npm - zudoku - Versions diffs - 0.3.1-dev.2 → 0.3.1-dev.20 - Mend

zudoku 0.3.1-dev.2 → 0.3.1-dev.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (125) hide show

package/lib/zudoku.auth-openid.js CHANGED Viewed

@@ -1,25 +1,31 @@
-var Ee = Object.defineProperty;
-var Re = (t, e, n) => e in t ? Ee(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var g = (t, e, n) => Re(t, typeof e != "symbol" ? e + "" : e, n);
-import { j as Pe } from "./jsx-runtime-B6kdoens.js";
-import { c as Ue, a as xe } from "./_commonjsHelpers-BVfed4GL.js";
-import { A as Le } from "./AuthenticationPlugin-CH5NSVOu.js";
-import { u as ne } from "./state-DsXXkBLH.js";
-var de = { exports: {} };
+var xe = Object.defineProperty;
+var Le = (t, e, n) => e in t ? xe(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
+var y = (t, e, n) => Le(t, typeof e != "symbol" ? e + "" : e, n);
+import { j as k } from "./jsx-runtime-B6kdoens.js";
+import { c as Ce, a as Ie } from "./_commonjsHelpers-BVfed4GL.js";
+import { A as je } from "./AuthenticationPlugin-owbEUimP.js";
+import { useState as ze, useRef as Je, useEffect as Oe } from "react";
+import { D as Ne } from "./DeveloperHint-BQSFXH01.js";
+import { E as De } from "./ErrorPage-PUg985n_.js";
+import { S as Ke } from "./Spinner-CvXZ7QK4.js";
+import { S as We } from "./Markdown-Chb9VIBv.js";
+import { e as He } from "./index-Yjb2PyPF.js";
+import { u as N } from "./state-DsXXkBLH.js";
+var fe = { exports: {} };
 (function(t) {
   (function(e, n) {
     t.exports ? t.exports = n() : e.log = n();
-  })(Ue, function() {
+  })(Ce, function() {
     var e = function() {
-    }, n = "undefined", r = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
+    }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
       "trace",
       "debug",
       "info",
       "warn",
       "error"
-    ], o = {}, i = null;
-    function u(l, p) {
-      var c = l[p];
+    ], r = {}, i = null;
+    function u(l, w) {
+      var c = l[w];
       if (typeof c.bind == "function")
         return c.bind(l);
       try {
@@ -30,46 +36,46 @@ var de = { exports: {} };
         };
       }
     }
-    function f() {
+    function h() {
       console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
     }
-    function y(l) {
-      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && r ? f : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
+    function m(l) {
+      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? h : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
     }
-    function _() {
-      for (var l = this.getLevel(), p = 0; p < s.length; p++) {
-        var c = s[p];
-        this[c] = p < l ? e : this.methodFactory(c, l, this.name);
+    function b() {
+      for (var l = this.getLevel(), w = 0; w < s.length; w++) {
+        var c = s[w];
+        this[c] = w < l ? e : this.methodFactory(c, l, this.name);
       }
       if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
         return "No console available for logging";
     }
-    function b(l) {
+    function _(l) {
       return function() {
-        typeof console !== n && (_.call(this), this[l].apply(this, arguments));
+        typeof console !== n && (b.call(this), this[l].apply(this, arguments));
       };
     }
-    function h(l, p, c) {
-      return y(l) || b.apply(this, arguments);
+    function f(l, w, c) {
+      return m(l) || _.apply(this, arguments);
     }
-    function P(l, p) {
-      var c = this, I, H, R, v = "loglevel";
+    function R(l, w) {
+      var c = this, J, B, U, v = "loglevel";
       typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
-      function Te(d) {
-        var w = (s[d] || "silent").toUpperCase();
+      function Re(d) {
+        var g = (s[d] || "silent").toUpperCase();
         if (!(typeof window === n || !v)) {
           try {
-            window.localStorage[v] = w;
+            window.localStorage[v] = g;
             return;
           } catch {
           }
           try {
-            window.document.cookie = encodeURIComponent(v) + "=" + w + ";";
+            window.document.cookie = encodeURIComponent(v) + "=" + g + ";";
           } catch {
           }
         }
       }
-      function X() {
+      function re() {
         var d;
         if (!(typeof window === n || !v)) {
           try {
@@ -78,16 +84,16 @@ var de = { exports: {} };
           }
           if (typeof d === n)
             try {
-              var w = window.document.cookie, j = encodeURIComponent(v), te = w.indexOf(j + "=");
-              te !== -1 && (d = /^([^;]+)/.exec(
-                w.slice(te + j.length + 1)
+              var g = window.document.cookie, O = encodeURIComponent(v), ie = g.indexOf(O + "=");
+              ie !== -1 && (d = /^([^;]+)/.exec(
+                g.slice(ie + O.length + 1)
               )[1]);
             } catch {
             }
           return c.levels[d] === void 0 && (d = void 0), d;
         }
       }
-      function Ae() {
+      function Pe() {
         if (!(typeof window === n || !v)) {
           try {
             window.localStorage.removeItem(v);
@@ -99,10 +105,10 @@ var de = { exports: {} };
           }
         }
       }
-      function U(d) {
-        var w = d;
-        if (typeof w == "string" && c.levels[w.toUpperCase()] !== void 0 && (w = c.levels[w.toUpperCase()]), typeof w == "number" && w >= 0 && w <= c.levels.SILENT)
-          return w;
+      function L(d) {
+        var g = d;
+        if (typeof g == "string" && c.levels[g.toUpperCase()] !== void 0 && (g = c.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= c.levels.SILENT)
+          return g;
         throw new TypeError("log.setLevel() called with invalid level: " + d);
       }
       c.name = l, c.levels = {
@@ -112,51 +118,51 @@ var de = { exports: {} };
         WARN: 3,
         ERROR: 4,
         SILENT: 5
-      }, c.methodFactory = p || h, c.getLevel = function() {
-        return R ?? H ?? I;
-      }, c.setLevel = function(d, w) {
-        return R = U(d), w !== !1 && Te(R), _.call(c);
+      }, c.methodFactory = w || f, c.getLevel = function() {
+        return U ?? B ?? J;
+      }, c.setLevel = function(d, g) {
+        return U = L(d), g !== !1 && Re(U), b.call(c);
       }, c.setDefaultLevel = function(d) {
-        H = U(d), X() || c.setLevel(d, !1);
+        B = L(d), re() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
-        R = null, Ae(), _.call(c);
+        U = null, Pe(), b.call(c);
       }, c.enableAll = function(d) {
         c.setLevel(c.levels.TRACE, d);
       }, c.disableAll = function(d) {
         c.setLevel(c.levels.SILENT, d);
       }, c.rebuild = function() {
-        if (i !== c && (I = U(i.getLevel())), _.call(c), i === c)
-          for (var d in o)
-            o[d].rebuild();
-      }, I = U(
+        if (i !== c && (J = L(i.getLevel())), b.call(c), i === c)
+          for (var d in r)
+            r[d].rebuild();
+      }, J = L(
         i ? i.getLevel() : "WARN"
       );
-      var ee = X();
-      ee != null && (R = U(ee)), _.call(c);
+      var oe = re();
+      oe != null && (U = L(oe)), b.call(c);
     }
-    i = new P(), i.getLogger = function(p) {
-      if (typeof p != "symbol" && typeof p != "string" || p === "")
+    i = new R(), i.getLogger = function(w) {
+      if (typeof w != "symbol" && typeof w != "string" || w === "")
         throw new TypeError("You must supply a name when creating a logger.");
-      var c = o[p];
-      return c || (c = o[p] = new P(
-        p,
+      var c = r[w];
+      return c || (c = r[w] = new R(
+        w,
         i.methodFactory
       )), c;
     };
-    var E = typeof window !== n ? window.log : void 0;
+    var P = typeof window !== n ? window.log : void 0;
     return i.noConflict = function() {
-      return typeof window !== n && window.log === i && (window.log = E), i;
+      return typeof window !== n && window.log === i && (window.log = P), i;
     }, i.getLoggers = function() {
-      return o;
+      return r;
     }, i.default = i, i;
   });
-})(de);
-var Ce = de.exports;
-const re = /* @__PURE__ */ xe(Ce);
-let M;
-var z, le;
-(typeof navigator > "u" || !((le = (z = navigator.userAgent) == null ? void 0 : z.startsWith) != null && le.call(z, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
-function G(t, e) {
+})(fe);
+var $e = fe.exports;
+const K = /* @__PURE__ */ Ie($e);
+let Y;
+var D, he;
+(typeof navigator > "u" || !((he = (D = navigator.userAgent) == null ? void 0 : D.startsWith) != null && he.call(D, "Mozilla/5.0 "))) && (Y = "oauth4webapi/v2.11.1");
+function Q(t, e) {
   if (t == null)
     return !1;
   try {
@@ -165,32 +171,32 @@ function G(t, e) {
     return !1;
   }
 }
-const N = Symbol(), Ie = Symbol(), q = Symbol(), je = new TextEncoder(), ze = new TextDecoder();
-function k(t) {
-  return typeof t == "string" ? je.encode(t) : ze.decode(t);
+const H = Symbol(), Fe = Symbol(), X = Symbol(), Me = new TextEncoder(), Be = new TextDecoder();
+function A(t) {
+  return typeof t == "string" ? Me.encode(t) : Be.decode(t);
 }
-const oe = 32768;
-function Je(t) {
+const se = 32768;
+function qe(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
-  for (let n = 0; n < t.byteLength; n += oe)
-    e.push(String.fromCharCode.apply(null, t.subarray(n, n + oe)));
+  for (let n = 0; n < t.byteLength; n += se)
+    e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function Oe(t) {
+function Ge(t) {
   try {
     const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
-    for (let r = 0; r < e.length; r++)
-      n[r] = e.charCodeAt(r);
+    for (let o = 0; o < e.length; o++)
+      n[o] = e.charCodeAt(o);
     return n;
   } catch (e) {
     throw new a("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function A(t) {
-  return typeof t == "string" ? Oe(t) : Je(t);
+function E(t) {
+  return typeof t == "string" ? Ge(t) : qe(t);
 }
-class Ne {
+class Ve {
   constructor(e) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
@@ -220,48 +226,48 @@ class S extends Error {
     super(e ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
-class Ke extends Error {
+class Ye extends Error {
   constructor(e, n) {
-    var r;
-    super(e, n), this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
+    var o;
+    super(e, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-const a = Ke, he = new Ne(100);
-function fe(t) {
+const a = Ye, pe = new Ve(100);
+function we(t) {
   return t instanceof CryptoKey;
 }
-function pe(t) {
-  return fe(t) && t.type === "private";
+function ge(t) {
+  return we(t) && t.type === "private";
 }
-function We(t) {
-  return fe(t) && t.type === "public";
+function Ze(t) {
+  return we(t) && t.type === "public";
 }
-function V(t) {
+function ee(t) {
   try {
     const e = t.headers.get("dpop-nonce");
-    e && he.set(new URL(t.url).origin, e);
+    e && pe.set(new URL(t.url).origin, e);
   } catch {
   }
   return t;
 }
-function x(t) {
+function C(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function K(t) {
-  G(t, Headers) && (t = Object.fromEntries(t.entries()));
+function $(t) {
+  Q(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
-  if (M && !e.has("user-agent") && e.set("user-agent", M), e.has("authorization"))
+  if (Y && !e.has("user-agent") && e.set("user-agent", Y), e.has("authorization"))
     throw new TypeError('"options.headers" must not include the "authorization" header name');
   if (e.has("dpop"))
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function Y(t) {
+function te(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
 }
-async function De(t, e) {
+async function Qe(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
@@ -278,70 +284,70 @@ async function De(t, e) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const r = K(e == null ? void 0 : e.headers);
-  return r.set("accept", "application/json"), ((e == null ? void 0 : e[q]) || fetch)(n.href, {
-    headers: Object.fromEntries(r.entries()),
+  const o = $(e == null ? void 0 : e.headers);
+  return o.set("accept", "application/json"), ((e == null ? void 0 : e[X]) || fetch)(n.href, {
+    headers: Object.fromEntries(o.entries()),
     method: "GET",
     redirect: "manual",
-    signal: e != null && e.signal ? Y(e.signal) : null
-  }).then(V);
+    signal: e != null && e.signal ? te(e.signal) : null
+  }).then(ee);
 }
-function m(t) {
+function p(t) {
   return typeof t == "string" && t.length !== 0;
 }
-async function He(t, e) {
+async function Xe(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
-  if (!G(e, Response))
+  if (!Q(e, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  Q(e);
+  ne(e);
   let n;
   try {
     n = await e.json();
-  } catch (r) {
-    throw new a('failed to parse "response" body as JSON', { cause: r });
+  } catch (o) {
+    throw new a('failed to parse "response" body as JSON', { cause: o });
   }
-  if (!x(n))
+  if (!C(n))
     throw new a('"response" body must be a top level object');
-  if (!m(n.issuer))
+  if (!p(n.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
   if (new URL(n.issuer).href !== t.href)
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
   return n;
 }
-function W() {
-  return A(crypto.getRandomValues(new Uint8Array(32)));
+function F() {
+  return E(crypto.getRandomValues(new Uint8Array(32)));
 }
-function $e() {
-  return W();
+function et() {
+  return F();
 }
-function Fe() {
-  return W();
+function tt() {
+  return F();
 }
-async function Me(t) {
-  if (!m(t))
+async function nt(t) {
+  if (!p(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return A(await crypto.subtle.digest("SHA-256", k(t)));
+  return E(await crypto.subtle.digest("SHA-256", A(t)));
 }
-function Be(t) {
+function rt(t) {
   if (t instanceof CryptoKey)
     return { key: t };
   if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
     return {};
-  if (t.kid !== void 0 && !m(t.kid))
+  if (t.kid !== void 0 && !p(t.kid))
     throw new TypeError('"kid" must be a non-empty string');
   return { key: t.key, kid: t.kid };
 }
-function ie(t) {
+function ae(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function Ge(t, e) {
-  const n = ie(t), r = ie(e);
-  return `Basic ${btoa(`${n}:${r}`)}`;
+function ot(t, e) {
+  const n = ae(t), o = ae(e);
+  return `Basic ${btoa(`${n}:${o}`)}`;
 }
-function qe(t) {
+function it(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -353,7 +359,7 @@ function qe(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Ve(t) {
+function st(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -365,7 +371,7 @@ function Ve(t) {
       throw new S("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function Ye(t) {
+function at(t) {
   switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -377,14 +383,14 @@ function Ye(t) {
       throw new S("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function we(t) {
+function me(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
-      return qe(t);
+      return it(t);
     case "RSASSA-PKCS1-v1_5":
-      return Ve(t);
+      return st(t);
     case "ECDSA":
-      return Ye(t);
+      return at(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -392,21 +398,21 @@ function we(t) {
       throw new S("unsupported CryptoKey algorithm name");
   }
 }
-function D(t) {
-  const e = t == null ? void 0 : t[N];
+function I(t) {
+  const e = t == null ? void 0 : t[H];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
-function Ze(t) {
-  const e = t == null ? void 0 : t[Ie];
+function ye(t) {
+  const e = t == null ? void 0 : t[Fe];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
-function Z() {
+function M() {
   return Math.floor(Date.now() / 1e3);
 }
-function Qe(t, e) {
-  const n = Z() + D(e);
+function ct(t, e) {
+  const n = M() + I(e);
   return {
-    jti: W(),
+    jti: F(),
     aud: [t.issuer, t.token_endpoint],
     exp: n + 60,
     iat: n,
@@ -415,210 +421,218 @@ function Qe(t, e) {
     sub: e.client_id
   };
 }
-async function Xe(t, e, n, r) {
-  return ge({
-    alg: we(n),
-    kid: r
-  }, Qe(t, e), n);
+async function ut(t, e, n, o) {
+  return be({
+    alg: me(n),
+    kid: o
+  }, ct(t, e), n);
 }
-function L(t) {
+function j(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"as" must be an object');
-  if (!m(t.issuer))
+  if (!p(t.issuer))
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function C(t) {
+function z(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
-  if (!m(t.client_id))
+  if (!p(t.client_id))
     throw new TypeError('"client.client_id" property must be a non-empty string');
   return !0;
 }
-function se(t) {
-  if (!m(t))
+function ce(t) {
+  if (!p(t))
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
 }
-function $(t, e) {
+function q(t, e) {
   if (e !== void 0)
     throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${t} client authentication method is used.`);
 }
-function ae(t, e) {
+function ue(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function et(t, e, n, r, s) {
+async function lt(t, e, n, o, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      $("client_secret_basic", s), r.set("authorization", Ge(e.client_id, se(e.client_secret)));
+      q("client_secret_basic", s), o.set("authorization", ot(e.client_id, ce(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      $("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", se(e.client_secret));
+      q("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
       break;
     }
     case "private_key_jwt": {
-      if (ae("private_key_jwt", e.client_secret), s === void 0)
+      if (ue("private_key_jwt", e.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: o, kid: i } = Be(s);
-      if (!pe(o))
+      const { key: r, kid: i } = rt(s);
+      if (!ge(r))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await Xe(t, e, o, i));
+      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await ut(t, e, r, i));
       break;
     }
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ae(e.token_endpoint_auth_method, e.client_secret), $(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
+      ue(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
       break;
     }
     default:
       throw new S("unsupported client token_endpoint_auth_method");
   }
 }
-async function ge(t, e, n) {
+async function be(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const r = `${A(k(JSON.stringify(t)))}.${A(k(JSON.stringify(e)))}`, s = A(await crypto.subtle.sign(ve(n), n, k(r)));
-  return `${r}.${s}`;
+  const o = `${E(A(JSON.stringify(t)))}.${E(A(JSON.stringify(e)))}`, s = E(await crypto.subtle.sign(ke(n), n, A(o)));
+  return `${o}.${s}`;
 }
-async function tt(t, e, n, r, s, o) {
-  const { privateKey: i, publicKey: u, nonce: f = he.get(n.origin) } = e;
-  if (!pe(i))
+async function dt(t, e, n, o, s, r) {
+  const { privateKey: i, publicKey: u, nonce: h = pe.get(n.origin) } = e;
+  if (!ge(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!We(u))
+  if (!Ze(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
-  if (f !== void 0 && !m(f))
+  if (h !== void 0 && !p(h))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const y = Z() + s, _ = await ge({
-    alg: we(i),
+  const m = M() + s, b = await be({
+    alg: me(i),
     typ: "dpop+jwt",
-    jwk: await rt(u)
+    jwk: await ft(u)
   }, {
-    iat: y,
-    jti: W(),
-    htm: r,
-    nonce: f,
+    iat: m,
+    jti: F(),
+    htm: o,
+    nonce: h,
     htu: `${n.origin}${n.pathname}`,
-    ath: o ? A(await crypto.subtle.digest("SHA-256", k(o))) : void 0
+    ath: r ? E(await crypto.subtle.digest("SHA-256", A(r))) : void 0
   }, i);
-  t.set("dpop", _);
+  t.set("dpop", b);
 }
-let J;
-async function nt(t) {
-  const { kty: e, e: n, n: r, x: s, y: o, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: r, x: s, y: o, crv: i };
-  return J.set(t, u), u;
+let W;
+async function ht(t) {
+  const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: o, x: s, y: r, crv: i };
+  return W.set(t, u), u;
 }
-async function rt(t) {
-  return J || (J = /* @__PURE__ */ new WeakMap()), J.get(t) || nt(t);
+async function ft(t) {
+  return W || (W = /* @__PURE__ */ new WeakMap()), W.get(t) || ht(t);
 }
-function ot(t, e, n) {
+function pt(t, e, n) {
   if (typeof t != "string")
     throw new TypeError(`"as.${e}" must be a string`);
   return new URL(t);
 }
-function me(t, e, n) {
-  return ot(t[e], e);
+function _e(t, e, n) {
+  return pt(t[e], e);
 }
-function B(t) {
+function Z(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function it(t, e, n, r, s, o) {
-  if (!m(t))
+async function wt(t, e, n, o, s, r) {
+  if (!p(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return r = K(r), (o == null ? void 0 : o.DPoP) === void 0 ? r.set("authorization", `Bearer ${t}`) : (await tt(r, o.DPoP, n, "GET", D({ [N]: o == null ? void 0 : o[N] }), t), r.set("authorization", `DPoP ${t}`)), ((o == null ? void 0 : o[q]) || fetch)(n.href, {
+  return o = $(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await dt(o, r.DPoP, n, "GET", I({ [H]: r == null ? void 0 : r[H] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[X]) || fetch)(n.href, {
     body: s,
-    headers: Object.fromEntries(r.entries()),
+    headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: o != null && o.signal ? Y(o.signal) : null
-  }).then(V);
-}
-async function st(t, e, n, r) {
-  L(t), C(e);
-  const s = me(t, "userinfo_endpoint"), o = K(r == null ? void 0 : r.headers);
-  return e.userinfo_signed_response_alg ? o.set("accept", "application/jwt") : (o.set("accept", "application/json"), o.append("accept", "application/jwt")), it(n, "GET", s, o, null, {
-    ...r,
-    [N]: D(e)
+    signal: r != null && r.signal ? te(r.signal) : null
+  }).then(ee);
+}
+async function gt(t, e, n, o) {
+  j(t), z(e);
+  const s = _e(t, "userinfo_endpoint"), r = $(o == null ? void 0 : o.headers);
+  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), wt(n, "GET", s, r, null, {
+    ...o,
+    [H]: I(e)
   });
 }
-async function at(t, e, n, r, s, o, i) {
-  return await et(t, e, s, o, i == null ? void 0 : i.clientPrivateKey), o.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[q]) || fetch)(r.href, {
+async function mt(t, e, n, o, s, r, i) {
+  return await lt(t, e, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[X]) || fetch)(o.href, {
     body: s,
-    headers: Object.fromEntries(o.entries()),
+    headers: Object.fromEntries(r.entries()),
     method: n,
     redirect: "manual",
-    signal: i != null && i.signal ? Y(i.signal) : null
-  }).then(V);
+    signal: i != null && i.signal ? te(i.signal) : null
+  }).then(ee);
 }
-async function ye(t, e, n, r, s) {
-  const o = me(t, "token_endpoint");
-  r.set("grant_type", n);
-  const i = K(s == null ? void 0 : s.headers);
-  return i.set("accept", "application/json"), at(t, e, "POST", o, r, i, s);
+async function ve(t, e, n, o, s) {
+  const r = _e(t, "token_endpoint");
+  o.set("grant_type", n);
+  const i = $(s == null ? void 0 : s.headers);
+  return i.set("accept", "application/json"), mt(t, e, "POST", r, o, i, s);
 }
-async function ct(t, e, n, r) {
-  if (L(t), C(e), !m(n))
+async function yt(t, e, n, o) {
+  if (j(t), z(e), !p(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
-  const s = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
-  return s.set("refresh_token", n), ye(t, e, "refresh_token", s, r);
+  const s = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
+  return s.set("refresh_token", n), ve(t, e, "refresh_token", s, o);
 }
-const ut = /* @__PURE__ */ new WeakMap();
-async function _e(t, e, n, r = !1, s = !1) {
-  if (L(t), C(e), !G(n, Response))
+const Se = /* @__PURE__ */ new WeakMap();
+function bt(t) {
+  if (!t.id_token)
+    return;
+  const e = Se.get(t);
+  if (!e)
+    throw new TypeError('"ref" was already garbage collected or did not resolve from the proper sources');
+  return e;
+}
+async function Te(t, e, n, o = !1, s = !1) {
+  if (j(t), z(e), !Q(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await yt(n))
+    if (i = await Ut(n))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  Q(n);
-  let o;
+  ne(n);
+  let r;
   try {
-    o = await n.json();
+    r = await n.json();
   } catch (i) {
     throw new a('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!x(o))
+  if (!C(r))
     throw new a('"response" body must be a top level object');
-  if (!m(o.access_token))
+  if (!p(r.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
-  if (!m(o.token_type))
+  if (!p(r.token_type))
     throw new a('"response" body "token_type" property must be a non-empty string');
-  if (o.token_type = o.token_type.toLowerCase(), o.token_type !== "dpop" && o.token_type !== "bearer")
+  if (r.token_type = r.token_type.toLowerCase(), r.token_type !== "dpop" && r.token_type !== "bearer")
     throw new S("unsupported `token_type` value");
-  if (o.expires_in !== void 0 && (typeof o.expires_in != "number" || o.expires_in <= 0))
+  if (r.expires_in !== void 0 && (typeof r.expires_in != "number" || r.expires_in <= 0))
     throw new a('"response" body "expires_in" property must be a positive number');
-  if (!s && o.refresh_token !== void 0 && !m(o.refresh_token))
+  if (!s && r.refresh_token !== void 0 && !p(r.refresh_token))
     throw new a('"response" body "refresh_token" property must be a non-empty string');
-  if (o.scope !== void 0 && typeof o.scope != "string")
+  if (r.scope !== void 0 && typeof r.scope != "string")
     throw new a('"response" body "scope" property must be a string');
-  if (!r) {
-    if (o.id_token !== void 0 && !m(o.id_token))
+  if (!o) {
+    if (r.id_token !== void 0 && !p(r.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
-    if (o.id_token) {
-      const { claims: i } = await bt(o.id_token, vt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Se, D(e), Ze(e)).then(gt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(ht.bind(void 0, t.issuer)).then(dt.bind(void 0, e.client_id));
+    if (r.id_token) {
+      const { claims: i } = await Lt(r.id_token, Ct.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, I(e), ye(e)).then(At.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      ut.set(o, i);
+      Se.set(r, i);
     }
   }
-  return o;
+  return r;
 }
-async function lt(t, e, n) {
-  return _e(t, e, n);
+async function _t(t, e, n) {
+  return Te(t, e, n);
 }
-function dt(t, e) {
+function vt(t, e) {
   if (Array.isArray(e.claims.aud)) {
     if (!e.claims.aud.includes(t))
       throw new a('unexpected JWT "aud" (audience) claim value');
@@ -626,29 +640,29 @@ function dt(t, e) {
     throw new a('unexpected JWT "aud" (audience) claim value');
   return e;
 }
-function ht(t, e) {
+function St(t, e) {
   if (e.claims.iss !== t)
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const be = /* @__PURE__ */ new WeakSet();
-function ft(t) {
-  return be.add(t), t;
+const Ee = /* @__PURE__ */ new WeakSet();
+function Tt(t) {
+  return Ee.add(t), t;
 }
-async function pt(t, e, n, r, s, o) {
-  if (L(t), C(e), !be.has(n))
+async function Et(t, e, n, o, s, r) {
+  if (j(t), z(e), !Ee.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
-  if (!m(r))
+  if (!p(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
-  if (!m(s))
+  if (!p(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   const i = T(n, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
-  const u = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
-  return u.set("redirect_uri", r), u.set("code_verifier", s), u.set("code", i), ye(t, e, "authorization_code", u, o);
+  const u = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
+  return u.set("redirect_uri", o), u.set("code_verifier", s), u.set("code", i), ve(t, e, "authorization_code", u, r);
 }
-const wt = {
+const kt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -664,43 +678,66 @@ const wt = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function gt(t, e) {
+function At(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${wt[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${kt[n]}) claim missing`);
   return e;
 }
-async function mt(t, e, n) {
-  const r = await _e(t, e, n, !0);
-  if (B(r))
+const Rt = Symbol(), G = Symbol();
+async function Pt(t, e, n, o, s) {
+  const r = await Te(t, e, n);
+  if (Z(r))
     return r;
-  if (r.id_token !== void 0) {
-    if (typeof r.id_token == "string" && r.id_token.length)
-      throw new a("Unexpected ID Token returned, use processAuthorizationCodeOpenIDResponse() for OpenID Connect callback processing");
-    delete r.id_token;
+  if (!p(r.id_token))
+    throw new a('"response" body "id_token" property must be a non-empty string');
+  s ?? (s = e.default_max_age ?? G);
+  const i = bt(r);
+  if ((e.require_auth_time || s !== G) && i.auth_time === void 0)
+    throw new a('ID Token "auth_time" (authentication time) claim missing');
+  if (s !== G) {
+    if (typeof s != "number" || s < 0)
+      throw new TypeError('"maxAge" must be a non-negative number');
+    const u = M() + I(e), h = ye(e);
+    if (i.auth_time + s < u - h)
+      throw new a("too much time has elapsed since the last End-User authentication");
+  }
+  switch (o) {
+    case void 0:
+    case Rt:
+      if (i.nonce !== void 0)
+        throw new a('unexpected ID Token "nonce" claim value');
+      break;
+    default:
+      if (!p(o))
+        throw new TypeError('"expectedNonce" must be a non-empty string');
+      if (i.nonce === void 0)
+        throw new a('ID Token "nonce" claim missing');
+      if (i.nonce !== o)
+        throw new a('unexpected ID Token "nonce" claim value');
   }
   return r;
 }
-function Q(t) {
+function ne(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function yt(t) {
+async function Ut(t) {
   if (t.status > 399 && t.status < 500) {
-    Q(t);
+    ne(t);
     try {
       const e = await t.json();
-      if (x(e) && typeof e.error == "string" && e.error.length)
+      if (C(e) && typeof e.error == "string" && e.error.length)
         return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
   }
 }
-function ce(t) {
+function le(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function _t(t) {
+function xt(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -712,15 +749,15 @@ function _t(t) {
       throw new S();
   }
 }
-function ve(t) {
+function ke(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: _t(t.algorithm.namedCurve)
+        hash: xt(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
-      switch (ce(t.algorithm), t.algorithm.hash.name) {
+      switch (le(t.algorithm), t.algorithm.hash.name) {
         case "SHA-256":
         case "SHA-384":
         case "SHA-512":
@@ -732,68 +769,68 @@ function ve(t) {
           throw new S();
       }
     case "RSASSA-PKCS1-v1_5":
-      return ce(t.algorithm), t.algorithm.name;
+      return le(t.algorithm), t.algorithm.name;
     case "Ed448":
     case "Ed25519":
       return t.algorithm.name;
   }
   throw new S();
 }
-const Se = Symbol();
-async function bt(t, e, n, r, s) {
-  const { 0: o, 1: i, 2: u, length: f } = t.split(".");
-  if (f === 5)
+const Ae = Symbol();
+async function Lt(t, e, n, o, s) {
+  const { 0: r, 1: i, 2: u, length: h } = t.split(".");
+  if (h === 5)
     throw new S("JWE structure JWTs are not supported");
-  if (f !== 3)
+  if (h !== 3)
     throw new a("Invalid JWT");
-  let y;
+  let m;
   try {
-    y = JSON.parse(k(A(o)));
-  } catch (E) {
-    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: E });
+    m = JSON.parse(A(E(r)));
+  } catch (P) {
+    throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: P });
   }
-  if (!x(y))
+  if (!C(m))
     throw new a("JWT Header must be a top level object");
-  if (e(y), y.crit !== void 0)
+  if (e(m), m.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const _ = A(u);
-  let b;
-  if (n !== Se) {
-    b = await n(y);
-    const E = `${o}.${i}`;
-    if (!await crypto.subtle.verify(ve(b), b, _, k(E)))
+  const b = E(u);
+  let _;
+  if (n !== Ae) {
+    _ = await n(m);
+    const P = `${r}.${i}`;
+    if (!await crypto.subtle.verify(ke(_), _, b, A(P)))
       throw new a("JWT signature verification failed");
   }
-  let h;
+  let f;
   try {
-    h = JSON.parse(k(A(i)));
-  } catch (E) {
-    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: E });
+    f = JSON.parse(A(E(i)));
+  } catch (P) {
+    throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: P });
   }
-  if (!x(h))
+  if (!C(f))
     throw new a("JWT Payload must be a top level object");
-  const P = Z() + r;
-  if (h.exp !== void 0) {
-    if (typeof h.exp != "number")
+  const R = M() + o;
+  if (f.exp !== void 0) {
+    if (typeof f.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
-    if (h.exp <= P - s)
+    if (f.exp <= R - s)
       throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
-  if (h.iat !== void 0 && typeof h.iat != "number")
+  if (f.iat !== void 0 && typeof f.iat != "number")
     throw new a('unexpected JWT "iat" (issued at) claim type');
-  if (h.iss !== void 0 && typeof h.iss != "string")
+  if (f.iss !== void 0 && typeof f.iss != "string")
     throw new a('unexpected JWT "iss" (issuer) claim type');
-  if (h.nbf !== void 0) {
-    if (typeof h.nbf != "number")
+  if (f.nbf !== void 0) {
+    if (typeof f.nbf != "number")
       throw new a('unexpected JWT "nbf" (not before) claim type');
-    if (h.nbf > P + s)
+    if (f.nbf > R + s)
       throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
-  if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
+  if (f.aud !== void 0 && typeof f.aud != "string" && !Array.isArray(f.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: y, claims: h, signature: _, key: b };
+  return { header: m, claims: f, signature: b, key: _ };
 }
-function vt(t, e, n) {
+function Ct(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
@@ -808,36 +845,36 @@ function vt(t, e, n) {
     throw new a('unexpected JWT "alg" header parameter');
 }
 function T(t, e) {
-  const { 0: n, length: r } = t.getAll(e);
-  if (r > 1)
+  const { 0: n, length: o } = t.getAll(e);
+  if (o > 1)
     throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
-const St = Symbol(), Tt = Symbol();
-function At(t, e, n, r) {
-  if (L(t), C(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+const It = Symbol(), jt = Symbol();
+function zt(t, e, n, o) {
+  if (j(t), z(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
   if (T(n, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const s = T(n, "iss"), o = T(n, "state");
+  const s = T(n, "iss"), r = T(n, "state");
   if (!s && t.authorization_response_iss_parameter_supported)
     throw new a('response parameter "iss" (issuer) missing');
   if (s && s !== t.issuer)
     throw new a('unexpected "iss" (issuer) response parameter value');
-  switch (r) {
+  switch (o) {
     case void 0:
-    case Tt:
-      if (o !== void 0)
+    case jt:
+      if (r !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case St:
+    case It:
       break;
     default:
-      if (!m(r))
+      if (!p(o))
         throw new a('"expectedState" must be a non-empty string');
-      if (o === void 0)
+      if (r === void 0)
         throw new a('response parameter "state" missing');
-      if (o !== r)
+      if (r !== o)
         throw new a('unexpected "state" response parameter value');
   }
   const i = T(n, "error");
@@ -847,123 +884,150 @@ function At(t, e, n, r) {
       error_description: T(n, "error_description"),
       error_uri: T(n, "error_uri")
     };
-  const u = T(n, "id_token"), f = T(n, "token");
-  if (u !== void 0 || f !== void 0)
+  const u = T(n, "id_token"), h = T(n, "token");
+  if (u !== void 0 || h !== void 0)
     throw new S("implicit and hybrid flows are not supported");
-  return ft(new URLSearchParams(n));
+  return Tt(new URLSearchParams(n));
+}
+function Jt({
+  handleCallback: t
+}) {
+  const [e, n] = ze(null), o = He(), s = Je(!1);
+  return Oe(() => {
+    s.current || (s.current = !0, t().then((r) => {
+      o(r);
+    }).catch((r) => {
+      K.error(r), n(r);
+    }));
+  }, [o, t]), e ? /* @__PURE__ */ k.jsx(
+    De,
+    {
+      category: "Error",
+      title: "Authentication Error",
+      message: /* @__PURE__ */ k.jsxs(k.Fragment, { children: [
+        /* @__PURE__ */ k.jsx(Ne, { className: "mb-4", children: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly." }),
+        "An error occurred while authorizing the user.",
+        /* @__PURE__ */ k.jsx(We, { code: e.toString(), language: "plain" })
+      ] })
+    }
+  ) : /* @__PURE__ */ k.jsx("div", { className: "grid h-full place-items-center", children: /* @__PURE__ */ k.jsx(Ke, {}) });
 }
-class O extends Error {
+class x extends Error {
 }
-class ue extends O {
-  constructor(e, n, r) {
-    super(e, r), this.error = n;
+class de extends x {
+  constructor(e, n, o) {
+    super(e, o), this.error = n;
   }
 }
-const F = "code-verifier";
-class kt extends Le {
+const V = "code-verifier";
+class Ot extends je {
   constructor(e, n) {
-    super(), this.callbackUrlPath = e, this.initialize = n;
+    super(), this.callbackUrlPath = e, this.handleCallback = n;
   }
   getRoutes() {
     return [
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ Pe.jsx("div", {})
+        element: /* @__PURE__ */ k.jsx(Jt, { handleCallback: this.handleCallback })
       }
     ];
   }
 }
-class Et {
+class Nt {
   constructor({
     issuer: e,
     audience: n,
-    authorizationEndpoint: r,
+    authorizationEndpoint: o,
     tokenEndpoint: s,
-    clientId: o,
+    clientId: r,
     redirectToAfterSignUp: i,
     redirectToAfterSignIn: u,
-    redirectToAfterSignOut: f
+    redirectToAfterSignOut: h
   }) {
-    g(this, "client");
-    g(this, "issuer");
-    g(this, "authorizationEndpoint");
-    g(this, "tokenEndpoint");
-    g(this, "authorizationServer");
-    g(this, "tokens");
-    g(this, "callbackUrlPath", "/oauth/callback");
-    g(this, "logoutRedirectUrlPath", "/");
-    g(this, "onAuthorizationUrl");
-    g(this, "redirectToAfterSignUp");
-    g(this, "redirectToAfterSignIn");
-    g(this, "redirectToAfterSignOut");
-    g(this, "audience");
-    g(this, "signOut", async () => {
-      ne.setState({
+    y(this, "client");
+    y(this, "issuer");
+    y(this, "authorizationEndpoint");
+    y(this, "tokenEndpoint");
+    y(this, "authorizationServer");
+    y(this, "callbackUrlPath", "/oauth/callback");
+    y(this, "logoutRedirectUrlPath", "/");
+    y(this, "onAuthorizationUrl");
+    y(this, "redirectToAfterSignUp");
+    y(this, "redirectToAfterSignIn");
+    y(this, "redirectToAfterSignOut");
+    y(this, "audience");
+    y(this, "signOut", async () => {
+      N.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0
-      }), localStorage.removeItem("auto-login");
+      }), sessionStorage.clear();
       const e = await this.getAuthServer(), n = new URL(
         window.location.origin + this.redirectToAfterSignOut
       );
       n.pathname = this.logoutRedirectUrlPath;
-      let r;
-      e.end_session_endpoint ? (r = new URL(e.end_session_endpoint), r.searchParams.set(
+      let o;
+      e.end_session_endpoint ? (o = new URL(e.end_session_endpoint), o.searchParams.set(
         "post_logout_redirect_uri",
         n.toString()
-      )) : r = n;
+      )) : o = n;
     });
-    g(this, "handleCallback", async () => {
-      const e = new URL(window.location.href), n = e.searchParams.get("state"), r = sessionStorage.getItem(F);
-      if (sessionStorage.removeItem(F), !r)
-        return "/";
-      const s = await this.getAuthServer(), o = At(
+    y(this, "handleCallback", async () => {
+      const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(V);
+      if (sessionStorage.removeItem(V), !o)
+        throw new x("No code verifier found in state.");
+      const s = await this.getAuthServer(), r = zt(
         s,
         this.client,
         e.searchParams,
         n ?? void 0
       );
-      if (B(o))
-        throw re.error("Error validating OAuth response", o), new ue(
+      if (Z(r))
+        throw K.error("Error validating OAuth response", r), new de(
           "Error validating OAuth response",
-          o
+          r
         );
       const i = new URL(e);
       i.pathname = this.redirectToAfterSignIn, i.search = "";
-      const u = await pt(
+      const u = await Et(
         s,
         this.client,
-        o,
+        r,
         i.toString(),
-        r
-      ), f = await mt(
+        o
+      ), h = await Pt(
         s,
         this.client,
         u
       );
-      this.setTokensFromResponse(f);
-      const y = await this.getAccessToken(), b = await (await st(
+      this.setTokensFromResponse(h);
+      const m = await this.getAccessToken(), _ = await (await gt(
         s,
         this.client,
-        y
-      )).json(), h = {
-        sub: b.sub,
-        email: b.email,
-        name: b.name,
-        emailVerified: b.email_verified ?? !1,
-        pictureUrl: b.picture
+        m
+      )).json(), f = {
+        sub: _.sub,
+        email: _.email,
+        name: _.name,
+        emailVerified: _.email_verified ?? !1,
+        pictureUrl: _.picture
       };
-      return ne.setState({
+      N.setState({
         isAuthenticated: !0,
         isPending: !1,
-        profile: h
-      }), localStorage.setItem("auto-login", "1"), sessionStorage.getItem("redirect-to") ?? "/";
+        profile: f
+      }), sessionStorage.setItem(
+        "profile-state",
+        JSON.stringify(N.getState().profile)
+      );
+      const R = sessionStorage.getItem("redirect-to") ?? "/";
+      return sessionStorage.removeItem("redirect-to"), R;
     });
     this.client = {
-      client_id: o,
+      client_id: r,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = r, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = f ?? "/";
+    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = o, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = h ?? "/";
   }
   async getAuthServer() {
     if (!this.authorizationServer)
@@ -975,8 +1039,8 @@ class Et {
           code_challenge_methods_supported: []
         };
       else {
-        const e = new URL(this.issuer), n = await De(e);
-        this.authorizationServer = await He(
+        const e = new URL(this.issuer), n = await Qe(e);
+        this.authorizationServer = await Xe(
           e,
           n
         );
@@ -988,16 +1052,17 @@ class Et {
    * @param response
    */
   setTokensFromResponse(e) {
-    if (B(e))
-      throw re.error("Bad Token Response", e), new ue("Bad Token Response", e);
+    if (Z(e))
+      throw K.error("Bad Token Response", e), new de("Bad Token Response", e);
     if (!e.expires_in)
-      throw new O("No expires_in in response");
-    this.tokens = {
+      throw new x("No expires_in in response");
+    const n = {
       accessToken: e.access_token,
       refreshToken: e.refresh_token,
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
-    }, sessionStorage.setItem("openid-token", JSON.stringify(this.tokens));
+    };
+    sessionStorage.setItem("token-state", JSON.stringify(n));
   }
   async signUp({ redirectTo: e } = {}) {
     return this.authorize({
@@ -1014,68 +1079,73 @@ class Et {
     redirectTo: e,
     isSignUp: n = !1
   }) {
-    var y, _;
-    const r = "S256", s = await this.getAuthServer();
+    var m, b;
+    const o = "S256", s = await this.getAuthServer();
     if (!s.authorization_endpoint)
-      throw new O("No authorization endpoint");
-    const o = $e(), i = await Me(o);
-    sessionStorage.setItem(F, o);
+      throw new x("No authorization endpoint");
+    const r = et(), i = await nt(r);
+    sessionStorage.setItem(V, r);
     const u = new URL(
       s.authorization_endpoint
     );
     sessionStorage.setItem("redirect-to", e);
-    const f = new URL(window.location.origin);
-    if (f.pathname = this.callbackUrlPath, f.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", f.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid+profile+email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
+    const h = new URL(window.location.origin);
+    if (h.pathname = this.callbackUrlPath, h.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", h.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid profile email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
       "code_challenge_method",
-      r
-    ), this.audience && u.searchParams.set("audience", this.audience), (y = this.onAuthorizationUrl) == null || y.call(this, u, {
+      o
+    ), this.audience && u.searchParams.set("audience", this.audience), (m = this.onAuthorizationUrl) == null || m.call(this, u, {
       isSignIn: !n,
       isSignUp: n
-    }), ((_ = s.code_challenge_methods_supported) == null ? void 0 : _.includes("S256")) !== !0) {
-      const b = Fe();
-      u.searchParams.set("state", b);
+    }), ((b = s.code_challenge_methods_supported) == null ? void 0 : b.includes("S256")) !== !0) {
+      const _ = tt();
+      u.searchParams.set("state", _);
     }
     location.href = u.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer();
-    if (!this.tokens)
-      throw new O("User is not authenticated");
-    if (this.tokens.expiresOn < /* @__PURE__ */ new Date()) {
-      if (!this.tokens.refreshToken)
+    const e = await this.getAuthServer(), n = sessionStorage.getItem("token-state");
+    if (!n)
+      throw new x("User is not authenticated");
+    const o = JSON.parse(n);
+    if (o.expiresOn < /* @__PURE__ */ new Date()) {
+      if (!o.refreshToken)
         return await this.signIn(), "";
-      const n = await ct(
+      const s = await yt(
         e,
         this.client,
-        this.tokens.refreshToken
-      ), r = await lt(
+        o.refreshToken
+      ), r = await _t(
         e,
         this.client,
-        n
+        s
       );
-      this.setTokensFromResponse(r);
-    }
-    return this.tokens.accessToken;
+      if (!r.access_token)
+        throw new x("No access token in response");
+      return this.setTokensFromResponse(r), r.access_token.toString();
+    } else
+      return o.accessToken;
   }
-  getAuthenticationPlugin() {
-    return new kt(
-      this.callbackUrlPath,
-      async (e, n) => {
-        if (!(typeof window > "u")) {
-          if (localStorage.getItem("auto-login"))
-            localStorage.removeItem("auto-login"), await this.authorize({ redirectTo: window.location.pathname });
-          else if (window.location.pathname === "/oauth/callback") {
-            const r = await this.handleCallback();
-            r && n.navigate(r);
-          }
-        }
+  pageLoad() {
+    const e = sessionStorage.getItem("profile-state");
+    if (e)
+      try {
+        const n = JSON.parse(e);
+        N.setState({
+          isAuthenticated: !0,
+          isPending: !1,
+          profile: n
+        });
+      } catch (n) {
+        K.error("Error parsing auth state", n);
       }
-    );
+  }
+  getAuthenticationPlugin() {
+    return new Ot(this.callbackUrlPath, this.handleCallback);
   }
 }
-const Ct = (t) => new Et(t);
+const Yt = (t) => new Nt(t);
 export {
-  Et as OpenIDAuthenticationProvider,
-  Ct as default
+  Nt as OpenIDAuthenticationProvider,
+  Yt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map