zudoku 0.45.0 → 0.46.0

package/lib/zudoku.auth-openid.js

@@ -1,16 +1,17 @@
-import { j as M } from "./jsx-runtime-C5mzlN2N.js";
-import { g as Pe, Z as Ue } from "./invariant-DAFpPywt.js";
-import { C as Le } from "./ClientOnly-E7hGysn1.js";
-import { d as xe, f as he, u as L } from "./hook-BwOB_iZo.js";
-import { A as Ce } from "./AuthenticationPlugin-UNaAuxNo.js";
-import { N as Ie } from "./chunk-BAXFHI7N-C9WnHsLV.js";
-import { a as je } from "./index-CT2PstvH.js";
-var z = { exports: {} }, Oe = z.exports, re;
-function ze() {
+import { j as L } from "./jsx-runtime-C5mzlN2N.js";
+import { g as Pe, Z as Le } from "./invariant-DAFpPywt.js";
+import { C as Ue } from "./ClientOnly-E7hGysn1.js";
+import { d as xe, l as fe, u as x } from "./hook-DawSLaZr.js";
+import { LogOutIcon as Ce } from "lucide-react";
+import { S as Ie, a as je, b as Oe } from "./SignUp-CWaiH0tY.js";
+import { N as ze } from "./chunk-BAXFHI7N-C9WnHsLV.js";
+import { useZudoku as Je } from "./zudoku.components.js";
+var J = { exports: {} }, De = J.exports, re;
+function Ne() {
   return re || (re = 1, function(t) {
     (function(e, n) {
       t.exports ? t.exports = n() : e.log = n();
-    })(Oe, function() {
+    })(De, function() {
       var e = function() {
       }, n = "undefined", o = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
         "trace",
@@ -19,8 +20,8 @@ function ze() {
         "warn",
         "error"
       ], r = {}, i = null;
-      function c(l, m) {
-        var u = l[m];
+      function c(l, g) {
+        var u = l[g];
         if (typeof u.bind == "function")
           return u.bind(l);
         try {
@@ -38,9 +39,9 @@ function ze() {
         return l === "debug" && (l = "log"), typeof console === n ? !1 : l === "trace" && o ? f : console[l] !== void 0 ? c(console, l) : console.log !== void 0 ? c(console, "log") : e;
       }
       function p() {
-        for (var l = this.getLevel(), m = 0; m < s.length; m++) {
-          var u = s[m];
-          this[u] = m < l ? e : this.methodFactory(u, l, this.name);
+        for (var l = this.getLevel(), g = 0; g < s.length; g++) {
+          var u = s[g];
+          this[u] = g < l ? e : this.methodFactory(u, l, this.name);
         }
         if (this.log = this.debug, typeof console === n && l < this.levels.SILENT)
           return "No console available for logging";
@@ -50,22 +51,22 @@ function ze() {
           typeof console !== n && (p.call(this), this[l].apply(this, arguments));
         };
       }
-      function b(l, m, u) {
+      function b(l, g, u) {
         return y(l) || A.apply(this, arguments);
       }
-      function h(l, m) {
-        var u = this, j, K, P, _ = "loglevel";
+      function h(l, g) {
+        var u = this, O, H, P, _ = "loglevel";
         typeof l == "string" ? _ += ":" + l : typeof l == "symbol" && (_ = void 0);
         function ke(d) {
-          var g = (s[d] || "silent").toUpperCase();
+          var m = (s[d] || "silent").toUpperCase();
           if (!(typeof window === n || !_)) {
             try {
-              window.localStorage[_] = g;
+              window.localStorage[_] = m;
               return;
             } catch {
             }
             try {
-              window.document.cookie = encodeURIComponent(_) + "=" + g + ";";
+              window.document.cookie = encodeURIComponent(_) + "=" + m + ";";
             } catch {
             }
           }
@@ -79,9 +80,9 @@ function ze() {
             }
             if (typeof d === n)
               try {
-                var g = window.document.cookie, O = encodeURIComponent(_), ne = g.indexOf(O + "=");
+                var m = window.document.cookie, z = encodeURIComponent(_), ne = m.indexOf(z + "=");
                 ne !== -1 && (d = /^([^;]+)/.exec(
-                  g.slice(ne + O.length + 1)
+                  m.slice(ne + z.length + 1)
                 )[1]);
               } catch {
               }
@@ -101,9 +102,9 @@ function ze() {
           }
         }
         function U(d) {
-          var g = d;
-          if (typeof g == "string" && u.levels[g.toUpperCase()] !== void 0 && (g = u.levels[g.toUpperCase()]), typeof g == "number" && g >= 0 && g <= u.levels.SILENT)
-            return g;
+          var m = d;
+          if (typeof m == "string" && u.levels[m.toUpperCase()] !== void 0 && (m = u.levels[m.toUpperCase()]), typeof m == "number" && m >= 0 && m <= u.levels.SILENT)
+            return m;
           throw new TypeError("log.setLevel() called with invalid level: " + d);
         }
         u.name = l, u.levels = {
@@ -113,12 +114,12 @@ function ze() {
           WARN: 3,
           ERROR: 4,
           SILENT: 5
-        }, u.methodFactory = m || b, u.getLevel = function() {
-          return P ?? K ?? j;
-        }, u.setLevel = function(d, g) {
-          return P = U(d), g !== !1 && ke(P), p.call(u);
+        }, u.methodFactory = g || b, u.getLevel = function() {
+          return P ?? H ?? O;
+        }, u.setLevel = function(d, m) {
+          return P = U(d), m !== !1 && ke(P), p.call(u);
         }, u.setDefaultLevel = function(d) {
-          K = U(d), ee() || u.setLevel(d, !1);
+          H = U(d), ee() || u.setLevel(d, !1);
         }, u.resetLevel = function() {
           P = null, Ee(), p.call(u);
         }, u.enableAll = function(d) {
@@ -126,21 +127,21 @@ function ze() {
         }, u.disableAll = function(d) {
           u.setLevel(u.levels.SILENT, d);
         }, u.rebuild = function() {
-          if (i !== u && (j = U(i.getLevel())), p.call(u), i === u)
+          if (i !== u && (O = U(i.getLevel())), p.call(u), i === u)
             for (var d in r)
               r[d].rebuild();
-        }, j = U(
+        }, O = U(
           i ? i.getLevel() : "WARN"
         );
         var te = ee();
         te != null && (P = U(te)), p.call(u);
       }
-      i = new h(), i.getLogger = function(m) {
-        if (typeof m != "symbol" && typeof m != "string" || m === "")
+      i = new h(), i.getLogger = function(g) {
+        if (typeof g != "symbol" && typeof g != "string" || g === "")
           throw new TypeError("You must supply a name when creating a logger.");
-        var u = r[m];
-        return u || (u = r[m] = new h(
-          m,
+        var u = r[g];
+        return u || (u = r[g] = new h(
+          g,
           i.methodFactory
         )), u;
       };
@@ -151,10 +152,10 @@ function ze() {
         return r;
       }, i.default = i, i;
     });
-  }(z)), z.exports;
+  }(J)), J.exports;
 }
-var Je = ze();
-const oe = /* @__PURE__ */ Pe(Je);
+var We = Ne();
+const oe = /* @__PURE__ */ Pe(We);
 let B;
 (typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (B = "oauth4webapi/v2.17.0");
 function V(t, e) {
@@ -166,19 +167,19 @@ function V(t, e) {
     return !1;
   }
 }
-const D = Symbol(), De = Symbol(), G = Symbol(), Ne = Symbol(), We = Symbol(), Ke = Symbol(), He = new TextEncoder(), $e = new TextDecoder();
+const N = Symbol(), Ke = Symbol(), G = Symbol(), He = Symbol(), $e = Symbol(), Fe = Symbol(), Me = new TextEncoder(), Be = new TextDecoder();
 function k(t) {
-  return typeof t == "string" ? He.encode(t) : $e.decode(t);
+  return typeof t == "string" ? Me.encode(t) : Be.decode(t);
 }
 const ie = 32768;
-function Fe(t) {
+function qe(t) {
   t instanceof ArrayBuffer && (t = new Uint8Array(t));
   const e = [];
   for (let n = 0; n < t.byteLength; n += ie)
     e.push(String.fromCharCode.apply(null, t.subarray(n, n + ie)));
   return btoa(e.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
-function Me(t) {
+function Ve(t) {
   try {
     const e = atob(t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(e.length);
     for (let o = 0; o < e.length; o++)
@@ -189,9 +190,9 @@ function Me(t) {
   }
 }
 function T(t) {
-  return typeof t == "string" ? Me(t) : Fe(t);
+  return typeof t == "string" ? Ve(t) : qe(t);
 }
-class Be {
+class Ge {
   constructor(e) {
     this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = e;
   }
@@ -220,33 +221,33 @@ class v extends Error {
     super(e ?? "operation not supported"), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
   }
 }
-class qe extends Error {
+class Ze extends Error {
   constructor(e, n) {
     super(e, n), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
   }
 }
-const a = qe, fe = new Be(100);
-function pe(t) {
+const a = Ze, pe = new Ge(100);
+function we(t) {
   return t instanceof CryptoKey;
 }
-function Ve(t) {
-  return pe(t) && t.type === "private";
+function Ye(t) {
+  return we(t) && t.type === "private";
 }
-function Ge(t) {
-  return pe(t) && t.type === "public";
+function Qe(t) {
+  return we(t) && t.type === "public";
 }
 function Z(t) {
   try {
     const e = t.headers.get("dpop-nonce");
-    e && fe.set(new URL(t.url).origin, e);
+    e && pe.set(new URL(t.url).origin, e);
   } catch {
   }
   return t;
 }
-function x(t) {
+function C(t) {
   return !(t === null || typeof t != "object" || Array.isArray(t));
 }
-function N(t) {
+function W(t) {
   V(t, Headers) && (t = Object.fromEntries(t.entries()));
   const e = new Headers(t);
   if (B && !e.has("user-agent") && e.set("user-agent", B), e.has("authorization"))
@@ -255,12 +256,12 @@ function N(t) {
     throw new TypeError('"options.headers" must not include the "dpop" header name');
   return e;
 }
-function Ze(t) {
+function Xe(t) {
   if (typeof t == "function" && (t = t()), !(t instanceof AbortSignal))
     throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
   return t;
 }
-async function Ye(t, e) {
+async function et(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"issuerIdentifier" must be an instance of URL');
   if (t.protocol !== "https:" && t.protocol !== "http:")
@@ -277,7 +278,7 @@ async function Ye(t, e) {
     default:
       throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
   }
-  const o = N(e?.headers);
+  const o = W(e?.headers);
   return o.set("accept", "application/json"), (e?.[G] || fetch)(n.href, {
     headers: Object.fromEntries(o.entries()),
     method: "GET",
@@ -288,7 +289,7 @@ async function Ye(t, e) {
 function w(t) {
   return typeof t == "string" && t.length !== 0;
 }
-async function Qe(t, e) {
+async function tt(t, e) {
   if (!(t instanceof URL))
     throw new TypeError('"expectedIssuer" must be an instance of URL');
   if (!V(e, Response))
@@ -302,7 +303,7 @@ async function Qe(t, e) {
   } catch (o) {
     throw new a('failed to parse "response" body as JSON', { cause: o });
   }
-  if (!x(n))
+  if (!C(n))
     throw new a('"response" body must be a top level object');
   if (!w(n.issuer))
     throw new a('"response" body "issuer" property must be a non-empty string');
@@ -313,13 +314,13 @@ async function Qe(t, e) {
 function Y() {
   return T(crypto.getRandomValues(new Uint8Array(32)));
 }
-function Xe() {
+function nt() {
   return Y();
 }
-function et() {
+function rt() {
   return Y();
 }
-async function tt(t) {
+async function ot(t) {
   if (!w(t))
     throw new TypeError('"codeVerifier" must be a non-empty string');
   return T(await crypto.subtle.digest("SHA-256", k(t)));
@@ -327,11 +328,11 @@ async function tt(t) {
 function se(t) {
   return encodeURIComponent(t).replace(/%20/g, "+");
 }
-function nt(t, e) {
+function it(t, e) {
   const n = se(t), o = se(e);
   return `Basic ${btoa(`${n}:${o}`)}`;
 }
-function rt(t) {
+function st(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "PS256";
@@ -343,7 +344,7 @@ function rt(t) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function ot(t) {
+function at(t) {
   switch (t.algorithm.hash.name) {
     case "SHA-256":
       return "RS256";
@@ -355,7 +356,7 @@ function ot(t) {
       throw new v("unsupported RsaHashedKeyAlgorithm hash name");
   }
 }
-function it(t) {
+function ct(t) {
   switch (t.algorithm.namedCurve) {
     case "P-256":
       return "ES256";
@@ -367,14 +368,14 @@ function it(t) {
       throw new v("unsupported EcKeyAlgorithm namedCurve");
   }
 }
-function st(t) {
+function ut(t) {
   switch (t.algorithm.name) {
     case "RSA-PSS":
-      return rt(t);
+      return st(t);
     case "RSASSA-PKCS1-v1_5":
-      return ot(t);
+      return at(t);
     case "ECDSA":
-      return it(t);
+      return ct(t);
     case "Ed25519":
     case "Ed448":
       return "EdDSA";
@@ -382,25 +383,25 @@ function st(t) {
       throw new v("unsupported CryptoKey algorithm name");
   }
 }
-function W(t) {
-  const e = t?.[D];
+function K(t) {
+  const e = t?.[N];
   return typeof e == "number" && Number.isFinite(e) ? e : 0;
 }
-function we(t) {
-  const e = t?.[De];
+function ge(t) {
+  const e = t?.[Ke];
   return typeof e == "number" && Number.isFinite(e) && Math.sign(e) !== -1 ? e : 30;
 }
 function Q() {
   return Math.floor(Date.now() / 1e3);
 }
-function C(t) {
+function I(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"as" must be an object');
   if (!w(t.issuer))
     throw new TypeError('"as.issuer" property must be a non-empty string');
   return !0;
 }
-function I(t) {
+function j(t) {
   if (typeof t != "object" || t === null)
     throw new TypeError('"client" must be an object');
   if (!w(t.client_id))
@@ -416,11 +417,11 @@ function ce(t, e) {
   if (e !== void 0)
     throw new TypeError(`"client.client_secret" property must not be provided when ${t} client authentication method is used.`);
 }
-async function at(t, e, n, o, s) {
+async function lt(t, e, n, o, s) {
   switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), e.token_endpoint_auth_method) {
     case void 0:
     case "client_secret_basic": {
-      o.set("authorization", nt(e.client_id, ae(e.client_secret)));
+      o.set("authorization", it(e.client_id, ae(e.client_secret)));
       break;
     }
     case "client_secret_post": {
@@ -439,26 +440,26 @@ async function at(t, e, n, o, s) {
       throw new v("unsupported client token_endpoint_auth_method");
   }
 }
-async function ct(t, e, n) {
+async function dt(t, e, n) {
   if (!n.usages.includes("sign"))
     throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
-  const o = `${T(k(JSON.stringify(t)))}.${T(k(JSON.stringify(e)))}`, s = T(await crypto.subtle.sign(Se(n), n, k(o)));
+  const o = `${T(k(JSON.stringify(t)))}.${T(k(JSON.stringify(e)))}`, s = T(await crypto.subtle.sign(Te(n), n, k(o)));
   return `${o}.${s}`;
 }
-async function ut(t, e, n, o, s, r) {
-  const { privateKey: i, publicKey: c, nonce: f = fe.get(n.origin) } = e;
-  if (!Ve(i))
+async function ht(t, e, n, o, s, r) {
+  const { privateKey: i, publicKey: c, nonce: f = pe.get(n.origin) } = e;
+  if (!Ye(i))
     throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
-  if (!Ge(c))
+  if (!Qe(c))
     throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
   if (f !== void 0 && !w(f))
     throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
   if (!c.extractable)
     throw new TypeError('"DPoP.publicKey.extractable" must be true');
   const y = Q() + s, p = {
-    alg: st(i),
+    alg: ut(i),
     typ: "dpop+jwt",
-    jwk: await dt(c)
+    jwk: await pt(c)
   }, A = {
     iat: y,
     jti: Y(),
@@ -467,15 +468,15 @@ async function ut(t, e, n, o, s, r) {
     htu: `${n.origin}${n.pathname}`,
     ath: r ? T(await crypto.subtle.digest("SHA-256", k(r))) : void 0
   };
-  e[Ne]?.(p, A), t.set("dpop", await ct(p, A, i));
+  e[He]?.(p, A), t.set("dpop", await dt(p, A, i));
 }
-let J;
-async function lt(t) {
+let D;
+async function ft(t) {
   const { kty: e, e: n, n: o, x: s, y: r, crv: i } = await crypto.subtle.exportKey("jwk", t), c = { kty: e, e: n, n: o, x: s, y: r, crv: i };
-  return J.set(t, c), c;
+  return D.set(t, c), c;
 }
-async function dt(t) {
-  return J || (J = /* @__PURE__ */ new WeakMap()), J.get(t) || lt(t);
+async function pt(t) {
+  return D || (D = /* @__PURE__ */ new WeakMap()), D.get(t) || ft(t);
 }
 function ue(t, e, n) {
   if (typeof t != "string")
@@ -485,36 +486,36 @@ function ue(t, e, n) {
 function me(t, e, n = !1) {
   return n && t.mtls_endpoint_aliases && e in t.mtls_endpoint_aliases ? ue(t.mtls_endpoint_aliases[e], e, n) : ue(t[e], e, n);
 }
-function ge(t, e) {
-  return !!(t.use_mtls_endpoint_aliases || e?.[Ke]);
+function ye(t, e) {
+  return !!(t.use_mtls_endpoint_aliases || e?.[Fe]);
 }
 function q(t) {
   const e = t;
   return typeof e != "object" || Array.isArray(e) || e === null ? !1 : e.error !== void 0;
 }
-async function ht(t, e, n, o, s, r) {
+async function wt(t, e, n, o, s, r) {
   if (!w(t))
     throw new TypeError('"accessToken" must be a non-empty string');
   if (!(n instanceof URL))
     throw new TypeError('"url" must be an instance of URL');
-  return o = N(o), r?.DPoP === void 0 ? o.set("authorization", `Bearer ${t}`) : (await ut(o, r.DPoP, n, e.toUpperCase(), W({ [D]: r?.[D] }), t), o.set("authorization", `DPoP ${t}`)), (r?.[G] || fetch)(n.href, {
+  return o = W(o), r?.DPoP === void 0 ? o.set("authorization", `Bearer ${t}`) : (await ht(o, r.DPoP, n, e.toUpperCase(), K({ [N]: r?.[N] }), t), o.set("authorization", `DPoP ${t}`)), (r?.[G] || fetch)(n.href, {
     body: s,
     headers: Object.fromEntries(o.entries()),
     method: e,
     redirect: "manual",
-    signal: r?.signal ? Ze(r.signal) : null
+    signal: r?.signal ? Xe(r.signal) : null
   }).then(Z);
 }
-async function ft(t, e, n, o) {
-  C(t), I(e);
-  const s = me(t, "userinfo_endpoint", ge(e, o)), r = N(o?.headers);
-  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), ht(n, "GET", s, r, null, {
+async function gt(t, e, n, o) {
+  I(t), j(e);
+  const s = me(t, "userinfo_endpoint", ye(e, o)), r = W(o?.headers);
+  return e.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), wt(n, "GET", s, r, null, {
     ...o,
-    [D]: W(e)
+    [N]: K(e)
   });
 }
-async function pt(t, e, n, o, s, r, i) {
-  return await at(t, e, s, r), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), (i?.[G] || fetch)(o.href, {
+async function mt(t, e, n, o, s, r, i) {
+  return await lt(t, e, s, r), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), (i?.[G] || fetch)(o.href, {
     body: s,
     headers: Object.fromEntries(r.entries()),
     method: n,
@@ -522,33 +523,33 @@ async function pt(t, e, n, o, s, r, i) {
     signal: null
   }).then(Z);
 }
-async function ye(t, e, n, o, s) {
-  const r = me(t, "token_endpoint", ge(e, s));
+async function be(t, e, n, o, s) {
+  const r = me(t, "token_endpoint", ye(e, s));
   o.set("grant_type", n);
-  const i = N(s?.headers);
-  return i.set("accept", "application/json"), pt(t, e, "POST", r, o, i, s);
+  const i = W(s?.headers);
+  return i.set("accept", "application/json"), mt(t, e, "POST", r, o, i, s);
 }
-async function wt(t, e, n, o) {
-  if (C(t), I(e), !w(n))
+async function yt(t, e, n, o) {
+  if (I(t), j(e), !w(n))
     throw new TypeError('"refreshToken" must be a non-empty string');
   const s = new URLSearchParams(o?.additionalParameters);
-  return s.set("refresh_token", n), ye(t, e, "refresh_token", s, o);
+  return s.set("refresh_token", n), be(t, e, "refresh_token", s, o);
 }
-const be = /* @__PURE__ */ new WeakMap();
-function mt(t) {
+const _e = /* @__PURE__ */ new WeakMap();
+function bt(t) {
   if (!t.id_token)
     return;
-  const e = be.get(t);
+  const e = _e.get(t);
   if (!e)
     throw new TypeError('"ref" was already garbage collected or did not resolve from the proper sources');
   return e[0];
 }
-async function _e(t, e, n, o = !1, s = !1) {
-  if (C(t), I(e), !V(n, Response))
+async function ve(t, e, n, o = !1, s = !1) {
+  if (I(t), j(e), !V(n, Response))
     throw new TypeError('"response" must be an instance of Response');
   if (n.status !== 200) {
     let i;
-    if (i = await Et(n))
+    if (i = await Lt(n))
       return i;
     throw new a('"response" is not a conform Token Endpoint response');
   }
@@ -559,7 +560,7 @@ async function _e(t, e, n, o = !1, s = !1) {
   } catch (i) {
     throw new a('failed to parse "response" body as JSON', { cause: i });
   }
-  if (!x(r))
+  if (!C(r))
     throw new a('"response" body must be a top level object');
   if (!w(r.access_token))
     throw new a('"response" body "access_token" property must be a non-empty string');
@@ -577,7 +578,7 @@ async function _e(t, e, n, o = !1, s = !1) {
     if (r.id_token !== void 0 && !w(r.id_token))
       throw new a('"response" body "id_token" property must be a non-empty string');
     if (r.id_token) {
-      const { claims: i, jwt: c } = await Ut(r.id_token, Lt.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Te, W(e), we(e), e[We]).then(Tt.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(bt.bind(void 0, t.issuer)).then(yt.bind(void 0, e.client_id));
+      const { claims: i, jwt: c } = await Ct(r.id_token, It.bind(void 0, e.id_token_signed_response_alg, t.id_token_signing_alg_values_supported), Ae, K(e), ge(e), e[$e]).then(Et.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(St.bind(void 0, t.issuer)).then(vt.bind(void 0, e.client_id));
       if (Array.isArray(i.aud) && i.aud.length !== 1) {
         if (i.azp === void 0)
           throw new a('ID Token "aud" (audience) claim includes additional untrusted audiences');
@@ -586,15 +587,15 @@ async function _e(t, e, n, o = !1, s = !1) {
       }
       if (i.auth_time !== void 0 && (!Number.isFinite(i.auth_time) || Math.sign(i.auth_time) !== 1))
         throw new a('ID Token "auth_time" (authentication time) must be a positive number');
-      be.set(r, [i, c]);
+      _e.set(r, [i, c]);
     }
   }
   return r;
 }
-async function gt(t, e, n) {
-  return _e(t, e, n);
+async function _t(t, e, n) {
+  return ve(t, e, n);
 }
-function yt(t, e) {
+function vt(t, e) {
   if (Array.isArray(e.claims.aud)) {
     if (!e.claims.aud.includes(t))
       throw new a('unexpected JWT "aud" (audience) claim value');
@@ -602,17 +603,17 @@ function yt(t, e) {
     throw new a('unexpected JWT "aud" (audience) claim value');
   return e;
 }
-function bt(t, e) {
+function St(t, e) {
   if (e.claims.iss !== t)
     throw new a('unexpected JWT "iss" (issuer) claim value');
   return e;
 }
-const ve = /* @__PURE__ */ new WeakSet();
-function _t(t) {
-  return ve.add(t), t;
+const Se = /* @__PURE__ */ new WeakSet();
+function Tt(t) {
+  return Se.add(t), t;
 }
-async function vt(t, e, n, o, s, r) {
-  if (C(t), I(e), !ve.has(n))
+async function At(t, e, n, o, s, r) {
+  if (I(t), j(e), !Se.has(n))
     throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
   if (!w(o))
     throw new TypeError('"redirectUri" must be a non-empty string');
@@ -622,9 +623,9 @@ async function vt(t, e, n, o, s, r) {
   if (!i)
     throw new a('no authorization code in "callbackParameters"');
   const c = new URLSearchParams(r?.additionalParameters);
-  return c.set("redirect_uri", o), c.set("code_verifier", s), c.set("code", i), ye(t, e, "authorization_code", c, r);
+  return c.set("redirect_uri", o), c.set("code_verifier", s), c.set("code", i), be(t, e, "authorization_code", c, r);
 }
-const St = {
+const kt = {
   aud: "audience",
   c_hash: "code hash",
   client_id: "client id",
@@ -640,33 +641,33 @@ const St = {
   htu: "http uri",
   cnf: "confirmation"
 };
-function Tt(t, e) {
+function Et(t, e) {
   for (const n of t)
     if (e.claims[n] === void 0)
-      throw new a(`JWT "${n}" (${St[n]}) claim missing`);
+      throw new a(`JWT "${n}" (${kt[n]}) claim missing`);
   return e;
 }
-const At = Symbol(), H = Symbol();
-async function kt(t, e, n, o, s) {
-  const r = await _e(t, e, n);
+const Rt = Symbol(), $ = Symbol();
+async function Pt(t, e, n, o, s) {
+  const r = await ve(t, e, n);
   if (q(r))
     return r;
   if (!w(r.id_token))
     throw new a('"response" body "id_token" property must be a non-empty string');
-  s ?? (s = e.default_max_age ?? H);
-  const i = mt(r);
-  if ((e.require_auth_time || s !== H) && i.auth_time === void 0)
+  s ?? (s = e.default_max_age ?? $);
+  const i = bt(r);
+  if ((e.require_auth_time || s !== $) && i.auth_time === void 0)
     throw new a('ID Token "auth_time" (authentication time) claim missing');
-  if (s !== H) {
+  if (s !== $) {
     if (typeof s != "number" || s < 0)
       throw new TypeError('"maxAge" must be a non-negative number');
-    const c = Q() + W(e), f = we(e);
+    const c = Q() + K(e), f = ge(e);
     if (i.auth_time + s < c - f)
       throw new a("too much time has elapsed since the last End-User authentication");
   }
   switch (o) {
     case void 0:
-    case At:
+    case Rt:
       if (i.nonce !== void 0)
         throw new a('unexpected ID Token "nonce" claim value');
       break;
@@ -684,12 +685,12 @@ function X(t) {
   if (t.bodyUsed)
     throw new TypeError('"response" body has been used already');
 }
-async function Et(t) {
+async function Lt(t) {
   if (t.status > 399 && t.status < 500) {
     X(t);
     try {
       const e = await t.json();
-      if (x(e) && typeof e.error == "string" && e.error.length)
+      if (C(e) && typeof e.error == "string" && e.error.length)
         return e.error_description !== void 0 && typeof e.error_description != "string" && delete e.error_description, e.error_uri !== void 0 && typeof e.error_uri != "string" && delete e.error_uri, e.algs !== void 0 && typeof e.algs != "string" && delete e.algs, e.scope !== void 0 && typeof e.scope != "string" && delete e.scope, e;
     } catch {
     }
@@ -699,7 +700,7 @@ function le(t) {
   if (typeof t.modulusLength != "number" || t.modulusLength < 2048)
     throw new a(`${t.name} modulusLength must be at least 2048 bits`);
 }
-function Rt(t) {
+function Ut(t) {
   switch (t) {
     case "P-256":
       return "SHA-256";
@@ -711,12 +712,12 @@ function Rt(t) {
       throw new v();
   }
 }
-function Se(t) {
+function Te(t) {
   switch (t.algorithm.name) {
     case "ECDSA":
       return {
         name: t.algorithm.name,
-        hash: Rt(t.algorithm.namedCurve)
+        hash: Ut(t.algorithm.namedCurve)
       };
     case "RSA-PSS":
       switch (le(t.algorithm), t.algorithm.hash.name) {
@@ -738,13 +739,13 @@ function Se(t) {
   }
   throw new v();
 }
-const Te = Symbol();
-async function Pt(t, e, n, o) {
+const Ae = Symbol();
+async function xt(t, e, n, o) {
   const s = `${t}.${e}`;
-  if (!await crypto.subtle.verify(Se(n), n, o, k(s)))
+  if (!await crypto.subtle.verify(Te(n), n, o, k(s)))
     throw new a("JWT signature verification failed");
 }
-async function Ut(t, e, n, o, s, r) {
+async function Ct(t, e, n, o, s, r) {
   let { 0: i, 1: c, 2: f, length: y } = t.split(".");
   if (y === 5)
     if (r !== void 0)
@@ -759,20 +760,20 @@ async function Ut(t, e, n, o, s, r) {
   } catch (l) {
     throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: l });
   }
-  if (!x(p))
+  if (!C(p))
     throw new a("JWT Header must be a top level object");
   if (e(p), p.crit !== void 0)
     throw new a('unexpected JWT "crit" header parameter');
   const A = T(f);
   let b;
-  n !== Te && (b = await n(p), await Pt(i, c, b, A));
+  n !== Ae && (b = await n(p), await xt(i, c, b, A));
   let h;
   try {
     h = JSON.parse(k(T(c)));
   } catch (l) {
     throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: l });
   }
-  if (!x(h))
+  if (!C(h))
     throw new a("JWT Payload must be a top level object");
   const R = Q() + o;
   if (h.exp !== void 0) {
@@ -795,7 +796,7 @@ async function Ut(t, e, n, o, s, r) {
     throw new a('unexpected JWT "aud" (audience) claim type');
   return { header: p, claims: h, signature: A, key: b, jwt: t };
 }
-function Lt(t, e, n) {
+function It(t, e, n) {
   if (t !== void 0) {
     if (n.alg !== t)
       throw new a('unexpected JWT "alg" header parameter');
@@ -815,9 +816,9 @@ function S(t, e) {
     throw new a(`"${e}" parameter must be provided only once`);
   return n;
 }
-const xt = Symbol(), Ct = Symbol();
-function It(t, e, n, o) {
-  if (C(t), I(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
+const jt = Symbol(), Ot = Symbol();
+function zt(t, e, n, o) {
+  if (I(t), j(e), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
     throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
   if (S(n, "response"))
     throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
@@ -828,11 +829,11 @@ function It(t, e, n, o) {
     throw new a('unexpected "iss" (issuer) response parameter value');
   switch (o) {
     case void 0:
-    case Ct:
+    case Ot:
       if (r !== void 0)
         throw new a('unexpected "state" response parameter encountered');
       break;
-    case xt:
+    case jt:
       break;
     default:
       if (!w(o))
@@ -852,28 +853,65 @@ function It(t, e, n, o) {
   const c = S(n, "id_token"), f = S(n, "token");
   if (c !== void 0 || f !== void 0)
     throw new v("implicit and hybrid flows are not supported");
-  return _t(new URLSearchParams(n));
+  return Tt(new URLSearchParams(n));
 }
-function jt(t, e, n = "/") {
+class Jt {
+  getRoutes() {
+    return [
+      {
+        path: "/signout",
+        element: /* @__PURE__ */ L.jsx(Ie, {})
+      },
+      {
+        path: "/signin",
+        element: /* @__PURE__ */ L.jsx(je, {})
+      },
+      {
+        path: "/signup",
+        element: /* @__PURE__ */ L.jsx(Oe, {})
+      }
+    ];
+  }
+  async getSidebar(e) {
+    return e.startsWith("/settings") ? [
+      {
+        type: "link",
+        label: "Logout",
+        href: "/signout"
+      }
+    ] : [];
+  }
+  getProfileMenuItems() {
+    return [
+      {
+        label: "Logout",
+        path: "/signout",
+        category: "bottom",
+        icon: Ce
+      }
+    ];
+  }
+}
+function Dt(t, e, n = "/") {
   return t.startsWith(e) ? n !== "/" && t.startsWith(e + n) ? t.slice(e.length + n.length) : t.slice(e.length) : t;
 }
-function Ot({
+function Nt({
   handleCallback: t
 }) {
-  const { options: e } = je(), n = xe({
+  const { options: e } = Je(), n = xe({
     retry: !1,
     queryKey: ["oauth-callback"],
     queryFn: async () => {
       try {
-        return he(
-          jt(
+        return fe(
+          Dt(
             await t(),
             window.location.origin,
             e.basePath
           )
         );
       } catch (o) {
-        throw new Ue("Could not validate user", {
+        throw new Le("Could not validate user", {
           cause: o,
           title: "Authentication Error",
           developerHint: "Check the configuration of your authorization provider and ensure all settings such as the callback URL are configured correctly."
@@ -881,7 +919,7 @@ function Ot({
       }
     }
   });
-  return /* @__PURE__ */ M.jsx(Ie, { to: n.data });
+  return /* @__PURE__ */ L.jsx(ze, { to: n.data });
 }
 class E extends Error {
 }
@@ -890,22 +928,8 @@ class de extends E {
     super(e, o), this.error = n;
   }
 }
-const $ = "code-verifier", F = "oauth-state", Ae = "/oauth/callback";
-class zt extends Ce {
-  constructor(e) {
-    super(), this.handleCallback = e;
-  }
-  getRoutes() {
-    return [
-      ...super.getRoutes(),
-      {
-        path: Ae,
-        element: /* @__PURE__ */ M.jsx(Le, { children: /* @__PURE__ */ M.jsx(Ot, { handleCallback: this.handleCallback }) })
-      }
-    ];
-  }
-}
-class Jt {
+const F = "code-verifier", M = "oauth-state", he = "/oauth/callback";
+class Wt extends Jt {
   client;
   issuer;
   authorizationServer;
@@ -926,15 +950,15 @@ class Jt {
     basePath: c,
     scopes: f
   }) {
-    this.client = {
+    super(), this.client = {
       client_id: o,
       token_endpoint_auth_method: "none"
-    }, this.audience = n, this.issuer = e, this.callbackUrlPath = he(c, Ae), this.scopes = f ?? ["openid", "profile", "email"], this.redirectToAfterSignUp = s, this.redirectToAfterSignIn = r, this.redirectToAfterSignOut = i;
+    }, this.audience = n, this.issuer = e, this.callbackUrlPath = fe(c, he), this.scopes = f ?? ["openid", "profile", "email"], this.redirectToAfterSignUp = s, this.redirectToAfterSignIn = r, this.redirectToAfterSignOut = i;
   }
   async getAuthServer() {
     if (!this.authorizationServer) {
-      const e = new URL(this.issuer), n = await Ye(e);
-      this.authorizationServer = await Qe(
+      const e = new URL(this.issuer), n = await et(e);
+      this.authorizationServer = await tt(
         e,
         n
       );
@@ -957,7 +981,7 @@ class Jt {
       expiresOn: new Date(Date.now() + e.expires_in * 1e3),
       tokenType: e.token_type
     };
-    L.setState({
+    x.setState({
       providerData: n
     });
   }
@@ -979,8 +1003,8 @@ class Jt {
     const o = "S256", s = await this.getAuthServer();
     if (!s.authorization_endpoint)
       throw new E("No authorization endpoint");
-    const r = Xe(), i = await tt(r);
-    sessionStorage.setItem($, r);
+    const r = nt(), i = await ot(r);
+    sessionStorage.setItem(F, r);
     const c = new URL(
       s.authorization_endpoint
     );
@@ -993,27 +1017,27 @@ class Jt {
       isSignIn: !n,
       isSignUp: n
     });
-    const y = et();
-    sessionStorage.setItem(F, y), c.searchParams.set("state", y), location.href = c.href;
+    const y = rt();
+    sessionStorage.setItem(M, y), c.searchParams.set("state", y), location.href = c.href;
   }
   async getAccessToken() {
-    const e = await this.getAuthServer(), { providerData: n } = L.getState();
+    const e = await this.getAuthServer(), { providerData: n } = x.getState();
     if (!n)
       throw new E("User is not authenticated");
     const o = n;
     if (new Date(o.expiresOn) < /* @__PURE__ */ new Date()) {
       if (!o.refreshToken)
-        return L.setState({
+        return x.setState({
           isAuthenticated: !1,
           isPending: !1,
           profile: null,
           providerData: null
         }), "";
-      const s = await wt(
+      const s = await yt(
         e,
         this.client,
         o.refreshToken
-      ), r = await gt(
+      ), r = await _t(
         e,
         this.client,
         s
@@ -1029,7 +1053,7 @@ class Jt {
     return e.headers.set("Authorization", `Bearer ${n}`), e;
   };
   signOut = async () => {
-    L.setState({
+    x.setState({
       isAuthenticated: !1,
       isPending: !1,
       profile: void 0,
@@ -1046,13 +1070,13 @@ class Jt {
     )) : o = n;
   };
   handleCallback = async () => {
-    const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(F);
-    if (sessionStorage.removeItem(F), n !== o)
+    const e = new URL(window.location.href), n = e.searchParams.get("state"), o = sessionStorage.getItem(M);
+    if (sessionStorage.removeItem(M), n !== o)
       throw new E("Invalid state parameter");
-    const s = sessionStorage.getItem($);
-    if (sessionStorage.removeItem($), !s)
+    const s = sessionStorage.getItem(F);
+    if (sessionStorage.removeItem(F), !s)
       throw new E("No code verifier found in state.");
-    const r = await this.getAuthServer(), i = It(
+    const r = await this.getAuthServer(), i = zt(
       r,
       this.client,
       e.searchParams,
@@ -1065,19 +1089,19 @@ class Jt {
       );
     const c = new URL(e);
     c.pathname = this.callbackUrlPath, c.search = "";
-    const f = await vt(
+    const f = await At(
       r,
       this.client,
       i,
       c.toString(),
       s
-    ), y = await kt(
+    ), y = await Pt(
       r,
       this.client,
       f
     );
     this.setTokensFromResponse(y);
-    const p = await this.getAccessToken(), b = await (await ft(
+    const p = await this.getAccessToken(), b = await (await gt(
       r,
       this.client,
       p
@@ -1088,7 +1112,7 @@ class Jt {
       emailVerified: b.email_verified ?? !1,
       pictureUrl: b.picture
     };
-    L.setState({
+    x.setState({
       isAuthenticated: !0,
       isPending: !1,
       profile: h
@@ -1096,14 +1120,20 @@ class Jt {
     const R = sessionStorage.getItem("redirect-to") ?? "/";
     return sessionStorage.removeItem("redirect-to"), R;
   };
-  getAuthenticationPlugin() {
-    return new zt(this.handleCallback);
+  getRoutes() {
+    return [
+      ...super.getRoutes(),
+      {
+        path: he,
+        element: /* @__PURE__ */ L.jsx(Ue, { children: /* @__PURE__ */ L.jsx(Nt, { handleCallback: this.handleCallback }) })
+      }
+    ];
   }
 }
-const Mt = (t) => new Jt(t);
+const Gt = (t) => new Wt(t);
 export {
-  Ae as OPENID_CALLBACK_PATH,
-  Jt as OpenIDAuthenticationProvider,
-  Mt as default
+  he as OPENID_CALLBACK_PATH,
+  Wt as OpenIDAuthenticationProvider,
+  Gt as default
 };
 //# sourceMappingURL=zudoku.auth-openid.js.map