zudoku 0.40.1 → 0.41.0

package/lib/zudoku.auth-openid.js

@@ -1,10 +1,10 @@
-var Le = Object.defineProperty;
-var xe = (t, e, n) => e in t ? Le(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
-var b = (t, e, n) => xe(t, typeof e != "symbol" ? e + "" : e, n);
+var Ce = Object.defineProperty;
+var Le = (t, e, n) => e in t ? Ce(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
+var w = (t, e, n) => Le(t, typeof e != "symbol" ? e + "" : e, n);
 import { j as B } from "./jsx-runtime-C5mzlN2N.js";
-import { g as Ce } from "./_commonjsHelpers-B4e78b8K.js";
+import { g as xe } from "./_commonjsHelpers-B4e78b8K.js";
 import { C as Ie } from "./ClientOnly-E7hGysn1.js";
-import { d as je, f as ie, u as x } from "./hook-pPrHCB6G.js";
+import { d as je, f as ie, u as L } from "./hook-pPrHCB6G.js";
 import { A as Je } from "./AuthenticationPlugin-CJOFRBk3.js";
 import { N as Oe } from "./chunk-KNED5TY2-BUPjb3LQ.js";
 import { Z as ze } from "./invariant-Caa8-XvF.js";
@@ -37,7 +37,7 @@ function Ne() {
       function p() {
         console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
       }
-      function w(l) {
+      function _(l) {
         return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? p : console[l] !== void 0 ? c(console, l) : console.log !== void 0 ? c(console, "log") : e;
       }
       function f() {
@@ -53,14 +53,14 @@ function Ne() {
           typeof console !== n && (f.call(this), this[l].apply(this, arguments));
         };
       }
-      function _(l, m, u) {
-        return w(l) || v.apply(this, arguments);
+      function b(l, m, u) {
+        return _(l) || v.apply(this, arguments);
       }
-      function h(l, m) {
+      function d(l, m) {
         var u = this, J, $, U, S = "loglevel";
         typeof l == "string" ? S += ":" + l : typeof l == "symbol" && (S = void 0);
-        function Re(d) {
-          var y = (a[d] || "silent").toUpperCase();
+        function Re(h) {
+          var y = (a[h] || "silent").toUpperCase();
           if (!(typeof window === n || !S)) {
             try {
               window.localStorage[S] = y;
@@ -74,21 +74,21 @@ function Ne() {
           }
         }
         function ne() {
-          var d;
+          var h;
           if (!(typeof window === n || !S)) {
             try {
-              d = window.localStorage[S];
+              h = window.localStorage[S];
             } catch {
             }
-            if (typeof d === n)
+            if (typeof h === n)
               try {
                 var y = window.document.cookie, O = encodeURIComponent(S), oe = y.indexOf(O + "=");
-                oe !== -1 && (d = /^([^;]+)/.exec(
+                oe !== -1 && (h = /^([^;]+)/.exec(
                   y.slice(oe + O.length + 1)
                 )[1]);
               } catch {
               }
-            return u.levels[d] === void 0 && (d = void 0), d;
+            return u.levels[h] === void 0 && (h = void 0), h;
           }
         }
         function Pe() {
@@ -103,11 +103,11 @@ function Ne() {
             }
           }
         }
-        function L(d) {
-          var y = d;
+        function C(h) {
+          var y = h;
           if (typeof y == "string" && u.levels[y.toUpperCase()] !== void 0 && (y = u.levels[y.toUpperCase()]), typeof y == "number" && y >= 0 && y <= u.levels.SILENT)
             return y;
-          throw new TypeError("log.setLevel() called with invalid level: " + d);
+          throw new TypeError("log.setLevel() called with invalid level: " + h);
         }
         u.name = l, u.levels = {
           TRACE: 0,
@@ -116,33 +116,33 @@ function Ne() {
           WARN: 3,
           ERROR: 4,
           SILENT: 5
-        }, u.methodFactory = m || _, u.getLevel = function() {
+        }, u.methodFactory = m || b, u.getLevel = function() {
           return U ?? $ ?? J;
-        }, u.setLevel = function(d, y) {
-          return U = L(d), y !== !1 && Re(U), f.call(u);
-        }, u.setDefaultLevel = function(d) {
-          $ = L(d), ne() || u.setLevel(d, !1);
+        }, u.setLevel = function(h, y) {
+          return U = C(h), y !== !1 && Re(U), f.call(u);
+        }, u.setDefaultLevel = function(h) {
+          $ = C(h), ne() || u.setLevel(h, !1);
         }, u.resetLevel = function() {
           U = null, Pe(), f.call(u);
-        }, u.enableAll = function(d) {
-          u.setLevel(u.levels.TRACE, d);
-        }, u.disableAll = function(d) {
-          u.setLevel(u.levels.SILENT, d);
+        }, u.enableAll = function(h) {
+          u.setLevel(u.levels.TRACE, h);
+        }, u.disableAll = function(h) {
+          u.setLevel(u.levels.SILENT, h);
         }, u.rebuild = function() {
-          if (i !== u && (J = L(i.getLevel())), f.call(u), i === u)
-            for (var d in r)
-              r[d].rebuild();
-        }, J = L(
+          if (i !== u && (J = C(i.getLevel())), f.call(u), i === u)
+            for (var h in r)
+              r[h].rebuild();
+        }, J = C(
           i ? i.getLevel() : "WARN"
         );
         var re = ne();
-        re != null && (U = L(re)), f.call(u);
+        re != null && (U = C(re)), f.call(u);
       }
-      i = new h(), i.getLogger = function(m) {
+      i = new d(), i.getLogger = function(m) {
         if (typeof m != "symbol" && typeof m != "string" || m === "")
           throw new TypeError("You must supply a name when creating a logger.");
         var u = r[m];
-        return u || (u = r[m] = new h(
+        return u || (u = r[m] = new d(
           m,
           i.methodFactory
         )), u;
@@ -157,7 +157,7 @@ function Ne() {
   }(D)), D.exports;
 }
 var We = Ne();
-const se = /* @__PURE__ */ Ce(We);
+const se = /* @__PURE__ */ xe(We);
 let V;
 var z, we;
 (typeof navigator > "u" || !((we = (z = navigator.userAgent) == null ? void 0 : z.startsWith) != null && we.call(z, "Mozilla/5.0 "))) && (V = "oauth4webapi/v2.17.0");
@@ -192,7 +192,7 @@ function Ve(t) {
     throw new s("The input to be decoded is not correctly encoded.", { cause: e });
   }
 }
-function k(t) {
+function A(t) {
   return typeof t == "string" ? Ve(t) : Be(t);
 }
 class Ge {
@@ -249,7 +249,7 @@ function Q(t) {
   }
   return t;
 }
-function C(t) {
+function x(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
 function K(t) {
@@ -308,7 +308,7 @@ async function tt(t, e) {
   } catch (o) {
     throw new s('failed to parse "response" body as JSON', { cause: o });
   }
-  if (!C(n))
+  if (!x(n))
     throw new s('"response" body must be a top level object');
   if (!g(n.issuer))
     throw new s('"response" body "issuer" property must be a non-empty string');
@@ -317,7 +317,7 @@ async function tt(t, e) {
   return n;
 }
 function X() {
-  return k(crypto.getRandomValues(new Uint8Array(32)));
+  return A(crypto.getRandomValues(new Uint8Array(32)));
 }
 function nt() {
   return X();
@@ -328,7 +328,7 @@ function rt() {
 async function ot(t) {
   if (!g(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  return k(await crypto.subtle.digest("SHA-256", E(t)));
+  return A(await crypto.subtle.digest("SHA-256", E(t)));
 }
 function ue(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
@@ -418,7 +418,7 @@ function le(t) {
     throw new TypeError('"client.client_secret" property must be a non-empty string');
   return t;
 }
-function de(t, e) {
+function he(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
@@ -434,25 +434,25 @@ async function lt(t, e, n, o, a) {
       break;
     }
     case "private_key_jwt":
-      throw de("private_key_jwt", e.client_secret), new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
+      throw he("private_key_jwt", e.client_secret), new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
     case "tls_client_auth":
     case "self_signed_tls_client_auth":
     case "none": {
-      de(e.token_endpoint_auth_method, e.client_secret), e.token_endpoint_auth_method, n.set("client_id", e.client_id);
+      he(e.token_endpoint_auth_method, e.client_secret), e.token_endpoint_auth_method, n.set("client_id", e.client_id);
       break;
     }
     default:
       throw new T("unsupported client token_endpoint_auth_method");
   }
 }
-async function dt(t, e, n) {
+async function ht(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${k(E(JSON.stringify(t)))}.${k(E(JSON.stringify(e)))}`, a = k(await crypto.subtle.sign(ke(n), n, E(o)));
+  const o = `${A(E(JSON.stringify(t)))}.${A(E(JSON.stringify(e)))}`, a = A(await crypto.subtle.sign(Ae(n), n, E(o)));
   return `${o}.${a}`;
 }
-async function ht(t, e, n, o, a, r) {
-  var _;
+async function dt(t, e, n, o, a, r) {
+  var b;
   const { privateKey: i, publicKey: c, nonce: p = ge.get(n.origin) } = e;
   if (!Ze(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
@@ -462,19 +462,19 @@ async function ht(t, e, n, o, a, r) {
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!c.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
-  const w = ee() + a, f = {
+  const _ = ee() + a, f = {
     alg: ut(i),
     typ: "dpop+jwt",
     jwk: await pt(c)
   }, v = {
-    iat: w,
+    iat: _,
     jti: X(),
     htm: o,
     nonce: p,
     htu: `${n.origin}${n.pathname}`,
-    ath: r ? k(await crypto.subtle.digest("SHA-256", E(r))) : void 0
+    ath: r ? A(await crypto.subtle.digest("SHA-256", E(r))) : void 0
   };
-  (_ = e[He]) == null || _.call(e, f, v), t.set("dpop", await dt(f, v, i));
+  (b = e[He]) == null || b.call(e, f, v), t.set("dpop", await ht(f, v, i));
 }
 let N;
 async function ft(t) {
@@ -484,13 +484,13 @@ async function ft(t) {
 async function pt(t) {
   return N || (N = /* @__PURE__ */ new WeakMap()), N.get(t) || ft(t);
 }
-function he(t, e, n) {
+function de(t, e, n) {
   if (typeof t != "string")
     throw n ? new TypeError(`"as.mtls_endpoint_aliases.${e}" must be a string`) : new TypeError(`"as.${e}" must be a string`);
   return new URL(t);
 }
 function be(t, e, n = !1) {
-  return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? he(t.mtls_endpoint_aliases[e], e, n) : he(t[e], e, n);
+  return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? de(t.mtls_endpoint_aliases[e], e, n) : de(t[e], e, n);
 }
 function _e(t, e) {
   return !!(t.use_mtls_endpoint_aliases || e != null && e[Fe]);
@@ -504,7 +504,7 @@ async function wt(t, e, n, o, a, r) {
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = K(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await ht(o, r.DPoP, n, e.toUpperCase(), H({ [W]: r == null ? void 0 : r[W] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[Z]) || fetch)(n.href, {
+  return o = K(o), (r == null ? void 0 : r.DPoP) === void 0 ? o.set("authorization", `Bearer ${t}`) : (await dt(o, r.DPoP, n, e.toUpperCase(), H({ [W]: r == null ? void 0 : r[W] }), t), o.set("authorization", `DPoP ${t}`)), ((r == null ? void 0 : r[Z]) || fetch)(n.href, {
     body: a,
     headers: Object.fromEntries(o.entries()),
     method: e,
@@ -566,7 +566,7 @@ async function Te(t, e, n, o = !1, a = !1) {
   } catch (i) {
     throw new s('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!C(r))
+  if (!x(r))
     throw new s('"response" body must be a top level object');
   if (!g(r.access_token))
     throw new s('"response" body "access_token" property must be a non-empty string');
@@ -584,7 +584,7 @@ async function Te(t, e, n, o = !1, a = !1) {
     if (r.id_token !== void 0 && !g(r.id_token))
       throw new s('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i, jwt: c } = await Ct(r.id_token, It.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ee, H(e), ye(e), e[$e]).then(Et.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
+      const { claims: i, jwt: c } = await xt(r.id_token, It.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ee, H(e), ye(e), e[$e]).then(Et.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1) {
         if (i.azp === void 0)
           throw new s('ID Token "aud" (audience) claim includes additional untrusted audiences');
@@ -614,24 +614,24 @@ function St(t, e) {
     throw new s('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const Ae = /* @__PURE__ */ new WeakSet();
+const ke = /* @__PURE__ */ new WeakSet();
 function Tt(t) {
-  return Ae.add(t), t;
+  return ke.add(t), t;
 }
-async function At(t, e, n, o, a, r) {
-  if (I(t), j(e), !Ae.has(n))
+async function kt(t, e, n, o, a, r) {
+  if (I(t), j(e), !ke.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!g(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
   if (!g(a))
     throw new TypeError('"codeVerifier" must be a non-empty string');
-  const i = A(n, "code");
+  const i = k(n, "code");
   if (!i)
     throw new s('no authorization code in "callbackParameters"');
   const c = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
   return c.set("redirect_uri", o), c.set("code_verifier", a), c.set("code", i), ve(t, e, "authorization_code", c, r);
 }
-const kt = {
+const At = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -650,7 +650,7 @@ const kt = {
 function Et(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new s(`JWT "${n}" (${kt[n]}) claim missing`);
+      throw new s(`JWT "${n}" (${At[n]}) claim missing`);
   return e;
 }
 const Rt = Symbol(), F = Symbol();
@@ -696,7 +696,7 @@ async function Ut(t) {
     te(t);
     try {
       const e = await t.json();
-      if (C(e) && typeof e.error == "string" && e.error.length)
+      if (x(e) && typeof e.error == "string" && e.error.length)
         return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
@@ -706,7 +706,7 @@ function fe(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new s(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function Lt(t) {
+function Ct(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -718,12 +718,12 @@ function Lt(t) {
       throw new T();
   }
 }
-function ke(t) {
+function Ae(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: Lt(t.algorithm.namedCurve)
+        hash: Ct(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
       switch (fe(t.algorithm), t.algorithm.hash.name) {
@@ -746,61 +746,61 @@ function ke(t) {
   throw new T();
 }
 const Ee = Symbol();
-async function xt(t, e, n, o) {
+async function Lt(t, e, n, o) {
   const a = `${t}.${e}`;
-  if (!await crypto.subtle.verify(ke(n), n, o, E(a)))
+  if (!await crypto.subtle.verify(Ae(n), n, o, E(a)))
     throw new s("JWT signature verification failed");
 }
-async function Ct(t, e, n, o, a, r) {
-  let { 0: i, 1: c, 2: p, length: w } = t.split(".");
-  if (w === 5)
+async function xt(t, e, n, o, a, r) {
+  let { 0: i, 1: c, 2: p, length: _ } = t.split(".");
+  if (_ === 5)
     if (r !== void 0)
-      t = await r(t), { 0: i, 1: c, 2: p, length: w } = t.split(".");
+      t = await r(t), { 0: i, 1: c, 2: p, length: _ } = t.split(".");
     else
       throw new T("JWE structure JWTs are not supported");
-  if (w !== 3)
+  if (_ !== 3)
     throw new s("Invalid JWT");
   let f;
   try {
-    f = JSON.parse(E(k(i)));
+    f = JSON.parse(E(A(i)));
   } catch (l) {
     throw new s("failed to parse JWT Header body as base64url encoded JSON", { cause: l });
   }
-  if (!C(f))
+  if (!x(f))
     throw new s("JWT Header must be a top level object");
   if (e(f), f.crit !== void 0)
     throw new s('unexpected JWT "crit" header parameter');
-  const v = k(p);
-  let _;
-  n !== Ee && (_ = await n(f), await xt(i, c, _, v));
-  let h;
+  const v = A(p);
+  let b;
+  n !== Ee && (b = await n(f), await Lt(i, c, b, v));
+  let d;
   try {
-    h = JSON.parse(E(k(c)));
+    d = JSON.parse(E(A(c)));
   } catch (l) {
     throw new s("failed to parse JWT Payload body as base64url encoded JSON", { cause: l });
   }
-  if (!C(h))
+  if (!x(d))
     throw new s("JWT Payload must be a top level object");
   const P = ee() + o;
-  if (h.exp !== void 0) {
-    if (typeof h.exp != "number")
+  if (d.exp !== void 0) {
+    if (typeof d.exp != "number")
       throw new s('unexpected JWT "exp" (expiration time) claim type');
-    if (h.exp <= P - a)
+    if (d.exp <= P - a)
       throw new s('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
   }
-  if (h.iat !== void 0 && typeof h.iat != "number")
+  if (d.iat !== void 0 && typeof d.iat != "number")
     throw new s('unexpected JWT "iat" (issued at) claim type');
-  if (h.iss !== void 0 && typeof h.iss != "string")
+  if (d.iss !== void 0 && typeof d.iss != "string")
     throw new s('unexpected JWT "iss" (issuer) claim type');
-  if (h.nbf !== void 0) {
-    if (typeof h.nbf != "number")
+  if (d.nbf !== void 0) {
+    if (typeof d.nbf != "number")
       throw new s('unexpected JWT "nbf" (not before) claim type');
-    if (h.nbf > P + a)
+    if (d.nbf > P + a)
       throw new s('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
   }
-  if (h.aud !== void 0 && typeof h.aud != "string" && !Array.isArray(h.aud))
+  if (d.aud !== void 0 && typeof d.aud != "string" && !Array.isArray(d.aud))
     throw new s('unexpected JWT "aud" (audience) claim type');
-  return { header: f, claims: h, signature: v, key: _, jwt: t };
+  return { header: f, claims: d, signature: v, key: b, jwt: t };
 }
 function It(t, e, n) {
   if (t !== void 0) {
@@ -816,7 +816,7 @@ function It(t, e, n) {
   if (n.alg !== "RS256")
     throw new s('unexpected JWT "alg" header parameter');
 }
-function A(t, e) {
+function k(t, e) {
   const { 0: n, length: o } = t.getAll(e);
   if (o > 1)
     throw new s(`"${e}" parameter must be provided only once`);
@@ -826,9 +826,9 @@ const jt = Symbol(), Jt = Symbol();
 function Ot(t, e, n, o) {
   if (I(t), j(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
-  if (A(n, "response"))
+  if (k(n, "response"))
     throw new s('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
-  const a = A(n, "iss"), r = A(n, "state");
+  const a = k(n, "iss"), r = k(n, "state");
   if (!a && t.authorization_response_iss_parameter_supported)
     throw new s('response parameter "iss" (issuer) missing');
   if (a && a !== t.issuer)
@@ -849,14 +849,14 @@ function Ot(t, e, n, o) {
       if (r !== o)
         throw new s('unexpected "state" response parameter value');
   }
-  const i = A(n, "error");
+  const i = k(n, "error");
   if (i)
     return {
       error: i,
-      error_description: A(n, "error_description"),
-      error_uri: A(n, "error_uri")
+      error_description: k(n, "error_description"),
+      error_uri: k(n, "error_uri")
     };
-  const c = A(n, "id_token"), p = A(n, "token");
+  const c = k(n, "id_token"), p = k(n, "token");
   if (c !== void 0 || p !== void 0)
     throw new T("implicit and hybrid flows are not supported");
   return Tt(new URLSearchParams(n));
@@ -914,23 +914,25 @@ class Nt {
     basePath: c,
     scopes: p
   }) {
-    b(this, "client");
-    b(this, "issuer");
-    b(this, "authorizationServer");
-    b(this, "callbackUrlPath");
-    b(this, "logoutRedirectUrlPath");
-    b(this, "onAuthorizationUrl");
-    b(this, "redirectToAfterSignUp");
-    b(this, "redirectToAfterSignIn");
-    b(this, "redirectToAfterSignOut");
-    b(this, "audience");
-    b(this, "scopes");
-    b(this, "signRequest", async (e) => {
+    w(this, "client");
+    w(this, "issuer");
+    w(this, "authorizationServer");
+    w(this, "absoluteCallbackUrlPath");
+    w(this, "relativeCallbackUrlPath");
+    w(this, "logoutRedirectUrlPath");
+    w(this, "onAuthorizationUrl");
+    w(this, "redirectToAfterSignUp");
+    w(this, "redirectToAfterSignIn");
+    w(this, "redirectToAfterSignOut");
+    w(this, "audience");
+    w(this, "scopes");
+    w(this, "root");
+    w(this, "signRequest", async (e) => {
       const n = await this.getAccessToken();
       return e.headers.set("Authorization", `Bearer ${n}`), e;
     });
-    b(this, "signOut", async () => {
-      x.setState({
+    w(this, "signOut", async () => {
+      L.setState({
         isAuthenticated: !1,
         isPending: !1,
         profile: void 0,
@@ -946,7 +948,7 @@ class Nt {
         n.toString()
       )) : o = n;
     });
-    b(this, "handleCallback", async () => {
+    w(this, "handleCallback", async () => {
       const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(q);
       if (sessionStorage.removeItem(q), n !== o)
         throw new R("Invalid state parameter");
@@ -965,34 +967,34 @@ class Nt {
           i
         );
       const c = new URL(e);
-      c.pathname = this.callbackUrlPath, c.search = "";
-      const p = await At(
+      c.pathname = this.absoluteCallbackUrlPath, c.search = "";
+      const p = await kt(
         r,
         this.client,
         i,
         c.toString(),
         a
-      ), w = await Pt(
+      ), _ = await Pt(
         r,
         this.client,
         p
       );
-      this.setTokensFromResponse(w);
-      const f = await this.getAccessToken(), _ = await (await gt(
+      this.setTokensFromResponse(_);
+      const f = await this.getAccessToken(), b = await (await gt(
         r,
         this.client,
         f
-      )).json(), h = {
-        sub: _.sub,
-        email: _.email,
-        name: _.name,
-        emailVerified: _.email_verified ?? !1,
-        pictureUrl: _.picture
+      )).json(), d = {
+        sub: b.sub,
+        email: b.email,
+        name: b.name,
+        emailVerified: b.email_verified ?? !1,
+        pictureUrl: b.picture
       };
-      x.setState({
+      L.setState({
         isAuthenticated: !0,
         isPending: !1,
-        profile: h
+        profile: d
       });
       const P = sessionStorage.getItem("redirect-to") ?? "/";
       return sessionStorage.removeItem("redirect-to"), P;
@@ -1000,9 +1002,10 @@ class Nt {
     this.client = {
       client_id: o,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.callbackUrlPath = ie(c, "/oauth/callback"), this.scopes = p ?? ["openid", "profile", "email"];
-    const w = ie(c, "/");
-    this.logoutRedirectUrlPath = w, this.redirectToAfterSignUp = a ?? w, this.redirectToAfterSignIn = r ?? w, this.redirectToAfterSignOut = i ?? w;
+    }, this.audience = n, this.issuer = e, this.relativeCallbackUrlPath = "/oauth/callback", this.absoluteCallbackUrlPath = ie(
+      c,
+      this.relativeCallbackUrlPath
+    ), this.scopes = p ?? ["openid", "profile", "email"], this.root = ie(c, "/"), this.logoutRedirectUrlPath = this.root, this.redirectToAfterSignUp = a ?? this.root, this.redirectToAfterSignIn = r ?? this.root, this.redirectToAfterSignOut = i ?? this.root;
   }
   async getAuthServer() {
     if (!this.authorizationServer) {
@@ -1030,7 +1033,7 @@ class Nt {
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
     };
-    x.setState({
+    L.setState({
       providerData: n
     });
   }
@@ -1057,10 +1060,10 @@ class Nt {
     sessionStorage.setItem(M, r);
     const c = new URL(
       a.authorization_endpoint
-    ), p = e.startsWith(window.location.origin) ? e.slice(window.location.origin.length) : e;
+    ), p = e.startsWith(window.location.origin) ? this.root !== "/" && e.startsWith(window.location.origin + this.root) ? e.slice(window.location.origin.length + this.root.length) : e.slice(window.location.origin.length) : e;
     sessionStorage.setItem("redirect-to", p);
-    const w = new URL(window.location.origin);
-    w.pathname = this.callbackUrlPath, w.search = "", c.searchParams.set("client_id", this.client.client_id), c.searchParams.set("redirect_uri", w.toString()), c.searchParams.set("response_type", "code"), c.searchParams.set("scope", this.scopes.join(" ")), c.searchParams.set("code_challenge", i), c.searchParams.set(
+    const _ = new URL(window.location.origin);
+    _.pathname = this.absoluteCallbackUrlPath, _.search = "", c.searchParams.set("client_id", this.client.client_id), c.searchParams.set("redirect_uri", _.toString()), c.searchParams.set("response_type", "code"), c.searchParams.set("scope", this.scopes.join(" ")), c.searchParams.set("code_challenge", i), c.searchParams.set(
       "code_challenge_method",
       o
     ), this.audience && c.searchParams.set("audience", this.audience), (v = this.onAuthorizationUrl) == null || v.call(this, c, {
@@ -1071,13 +1074,13 @@ class Nt {
     sessionStorage.setItem(q, f), c.searchParams.set("state", f), location.href = c.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer(), { providerData: n } = x.getState();
+    const e = await this.getAuthServer(), { providerData: n } = L.getState();
     if (!n)
       throw new R("User is not authenticated");
     const o = n;
     if (new Date(o.expiresOn) < /* @__PURE__ */ new Date()) {
       if (!o.refreshToken)
-        return x.setState({
+        return L.setState({
           isAuthenticated: !1,
           isPending: !1,
           profile: null,
@@ -1099,7 +1102,10 @@ class Nt {
       return o.accessToken;
   }
   getAuthenticationPlugin() {
-    return new Dt(this.callbackUrlPath, this.handleCallback);
+    return new Dt(
+      this.relativeCallbackUrlPath,
+      this.handleCallback
+    );
   }
 }
 const Vt = (t) => new Nt(t);