
           e,
           n
         );
@@ -1015,10 +987,10 @@ class Lt {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (G(e))
-      throw ie.error("Bad Token Response", e), new q("Bad Token Response", e);
+    if (B(e))
+      throw re.error("Bad Token Response", e), new ue("Bad Token Response", e);
     if (!e.expires_in)
-      throw new x("No expires_in in response");
+      throw new O("No expires_in in response");
     this.tokens = {
       accessToken: e.access_token,
       refreshToken: e.refresh_token,
@@ -1042,9 +1014,9 @@ class Lt {
     var f;
     const n = "S256", r = await this.getAuthServer();
     if (!r.authorization_endpoint)
-      throw new x("No authorization endpoint");
-    const s = Ge(), o = await Ve(s);
-    sessionStorage.setItem(M, s);
+      throw new O("No authorization endpoint");
+    const s = $e(), o = await Me(s);
+    sessionStorage.setItem(F, s);
     const i = new URL(
       r.authorization_endpoint
     );
@@ -1054,7 +1026,7 @@ class Lt {
       "code_challenge_method",
       n
     ), this.audience && i.searchParams.set("audience", this.audience), ((f = r.code_challenge_methods_supported) == null ? void 0 : f.includes("S256")) !== !0) {
-      const y = qe();
+      const y = Fe();
       i.searchParams.set("state", y);
     }
     location.href = i.href;
@@ -1062,17 +1034,15 @@ class Lt {
   async getAccessToken() {
     const e = await this.getAuthServer();
     if (!this.tokens)
-      throw new x("User is not authenticated");
+      throw new O("User is not authenticated");
     if (this.tokens.expiresOn < /* @__PURE__ */ new Date()) {
       if (!this.tokens.refreshToken)
-        throw new x(
-          "Token expired and no refresh token available"
-        );
-      const n = await ht(
+        return await this.signIn(), "";
+      const n = await ct(
         e,
         this.client,
         this.tokens.refreshToken
-      ), r = await pt(
+      ), r = await lt(
         e,
         this.client,
         n
@@ -1082,18 +1052,22 @@ class Lt {
     return this.tokens.accessToken;
   }
   getAuthenticationPlugin() {
-    return new Ut(
+    return new At(
       this.callbackUrlPath,
-      async () => this.handleCallback(),
-      async () => {
-        typeof localStorage < "u" && localStorage.getItem("auto-login") && (localStorage.removeItem("auto-login"), await this.authorize({ redirectTo: window.location.pathname }));
+      async (e, n) => {
+        if (typeof localStorage < "u" && localStorage.getItem("auto-login"))
+          localStorage.removeItem("auto-login"), await this.authorize({ redirectTo: window.location.pathname });
+        else if (window.location.pathname === "/oauth/callback") {
+          const r = await this.handleCallback();
+          r && n.navigate(r);
+        }
       }
     );
   }
 }
-const Nt = (t) => new Lt(t);
+const Ct = (t) => new Et(t);
 export {
-  Lt as OpenIDAuthenticationProvider,
-  Nt as default
+  Et as OpenIDAuthenticationProvider,
+  Ct as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map