zudoku 0.3.1-dev.16 → 0.3.1-dev.18

package/lib/zudoku.auth-openid.js

@@ -1,7 +1,7 @@
 var xe = Object.defineProperty;
 var Le = (t, e, n) => e in t ? xe(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var m = (t, e, n) => Le(t, typeof e != "symbol" ? e + "" : e, n);
-import { j as R } from "./jsx-runtime-B6kdoens.js";
+var y = (t, e, n) => Le(t, typeof e != "symbol" ? e + "" : e, n);
+import { j as P } from "./jsx-runtime-B6kdoens.js";
 import { c as Ce, a as Ie } from "./_commonjsHelpers-BVfed4GL.js";
 import { A as je } from "./AuthenticationPlugin-owbEUimP.js";
 import { useState as ze, useRef as Je, useEffect as Oe } from "react";
@@ -9,7 +9,7 @@ import { D as Ne } from "./DeveloperHint-BQSFXH01.js";
 import { E as De } from "./ErrorPage-PUg985n_.js";
 import { S as Ke } from "./Markdown-Chb9VIBv.js";
 import { e as We } from "./index-Yjb2PyPF.js";
-import { u as ie } from "./state-DsXXkBLH.js";
+import { u as N } from "./state-DsXXkBLH.js";
 var fe = { exports: {} };
 (function(t) {
   (function(e, n) {
@@ -35,11 +35,11 @@ var fe = { exports: {} };
         };
       }
     }
-    function d() {
+    function h() {
       console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
     }
-    function y(l) {
-      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? d : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
+    function m(l) {
+      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? h : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
     }
     function b() {
       for (var l = this.getLevel(), w = 0; w < s.length; w++) {
@@ -55,13 +55,13 @@ var fe = { exports: {} };
       };
     }
     function f(l, w, c) {
-      return y(l) || _.apply(this, arguments);
+      return m(l) || _.apply(this, arguments);
     }
-    function U(l, w) {
-      var c = this, J, M, P, v = "loglevel";
+    function A(l, w) {
+      var c = this, J, B, U, v = "loglevel";
       typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
-      function Re(h) {
-        var g = (s[h] || "silent").toUpperCase();
+      function Re(d) {
+        var g = (s[d] || "silent").toUpperCase();
         if (!(typeof window === n || !v)) {
           try {
             window.localStorage[v] = g;
@@ -74,22 +74,22 @@ var fe = { exports: {} };
           }
         }
       }
-      function ne() {
-        var h;
+      function re() {
+        var d;
         if (!(typeof window === n || !v)) {
           try {
-            h = window.localStorage[v];
+            d = window.localStorage[v];
           } catch {
           }
-          if (typeof h === n)
+          if (typeof d === n)
             try {
-              var g = window.document.cookie, O = encodeURIComponent(v), oe = g.indexOf(O + "=");
-              oe !== -1 && (h = /^([^;]+)/.exec(
-                g.slice(oe + O.length + 1)
+              var g = window.document.cookie, O = encodeURIComponent(v), ie = g.indexOf(O + "=");
+              ie !== -1 && (d = /^([^;]+)/.exec(
+                g.slice(ie + O.length + 1)
               )[1]);
             } catch {
             }
-          return c.levels[h] === void 0 && (h = void 0), h;
+          return c.levels[d] === void 0 && (d = void 0), d;
         }
       }
       function Pe() {
@@ -104,11 +104,11 @@ var fe = { exports: {} };
           }
         }
       }
-      function x(h) {
-        var g = h;
+      function L(d) {
+        var g = d;
         if (typeof g == "string" && c.levels[g.toUpperCase()] !== void 0 && (g = c.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= c.levels.SILENT)
           return g;
-        throw new TypeError("log.setLevel() called with invalid level: " + h);
+        throw new TypeError("log.setLevel() called with invalid level: " + d);
       }
       c.name = l, c.levels = {
         TRACE: 0,
@@ -118,50 +118,50 @@ var fe = { exports: {} };
         ERROR: 4,
         SILENT: 5
       }, c.methodFactory = w || f, c.getLevel = function() {
-        return P ?? M ?? J;
-      }, c.setLevel = function(h, g) {
-        return P = x(h), g !== !1 && Re(P), b.call(c);
-      }, c.setDefaultLevel = function(h) {
-        M = x(h), ne() || c.setLevel(h, !1);
+        return U ?? B ?? J;
+      }, c.setLevel = function(d, g) {
+        return U = L(d), g !== !1 && Re(U), b.call(c);
+      }, c.setDefaultLevel = function(d) {
+        B = L(d), re() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
-        P = null, Pe(), b.call(c);
-      }, c.enableAll = function(h) {
-        c.setLevel(c.levels.TRACE, h);
-      }, c.disableAll = function(h) {
-        c.setLevel(c.levels.SILENT, h);
+        U = null, Pe(), b.call(c);
+      }, c.enableAll = function(d) {
+        c.setLevel(c.levels.TRACE, d);
+      }, c.disableAll = function(d) {
+        c.setLevel(c.levels.SILENT, d);
       }, c.rebuild = function() {
-        if (i !== c && (J = x(i.getLevel())), b.call(c), i === c)
-          for (var h in r)
-            r[h].rebuild();
-      }, J = x(
+        if (i !== c && (J = L(i.getLevel())), b.call(c), i === c)
+          for (var d in r)
+            r[d].rebuild();
+      }, J = L(
         i ? i.getLevel() : "WARN"
       );
-      var re = ne();
-      re != null && (P = x(re)), b.call(c);
+      var oe = re();
+      oe != null && (U = L(oe)), b.call(c);
     }
-    i = new U(), i.getLogger = function(w) {
+    i = new A(), i.getLogger = function(w) {
       if (typeof w != "symbol" && typeof w != "string" || w === "")
         throw new TypeError("You must supply a name when creating a logger.");
       var c = r[w];
-      return c || (c = r[w] = new U(
+      return c || (c = r[w] = new A(
         w,
         i.methodFactory
       )), c;
     };
-    var A = typeof window !== n ? window.log : void 0;
+    var R = typeof window !== n ? window.log : void 0;
     return i.noConflict = function() {
-      return typeof window !== n && window.log === i && (window.log = A), i;
+      return typeof window !== n && window.log === i && (window.log = R), i;
     }, i.getLoggers = function() {
       return r;
     }, i.default = i, i;
   });
 })(fe);
 var He = fe.exports;
-const D = /* @__PURE__ */ Ie(He);
-let V;
-var N, de;
-(typeof navigator > "u" || !((de = (N = navigator.userAgent) == null ? void 0 : N.startsWith) != null && de.call(N, "Mozilla/5.0 "))) && (V = "oauth4webapi/v2.11.1");
-function Z(t, e) {
+const K = /* @__PURE__ */ Ie(He);
+let Y;
+var D, he;
+(typeof navigator > "u" || !((he = (D = navigator.userAgent) == null ? void 0 : D.startsWith) != null && he.call(D, "Mozilla/5.0 "))) && (Y = "oauth4webapi/v2.11.1");
+function Q(t, e) {
   if (t == null)
     return !1;
   try {
@@ -170,8 +170,8 @@ function Z(t, e) {
     return !1;
   }
 }
-const W = Symbol(), $e = Symbol(), Q = Symbol(), Fe = new TextEncoder(), Me = new TextDecoder();
-function E(t) {
+const H = Symbol(), $e = Symbol(), X = Symbol(), Fe = new TextEncoder(), Me = new TextDecoder();
+function k(t) {
   return typeof t == "string" ? Fe.encode(t) : Me.decode(t);
 }
 const se = 32768;
@@ -192,7 +192,7 @@ function qe(t) {
     throw new a("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function k(t) {
+function E(t) {
   return typeof t == "string" ? qe(t) : Be(t);
 }
 class Ge {
@@ -241,7 +241,7 @@ function ge(t) {
 function Ye(t) {
   return we(t) && t.type === "public";
 }
-function X(t) {
+function ee(t) {
   try {
     const e = t.headers.get("dpop-nonce");
     e && pe.set(new URL(t.url).origin, e);
@@ -252,16 +252,16 @@ function X(t) {
 function C(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function H(t) {
-  Z(t, Headers) && (t = Object.fromEntries(t.entries()));
+function $(t) {
+  Q(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (V && !e.has("user-agent") && e.set("user-agent", V), e.has("authorization"))
+  if (Y && !e.has("user-agent") && e.set("user-agent", Y), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function ee(t) {
+function te(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
@@ -283,13 +283,13 @@ async function Ze(t, e) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const o = H(e == null ? void 0 : e.headers);
-  return o.set("accept", "application/json"), ((e == null ? void 0 : e[Q]) || fetch)(n.href, {
+  const o = $(e == null ? void 0 : e.headers);
+  return o.set("accept", "application/json"), ((e == null ? void 0 : e[X]) || fetch)(n.href, {
     headers: Object.fromEntries(o.entries()),
     method: "GET",
     redirect: "manual",
-    signal: e != null && e.signal ? ee(e.signal) : null
-  }).then(X);
+    signal: e != null && e.signal ? te(e.signal) : null
+  }).then(ee);
 }
 function p(t) {
   return typeof t == "string" && t.length !== 0;
@@ -297,11 +297,11 @@ function p(t) {
 async function Qe(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!Z(e, Response))
+  if (!Q(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  te(e);
+  ne(e);
   let n;
   try {
     n = await e.json();
@@ -316,19 +316,19 @@ async function Qe(t, e) {
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
   return n;
 }
-function $() {
-  return k(crypto.getRandomValues(new Uint8Array(32)));
+function F() {
+  return E(crypto.getRandomValues(new Uint8Array(32)));
 }
 function Xe() {
-  return $();
+  return F();
 }
 function et() {
-  return $();
+  return F();
 }
 async function tt(t) {
   if (!p(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return k(await crypto.subtle.digest("SHA-256", E(t)));
+  return E(await crypto.subtle.digest("SHA-256", k(t)));
 }
 function nt(t) {
   if (t instanceof CryptoKey)
@@ -398,20 +398,20 @@ function me(t) {
   }
 }
 function I(t) {
-  const e = t == null ? void 0 : t[W];
+  const e = t == null ? void 0 : t[H];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
 function ye(t) {
   const e = t == null ? void 0 : t[$e];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
-function F() {
+function M() {
   return Math.floor(Date.now() / 1e3);
 }
 function at(t, e) {
-  const n = F() + I(e);
+  const n = M() + I(e);
   return {
-    jti: $(),
+    jti: F(),
     aud: [t.issuer, t.token_endpoint],
     exp: n + 60,
     iat: n,
@@ -445,7 +445,7 @@ function ce(t) {
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
 }
-function B(t, e) {
+function q(t, e) {
   if (e !== void 0)
     throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
@@ -457,11 +457,11 @@ async function ut(t, e, n, o, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      B("client_secret_basic", s), o.set("authorization", rt(e.client_id, ce(e.client_secret)));
+      q("client_secret_basic", s), o.set("authorization", rt(e.client_id, ce(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      B("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
+      q("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
       break;
     }
     case "private_key_jwt": {
@@ -476,7 +476,7 @@ async function ut(t, e, n, o, s) {
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ue(e.token_endpoint_auth_method, e.client_secret), B(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
+      ue(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
       break;
     }
     default:
@@ -486,40 +486,40 @@ async function ut(t, e, n, o, s) {
 async function be(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${k(E(JSON.stringify(t)))}.${k(E(JSON.stringify(e)))}`, s = k(await crypto.subtle.sign(Ee(n), n, E(o)));
+  const o = `${E(k(JSON.stringify(t)))}.${E(k(JSON.stringify(e)))}`, s = E(await crypto.subtle.sign(ke(n), n, k(o)));
   return `${o}.${s}`;
 }
 async function lt(t, e, n, o, s, r) {
-  const { privateKey: i, publicKey: u, nonce: d = pe.get(n.origin) } = e;
+  const { privateKey: i, publicKey: u, nonce: h = pe.get(n.origin) } = e;
   if (!ge(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
   if (!Ye(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
-  if (d !== void 0 && !p(d))
+  if (h !== void 0 && !p(h))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const y = F() + s, b = await be({
+  const m = M() + s, b = await be({
     alg: me(i),
     typ: "dpop+jwt",
-    jwk: await dt(u)
+    jwk: await ht(u)
   }, {
-    iat: y,
-    jti: $(),
+    iat: m,
+    jti: F(),
     htm: o,
-    nonce: d,
+    nonce: h,
     htu: `${n.origin}${n.pathname}`,
-    ath: r ? k(await crypto.subtle.digest("SHA-256", E(r))) : void 0
+    ath: r ? E(await crypto.subtle.digest("SHA-256", k(r))) : void 0
   }, i);
   t.set("dpop", b);
 }
-let K;
-async function ht(t) {
+let W;
+async function dt(t) {
   const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: o, x: s, y: r, crv: i };
-  return K.set(t, u), u;
+  return W.set(t, u), u;
 }
-async function dt(t) {
-  return K || (K = /* @__PURE__ */ new WeakMap()), K.get(t) || ht(t);
+async function ht(t) {
+  return W || (W = /* @__PURE__ */ new WeakMap()), W.get(t) || dt(t);
 }
 function ft(t, e, n) {
   if (typeof t != "string")
@@ -529,7 +529,7 @@ function ft(t, e, n) {
 function _e(t, e, n) {
   return ft(t[e], e);
 }
-function Y(t) {
+function Z(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
@@ -538,35 +538,35 @@ async function pt(t, e, n, o, s, r) {
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = H(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await lt(o, r.DPoP, n, "GET", I({ [W]: r == null ? void 0 : r[W] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[Q]) || fetch)(n.href, {
+  return o = $(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await lt(o, r.DPoP, n, "GET", I({ [H]: r == null ? void 0 : r[H] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[X]) || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: r != null && r.signal ? ee(r.signal) : null
-  }).then(X);
+    signal: r != null && r.signal ? te(r.signal) : null
+  }).then(ee);
 }
 async function wt(t, e, n, o) {
   j(t), z(e);
-  const s = _e(t, "userinfo_endpoint"), r = H(o == null ? void 0 : o.headers);
+  const s = _e(t, "userinfo_endpoint"), r = $(o == null ? void 0 : o.headers);
   return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), pt(n, "GET", s, r, null, {
     ...o,
-    [W]: I(e)
+    [H]: I(e)
   });
 }
 async function gt(t, e, n, o, s, r, i) {
-  return await ut(t, e, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[Q]) || fetch)(o.href, {
+  return await ut(t, e, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[X]) || fetch)(o.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: n,
     redirect: "manual",
-    signal: i != null && i.signal ? ee(i.signal) : null
-  }).then(X);
+    signal: i != null && i.signal ? te(i.signal) : null
+  }).then(ee);
 }
 async function ve(t, e, n, o, s) {
   const r = _e(t, "token_endpoint");
   o.set("grant_type", n);
-  const i = H(s == null ? void 0 : s.headers);
+  const i = $(s == null ? void 0 : s.headers);
   return i.set("accept", "application/json"), gt(t, e, "POST", r, o, i, s);
 }
 async function mt(t, e, n, o) {
@@ -585,7 +585,7 @@ function yt(t) {
   return e;
 }
 async function Te(t, e, n, o = !1, s = !1) {
-  if (j(t), z(e), !Z(n, Response))
+  if (j(t), z(e), !Q(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
@@ -593,7 +593,7 @@ async function Te(t, e, n, o = !1, s = !1) {
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  te(n);
+  ne(n);
   let r;
   try {
     r = await n.json();
@@ -618,7 +618,7 @@ async function Te(t, e, n, o = !1, s = !1) {
     if (r.id_token !== void 0 && !p(r.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i } = await xt(r.id_token, Lt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, I(e), ye(e)).then(Et.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(vt.bind(void 0, t.issuer)).then(_t.bind(void 0, e.client_id));
+      const { claims: i } = await xt(r.id_token, Lt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, I(e), ye(e)).then(kt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(vt.bind(void 0, t.issuer)).then(_t.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
@@ -644,12 +644,12 @@ function vt(t, e) {
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const ke = /* @__PURE__ */ new WeakSet();
+const Ee = /* @__PURE__ */ new WeakSet();
 function St(t) {
-  return ke.add(t), t;
+  return Ee.add(t), t;
 }
 async function Tt(t, e, n, o, s, r) {
-  if (j(t), z(e), !ke.has(n))
+  if (j(t), z(e), !Ee.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!p(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
@@ -661,7 +661,7 @@ async function Tt(t, e, n, o, s, r) {
   const u = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
   return u.set("redirect_uri", o), u.set("code_verifier", s), u.set("code", i), ve(t, e, "authorization_code", u, r);
 }
-const kt = {
+const Et = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -677,28 +677,28 @@ const kt = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function Et(t, e) {
+function kt(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${kt[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${Et[n]}) claim missing`);
   return e;
 }
-const At = Symbol(), q = Symbol();
+const At = Symbol(), G = Symbol();
 async function Rt(t, e, n, o, s) {
   const r = await Te(t, e, n);
-  if (Y(r))
+  if (Z(r))
     return r;
   if (!p(r.id_token))
     throw new a('"response" body "id_token" property must be a non-empty string');
-  s ?? (s = e.default_max_age ?? q);
+  s ?? (s = e.default_max_age ?? G);
   const i = yt(r);
-  if ((e.require_auth_time || s !== q) && i.auth_time === void 0)
+  if ((e.require_auth_time || s !== G) && i.auth_time === void 0)
     throw new a('ID Token "auth_time" (authentication time) claim missing');
-  if (s !== q) {
+  if (s !== G) {
     if (typeof s != "number" || s < 0)
       throw new TypeError('"maxAge" must be a non-negative number');
-    const u = F() + I(e), d = ye(e);
-    if (i.auth_time + s < u - d)
+    const u = M() + I(e), h = ye(e);
+    if (i.auth_time + s < u - h)
       throw new a("too much time has elapsed since the last End-User authentication");
   }
   switch (o) {
@@ -717,13 +717,13 @@ async function Rt(t, e, n, o, s) {
   }
   return r;
 }
-function te(t) {
+function ne(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
 async function Pt(t) {
   if (t.status > 399 && t.status < 500) {
-    te(t);
+    ne(t);
     try {
       const e = await t.json();
       if (C(e) && typeof e.error == "string" && e.error.length)
@@ -748,7 +748,7 @@ function Ut(t) {
       throw new S();
   }
 }
-function Ee(t) {
+function ke(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
@@ -777,42 +777,42 @@ function Ee(t) {
 }
 const Ae = Symbol();
 async function xt(t, e, n, o, s) {
-  const { 0: r, 1: i, 2: u, length: d } = t.split(".");
-  if (d === 5)
+  const { 0: r, 1: i, 2: u, length: h } = t.split(".");
+  if (h === 5)
     throw new S("JWE structure JWTs are not supported");
-  if (d !== 3)
+  if (h !== 3)
     throw new a("Invalid JWT");
-  let y;
+  let m;
   try {
-    y = JSON.parse(E(k(r)));
-  } catch (A) {
-    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: A });
+    m = JSON.parse(k(E(r)));
+  } catch (R) {
+    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: R });
   }
-  if (!C(y))
+  if (!C(m))
     throw new a("JWT Header must be a top level object");
-  if (e(y), y.crit !== void 0)
+  if (e(m), m.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const b = k(u);
+  const b = E(u);
   let _;
   if (n !== Ae) {
-    _ = await n(y);
-    const A = `${r}.${i}`;
-    if (!await crypto.subtle.verify(Ee(_), _, b, E(A)))
+    _ = await n(m);
+    const R = `${r}.${i}`;
+    if (!await crypto.subtle.verify(ke(_), _, b, k(R)))
       throw new a("JWT signature verification failed");
   }
   let f;
   try {
-    f = JSON.parse(E(k(i)));
-  } catch (A) {
-    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: A });
+    f = JSON.parse(k(E(i)));
+  } catch (R) {
+    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: R });
   }
   if (!C(f))
     throw new a("JWT Payload must be a top level object");
-  const U = F() + o;
+  const A = M() + o;
   if (f.exp !== void 0) {
     if (typeof f.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
-    if (f.exp <= U - s)
+    if (f.exp <= A - s)
       throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
   if (f.iat !== void 0 && typeof f.iat != "number")
@@ -822,12 +822,12 @@ async function xt(t, e, n, o, s) {
   if (f.nbf !== void 0) {
     if (typeof f.nbf != "number")
       throw new a('unexpected JWT "nbf" (not before) claim type');
-    if (f.nbf > U + s)
+    if (f.nbf > A + s)
       throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
   if (f.aud !== void 0 && typeof f.aud != "string" && !Array.isArray(f.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: y, claims: f, signature: b, key: _ };
+  return { header: m, claims: f, signature: b, key: _ };
 }
 function Lt(t, e, n) {
   if (t !== void 0) {
@@ -883,8 +883,8 @@ function jt(t, e, n, o) {
       error_description: T(n, "error_description"),
       error_uri: T(n, "error_uri")
     };
-  const u = T(n, "id_token"), d = T(n, "token");
-  if (u !== void 0 || d !== void 0)
+  const u = T(n, "id_token"), h = T(n, "token");
+  if (u !== void 0 || h !== void 0)
     throw new S("implicit and hybrid flows are not supported");
   return St(new URLSearchParams(n));
 }
@@ -896,29 +896,29 @@ function zt({
     s.current || (s.current = !0, t().then((r) => {
       o(r);
     }).catch((r) => {
-      D.error(r), n(r);
+      K.error(r), n(r);
     }));
-  }, [o, t]), e ? /* @__PURE__ */ R.jsx(
+  }, [o, t]), e ? /* @__PURE__ */ P.jsx(
     De,
     {
       category: "Error",
       title: "Authentication Error",
-      message: /* @__PURE__ */ R.jsxs(R.Fragment, { children: [
-        /* @__PURE__ */ R.jsx(Ne, { className: "mb-4", children: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly." }),
+      message: /* @__PURE__ */ P.jsxs(P.Fragment, { children: [
+        /* @__PURE__ */ P.jsx(Ne, { className: "mb-4", children: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly." }),
         "An error occurred while authorizing the user.",
-        /* @__PURE__ */ R.jsx(Ke, { code: e.toString(), language: "plain" })
+        /* @__PURE__ */ P.jsx(Ke, { code: e.toString(), language: "plain" })
       ] })
     }
-  ) : /* @__PURE__ */ R.jsx("p", { children: "Loading..." });
+  ) : /* @__PURE__ */ P.jsx("p", { children: "Loading..." });
 }
-class L extends Error {
+class x extends Error {
 }
-class he extends L {
+class de extends x {
   constructor(e, n, o) {
     super(e, o), this.error = n;
   }
 }
-const G = "code-verifier";
+const V = "code-verifier";
 class Jt extends je {
   constructor(e, n) {
     super(), this.callbackUrlPath = e, this.handleCallback = n;
@@ -928,7 +928,7 @@ class Jt extends je {
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ R.jsx(zt, { handleCallback: this.handleCallback })
+        element: /* @__PURE__ */ P.jsx(zt, { handleCallback: this.handleCallback })
       }
     ];
   }
@@ -942,27 +942,26 @@ class Ot {
     clientId: r,
     redirectToAfterSignUp: i,
     redirectToAfterSignIn: u,
-    redirectToAfterSignOut: d
+    redirectToAfterSignOut: h
   }) {
-    m(this, "client");
-    m(this, "issuer");
-    m(this, "authorizationEndpoint");
-    m(this, "tokenEndpoint");
-    m(this, "authorizationServer");
-    m(this, "tokens");
-    m(this, "callbackUrlPath", "/oauth/callback");
-    m(this, "logoutRedirectUrlPath", "/");
-    m(this, "onAuthorizationUrl");
-    m(this, "redirectToAfterSignUp");
-    m(this, "redirectToAfterSignIn");
-    m(this, "redirectToAfterSignOut");
-    m(this, "audience");
-    m(this, "signOut", async () => {
-      ie.setState({
+    y(this, "client");
+    y(this, "issuer");
+    y(this, "authorizationEndpoint");
+    y(this, "tokenEndpoint");
+    y(this, "authorizationServer");
+    y(this, "callbackUrlPath", "/oauth/callback");
+    y(this, "logoutRedirectUrlPath", "/");
+    y(this, "onAuthorizationUrl");
+    y(this, "redirectToAfterSignUp");
+    y(this, "redirectToAfterSignIn");
+    y(this, "redirectToAfterSignOut");
+    y(this, "audience");
+    y(this, "signOut", async () => {
+      N.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0
-      }), localStorage.removeItem("auto-login");
+      }), sessionStorage.clear();
       const e = await this.getAuthServer(), n = new URL(
         window.location.origin + this.redirectToAfterSignOut
       );
@@ -973,18 +972,18 @@ class Ot {
         n.toString()
       )) : o = n;
     });
-    m(this, "handleCallback", async () => {
-      const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(G);
-      if (sessionStorage.removeItem(G), !o)
-        throw new L("No code verifier found in state.");
+    y(this, "handleCallback", async () => {
+      const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(V);
+      if (sessionStorage.removeItem(V), !o)
+        throw new x("No code verifier found in state.");
       const s = await this.getAuthServer(), r = jt(
         s,
         this.client,
         e.searchParams,
         n ?? void 0
       );
-      if (Y(r))
-        throw D.error("Error validating OAuth response", r), new he(
+      if (Z(r))
+        throw K.error("Error validating OAuth response", r), new de(
           "Error validating OAuth response",
           r
         );
@@ -996,16 +995,16 @@ class Ot {
         r,
         i.toString(),
         o
-      ), d = await Rt(
+      ), h = await Rt(
         s,
         this.client,
         u
       );
-      this.setTokensFromResponse(d);
-      const y = await this.getAccessToken(), _ = await (await wt(
+      this.setTokensFromResponse(h);
+      const m = await this.getAccessToken(), _ = await (await wt(
         s,
         this.client,
-        y
+        m
       )).json(), f = {
         sub: _.sub,
         email: _.email,
@@ -1013,16 +1012,21 @@ class Ot {
         emailVerified: _.email_verified ?? !1,
         pictureUrl: _.picture
       };
-      return ie.setState({
+      N.setState({
         isAuthenticated: !0,
         isPending: !1,
         profile: f
-      }), localStorage.setItem("auto-login", "1"), sessionStorage.getItem("redirect-to") ?? "/";
+      }), sessionStorage.setItem(
+        "profile-state",
+        JSON.stringify(N.getState().profile)
+      );
+      const A = sessionStorage.getItem("redirect-to") ?? "/";
+      return sessionStorage.removeItem("redirect-to"), A;
     });
     this.client = {
       client_id: r,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = o, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = d ?? "/";
+    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = o, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = h ?? "/";
   }
   async getAuthServer() {
     if (!this.authorizationServer)
@@ -1047,16 +1051,17 @@ class Ot {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (Y(e))
-      throw D.error("Bad Token Response", e), new he("Bad Token Response", e);
+    if (Z(e))
+      throw K.error("Bad Token Response", e), new de("Bad Token Response", e);
     if (!e.expires_in)
-      throw new L("No expires_in in response");
-    this.tokens = {
+      throw new x("No expires_in in response");
+    const n = {
       accessToken: e.access_token,
       refreshToken: e.refresh_token,
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
-    }, sessionStorage.setItem("openid-token", JSON.stringify(this.tokens));
+    };
+    sessionStorage.setItem("token-state", JSON.stringify(n));
   }
   async signUp({ redirectTo: e } = {}) {
     return this.authorize({
@@ -1073,21 +1078,21 @@ class Ot {
     redirectTo: e,
     isSignUp: n = !1
   }) {
-    var y, b;
+    var m, b;
     const o = "S256", s = await this.getAuthServer();
     if (!s.authorization_endpoint)
-      throw new L("No authorization endpoint");
+      throw new x("No authorization endpoint");
     const r = Xe(), i = await tt(r);
-    sessionStorage.setItem(G, r);
+    sessionStorage.setItem(V, r);
     const u = new URL(
       s.authorization_endpoint
     );
     sessionStorage.setItem("redirect-to", e);
-    const d = new URL(window.location.origin);
-    if (d.pathname = this.callbackUrlPath, d.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", d.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid profile email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
+    const h = new URL(window.location.origin);
+    if (h.pathname = this.callbackUrlPath, h.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", h.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid profile email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
       "code_challenge_method",
       o
-    ), this.audience && u.searchParams.set("audience", this.audience), (y = this.onAuthorizationUrl) == null || y.call(this, u, {
+    ), this.audience && u.searchParams.set("audience", this.audience), (m = this.onAuthorizationUrl) == null || m.call(this, u, {
       isSignIn: !n,
       isSignUp: n
     }), ((b = s.code_challenge_methods_supported) == null ? void 0 : b.includes("S256")) !== !0) {
@@ -1097,29 +1102,41 @@ class Ot {
     location.href = u.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer();
-    if (!this.tokens)
-      throw new L("User is not authenticated");
-    if (this.tokens.expiresOn < /* @__PURE__ */ new Date()) {
-      if (!this.tokens.refreshToken)
+    const e = await this.getAuthServer(), n = sessionStorage.getItem("token-state");
+    if (!n)
+      throw new x("User is not authenticated");
+    const o = JSON.parse(n);
+    if (o.expiresOn < /* @__PURE__ */ new Date()) {
+      if (!o.refreshToken)
         return await this.signIn(), "";
-      const n = await mt(
+      const s = await mt(
         e,
         this.client,
-        this.tokens.refreshToken
-      ), o = await bt(
+        o.refreshToken
+      ), r = await bt(
         e,
         this.client,
-        n
+        s
       );
-      this.setTokensFromResponse(o);
-    }
-    return this.tokens.accessToken;
+      if (!r.access_token)
+        throw new x("No access token in response");
+      return this.setTokensFromResponse(r), r.access_token.toString();
+    } else
+      return o.accessToken;
   }
   pageLoad() {
-    localStorage.getItem("auto-login") && (localStorage.removeItem("auto-login"), this.authorize({ redirectTo: window.location.pathname }).catch((e) => {
-      D.error(e);
-    }));
+    const e = sessionStorage.getItem("profile-state");
+    if (e)
+      try {
+        const n = JSON.parse(e);
+        N.setState({
+          isAuthenticated: !0,
+          isPending: !1,
+          profile: n
+        });
+      } catch (n) {
+        K.error("Error parsing auth state", n);
+      }
   }
   getAuthenticationPlugin() {
     return new Jt(this.callbackUrlPath, this.handleCallback);