zudoku 0.3.1-dev.20 → 0.3.1-dev.21

package/lib/zudoku.auth-openid.js

@@ -1,29 +1,29 @@
-var xe = Object.defineProperty;
-var Le = (t, e, n) => e in t ? xe(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var y = (t, e, n) => Le(t, typeof e != "symbol" ? e + "" : e, n);
-import { j as k } from "./jsx-runtime-B6kdoens.js";
+var Ue = Object.defineProperty;
+var Le = (t, e, r) => e in t ? Ue(t, e, { enumerable: !0, configurable: !0, writable: !0, value: r }) : t[e] = r;
+var _ = (t, e, r) => Le(t, typeof e != "symbol" ? e + "" : e, r);
+import { j as E } from "./jsx-runtime-B6kdoens.js";
 import { c as Ce, a as Ie } from "./_commonjsHelpers-BVfed4GL.js";
 import { A as je } from "./AuthenticationPlugin-owbEUimP.js";
-import { useState as ze, useRef as Je, useEffect as Oe } from "react";
-import { D as Ne } from "./DeveloperHint-BQSFXH01.js";
+import { useState as Je, useRef as Oe, useEffect as Ne } from "react";
+import { D as ze } from "./DeveloperHint-BQSFXH01.js";
 import { E as De } from "./ErrorPage-PUg985n_.js";
 import { S as Ke } from "./Spinner-CvXZ7QK4.js";
 import { S as We } from "./Markdown-Chb9VIBv.js";
 import { e as He } from "./index-Yjb2PyPF.js";
-import { u as N } from "./state-DsXXkBLH.js";
+import { u as z } from "./state-DsXXkBLH.js";
 var fe = { exports: {} };
 (function(t) {
-  (function(e, n) {
-    t.exports ? t.exports = n() : e.log = n();
+  (function(e, r) {
+    t.exports ? t.exports = r() : e.log = r();
   })(Ce, function() {
     var e = function() {
-    }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
+    }, r = "undefined", o = typeof window !== r && typeof window.navigator !== r && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
       "trace",
       "debug",
       "info",
       "warn",
       "error"
-    ], r = {}, i = null;
+    ], n = {}, i = null;
     function u(l, w) {
       var c = l[w];
       if (typeof c.bind == "function")
@@ -36,34 +36,34 @@ var fe = { exports: {} };
         };
       }
     }
-    function h() {
+    function f() {
       console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
     }
     function m(l) {
-      return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? h : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
+      return l === "debug" && (l = "log"), typeof console === r ? !1 : l === "trace" && o ? f : console[l] !== void 0 ? u(console, l) : console.log !== void 0 ? u(console, "log") : e;
     }
-    function b() {
+    function y() {
       for (var l = this.getLevel(), w = 0; w < s.length; w++) {
         var c = s[w];
         this[c] = w < l ? e : this.methodFactory(c, l, this.name);
       }
-      if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
+      if (this.log = this.debug, typeof console === r && l < this.levels.SILENT)
         return "No console available for logging";
     }
-    function _(l) {
+    function b(l) {
       return function() {
-        typeof console !== n && (b.call(this), this[l].apply(this, arguments));
+        typeof console !== r && (y.call(this), this[l].apply(this, arguments));
       };
     }
-    function f(l, w, c) {
-      return m(l) || _.apply(this, arguments);
+    function h(l, w, c) {
+      return m(l) || b.apply(this, arguments);
     }
     function R(l, w) {
-      var c = this, J, B, U, v = "loglevel";
+      var c = this, O, B, x, v = "loglevel";
       typeof l == "string" ? v += ":" + l : typeof l == "symbol" && (v = void 0);
       function Re(d) {
         var g = (s[d] || "silent").toUpperCase();
-        if (!(typeof window === n || !v)) {
+        if (!(typeof window === r || !v)) {
           try {
             window.localStorage[v] = g;
             return;
@@ -75,18 +75,18 @@ var fe = { exports: {} };
           }
         }
       }
-      function re() {
+      function ne() {
         var d;
-        if (!(typeof window === n || !v)) {
+        if (!(typeof window === r || !v)) {
           try {
             d = window.localStorage[v];
           } catch {
           }
-          if (typeof d === n)
+          if (typeof d === r)
             try {
-              var g = window.document.cookie, O = encodeURIComponent(v), ie = g.indexOf(O + "=");
+              var g = window.document.cookie, N = encodeURIComponent(v), ie = g.indexOf(N + "=");
               ie !== -1 && (d = /^([^;]+)/.exec(
-                g.slice(ie + O.length + 1)
+                g.slice(ie + N.length + 1)
               )[1]);
             } catch {
             }
@@ -94,7 +94,7 @@ var fe = { exports: {} };
         }
       }
       function Pe() {
-        if (!(typeof window === n || !v)) {
+        if (!(typeof window === r || !v)) {
           try {
             window.localStorage.removeItem(v);
           } catch {
@@ -118,42 +118,42 @@ var fe = { exports: {} };
         WARN: 3,
         ERROR: 4,
         SILENT: 5
-      }, c.methodFactory = w || f, c.getLevel = function() {
-        return U ?? B ?? J;
+      }, c.methodFactory = w || h, c.getLevel = function() {
+        return x ?? B ?? O;
       }, c.setLevel = function(d, g) {
-        return U = L(d), g !== !1 && Re(U), b.call(c);
+        return x = L(d), g !== !1 && Re(x), y.call(c);
       }, c.setDefaultLevel = function(d) {
-        B = L(d), re() || c.setLevel(d, !1);
+        B = L(d), ne() || c.setLevel(d, !1);
       }, c.resetLevel = function() {
-        U = null, Pe(), b.call(c);
+        x = null, Pe(), y.call(c);
       }, c.enableAll = function(d) {
         c.setLevel(c.levels.TRACE, d);
       }, c.disableAll = function(d) {
         c.setLevel(c.levels.SILENT, d);
       }, c.rebuild = function() {
-        if (i !== c && (J = L(i.getLevel())), b.call(c), i === c)
-          for (var d in r)
-            r[d].rebuild();
-      }, J = L(
+        if (i !== c && (O = L(i.getLevel())), y.call(c), i === c)
+          for (var d in n)
+            n[d].rebuild();
+      }, O = L(
         i ? i.getLevel() : "WARN"
       );
-      var oe = re();
-      oe != null && (U = L(oe)), b.call(c);
+      var oe = ne();
+      oe != null && (x = L(oe)), y.call(c);
     }
     i = new R(), i.getLogger = function(w) {
       if (typeof w != "symbol" && typeof w != "string" || w === "")
         throw new TypeError("You must supply a name when creating a logger.");
-      var c = r[w];
-      return c || (c = r[w] = new R(
+      var c = n[w];
+      return c || (c = n[w] = new R(
         w,
         i.methodFactory
       )), c;
     };
-    var P = typeof window !== n ? window.log : void 0;
+    var P = typeof window !== r ? window.log : void 0;
     return i.noConflict = function() {
-      return typeof window !== n && window.log === i && (window.log = P), i;
+      return typeof window !== r && window.log === i && (window.log = P), i;
     }, i.getLoggers = function() {
-      return r;
+      return n;
     }, i.default = i, i;
   });
 })(fe);
@@ -179,21 +179,21 @@ const se = 32768;
 function qe(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
-  for (let n = 0; n < t.byteLength; n += se)
-    e.push(String.fromCharCode.apply(null, t.subarray(n, n + se)));
+  for (let r = 0; r < t.byteLength; r += se)
+    e.push(String.fromCharCode.apply(null, t.subarray(r, r + se)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
 function Ge(t) {
   try {
-    const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
+    const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), r = new Uint8Array(e.length);
     for (let o = 0; o < e.length; o++)
-      n[o] = e.charCodeAt(o);
-    return n;
+      r[o] = e.charCodeAt(o);
+    return r;
   } catch (e) {
     throw new a("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function E(t) {
+function k(t) {
   return typeof t == "string" ? Ge(t) : qe(t);
 }
 class Ve {
@@ -201,35 +201,35 @@ class Ve {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
   get(e) {
-    let n = this.cache.get(e);
-    if (n)
-      return n;
-    if (n = this._cache.get(e))
-      return this.update(e, n), n;
+    let r = this.cache.get(e);
+    if (r)
+      return r;
+    if (r = this._cache.get(e))
+      return this.update(e, r), r;
   }
   has(e) {
     return this.cache.has(e) || this._cache.has(e);
   }
-  set(e, n) {
-    return this.cache.has(e) ? this.cache.set(e, n) : this.update(e, n), this;
+  set(e, r) {
+    return this.cache.has(e) ? this.cache.set(e, r) : this.update(e, r), this;
   }
   delete(e) {
     return this.cache.has(e) ? this.cache.delete(e) : this._cache.has(e) ? this._cache.delete(e) : !1;
   }
-  update(e, n) {
-    this.cache.set(e, n), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
+  update(e, r) {
+    this.cache.set(e, r), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
   }
 }
 class S extends Error {
   constructor(e) {
-    var n;
-    super(e ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
+    var r;
+    super(e ?? "operation not supported"), this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
 class Ye extends Error {
-  constructor(e, n) {
+  constructor(e, r) {
     var o;
-    super(e, n), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
+    super(e, r), this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
 const a = Ye, pe = new Ve(100);
@@ -272,20 +272,20 @@ async function Qe(t, e) {
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
     throw new TypeError('"issuer.protocol" must be "https:" or "http:"');
-  const n = new URL(t.href);
+  const r = new URL(t.href);
   switch (e == null ? void 0 : e.algorithm) {
     case void 0:
     case "oidc":
-      n.pathname = `${n.pathname}/.well-known/openid-configuration`.replace("//", "/");
+      r.pathname = `${r.pathname}/.well-known/openid-configuration`.replace("//", "/");
       break;
     case "oauth2":
-      n.pathname === "/" ? n.pathname = ".well-known/oauth-authorization-server" : n.pathname = `.well-known/oauth-authorization-server/${n.pathname}`.replace("//", "/");
+      r.pathname === "/" ? r.pathname = ".well-known/oauth-authorization-server" : r.pathname = `.well-known/oauth-authorization-server/${r.pathname}`.replace("//", "/");
       break;
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
   const o = $(e == null ? void 0 : e.headers);
-  return o.set("accept", "application/json"), ((e == null ? void 0 : e[X]) || fetch)(n.href, {
+  return o.set("accept", "application/json"), ((e == null ? void 0 : e[X]) || fetch)(r.href, {
     headers: Object.fromEntries(o.entries()),
     method: "GET",
     redirect: "manual",
@@ -302,23 +302,23 @@ async function Xe(t, e) {
     throw new TypeError('"response" must be an instance of Response');
   if (e.status !== 200)
     throw new a('"response" is not a conform Authorization Server Metadata response');
-  ne(e);
-  let n;
+  re(e);
+  let r;
   try {
-    n = await e.json();
+    r = await e.json();
   } catch (o) {
     throw new a('failed to parse "response" body as JSON', { cause: o });
   }
-  if (!C(n))
+  if (!C(r))
     throw new a('"response" body must be a top level object');
-  if (!p(n.issuer))
+  if (!p(r.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
-  if (new URL(n.issuer).href !== t.href)
+  if (new URL(r.issuer).href !== t.href)
     throw new a('"response" body "issuer" does not match "expectedIssuer"');
-  return n;
+  return r;
 }
 function F() {
-  return E(crypto.getRandomValues(new Uint8Array(32)));
+  return k(crypto.getRandomValues(new Uint8Array(32)));
 }
 function et() {
   return F();
@@ -326,12 +326,12 @@ function et() {
 function tt() {
   return F();
 }
-async function nt(t) {
+async function rt(t) {
   if (!p(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return E(await crypto.subtle.digest("SHA-256", A(t)));
+  return k(await crypto.subtle.digest("SHA-256", A(t)));
 }
-function rt(t) {
+function nt(t) {
   if (t instanceof CryptoKey)
     return { key: t };
   if (!((t == null ? void 0 : t.key) instanceof CryptoKey))
@@ -344,8 +344,8 @@ function ae(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
 function ot(t, e) {
-  const n = ae(t), o = ae(e);
-  return `Basic ${btoa(`${n}:${o}`)}`;
+  const r = ae(t), o = ae(e);
+  return `Basic ${btoa(`${r}:${o}`)}`;
 }
 function it(t) {
   switch (t.algorithm.hash.name) {
@@ -410,22 +410,22 @@ function M() {
   return Math.floor(Date.now() / 1e3);
 }
 function ct(t, e) {
-  const n = M() + I(e);
+  const r = M() + I(e);
   return {
     jti: F(),
     aud: [t.issuer, t.token_endpoint],
-    exp: n + 60,
-    iat: n,
-    nbf: n,
+    exp: r + 60,
+    iat: r,
+    nbf: r,
     iss: e.client_id,
     sub: e.client_id
   };
 }
-async function ut(t, e, n, o) {
+async function ut(t, e, r, o) {
   return be({
-    alg: me(n),
+    alg: me(r),
     kid: o
-  }, ct(t, e), n);
+  }, ct(t, e), r);
 }
 function j(t) {
   if (typeof t != "object" || t === null)
@@ -434,7 +434,7 @@ function j(t) {
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function z(t) {
+function J(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
   if (!p(t.client_id))
@@ -454,53 +454,53 @@ function ue(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function lt(t, e, n, o, s) {
-  switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
+async function lt(t, e, r, o, s) {
+  switch (r.delete("client_secret"), r.delete("client_assertion_type"), r.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
       q("client_secret_basic", s), o.set("authorization", ot(e.client_id, ce(e.client_secret)));
       break;
     }
     case "client_secret_post": {
-      q("client_secret_post", s), n.set("client_id", e.client_id), n.set("client_secret", ce(e.client_secret));
+      q("client_secret_post", s), r.set("client_id", e.client_id), r.set("client_secret", ce(e.client_secret));
       break;
     }
     case "private_key_jwt": {
       if (ue("private_key_jwt", e.client_secret), s === void 0)
         throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
-      const { key: r, kid: i } = rt(s);
-      if (!ge(r))
+      const { key: n, kid: i } = nt(s);
+      if (!ge(n))
         throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
-      n.set("client_id", e.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await ut(t, e, r, i));
+      r.set("client_id", e.client_id), r.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), r.set("client_assertion", await ut(t, e, n, i));
       break;
     }
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      ue(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, s), n.set("client_id", e.client_id);
+      ue(e.token_endpoint_auth_method, e.client_secret), q(e.token_endpoint_auth_method, s), r.set("client_id", e.client_id);
       break;
     }
     default:
       throw new S("unsupported client token_endpoint_auth_method");
   }
 }
-async function be(t, e, n) {
-  if (!n.usages.includes("sign"))
+async function be(t, e, r) {
+  if (!r.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${E(A(JSON.stringify(t)))}.${E(A(JSON.stringify(e)))}`, s = E(await crypto.subtle.sign(ke(n), n, A(o)));
+  const o = `${k(A(JSON.stringify(t)))}.${k(A(JSON.stringify(e)))}`, s = k(await crypto.subtle.sign(Ee(r), r, A(o)));
   return `${o}.${s}`;
 }
-async function dt(t, e, n, o, s, r) {
-  const { privateKey: i, publicKey: u, nonce: h = pe.get(n.origin) } = e;
+async function dt(t, e, r, o, s, n) {
+  const { privateKey: i, publicKey: u, nonce: f = pe.get(r.origin) } = e;
   if (!ge(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
   if (!Ze(u))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
-  if (h !== void 0 && !p(h))
+  if (f !== void 0 && !p(f))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!u.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const m = M() + s, b = await be({
+  const m = M() + s, y = await be({
     alg: me(i),
     typ: "dpop+jwt",
     jwk: await ft(u)
@@ -508,73 +508,73 @@ async function dt(t, e, n, o, s, r) {
     iat: m,
     jti: F(),
     htm: o,
-    nonce: h,
-    htu: `${n.origin}${n.pathname}`,
-    ath: r ? E(await crypto.subtle.digest("SHA-256", A(r))) : void 0
+    nonce: f,
+    htu: `${r.origin}${r.pathname}`,
+    ath: n ? k(await crypto.subtle.digest("SHA-256", A(n))) : void 0
   }, i);
-  t.set("dpop", b);
+  t.set("dpop", y);
 }
 let W;
 async function ht(t) {
-  const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: n, n: o, x: s, y: r, crv: i };
+  const { kty: e, e: r, n: o, x: s, y: n, crv: i } = await crypto.subtle.exportKey("jwk", t), u = { kty: e, e: r, n: o, x: s, y: n, crv: i };
   return W.set(t, u), u;
 }
 async function ft(t) {
   return W || (W = /* @__PURE__ */ new WeakMap()), W.get(t) || ht(t);
 }
-function pt(t, e, n) {
+function pt(t, e, r) {
   if (typeof t != "string")
     throw new TypeError(`"as.${e}" must be a string`);
   return new URL(t);
 }
-function _e(t, e, n) {
+function _e(t, e, r) {
   return pt(t[e], e);
 }
 function Z(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function wt(t, e, n, o, s, r) {
+async function wt(t, e, r, o, s, n) {
   if (!p(t))
     throw new TypeError('"accessToken" must be a non-empty string');
-  if (!(n instanceof URL))
+  if (!(r instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = $(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await dt(o, r.DPoP, n, "GET", I({ [H]: r == null ? void 0 : r[H] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[X]) || fetch)(n.href, {
+  return o = $(o), (n == null ? void 0 : n.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await dt(o, n.DPoP, r, "GET", I({ [H]: n == null ? void 0 : n[H] }), t), o.set("authorization", `DPoP ${t}`)), ((n == null ? void 0 : n[X]) || fetch)(r.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: r != null && r.signal ? te(r.signal) : null
+    signal: n != null && n.signal ? te(n.signal) : null
   }).then(ee);
 }
-async function gt(t, e, n, o) {
-  j(t), z(e);
-  const s = _e(t, "userinfo_endpoint"), r = $(o == null ? void 0 : o.headers);
-  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), wt(n, "GET", s, r, null, {
+async function gt(t, e, r, o) {
+  j(t), J(e);
+  const s = _e(t, "userinfo_endpoint"), n = $(o == null ? void 0 : o.headers);
+  return e.userinfo_signed_response_alg ? n.set("accept", "application/jwt") : (n.set("accept", "application/json"), n.append("accept", "application/jwt")), wt(r, "GET", s, n, null, {
     ...o,
     [H]: I(e)
   });
 }
-async function mt(t, e, n, o, s, r, i) {
-  return await lt(t, e, s, r, i == null ? void 0 : i.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[X]) || fetch)(o.href, {
+async function mt(t, e, r, o, s, n, i) {
+  return await lt(t, e, s, n, i == null ? void 0 : i.clientPrivateKey), n.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((i == null ? void 0 : i[X]) || fetch)(o.href, {
     body: s,
-    headers: Object.fromEntries(r.entries()),
-    method: n,
+    headers: Object.fromEntries(n.entries()),
+    method: r,
     redirect: "manual",
     signal: i != null && i.signal ? te(i.signal) : null
   }).then(ee);
 }
-async function ve(t, e, n, o, s) {
-  const r = _e(t, "token_endpoint");
-  o.set("grant_type", n);
+async function ve(t, e, r, o, s) {
+  const n = _e(t, "token_endpoint");
+  o.set("grant_type", r);
   const i = $(s == null ? void 0 : s.headers);
-  return i.set("accept", "application/json"), mt(t, e, "POST", r, o, i, s);
+  return i.set("accept", "application/json"), mt(t, e, "POST", n, o, i, s);
 }
-async function yt(t, e, n, o) {
-  if (j(t), z(e), !p(n))
+async function yt(t, e, r, o) {
+  if (j(t), J(e), !p(r))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const s = new URLSearchParams(o == null ? void 0 : o.additionalParameters);
-  return s.set("refresh_token", n), ve(t, e, "refresh_token", s, o);
+  return s.set("refresh_token", r), ve(t, e, "refresh_token", s, o);
 }
 const Se = /* @__PURE__ */ new WeakMap();
 function bt(t) {
@@ -585,52 +585,52 @@ function bt(t) {
     throw new TypeError('"ref" was already garbage collected or did not resolve from the proper sources');
   return e;
 }
-async function Te(t, e, n, o = !1, s = !1) {
-  if (j(t), z(e), !Q(n, Response))
+async function Te(t, e, r, o = !1, s = !1) {
+  if (j(t), J(e), !Q(r, Response))
     throw new TypeError('"response" must be an instance of Response');
-  if (n.status !== 200) {
+  if (r.status !== 200) {
     let i;
-    if (i = await Ut(n))
+    if (i = await xt(r))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
-  ne(n);
-  let r;
+  re(r);
+  let n;
   try {
-    r = await n.json();
+    n = await r.json();
   } catch (i) {
     throw new a('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!C(r))
+  if (!C(n))
     throw new a('"response" body must be a top level object');
-  if (!p(r.access_token))
+  if (!p(n.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
-  if (!p(r.token_type))
+  if (!p(n.token_type))
     throw new a('"response" body "token_type" property must be a non-empty string');
-  if (r.token_type = r.token_type.toLowerCase(), r.token_type !== "dpop" && r.token_type !== "bearer")
+  if (n.token_type = n.token_type.toLowerCase(), n.token_type !== "dpop" && n.token_type !== "bearer")
     throw new S("unsupported `token_type` value");
-  if (r.expires_in !== void 0 && (typeof r.expires_in != "number" || r.expires_in <= 0))
+  if (n.expires_in !== void 0 && (typeof n.expires_in != "number" || n.expires_in <= 0))
     throw new a('"response" body "expires_in" property must be a positive number');
-  if (!s && r.refresh_token !== void 0 && !p(r.refresh_token))
+  if (!s && n.refresh_token !== void 0 && !p(n.refresh_token))
     throw new a('"response" body "refresh_token" property must be a non-empty string');
-  if (r.scope !== void 0 && typeof r.scope != "string")
+  if (n.scope !== void 0 && typeof n.scope != "string")
     throw new a('"response" body "scope" property must be a string');
   if (!o) {
-    if (r.id_token !== void 0 && !p(r.id_token))
+    if (n.id_token !== void 0 && !p(n.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
-    if (r.id_token) {
-      const { claims: i } = await Lt(r.id_token, Ct.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, I(e), ye(e)).then(At.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
+    if (n.id_token) {
+      const { claims: i } = await Lt(n.id_token, Ct.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, I(e), ye(e)).then(At.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1 && i.azp !== e.client_id)
         throw new a('unexpected ID Token "azp" (authorized party) claim value');
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      Se.set(r, i);
+      Se.set(n, i);
     }
   }
-  return r;
+  return n;
 }
-async function _t(t, e, n) {
-  return Te(t, e, n);
+async function _t(t, e, r) {
+  return Te(t, e, r);
 }
 function vt(t, e) {
   if (Array.isArray(e.claims.aud)) {
@@ -645,24 +645,24 @@ function St(t, e) {
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const Ee = /* @__PURE__ */ new WeakSet();
+const ke = /* @__PURE__ */ new WeakSet();
 function Tt(t) {
-  return Ee.add(t), t;
+  return ke.add(t), t;
 }
-async function Et(t, e, n, o, s, r) {
-  if (j(t), z(e), !Ee.has(n))
+async function kt(t, e, r, o, s, n) {
+  if (j(t), J(e), !ke.has(r))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!p(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
   if (!p(s))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  const i = T(n, "code");
+  const i = T(r, "code");
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
-  const u = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
-  return u.set("redirect_uri", o), u.set("code_verifier", s), u.set("code", i), ve(t, e, "authorization_code", u, r);
+  const u = new URLSearchParams(n == null ? void 0 : n.additionalParameters);
+  return u.set("redirect_uri", o), u.set("code_verifier", s), u.set("code", i), ve(t, e, "authorization_code", u, n);
 }
-const kt = {
+const Et = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -679,27 +679,27 @@ const kt = {
   cnf: "confirmation"
 };
 function At(t, e) {
-  for (const n of t)
-    if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${kt[n]}) claim missing`);
+  for (const r of t)
+    if (e.claims[r] === void 0)
+      throw new a(`JWT "${r}" (${Et[r]}) claim missing`);
   return e;
 }
 const Rt = Symbol(), G = Symbol();
-async function Pt(t, e, n, o, s) {
-  const r = await Te(t, e, n);
-  if (Z(r))
-    return r;
-  if (!p(r.id_token))
+async function Pt(t, e, r, o, s) {
+  const n = await Te(t, e, r);
+  if (Z(n))
+    return n;
+  if (!p(n.id_token))
     throw new a('"response" body "id_token" property must be a non-empty string');
   s ?? (s = e.default_max_age ?? G);
-  const i = bt(r);
+  const i = bt(n);
   if ((e.require_auth_time || s !== G) && i.auth_time === void 0)
     throw new a('ID Token "auth_time" (authentication time) claim missing');
   if (s !== G) {
     if (typeof s != "number" || s < 0)
       throw new TypeError('"maxAge" must be a non-negative number');
-    const u = M() + I(e), h = ye(e);
-    if (i.auth_time + s < u - h)
+    const u = M() + I(e), f = ye(e);
+    if (i.auth_time + s < u - f)
       throw new a("too much time has elapsed since the last End-User authentication");
   }
   switch (o) {
@@ -716,15 +716,15 @@ async function Pt(t, e, n, o, s) {
       if (i.nonce !== o)
         throw new a('unexpected ID Token "nonce" claim value');
   }
-  return r;
+  return n;
 }
-function ne(t) {
+function re(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function Ut(t) {
+async function xt(t) {
   if (t.status > 399 && t.status < 500) {
-    ne(t);
+    re(t);
     try {
       const e = await t.json();
       if (C(e) && typeof e.error == "string" && e.error.length)
@@ -737,7 +737,7 @@ function le(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function xt(t) {
+function Ut(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -749,12 +749,12 @@ function xt(t) {
       throw new S();
   }
 }
-function ke(t) {
+function Ee(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: xt(t.algorithm.namedCurve)
+        hash: Ut(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
       switch (le(t.algorithm), t.algorithm.hash.name) {
@@ -777,15 +777,15 @@ function ke(t) {
   throw new S();
 }
 const Ae = Symbol();
-async function Lt(t, e, n, o, s) {
-  const { 0: r, 1: i, 2: u, length: h } = t.split(".");
-  if (h === 5)
+async function Lt(t, e, r, o, s) {
+  const { 0: n, 1: i, 2: u, length: f } = t.split(".");
+  if (f === 5)
     throw new S("JWE structure JWTs are not supported");
-  if (h !== 3)
+  if (f !== 3)
     throw new a("Invalid JWT");
   let m;
   try {
-    m = JSON.parse(A(E(r)));
+    m = JSON.parse(A(k(n)));
   } catch (P) {
     throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: P });
   }
@@ -793,70 +793,70 @@ async function Lt(t, e, n, o, s) {
     throw new a("JWT Header must be a top level object");
   if (e(m), m.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
-  const b = E(u);
-  let _;
-  if (n !== Ae) {
-    _ = await n(m);
-    const P = `${r}.${i}`;
-    if (!await crypto.subtle.verify(ke(_), _, b, A(P)))
+  const y = k(u);
+  let b;
+  if (r !== Ae) {
+    b = await r(m);
+    const P = `${n}.${i}`;
+    if (!await crypto.subtle.verify(Ee(b), b, y, A(P)))
       throw new a("JWT signature verification failed");
   }
-  let f;
+  let h;
   try {
-    f = JSON.parse(A(E(i)));
+    h = JSON.parse(A(k(i)));
   } catch (P) {
     throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: P });
   }
-  if (!C(f))
+  if (!C(h))
     throw new a("JWT Payload must be a top level object");
   const R = M() + o;
-  if (f.exp !== void 0) {
-    if (typeof f.exp != "number")
+  if (h.exp !== void 0) {
+    if (typeof h.exp != "number")
       throw new a('unexpected JWT "exp" (expiration time) claim type');
-    if (f.exp <= R - s)
+    if (h.exp <= R - s)
       throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
-  if (f.iat !== void 0 && typeof f.iat != "number")
+  if (h.iat !== void 0 && typeof h.iat != "number")
     throw new a('unexpected JWT "iat" (issued at) claim type');
-  if (f.iss !== void 0 && typeof f.iss != "string")
+  if (h.iss !== void 0 && typeof h.iss != "string")
     throw new a('unexpected JWT "iss" (issuer) claim type');
-  if (f.nbf !== void 0) {
-    if (typeof f.nbf != "number")
+  if (h.nbf !== void 0) {
+    if (typeof h.nbf != "number")
       throw new a('unexpected JWT "nbf" (not before) claim type');
-    if (f.nbf > R + s)
+    if (h.nbf > R + s)
       throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
-  if (f.aud !== void 0 && typeof f.aud != "string" && !Array.isArray(f.aud))
+  if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
     throw new a('unexpected JWT "aud" (audience) claim type');
-  return { header: m, claims: f, signature: b, key: _ };
+  return { header: m, claims: h, signature: y, key: b };
 }
-function Ct(t, e, n) {
+function Ct(t, e, r) {
   if (t !== void 0) {
-    if (n.alg !== t)
+    if (r.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
     return;
   }
   if (Array.isArray(e)) {
-    if (!e.includes(n.alg))
+    if (!e.includes(r.alg))
       throw new a('unexpected JWT "alg" header parameter');
     return;
   }
-  if (n.alg !== "RS256")
+  if (r.alg !== "RS256")
     throw new a('unexpected JWT "alg" header parameter');
 }
 function T(t, e) {
-  const { 0: n, length: o } = t.getAll(e);
+  const { 0: r, length: o } = t.getAll(e);
   if (o > 1)
     throw new a(`"${e}" parameter must be provided only once`);
-  return n;
+  return r;
 }
 const It = Symbol(), jt = Symbol();
-function zt(t, e, n, o) {
-  if (j(t), z(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+function Jt(t, e, r, o) {
+  if (j(t), J(e), r instanceof URL && (r = r.searchParams), !(r instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
-  if (T(n, "response"))
+  if (T(r, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const s = T(n, "iss"), r = T(n, "state");
+  const s = T(r, "iss"), n = T(r, "state");
   if (!s && t.authorization_response_iss_parameter_supported)
     throw new a('response parameter "iss" (issuer) missing');
   if (s && s !== t.issuer)
@@ -864,7 +864,7 @@ function zt(t, e, n, o) {
   switch (o) {
     case void 0:
     case jt:
-      if (r !== void 0)
+      if (n !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
     case It:
@@ -872,179 +872,167 @@ function zt(t, e, n, o) {
     default:
       if (!p(o))
         throw new a('"expectedState" must be a non-empty string');
-      if (r === void 0)
+      if (n === void 0)
         throw new a('response parameter "state" missing');
-      if (r !== o)
+      if (n !== o)
         throw new a('unexpected "state" response parameter value');
   }
-  const i = T(n, "error");
+  const i = T(r, "error");
   if (i)
     return {
       error: i,
-      error_description: T(n, "error_description"),
-      error_uri: T(n, "error_uri")
+      error_description: T(r, "error_description"),
+      error_uri: T(r, "error_uri")
     };
-  const u = T(n, "id_token"), h = T(n, "token");
-  if (u !== void 0 || h !== void 0)
+  const u = T(r, "id_token"), f = T(r, "token");
+  if (u !== void 0 || f !== void 0)
     throw new S("implicit and hybrid flows are not supported");
-  return Tt(new URLSearchParams(n));
+  return Tt(new URLSearchParams(r));
 }
-function Jt({
+function Ot({
   handleCallback: t
 }) {
-  const [e, n] = ze(null), o = He(), s = Je(!1);
-  return Oe(() => {
-    s.current || (s.current = !0, t().then((r) => {
-      o(r);
-    }).catch((r) => {
-      K.error(r), n(r);
+  const [e, r] = Je(null), o = He(), s = Oe(!1);
+  return Ne(() => {
+    s.current || (s.current = !0, t().then((n) => {
+      o(n);
+    }).catch((n) => {
+      K.error(n), r(n);
     }));
-  }, [o, t]), e ? /* @__PURE__ */ k.jsx(
+  }, [o, t]), e ? /* @__PURE__ */ E.jsx(
     De,
     {
       category: "Error",
       title: "Authentication Error",
-      message: /* @__PURE__ */ k.jsxs(k.Fragment, { children: [
-        /* @__PURE__ */ k.jsx(Ne, { className: "mb-4", children: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly." }),
+      message: /* @__PURE__ */ E.jsxs(E.Fragment, { children: [
+        /* @__PURE__ */ E.jsx(ze, { className: "mb-4", children: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly." }),
         "An error occurred while authorizing the user.",
-        /* @__PURE__ */ k.jsx(We, { code: e.toString(), language: "plain" })
+        /* @__PURE__ */ E.jsx(We, { code: e.toString(), language: "plain" })
       ] })
     }
-  ) : /* @__PURE__ */ k.jsx("div", { className: "grid h-full place-items-center", children: /* @__PURE__ */ k.jsx(Ke, {}) });
+  ) : /* @__PURE__ */ E.jsx("div", { className: "grid h-full place-items-center", children: /* @__PURE__ */ E.jsx(Ke, {}) });
 }
-class x extends Error {
+class U extends Error {
 }
-class de extends x {
-  constructor(e, n, o) {
-    super(e, o), this.error = n;
+class de extends U {
+  constructor(e, r, o) {
+    super(e, o), this.error = r;
   }
 }
 const V = "code-verifier";
-class Ot extends je {
-  constructor(e, n) {
-    super(), this.callbackUrlPath = e, this.handleCallback = n;
+class Nt extends je {
+  constructor(e, r) {
+    super(), this.callbackUrlPath = e, this.handleCallback = r;
   }
   getRoutes() {
     return [
       ...super.getRoutes(),
       {
         path: this.callbackUrlPath,
-        element: /* @__PURE__ */ k.jsx(Jt, { handleCallback: this.handleCallback })
+        element: /* @__PURE__ */ E.jsx(Ot, { handleCallback: this.handleCallback })
       }
     ];
   }
 }
-class Nt {
+class zt {
   constructor({
     issuer: e,
-    audience: n,
-    authorizationEndpoint: o,
-    tokenEndpoint: s,
-    clientId: r,
-    redirectToAfterSignUp: i,
-    redirectToAfterSignIn: u,
-    redirectToAfterSignOut: h
+    audience: r,
+    clientId: o,
+    redirectToAfterSignUp: s,
+    redirectToAfterSignIn: n,
+    redirectToAfterSignOut: i
   }) {
-    y(this, "client");
-    y(this, "issuer");
-    y(this, "authorizationEndpoint");
-    y(this, "tokenEndpoint");
-    y(this, "authorizationServer");
-    y(this, "callbackUrlPath", "/oauth/callback");
-    y(this, "logoutRedirectUrlPath", "/");
-    y(this, "onAuthorizationUrl");
-    y(this, "redirectToAfterSignUp");
-    y(this, "redirectToAfterSignIn");
-    y(this, "redirectToAfterSignOut");
-    y(this, "audience");
-    y(this, "signOut", async () => {
-      N.setState({
+    _(this, "client");
+    _(this, "issuer");
+    _(this, "authorizationServer");
+    _(this, "callbackUrlPath", "/oauth/callback");
+    _(this, "logoutRedirectUrlPath", "/");
+    _(this, "onAuthorizationUrl");
+    _(this, "redirectToAfterSignUp");
+    _(this, "redirectToAfterSignIn");
+    _(this, "redirectToAfterSignOut");
+    _(this, "audience");
+    _(this, "signOut", async () => {
+      z.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0
       }), sessionStorage.clear();
-      const e = await this.getAuthServer(), n = new URL(
+      const e = await this.getAuthServer(), r = new URL(
         window.location.origin + this.redirectToAfterSignOut
       );
-      n.pathname = this.logoutRedirectUrlPath;
+      r.pathname = this.logoutRedirectUrlPath;
       let o;
       e.end_session_endpoint ? (o = new URL(e.end_session_endpoint), o.searchParams.set(
         "post_logout_redirect_uri",
-        n.toString()
-      )) : o = n;
+        r.toString()
+      )) : o = r;
     });
-    y(this, "handleCallback", async () => {
-      const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(V);
+    _(this, "handleCallback", async () => {
+      const e = new URL(window.location.href), r = e.searchParams.get("state"), o = sessionStorage.getItem(V);
       if (sessionStorage.removeItem(V), !o)
-        throw new x("No code verifier found in state.");
-      const s = await this.getAuthServer(), r = zt(
+        throw new U("No code verifier found in state.");
+      const s = await this.getAuthServer(), n = Jt(
         s,
         this.client,
         e.searchParams,
-        n ?? void 0
+        r ?? void 0
       );
-      if (Z(r))
-        throw K.error("Error validating OAuth response", r), new de(
+      if (Z(n))
+        throw K.error("Error validating OAuth response", n), new de(
           "Error validating OAuth response",
-          r
+          n
         );
       const i = new URL(e);
       i.pathname = this.redirectToAfterSignIn, i.search = "";
-      const u = await Et(
+      const u = await kt(
         s,
         this.client,
-        r,
+        n,
         i.toString(),
         o
-      ), h = await Pt(
+      ), f = await Pt(
         s,
         this.client,
         u
       );
-      this.setTokensFromResponse(h);
-      const m = await this.getAccessToken(), _ = await (await gt(
+      this.setTokensFromResponse(f);
+      const m = await this.getAccessToken(), b = await (await gt(
         s,
         this.client,
         m
-      )).json(), f = {
-        sub: _.sub,
-        email: _.email,
-        name: _.name,
-        emailVerified: _.email_verified ?? !1,
-        pictureUrl: _.picture
+      )).json(), h = {
+        sub: b.sub,
+        email: b.email,
+        name: b.name,
+        emailVerified: b.email_verified ?? !1,
+        pictureUrl: b.picture
       };
-      N.setState({
+      z.setState({
         isAuthenticated: !0,
         isPending: !1,
-        profile: f
+        profile: h
       }), sessionStorage.setItem(
         "profile-state",
-        JSON.stringify(N.getState().profile)
+        JSON.stringify(z.getState().profile)
       );
       const R = sessionStorage.getItem("redirect-to") ?? "/";
       return sessionStorage.removeItem("redirect-to"), R;
     });
     this.client = {
-      client_id: r,
+      client_id: o,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.authorizationEndpoint = o, this.tokenEndpoint = s, this.redirectToAfterSignUp = i ?? "/", this.redirectToAfterSignIn = u ?? "/", this.redirectToAfterSignOut = h ?? "/";
+    }, this.audience = r, this.issuer = e, this.redirectToAfterSignUp = s ?? "/", this.redirectToAfterSignIn = n ?? "/", this.redirectToAfterSignOut = i ?? "/";
   }
   async getAuthServer() {
-    if (!this.authorizationServer)
-      if (this.tokenEndpoint && this.authorizationEndpoint)
-        this.authorizationServer = {
-          issuer: new URL(this.authorizationEndpoint).origin,
-          authorization_endpoint: this.authorizationEndpoint,
-          token_endpoint: this.tokenEndpoint,
-          code_challenge_methods_supported: []
-        };
-      else {
-        const e = new URL(this.issuer), n = await Qe(e);
-        this.authorizationServer = await Xe(
-          e,
-          n
-        );
-      }
+    if (!this.authorizationServer) {
+      const e = new URL(this.issuer), r = await Qe(e);
+      this.authorizationServer = await Xe(
+        e,
+        r
+      );
+    }
     return this.authorizationServer;
   }
   /**
@@ -1055,14 +1043,14 @@ class Nt {
     if (Z(e))
       throw K.error("Bad Token Response", e), new de("Bad Token Response", e);
     if (!e.expires_in)
-      throw new x("No expires_in in response");
-    const n = {
+      throw new U("No expires_in in response");
+    const r = {
       accessToken: e.access_token,
       refreshToken: e.refresh_token,
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
     };
-    sessionStorage.setItem("token-state", JSON.stringify(n));
+    sessionStorage.setItem("token-state", JSON.stringify(r));
   }
   async signUp({ redirectTo: e } = {}) {
     return this.authorize({
@@ -1077,36 +1065,36 @@ class Nt {
   }
   async authorize({
     redirectTo: e,
-    isSignUp: n = !1
+    isSignUp: r = !1
   }) {
-    var m, b;
+    var m, y;
     const o = "S256", s = await this.getAuthServer();
     if (!s.authorization_endpoint)
-      throw new x("No authorization endpoint");
-    const r = et(), i = await nt(r);
-    sessionStorage.setItem(V, r);
+      throw new U("No authorization endpoint");
+    const n = et(), i = await rt(n);
+    sessionStorage.setItem(V, n);
     const u = new URL(
       s.authorization_endpoint
     );
     sessionStorage.setItem("redirect-to", e);
-    const h = new URL(window.location.origin);
-    if (h.pathname = this.callbackUrlPath, h.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", h.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid profile email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
+    const f = new URL(window.location.origin);
+    if (f.pathname = this.callbackUrlPath, f.search = "", u.searchParams.set("client_id", this.client.client_id), u.searchParams.set("redirect_uri", f.toString()), u.searchParams.set("response_type", "code"), u.searchParams.set("scope", "openid profile email"), u.searchParams.set("code_challenge", i), u.searchParams.set(
       "code_challenge_method",
       o
     ), this.audience && u.searchParams.set("audience", this.audience), (m = this.onAuthorizationUrl) == null || m.call(this, u, {
-      isSignIn: !n,
-      isSignUp: n
-    }), ((b = s.code_challenge_methods_supported) == null ? void 0 : b.includes("S256")) !== !0) {
-      const _ = tt();
-      u.searchParams.set("state", _);
+      isSignIn: !r,
+      isSignUp: r
+    }), ((y = s.code_challenge_methods_supported) == null ? void 0 : y.includes("S256")) !== !0) {
+      const b = tt();
+      u.searchParams.set("state", b);
     }
     location.href = u.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer(), n = sessionStorage.getItem("token-state");
-    if (!n)
-      throw new x("User is not authenticated");
-    const o = JSON.parse(n);
+    const e = await this.getAuthServer(), r = sessionStorage.getItem("token-state");
+    if (!r)
+      throw new U("User is not authenticated");
+    const o = JSON.parse(r);
     if (o.expiresOn < /* @__PURE__ */ new Date()) {
       if (!o.refreshToken)
         return await this.signIn(), "";
@@ -1114,14 +1102,14 @@ class Nt {
         e,
         this.client,
         o.refreshToken
-      ), r = await _t(
+      ), n = await _t(
         e,
         this.client,
         s
       );
-      if (!r.access_token)
-        throw new x("No access token in response");
-      return this.setTokensFromResponse(r), r.access_token.toString();
+      if (!n.access_token)
+        throw new U("No access token in response");
+      return this.setTokensFromResponse(n), n.access_token.toString();
     } else
       return o.accessToken;
   }
@@ -1129,23 +1117,23 @@ class Nt {
     const e = sessionStorage.getItem("profile-state");
     if (e)
       try {
-        const n = JSON.parse(e);
-        N.setState({
+        const r = JSON.parse(e);
+        z.setState({
           isAuthenticated: !0,
           isPending: !1,
-          profile: n
+          profile: r
         });
-      } catch (n) {
-        K.error("Error parsing auth state", n);
+      } catch (r) {
+        K.error("Error parsing auth state", r);
       }
   }
   getAuthenticationPlugin() {
-    return new Ot(this.callbackUrlPath, this.handleCallback);
+    return new Nt(this.callbackUrlPath, this.handleCallback);
   }
 }
-const Yt = (t) => new Nt(t);
+const Yt = (t) => new zt(t);
 export {
-  Nt as OpenIDAuthenticationProvider,
+  zt as OpenIDAuthenticationProvider,
   Yt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map