"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[330],{67176:(e,t,n)=>{let r,o,i,a,s,c,l,u,h;n.d(t,{WB:()=>ik,y2:()=>iv});var d=n(12115),p=function(e,t){return(p=Object.setPrototypeOf||({__proto__:[]})instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])})(e,t)},f=function(){return(f=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e}).apply(this,arguments)};function m(e,t){var n={};for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&0>t.indexOf(r)&&(n[r]=e[r]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols)for(var o=0,r=Object.getOwnPropertySymbols(e);o<r.length;o++)0>t.indexOf(r[o])&&Object.prototype.propertyIsEnumerable.call(e,r[o])&&(n[r[o]]=e[r[o]]);return n}function y(e,t,n,r){return new(n||(n=Promise))(function(o,i){function a(e){try{c(r.next(e))}catch(e){i(e)}}function s(e){try{c(r.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?o(e.value):((t=e.value)instanceof n?t:new n(function(e){e(t)})).then(a,s)}c((r=r.apply(e,t||[])).next())})}function g(e,t){var n,r,o,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]},a=Object.create(("function"==typeof Iterator?Iterator:Object).prototype);return a.next=s(0),a.throw=s(1),a.return=s(2),"function"==typeof Symbol&&(a[Symbol.iterator]=function(){return this}),a;function s(s){return function(c){var l=[s,c];if(n)throw TypeError("Generator is already executing.");for(;a&&(a=0,l[0]&&(i=0)),i;)try{if(n=1,r&&(o=2&l[0]?r.return:l[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,l[1])).done)return o;switch(r=0,o&&(l=[2&l[0],o.value]),l[0]){case 0:case 1:o=l;break;case 4:return i.label++,{value:l[1],done:!1};case 5:i.label++,r=l[1],l=[0];continue;case 7:l=i.ops.pop(),i.trys.pop();continue;default:if(!(o=(o=i.trys).length>0&&o[o.length-1])&&(6===l[0]||2===l[0])){i=0;continue}if(3===l[0]&&(!o||l[1]>o[0]&&l[1]<o[3])){i.label=l[1];break}if(6===l[0]&&i.label<o[1]){i.label=o[1],o=l;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(l);break}o[2]&&i.ops.pop(),i.trys.pop();continue}l=t.call(e,i)}catch(e){l=[6,e],r=0}finally{n=o=0}if(5&l[0])throw l[1];return{value:l[0]?l[1]:void 0,done:!0}}}}function w(e,t){var n={};for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&0>t.indexOf(r)&&(n[r]=e[r]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var o=0;for(r=Object.getOwnPropertySymbols(e);o<r.length;o++)0>t.indexOf(r[o])&&Object.prototype.propertyIsEnumerable.call(e,r[o])&&(n[r[o]]=e[r[o]])}return n}function b(e,t){this.v=e,this.k=t}function v(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++)r[n]=e[n];return r}function k(e,t,n){if("function"==typeof e?e===t:e.has(t))return arguments.length<3?t:n;throw TypeError("Private element is not present on this object")}function _(e,t){if(t.has(e))throw TypeError("Cannot initialize the same private elements twice on an object")}function S(e,t){return e.get(k(e,t))}function T(e,t,n){_(e,t),t.set(e,n)}function E(e,t,n){return e.set(k(e,t),n),n}function P(e,t,n){var r;return(t="symbol"==typeof(r=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;throw TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(t,"string"))?r:r+"")in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function A(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),n.push.apply(n,r)}return n}function R(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?A(Object(n),!0).forEach(function(t){P(e,t,n[t])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):A(Object(n)).forEach(function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))})}return e}function I(e,t){if(null==e)return{};var n,r,o=function(e,t){if(null==e)return{};var n={};for(var r in e)if(({}).hasOwnProperty.call(e,r)){if(-1!==t.indexOf(r))continue;n[r]=e[r]}return n}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r<i.length;r++)n=i[r],-1===t.indexOf(n)&&({}).propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}function C(e,t){return function(e){if(Array.isArray(e))return e}(e)||function(e,t){var n=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=n){var r,o,i,a,s=[],c=!0,l=!1;try{if(i=(n=n.call(e)).next,0===t){if(Object(n)!==n)return;c=!1}else for(;!(c=(r=i.call(n)).done)&&(s.push(r.value),s.length!==t);c=!0);}catch(e){l=!0,o=e}finally{try{if(!c&&null!=n.return&&(a=n.return(),Object(a)!==a))return}finally{if(l)throw o}}return s}}(e,t)||function(e,t){if(e){if("string"==typeof e)return v(e,t);var n=({}).toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?v(e,t):void 0}}(e,t)||function(){throw TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function x(e){var t,n;function r(t,n){try{var i=e[t](n),a=i.value,s=a instanceof b;Promise.resolve(s?a.v:a).then(function(n){if(s){var c="return"===t&&a.k?t:"next";if(!a.k||n.done)return r(c,n);n=e[c](n).value}o(!!i.done,n)},function(e){r("throw",e)})}catch(e){o(2,e)}}function o(e,o){2===e?t.reject(o):t.resolve({value:o,done:e}),(t=t.next)?r(t.key,t.arg):n=null}this._invoke=function(e,o){return new Promise(function(i,a){var s={key:e,arg:o,resolve:i,reject:a,next:null};n?n=n.next=s:(t=n=s,r(e,o))})},"function"!=typeof e.return&&(this.return=void 0)}"function"==typeof SuppressedError&&SuppressedError,"function"==typeof SuppressedError&&SuppressedError,x.prototype["function"==typeof Symbol&&Symbol.asyncIterator||"@@asyncIterator"]=function(){return this},x.prototype.next=function(e){return this._invoke("next",e)},x.prototype.throw=function(e){return this._invoke("throw",e)},x.prototype.return=function(e){return this._invoke("return",e)};let O={timeoutInSeconds:60},j="memory",W={name:"auth0-spa-js",version:"2.20.0"},U=()=>Date.now(),K="default";class L extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,L.prototype)}static fromPayload(e){return new L(e.error,e.error_description)}}class N extends L{constructor(e,t,n){let r=arguments.length>3&&void 0!==arguments[3]?arguments[3]:null;super(e,t),this.state=n,this.appState=r,Object.setPrototypeOf(this,N.prototype)}}class D extends L{constructor(e,t,n,r){let o=arguments.length>4&&void 0!==arguments[4]?arguments[4]:null;super(e,t),this.connection=n,this.state=r,this.appState=o,Object.setPrototypeOf(this,D.prototype)}}class H extends L{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,H.prototype)}}class Z extends H{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,Z.prototype)}}class J extends L{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,J.prototype)}}class z extends L{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,z.prototype)}}class M extends L{constructor(e,t,n,r){super(e,t),this.mfa_token=n,this.mfa_requirements=r,Object.setPrototypeOf(this,M.prototype)}}class X extends L{constructor(e,t){super("missing_refresh_token","Missing Refresh Token (audience: '".concat(F(e,["default"]),"', scope: '").concat(F(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,X.prototype)}}class G extends L{constructor(e,t){super("missing_scopes","Missing requested scopes after refresh (audience: '".concat(F(e,["default"]),"', missing scope: '").concat(F(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,G.prototype)}}class V extends L{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,V.prototype)}}function F(e){return e&&!(arguments.length>1&&void 0!==arguments[1]?arguments[1]:[]).includes(e)?e:""}let Y=()=>window.crypto,B=()=>{let e="";for(;e.length<43;)for(let t of Y().getRandomValues(new Uint8Array(43-e.length)))e.length<43&&t<198&&(e+="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~."[t%66]);return e},q=e=>btoa(e),Q=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],$=function(e){let t=arguments.length>1&&void 0!==arguments[1]&&arguments[1];return Object.keys(e).reduce((n,r)=>{if(t&&"env"===r)return n;let o=Q.find(e=>e.key===r);return o&&o.type.includes(typeof e[r])&&(n[r]=e[r]),n},{})},ee=e=>new URLSearchParams((e=>Object.keys(e).filter(t=>void 0!==e[t]).reduce((t,n)=>Object.assign(Object.assign({},t),{[n]:e[n]}),{}))(Object.assign({client_id:e.clientId},w(e,["clientId"])))).toString(),et=async e=>{let t=Y().subtle.digest({name:"SHA-256"},(new TextEncoder).encode(e));return await t},en=e=>decodeURIComponent(atob(e.replace(/_/g,"/").replace(/-/g,"+")).split("").map(e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),er=e=>{let t=new Uint8Array(e);return(e=>{let t={"+":"-","/":"_","=":""};return e.replace(/[+/=]/g,e=>t[e])})(window.btoa(String.fromCharCode(...Array.from(t))))};var eo="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:void 0!==n.g?n.g:"undefined"!=typeof self?self:{},ei={},ea={};Object.defineProperty(ea,"__esModule",{value:!0});var es=function(){function e(){var e=this;this.locked=new Map,this.addToLocked=function(t,n){var r=e.locked.get(t);void 0===r?void 0===n?e.locked.set(t,[]):e.locked.set(t,[n]):void 0!==n&&(r.unshift(n),e.locked.set(t,r))},this.isLocked=function(t){return e.locked.has(t)},this.lock=function(t){return new Promise(function(n,r){e.isLocked(t)?e.addToLocked(t,n):(e.addToLocked(t),n())})},this.unlock=function(t){var n=e.locked.get(t);if(void 0!==n&&0!==n.length){var r=n.pop();e.locked.set(t,n),void 0!==r&&setTimeout(r,0)}else e.locked.delete(t)}}return e.getInstance=function(){return void 0===e.instance&&(e.instance=new e),e.instance},e}();ea.default=function(){return es.getInstance()};var ec=eo&&eo.__awaiter||function(e,t,n,r){return new(n||(n=Promise))(function(o,i){function a(e){try{c(r.next(e))}catch(e){i(e)}}function s(e){try{c(r.throw(e))}catch(e){i(e)}}function c(e){e.done?o(e.value):new n(function(t){t(e.value)}).then(a,s)}c((r=r.apply(e,t||[])).next())})},el=eo&&eo.__generator||function(e,t){var n,r,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function s(i){return function(s){var c=[i,s];if(n)throw TypeError("Generator is already executing.");for(;a;)try{if(n=1,r&&(o=2&c[0]?r.return:c[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,c[1])).done)return o;switch(r=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return a.label++,{value:c[1],done:!1};case 5:a.label++,r=c[1],c=[0];continue;case 7:c=a.ops.pop(),a.trys.pop();continue;default:if(!(o=(o=a.trys).length>0&&o[o.length-1])&&(6===c[0]||2===c[0])){a=0;continue}if(3===c[0]&&(!o||c[1]>o[0]&&c[1]<o[3])){a.label=c[1];break}if(6===c[0]&&a.label<o[1]){a.label=o[1],o=c;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(c);break}o[2]&&a.ops.pop(),a.trys.pop();continue}c=t.call(e,a)}catch(e){c=[6,e],r=0}finally{n=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}}};Object.defineProperty(ei,"__esModule",{value:!0});var eu="browser-tabs-lock-key",eh={key:function(e){return ec(eo,void 0,void 0,function(){return el(this,function(e){throw Error("Unsupported")})})},getItem:function(e){return ec(eo,void 0,void 0,function(){return el(this,function(e){throw Error("Unsupported")})})},clear:function(){return ec(eo,void 0,void 0,function(){return el(this,function(e){return[2,window.localStorage.clear()]})})},removeItem:function(e){return ec(eo,void 0,void 0,function(){return el(this,function(e){throw Error("Unsupported")})})},setItem:function(e,t){return ec(eo,void 0,void 0,function(){return el(this,function(e){throw Error("Unsupported")})})},keySync:function(e){return window.localStorage.key(e)},getItemSync:function(e){return window.localStorage.getItem(e)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(e){return window.localStorage.removeItem(e)},setItemSync:function(e,t){return window.localStorage.setItem(e,t)}};function ed(e){return new Promise(function(t){return setTimeout(t,e)})}function ep(e){for(var t="",n=0;n<e;n++)t+="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz"[Math.floor(61*Math.random())];return t}var ef=ei.default=function(){function e(t){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+ep(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=t,void 0===e.waiters&&(e.waiters=[])}return e.prototype.acquireLock=function(t,n){return void 0===n&&(n=5e3),ec(this,void 0,void 0,function(){var r,o,i,a,s,c,l;return el(this,function(u){switch(u.label){case 0:r=Date.now()+ep(4),o=Date.now()+n,i=eu+"-"+t,a=void 0===this.storageHandler?eh:this.storageHandler,u.label=1;case 1:return Date.now()<o?[4,ed(30)]:[3,8];case 2:return u.sent(),null!==a.getItemSync(i)?[3,5]:(s=this.id+"-"+t+"-"+r,[4,ed(Math.floor(25*Math.random()))]);case 3:return u.sent(),a.setItemSync(i,JSON.stringify({id:this.id,iat:r,timeoutKey:s,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,ed(30)];case 4:return u.sent(),null!==(c=a.getItemSync(i))&&(l=JSON.parse(c)).id===this.id&&l.iat===r?(this.acquiredIatSet.add(r),this.refreshLockWhileAcquired(i,r),[2,!0]):[3,7];case 5:return e.lockCorrector(void 0===this.storageHandler?eh:this.storageHandler),[4,this.waitForSomethingToChange(o)];case 6:u.sent(),u.label=7;case 7:return r=Date.now()+ep(4),[3,1];case 8:return[2,!1]}})})},e.prototype.refreshLockWhileAcquired=function(e,t){return ec(this,void 0,void 0,function(){var n=this;return el(this,function(r){return setTimeout(function(){return ec(n,void 0,void 0,function(){var n,r,o;return el(this,function(i){switch(i.label){case 0:return[4,ea.default().lock(t)];case 1:return i.sent(),this.acquiredIatSet.has(t)?null===(r=(n=void 0===this.storageHandler?eh:this.storageHandler).getItemSync(e))?ea.default().unlock(t):((o=JSON.parse(r)).timeRefreshed=Date.now(),n.setItemSync(e,JSON.stringify(o)),ea.default().unlock(t),this.refreshLockWhileAcquired(e,t)):ea.default().unlock(t),[2]}})})},1e3),[2]})})},e.prototype.waitForSomethingToChange=function(t){return ec(this,void 0,void 0,function(){return el(this,function(n){switch(n.label){case 0:return[4,new Promise(function(n){var r=!1,o=Date.now(),i=!1;function a(){if(i||(window.removeEventListener("storage",a),e.removeFromWaiting(a),clearTimeout(s),i=!0),!r){r=!0;var t=50-(Date.now()-o);t>0?setTimeout(n,t):n(null)}}window.addEventListener("storage",a),e.addToWaiting(a);var s=setTimeout(a,Math.max(0,t-Date.now()))})];case 1:return n.sent(),[2]}})})},e.addToWaiting=function(t){this.removeFromWaiting(t),void 0!==e.waiters&&e.waiters.push(t)},e.removeFromWaiting=function(t){void 0!==e.waiters&&(e.waiters=e.waiters.filter(function(e){return e!==t}))},e.notifyWaiters=function(){void 0!==e.waiters&&e.waiters.slice().forEach(function(e){return e()})},e.prototype.releaseLock=function(e){return ec(this,void 0,void 0,function(){return el(this,function(t){switch(t.label){case 0:return[4,this.releaseLock__private__(e)];case 1:return[2,t.sent()]}})})},e.prototype.releaseLock__private__=function(t){return ec(this,void 0,void 0,function(){var n,r,o,i;return el(this,function(a){switch(a.label){case 0:return n=void 0===this.storageHandler?eh:this.storageHandler,r=eu+"-"+t,null===(o=n.getItemSync(r))?[2]:(i=JSON.parse(o)).id!==this.id?[3,2]:[4,ea.default().lock(i.iat)];case 1:a.sent(),this.acquiredIatSet.delete(i.iat),n.removeItemSync(r),ea.default().unlock(i.iat),e.notifyWaiters(),a.label=2;case 2:return[2]}})})},e.lockCorrector=function(t){for(var n=Date.now()-5e3,r=[],o=0;;){var i=t.keySync(o);if(null===i)break;r.push(i),o++}for(var a=!1,s=0;s<r.length;s++){var c=r[s];if(c.includes(eu)){var l=t.getItemSync(c);if(null!==l){var u=JSON.parse(l);(void 0===u.timeRefreshed&&u.timeAcquired<n||void 0!==u.timeRefreshed&&u.timeRefreshed<n)&&(t.removeItemSync(c),a=!0)}}}a&&e.notifyWaiters()},e.waiters=void 0,e}();class em{async runWithLock(e,t,n){let r=new AbortController,o=setTimeout(()=>r.abort(),t);try{return await navigator.locks.request(e,{mode:"exclusive",signal:r.signal},async e=>{if(clearTimeout(o),!e)throw Error("Lock not available");return await n()})}catch(e){if(clearTimeout(o),"AbortError"===(null==e?void 0:e.name))throw new H;throw e}}}class ey{constructor(){this.activeLocks=new Set,this.lock=new ef,this.pagehideHandler=()=>{this.activeLocks.forEach(e=>this.lock.releaseLock(e)),this.activeLocks.clear()}}async runWithLock(e,t,n){let r=!1;for(let n=0;n<10&&!r;n++)r=await this.lock.acquireLock(e,t);if(!r)throw new H;this.activeLocks.add(e),1===this.activeLocks.size&&"undefined"!=typeof window&&window.addEventListener("pagehide",this.pagehideHandler);try{return await n()}finally{this.activeLocks.delete(e),await this.lock.releaseLock(e),0===this.activeLocks.size&&"undefined"!=typeof window&&window.removeEventListener("pagehide",this.pagehideHandler)}}}let eg=null,ew=new TextEncoder,eb=new TextDecoder;function ev(e){return"string"==typeof e?ew.encode(e):eb.decode(e)}function ek(e){if("number"!=typeof e.modulusLength||e.modulusLength<2048)throw new eT(`${e.name} modulusLength must be at least 2048 bits`)}async function e_(e,t,n){var o,i,a;if(!1===n.usages.includes("sign"))throw TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');let s=`${(o=ev(JSON.stringify(e)),r(o))}.${(i=ev(JSON.stringify(t)),r(i))}`;return`${s}.${a=await crypto.subtle.sign(function(e){switch(e.algorithm.name){case"ECDSA":return{name:e.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return ek(e.algorithm),{name:e.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return ek(e.algorithm),{name:e.algorithm.name};case"Ed25519":return{name:e.algorithm.name}}throw new eS}(n),n,ev(s)),r(a)}`}r=Uint8Array.prototype.toBase64?e=>(e instanceof ArrayBuffer&&(e=new Uint8Array(e)),e.toBase64({alphabet:"base64url",omitPadding:!0})):e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));let t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};class eS extends Error{constructor(e){var t;super(null!=e?e:"operation not supported"),this.name=this.constructor.name,null==(t=Error.captureStackTrace)||t.call(Error,this,this.constructor)}}class eT extends Error{constructor(e){var t;super(e),this.name=this.constructor.name,null==(t=Error.captureStackTrace)||t.call(Error,this,this.constructor)}}function eE(e){return e instanceof CryptoKey}function eP(e){return eE(e)&&"public"===e.type}async function eA(e,t,n,o,i,a){var s;let c=null==e?void 0:e.privateKey,l=null==e?void 0:e.publicKey;if(!eE(c)||"private"!==c.type)throw TypeError('"keypair.privateKey" must be a private CryptoKey');if(!eP(l))throw TypeError('"keypair.publicKey" must be a public CryptoKey');if(!0!==l.extractable)throw TypeError('"keypair.publicKey.extractable" must be true');if("string"!=typeof t)throw TypeError('"htu" must be a string');if("string"!=typeof n)throw TypeError('"htm" must be a string');if(void 0!==o&&"string"!=typeof o)throw TypeError('"nonce" must be a string or undefined');if(void 0!==i&&"string"!=typeof i)throw TypeError('"accessToken" must be a string or undefined');if(void 0!==a&&("object"!=typeof a||null===a||Array.isArray(a)))throw TypeError('"additional" must be an object');return e_({alg:function(e){switch(e.algorithm.name){case"RSA-PSS":if("SHA-256"===e.algorithm.hash.name)return"PS256";throw new eS("unsupported RsaHashedKeyAlgorithm hash name");case"RSASSA-PKCS1-v1_5":if("SHA-256"===e.algorithm.hash.name)return"RS256";throw new eS("unsupported RsaHashedKeyAlgorithm hash name");case"ECDSA":if("P-256"===e.algorithm.namedCurve)return"ES256";throw new eS("unsupported EcKeyAlgorithm namedCurve");case"Ed25519":return"Ed25519";default:throw new eS("unsupported CryptoKey algorithm name")}}(c),typ:"dpop+jwt",jwk:await eR(l)},Object.assign(Object.assign({},a),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:n,nonce:o,htu:t,ath:i?(s=await crypto.subtle.digest("SHA-256",ev(i)),r(s)):void 0}),c)}async function eR(e){let{kty:t,e:n,n:r,x:o,y:i,crv:a}=await crypto.subtle.exportKey("jwk",e);return{kty:t,crv:a,e:n,n:r,x:o,y:i}}let eI="dpop-nonce",eC=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange","http://auth0.com/oauth/grant-type/mfa-oob","http://auth0.com/oauth/grant-type/mfa-otp","http://auth0.com/oauth/grant-type/mfa-recovery-code"],ex=(e,t)=>new Promise(function(n,r){let o=new MessageChannel;o.port1.onmessage=function(e){e.data.error?r(Error(e.data.error)):n(e.data),o.port1.close()},t.postMessage(e,[o.port2])}),eO=(e,t,n)=>{let r,o=new AbortController;return t.signal=o.signal,Promise.race([fetch(e,t),new Promise((e,t)=>{r=setTimeout(()=>{o.abort(),t(Error("Timeout when executing 'fetch'"))},n)})]).finally(()=>{clearTimeout(r)})},ej=async function(e,t,n,r,o,i){let a=arguments.length>6&&void 0!==arguments[6]?arguments[6]:1e4;return o?(async(e,t,n,r,o,i,a,s,c)=>ex({type:"refresh",auth:{audience:t,scope:n},timeout:o,fetchUrl:e,fetchOptions:r,useFormData:a,useMrrt:s,skipTokenStorage:c},i))(e,t,n,r,a,o,i,arguments.length>7?arguments[7]:void 0,arguments.length>8?arguments[8]:void 0):(async(e,t,n)=>{let r=await eO(e,t,n);return{ok:r.ok,json:await r.json(),headers:[...r.headers].reduce((e,t)=>{let n=C(t,2),r=n[0],o=n[1];return e[r]=o,e},{})}})(e,r,a)};async function eW(e,t,n,r,o,i,a,s,c,l,u){let h;if(c){let t=await c.generateProof({url:e,method:o.method||"GET",nonce:await c.getNonce()});o.headers=Object.assign(Object.assign({},o.headers),{dpop:t})}let d,p=null;for(let c=0;c<3;c++)try{d=await ej(e,n,r,o,i,a,t,s,u),p=null;break}catch(e){p=e}if(p)throw p;let f=d.json,m=f.error,y=f.error_description,g=w(f,["error","error_description"]),b=d,v=b.headers,k=b.ok;if(c&&(h=v[eI])&&await c.setNonce(h),!k){let d=y||"HTTP error. Unable to fetch ".concat(e);if("mfa_required"===m)throw new M(m,d,g.mfa_token,g.mfa_requirements);if("missing_refresh_token"===m)throw new X(n,r);if("use_dpop_nonce"===m){if(!c||!h||l)throw new V(h);return eW(e,t,n,r,o,i,a,s,c,!0,u)}throw new L(m||"request_error",d)}return g}async function eU(e,t,n){var r,o=e.baseUrl,i=e.timeout,a=e.audience,s=e.scope,c=e.auth0Client,l=e.useFormData,u=e.useMrrt,h=e.dpop,d=w(e,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);let p="urn:ietf:params:oauth:grant-type:token-exchange"===d.grant_type,f="refresh_token"===d.grant_type&&u,m=Object.assign(Object.assign(Object.assign(Object.assign({},d),p&&a&&{audience:a}),p&&s&&{scope:s}),f&&{audience:a,scope:s}),y=l?ee(m):JSON.stringify(m),g=(r=d.grant_type,eC.includes(r));return await eW("".concat(o,"/oauth/token"),i,a||K,s,{method:"POST",body:y,headers:{"Content-Type":l?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify($(c||W)))}},t,l,u,g?h:void 0,void 0,n)}let eK=function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return Array.from(new Set(t.filter(Boolean).join(" ").trim().split(/\s+/))).join(" ")},eL=(e,t,n)=>{let r;return n&&(r=e[n]),r||(r=e[K]),eK(r,t)},eN="@@auth0spajs@@",eD="@@user@@";class eH{constructor(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:eN,n=arguments.length>2?arguments[2]:void 0;this.prefix=t,this.suffix=n,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){let t=C(e.split("::"),4),n=t[0],r=t[1],o=t[2];return new eH({clientId:r,scope:t[3],audience:o},n)}static fromCacheEntry(e){let t=e.scope;return new eH({scope:t,audience:e.audience,clientId:e.client_id})}}class eZ{set(e,t){localStorage.setItem(e,JSON.stringify(t))}get(e){let t=window.localStorage.getItem(e);if(t)try{return JSON.parse(t)}catch(e){return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter(e=>e.startsWith(eN))}}class eJ{constructor(){this.enclosedCache=function(){let e={};return{set(t,n){e[t]=n},get(t){let n=e[t];if(n)return n},remove(t){delete e[t]},allKeys:()=>Object.keys(e)}}()}}class ez{constructor(e,t,n){this.cache=e,this.keyManifest=t,this.nowProvider=n||U}async setIdToken(e,t,n){var r;let o=this.getIdTokenCacheKey(e);await this.cache.set(o,{id_token:t,decodedToken:n}),await (null==(r=this.keyManifest)?void 0:r.add(o))}async getIdToken(e){let t=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!t&&e.scope&&e.audience){let t=await this.get(e);if(!t||!t.id_token||!t.decodedToken)return;return{id_token:t.id_token,decodedToken:t.decodedToken}}if(t)return{id_token:t.id_token,decodedToken:t.decodedToken}}async get(e){var t;let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:0,r=arguments.length>2&&void 0!==arguments[2]&&arguments[2],o=arguments.length>3?arguments[3]:void 0,i=await this.cache.get(e.toKey()),a=e;if(!i){let t=await this.getCacheKeys();if(!t)return;let n=this.matchExistingCacheKey(e,t);if(n&&(i=await this.cache.get(n),a=eH.fromKey(n)),!i&&r&&"cache-only"!==o)return this.getEntryWithRefreshToken(e,t)}if(!i)return;let s=Math.floor(await this.nowProvider()/1e3);return i.expiresAt-n<s?i.body.refresh_token?this.modifiedCachedEntry(i,a):(await this.cache.remove(a.toKey()),void await (null==(t=this.keyManifest)?void 0:t.remove(a.toKey()))):i.body}async modifiedCachedEntry(e,t){let n={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},r={body:n,expiresAt:e.expiresAt};return await this.cache.set(t.toKey(),r),{refresh_token:n.refresh_token,audience:n.audience,scope:n.scope}}async set(e){var t;let n=new eH({clientId:e.client_id,scope:e.scope,audience:e.audience}),r=await this.wrapCacheEntry(e);await this.cache.set(n.toKey(),r),await (null==(t=this.keyManifest)?void 0:t.add(n.toKey()))}async remove(e,t,n){let r=new eH({clientId:e,scope:n,audience:t});await this.cache.remove(r.toKey())}async stripRefreshToken(e){var t;let n=await this.getCacheKeys();if(n)for(let r of n){let n=await this.cache.get(r);(null==(t=null==n?void 0:n.body)?void 0:t.refresh_token)===e&&(delete n.body.refresh_token,await this.cache.set(r,n))}}async clear(e){var t;let n=await this.getCacheKeys();n&&(await n.filter(t=>!e||t.includes(e)).reduce(async(e,t)=>{await e,await this.cache.remove(t)},Promise.resolve()),await (null==(t=this.keyManifest)?void 0:t.clear()))}async wrapCacheEntry(e){return{body:e,expiresAt:Math.floor(await this.nowProvider()/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?null==(e=await this.keyManifest.get())?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new eH({clientId:e},eN,eD).toKey()}matchExistingCacheKey(e,t){return t.filter(t=>{var n;let r=eH.fromKey(t),o=new Set(r.scope&&r.scope.split(" ")),i=(null==(n=e.scope)?void 0:n.split(" "))||[],a=r.scope&&i.reduce((e,t)=>e&&o.has(t),!0);return r.prefix===eN&&r.clientId===e.clientId&&r.audience===e.audience&&a})[0]}async getEntryWithRefreshToken(e,t){var n;for(let r of t){let t=eH.fromKey(r);if(t.prefix===eN&&t.clientId===e.clientId){let e=await this.cache.get(r);if(null==(n=null==e?void 0:e.body)?void 0:n.refresh_token)return{refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope}}}}async getRefreshTokensByAudience(e,t){var n;let r=await this.getCacheKeys();if(!r)return[];let o=new Set;for(let i of r){let r=eH.fromKey(i);if(r.prefix===eN&&r.clientId===t&&r.audience===e){let e=await this.cache.get(i);(null==(n=null==e?void 0:e.body)?void 0:n.refresh_token)&&o.add(e.body.refresh_token)}}return Array.from(o)}async updateEntry(e,t){var n;let r=await this.getCacheKeys();if(r)for(let o of r){let r=await this.cache.get(o);(null==(n=null==r?void 0:r.body)?void 0:n.refresh_token)===e&&(r.body.refresh_token=t,await this.cache.set(o,r))}}}class eM{constructor(e,t,n){this.storage=e,this.clientId=t,this.cookieDomain=n,this.storageKey="".concat("a0.spajs.txs",".").concat(this.clientId)}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}let eX=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"];var eG=eo&&eo.__assign||function(){return(eG=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e}).apply(this,arguments)};function eV(e,t){if(!t)return"";var n="; "+e;return!0===t?n:n+"="+t}function eF(e,t,n){var r;document.cookie=(r=eG({path:"/"},n),encodeURIComponent(e).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(t).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+function(e){if("number"==typeof e.expires){var t=new Date;t.setMilliseconds(t.getMilliseconds()+864e5*e.expires),e.expires=t}return eV("Expires",e.expires?e.expires.toUTCString():"")+eV("Domain",e.domain)+eV("Path",e.path)+eV("Secure",e.secure)+eV("SameSite",e.sameSite)}(r))}var eY=function(e,t){eF(e,"",eG(eG({},t),{expires:-1}))};let eB={get(e){let t=function(e){for(var t={},n=e?e.split("; "):[],r=/(%[\dA-F]{2})+/gi,o=0;o<n.length;o++){var i=n[o].split("="),a=i.slice(1).join("=");'"'===a.charAt(0)&&(a=a.slice(1,-1));try{t[i[0].replace(r,decodeURIComponent)]=a.replace(r,decodeURIComponent)}catch(e){}}return t}(document.cookie)[e];if(void 0!==t)return JSON.parse(t)},save(e,t,n){let r={};"https:"===window.location.protocol&&(r={secure:!0,sameSite:"none"}),(null==n?void 0:n.daysUntilExpire)&&(r.expires=n.daysUntilExpire),(null==n?void 0:n.cookieDomain)&&(r.domain=n.cookieDomain),eF(e,JSON.stringify(t),r)},remove(e,t){let n={};(null==t?void 0:t.cookieDomain)&&(n.domain=t.cookieDomain),eY(e,n)}},eq="_legacy_",eQ={get:e=>eB.get(e)||eB.get("".concat(eq).concat(e)),save(e,t,n){let r={};"https:"===window.location.protocol&&(r={secure:!0}),(null==n?void 0:n.daysUntilExpire)&&(r.expires=n.daysUntilExpire),(null==n?void 0:n.cookieDomain)&&(r.domain=n.cookieDomain),eF("".concat(eq).concat(e),JSON.stringify(t),r),eB.save(e,t,n)},remove(e,t){let n={};(null==t?void 0:t.cookieDomain)&&(n.domain=t.cookieDomain),eY(e,n),eB.remove(e,t),eB.remove("".concat(eq).concat(e),t)}},e$={get(e){if("undefined"==typeof sessionStorage)return;let t=sessionStorage.getItem(e);return null!=t?JSON.parse(t):void 0},save(e,t){sessionStorage.setItem(e,JSON.stringify(t))},remove(e){sessionStorage.removeItem(e)}};!function(e){e.Code="code",e.ConnectCode="connect_code"}(e0||(e0={}));var e0,e2,e1=function(e){var t,n,r;return new Worker(e2=e2||(n=(t=function(e,t){var n=atob(e);if(t){for(var r=new Uint8Array(n.length),o=0,i=n.length;o<i;++o)r[o]=n.charCodeAt(o);return String.fromCharCode.apply(null,new Uint16Array(r.buffer))}return n}("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7ZnVuY3Rpb24gZShlLHQpeyhudWxsPT10fHx0PmUubGVuZ3RoKSYmKHQ9ZS5sZW5ndGgpO2Zvcih2YXIgcj0wLG89QXJyYXkodCk7cjx0O3IrKylvW3JdPWVbcl07cmV0dXJuIG99ZnVuY3Rpb24gdCh0LHIpe3JldHVybiBmdW5jdGlvbihlKXtpZihBcnJheS5pc0FycmF5KGUpKXJldHVybiBlfSh0KXx8ZnVuY3Rpb24oZSx0KXt2YXIgcj1udWxsPT1lP251bGw6InVuZGVmaW5lZCIhPXR5cGVvZiBTeW1ib2wmJmVbU3ltYm9sLml0ZXJhdG9yXXx8ZVsiQEBpdGVyYXRvciJdO2lmKG51bGwhPXIpe3ZhciBvLG4scyxpLGE9W10sYz0hMCxsPSExO3RyeXtpZihzPShyPXIuY2FsbChlKSkubmV4dCwwPT09dCl7aWYoT2JqZWN0KHIpIT09cilyZXR1cm47Yz0hMX1lbHNlIGZvcig7IShjPShvPXMuY2FsbChyKSkuZG9uZSkmJihhLnB1c2goby52YWx1ZSksYS5sZW5ndGghPT10KTtjPSEwKTt9Y2F0Y2goZSl7bD0hMCxuPWV9ZmluYWxseXt0cnl7aWYoIWMmJm51bGwhPXIucmV0dXJuJiYoaT1yLnJldHVybigpLE9iamVjdChpKSE9PWkpKXJldHVybn1maW5hbGx5e2lmKGwpdGhyb3cgbn19cmV0dXJuIGF9fSh0LHIpfHxmdW5jdGlvbih0LHIpe2lmKHQpe2lmKCJzdHJpbmciPT10eXBlb2YgdClyZXR1cm4gZSh0LHIpO3ZhciBvPXt9LnRvU3RyaW5nLmNhbGwodCkuc2xpY2UoOCwtMSk7cmV0dXJuIk9iamVjdCI9PT1vJiZ0LmNvbnN0cnVjdG9yJiYobz10LmNvbnN0cnVjdG9yLm5hbWUpLCJNYXAiPT09b3x8IlNldCI9PT1vP0FycmF5LmZyb20odCk6IkFyZ3VtZW50cyI9PT1vfHwvXig/OlVpfEkpbnQoPzo4fDE2fDMyKSg/OkNsYW1wZWQpP0FycmF5JC8udGVzdChvKT9lKHQscik6dm9pZCAwfX0odCxyKXx8ZnVuY3Rpb24oKXt0aHJvdyBuZXcgVHlwZUVycm9yKCJJbnZhbGlkIGF0dGVtcHQgdG8gZGVzdHJ1Y3R1cmUgbm9uLWl0ZXJhYmxlIGluc3RhbmNlLlxuSW4gb3JkZXIgdG8gYmUgaXRlcmFibGUsIG5vbi1hcnJheSBvYmplY3RzIG11c3QgaGF2ZSBhIFtTeW1ib2wuaXRlcmF0b3JdKCkgbWV0aG9kLiIpfSgpfWNsYXNzIHIgZXh0ZW5kcyBFcnJvcntjb25zdHJ1Y3RvcihlLHQpe3N1cGVyKHQpLHRoaXMuZXJyb3I9ZSx0aGlzLmVycm9yX2Rlc2NyaXB0aW9uPXQsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsci5wcm90b3R5cGUpfXN0YXRpYyBmcm9tUGF5bG9hZChlKXtsZXQgdD1lLmVycm9yLG89ZS5lcnJvcl9kZXNjcmlwdGlvbjtyZXR1cm4gbmV3IHIodCxvKX19Y2xhc3MgbyBleHRlbmRzIHJ7Y29uc3RydWN0b3IoZSx0KXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwiTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyIuY29uY2F0KG4oZSxbImRlZmF1bHQiXSksIicsIHNjb3BlOiAnIikuY29uY2F0KG4odCksIicpIikpLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXQsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsby5wcm90b3R5cGUpfX1mdW5jdGlvbiBuKGUpe3JldHVybiBlJiYhKGFyZ3VtZW50cy5sZW5ndGg+MSYmdm9pZCAwIT09YXJndW1lbnRzWzFdP2FyZ3VtZW50c1sxXTpbXSkuaW5jbHVkZXMoZSk/ZToiIn0iZnVuY3Rpb24iPT10eXBlb2YgU3VwcHJlc3NlZEVycm9yJiZTdXBwcmVzc2VkRXJyb3I7Y29uc3Qgcz1lPT57dmFyIHQ9ZS5jbGllbnRJZCxyPWZ1bmN0aW9uKGUsdCl7dmFyIHI9e307Zm9yKHZhciBvIGluIGUpT2JqZWN0LnByb3RvdHlwZS5oYXNPd25Qcm9wZXJ0eS5jYWxsKGUsbykmJnQuaW5kZXhPZihvKTwwJiYocltvXT1lW29dKTtpZihudWxsIT1lJiYiZnVuY3Rpb24iPT10eXBlb2YgT2JqZWN0LmdldE93blByb3BlcnR5U3ltYm9scyl7dmFyIG49MDtmb3Iobz1PYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKGUpO248by5sZW5ndGg7bisrKXQuaW5kZXhPZihvW25dKTwwJiZPYmplY3QucHJvdG90eXBlLnByb3BlcnR5SXNFbnVtZXJhYmxlLmNhbGwoZSxvW25dKSYmKHJbb1tuXV09ZVtvW25dXSl9cmV0dXJuIHJ9KGUsWyJjbGllbnRJZCJdKTtyZXR1cm4gbmV3IFVSTFNlYXJjaFBhcmFtcygoZT0+T2JqZWN0LmtleXMoZSkuZmlsdGVyKHQ9PnZvaWQgMCE9PWVbdF0pLnJlZHVjZSgodCxyKT0+T2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LHQpLHtbcl06ZVtyXX0pLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IGk9e30sYT1udWxsO2NvbnN0IGM9KGUsdCk9PiIiLmNvbmNhdChlLCJ8IikuY29uY2F0KHQpLGw9KGUsdCk9PnQuc3RhcnRzV2l0aCgiIi5jb25jYXQoZSwifCIpKSx1PWU9PntPYmplY3QuZW50cmllcyhpKS5mb3JFYWNoKHI9PntsZXQgbz10KHIsMiksbj1vWzBdO29bMV09PT1lJiZkZWxldGUgaVtuXX0pfSxmPWU9Pntjb25zdCB0PW5ldyBVUkxTZWFyY2hQYXJhbXMoZSkscj17fTtyZXR1cm4gdC5mb3JFYWNoKChlLHQpPT57clt0XT1lfSkscn0sZD1hc3luYyBlPT57bGV0IHIsbixhPWUuZGF0YSx1PWEudGltZW91dCxkPWEuYXV0aCxoPWEuZmV0Y2hVcmwscD1hLmZldGNoT3B0aW9ucyx5PWEudXNlRm9ybURhdGEsZz1hLnVzZU1ycnQsYj1hLnNraXBUb2tlblN0b3JhZ2UsTz10KGUucG9ydHMsMSlbMF0saz17fTtjb25zdCBtPWR8fHt9LGo9bS5hdWRpZW5jZSx2PW0uc2NvcGU7dHJ5e2NvbnN0IGU9eT9mKHAuYm9keSk6SlNPTi5wYXJzZShwLmJvZHkpO2lmKCFlLnJlZnJlc2hfdG9rZW4mJiJyZWZyZXNoX3Rva2VuIj09PWUuZ3JhbnRfdHlwZSl7aWYobj0oKGUsdCk9PmlbYyhlLHQpXSkoaix2KSwhbiYmZyl7Y29uc3QgZT1pLmxhdGVzdF9yZWZyZXNoX3Rva2VuLHQ9KChlLHQpPT4hIU9iamVjdC5rZXlzKGkpLmZpbmQocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBvPWwodCxyKSxuPXIuc3BsaXQoInwiKVsxXS5zcGxpdCgiICIpLHM9ZS5zcGxpdCgiICIpLmV2ZXJ5KGU9Pm4uaW5jbHVkZXMoZSkpO3JldHVybiBvJiZzfX0pKSh2LGopO2UmJiF0JiYobj1lKX1pZighbil0aHJvdyBuZXcgbyhqLHYpO3AuYm9keT15P3MoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSl9bGV0IGEsZDsiZnVuY3Rpb24iPT10eXBlb2YgQWJvcnRDb250cm9sbGVyJiYoYT1uZXcgQWJvcnRDb250cm9sbGVyLHAuc2lnbmFsPWEuc2lnbmFsKTt0cnl7ZD1hd2FpdCBQcm9taXNlLnJhY2UoWyhNPXUsbmV3IFByb21pc2UoZT0+c2V0VGltZW91dChlLE0pKSksZmV0Y2goaCxPYmplY3QuYXNzaWduKHt9LHApKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIE8ucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFkKXJldHVybiBhJiZhLmFib3J0KCksdm9pZCBPLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2lmKFM9ZC5oZWFkZXJzLGs9Wy4uLlNdLnJlZHVjZSgoZSxyKT0+e2xldCBvPXQociwyKSxuPW9bMF0scz1vWzFdO3JldHVybiBlW25dPXMsZX0se30pLHI9YXdhaXQgZC5qc29uKCksYilyZXR1cm4gZGVsZXRlIHIucmVmcmVzaF90b2tlbix2b2lkIE8ucG9zdE1lc3NhZ2Uoe29rOmQub2ssanNvbjpyLGhlYWRlcnM6a30pO3IucmVmcmVzaF90b2tlbj8oZyYmKGkubGF0ZXN0X3JlZnJlc2hfdG9rZW49ci5yZWZyZXNoX3Rva2VuLF89bix3PXIucmVmcmVzaF90b2tlbixPYmplY3QuZW50cmllcyhpKS5mb3JFYWNoKGU9PntsZXQgcj10KGUsMiksbz1yWzBdO3JbMV09PT1fJiYoaVtvXT13KX0pKSwoKGUsdCxyKT0+e2lbYyh0LHIpXT1lfSkoci5yZWZyZXNoX3Rva2VuLGosdiksZGVsZXRlIHIucmVmcmVzaF90b2tlbik6KChlLHQpPT57ZGVsZXRlIGlbYyhlLHQpXX0pKGosdiksTy5wb3N0TWVzc2FnZSh7b2s6ZC5vayxqc29uOnIsaGVhZGVyczprfSl9Y2F0Y2goZSl7Ty5wb3N0TWVzc2FnZSh7b2s6ITEsanNvbjp7ZXJyb3I6ZS5lcnJvcixlcnJvcl9kZXNjcmlwdGlvbjplLm1lc3NhZ2V9LGhlYWRlcnM6a30pfXZhciBfLHcsUyxNfSxoPWFzeW5jIGU9PntsZXQgcj1lLmRhdGEsbz1yLnRpbWVvdXQsbj1yLmF1dGgsYT1yLmZldGNoVXJsLGM9ci5mZXRjaE9wdGlvbnMsZD1yLnVzZUZvcm1EYXRhLGg9dChlLnBvcnRzLDEpWzBdO2NvbnN0IHA9KG58fHt9KS5hdWRpZW5jZTt0cnl7Y29uc3QgZT0oZT0+e2NvbnN0IHI9bmV3IFNldDtyZXR1cm4gT2JqZWN0LmVudHJpZXMoaSkuZm9yRWFjaChvPT57bGV0IG49dChvLDIpLHM9blswXSxpPW5bMV07bChlLHMpJiZyLmFkZChpKX0pLEFycmF5LmZyb20ocil9KShwKTtpZigwPT09ZS5sZW5ndGgpcmV0dXJuIHZvaWQgaC5wb3N0TWVzc2FnZSh7b2s6ITB9KTtjb25zdCByPWQ/ZihjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtmb3IoY29uc3QgdCBvZiBlKXtjb25zdCBlPWQ/cyhPYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30scikse3Rva2VuOnR9KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LHIpLHt0b2tlbjp0fSkpO2xldCBuLGksbCxmOyJmdW5jdGlvbiI9PXR5cGVvZiBBYm9ydENvbnRyb2xsZXImJihuPW5ldyBBYm9ydENvbnRyb2xsZXIsaT1uLnNpZ25hbCk7dHJ5e2Y9YXdhaXQgUHJvbWlzZS5yYWNlKFtuZXcgUHJvbWlzZShlPT57bD1zZXRUaW1lb3V0KGUsbyl9KSxmZXRjaChhLE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxjKSx7Ym9keTplLHNpZ25hbDppfSkpXSkuZmluYWxseSgoKT0+Y2xlYXJUaW1lb3V0KGwpKX1jYXRjaChlKXtyZXR1cm4gdm9pZCBoLnBvc3RNZXNzYWdlKHtlcnJvcjplLm1lc3NhZ2V9KX1pZighZilyZXR1cm4gbiYmbi5hYm9ydCgpLHZvaWQgaC5wb3N0TWVzc2FnZSh7ZXJyb3I6IlRpbWVvdXQgd2hlbiBleGVjdXRpbmcgJ2ZldGNoJyJ9KTtpZighZi5vayl7bGV0IGU7dHJ5e2NvbnN0IHQ9SlNPTi5wYXJzZShhd2FpdCBmLnRleHQoKSk7ZT10LmVycm9yX2Rlc2NyaXB0aW9ufWNhdGNoKGUpe31yZXR1cm4gdm9pZCBoLnBvc3RNZXNzYWdlKHtlcnJvcjplfHwiSFRUUCBlcnJvciAiLmNvbmNhdChmLnN0YXR1cyl9KX11KHQpfWgucG9zdE1lc3NhZ2Uoe29rOiEwfSl9Y2F0Y2goZSl7aC5wb3N0TWVzc2FnZSh7ZXJyb3I6ZS5tZXNzYWdlfHwiVW5rbm93biBlcnJvciBkdXJpbmcgdG9rZW4gcmV2b2NhdGlvbiJ9KX19LHA9KGUsdCk9PntpZighYSlyZXR1cm4hMTt0cnl7Y29uc3Qgcj1uZXcgVVJMKGEpLm9yaWdpbixvPW5ldyBVUkwoZS5mZXRjaFVybCk7cmV0dXJuIG8ub3JpZ2luPT09ciYmby5wYXRobmFtZT09PXR9Y2F0Y2goZSl7cmV0dXJuITF9fTthZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIixlPT57Y29uc3Qgcj1lLmRhdGEsbz10KGUucG9ydHMsMSlbMF07aWYoISgidHlwZSJpbiByKXx8ImluaXQiIT09ci50eXBlKXJldHVybiJ0eXBlImluIHImJiJjbGVhciI9PT1yLnR5cGU/KGk9e30sdm9pZChudWxsPT1vfHxvLnBvc3RNZXNzYWdlKHtvazohMH0pKSk6InR5cGUiaW4gciYmInJldm9rZSI9PT1yLnR5cGU/cChyLCIvb2F1dGgvcmV2b2tlIik/dm9pZCBoKGUpOnZvaWQobnVsbD09b3x8by5wb3N0TWVzc2FnZSh7b2s6ITEsanNvbjp7ZXJyb3I6ImludmFsaWRfZmV0Y2hfdXJsIixlcnJvcl9kZXNjcmlwdGlvbjoiVW5hdXRob3JpemVkIGZldGNoIFVSTCJ9LGhlYWRlcnM6e319KSk6dm9pZCgiZmV0Y2hVcmwiaW4gciYmcChyLCIvb2F1dGgvdG9rZW4iKT9kKGUpOm51bGw9PW98fG8ucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOiJpbnZhbGlkX2ZldGNoX3VybCIsZXJyb3JfZGVzY3JpcHRpb246IlVuYXV0aG9yaXplZCBmZXRjaCBVUkwifSxoZWFkZXJzOnt9fSkpO2lmKG51bGw9PT1hKXRyeXtuZXcgVVJMKHIuYWxsb3dlZEJhc2VVcmwpLGE9ci5hbGxvd2VkQmFzZVVybH1jYXRjaChlKXtyZXR1cm59fSl9KCk7Cgo=",!1)).indexOf("\n",10)+1,r=new Blob([t.substring(n)+""],{type:"application/javascript"}),URL.createObjectURL(r)),e)};let e5={};class e3{constructor(e,t){this.cache=e,this.clientId=t,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var t;let n=new Set((null==(t=await this.cache.get(this.manifestKey))?void 0:t.keys)||[]);n.add(e),await this.cache.set(this.manifestKey,{keys:[...n]})}async remove(e){let t=await this.cache.get(this.manifestKey);if(t){let n=new Set(t.keys);return n.delete(e),n.size>0?await this.cache.set(this.manifestKey,{keys:[...n]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return"".concat(eN,"::").concat(e)}}let e9="auth0.is.authenticated",e4={memory:()=>(new eJ).enclosedCache,localstorage:()=>new eZ},e6=e=>e4[e],e8=e=>{let t=e.openUrl,n=e.onRedirect;return Object.assign(Object.assign({},w(e,["openUrl","onRedirect"])),{openUrl:!1===t||t?t:n})},e7=(e,t)=>{let n=(null==t?void 0:t.split(" "))||[];return((null==e?void 0:e.split(" "))||[]).every(e=>n.includes(e))},te={NONCE:"nonce",KEYPAIR:"keypair"};class tt{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){let e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise((t,n)=>{e.onupgradeneeded=()=>Object.values(te).forEach(t=>e.result.createObjectStore(t)),e.onerror=()=>n(e.error),e.onsuccess=()=>t(e.result)})}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,t,n){let r=n((await this.getDbHandle()).transaction(e,t).objectStore(e));return new Promise((e,t)=>{r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error)})}buildKey(e){return"".concat(this.clientId,"::").concat(e?"_".concat(e):"auth0")}setNonce(e,t){return this.save(te.NONCE,this.buildKey(t),e)}setKeyPair(e){return this.save(te.KEYPAIR,this.buildKey(),e)}async save(e,t,n){await this.executeDbRequest(e,"readwrite",e=>e.put(n,t))}findNonce(e){return this.find(te.NONCE,this.buildKey(e))}findKeyPair(){return this.find(te.KEYPAIR,this.buildKey())}find(e,t){return this.executeDbRequest(e,"readonly",e=>e.get(t))}async deleteBy(e,t){let n=await this.executeDbRequest(e,"readonly",e=>e.getAllKeys());await Promise.all((null==n?void 0:n.filter(t).map(t=>this.executeDbRequest(e,"readwrite",e=>e.delete(t))))||[])}deleteByClientId(e,t){return this.deleteBy(e,e=>"string"==typeof e&&e.startsWith("".concat(t,"::")))}clearNonces(){return this.deleteByClientId(te.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(te.KEYPAIR,this.clientId)}}class tn{constructor(e){this.storage=new tt(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,t){return this.storage.setNonce(e,t)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await async function(e,t){var n;let r;if("string"!=typeof e||0===e.length)throw TypeError('"alg" must be a non-empty string');switch(e){case"PS256":r={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":r={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":r={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":r={name:"Ed25519"};break;default:throw new eS}return crypto.subtle.generateKey(r,null!=(n=null==t?void 0:t.extractable)&&n,["sign","verify"])}("ES256",{extractable:!1}),await this.storage.setKeyPair(e)),e}async generateProof(e){var t;let n,r,o,i,a;return n=(t=Object.assign({keyPair:await this.getOrGenerateKeyPair()},e)).keyPair,r=t.url,o=t.method,i=t.nonce,a=t.accessToken,eA(n,function(e){let t=new URL(e);return t.search="",t.hash="",t.href}(r),o,i,a)}async calculateThumbprint(){return async function(e){var t;let n;if(!eP(e))throw TypeError('"publicKey" must be a public CryptoKey');if(!0!==e.extractable)throw TypeError('"publicKey.extractable" must be true');let o=await eR(e);switch(o.kty){case"EC":n={crv:o.crv,kty:o.kty,x:o.x,y:o.y};break;case"OKP":n={crv:o.crv,kty:o.kty,x:o.x};break;case"RSA":n={e:o.e,kty:o.kty,n:o.n};break;default:throw new eS("unsupported JWK kty")}return t=await crypto.subtle.digest({name:"SHA-256"},ev(JSON.stringify(n))),r(t)}((await this.getOrGenerateKeyPair()).publicKey)}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}!function(e){e.Bearer="Bearer",e.DPoP="DPoP"}(rH||(rH={}));class tr{constructor(e,t){this.hooks=t,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||("undefined"==typeof window?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,t){if(t){if(this.isAbsoluteUrl(t))return t;if(e)return"".concat(e.replace(/\/?\/$/,""),"/").concat(t.replace(/^\/+/,""))}throw TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return"string"==typeof e?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,t){if(!this.config.baseUrl)return new Request(e,t);let n=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),r=e instanceof Request?new Request(n,e):n;return new Request(r,t)}setAuthorizationHeader(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:rH.Bearer;e.headers.set("authorization","".concat(n," ").concat(t))}async setDpopProofHeader(e,t){if(!this.config.dpopNonceId)return;let n=await this.hooks.getDpopNonce(),r=await this.hooks.generateDpopProof({accessToken:t,method:e.method,nonce:n,url:e.url});e.headers.set("dpop",r)}async prepareRequest(e,t){let n,r,o=await this.getAccessToken(t);"string"==typeof o?(n=this.config.dpopNonceId?rH.DPoP:rH.Bearer,r=o):(n=o.token_type,r=o.access_token),this.setAuthorizationHeader(e,r,n),n===rH.DPoP&&await this.setDpopProofHeader(e,r)}getHeader(e,t){return Array.isArray(e)?new Headers(e).get(t)||"":"function"==typeof e.get?e.get(t)||"":e[t]||""}hasUseDpopNonceError(e){if(401!==e.status)return!1;let t=this.getHeader(e.headers,"www-authenticate");return t.includes("invalid_dpop_nonce")||t.includes("use_dpop_nonce")}async handleResponse(e,t){let n=this.getHeader(e.headers,eI);if(n&&await this.hooks.setDpopNonce(n),!this.hasUseDpopNonceError(e))return e;if(!n||!t.onUseDpopNonceError)throw new V(n);return t.onUseDpopNonceError()}async internalFetchWithAuth(e,t,n,r){let o=this.buildBaseRequest(e,t);await this.prepareRequest(o,r);let i=await this.config.fetch(o);return this.handleResponse(i,n)}fetchWithAuth(e,t,n){let r={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,t,Object.assign(Object.assign({},r),{onUseDpopNonceError:void 0}),n)};return this.internalFetchWithAuth(e,t,r,n)}}class to{constructor(e,t){this.myAccountFetcher=e,this.apiBase=t}async connectAccount(e){let t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/connect"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async completeAccount(e){let t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/complete"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return this._handleResponse(t)}async _handleResponse(e){let t;try{t=await e.text(),t=JSON.parse(t)}catch(n){throw new ti({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:t||String(n)})}if(e.ok)return t;throw new ti(t)}}class ti extends Error{constructor(e){let t=e.type,n=e.status,r=e.title,o=e.detail,i=e.validation_errors;super(o),this.name="MyAccountApiError",this.type=t,this.status=n,this.title=r,this.detail=o,this.validation_errors=i,Object.setPrototypeOf(this,ti.prototype)}}let ta={otp:{authenticatorTypes:["otp"]},sms:{authenticatorTypes:["oob"],oobChannels:["sms"]},email:{authenticatorTypes:["oob"],oobChannels:["email"]},push:{authenticatorTypes:["oob"],oobChannels:["auth0"]},voice:{authenticatorTypes:["oob"],oobChannels:["voice"]}};function ts(e,t){if(null==e)return!1;try{return e instanceof t||Object.getPrototypeOf(e)[Symbol.toStringTag]===t.prototype[Symbol.toStringTag]}catch(e){return!1}}"undefined"!=typeof navigator&&null!=(rZ=navigator.userAgent)&&null!=(rJ=rZ.startsWith)&&rJ.call(rZ,"Mozilla/5.0 ")||(o="".concat("oauth4webapi","/").concat("v3.8.6"));let tc="ERR_INVALID_ARG_VALUE",tl="ERR_INVALID_ARG_TYPE";function tu(e,t,n){let r=TypeError(e,{cause:n});return Object.assign(r,{code:t}),r}let th=Symbol(),td=Symbol(),tp=Symbol(),tf=Symbol(),tm=Symbol(),ty=Symbol(),tg=new TextEncoder,tw=new TextDecoder;function tb(e){return"string"==typeof e?tg.encode(e):tw.decode(e)}function tv(e){return"string"==typeof e?a(e):i(e)}i=Uint8Array.prototype.toBase64?e=>(e instanceof ArrayBuffer&&(e=new Uint8Array(e)),e.toBase64({alphabet:"base64url",omitPadding:!0})):e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));let t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")},a=Uint8Array.fromBase64?e=>{try{return Uint8Array.fromBase64(e,{alphabet:"base64url"})}catch(e){throw tu("The input to be decoded is not correctly encoded.",tc,e)}}:e=>{try{let t=atob(e.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"")),n=new Uint8Array(t.length);for(let e=0;e<t.length;e++)n[e]=t.charCodeAt(e);return n}catch(e){throw tu("The input to be decoded is not correctly encoded.",tc,e)}};class tk extends Error{constructor(e,t){var n;super(e,t),P(this,"code",void 0),this.name=this.constructor.name,this.code=ns,null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}class t_ extends Error{constructor(e,t){var n;super(e,t),P(this,"code",void 0),this.name=this.constructor.name,null!=t&&t.code&&(this.code=null==t?void 0:t.code),null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}function tS(e,t,n){return new t_(e,{code:t,cause:n})}function tT(e){return null!==e&&"object"==typeof e&&!Array.isArray(e)}function tE(e){ts(e,Headers)&&(e=Object.fromEntries(e.entries()));let t=new Headers(null!=e?e:{});if(o&&!t.has("user-agent")&&t.set("user-agent",o),t.has("authorization"))throw tu('"options.headers" must not include the "authorization" header name',tc);return t}function tP(e,t){if(void 0!==t){if("function"==typeof t&&(t=t(e.href)),!(t instanceof AbortSignal))throw tu('"options.signal" must return or be an instance of AbortSignal',tl);return t}}function tA(e){return e.includes("//")?e.replace("//","/"):e}async function tR(e,t){return async function(e,t,n,r){if(!(e instanceof URL))throw tu('"'.concat(t,'" must be an instance of URL'),tl);tH(e,!0!==(null==r?void 0:r[th]));let o=n(new URL(e.href)),i=tE(null==r?void 0:r.headers);return i.set("accept","application/json"),((null==r?void 0:r[tf])||fetch)(o.href,{body:void 0,headers:Object.fromEntries(i.entries()),method:"GET",redirect:"manual",signal:tP(o,null==r?void 0:r.signal)})}(e,"issuerIdentifier",e=>{switch(null==t?void 0:t.algorithm){case void 0:case"oidc":e.pathname=tA("".concat(e.pathname,"/").concat(".well-known/openid-configuration"));break;case"oauth2":!function(e,t){let n=arguments.length>2&&void 0!==arguments[2]&&arguments[2];"/"===e.pathname?e.pathname=t:e.pathname=tA("".concat(t,"/").concat(n?e.pathname:e.pathname.replace(/(\/)$/,"")))}(e,".well-known/oauth-authorization-server");break;default:throw tu('"options.algorithm" must be "oidc" (default), or "oauth2"',tc)}return e},t)}function tI(e,t,n,r,o){try{if("number"!=typeof e||!Number.isFinite(e))throw tu("".concat(n," must be a number"),tl,o);if(e>0)return;if(t){if(0!==e)throw tu("".concat(n," must be a non-negative number"),tc,o);return}throw tu("".concat(n," must be a positive number"),tc,o)}catch(e){if(r)throw tS(e.message,r,o);throw e}}function tC(e,t,n,r){try{if("string"!=typeof e)throw tu("".concat(t," must be a string"),tl,r);if(0===e.length)throw tu("".concat(t," must not be empty"),tc,r)}catch(e){if(n)throw tS(e.message,n,r);throw e}}function tx(e){var t="application/json";if(t$(e)!==t)throw function(e){let t='"response" content-type must be ';for(var n=arguments.length,r=Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];if(r.length>2){let e=r.pop();t+="".concat(r.join(", "),", or ").concat(e)}else 2===r.length?t+="".concat(r[0]," or ").concat(r[1]):t+=r[0];return tS(t,nh,e)}(e,t)}function tO(){return tv(crypto.getRandomValues(new Uint8Array(32)))}function tj(e){let t=null==e?void 0:e[td];return"number"==typeof t&&Number.isFinite(t)?t:0}function tW(e){let t=null==e?void 0:e[tp];return"number"==typeof t&&Number.isFinite(t)&&-1!==Math.sign(t)?t:30}function tU(){return Math.floor(Date.now()/1e3)}function tK(e){if("object"!=typeof e||null===e)throw tu('"as" must be an object',tl);tC(e.issuer,'"as.issuer"')}function tL(e){if("object"!=typeof e||null===e)throw tu('"client" must be an object',tl);tC(e.client_id,'"client.client_id"')}function tN(e){return tC(e,'"clientSecret"'),(t,n,r,o)=>{r.set("client_id",n.client_id),r.set("client_secret",e)}}let tD=URL.parse?(e,t)=>URL.parse(e,t):(e,t)=>{try{return new URL(e,t)}catch(e){return null}};function tH(e,t){if(t&&"https:"!==e.protocol)throw tS("only requests to HTTPS are allowed",np,e);if("https:"!==e.protocol&&"http:"!==e.protocol)throw tS("only HTTP and HTTPS requests are allowed",nf,e)}function tZ(e,t,n,r){let o;if("string"!=typeof e||!(o=tD(e)))throw tS("authorization server metadata does not contain a valid ".concat(n?'"as.mtls_endpoint_aliases.'.concat(t,'"'):'"as.'.concat(t,'"')),void 0===e?nw:nb,{attribute:n?"mtls_endpoint_aliases.".concat(t):t});return tH(o,r),o}function tJ(e,t,n,r){return n&&e.mtls_endpoint_aliases&&t in e.mtls_endpoint_aliases?tZ(e.mtls_endpoint_aliases[t],t,n,r):tZ(e[t],t,n,r)}class tz extends Error{constructor(e,t){var n;super(e,t),P(this,"cause",void 0),P(this,"code",void 0),P(this,"error",void 0),P(this,"status",void 0),P(this,"error_description",void 0),P(this,"response",void 0),this.name=this.constructor.name,this.code=na,this.cause=t.cause,this.error=t.cause.error,this.status=t.response.status,this.error_description=t.cause.error_description,Object.defineProperty(this,"response",{enumerable:!1,value:t.response}),null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}class tM extends Error{constructor(e,t){var n,r;super(e,t),P(this,"cause",void 0),P(this,"code",void 0),P(this,"error",void 0),P(this,"error_description",void 0),this.name=this.constructor.name,this.code=nc,this.cause=t.cause,this.error=t.cause.get("error"),this.error_description=null!=(n=t.cause.get("error_description"))?n:void 0,null==(r=Error.captureStackTrace)||r.call(Error,this,this.constructor)}}class tX extends Error{constructor(e,t){var n;super(e,t),P(this,"cause",void 0),P(this,"code",void 0),P(this,"response",void 0),P(this,"status",void 0),this.name=this.constructor.name,this.code=ni,this.cause=t.cause,this.status=t.response.status,this.response=t.response,Object.defineProperty(this,"response",{enumerable:!1}),null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}let tG="[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+",tV=RegExp("^[,\\s]*("+tG+")"),tF=RegExp("^[,\\s]*("+tG+')\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"[,\\s]*(.*)'),tY=RegExp("^[,\\s]*"+("("+tG+")\\s*=\\s*(")+tG+")[,\\s]*(.*)"),tB=RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");async function tq(e,t,n){if(e.status!==t){var r;let t;if(function(e){let t;if(t=function(e){if(!ts(e,Response))throw tu('"response" must be an instance of Response',tl);let t=e.headers.get("www-authenticate");if(null===t)return;let n=[],r=t;for(;r;){let e,t=r.match(tV),c=null==(o=t)?void 0:o[1].toLowerCase();if(!c)return;let l=r.substring(t[0].length);if(l&&!l.match(/^[\s,]/))return;let u=l.match(/^\s+(.*)$/),h=!!u;r=u?u[1]:void 0;let d={};if(h)for(;r;){let n,c;if(t=r.match(tF)){var o,i=C(t,4);if(n=i[1],c=i[2],r=i[3],c.includes("\\"))try{c=JSON.parse('"'.concat(c,'"'))}catch(e){}d[n.toLowerCase()]=c}else{if(!(t=r.match(tY))){if(t=r.match(tB)){if(Object.keys(d).length)break;var a=C(t,3);e=a[1],r=a[2];break}return}var s=C(t,4);n=s[1],c=s[2],r=s[3],d[n.toLowerCase()]=c}}else r=l||void 0;let p={scheme:c,parameters:d};e&&(p.token68=e),n.push(p)}return n.length?n:void 0}(e))throw new tX("server responded with a challenge in the WWW-Authenticate HTTP Header",{cause:t,response:e})}(e),t=await async function(e){if(e.status>399&&e.status<500){nv(e),tx(e);try{let t=await e.clone().json();if(tT(t)&&"string"==typeof t.error&&t.error.length)return t}catch(e){}}}(e))throw await (null==(r=e.body)?void 0:r.cancel()),new tz("server responded with an error in the response body",{cause:t,response:e});throw tS('"response" is not a conform '.concat(n," response (unexpected HTTP status code)"),nd,e)}}function tQ(e){if(!t8.has(e))throw tu('"options.DPoP" is not a valid DPoPHandle',tc)}function t$(e){var t;return null==(t=e.headers.get("content-type"))?void 0:t.split(";")[0]}async function t0(e,t,n,r,o,i,a){return await n(e,t,o,i),i.set("content-type","application/x-www-form-urlencoded;charset=UTF-8"),((null==a?void 0:a[tf])||fetch)(r.href,{body:o,headers:Object.fromEntries(i.entries()),method:"POST",redirect:"manual",signal:tP(r,null==a?void 0:a.signal)})}async function t2(e,t,n,r,o,i){var a;let s=tJ(e,"token_endpoint",t.use_mtls_endpoint_aliases,!0!==(null==i?void 0:i[th]));o.set("grant_type",r);let c=tE(null==i?void 0:i.headers);c.set("accept","application/json"),void 0!==(null==i?void 0:i.DPoP)&&(tQ(i.DPoP),await i.DPoP.addProof(s,c,"POST"));let l=await t0(e,t,n,s,o,c,i);return null==i||null==(a=i.DPoP)||a.cacheNonce(l,s),l}let t1=new WeakMap,t5=new WeakMap;function t3(e){if(!e.id_token)return;let t=t1.get(e);if(!t)throw tu('"ref" was already garbage collected or did not resolve from the proper sources',tc);return t}async function t9(e,t,n,r,o,i){if(tK(e),tL(t),!ts(n,Response))throw tu('"response" must be an instance of Response',tl);await tq(n,200,"Token Endpoint"),nv(n);let a=await nA(n);if(tC(a.access_token,'"response" body "access_token" property',nu,{body:a}),tC(a.token_type,'"response" body "token_type" property',nu,{body:a}),a.token_type=a.token_type.toLowerCase(),void 0!==a.expires_in){let e="number"!=typeof a.expires_in?parseFloat(a.expires_in):a.expires_in;tI(e,!0,'"response" body "expires_in" property',nu,{body:a}),a.expires_in=e}if(void 0!==a.refresh_token&&tC(a.refresh_token,'"response" body "refresh_token" property',nu,{body:a}),void 0!==a.scope&&"string"!=typeof a.scope)throw tS('"response" body "scope" property must be a string',nu,{body:a});if(void 0!==a.id_token){tC(a.id_token,'"response" body "id_token" property',nu,{body:a});let i=["aud","exp","iat","iss","sub"];!0===t.require_auth_time&&i.push("auth_time"),void 0!==t.default_max_age&&(tI(t.default_max_age,!0,'"client.default_max_age"'),i.push("auth_time")),null!=r&&r.length&&i.push(...r);let s=await (async function(e,t,n,r,o){let i,a,s=e.split("."),c=s[0],l=s[1],u=s.length;if(5===u){if(void 0===o)throw new tk("JWE decryption is not configured",{cause:e});var h=(e=await o(e)).split(".");c=h[0],l=h[1],u=h.length}if(3!==u)throw tS("Invalid JWT",nu,e);try{i=JSON.parse(tb(tv(c)))}catch(e){throw tS("failed to parse JWT Header body as base64url encoded JSON",nl,e)}if(!tT(i))throw tS("JWT Header must be a top level object",nu,e);if(t(i),void 0!==i.crit)throw new tk('no JWT "crit" header parameter extensions are supported',{cause:{header:i}});try{a=JSON.parse(tb(tv(l)))}catch(e){throw tS("failed to parse JWT Payload body as base64url encoded JSON",nl,e)}if(!tT(a))throw tS("JWT Payload must be a top level object",nu,e);let d=tU()+n;if(void 0!==a.exp){if("number"!=typeof a.exp)throw tS('unexpected JWT "exp" (expiration time) claim type',nu,{claims:a});if(a.exp<=d-r)throw tS('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp',nm,{claims:a,now:d,tolerance:r,claim:"exp"})}if(void 0!==a.iat&&"number"!=typeof a.iat)throw tS('unexpected JWT "iat" (issued at) claim type',nu,{claims:a});if(void 0!==a.iss&&"string"!=typeof a.iss)throw tS('unexpected JWT "iss" (issuer) claim type',nu,{claims:a});if(void 0!==a.nbf){if("number"!=typeof a.nbf)throw tS('unexpected JWT "nbf" (not before) claim type',nu,{claims:a});if(a.nbf>d+r)throw tS('unexpected JWT "nbf" (not before) claim value',nm,{claims:a,now:d,tolerance:r,claim:"nbf"})}if(void 0!==a.aud&&"string"!=typeof a.aud&&!Array.isArray(a.aud))throw tS('unexpected JWT "aud" (audience) claim type',nu,{claims:a});return{header:i,claims:a,jwt:e}})(a.id_token,nS.bind(void 0,t.id_token_signed_response_alg,e.id_token_signing_alg_values_supported,"RS256"),tj(t),tW(t),o).then(nt.bind(void 0,i)).then(t6.bind(void 0,e)).then(t4.bind(void 0,t.client_id)),c=s.claims,l=s.jwt;if(Array.isArray(c.aud)&&1!==c.aud.length){if(void 0===c.azp)throw tS('ID Token "aud" (audience) claim includes additional untrusted audiences',ny,{claims:c,claim:"aud"});if(c.azp!==t.client_id)throw tS('unexpected ID Token "azp" (authorized party) claim value',ny,{expected:t.client_id,claims:c,claim:"azp"})}void 0!==c.auth_time&&tI(c.auth_time,!0,'ID Token "auth_time" (authentication time)',nu,{claims:c}),t5.set(n,l),t1.set(a,c)}if(void 0!==(null==i?void 0:i[a.token_type]))i[a.token_type](n,a);else if("dpop"!==a.token_type&&"bearer"!==a.token_type)throw new tk("unsupported `token_type` value",{cause:{body:a}});return a}function t4(e,t){if(Array.isArray(t.claims.aud)){if(!t.claims.aud.includes(e))throw tS('unexpected JWT "aud" (audience) claim value',ny,{expected:e,claims:t.claims,claim:"aud"})}else if(t.claims.aud!==e)throw tS('unexpected JWT "aud" (audience) claim value',ny,{expected:e,claims:t.claims,claim:"aud"});return t}function t6(e,t){var n,r;let o=null!=(n=null==(r=e[nI])?void 0:r.call(e,t))?n:e.issuer;if(t.claims.iss!==o)throw tS('unexpected JWT "iss" (issuer) claim value',ny,{expected:o,claims:t.claims,claim:"iss"});return t}let t8=new WeakSet,t7=Symbol(),ne={aud:"audience",c_hash:"code hash",client_id:"client id",exp:"expiration time",iat:"issued at",iss:"issuer",jti:"jwt id",nonce:"nonce",s_hash:"state hash",sub:"subject",ath:"access token hash",htm:"http method",htu:"http uri",cnf:"confirmation",auth_time:"authentication time"};function nt(e,t){for(let n of e)if(void 0===t.claims[n])throw tS('JWT "'.concat(n,'" (').concat(ne[n],") claim missing"),nu,{claims:t.claims});return t}let nn=Symbol(),nr=Symbol();async function no(e,t,n,r){return"string"==typeof(null==r?void 0:r.expectedNonce)||"number"==typeof(null==r?void 0:r.maxAge)||null!=r&&r.requireIdToken?async function(e,t,n,r,o,i,a){let s=[];switch(r){case void 0:r=nn;break;case nn:break;default:tC(r,'"expectedNonce" argument'),s.push("nonce")}switch(null!=o||(o=t.default_max_age),o){case void 0:o=nr;break;case nr:break;default:tI(o,!0,'"maxAge" argument'),s.push("auth_time")}let c=await t9(e,t,n,s,i,a);tC(c.id_token,'"response" body "id_token" property',nu,{body:c});let l=t3(c);if(o!==nr){let e=tU()+tj(t),n=tW(t);if(l.auth_time+o<e-n)throw tS("too much time has elapsed since the last End-User authentication",nm,{claims:l,now:e,tolerance:n,claim:"auth_time"})}if(r===nn){if(void 0!==l.nonce)throw tS('unexpected ID Token "nonce" claim value',ny,{expected:void 0,claims:l,claim:"nonce"})}else if(l.nonce!==r)throw tS('unexpected ID Token "nonce" claim value',ny,{expected:r,claims:l,claim:"nonce"});return c}(e,t,n,r.expectedNonce,r.maxAge,r[ty],r.recognizedTokenTypes):async function(e,t,n,r,o){let i=await t9(e,t,n,void 0,r,o),a=t3(i);if(a){if(void 0!==t.default_max_age){tI(t.default_max_age,!0,'"client.default_max_age"');let e=tU()+tj(t),n=tW(t);if(a.auth_time+t.default_max_age<e-n)throw tS("too much time has elapsed since the last End-User authentication",nm,{claims:a,now:e,tolerance:n,claim:"auth_time"})}if(void 0!==a.nonce)throw tS('unexpected ID Token "nonce" claim value',ny,{expected:void 0,claims:a,claim:"nonce"})}return i}(e,t,n,null==r?void 0:r[ty],null==r?void 0:r.recognizedTokenTypes)}let ni="OAUTH_WWW_AUTHENTICATE_CHALLENGE",na="OAUTH_RESPONSE_BODY_ERROR",ns="OAUTH_UNSUPPORTED_OPERATION",nc="OAUTH_AUTHORIZATION_RESPONSE_ERROR",nl="OAUTH_PARSE_ERROR",nu="OAUTH_INVALID_RESPONSE",nh="OAUTH_RESPONSE_IS_NOT_JSON",nd="OAUTH_RESPONSE_IS_NOT_CONFORM",np="OAUTH_HTTP_REQUEST_FORBIDDEN",nf="OAUTH_REQUEST_PROTOCOL_FORBIDDEN",nm="OAUTH_JWT_TIMESTAMP_CHECK_FAILED",ny="OAUTH_JWT_CLAIM_COMPARISON_FAILED",ng="OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED",nw="OAUTH_MISSING_SERVER_METADATA",nb="OAUTH_INVALID_SERVER_METADATA";function nv(e){if(e.bodyUsed)throw tu('"response" body has been used already',tc)}function nk(e){let t=e.algorithm;if("number"!=typeof t.modulusLength||t.modulusLength<2048)throw new tk("unsupported ".concat(t.name," modulusLength"),{cause:e})}async function n_(e){if("POST"!==e.method)throw tu("form_post responses are expected to use the POST method",tc,{cause:e});if("application/x-www-form-urlencoded"!==t$(e))throw tu("form_post responses are expected to use the application/x-www-form-urlencoded content-type",tc,{cause:e});return async function(e){if(e.bodyUsed)throw tu("form_post Request instances must contain a readable body",tc,{cause:e});return e.text()}(e)}function nS(e,t,n,r){if(void 0===e)if(Array.isArray(t)){if(!t.includes(r.alg))throw tS('unexpected JWT "alg" header parameter',nu,{header:r,expected:t,reason:"authorization server metadata"})}else{if(void 0===n)throw tS('missing client or server configuration to verify used JWT "alg" header parameter',void 0,{client:e,issuer:t,fallback:n});if("string"==typeof n?r.alg!==n:"function"==typeof n?!n(r.alg):!n.includes(r.alg))throw tS('unexpected JWT "alg" header parameter',nu,{header:r,expected:n,reason:"default value"})}else if("string"==typeof e?r.alg!==e:!e.includes(r.alg))throw tS('unexpected JWT "alg" header parameter',nu,{header:r,expected:e,reason:"client configuration"})}function nT(e,t){let n=e.getAll(t),r=n[0];if(n.length>1)throw tS('"'.concat(t,'" parameter must be provided only once'),nu);return r}let nE=Symbol(),nP=Symbol();async function nA(e){let t,n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:tx;try{t=await e.json()}catch(t){throw n(e),tS('failed to parse "response" body as JSON',nl,t)}if(!tT(t))throw tS('"response" body must be a top level object',nu,{body:t});return t}let nR=Symbol(),nI=Symbol(),nC=new TextEncoder,nx=new TextDecoder;function nO(e){let t=new Uint8Array(e.length);for(let n=0;n<e.length;n++){let r=e.charCodeAt(n);if(r>127)throw TypeError("non-ASCII string encountered in encode()");t[n]=r}return t}function nj(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),n=new Uint8Array(t.length);for(let e=0;e<t.length;e++)n[e]=t.charCodeAt(e);return n}function nW(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64("string"==typeof e?e:nx.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=nx.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/");try{return nj(t)}catch(e){throw TypeError("The input to be decoded is not correctly encoded.")}}let nU=function(e){return TypeError("CryptoKey does not support this operation, its ".concat(arguments.length>1&&void 0!==arguments[1]?arguments[1]:"algorithm.name"," must be ").concat(e))};function nK(e,t){if(parseInt(e.hash.name.slice(4),10)!==t)throw nU("SHA-".concat(t),"algorithm.hash")}function nL(e,t){for(var n,r=arguments.length,o=Array(r>2?r-2:0),i=2;i<r;i++)o[i-2]=arguments[i];if((o=o.filter(Boolean)).length>2){let t=o.pop();e+="one of type ".concat(o.join(", "),", or ").concat(t,".")}else 2===o.length?e+="one of type ".concat(o[0]," or ").concat(o[1],"."):e+="of type ".concat(o[0],".");return null==t?e+=" Received ".concat(t):"function"==typeof t&&t.name?e+=" Received function ".concat(t.name):"object"==typeof t&&null!=t&&null!=(n=t.constructor)&&n.name&&(e+=" Received an instance of ".concat(t.constructor.name)),e}let nN=function(e,t){for(var n=arguments.length,r=Array(n>2?n-2:0),o=2;o<n;o++)r[o-2]=arguments[o];return nL("Key for the ".concat(e," algorithm must be "),t,...r)};class nD extends Error{constructor(e,t){var n;super(e,t),P(this,"code","ERR_JOSE_GENERIC"),this.name=this.constructor.name,null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}P(nD,"code","ERR_JOSE_GENERIC");class nH extends nD{constructor(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"unspecified",r=arguments.length>3&&void 0!==arguments[3]?arguments[3]:"unspecified";super(e,{cause:{claim:n,reason:r,payload:t}}),P(this,"code","ERR_JWT_CLAIM_VALIDATION_FAILED"),P(this,"claim",void 0),P(this,"reason",void 0),P(this,"payload",void 0),this.claim=n,this.reason=r,this.payload=t}}P(nH,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");class nZ extends nD{constructor(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"unspecified",r=arguments.length>3&&void 0!==arguments[3]?arguments[3]:"unspecified";super(e,{cause:{claim:n,reason:r,payload:t}}),P(this,"code","ERR_JWT_EXPIRED"),P(this,"claim",void 0),P(this,"reason",void 0),P(this,"payload",void 0),this.claim=n,this.reason=r,this.payload=t}}P(nZ,"code","ERR_JWT_EXPIRED");class nJ extends nD{constructor(){super(...arguments),P(this,"code","ERR_JOSE_ALG_NOT_ALLOWED")}}P(nJ,"code","ERR_JOSE_ALG_NOT_ALLOWED");class nz extends nD{constructor(){super(...arguments),P(this,"code","ERR_JOSE_NOT_SUPPORTED")}}P(nz,"code","ERR_JOSE_NOT_SUPPORTED"),P(class extends nD{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"decryption operation failed",arguments.length>1?arguments[1]:void 0),P(this,"code","ERR_JWE_DECRYPTION_FAILED")}},"code","ERR_JWE_DECRYPTION_FAILED"),P(class extends nD{constructor(){super(...arguments),P(this,"code","ERR_JWE_INVALID")}},"code","ERR_JWE_INVALID");class nM extends nD{constructor(){super(...arguments),P(this,"code","ERR_JWS_INVALID")}}P(nM,"code","ERR_JWS_INVALID");class nX extends nD{constructor(){super(...arguments),P(this,"code","ERR_JWT_INVALID")}}P(nX,"code","ERR_JWT_INVALID"),P(class extends nD{constructor(){super(...arguments),P(this,"code","ERR_JWK_INVALID")}},"code","ERR_JWK_INVALID");class nG extends nD{constructor(){super(...arguments),P(this,"code","ERR_JWKS_INVALID")}}P(nG,"code","ERR_JWKS_INVALID");class nV extends nD{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"no applicable key found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),P(this,"code","ERR_JWKS_NO_MATCHING_KEY")}}P(nV,"code","ERR_JWKS_NO_MATCHING_KEY");class nF extends nD{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"multiple matching keys found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),P(this,Symbol.asyncIterator,void 0),P(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS")}}P(nF,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");class nY extends nD{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"request timed out",arguments.length>1?arguments[1]:void 0),P(this,"code","ERR_JWKS_TIMEOUT")}}P(nY,"code","ERR_JWKS_TIMEOUT");class nB extends nD{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"signature verification failed",arguments.length>1?arguments[1]:void 0),P(this,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED")}}P(nB,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED");let nq=e=>{if("CryptoKey"===(null==e?void 0:e[Symbol.toStringTag]))return!0;try{return e instanceof CryptoKey}catch(e){return!1}},nQ=e=>"KeyObject"===(null==e?void 0:e[Symbol.toStringTag]),n$=e=>nq(e)||nQ(e);function n0(e,t,n){try{return nW(e)}catch(e){throw new n("Failed to base64url decode the ".concat(t))}}function n2(e){if("object"!=typeof e||null===e||"[object Object]"!==Object.prototype.toString.call(e))return!1;if(null===Object.getPrototypeOf(e))return!0;let t=e;for(;null!==Object.getPrototypeOf(t);)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}let n1=e=>n2(e)&&"string"==typeof e.kty;async function n5(e,t,n){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw TypeError(function(e){for(var t=arguments.length,n=Array(t>1?t-1:0),r=1;r<t;r++)n[r-1]=arguments[r];return nL("Key must be ",e,...n)}(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:"SHA-".concat(e.slice(-3)),name:"HMAC"},!1,[n])}return function(e,t,n){switch(t){case"HS256":case"HS384":case"HS512":if("HMAC"!==e.algorithm.name)throw nU("HMAC");nK(e.algorithm,parseInt(t.slice(2),10));break;case"RS256":case"RS384":case"RS512":if("RSASSA-PKCS1-v1_5"!==e.algorithm.name)throw nU("RSASSA-PKCS1-v1_5");nK(e.algorithm,parseInt(t.slice(2),10));break;case"PS256":case"PS384":case"PS512":if("RSA-PSS"!==e.algorithm.name)throw nU("RSA-PSS");nK(e.algorithm,parseInt(t.slice(2),10));break;case"Ed25519":case"EdDSA":if("Ed25519"!==e.algorithm.name)throw nU("Ed25519");break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":let r;if(r=e.algorithm,r.name!==t)throw nU(t);break;case"ES256":case"ES384":case"ES512":{if("ECDSA"!==e.algorithm.name)throw nU("ECDSA");let n=function(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw Error("unreachable")}}(t);if(e.algorithm.namedCurve!==n)throw nU(n,"algorithm.namedCurve");break}default:throw TypeError("CryptoKey does not support this operation")}if(n&&!e.usages.includes(n))throw TypeError("CryptoKey does not support this operation, its usages must include ".concat(n,"."))}(t,e,n),t}async function n3(e,t,n,r){let o=await n5(e,t,"verify");if(e.startsWith("RS")||e.startsWith("PS")){let t=o.algorithm.modulusLength;if("number"!=typeof t||t<2048)throw TypeError("".concat(e," requires key modulusLength to be 2048 bits or larger"))}let i=function(e,t){let n="SHA-".concat(e.slice(-3));switch(e){case"HS256":case"HS384":case"HS512":return{hash:n,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:n,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:n,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:n,name:"ECDSA",namedCurve:t.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:e};default:throw new nz("alg ".concat(e," is not supported either by JOSE or your javascript runtime"))}}(e,o.algorithm);try{return await crypto.subtle.verify(i,o,n,r)}catch(e){return!1}}let n9='Invalid or unsupported JWK "alg" (Algorithm) Parameter value';async function n4(e){var t,n;if(!e.alg)throw TypeError('"alg" argument is required when "jwk.alg" is not present');let r=function(e){let t,n;switch(e.kty){case"AKP":switch(e.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":t={name:e.alg},n=e.priv?["sign"]:["verify"];break;default:throw new nz(n9)}break;case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:"SHA-".concat(e.alg.slice(-3))},n=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(e.alg.slice(-3))},n=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(e.alg.slice(-3),10)||1)},n=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new nz(n9)}break;case"EC":switch(e.alg){case"ES256":case"ES384":case"ES512":t={name:"ECDSA",namedCurve:({ES256:"P-256",ES384:"P-384",ES512:"P-521"})[e.alg]},n=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},n=e.d?["deriveBits"]:[];break;default:throw new nz(n9)}break;case"OKP":switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},n=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},n=e.d?["deriveBits"]:[];break;default:throw new nz(n9)}break;default:throw new nz('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:n}}(e),o=r.algorithm,i=r.keyUsages,a=R({},e);return"AKP"!==a.kty&&delete a.alg,delete a.use,crypto.subtle.importKey("jwk",a,o,null!=(t=e.ext)?t:!e.d&&!e.priv,null!=(n=e.key_ops)?n:i)}let n6="given KeyObject instance cannot be used for this algorithm",n8=async function(e,t,n){let r=arguments.length>3&&void 0!==arguments[3]&&arguments[3];s||(s=new WeakMap);let o=s.get(e);if(null!=o&&o[n])return o[n];let i=await n4(R(R({},t),{},{alg:n}));return r&&Object.freeze(e),o?o[n]=i:s.set(e,{[n]:i}),i};async function n7(e,t){if(e instanceof Uint8Array||nq(e))return e;if(nQ(e)){if("secret"===e.type)return e.export();if("toCryptoKey"in e&&"function"==typeof e.toCryptoKey)try{return((e,t)=>{let n;s||(s=new WeakMap);let r=s.get(e);if(null!=r&&r[t])return r[t];let o="public"===e.type,i=!!o;if("x25519"===e.asymmetricKeyType){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw TypeError(n6)}n=e.toCryptoKey(e.asymmetricKeyType,i,o?[]:["deriveBits"])}if("ed25519"===e.asymmetricKeyType){if("EdDSA"!==t&&"Ed25519"!==t)throw TypeError(n6);n=e.toCryptoKey(e.asymmetricKeyType,i,[o?"verify":"sign"])}switch(e.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":if(t!==e.asymmetricKeyType.toUpperCase())throw TypeError(n6);n=e.toCryptoKey(e.asymmetricKeyType,i,[o?"verify":"sign"])}if("rsa"===e.asymmetricKeyType){let r;switch(t){case"RSA-OAEP":r="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":r="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":r="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":r="SHA-512";break;default:throw TypeError(n6)}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:r},i,o?["encrypt"]:["decrypt"]);n=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:r},i,[o?"verify":"sign"])}if("ec"===e.asymmetricKeyType){var a;let r=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(null==(a=e.asymmetricKeyDetails)?void 0:a.namedCurve);if(!r)throw TypeError(n6);let s={ES256:"P-256",ES384:"P-384",ES512:"P-521"};s[t]&&r===s[t]&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:r},i,[o?"verify":"sign"])),t.startsWith("ECDH-ES")&&(n=e.toCryptoKey({name:"ECDH",namedCurve:r},i,o?[]:["deriveBits"]))}if(!n)throw TypeError(n6);return r?r[t]=n:s.set(e,{[t]:n}),n})(e,t)}catch(e){if(e instanceof TypeError)throw e}let n=e.export({format:"jwk"});return n8(e,n,t)}if(n1(e))return e.k?nW(e.k):n8(e,e,t,!0);throw Error("unreachable")}let re=(e,t)=>{if(e.byteLength!==t.length)return!1;for(let n=0;n<e.byteLength;n++)if(e[n]!==t[n])return!1;return!0},rt=e=>{let t=e.data[e.pos++];if(128&t){let n=127&t,r=0;for(let t=0;t<n;t++)r=r<<8|e.data[e.pos++];return r}return t},rn=(e,t,n)=>{if(e.data[e.pos++]!==t)throw Error(n)},rr=(e,t)=>{let n=e.data.subarray(e.pos,e.pos+t);return e.pos+=t,n},ro=async(e,t,n,r)=>{var o;let i,a,s="spki"===e,c=()=>s?["verify"]:["sign"];switch(n){case"PS256":case"PS384":case"PS512":i={name:"RSA-PSS",hash:"SHA-".concat(n.slice(-3))},a=c();break;case"RS256":case"RS384":case"RS512":i={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(n.slice(-3))},a=c();break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":i={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(n.slice(-3),10)||1)},a=s?["encrypt","wrapKey"]:["decrypt","unwrapKey"];break;case"ES256":case"ES384":case"ES512":i={name:"ECDSA",namedCurve:({ES256:"P-256",ES384:"P-384",ES512:"P-521"})[n]},a=c();break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":try{let e=r.getNamedCurve(t);i="X25519"===e?{name:"X25519"}:{name:"ECDH",namedCurve:e}}catch(e){throw new nz("Invalid or unsupported key format")}a=s?[]:["deriveBits"];break;case"Ed25519":case"EdDSA":i={name:"Ed25519"},a=c();break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":i={name:n},a=c();break;default:throw new nz('Invalid or unsupported "alg" (Algorithm) value')}return crypto.subtle.importKey(e,t,i,null!=(o=null==r?void 0:r.extractable)?o:!!s,a)},ri=e=>null==e?void 0:e[Symbol.toStringTag],ra=(e,t,n)=>{if(void 0!==t.use){let e;switch(n){case"sign":case"verify":e="sig";break;case"encrypt":case"decrypt":e="enc"}if(t.use!==e)throw TypeError('Invalid key for this operation, its "use" must be "'.concat(e,'" when present'))}if(void 0!==t.alg&&t.alg!==e)throw TypeError('Invalid key for this operation, its "alg" must be "'.concat(e,'" when present'));if(Array.isArray(t.key_ops)){var r,o;let i;switch(!0){case"sign"===n||"verify"===n:case"dir"===e:case e.includes("CBC-HS"):i=n;break;case e.startsWith("PBES2"):i="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):i=!e.includes("GCM")&&e.endsWith("KW")?"encrypt"===n?"wrapKey":"unwrapKey":n;break;case"encrypt"===n&&e.startsWith("RSA"):i="wrapKey";break;case"decrypt"===n:i=e.startsWith("RSA")?"unwrapKey":"deriveBits"}if(i&&!1===(null==(r=t.key_ops)||null==(o=r.includes)?void 0:o.call(r,i)))throw TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(i,'" when present'))}return!0};"undefined"!=typeof navigator&&null!=(rz=navigator.userAgent)&&null!=(rM=rz.startsWith)&&rM.call(rz,"Mozilla/5.0 ")||(c={"user-agent":"".concat("openid-client","/").concat("v6.8.4")});let rs=e=>l.get(e);function rc(e){return void 0!==e?tN(e):(u||(u=new WeakMap),(e,t,n,r)=>{let o;return(o=u.get(t))||(!function(e,t){if("string"!=typeof e)throw rh("".concat(t," must be a string"),ru);if(0===e.length)throw rh("".concat(t," must not be empty"),rl)}(t.client_secret,'"metadata.client_secret"'),o=tN(t.client_secret),u.set(t,o)),o(e,t,n,r)})}let rl="ERR_INVALID_ARG_VALUE",ru="ERR_INVALID_ARG_TYPE";function rh(e,t,n){let r=TypeError(e,{cause:n});return Object.assign(r,{code:t}),r}class rd extends Error{constructor(e,t){var n;super(e,t),P(this,"code",void 0),this.name=this.constructor.name,this.code=null==t?void 0:t.code,null==(n=Error.captureStackTrace)||n.call(Error,this,this.constructor)}}function rp(e,t,n){return new rd(e,{cause:t,code:n})}function rf(e){if(e instanceof TypeError||e instanceof rd||e instanceof tz||e instanceof tM||e instanceof tX)throw e;if(e instanceof t_)switch(e.code){case np:throw rp("only requests to HTTPS are allowed",e,e.code);case nf:throw rp("only requests to HTTP or HTTPS are allowed",e,e.code);case nd:throw rp("unexpected HTTP response status code",e.cause,e.code);case nh:throw rp("unexpected response content-type",e.cause,e.code);case nl:throw rp("parsing error occured",e,e.code);case nu:throw rp("invalid response encountered",e,e.code);case ny:throw rp("unexpected JWT claim value encountered",e,e.code);case ng:throw rp("unexpected JSON attribute value encountered",e,e.code);case nm:throw rp("JWT timestamp claim value failed validation",e,e.code);default:throw rp(e.message,e,e.code)}if(e instanceof tk)throw rp("unsupported operation",e,e.code);if(e instanceof DOMException)switch(e.name){case"OperationError":throw rp("runtime operation error",e,ns);case"NotSupportedError":throw rp("runtime unsupported operation",e,ns);case"TimeoutError":throw rp("operation timed out",e,"OAUTH_TIMEOUT");case"AbortError":throw rp("operation aborted",e,"OAUTH_ABORT")}throw new rd("something went wrong",{cause:e})}async function rm(e,t,n,r,o){let i=new rg(await async function(e,t){var n,r,o;if(!(e instanceof URL))throw rh('"server" must be an instance of URL',ru);let i=!e.href.includes("/.well-known/"),a=null!=(n=null==t?void 0:t.timeout)?n:30,s=AbortSignal.timeout(1e3*a),l=await (i?tR(e,{algorithm:null==t?void 0:t.algorithm,[tf]:null==t?void 0:t[tf],[th]:null==t||null==(r=t.execute)?void 0:r.includes(rS),signal:s,headers:new Headers(c)}):((null==t?void 0:t[tf])||fetch)((tH(e,null==t||null==(o=t.execute)||!o.includes(rS)),e.href),{headers:Object.fromEntries(new Headers(R({accept:"application/json"},c)).entries()),body:void 0,method:"GET",redirect:"manual",signal:s})).then(e=>(async function(e,t){if(!(e instanceof URL)&&e!==nR)throw tu('"expectedIssuerIdentifier" must be an instance of URL',tl);if(!ts(t,Response))throw tu('"response" must be an instance of Response',tl);if(200!==t.status)throw tS('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)',nd,t);nv(t);let n=await nA(t);if(tC(n.issuer,'"response" body "issuer" property',nu,{body:n}),e!==nR&&new URL(n.issuer).href!==e.href)throw tS('"response" body "issuer" property does not match the expected value',ng,{expected:e.href,body:n,attribute:"issuer"});return n})(nR,e)).catch(rf);return i&&new URL(l.issuer).href!==e.href&&("https://login.microsoftonline.com"!==e.origin||null!=t&&t.algorithm&&"oidc"!==t.algorithm||(l[ry]=!0,0))&&(!e.hostname.endsWith(".b2clogin.com")||null!=t&&t.algorithm&&"oidc"!==t.algorithm)&&(()=>{throw new rd("discovered metadata issuer does not match the expected issuer",{code:ng,cause:{expected:e.href,body:l,attribute:"issuer"}})})(),l}(e,o),t,n,r),a=rs(i);if(null!=o&&o[tf]&&(a.fetch=o[tf]),null!=o&&o.timeout&&(a.timeout=o.timeout),null!=o&&o.execute)for(let e of o.execute)e(i);return i}new TextDecoder;let ry=Symbol();class rg{constructor(e,t,n,r){var o,i,a,s,c;let u;if("string"!=typeof t||!t.length)throw rh('"clientId" must be a non-empty string',ru);if("string"==typeof n&&(n={client_secret:n}),void 0!==(null==(o=n)?void 0:o.client_id)&&t!==n.client_id)throw rh('"clientId" and "metadata.client_id" must be the same',rl);let h=R(R({},structuredClone(n)),{},{client_id:t});h[td]=null!=(i=null==(a=n)?void 0:a[td])?i:0,h[tp]=null!=(s=null==(c=n)?void 0:c[tp])?s:30,u=r||("string"==typeof h.client_secret&&h.client_secret.length?rc(h.client_secret):(e,t,n,r)=>{n.set("client_id",t.client_id)});let d=Object.freeze(h),p=structuredClone(e);ry in e&&(p[nI]=t=>{let n=t.claims.tid;return e.issuer.replace("{tenantid}",n)});let f=Object.freeze(p);l||(l=new WeakMap),l.set(this,{__proto__:null,as:f,c:d,auth:u,tlsOnly:!0,jwksCache:{}})}serverMetadata(){let e=structuredClone(rs(this).as);return Object.defineProperties(e,{supportsPKCE:{__proto__:null,value(){var t;let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"S256";return!0===(null==(t=e.code_challenge_methods_supported)?void 0:t.includes(n))}}}),e}clientMetadata(){return structuredClone(rs(this).c)}get timeout(){return rs(this).timeout}set timeout(e){rs(this).timeout=e}get[tf](){return rs(this).fetch}set[tf](e){rs(this).fetch=e}}function rw(e){Object.defineProperties(e,function(e){let t;if(void 0!==e.expires_in){let n=new Date;n.setSeconds(n.getSeconds()+e.expires_in),t=n.getTime()}return{expiresIn:{__proto__:null,value(){if(t){let e=Date.now();return t>e?Math.floor((t-e)/1e3):0}}},claims:{__proto__:null,value(){try{return t3(this)}catch(e){return}}}}}(e))}async function rb(e,t,n){var r;let o,i=arguments.length>3&&void 0!==arguments[3]&&arguments[3],a=null==(r=e.headers.get("retry-after"))?void 0:r.trim();if(void 0!==a){if(/^\d+$/.test(a))o=parseInt(a,10);else{let e=new Date(a);if(Number.isFinite(e.getTime())){let t=new Date,n=e.getTime()-t.getTime();n>0&&(o=Math.ceil(n/1e3))}}if(i&&!Number.isFinite(o))throw new t_("invalid Retry-After header value",{cause:e});o>t&&await rv(o-t,n)}}function rv(e,t){return new Promise((n,r)=>{let o=e=>{try{t.throwIfAborted()}catch(e){return void r(e)}if(e<=0)return void n();let i=Math.min(e,5);setTimeout(()=>o(e-i),1e3*i)};o(e)})}async function rk(e,t){rI(e);let n=rs(e),r=n.as,o=n.c,i=n.auth,a=n.fetch,s=n.tlsOnly,l=n.timeout;return(async function(e,t,n,r,o){tK(e),tL(t);let i=tJ(e,"backchannel_authentication_endpoint",t.use_mtls_endpoint_aliases,!0!==(null==o?void 0:o[th])),a=new URLSearchParams(r);a.set("client_id",t.client_id);let s=tE(null==o?void 0:o.headers);return s.set("accept","application/json"),t0(e,t,n,i,a,s,o)})(r,o,i,t,{[tf]:a,[th]:!s,headers:new Headers(c),signal:rC(l)}).then(e=>(async function(e,t,n){if(tK(e),tL(t),!ts(n,Response))throw tu('"response" must be an instance of Response',tl);await tq(n,200,"Backchannel Authentication Endpoint"),nv(n);let r=await nA(n);tC(r.auth_req_id,'"response" body "auth_req_id" property',nu,{body:r});let o="number"!=typeof r.expires_in?parseFloat(r.expires_in):r.expires_in;return tI(o,!0,'"response" body "expires_in" property',nu,{body:r}),r.expires_in=o,void 0!==r.interval&&tI(r.interval,!1,'"response" body "interval" property',nu,{body:r}),r})(r,o,e)).catch(rf)}async function r_(e,t,n,r){var o,i,a;let s;rI(e),n=new URLSearchParams(n);let l=null!=(o=t.interval)?o:5,u=null!=(i=null==r?void 0:r.signal)?i:AbortSignal.timeout(1e3*t.expires_in);try{await rv(l,u)}catch(e){rf(e)}let h=rs(e),d=h.as,p=h.c,f=h.auth,m=h.fetch,y=h.tlsOnly,g=h.nonRepudiation,w=h.timeout,b=h.decrypt,v=(o,i)=>r_(e,R(R({},t),{},{interval:o}),n,R(R({},r),{},{signal:u,flag:i})),k=function(e,t){let n=rC(t);if(!n)return{signal:e,cleanup(){}};let r=new AbortController,o=e=>{let t=e.target;r.abort(t.reason)};return e.aborted?r.abort(e.reason):n.aborted?r.abort(n.reason):(e.addEventListener("abort",o,{once:!0}),n.addEventListener("abort",o,{once:!0})),{signal:r.signal,cleanup(){e.removeEventListener("abort",o),n.removeEventListener("abort",o)}}}(u,w),_=await (async function(e,t,n,r,o){tK(e),tL(t),tC(r,'"authReqId"');let i=new URLSearchParams(null==o?void 0:o.additionalParameters);return i.set("auth_req_id",r),t2(e,t,n,"urn:openid:params:grant-type:ciba",i,o)})(d,p,f,t.auth_req_id,{[tf]:m,[th]:!y,additionalParameters:n,DPoP:null==r?void 0:r.DPoP,headers:new Headers(c),signal:k.signal}).catch(rf).finally(k.cleanup);if(503===_.status&&_.headers.has("retry-after"))return await rb(_,l,u,!0),await (null==(a=_.body)?void 0:a.cancel()),v(l);let S=async function(e,t,n,r){return t9(e,t,n,void 0,null==r?void 0:r[ty],null==r?void 0:r.recognizedTokenTypes)}(d,p,_,{[ty]:b});try{s=await S}catch(e){if(rx(e,r))return v(l,rO);if(e instanceof tz)switch(e.error){case"slow_down":l+=5;case"authorization_pending":return await rb(e.response,l,u),v(l)}rf(e)}return s.id_token&&await (null==g?void 0:g(_)),rw(s),s}function rS(e){rs(e).tlsOnly=!1}async function rT(e,t,n,r,o){let i,a,s;if(rI(e),!((null==o?void 0:o.flag)===rO||t instanceof URL||function(e,t){try{return Object.getPrototypeOf(e)[Symbol.toStringTag]===t}catch(e){return!1}}(t,"Request")))throw rh('"currentUrl" must be an instance of URL, or Request',ru);let l=rs(e),u=l.as,h=l.c,d=l.auth,p=l.fetch,f=l.tlsOnly,m=l.jarm,y=l.hybrid,g=l.nonRepudiation,w=l.timeout,b=l.decrypt,v=l.implicit;if((null==o?void 0:o.flag)===rO)i=o.authResponse,a=o.redirectUri;else{if(!(t instanceof URL)){let e=t;switch(t=new URL(t.url),e.method){case"GET":break;case"POST":let n=new URLSearchParams(await n_(e));if(y)t.hash=n.toString();else for(let e of n.entries()){var k,_=C(e,2);let n=_[0],r=_[1];t.searchParams.append(n,r)}break;default:throw rh("unexpected Request HTTP method",rl)}}switch((k=new URL(k=t)).search="",k.hash="",a=k.href,!0){case!!m:i=await m(t,null==n?void 0:n.expectedState);break;case!!y:i=await y(t,null==n?void 0:n.expectedNonce,null==n?void 0:n.expectedState,null==n?void 0:n.maxAge);break;case!!v:throw TypeError("authorizationCodeGrant() cannot be used by response_type=id_token clients");default:try{i=function(e,t,n,r){var o;if(tK(e),tL(t),n instanceof URL&&(n=n.searchParams),!(n instanceof URLSearchParams))throw tu('"parameters" must be an instance of URLSearchParams, or URL',tl);if(nT(n,"response"))throw tS('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()',nu,{parameters:n});let i=nT(n,"iss"),a=nT(n,"state");if(!i&&e.authorization_response_iss_parameter_supported)throw tS('response parameter "iss" (issuer) missing',nu,{parameters:n});if(i&&i!==e.issuer)throw tS('unexpected "iss" (issuer) response parameter value',nu,{expected:e.issuer,parameters:n});switch(r){case void 0:case nP:if(void 0!==a)throw tS('unexpected "state" response parameter encountered',nu,{expected:void 0,parameters:n});break;case nE:break;default:if(tC(r,'"expectedState" argument'),a!==r)throw tS(void 0===a?'response parameter "state" missing':'unexpected "state" response parameter value',nu,{expected:r,parameters:n})}if(nT(n,"error"))throw new tM("authorization response from the server is an error",{cause:n});let s=nT(n,"id_token"),c=nT(n,"token");if(void 0!==s||void 0!==c)throw new tk("implicit and hybrid flows are not supported");return o=new URLSearchParams(n),t8.add(o),o}(u,h,t.searchParams,null==n?void 0:n.expectedState)}catch(e){rf(e)}}}let S=await (async function(e,t,n,r,o,i,a){if(tK(e),tL(t),!t8.has(r))throw tu('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()',tc);tC(o,'"redirectUri"');let s=nT(r,"code");if(!s)throw tS('no authorization code in "callbackParameters"',nu);let c=new URLSearchParams(null==a?void 0:a.additionalParameters);return c.set("redirect_uri",o),c.set("code",s),i!==t7&&(tC(i,'"codeVerifier"'),c.set("code_verifier",i)),t2(e,t,n,"authorization_code",c,a)})(u,h,d,i,a,(null==n?void 0:n.pkceCodeVerifier)||t7,{additionalParameters:r,[tf]:p,[th]:!f,DPoP:null==o?void 0:o.DPoP,headers:new Headers(c),signal:rC(w)}).catch(rf);"string"!=typeof(null==n?void 0:n.expectedNonce)&&"number"!=typeof(null==n?void 0:n.maxAge)||(n.idTokenExpected=!0);let T=no(u,h,S,{expectedNonce:null==n?void 0:n.expectedNonce,maxAge:null==n?void 0:n.maxAge,requireIdToken:null==n?void 0:n.idTokenExpected,[ty]:b});try{s=await T}catch(t){if(rx(t,o))return rT(e,void 0,n,r,R(R({},o),{},{flag:rO,authResponse:i,redirectUri:a}));rf(t)}return s.id_token&&await (null==g?void 0:g(S)),rw(s),s}async function rE(e,t,n,r){let o;rI(e),n=new URLSearchParams(n);let i=rs(e),a=i.as,s=i.c,l=i.auth,u=i.fetch,h=i.tlsOnly,d=i.nonRepudiation,p=i.timeout,f=i.decrypt,m=await (async function(e,t,n,r,o){tK(e),tL(t),tC(r,'"refreshToken"');let i=new URLSearchParams(null==o?void 0:o.additionalParameters);return i.set("refresh_token",r),t2(e,t,n,"refresh_token",i,o)})(a,s,l,t,{[tf]:u,[th]:!h,additionalParameters:n,DPoP:null==r?void 0:r.DPoP,headers:new Headers(c),signal:rC(p)}).catch(rf),y=async function(e,t,n,r){return t9(e,t,n,void 0,null==r?void 0:r[ty],null==r?void 0:r.recognizedTokenTypes)}(a,s,m,{[ty]:f});try{o=await y}catch(o){if(rx(o,r))return rE(e,t,n,R(R({},r),{},{flag:rO}));rf(o)}return o.id_token&&await (null==d?void 0:d(m)),rw(o),o}async function rP(e,t,n){let r;rI(e),t=new URLSearchParams(t);let o=rs(e),i=o.as,a=o.c,s=o.auth,l=o.fetch,u=o.tlsOnly,h=o.timeout,d=await (async function(e,t,n,r,o){return tK(e),tL(t),t2(e,t,n,"client_credentials",new URLSearchParams(r),o)})(i,a,s,t,{[tf]:l,[th]:!u,DPoP:null==n?void 0:n.DPoP,headers:new Headers(c),signal:rC(h)}).catch(rf),p=async function(e,t,n,r){return t9(e,t,n,void 0,void 0,void 0)}(i,a,d);try{r=await p}catch(r){if(rx(r,n))return rP(e,t,R(R({},n),{},{flag:rO}));rf(r)}return rw(r),r}function rA(e,t){rI(e);let n=rs(e),r=n.as,o=n.c,i=n.tlsOnly,a=n.hybrid,s=n.jarm,c=n.implicit,l=tJ(r,"authorization_endpoint",!1,i);if((t=new URLSearchParams(t)).has("client_id")||t.set("client_id",o.client_id),!t.has("request_uri")&&!t.has("request")){if(t.has("response_type")||t.set("response_type",a?"code id_token":c?"id_token":"code"),c&&!t.has("nonce"))throw rh("response_type=id_token clients must provide a nonce parameter in their authorization request parameters",rl);s&&t.set("response_mode","jwt")}for(let e of t.entries()){var u=C(e,2);let t=u[0],n=u[1];l.searchParams.append(t,n)}return l}async function rR(e,t,n){let r;rI(e);let o=rA(e,t),i=rs(e),a=i.as,s=i.c,l=i.auth,u=i.fetch,h=i.tlsOnly,d=i.timeout,p=await (async function(e,t,n,r,o){var i;tK(e),tL(t);let a=tJ(e,"pushed_authorization_request_endpoint",t.use_mtls_endpoint_aliases,!0!==(null==o?void 0:o[th])),s=new URLSearchParams(r);s.set("client_id",t.client_id);let c=tE(null==o?void 0:o.headers);c.set("accept","application/json"),void 0!==(null==o?void 0:o.DPoP)&&(tQ(o.DPoP),await o.DPoP.addProof(a,c,"POST"));let l=await t0(e,t,n,a,s,c,o);return null==o||null==(i=o.DPoP)||i.cacheNonce(l,a),l})(a,s,l,o.searchParams,{[tf]:u,[th]:!h,DPoP:null==n?void 0:n.DPoP,headers:new Headers(c),signal:rC(d)}).catch(rf),f=async function(e,t,n){if(tK(e),tL(t),!ts(n,Response))throw tu('"response" must be an instance of Response',tl);await tq(n,201,"Pushed Authorization Request Endpoint"),nv(n);let r=await nA(n);tC(r.request_uri,'"response" body "request_uri" property',nu,{body:r});let o="number"!=typeof r.expires_in?parseFloat(r.expires_in):r.expires_in;return tI(o,!0,'"response" body "expires_in" property',nu,{body:r}),r.expires_in=o,r}(a,s,p);try{r=await f}catch(r){if(rx(r,n))return rR(e,t,R(R({},n),{},{flag:rO}));rf(r)}return rA(e,{request_uri:r.request_uri})}function rI(e){if(!(e instanceof rg))throw rh('"config" must be an instance of Configuration',ru);if(Object.getPrototypeOf(e)!==rg.prototype)throw rh("subclassing Configuration is not allowed",rl)}function rC(e){return e?AbortSignal.timeout(1e3*e):void 0}function rx(e,t){return!(null==t||!t.DPoP||t.flag===rO)&&function(e){if(e instanceof tX){let t=e.cause,n=t[0];return 1===t.length&&"dpop"===n.scheme&&"use_dpop_nonce"===n.parameters.error}return e instanceof tz&&"use_dpop_nonce"===e.error}(e)}Object.freeze(rg.prototype);let rO=Symbol();async function rj(e,t,n,r){let o,i;rI(e);let a=rs(e),s=a.as,l=a.c,u=a.auth,h=a.fetch,d=a.tlsOnly,p=a.timeout,f=a.decrypt,m=a.nonRepudiation,y=await (async function(e,t,n,r,o,i){return tK(e),tL(t),tC(r,'"grantType"'),t2(e,t,n,r,new URLSearchParams(o),i)})(s,l,u,t,new URLSearchParams(n),{[tf]:h,[th]:!d,DPoP:null==r?void 0:r.DPoP,headers:new Headers(c),signal:rC(p)}).catch(rf);"urn:ietf:params:oauth:grant-type:token-exchange"===t&&(o={n_a:()=>{}});let g=async function(e,t,n,r){return t9(e,t,n,void 0,null==r?void 0:r[ty],null==r?void 0:r.recognizedTokenTypes)}(s,l,y,{[ty]:f,recognizedTokenTypes:o});try{i=await g}catch(o){if(rx(o,r))return rj(e,t,n,R(R({},r),{},{flag:rO}));rf(o)}return i.id_token&&await (null==m?void 0:m(y)),rw(i),i}async function rW(e,t,n){if(!n2(e))throw new nM("Flattened JWS must be an object");if(void 0===e.protected&&void 0===e.header)throw new nM('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==e.protected&&"string"!=typeof e.protected)throw new nM("JWS Protected Header incorrect type");if(void 0===e.payload)throw new nM("JWS Payload missing");if("string"!=typeof e.signature)throw new nM("JWS Signature missing or incorrect type");if(void 0!==e.header&&!n2(e.header))throw new nM("JWS Unprotected Header incorrect type");let r={};if(e.protected)try{let t=nW(e.protected);r=JSON.parse(nx.decode(t))}catch(e){throw new nM("JWS Protected Header is invalid")}if(!function(){let e;for(var t=arguments.length,n=Array(t),r=0;r<t;r++)n[r]=arguments[r];let o=n.filter(Boolean);if(0===o.length||1===o.length)return!0;for(let t of o){let n=Object.keys(t);if(e&&0!==e.size)for(let t of n){if(e.has(t))return!1;e.add(t)}else e=new Set(n)}return!0}(r,e.header))throw new nM("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let o=R(R({},r),e.header),i=function(e,t,n,r,o){let i;if(void 0!==o.crit&&void 0===(null==r?void 0:r.crit))throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!r||void 0===r.crit)return new Set;if(!Array.isArray(r.crit)||0===r.crit.length||r.crit.some(e=>"string"!=typeof e||0===e.length))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');for(let a of(i=void 0!==n?new Map([...Object.entries(n),...t.entries()]):t,r.crit)){if(!i.has(a))throw new nz('Extension Header Parameter "'.concat(a,'" is not recognized'));if(void 0===o[a])throw new e('Extension Header Parameter "'.concat(a,'" is missing'));if(i.get(a)&&void 0===r[a])throw new e('Extension Header Parameter "'.concat(a,'" MUST be integrity protected'))}return new Set(r.crit)}(nM,new Map([["b64",!0]]),null==n?void 0:n.crit,r,o),a=!0;if(i.has("b64")&&"boolean"!=typeof(a=r.b64))throw new nM('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let s=o.alg;if("string"!=typeof s||!s)throw new nM('JWS "alg" (Algorithm) Header Parameter missing or invalid');let c=n&&function(e,t){if(void 0!==t&&(!Array.isArray(t)||t.some(e=>"string"!=typeof e)))throw TypeError('"'.concat(e,'" option must be an array of strings'));if(t)return new Set(t)}("algorithms",n.algorithms);if(c&&!c.has(s))throw new nJ('"alg" (Algorithm) Header Parameter value not allowed');if(a){if("string"!=typeof e.payload)throw new nM("JWS Payload must be a string")}else if("string"!=typeof e.payload&&!(e.payload instanceof Uint8Array))throw new nM("JWS Payload must be a string or an Uint8Array instance");let l=!1;"function"==typeof t&&(t=await t(r,e),l=!0),function(e,t,n){switch(e.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":((e,t,n)=>{if(!(t instanceof Uint8Array)){if(n1(t)){if("oct"===t.kty&&"string"==typeof t.k&&ra(e,t,n))return;throw TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!n$(t))throw TypeError(nN(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if("secret"!==t.type)throw TypeError("".concat(ri(t),' instances for symmetric algorithms must be of type "secret"'))}})(e,t,n);break;default:((e,t,n)=>{if(n1(t))switch(n){case"decrypt":case"sign":if("oct"!==t.kty&&("AKP"===t.kty&&"string"==typeof t.priv||"string"==typeof t.d)&&ra(e,t,n))return;throw TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if("oct"!==t.kty&&void 0===t.d&&void 0===t.priv&&ra(e,t,n))return;throw TypeError("JSON Web Key for this operation must be a public JWK")}if(!n$(t))throw TypeError(nN(e,t,"CryptoKey","KeyObject","JSON Web Key"));if("secret"===t.type)throw TypeError("".concat(ri(t),' instances for asymmetric algorithms must not be of type "secret"'));if("public"===t.type)switch(n){case"sign":throw TypeError("".concat(ri(t),' instances for asymmetric algorithm signing must be of type "private"'));case"decrypt":throw TypeError("".concat(ri(t),' instances for asymmetric algorithm decryption must be of type "private"'))}if("private"===t.type)switch(n){case"verify":throw TypeError("".concat(ri(t),' instances for asymmetric algorithm verifying must be of type "public"'));case"encrypt":throw TypeError("".concat(ri(t),' instances for asymmetric algorithm encryption must be of type "public"'))}})(e,t,n)}}(s,t,"verify");let u=function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];let r=new Uint8Array(t.reduce((e,t)=>e+t.length,0)),o=0;for(let e of t)r.set(e,o),o+=e.length;return r}(void 0!==e.protected?nO(e.protected):new Uint8Array,nO("."),"string"==typeof e.payload?a?nO(e.payload):nC.encode(e.payload):e.payload),h=n0(e.signature,"signature",nM),d=await n7(t,s);if(!await n3(s,d,h,u))throw new nB;let p={payload:a?n0(e.payload,"payload",nM):"string"==typeof e.payload?nC.encode(e.payload):e.payload};return void 0!==e.protected&&(p.protectedHeader=r),void 0!==e.header&&(p.unprotectedHeader=e.header),l?R(R({},p),{},{key:d}):p}let rU=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function rK(e){let t,n=rU.exec(e);if(!n||n[4]&&n[1])throw TypeError("Invalid time period format");let r=parseFloat(n[2]);switch(n[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":t=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":t=Math.round(60*r);break;case"hour":case"hours":case"hr":case"hrs":case"h":t=Math.round(3600*r);break;case"day":case"days":case"d":t=Math.round(86400*r);break;case"week":case"weeks":case"w":t=Math.round(604800*r);break;default:t=Math.round(0x1e187e0*r)}return"-"===n[1]||"ago"===n[4]?-t:t}let rL=e=>e.includes("/")?e.toLowerCase():"application/".concat(e.toLowerCase());async function rN(e,t,n){var r;let o=await async function(e,t,n){if(e instanceof Uint8Array&&(e=nx.decode(e)),"string"!=typeof e)throw new nM("Compact JWS must be a string or Uint8Array");let r=e.split("."),o=r[0],i=r[1],a=r[2];if(3!==r.length)throw new nM("Invalid Compact JWS");let s=await rW({payload:i,protected:o,signature:a},t,n),c={payload:s.payload,protectedHeader:s.protectedHeader};return"function"==typeof t?R(R({},c),{},{key:s.key}):c}(e,t,n);if(null!=(r=o.protectedHeader.crit)&&r.includes("b64")&&!1===o.protectedHeader.b64)throw new nX("JWTs MUST NOT use unencoded payload");let i={payload:function(e,t){var n,r;let o,i,a=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};try{i=JSON.parse(nx.decode(t))}catch(e){}if(!n2(i))throw new nX("JWT Claims Set must be a top-level JSON object");let s=a.typ;if(s&&("string"!=typeof e.typ||rL(e.typ)!==rL(s)))throw new nH('unexpected "typ" JWT header value',i,"typ","check_failed");let c=a.requiredClaims,l=a.issuer,u=a.subject,h=a.audience,d=a.maxTokenAge,p=[...void 0===c?[]:c];for(let e of(void 0!==d&&p.push("iat"),void 0!==h&&p.push("aud"),void 0!==u&&p.push("sub"),void 0!==l&&p.push("iss"),new Set(p.reverse())))if(!(e in i))throw new nH('missing required "'.concat(e,'" claim'),i,e,"missing");if(l&&!(Array.isArray(l)?l:[l]).includes(i.iss))throw new nH('unexpected "iss" claim value',i,"iss","check_failed");if(u&&i.sub!==u)throw new nH('unexpected "sub" claim value',i,"sub","check_failed");if(h&&(n=i.aud,r="string"==typeof h?[h]:h,!("string"==typeof n?r.includes(n):Array.isArray(n)&&r.some(Set.prototype.has.bind(new Set(n))))))throw new nH('unexpected "aud" claim value',i,"aud","check_failed");switch(typeof a.clockTolerance){case"string":o=rK(a.clockTolerance);break;case"number":o=a.clockTolerance;break;case"undefined":o=0;break;default:throw TypeError("Invalid clockTolerance option type")}let f=Math.floor((a.currentDate||new Date).getTime()/1e3);if((void 0!==i.iat||d)&&"number"!=typeof i.iat)throw new nH('"iat" claim must be a number',i,"iat","invalid");if(void 0!==i.nbf){if("number"!=typeof i.nbf)throw new nH('"nbf" claim must be a number',i,"nbf","invalid");if(i.nbf>f+o)throw new nH('"nbf" claim timestamp check failed',i,"nbf","check_failed")}if(void 0!==i.exp){if("number"!=typeof i.exp)throw new nH('"exp" claim must be a number',i,"exp","invalid");if(i.exp<=f-o)throw new nZ('"exp" claim timestamp check failed',i,"exp","check_failed")}if(d){let e=f-i.iat;if(e-o>("number"==typeof d?d:rK(d)))throw new nZ('"iat" claim timestamp check failed (too far in the past)',i,"iat","check_failed");if(e<0-o)throw new nH('"iat" claim timestamp check failed (it should be in the past)',i,"iat","check_failed")}return i}(o.protectedHeader,o.payload,n),protectedHeader:o.protectedHeader};return"function"==typeof t?R(R({},i),{},{key:o.key}):i}function rD(e){return n2(e)}var rH,rZ,rJ,rz,rM,rX,rG,rV=new WeakMap,rF=new WeakMap;class rY{constructor(e){if(T(this,rV,void 0),T(this,rF,new WeakMap),!function(e){return e&&"object"==typeof e&&Array.isArray(e.keys)&&e.keys.every(rD)}(e))throw new nG("JSON Web Key Set malformed");E(rV,this,structuredClone(e))}jwks(){return S(rV,this)}async getKey(e,t){let n=R(R({},e),null==t?void 0:t.header),r=n.alg,o=n.kid,i=function(e){switch("string"==typeof e&&e.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";case"ML":return"AKP";default:throw new nz('Unsupported "alg" value for a JSON Web Key Set')}}(r),a=S(rV,this).keys.filter(e=>{let t=i===e.kty;if(t&&"string"==typeof o&&(t=o===e.kid),t&&("string"==typeof e.alg||"AKP"===i)&&(t=r===e.alg),t&&"string"==typeof e.use&&(t="sig"===e.use),t&&Array.isArray(e.key_ops)&&(t=e.key_ops.includes("verify")),t)switch(r){case"ES256":t="P-256"===e.crv;break;case"ES384":t="P-384"===e.crv;break;case"ES512":t="P-521"===e.crv;break;case"Ed25519":case"EdDSA":t="Ed25519"===e.crv}return t}),s=a[0],c=a.length;if(0===c)throw new nV;if(1!==c){var l;let e=new nF,t=S(rF,this);throw e[Symbol.asyncIterator]=(l=function*(){for(let n of a)try{var e;yield yield(e=rB(t,n,r),new b(e,0))}catch(e){}},function(){return new x(l.apply(this,arguments))}),e}return rB(S(rF,this),s,r)}}async function rB(e,t,n){let r=e.get(t)||e.set(t,{}).get(t);if(void 0===r[n]){let e=await async function(e,t,n){let r;if(!n2(e))throw TypeError("JWK must be an object");switch(null!=t||(t=e.alg),null!=r||(r=e.ext),e.kty){case"oct":if("string"!=typeof e.k||!e.k)throw TypeError('missing "k" (Key Value) Parameter value');return nW(e.k);case"RSA":if("oth"in e&&void 0!==e.oth)throw new nz('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return n4(R(R({},e),{},{alg:t,ext:r}));case"AKP":if("string"!=typeof e.alg||!e.alg)throw TypeError('missing "alg" (Algorithm) Parameter value');if(void 0!==t&&t!==e.alg)throw TypeError("JWK alg and alg option value mismatch");return n4(R(R({},e),{},{ext:r}));case"EC":case"OKP":return n4(R(R({},e),{},{alg:t,ext:r}));default:throw new nz('Unsupported "kty" (Key Type) Parameter value')}}(R(R({},t),{},{ext:!0}),n);if(e instanceof Uint8Array||"public"!==e.type)throw new nG("JSON Web Key Set members must be public keys");r[n]=e}return r[n]}function rq(e){let t=new rY(e),n=async(e,n)=>t.getKey(e,n);return Object.defineProperties(n,{jwks:{value:()=>structuredClone(t.jwks()),enumerable:!1,configurable:!1,writable:!1}}),n}"undefined"!=typeof navigator&&null!=(rX=navigator.userAgent)&&null!=(rG=rX.startsWith)&&rG.call(rX,"Mozilla/5.0 ")||(h="".concat("jose","/").concat("v6.2.3"));let rQ=Symbol(),r$=Symbol();var r0=new WeakMap,r2=new WeakMap,r1=new WeakMap,r5=new WeakMap,r3=new WeakMap,r9=new WeakMap,r4=new WeakMap,r6=new WeakMap,r8=new WeakMap,r7=new WeakMap;class oe{constructor(e,t){var n,r;if(T(this,r0,void 0),T(this,r2,void 0),T(this,r1,void 0),T(this,r5,void 0),T(this,r3,void 0),T(this,r9,void 0),T(this,r4,void 0),T(this,r6,void 0),T(this,r8,void 0),T(this,r7,void 0),!(e instanceof URL))throw TypeError("url must be an instance of URL");E(r0,this,new URL(e.href)),E(r2,this,"number"==typeof(null==t?void 0:t.timeoutDuration)?null==t?void 0:t.timeoutDuration:5e3),E(r1,this,"number"==typeof(null==t?void 0:t.cooldownDuration)?null==t?void 0:t.cooldownDuration:3e4),E(r5,this,"number"==typeof(null==t?void 0:t.cacheMaxAge)?null==t?void 0:t.cacheMaxAge:6e5),E(r4,this,new Headers(null==t?void 0:t.headers)),h&&!S(r4,this).has("User-Agent")&&S(r4,this).set("User-Agent",h),S(r4,this).has("accept")||(S(r4,this).set("accept","application/json"),S(r4,this).append("accept","application/jwk-set+json")),E(r6,this,null==t?void 0:t[rQ]),void 0!==(null==t?void 0:t[r$])&&(E(r7,this,null==t?void 0:t[r$]),n=null==t?void 0:t[r$],r=S(r5,this),"object"==typeof n&&null!==n&&"uat"in n&&"number"==typeof n.uat&&!(Date.now()-n.uat>=r)&&"jwks"in n&&n2(n.jwks)&&Array.isArray(n.jwks.keys)&&Array.prototype.every.call(n.jwks.keys,n2)&&(E(r3,this,S(r7,this).uat),E(r8,this,rq(S(r7,this).jwks))))}pendingFetch(){return!!S(r9,this)}coolingDown(){return"number"==typeof S(r3,this)&&Date.now()<S(r3,this)+S(r1,this)}fresh(){return"number"==typeof S(r3,this)&&Date.now()<S(r3,this)+S(r5,this)}jwks(){var e;return null==(e=S(r8,this))?void 0:e.jwks()}async getKey(e,t){S(r8,this)&&this.fresh()||await this.reload();try{return await S(r8,this).call(this,e,t)}catch(n){if(n instanceof nV&&!1===this.coolingDown())return await this.reload(),S(r8,this).call(this,e,t);throw n}}async reload(){S(r9,this)&&("undefined"!=typeof WebSocketPair||"undefined"!=typeof navigator&&"Cloudflare-Workers"===navigator.userAgent||"undefined"!=typeof EdgeRuntime&&"vercel"===EdgeRuntime)&&E(r9,this,void 0),S(r9,this)||E(r9,this,(async function(e,t,n){let r=arguments.length>3&&void 0!==arguments[3]?arguments[3]:fetch,o=await r(e,{method:"GET",signal:n,redirect:"manual",headers:t}).catch(e=>{if("TimeoutError"===e.name)throw new nY;throw e});if(200!==o.status)throw new nD("Expected 200 OK from the JSON Web Key Set HTTP response");try{return await o.json()}catch(e){throw new nD("Failed to parse the JSON Web Key Set HTTP response as JSON")}})(S(r0,this).href,S(r4,this),AbortSignal.timeout(S(r2,this)),S(r6,this)).then(e=>{E(r8,this,rq(e)),S(r7,this)&&(S(r7,this).uat=Date.now(),S(r7,this).jwks=e),E(r3,this,Date.now()),E(r9,this,void 0)}).catch(e=>{throw E(r9,this,void 0),e})),await S(r9,this)}}let ot=["mfaToken"],on=["mfaToken"];var or,oo,oi,oa,os,oc,ol,ou,oh,od,op,of,om,oy,og,ow,ob=class extends Error{constructor(e,t){super(t),P(this,"code",void 0),this.name="NotSupportedError",this.code=e}},ov=class extends Error{constructor(e,t,n){super(t),P(this,"cause",void 0),P(this,"code",void 0),this.code=e,this.cause=n&&{error:n.error,error_description:n.error_description,message:n.message}}},ok=class extends ov{constructor(e,t){super("token_by_code_error",e,t),this.name="TokenByCodeError"}},o_=class extends ov{constructor(e,t){super("token_by_client_credentials_error",e,t),this.name="TokenByClientCredentialsError"}},oS=class extends ov{constructor(e,t){super("token_by_refresh_token_error",e,t),this.name="TokenByRefreshTokenError"}},oT=class extends ov{constructor(e,t){super("token_by_password_error",e,t),this.name="TokenByPasswordError"}},oE=class extends ov{constructor(e,t){super("token_for_connection_error",e,t),this.name="TokenForConnectionErrorCode"}},oP=class extends ov{constructor(e,t){super("token_exchange_error",e,t),this.name="TokenExchangeError"}},oA=class extends Error{constructor(e){super(e),P(this,"code","verify_logout_token_error"),this.name="VerifyLogoutTokenError"}},oR=class extends ov{constructor(e){super("backchannel_authentication_error","There was an error when trying to use Client-Initiated Backchannel Authentication.",e),P(this,"code","backchannel_authentication_error"),this.name="BackchannelAuthenticationError"}},oI=class extends ov{constructor(e){super("build_authorization_url_error","There was an error when trying to build the authorization URL.",e),this.name="BuildAuthorizationUrlError"}},oC=class extends ov{constructor(e){super("build_link_user_url_error","There was an error when trying to build the Link User URL.",e),this.name="BuildLinkUserUrlError"}},ox=class extends ov{constructor(e){super("build_unlink_user_url_error","There was an error when trying to build the Unlink User URL.",e),this.name="BuildUnlinkUserUrlError"}},oO=class extends Error{constructor(){super("The client secret or client assertion signing key must be provided."),P(this,"code","missing_client_auth_error"),this.name="MissingClientAuthError"}};function oj(e){return Object.entries(e).filter(e=>void 0!==C(e,2)[1]).reduce((e,t)=>R(R({},e),{},{[t[0]]:t[1]}),{})}var oW=class extends Error{constructor(e,t,n){super(t),P(this,"cause",void 0),P(this,"code",void 0),this.code=e,this.cause=n&&{error:n.error,error_description:n.error_description,message:n.message}}},oU=class extends oW{constructor(e,t){super("mfa_list_authenticators_error",e,t),this.name="MfaListAuthenticatorsError"}},oK=class extends oW{constructor(e,t){super("mfa_enrollment_error",e,t),this.name="MfaEnrollmentError"}},oL=class extends oW{constructor(e,t){super("mfa_delete_authenticator_error",e,t),this.name="MfaDeleteAuthenticatorError"}},oN=class extends oW{constructor(e,t){super("mfa_challenge_error",e,t),this.name="MfaChallengeError"}};function oD(e){return{id:e.id,authenticatorType:e.authenticator_type,active:e.active,name:e.name,oobChannels:e.oob_channels,type:e.type}}var oH=(or=new WeakMap,oo=new WeakMap,oi=new WeakMap,class{constructor(e){var t;T(this,or,void 0),T(this,oo,void 0),T(this,oi,void 0),E(or,this,"https://".concat(e.domain)),E(oo,this,e.clientId),E(oi,this,null!=(t=e.customFetch)?t:function(){return fetch(...arguments)})}async listAuthenticators(e){let t="".concat(S(or,this),"/mfa/authenticators"),n=e.mfaToken,r=await S(oi,this).call(this,t,{method:"GET",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"}});if(!r.ok){let e=await r.json();throw new oU(e.error_description||"Failed to list authenticators",e)}return(await r.json()).map(oD)}async enrollAuthenticator(e){let t="".concat(S(or,this),"/mfa/associate"),n=e.mfaToken,r=I(e,ot),o={authenticator_types:r.authenticatorTypes};"oobChannels"in r&&(o.oob_channels=r.oobChannels),"phoneNumber"in r&&r.phoneNumber&&(o.phone_number=r.phoneNumber),"email"in r&&r.email&&(o.email=r.email);let i=await S(oi,this).call(this,t,{method:"POST",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"},body:JSON.stringify(o)});if(!i.ok){let e=await i.json();throw new oK(e.error_description||"Failed to enroll authenticator",e)}var a=await i.json();if("otp"===a.authenticator_type)return{authenticatorType:"otp",secret:a.secret,barcodeUri:a.barcode_uri,recoveryCodes:a.recovery_codes,id:a.id};if("oob"===a.authenticator_type)return{authenticatorType:"oob",oobChannel:a.oob_channel,oobCode:a.oob_code,bindingMethod:a.binding_method,id:a.id,barcodeUri:a.barcode_uri,recoveryCodes:a.recovery_codes};throw Error("Unexpected authenticator type: ".concat(a.authenticator_type))}async deleteAuthenticator(e){let t=e.authenticatorId,n=e.mfaToken,r="".concat(S(or,this),"/mfa/authenticators/").concat(encodeURIComponent(t)),o=await S(oi,this).call(this,r,{method:"DELETE",headers:{Authorization:"Bearer ".concat(n),"Content-Type":"application/json"}});if(!o.ok){let e=await o.json();throw new oL(e.error_description||"Failed to delete authenticator",e)}}async challengeAuthenticator(e){let t="".concat(S(or,this),"/mfa/challenge"),n=e.mfaToken,r=I(e,on),o={mfa_token:n,client_id:S(oo,this),challenge_type:r.challengeType};r.authenticatorId&&(o.authenticator_id=r.authenticatorId);let i=await S(oi,this).call(this,t,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(o)});if(!i.ok){let e=await i.json();throw new oN(e.error_description||"Failed to challenge authenticator",e)}var a=await i.json();let s={challengeType:a.challenge_type};return void 0!==a.oob_code&&(s.oobCode=a.oob_code),void 0!==a.binding_method&&(s.bindingMethod=a.binding_method),s}}),oZ=class e{constructor(e,t,n,r,o,i,a){P(this,"accessToken",void 0),P(this,"idToken",void 0),P(this,"refreshToken",void 0),P(this,"expiresAt",void 0),P(this,"scope",void 0),P(this,"claims",void 0),P(this,"authorizationDetails",void 0),P(this,"tokenType",void 0),P(this,"issuedTokenType",void 0),this.accessToken=e,this.idToken=n,this.refreshToken=r,this.expiresAt=t,this.scope=o,this.claims=i,this.authorizationDetails=a}static fromTokenEndpointResponse(t){let n=t.id_token?t.claims():void 0,r=new e(t.access_token,Math.floor(Date.now()/1e3)+Number(t.expires_in),t.id_token,t.refresh_token,t.scope,n,t.authorization_details);return r.tokenType=t.token_type,r.issuedTokenType=t.issued_token_type,r}},oJ=(oa=new WeakMap,os=new WeakMap,oc=new WeakMap,class{constructor(e,t){T(this,oa,new Map),T(this,os,void 0),T(this,oc,void 0),E(oc,this,Math.max(1,Math.floor(e))),E(os,this,Math.max(0,Math.floor(t)))}get(e){let t=S(oa,this).get(e);if(t){if(!(Date.now()>=t.expiresAt))return S(oa,this).delete(e),S(oa,this).set(e,t),t.value;S(oa,this).delete(e)}}set(e,t){for(S(oa,this).has(e)&&S(oa,this).delete(e),S(oa,this).set(e,{value:t,expiresAt:Date.now()+S(os,this)});S(oa,this).size>S(oc,this);){let e=S(oa,this).keys().next().value;if(void 0===e)break;S(oa,this).delete(e)}}}),oz=new Map;function oM(e){return{ttlMs:1e3*("number"==typeof(null==e?void 0:e.ttl)?e.ttl:600),maxEntries:"number"==typeof(null==e?void 0:e.maxEntries)&&e.maxEntries>0?e.maxEntries:100}}var oX=class{static createDiscoveryCache(e){var t,n;let r=(t=e.maxEntries,n=e.ttlMs,"".concat(t,":").concat(n)),o=oz.get(r);return o||(o=new oJ(e.maxEntries,e.ttlMs),oz.set(r,o)),o}static createJwksCache(){return{}}},oG="openid profile email offline_access",oV=Object.freeze(new Set(["grant_type","client_id","client_secret","client_assertion","client_assertion_type","subject_token","subject_token_type","requested_token_type","actor_token","actor_token_type","audience","aud","resource","resources","resource_indicator","scope","connection","login_hint","organization","assertion"]));function oF(e){if(null==e)throw new oP("subject_token is required");if("string"!=typeof e)throw new oP("subject_token must be a string");if(0===e.trim().length)throw new oP("subject_token cannot be blank or whitespace");if(e!==e.trim())throw new oP("subject_token must not include leading or trailing whitespace");if(/^bearer\s+/i.test(e))throw new oP("subject_token must not include the 'Bearer ' prefix")}function oY(e,t){if(t)for(let r of Object.entries(t)){var n=C(r,2);let t=n[0],o=n[1];if(!oV.has(t))if(Array.isArray(o)){if(o.length>20)throw new oP("Parameter '".concat(t,"' exceeds maximum array size of ").concat(20));o.forEach(n=>{e.append(t,n)})}else e.append(t,o)}}var oB="urn:ietf:params:oauth:token-type:access_token",oq=(ol=new WeakMap,ou=new WeakMap,oh=new WeakMap,od=new WeakMap,op=new WeakMap,of=new WeakMap,om=new WeakMap,oy=new WeakMap,og=new WeakMap,ow=new WeakSet,class{constructor(e){var t,n,r,o;if(function(e,t){_(e,t),t.add(e)}(this,ow),T(this,ol,void 0),T(this,ou,void 0),T(this,oh,void 0),T(this,od,void 0),T(this,op,void 0),T(this,of,void 0),T(this,om,void 0),T(this,oy,void 0),T(this,og,void 0),P(this,"mfa",void 0),E(od,this,e),e.useMtls&&!e.customFetch)throw new ob("mtls_without_custom_fetch_not_supported","Using mTLS without a custom fetch implementation is not supported");E(op,this,function(e,t){if(!1===t.enabled)return e;let n=btoa(JSON.stringify({name:t.name,version:t.version}));return async(t,r)=>{let o=t instanceof Request?new Headers(t.headers):new Headers;return null!=r&&r.headers&&new Headers(r.headers).forEach((e,t)=>{o.set(t,e)}),o.set("Auth0-Client",n),e(t,R(R({},r),{},{headers:o}))}}(null!=(t=e.customFetch)?t:function(){return fetch(...arguments)},!1===(null==(n=e.telemetry)?void 0:n.enabled)?n:{enabled:!0,name:null!=(r=null==n?void 0:n.name)?r:"@auth0/auth0-auth-js",version:null!=(o=null==n?void 0:n.version)?o:"1.6.0"}));let i=oM(e.discoveryCache);E(om,this,oX.createDiscoveryCache(i)),E(oy,this,new Map),E(og,this,oX.createJwksCache()),this.mfa=new oH({domain:S(od,this).domain,clientId:S(od,this).clientId,customFetch:S(op,this)})}async getServerMetadata(){return(await k(ow,this,o0).call(this)).serverMetadata}async buildAuthorizationUrl(e){let t=(await k(ow,this,o0).call(this)).serverMetadata;if(null!=e&&e.pushedAuthorizationRequests&&!t.pushed_authorization_request_endpoint)throw new ob("par_not_supported_error","The Auth0 tenant does not have pushed authorization requests enabled. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-par");try{return await k(ow,this,o3).call(this,e)}catch(e){throw new oI(e)}}async buildLinkUserUrl(e){try{let t=await k(ow,this,o3).call(this,{authorizationParams:R(R({},e.authorizationParams),{},{requested_connection:e.connection,requested_connection_scope:e.connectionScope,scope:"openid link_account offline_access",id_token_hint:e.idToken})});return{linkUserUrl:t.authorizationUrl,codeVerifier:t.codeVerifier}}catch(e){throw new oC(e)}}async buildUnlinkUserUrl(e){try{let t=await k(ow,this,o3).call(this,{authorizationParams:R(R({},e.authorizationParams),{},{requested_connection:e.connection,scope:"openid unlink_account",id_token_hint:e.idToken})});return{unlinkUserUrl:t.authorizationUrl,codeVerifier:t.codeVerifier}}catch(e){throw new ox(e)}}async backchannelAuthentication(e){let t=await k(ow,this,o0).call(this),n=t.configuration,r=t.serverMetadata,o=oj(R(R({},S(od,this).authorizationParams),null==e?void 0:e.authorizationParams)),i=new URLSearchParams(R(R({scope:oG},o),{},{client_id:S(od,this).clientId,binding_message:e.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:r.issuer,sub:e.loginHint.sub})}));e.requestedExpiry&&i.append("requested_expiry",e.requestedExpiry.toString()),e.authorizationDetails&&i.append("authorization_details",JSON.stringify(e.authorizationDetails));try{let e=await rk(n,i),t=await r_(n,e);return oZ.fromTokenEndpointResponse(t)}catch(e){throw new oR(e)}}async initiateBackchannelAuthentication(e){let t=await k(ow,this,o0).call(this),n=t.configuration,r=t.serverMetadata,o=oj(R(R({},S(od,this).authorizationParams),null==e?void 0:e.authorizationParams)),i=new URLSearchParams(R(R({scope:oG},o),{},{client_id:S(od,this).clientId,binding_message:e.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:r.issuer,sub:e.loginHint.sub})}));e.requestedExpiry&&i.append("requested_expiry",e.requestedExpiry.toString()),e.authorizationDetails&&i.append("authorization_details",JSON.stringify(e.authorizationDetails));try{let e=await rk(n,i);return{authReqId:e.auth_req_id,expiresIn:e.expires_in,interval:e.interval}}catch(e){throw new oR(e)}}async backchannelAuthenticationGrant(e){let t=e.authReqId,n=(await k(ow,this,o0).call(this)).configuration,r=new URLSearchParams({auth_req_id:t});try{let e=await rj(n,"urn:openid:params:grant-type:ciba",r);return oZ.fromTokenEndpointResponse(e)}catch(e){throw new oR(e)}}async getTokenForConnection(e){var t;if(e.refreshToken&&e.accessToken)throw new oE("Either a refresh or access token should be specified, but not both.");let n=null!=(t=e.accessToken)?t:e.refreshToken;if(!n)throw new oE("Either a refresh or access token must be specified.");try{return await this.exchangeToken({connection:e.connection,subjectToken:n,subjectTokenType:e.accessToken?oB:"urn:ietf:params:oauth:token-type:refresh_token",loginHint:e.loginHint})}catch(e){if(e instanceof oP)throw new oE(e.message,e.cause);throw e}}async exchangeToken(e){return"connection"in e?k(ow,this,o2).call(this,e):k(ow,this,o1).call(this,e)}async getTokenByCode(e,t){let n=(await k(ow,this,o0).call(this)).configuration;try{let r=await rT(n,e,{pkceCodeVerifier:t.codeVerifier});return oZ.fromTokenEndpointResponse(r)}catch(e){throw new ok("There was an error while trying to request a token.",e)}}async getTokenByRefreshToken(e){let t=(await k(ow,this,o0).call(this)).configuration,n=new URLSearchParams;e.audience&&n.append("audience",e.audience),e.scope&&n.append("scope",e.scope);try{let r=await rE(t,e.refreshToken,n);return oZ.fromTokenEndpointResponse(r)}catch(e){throw new oS("The access token has expired and there was an error while trying to refresh it.",e)}}async getTokenByPassword(e){let t=(await k(ow,this,o0).call(this)).configuration,n=new URLSearchParams({username:e.username,password:e.password});e.audience&&n.append("audience",e.audience),e.scope&&n.append("scope",e.scope),e.realm&&n.append("realm",e.realm);let r=t;if(e.auth0ForwardedFor){let n=await k(ow,this,o5).call(this);(r=new rg(t.serverMetadata(),S(od,this).clientId,S(od,this).clientSecret,n))[tf]=(t,n)=>S(op,this).call(this,t,R(R({},n),{},{headers:R(R({},n.headers),{},{"auth0-forwarded-for":e.auth0ForwardedFor})}))}try{let e=await rj(r,"password",n);return oZ.fromTokenEndpointResponse(e)}catch(e){throw new oT("There was an error while trying to request a token.",e)}}async getTokenByClientCredentials(e){let t=(await k(ow,this,o0).call(this)).configuration;try{let n=new URLSearchParams({audience:e.audience});e.organization&&n.append("organization",e.organization);let r=await rP(t,n);return oZ.fromTokenEndpointResponse(r)}catch(e){throw new o_("There was an error while trying to request a token.",e)}}async buildLogoutUrl(e){let t=await k(ow,this,o0).call(this),n=t.configuration;if(!t.serverMetadata.end_session_endpoint){let t=new URL("https://".concat(S(od,this).domain,"/v2/logout"));return t.searchParams.set("returnTo",e.returnTo),t.searchParams.set("client_id",S(od,this).clientId),t}return function(e,t){rI(e);let n=rs(e),r=n.as,o=n.c,i=tJ(r,"end_session_endpoint",!1,n.tlsOnly);for(let e of((t=new URLSearchParams(t)).has("client_id")||t.set("client_id",o.client_id),t.entries())){var a=C(e,2);let t=a[0],n=a[1];i.searchParams.append(t,n)}return i}(n,{post_logout_redirect_uri:e.returnTo})}async verifyLogoutToken(e){let t=(await k(ow,this,o0).call(this)).serverMetadata,n=oM(S(od,this).discoveryCache),r=t.jwks_uri;S(of,this)||E(of,this,function(e,t){let n=new oe(e,t),r=async(e,t)=>n.getKey(e,t);return Object.defineProperties(r,{coolingDown:{get:()=>n.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>n.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>n.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>n.pendingFetch(),enumerable:!0,configurable:!1},jwks:{value:()=>n.jwks(),enumerable:!0,configurable:!1,writable:!1}}),r}(new URL(r),{cacheMaxAge:n.ttlMs,[rQ]:S(op,this),[r$]:S(og,this)}));let o=(await rN(e.logoutToken,S(of,this),{issuer:t.issuer,audience:S(od,this).clientId,algorithms:["RS256"],requiredClaims:["iat"]})).payload;if(!("sid"in o)&&!("sub"in o))throw new oA('either "sid" or "sub" (or both) claims must be present');if("sid"in o&&"string"!=typeof o.sid)throw new oA('"sid" claim must be a string');if("sub"in o&&"string"!=typeof o.sub)throw new oA('"sub" claim must be a string');if("nonce"in o)throw new oA('"nonce" claim is prohibited');if(!("events"in o))throw new oA('"events" claim is missing');if("object"!=typeof o.events||null===o.events)throw new oA('"events" claim must be an object');if(!("http://schemas.openid.net/event/backchannel-logout"in o.events))throw new oA('"http://schemas.openid.net/event/backchannel-logout" member is missing in the "events" claim');if("object"!=typeof o.events["http://schemas.openid.net/event/backchannel-logout"])throw new oA('"http://schemas.openid.net/event/backchannel-logout" member in the "events" claim must be an object');return{sid:o.sid,sub:o.sub}}});function oQ(){let e=S(od,this).domain.toLowerCase();return"".concat(e,"|mtls:").concat(S(od,this).useMtls?"1":"0")}async function o$(e){let t=await k(ow,this,o5).call(this),n=new rg(e,S(od,this).clientId,S(od,this).clientSecret,t);return n[tf]=S(op,this),n}async function o0(){if(S(ol,this)&&S(ou,this))return{configuration:S(ol,this),serverMetadata:S(ou,this)};let e=k(ow,this,oQ).call(this),t=S(om,this).get(e);if(t)return E(ou,this,t.serverMetadata),E(ol,this,await k(ow,this,o$).call(this,t.serverMetadata)),{configuration:S(ol,this),serverMetadata:S(ou,this)};let n=S(oy,this).get(e);if(n){let e=await n;return E(ou,this,e.serverMetadata),E(ol,this,await k(ow,this,o$).call(this,e.serverMetadata)),{configuration:S(ol,this),serverMetadata:S(ou,this)}}let r=(async()=>{let t=await k(ow,this,o5).call(this),n=await rm(new URL("https://".concat(S(od,this).domain)),S(od,this).clientId,{use_mtls_endpoint_aliases:S(od,this).useMtls},t,{[tf]:S(op,this)}),r=n.serverMetadata();return S(om,this).set(e,{serverMetadata:r}),{configuration:n,serverMetadata:r}})(),o=r.then(e=>({serverMetadata:e.serverMetadata}));o.catch(()=>{}),S(oy,this).set(e,o);try{let e=await r,t=e.configuration,n=e.serverMetadata;E(ol,this,t),E(ou,this,n),S(ol,this)[tf]=S(op,this)}finally{S(oy,this).delete(e)}return{configuration:S(ol,this),serverMetadata:S(ou,this)}}async function o2(e){var t,n;let r=(await k(ow,this,o0).call(this)).configuration;if("audience"in e||"resource"in e)throw new oP("audience and resource parameters are not supported for Token Vault exchanges");oF(e.subjectToken);let o=new URLSearchParams({connection:e.connection,subject_token:e.subjectToken,subject_token_type:null!=(t=e.subjectTokenType)?t:oB,requested_token_type:null!=(n=e.requestedTokenType)?n:"http://auth0.com/oauth/token-type/federated-connection-access-token"});e.loginHint&&o.append("login_hint",e.loginHint),e.scope&&o.append("scope",e.scope),oY(o,e.extra);try{let e=await rj(r,"urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token",o);return oZ.fromTokenEndpointResponse(e)}catch(t){throw new oP("Failed to exchange token for connection '".concat(e.connection,"'."),t)}}async function o1(e){let t=(await k(ow,this,o0).call(this)).configuration;oF(e.subjectToken);let n=new URLSearchParams({subject_token_type:e.subjectTokenType,subject_token:e.subjectToken});e.audience&&n.append("audience",e.audience),e.scope&&n.append("scope",e.scope),e.requestedTokenType&&n.append("requested_token_type",e.requestedTokenType),e.organization&&n.append("organization",e.organization),oY(n,e.extra);try{let e=await rj(t,"urn:ietf:params:oauth:grant-type:token-exchange",n);return oZ.fromTokenEndpointResponse(e)}catch(t){throw new oP("Failed to exchange token of type '".concat(e.subjectTokenType,"'").concat(e.audience?" for audience '".concat(e.audience,"'"):"","."),t)}}async function o5(){return S(oh,this)||E(oh,this,(async()=>{if(!S(od,this).clientSecret&&!S(od,this).clientAssertionSigningKey&&!S(od,this).useMtls)throw new oO;if(S(od,this).useMtls)return(e,t,n,r)=>{n.set("client_id",t.client_id)};let e=S(od,this).clientAssertionSigningKey;return!e||e instanceof CryptoKey||(e=await async function(e,t,n){var r;let o,i;if("string"!=typeof e||0!==e.indexOf("-----BEGIN PRIVATE KEY-----"))throw TypeError('"pkcs8" must be PKCS#8 formatted string');let a=(o=/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g,nj(e.replace(o,"")));return null!=t&&null!=(r=t.startsWith)&&r.call(t,"ECDH-ES")&&(i||(i={}),i.getNamedCurve=e=>{let t={data:e,pos:0};return function(e){rn(e,48,"Invalid PKCS#8 structure"),rt(e),rn(e,2,"Expected version field");let t=rt(e);e.pos+=t,rn(e,48,"Expected algorithm identifier"),rt(e),e.pos}(t),(e=>{let t=(e=>{rn(e,6,"Expected algorithm OID");let t=rt(e);return rr(e,t)})(e);if(re(t,[43,101,110]))return"X25519";if(!re(t,[42,134,72,206,61,2,1]))throw Error("Unsupported key algorithm");rn(e,6,"Expected curve OID");let n=rt(e),r=rr(e,n);for(let e of[{name:"P-256",oid:[42,134,72,206,61,3,1,7]},{name:"P-384",oid:[43,129,4,0,34]},{name:"P-521",oid:[43,129,4,0,35]}]){let t=e.name;if(re(r,e.oid))return t}throw Error("Unsupported named curve")})(t)}),ro("pkcs8",a,t,i)}(e,S(od,this).clientAssertionSigningAlg||"RS256")),e?function(e,t){var n=void 0;let r=e instanceof CryptoKey?{key:e}:(null==e?void 0:e.key)instanceof CryptoKey?(void 0!==e.kid&&tC(e.kid,'"kid"'),{key:e.key,kid:e.kid}):{},o=r.key,i=r.kid;return function(e,t){if(function(e,t){if(!(e instanceof CryptoKey))throw tu("".concat(t," must be a CryptoKey"),tl)}(e,t),"private"!==e.type)throw tu("".concat(t," must be a private CryptoKey"),tc)}(o,'"clientPrivateKey.key"'),async(e,t,r,a)=>{var s;let c={alg:function(e){switch(e.algorithm.name){case"RSA-PSS":switch(e.algorithm.hash.name){case"SHA-256":return"PS256";case"SHA-384":return"PS384";case"SHA-512":return"PS512";default:throw new tk("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}case"RSASSA-PKCS1-v1_5":switch(e.algorithm.hash.name){case"SHA-256":return"RS256";case"SHA-384":return"RS384";case"SHA-512":return"RS512";default:throw new tk("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}case"ECDSA":switch(e.algorithm.namedCurve){case"P-256":return"ES256";case"P-384":return"ES384";case"P-521":return"ES512";default:throw new tk("unsupported EcKeyAlgorithm namedCurve",{cause:e})}case"Ed25519":case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return e.algorithm.name;case"EdDSA":return"Ed25519";default:throw new tk("unsupported CryptoKey algorithm name",{cause:e})}}(o),kid:i},l=function(e,t){let n=tU()+tj(t);return{jti:tO(),aud:e.issuer,exp:n+60,iat:n,nbf:n,iss:t.client_id,sub:t.client_id}}(e,t);null==n||null==(s=n[tm])||s.call(n,c,l),r.set("client_id",t.client_id),r.set("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),r.set("client_assertion",await async function(e,t,n){if(!n.usages.includes("sign"))throw tu('CryptoKey instances used for signing assertions must include "sign" in their "usages"',tc);let r="".concat(tv(tb(JSON.stringify(e))),".").concat(tv(tb(JSON.stringify(t)))),o=tv(await crypto.subtle.sign(function(e){switch(e.algorithm.name){case"ECDSA":return{name:e.algorithm.name,hash:function(e){switch(e.algorithm.namedCurve){case"P-256":return"SHA-256";case"P-384":return"SHA-384";case"P-521":return"SHA-512";default:throw new tk("unsupported ECDSA namedCurve",{cause:e})}}(e)};case"RSA-PSS":switch(nk(e),e.algorithm.hash.name){case"SHA-256":case"SHA-384":case"SHA-512":return{name:e.algorithm.name,saltLength:parseInt(e.algorithm.hash.name.slice(-3),10)>>3};default:throw new tk("unsupported RSA-PSS hash name",{cause:e})}case"RSASSA-PKCS1-v1_5":return nk(e),e.algorithm.name;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":case"Ed25519":return e.algorithm.name}throw new tk("unsupported CryptoKey algorithm name",{cause:e})}(n),n,tb(r)));return"".concat(r,".").concat(o)}(c,l,o))}}(e):rc(S(od,this).clientSecret)})().catch(e=>{throw E(oh,this,void 0),e})),S(oh,this)}async function o3(e){let t=(await k(ow,this,o0).call(this)).configuration,n=tO(),r=await async function(e){return tC(e,"codeVerifier"),tv(await crypto.subtle.digest("SHA-256",tb(e)))}(n),o=oj(R(R({},S(od,this).authorizationParams),null==e?void 0:e.authorizationParams)),i=new URLSearchParams(R(R({scope:oG},o),{},{client_id:S(od,this).clientId,code_challenge:r,code_challenge_method:"S256"}));return{authorizationUrl:null!=e&&e.pushedAuthorizationRequests?await rR(t,i):await rA(t,i),codeVerifier:n}}class o9 extends L{constructor(e,t){super(e,t),Object.setPrototypeOf(this,o9.prototype)}static fromPayload(e){return new o9(e.error,e.error_description)}}class o4 extends o9{constructor(e,t){super(e,t),Object.setPrototypeOf(this,o4.prototype)}}class o6 extends o9{constructor(e,t){super(e,t),Object.setPrototypeOf(this,o6.prototype)}}class o8 extends o9{constructor(e,t){super(e,t),Object.setPrototypeOf(this,o8.prototype)}}class o7 extends o9{constructor(e,t){super(e,t),Object.setPrototypeOf(this,o7.prototype)}}class ie extends o9{constructor(e,t){super(e,t),Object.setPrototypeOf(this,ie.prototype)}}class it{constructor(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:6e5;this.contexts=new Map,this.ttlMs=e}set(e,t){this.cleanup(),this.contexts.set(e,Object.assign(Object.assign({},t),{createdAt:Date.now()}))}get(e){let t=this.contexts.get(e);if(t){if(!(Date.now()-t.createdAt>this.ttlMs))return t;this.contexts.delete(e)}}remove(e){this.contexts.delete(e)}cleanup(){let e=Date.now();for(let n of this.contexts){var t=C(n,2);let r=t[0];e-t[1].createdAt>this.ttlMs&&this.contexts.delete(r)}}get size(){return this.contexts.size}}class ir{constructor(e,t){this.authJsMfaClient=e,this.auth0Client=t,this.contextManager=new it}setMFAAuthDetails(e,t,n,r){this.contextManager.set(e,{scope:t,audience:n,mfaRequirements:r})}async getAuthenticators(e){var t,n;let r=this.contextManager.get(e);if(!(null==(t=null==r?void 0:r.mfaRequirements)?void 0:t.challenge)||0===r.mfaRequirements.challenge.length)throw new o4("invalid_request","challengeType is required and must contain at least one challenge type, please check mfa_required error payload");let o=r.mfaRequirements.challenge.map(e=>e.type);try{return(await this.authJsMfaClient.listAuthenticators({mfaToken:e})).filter(e=>!!e.type&&o.includes(e.type))}catch(e){if(e instanceof oU)throw new o4(null==(n=e.cause)?void 0:n.error,e.message);throw e}}async enroll(e){var t;let n=function(e){let t=ta[e.factorType];return Object.assign(Object.assign(Object.assign({mfaToken:e.mfaToken,authenticatorTypes:t.authenticatorTypes},t.oobChannels&&{oobChannels:t.oobChannels}),"phoneNumber"in e&&{phoneNumber:e.phoneNumber}),"email"in e&&{email:e.email})}(e);try{return await this.authJsMfaClient.enrollAuthenticator(n)}catch(e){if(e instanceof oK)throw new o6(null==(t=e.cause)?void 0:t.error,e.message);throw e}}async challenge(e){var t;try{let t={challengeType:e.challengeType,mfaToken:e.mfaToken};return e.authenticatorId&&(t.authenticatorId=e.authenticatorId),await this.authJsMfaClient.challengeAuthenticator(t)}catch(e){if(e instanceof oN)throw new o8(null==(t=e.cause)?void 0:t.error,e.message);throw e}}async getEnrollmentFactors(e){let t=this.contextManager.get(e);if(!t||!t.mfaRequirements)throw new ie("mfa_context_not_found","MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");return t.mfaRequirements.enroll&&0!==t.mfaRequirements.enroll.length?t.mfaRequirements.enroll:[]}async verify(e){let t=this.contextManager.get(e.mfaToken);if(!t)throw new o7("mfa_context_not_found","MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");let n="otp"in e&&e.otp?"http://auth0.com/oauth/grant-type/mfa-otp":"oobCode"in e&&e.oobCode?"http://auth0.com/oauth/grant-type/mfa-oob":"recoveryCode"in e&&e.recoveryCode?"http://auth0.com/oauth/grant-type/mfa-recovery-code":void 0;if(!n)throw new o7("invalid_request","Unable to determine grant type. Provide one of: otp, oobCode, or recoveryCode.");let r=t.scope,o=t.audience;try{let t=await this.auth0Client._requestTokenForMfa({grant_type:n,mfaToken:e.mfaToken,scope:r,audience:o,otp:e.otp,oob_code:e.oobCode,binding_code:e.bindingCode,recovery_code:e.recoveryCode});return this.contextManager.remove(e.mfaToken),t}catch(e){if(e instanceof M)this.setMFAAuthDetails(e.mfa_token,r,o,e.mfa_requirements);else if(e instanceof o7)throw new o7(e.error,e.error_description);throw e}}}class io{constructor(e){var t,n;let r,o,i;if(this.userCache=(new eJ).enclosedCache,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),"undefined"!=typeof window&&(()=>{if(!Y())throw Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(void 0===Y().subtle)throw Error("\n      auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n    ")})(),this.lockManager=(eg||(eg=function(){var e;return"undefined"!=typeof navigator&&"function"==typeof(null==(e=navigator.locks)?void 0:e.request)?new em:new ey}()),eg),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)o=e.cache;else{if(!e6(r=e.cacheLocation||j))throw Error('Invalid cache location "'.concat(r,'"'));o=e6(r)()}this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:1e4,this.cookieStorage=!1===e.legacySameSiteCookie?eB:eQ,this.orgHintCookieName=(t=this.options.clientId,"auth0.".concat(t,".organization_hint")),this.isAuthenticatedCookieName=(i=this.options.clientId,"auth0.".concat(i,".is.authenticated")),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;let a=e.useCookiesForTransactions?this.cookieStorage:e$;this.scope=function(e,t){for(var n=arguments.length,r=Array(n>2?n-2:0),o=2;o<n;o++)r[o-2]=arguments[o];if("object"!=typeof e)return{[K]:eK(t,e,...r)};let i={[K]:eK(t,...r)};return Object.keys(e).forEach(n=>{let o=e[n];i[n]=eK(t,o,...r)}),i}(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new eM(a,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||U,this.cacheManager=new ez(o,o.allKeys?void 0:new e3(o,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new tn(this.options.clientId):void 0,this.domainUrl=(n=this.options.domain,/^https?:\/\//.test(n)?n:"https://".concat(n)),this.tokenIssuer=((e,t)=>e?e.startsWith("https://")?e:"https://".concat(e,"/"):"".concat(t,"/"))(this.options.issuer,this.domainUrl);let s="".concat(this.domainUrl,"/me/"),c=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:()=>this.getTokenSilently({authorizationParams:{scope:"create:me:connected_accounts",audience:s},detailedResponse:!0})}));this.myAccountApi=new to(c,s),this.authJsClient=new oq({domain:this.options.domain,clientId:this.options.clientId}),this.mfa=new ir(this.authJsClient.mfa,this),"undefined"!=typeof window&&window.Worker&&this.options.useRefreshTokens&&r===j&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new e1,this.worker.postMessage({type:"init",allowedBaseUrl:this.domainUrl}))}getConfiguration(){return Object.freeze({domain:this.options.domain,clientId:this.options.clientId})}_url(e){let t=encodeURIComponent(btoa(JSON.stringify($(this.options.auth0Client||W,!0))));return"".concat(this.domainUrl).concat(e,"&auth0Client=").concat(t)}_authorizeUrl(e){return this._url("/authorize?".concat(ee(e)))}async _verifyIdToken(e,t,n){var r;let o=await this.nowProvider();return(e=>{if(!e.id_token)throw Error("ID token is required but missing");let t=(e=>{let t=e.split("."),n=C(t,3),r=n[0],o=n[1],i=n[2];if(3!==t.length||!r||!o||!i)throw Error("ID token could not be decoded");let a=JSON.parse(en(o)),s={__raw:e},c={};return Object.keys(a).forEach(e=>{s[e]=a[e],eX.includes(e)||(c[e]=a[e])}),{encoded:{header:r,payload:o,signature:i},header:JSON.parse(en(r)),claims:s,user:c}})(e.id_token);if(!t.claims.iss)throw Error("Issuer (iss) claim must be a string present in the ID token");if(t.claims.iss!==e.iss)throw Error('Issuer (iss) claim mismatch in the ID token; expected "'.concat(e.iss,'", found "').concat(t.claims.iss,'"'));if(!t.user.sub)throw Error("Subject (sub) claim must be a string present in the ID token");if("RS256"!==t.header.alg)throw Error('Signature algorithm of "'.concat(t.header.alg,'" is not supported. Expected the ID token to be signed with "RS256".'));if(!t.claims.aud||"string"!=typeof t.claims.aud&&!Array.isArray(t.claims.aud))throw Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(t.claims.aud)){if(!t.claims.aud.includes(e.aud))throw Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(e.aud,'" but was not one of "').concat(t.claims.aud.join(", "),'"'));if(t.claims.aud.length>1){if(!t.claims.azp)throw Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(t.claims.azp!==e.aud)throw Error('Authorized Party (azp) claim mismatch in the ID token; expected "'.concat(e.aud,'", found "').concat(t.claims.azp,'"'))}}else if(t.claims.aud!==e.aud)throw Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(e.aud,'" but found "').concat(t.claims.aud,'"'));if(e.nonce){if(!t.claims.nonce)throw Error("Nonce (nonce) claim must be a string present in the ID token");if(t.claims.nonce!==e.nonce)throw Error('Nonce (nonce) claim mismatch in the ID token; expected "'.concat(e.nonce,'", found "').concat(t.claims.nonce,'"'))}if(e.max_age&&"number"!=typeof t.claims.auth_time)throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(null==t.claims.exp||"number"!=typeof t.claims.exp)throw Error("Expiration Time (exp) claim must be a number present in the ID token");if("number"!=typeof t.claims.iat)throw Error("Issued At (iat) claim must be a number present in the ID token");let n=e.leeway||60,r=new Date(e.now||Date.now()),o=new Date(0);if(o.setUTCSeconds(t.claims.exp+n),r>o)throw Error("Expiration Time (exp) claim error in the ID token; current time (".concat(r,") is after expiration time (").concat(o,")"));if(null!=t.claims.nbf&&"number"==typeof t.claims.nbf){let e=new Date(0);if(e.setUTCSeconds(t.claims.nbf-n),r<e)throw Error("Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (".concat(r,") is before ").concat(e))}if(null!=t.claims.auth_time&&"number"==typeof t.claims.auth_time){let o=new Date(0);if(o.setUTCSeconds(parseInt(t.claims.auth_time)+e.max_age+n),r>o)throw Error("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (".concat(r,") is after last auth at ").concat(o))}if(e.organization){let n=e.organization.trim();if(n.startsWith("org_")){if(!t.claims.org_id)throw Error("Organization ID (org_id) claim must be a string present in the ID token");if(n!==t.claims.org_id)throw Error('Organization ID (org_id) claim mismatch in the ID token; expected "'.concat(n,'", found "').concat(t.claims.org_id,'"'))}else{let e=n.toLowerCase();if(!t.claims.org_name)throw Error("Organization Name (org_name) claim must be a string present in the ID token");if(e!==t.claims.org_name)throw Error('Organization Name (org_name) claim mismatch in the ID token; expected "'.concat(e,'", found "').concat(t.claims.org_name,'"'))}}return t})({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:"string"!=typeof(r=this.options.authorizationParams.max_age)?r:parseInt(r,10)||void 0,now:o})}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}_extractSessionTransferToken(e){return new URLSearchParams(window.location.search).get(e)||void 0}_clearSessionTransferTokenFromUrl(e){try{let t=new URL(window.location.href);t.searchParams.has(e)&&(t.searchParams.delete(e),window.history.replaceState({},"",t.toString()))}catch(e){}}_applySessionTransferToken(e){let t=this.options.sessionTransferTokenQueryParamName;if(!t||e.session_transfer_token)return e;let n=this._extractSessionTransferToken(t);return n?(this._clearSessionTransferTokenFromUrl(t),Object.assign(Object.assign({},e),{session_transfer_token:n})):e}async _prepareAuthorizeUrl(e,t,n){var r;let o,i,a,s,c=q(B()),l=q(B()),u=B(),h=er(await et(u)),d=await (null==(r=this.dpop)?void 0:r.calculateThumbprint()),p=(o=this.options,i=this.scope,a=e.redirect_uri||this.options.authorizationParams.redirect_uri||n,s=null==t?void 0:t.response_mode,Object.assign(Object.assign(Object.assign({client_id:o.clientId},o.authorizationParams),e),{scope:eL(i,e.scope,e.audience),response_type:"code",response_mode:s||"query",state:c,nonce:l,redirect_uri:a||o.authorizationParams.redirect_uri,code_challenge:h,code_challenge_method:"S256",dpop_jkt:d})),f=this._authorizeUrl(p);return{nonce:l,code_verifier:u,scope:p.scope,audience:p.audience||K,redirect_uri:p.redirect_uri,state:c,url:f}}async loginWithPopup(e,t){var n;let r,o;if(e=e||{},!(t=t||{}).popup&&(t.popup=(e=>{let t=window.screenX+(window.innerWidth-400)/2,n=window.screenY+(window.innerHeight-600)/2;return window.open(e,"auth0:authorize:popup","left=".concat(t,",top=").concat(n,",width=").concat(400,",height=").concat(600,",resizable,scrollbars=yes,status=1"))})(""),!t.popup))throw new z;let i=this._applySessionTransferToken(e.authorizationParams||{}),a=await this._prepareAuthorizeUrl(i,{response_mode:"web_message"},window.location.origin);t.popup.location.href=a.url;let s=await (r=Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}),o=new URL(a.url).origin,new Promise((e,t)=>{let n,i=setInterval(()=>{r.popup&&r.popup.closed&&(clearInterval(i),clearTimeout(a),window.removeEventListener("message",n,!1),t(new J(r.popup)))},1e3),a=setTimeout(()=>{clearInterval(i),t(new Z(r.popup)),window.removeEventListener("message",n,!1)},1e3*(r.timeoutInSeconds||60));n=function(s){if(s.origin===o&&s.data&&"authorization_response"===s.data.type){if(clearTimeout(a),clearInterval(i),window.removeEventListener("message",n,!1),!1!==r.closePopup&&r.popup.close(),s.data.response.error)return t(L.fromPayload(s.data.response));e(s.data.response)}},window.addEventListener("message",n)}));if(a.state!==s.state)throw new L("state_mismatch","Invalid state");let c=(null==(n=e.authorizationParams)?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:a.audience,scope:a.scope,code_verifier:a.code_verifier,grant_type:"authorization_code",code:s.code,redirect_uri:a.redirect_uri},{nonceIn:a.nonce,organization:c})}async getUser(){var e;let t=await this._getIdTokenFromCache();return null==(e=null==t?void 0:t.decodedToken)?void 0:e.user}async getIdTokenClaims(){var e;let t=await this._getIdTokenFromCache();return null==(e=null==t?void 0:t.decodedToken)?void 0:e.claims}async loginWithRedirect(){var e;let t=e8(arguments.length>0&&void 0!==arguments[0]?arguments[0]:{}),n=t.openUrl,r=t.fragment,o=t.appState,i=w(t,["openUrl","fragment","appState"]),a=(null==(e=i.authorizationParams)?void 0:e.organization)||this.options.authorizationParams.organization,s=this._applySessionTransferToken(i.authorizationParams||{}),c=await this._prepareAuthorizeUrl(s),l=c.url,u=w(c,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},u),{appState:o,response_type:e0.Code}),a&&{organization:a}));let h=r?"".concat(l,"#").concat(r):l;n?await n(h):window.location.assign(h)}async handleRedirectCallback(){let e=(arguments.length>0&&void 0!==arguments[0]?arguments[0]:window.location.href).split("?").slice(1);if(0===e.length)throw Error("There are no query params available for parsing.");let t=this.transactionManager.get();if(!t)throw new L("missing_transaction","Invalid state");this.transactionManager.remove();let n=(e=>{e.indexOf("#")>-1&&(e=e.substring(0,e.indexOf("#")));let t=new URLSearchParams(e);return{state:t.get("state"),code:t.get("code")||void 0,connect_code:t.get("connect_code")||void 0,error:t.get("error")||void 0,error_description:t.get("error_description")||void 0}})(e.join(""));return t.response_type===e0.ConnectCode?this._handleConnectAccountRedirectCallback(n,t):this._handleLoginRedirectCallback(n,t)}async _handleLoginRedirectCallback(e,t){let n=e.code,r=e.state,o=e.error,i=e.error_description;if(o)throw new N(o,i||o,r,t.appState);if(!t.code_verifier||t.state&&t.state!==r)throw new L("state_mismatch","Invalid state");let a=t.organization,s=t.nonce,c=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},c?{redirect_uri:c}:{}),{nonceIn:s,organization:a}),{appState:t.appState,response_type:e0.Code}}async _handleConnectAccountRedirectCallback(e,t){let n=e.connect_code,r=e.state,o=e.error,i=e.error_description;if(o)throw new D(o,i||o,t.connection,r,t.appState);if(!n)throw new L("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===r))throw new L("state_mismatch","Invalid state");return Object.assign(Object.assign({},await this.myAccountApi.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier})),{appState:t.appState,response_type:e0.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get(e9))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(e9)}try{await this.getTokenSilently(e)}catch(e){}}async getTokenSilently(){var e,t,n,r;let o,i=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},a=Object.assign(Object.assign({cacheMode:"on"},i),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),i.authorizationParams),{scope:eL(this.scope,null==(e=i.authorizationParams)?void 0:e.scope,(null==(t=i.authorizationParams)?void 0:t.audience)||this.options.authorizationParams.audience)})}),s=await (n=()=>this._getTokenSilently(a),(o=e5[r="".concat(this.options.clientId,"::").concat(a.authorizationParams.audience,"::").concat(a.authorizationParams.scope)])||(o=n().finally(()=>{delete e5[r],o=null}),e5[r]=o),o);return i.detailedResponse?s:null==s?void 0:s.access_token}async _getTokenSilently(e){var t,n;let r=e.cacheMode,o=w(e,["cacheMode"]);if("off"!==r){let e=await this._getEntryFromCache({scope:o.authorizationParams.scope,audience:o.authorizationParams.audience||K,clientId:this.options.clientId,cacheMode:r});if(e)return e}if("cache-only"===r)return;let i=(t=this.options.clientId,n=o.authorizationParams.audience||"default","".concat("auth0.lock.getTokenSilently",".").concat(t,".").concat(n));try{return await this.lockManager.runWithLock(i,5e3,async()=>{if("off"!==r){let e=await this._getEntryFromCache({scope:o.authorizationParams.scope,audience:o.authorizationParams.audience||K,clientId:this.options.clientId});if(e)return e}let e=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(o):await this._getTokenFromIFrame(o),t=e.id_token,n=e.token_type,i=e.access_token,a=e.oauthTokenScope,s=e.expires_in;return Object.assign(Object.assign({id_token:t,token_type:n,access_token:i},a?{scope:a}:null),{expires_in:s})})}catch(e){if(this._isInteractiveError(e)&&"popup"===this.options.interactiveErrorHandler)return await this._handleInteractiveErrorWithPopup(o);throw e}}_isInteractiveError(e){return e instanceof M||e instanceof L&&this._isIframeMfaError(e)}_isIframeMfaError(e){return"login_required"===e.error&&"Multifactor authentication required"===e.error_description}async _handleInteractiveErrorWithPopup(e){try{await this.loginWithPopup({authorizationParams:e.authorizationParams});let t=await this._getEntryFromCache({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||K,clientId:this.options.clientId});if(!t)throw new L("interactive_handler_cache_miss","Token not found in cache after interactive authentication");return t}catch(e){throw e}}async getTokenWithPopup(){var e,t;let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},r=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},o=Object.assign(Object.assign({},n),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),n.authorizationParams),{scope:eL(this.scope,null==(e=n.authorizationParams)?void 0:e.scope,(null==(t=n.authorizationParams)?void 0:t.audience)||this.options.authorizationParams.audience)})});return r=Object.assign(Object.assign({},O),r),await this.loginWithPopup(o,r),(await this.cacheManager.get(new eH({scope:o.authorizationParams.scope,audience:o.authorizationParams.audience||K,clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){null!==e.clientId?e.clientId=e.clientId||this.options.clientId:delete e.clientId;let t=e.logoutParams||{},n=t.federated,r=w(t,["federated"]);return this._url("/v2/logout?".concat(ee(Object.assign({clientId:e.clientId},r))))+(n?"&federated":"")}async revokeRefreshToken(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(!this.options.useRefreshTokens)return;let t=e.audience||this.options.authorizationParams.audience||K,n=await this.cacheManager.getRefreshTokensByAudience(t,this.options.clientId);await async function(e,t){let n=e.baseUrl,r=e.timeout,o=e.auth0Client,i=e.useFormData,a=e.refreshTokens,s=e.audience,c=e.client_id,l=e.onRefreshTokenRevoked,u=r||1e4,h="refresh_token",d="".concat(n,"/oauth/revoke"),p={"Content-Type":i?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify($(o||W)))};if(t){let e={client_id:c,token_type_hint:h},n=i?ee(e):JSON.stringify(e);try{return await ex({type:"revoke",timeout:u,fetchUrl:d,fetchOptions:{method:"POST",body:n,headers:p},useFormData:i,auth:{audience:null!=s?s:K}},t)}catch(e){throw new L("revoke_error",e.message)}}for(let e of a){let t={client_id:c,token_type_hint:h,token:e},n=i?ee(t):JSON.stringify(t),r=await eO(d,{method:"POST",body:n,headers:p},u);if(!r.ok){let e,t;try{var f=JSON.parse(await r.text());e=f.error,t=f.error_description}catch(e){}throw new L(e||"revoke_error",t||"HTTP error ".concat(r.status))}await (null==l?void 0:l(e))}}({baseUrl:this.domainUrl,timeout:this.httpTimeoutMs,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,client_id:this.options.clientId,refreshTokens:n,audience:t,onRefreshTokenRevoked:e=>this.cacheManager.stripRefreshToken(e)},this.worker)}async logout(){var e;let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},n=e8(t),r=n.openUrl,o=w(n,["openUrl"]);null===t.clientId?await this.cacheManager.clear():await this.cacheManager.clear(t.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove(eD);try{await (null==(e=this.dpop)?void 0:e.clear())}catch(e){}if(this.worker)try{await ex({type:"clear"},this.worker)}catch(e){}let i=this._buildLogoutUrl(o);r?await r(i):!1!==r&&window.location.assign(i)}async _getTokenFromIFrame(e){var t;let n=(t=this.options.clientId,"".concat("auth0.lock.getTokenFromIFrame",".").concat(t));try{return await this.lockManager.runWithLock(n,5e3,async()=>{let t,n=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),r=this.cookieStorage.get(this.orgHintCookieName);r&&!n.organization&&(n.organization=r);let o=await this._prepareAuthorizeUrl(n,{response_mode:"web_message"},window.location.origin),i=o.url,a=o.state,s=o.nonce,c=o.code_verifier,l=o.redirect_uri,u=o.scope,h=o.audience;if(window.crossOriginIsolated)throw new L("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");let d=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;try{t=new URL(this.domainUrl).origin}catch(e){t=this.domainUrl}let p=await function(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:60;return new Promise((r,o)=>{let i,a=window.document.createElement("iframe");a.setAttribute("width","0"),a.setAttribute("height","0"),a.style.display="none";let s=()=>{window.document.body.contains(a)&&(window.document.body.removeChild(a),window.removeEventListener("message",i,!1))},c=setTimeout(()=>{o(new H),s()},1e3*n);i=function(e){if(e.origin!=t||!e.data||"authorization_response"!==e.data.type)return;let n=e.source;n&&n.close(),e.data.response.error?o(L.fromPayload(e.data.response)):r(e.data.response),clearTimeout(c),window.removeEventListener("message",i,!1),setTimeout(s,2e3)},window.addEventListener("message",i,!1),window.document.body.appendChild(a),a.setAttribute("src",e)})}(i,t,d);if(a!==p.state)throw new L("state_mismatch","Invalid state");let f=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:c,code:p.code,grant_type:"authorization_code",redirect_uri:l,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:s,organization:n.organization});return Object.assign(Object.assign({},f),{scope:u,oauthTokenScope:f.scope,audience:h})})}catch(e){throw"login_required"===e.error&&(e instanceof L&&this._isIframeMfaError(e)&&"popup"===this.options.interactiveErrorHandler||this.logout({openUrl:!1})),e}}async _getTokenUsingRefreshToken(e){var t,n,r,o,i,a;let s=await this.cacheManager.get(new eH({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||K,clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(s&&s.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new X(e.authorizationParams.audience||K,e.authorizationParams.scope)}let c=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,l="number"==typeof e.timeoutInSeconds?1e3*e.timeoutInSeconds:null,u=((e,t,n,r)=>{var o;if(e&&n&&r){if(t.audience!==n)return t.scope;let e=r.split(" "),i=(null==(o=t.scope)?void 0:o.split(" "))||[],a=i.every(t=>e.includes(t));return e.length>=i.length&&a?r:t.scope}return t.scope})(this.options.useMrrt,e.authorizationParams,null==s?void 0:s.audience,null==s?void 0:s.scope);try{let i=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:s&&s.refresh_token,redirect_uri:c}),l&&{timeout:l}),{scopesToRequest:u});if(i.refresh_token&&(null==s?void 0:s.refresh_token)&&await this.cacheManager.updateEntry(s.refresh_token,i.refresh_token),this.options.useMrrt&&(t=null==s?void 0:s.audience,n=null==s?void 0:s.scope,r=e.authorizationParams.audience,o=e.authorizationParams.scope,t!==r||!e7(o,n))&&!e7(u,i.scope)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);let t=((e,t)=>{let n=(null==e?void 0:e.split(" "))||[],r=(null==t?void 0:t.split(" "))||[];return n.filter(e=>-1==r.indexOf(e)).join(",")})(u,i.scope);throw new G(e.authorizationParams.audience||"default",t)}return Object.assign(Object.assign({},i),{scope:e.authorizationParams.scope,oauthTokenScope:i.scope,audience:e.authorizationParams.audience||K})}catch(t){if(t.message){if(t.message.includes("user is blocked"))throw await this.logout({openUrl:!1}),t;if((t.message.includes("Missing Refresh Token")||t.message.includes("invalid refresh token"))&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e)}throw t instanceof M&&this.mfa.setMFAAuthDetails(t.mfa_token,null==(i=e.authorizationParams)?void 0:i.scope,null==(a=e.authorizationParams)?void 0:a.audience,t.mfa_requirements),t}}async _saveEntryInCache(e){let t=e.id_token,n=e.decodedToken,r=w(e,["id_token","decodedToken"]);this.userCache.set(eD,{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(r)}async _getIdTokenFromCache(){let e=this.options.authorizationParams.audience||K,t=this.scope[e],n=await this.cacheManager.getIdToken(new eH({clientId:this.options.clientId,audience:e,scope:t})),r=this.userCache.get(eD);return n&&n.id_token===(null==r?void 0:r.id_token)?r:(this.userCache.set(eD,n),n)}async _getEntryFromCache(e){let t=e.scope,n=e.audience,r=e.clientId,o=e.cacheMode,i=await this.cacheManager.get(new eH({scope:t,audience:n,clientId:r}),60,this.options.useMrrt,o);if(i&&i.access_token){let e=i.token_type,t=i.access_token,n=i.oauthTokenScope,r=i.expires_in,o=await this._getIdTokenFromCache();return o&&Object.assign(Object.assign({id_token:o.id_token,token_type:e||"Bearer",access_token:t},n?{scope:n}:null),{expires_in:r})}}async _requestToken(e,t){var n,r;let o=t||{},i=o.nonceIn,a=o.organization,s=o.scopesToRequest,c=await eU(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:s||e.scope}),this.worker),l=await this._verifyIdToken(c.id_token,i,a);if("authorization_code"===e.grant_type){let e=await this._getIdTokenFromCache();(null==(r=null==(n=null==e?void 0:e.decodedToken)?void 0:n.claims)?void 0:r.sub)&&e.decodedToken.claims.sub!==l.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove(eD))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},c),{decodedToken:l,scope:e.scope,audience:e.audience||K}),c.scope?{oauthTokenScope:c.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(a||l.claims.org_id),Object.assign(Object.assign({},c),{decodedToken:l})}_buildTokenExchangeParams(e){return Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({},e),{grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type}),e.actor_token&&{actor_token:e.actor_token}),e.actor_token_type&&{actor_token_type:e.actor_token_type}),{scope:eL(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}async loginWithCustomTokenExchange(e){return this._requestToken(this._buildTokenExchangeParams(e))}async customTokenExchange(e){let t=await eU(Object.assign(Object.assign({},this._buildTokenExchangeParams(e)),{baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,dpop:this.dpop}),this.worker,!0);return t.id_token&&await this._verifyIdToken(t.id_token,void 0,e.organization),t}async exchangeToken(e){return this.loginWithCustomTokenExchange(e)}_assertDpop(e){if(!e)throw Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return new tr(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:e=>{var t;return this.getTokenSilently({authorizationParams:{scope:null==(t=null==e?void 0:e.scope)?void 0:t.join(" "),audience:null==e?void 0:e.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:e=>this.generateDpopProof(e)})}async connectAccountWithRedirect(e){let t=e.openUrl,n=e.appState,r=e.connection,o=e.scopes,i=e.authorization_params,a=e.redirectUri,s=void 0===a?this.options.authorizationParams.redirect_uri||window.location.origin:a;if(!r)throw Error("connection is required");let c=q(B()),l=B(),u=er(await et(l)),h=await this.myAccountApi.connectAccount({connection:r,scopes:o,redirect_uri:s,state:c,code_challenge:u,code_challenge_method:"S256",authorization_params:i}),d=h.connect_uri,p=h.connect_params,f=h.auth_session;this.transactionManager.create({state:c,code_verifier:l,auth_session:f,redirect_uri:s,appState:n,connection:r,response_type:e0.ConnectCode});let m=new URL(d);m.searchParams.set("ticket",p.ticket),t?await t(m.toString()):window.location.assign(m)}async _requestTokenForMfa(e,t){let n=e.mfaToken,r=w(e,["mfaToken"]);return this._requestToken(Object.assign(Object.assign({},r),{mfa_token:n}),t)}}var ii={isAuthenticated:!1,isLoading:!0,error:void 0,user:void 0},ia=function(){throw Error("You forgot to wrap your component in <Auth0Provider>.")},is=f(f({},ii),{buildAuthorizeUrl:ia,buildLogoutUrl:ia,getAccessTokenSilently:ia,getAccessTokenWithPopup:ia,getIdTokenClaims:ia,loginWithCustomTokenExchange:ia,customTokenExchange:ia,exchangeToken:ia,loginWithRedirect:ia,loginWithPopup:ia,connectAccountWithRedirect:ia,logout:ia,handleRedirectCallback:ia,getDpopNonce:ia,setDpopNonce:ia,generateDpopProof:ia,createFetcher:ia,getConfiguration:ia,mfa:{getAuthenticators:ia,enroll:ia,challenge:ia,verify:ia,getEnrollmentFactors:ia}}),ic=(0,d.createContext)(is),il=function(e){if("function"!=typeof e&&null!==e)throw TypeError("Class extends value "+String(e)+" is not a constructor or null");function t(){this.constructor=n}function n(t,r){var o=e.call(this,null!=r?r:t)||this;return o.error=t,o.error_description=r,Object.setPrototypeOf(o,n.prototype),o}return p(n,e),n.prototype=null===e?Object.create(e):(t.prototype=e.prototype,new t),n}(Error),iu=/[?&](?:connect_)?code=[^&]+/,ih=/[?&]state=[^&]+/,id=/[?&]error=[^&]+/,ip=function(e){return function(t){return t instanceof Error?t:null!==t&&"object"==typeof t&&"error"in t&&"string"==typeof t.error?"error_description"in t&&"string"==typeof t.error_description?new il(t.error,t.error_description):new il(t.error):Error(e)}},im=ip("Login failed"),iy=ip("Get access token failed"),ig=function(e){var t,n;(null==e?void 0:e.redirectUri)&&(console.warn("Using `redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `redirectUri` will be no longer supported in a future version"),e.authorizationParams=null!=(t=e.authorizationParams)?t:{},e.authorizationParams.redirect_uri=e.redirectUri,delete e.redirectUri),(null==(n=null==e?void 0:e.authorizationParams)?void 0:n.redirectUri)&&(console.warn("Using `authorizationParams.redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `authorizationParams.redirectUri` will be removed in a future version"),e.authorizationParams.redirect_uri=e.authorizationParams.redirectUri,delete e.authorizationParams.redirectUri)},iw=function(e,t){switch(t.type){case"LOGIN_POPUP_STARTED":return f(f({},e),{isLoading:!0});case"LOGIN_POPUP_COMPLETE":case"INITIALISED":return f(f({},e),{isAuthenticated:!!t.user,user:t.user,isLoading:!1,error:void 0});case"HANDLE_REDIRECT_COMPLETE":case"GET_ACCESS_TOKEN_COMPLETE":if(e.user===t.user)return e;return f(f({},e),{isAuthenticated:!!t.user,user:t.user});case"LOGOUT":return f(f({},e),{isAuthenticated:!1,user:void 0});case"ERROR":return f(f({},e),{isLoading:!1,error:t.error})}},ib=function(e){var t;window.history.replaceState({},document.title,null!=(t=e.returnTo)?t:window.location.pathname)},iv=function(e){var t=e.children,n=e.skipRedirectCallback,r=e.onRedirectCallback,o=void 0===r?ib:r,i=e.context,a=void 0===i?ic:i,s=e.client,c=m(e,["children","skipRedirectCallback","onRedirectCallback","context","client"]);s&&(c.domain||c.clientId)&&console.warn("Auth0Provider: the `client` prop takes precedence over `domain`/`clientId` and other configuration options. Remove `domain`, `clientId`, and any other Auth0Client configuration props when using the `client` prop.");var l=(0,d.useState)(function(){return null!=s?s:new io((ig(c),f(f({},c),{auth0Client:{name:"auth0-react",version:"2.17.0"}})))})[0],u=(0,d.useReducer)(iw,ii),h=u[0],p=u[1],w=(0,d.useRef)(!1),b=(0,d.useCallback)(function(e){return p({type:"ERROR",error:e}),e},[]);(0,d.useEffect)(function(){w.current||(w.current=!0,y(void 0,void 0,void 0,function(){var e,t,r,i,a,s;return g(this,function(c){switch(c.label){case 0:var u;if(c.trys.push([0,7,,8]),e=void 0,void 0===u&&(u=window.location.search),!((iu.test(u)||id.test(u))&&ih.test(u))||n)return[3,3];return[4,l.handleRedirectCallback()];case 1:return i=void 0===(r=(t=c.sent()).appState)?{}:r,a=t.response_type,s=m(t,["appState","response_type"]),[4,l.getUser()];case 2:return e=c.sent(),i.response_type=a,a===e0.ConnectCode&&(i.connectedAccount=s),o(i,e),[3,6];case 3:return[4,l.checkSession()];case 4:return c.sent(),[4,l.getUser()];case 5:e=c.sent(),c.label=6;case 6:return p({type:"INITIALISED",user:e}),[3,8];case 7:return b(im(c.sent())),[3,8];case 8:return[2]}})}))},[l,o,n,b]);var v=(0,d.useCallback)(function(e){return ig(e),l.loginWithRedirect(e)},[l]),k=(0,d.useCallback)(function(e,t){return y(void 0,void 0,void 0,function(){return g(this,function(n){switch(n.label){case 0:p({type:"LOGIN_POPUP_STARTED"}),n.label=1;case 1:return n.trys.push([1,3,,4]),[4,l.loginWithPopup(e,t)];case 2:return n.sent(),[3,4];case 3:return b(im(n.sent())),[2];case 4:return[4,l.getUser()];case 5:return p({type:"LOGIN_POPUP_COMPLETE",user:n.sent()}),[2]}})})},[l,b]),_=(0,d.useCallback)(function(){for(var e=[],t=0;t<arguments.length;t++)e[t]=arguments[t];return y(void 0,function(e,t,n){if(n||2==arguments.length)for(var r,o=0,i=t.length;o<i;o++)!r&&o in t||(r||(r=Array.prototype.slice.call(t,0,o)),r[o]=t[o]);return e.concat(r||Array.prototype.slice.call(t))}([],e,!0),void 0,function(e){return void 0===e&&(e={}),g(this,function(t){switch(t.label){case 0:return[4,l.logout(e)];case 1:return t.sent(),(e.openUrl||!1===e.openUrl)&&p({type:"LOGOUT"}),[2]}})})},[l]),S=(0,d.useCallback)(function(e){return y(void 0,void 0,void 0,function(){var t,n,r;return g(this,function(o){switch(o.label){case 0:return o.trys.push([0,2,3,5]),[4,l.getTokenSilently(e)];case 1:return t=o.sent(),[3,5];case 2:throw iy(o.sent());case 3:return n=p,r={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,l.getUser()];case 4:return n.apply(void 0,[(r.user=o.sent(),r)]),[7];case 5:return[2,t]}})})},[l]),T=(0,d.useCallback)(function(e,t){return y(void 0,void 0,void 0,function(){var n,r,o;return g(this,function(i){switch(i.label){case 0:return i.trys.push([0,2,3,5]),[4,l.getTokenWithPopup(e,t)];case 1:return n=i.sent(),[3,5];case 2:throw iy(i.sent());case 3:return r=p,o={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,l.getUser()];case 4:return r.apply(void 0,[(o.user=i.sent(),o)]),[7];case 5:return[2,n]}})})},[l]),E=(0,d.useCallback)(function(e){return l.connectAccountWithRedirect(e)},[l]),P=(0,d.useCallback)(function(){return l.getIdTokenClaims()},[l]),A=(0,d.useCallback)(function(e){return y(void 0,void 0,void 0,function(){var t,n,r;return g(this,function(o){switch(o.label){case 0:return o.trys.push([0,2,3,5]),[4,l.loginWithCustomTokenExchange(e)];case 1:return t=o.sent(),[3,5];case 2:throw iy(o.sent());case 3:return n=p,r={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,l.getUser()];case 4:return n.apply(void 0,[(r.user=o.sent(),r)]),[7];case 5:return[2,t]}})})},[l]),R=(0,d.useCallback)(function(e){return l.customTokenExchange(e)},[l]),I=(0,d.useCallback)(function(e){return y(void 0,void 0,void 0,function(){return g(this,function(t){return[2,A(e)]})})},[A]),C=(0,d.useCallback)(function(e){return y(void 0,void 0,void 0,function(){var t,n;return g(this,function(r){switch(r.label){case 0:return r.trys.push([0,2,3,5]),[4,l.handleRedirectCallback(e)];case 1:return[2,r.sent()];case 2:throw iy(r.sent());case 3:return t=p,n={type:"HANDLE_REDIRECT_COMPLETE"},[4,l.getUser()];case 4:return t.apply(void 0,[(n.user=r.sent(),n)]),[7];case 5:return[2]}})})},[l]),x=(0,d.useCallback)(function(e){return l.getDpopNonce(e)},[l]),O=(0,d.useCallback)(function(e,t){return l.setDpopNonce(e,t)},[l]),j=(0,d.useCallback)(function(e){return l.generateDpopProof(e)},[l]),W=(0,d.useCallback)(function(e){return l.createFetcher(e)},[l]),U=(0,d.useCallback)(function(){return l.getConfiguration()},[l]),K=(0,d.useMemo)(function(){return l.mfa},[l]),L=(0,d.useMemo)(function(){return f(f({},h),{getAccessTokenSilently:S,getAccessTokenWithPopup:T,getIdTokenClaims:P,loginWithCustomTokenExchange:A,customTokenExchange:R,exchangeToken:I,loginWithRedirect:v,loginWithPopup:k,connectAccountWithRedirect:E,logout:_,handleRedirectCallback:C,getDpopNonce:x,setDpopNonce:O,generateDpopProof:j,createFetcher:W,getConfiguration:U,mfa:K})},[h,S,T,P,A,R,I,v,k,E,_,C,x,O,j,W,U,K]);return d.createElement(a.Provider,{value:L},t)},ik=function(e){return void 0===e&&(e=ic),(0,d.useContext)(e)}}}]);