npm - @authsignal/browser - Versions diffs - 0.3.4 → 0.3.6 - Mend

@authsignal/browser 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -90,1661 +90,1664 @@ var AuthsignalWindowMessage;
     AuthsignalWindowMessage["AUTHSIGNAL_CLOSE_POPUP"] = "AUTHSIGNAL_CLOSE_POPUP";
 })(AuthsignalWindowMessage || (AuthsignalWindowMessage = {}));
-var DEFAULT_WIDTH$1 = 400;
-var DEFAULT_HEIGHT = 500;
-var WindowHandler = /** @class */ (function () {
-    function WindowHandler() {
-        this.windowRef = null;
-    }
-    WindowHandler.prototype.show = function (_a) {
-        var url = _a.url, _b = _a.width, width = _b === void 0 ? DEFAULT_WIDTH$1 : _b, _c = _a.height, height = _c === void 0 ? DEFAULT_HEIGHT : _c;
-        var windowRef = openWindow({ url: url, width: width, height: height, win: window });
-        if (!windowRef) {
-            throw new Error("Window is not initialized");
-        }
-        this.windowRef = windowRef;
-        return windowRef;
-    };
-    WindowHandler.prototype.close = function () {
-        if (!this.windowRef) {
-            throw new Error("Window is not initialized");
-        }
-        this.windowRef.close();
-    };
-    return WindowHandler;
-}());
-function openWindow(_a) {
-    var url = _a.url, width = _a.width, height = _a.height, win = _a.win;
-    if (!win.top) {
-        return null;
-    }
-    var y = win.top.outerHeight / 2 + win.top.screenY - height / 2;
-    var x = win.top.outerWidth / 2 + win.top.screenX - width / 2;
-    return window.open(url, "", "toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(width, ", height=").concat(height, ", top=").concat(y, ", left=").concat(x));
+/******************************************************************************
+Copyright (c) Microsoft Corporation.
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+***************************************************************************** */
+function __rest(s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+}
+function __awaiter(thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+}
+function __generator(thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
 }
-var focusableSelectors = [
-  'a[href]:not([tabindex^="-"])',
-  'area[href]:not([tabindex^="-"])',
-  'input:not([type="hidden"]):not([type="radio"]):not([disabled]):not([tabindex^="-"])',
-  'input[type="radio"]:not([disabled]):not([tabindex^="-"])',
-  'select:not([disabled]):not([tabindex^="-"])',
-  'textarea:not([disabled]):not([tabindex^="-"])',
-  'button:not([disabled]):not([tabindex^="-"])',
-  'iframe:not([tabindex^="-"])',
-  'audio[controls]:not([tabindex^="-"])',
-  'video[controls]:not([tabindex^="-"])',
-  '[contenteditable]:not([tabindex^="-"])',
-  '[tabindex]:not([tabindex^="-"])',
-];
-var TAB_KEY = 'Tab';
-var ESCAPE_KEY = 'Escape';
-/**
- * Define the constructor to instantiate a dialog
- *
- * @constructor
- * @param {Element} element
- */
-function A11yDialog(element) {
-  // Prebind the functions that will be bound in addEventListener and
-  // removeEventListener to avoid losing references
-  this._show = this.show.bind(this);
-  this._hide = this.hide.bind(this);
-  this._maintainFocus = this._maintainFocus.bind(this);
-  this._bindKeypress = this._bindKeypress.bind(this);
-  this.$el = element;
-  this.shown = false;
-  this._id = this.$el.getAttribute('data-a11y-dialog') || this.$el.id;
-  this._previouslyFocused = null;
-  this._listeners = {};
-  // Initialise everything needed for the dialog to work properly
-  this.create();
+/* [@simplewebauthn/browser@8.2.1] */
+function utf8StringToBuffer(value) {
+    return new TextEncoder().encode(value);
 }
-/**
- * Set up everything necessary for the dialog to be functioning
- *
- * @param {(NodeList | Element | string)} targets
- * @return {this}
- */
-A11yDialog.prototype.create = function () {
-  this.$el.setAttribute('aria-hidden', true);
-  this.$el.setAttribute('aria-modal', true);
-  this.$el.setAttribute('tabindex', -1);
-  if (!this.$el.hasAttribute('role')) {
-    this.$el.setAttribute('role', 'dialog');
-  }
-  // Keep a collection of dialog openers, each of which will be bound a click
-  // event listener to open the dialog
-  this._openers = $$('[data-a11y-dialog-show="' + this._id + '"]');
-  this._openers.forEach(
-    function (opener) {
-      opener.addEventListener('click', this._show);
-    }.bind(this)
-  );
-  // Keep a collection of dialog closers, each of which will be bound a click
-  // event listener to close the dialog
-  const $el = this.$el;
-  this._closers = $$('[data-a11y-dialog-hide]', this.$el)
-    // This filter is necessary in case there are nested dialogs, so that
-    // only closers from the current dialog are retrieved and effective
-    .filter(function (closer) {
-      // Testing for `[aria-modal="true"]` is not enough since this attribute
-      // and the collect of closers is done at instantation time, when nested
-      // dialogs might not have yet been instantiated. Note that if the dialogs
-      // are manually instantiated, this could still fail because none of these
-      // selectors would match; this would cause closers to close all parent
-      // dialogs instead of just the current one
-      return closer.closest('[aria-modal="true"], [data-a11y-dialog]') === $el
-    })
-    .concat($$('[data-a11y-dialog-hide="' + this._id + '"]'));
-  this._closers.forEach(
-    function (closer) {
-      closer.addEventListener('click', this._hide);
-    }.bind(this)
-  );
+function bufferToBase64URLString(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let str = '';
+    for (const charCode of bytes) {
+        str += String.fromCharCode(charCode);
+    }
+    const base64String = btoa(str);
+    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}
-  // Execute all callbacks registered for the `create` event
-  this._fire('create');
+function base64URLStringToBuffer(base64URLString) {
+    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
+    const padLength = (4 - (base64.length % 4)) % 4;
+    const padded = base64.padEnd(base64.length + padLength, '=');
+    const binary = atob(padded);
+    const buffer = new ArrayBuffer(binary.length);
+    const bytes = new Uint8Array(buffer);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return buffer;
+}
-  return this
-};
+function browserSupportsWebAuthn() {
+    return (window?.PublicKeyCredential !== undefined &&
+        typeof window.PublicKeyCredential === 'function');
+}
-/**
- * Show the dialog element, disable all the targets (siblings), trap the
- * current focus within it, listen for some specific key presses and fire all
- * registered callbacks for `show` event
- *
- * @param {CustomEvent} event
- * @return {this}
- */
-A11yDialog.prototype.show = function (event) {
-  // If the dialog is already open, abort
-  if (this.shown) {
-    return this
-  }
+function toPublicKeyCredentialDescriptor(descriptor) {
+    const { id } = descriptor;
+    return {
+        ...descriptor,
+        id: base64URLStringToBuffer(id),
+        transports: descriptor.transports,
+    };
+}
-  // Keep a reference to the currently focused element to be able to restore
-  // it later
-  this._previouslyFocused = document.activeElement;
-  this.$el.removeAttribute('aria-hidden');
-  this.shown = true;
+function isValidDomain(hostname) {
+    return (hostname === 'localhost' ||
+        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
+}
-  // Set the focus to the dialog element
-  moveFocusToDialog(this.$el);
+class WebAuthnError extends Error {
+    constructor({ message, code, cause, name, }) {
+        super(message, { cause });
+        this.name = name ?? cause.name;
+        this.code = code;
+    }
+}
-  // Bind a focus event listener to the body element to make sure the focus
-  // stays trapped inside the dialog while open, and start listening for some
-  // specific key presses (TAB and ESC)
-  document.body.addEventListener('focus', this._maintainFocus, true);
-  document.addEventListener('keydown', this._bindKeypress);
-  // Execute all callbacks registered for the `show` event
-  this._fire('show', event);
-  return this
-};
-/**
- * Hide the dialog element, enable all the targets (siblings), restore the
- * focus to the previously active element, stop listening for some specific
- * key presses and fire all registered callbacks for `hide` event
- *
- * @param {CustomEvent} event
- * @return {this}
- */
-A11yDialog.prototype.hide = function (event) {
-  // If the dialog is already closed, abort
-  if (!this.shown) {
-    return this
-  }
-  this.shown = false;
-  this.$el.setAttribute('aria-hidden', 'true');
+function identifyRegistrationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            return new WebAuthnError({
+                message: 'Registration ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'ConstraintError') {
+        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
+            return new WebAuthnError({
+                message: 'Discoverable credentials were required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
+                cause: error,
+            });
+        }
+        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
+            return new WebAuthnError({
+                message: 'User verification was required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'InvalidStateError') {
+        return new WebAuthnError({
+            message: 'The authenticator was previously registered',
+            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotAllowedError') {
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotSupportedError') {
+        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
+        if (validPubKeyCredParams.length === 0) {
+            return new WebAuthnError({
+                message: 'No entry in pubKeyCredParams was of type "public-key"',
+                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
+                cause: error,
+            });
+        }
+        return new WebAuthnError({
+            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
+            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = window.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            return new WebAuthnError({
+                message: `${window.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rp.id !== effectiveDomain) {
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'TypeError') {
+        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+            return new WebAuthnError({
+                message: 'User ID was not between 1 and 64 characters',
+                code: 'ERROR_INVALID_USER_ID_LENGTH',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}
-  // If there was a focused element before the dialog was opened (and it has a
-  // `focus` method), restore the focus back to it
-  // See: https://github.com/KittyGiraudel/a11y-dialog/issues/108
-  if (this._previouslyFocused && this._previouslyFocused.focus) {
-    this._previouslyFocused.focus();
-  }
+class WebAuthnAbortService {
+    createNewAbortSignal() {
+        if (this.controller) {
+            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+        }
+        const newController = new AbortController();
+        this.controller = newController;
+        return newController.signal;
+    }
+}
+const webauthnAbortService = new WebAuthnAbortService();
-  // Remove the focus event listener to the body element and stop listening
-  // for specific key presses
-  document.body.removeEventListener('focus', this._maintainFocus, true);
-  document.removeEventListener('keydown', this._bindKeypress);
+const attachments = ['cross-platform', 'platform'];
+function toAuthenticatorAttachment(attachment) {
+    if (!attachment) {
+        return;
+    }
+    if (attachments.indexOf(attachment) < 0) {
+        return;
+    }
+    return attachment;
+}
-  // Execute all callbacks registered for the `hide` event
-  this._fire('hide', event);
+async function startRegistration(creationOptionsJSON) {
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    const publicKey = {
+        ...creationOptionsJSON,
+        challenge: base64URLStringToBuffer(creationOptionsJSON.challenge),
+        user: {
+            ...creationOptionsJSON.user,
+            id: utf8StringToBuffer(creationOptionsJSON.user.id),
+        },
+        excludeCredentials: creationOptionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
+    };
+    const options = { publicKey };
+    options.signal = webauthnAbortService.createNewAbortSignal();
+    let credential;
+    try {
+        credential = (await navigator.credentials.create(options));
+    }
+    catch (err) {
+        throw identifyRegistrationError({ error: err, options });
+    }
+    if (!credential) {
+        throw new Error('Registration was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    let transports = undefined;
+    if (typeof response.getTransports === 'function') {
+        transports = response.getTransports();
+    }
+    let responsePublicKeyAlgorithm = undefined;
+    if (typeof response.getPublicKeyAlgorithm === 'function') {
+        try {
+            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
+        }
+    }
+    let responsePublicKey = undefined;
+    if (typeof response.getPublicKey === 'function') {
+        try {
+            const _publicKey = response.getPublicKey();
+            if (_publicKey !== null) {
+                responsePublicKey = bufferToBase64URLString(_publicKey);
+            }
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKey()', error);
+        }
+    }
+    let responseAuthenticatorData;
+    if (typeof response.getAuthenticatorData === 'function') {
+        try {
+            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getAuthenticatorData()', error);
+        }
+    }
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            attestationObject: bufferToBase64URLString(response.attestationObject),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            transports,
+            publicKeyAlgorithm: responsePublicKeyAlgorithm,
+            publicKey: responsePublicKey,
+            authenticatorData: responseAuthenticatorData,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}
+function warnOnBrokenImplementation(methodName, cause) {
+    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
+}
-  return this
-};
+function bufferToUTF8String(value) {
+    return new TextDecoder('utf-8').decode(value);
+}
-/**
- * Destroy the current instance (after making sure the dialog has been hidden)
- * and remove all associated listeners from dialog openers and closers
- *
- * @return {this}
- */
-A11yDialog.prototype.destroy = function () {
-  // Hide the dialog to avoid destroying an open instance
-  this.hide();
+function browserSupportsWebAuthnAutofill() {
+    const globalPublicKeyCredential = window
+        .PublicKeyCredential;
+    if (globalPublicKeyCredential.isConditionalMediationAvailable === undefined) {
+        return new Promise((resolve) => resolve(false));
+    }
+    return globalPublicKeyCredential.isConditionalMediationAvailable();
+}
-  // Remove the click event listener from all dialog openers
-  this._openers.forEach(
-    function (opener) {
-      opener.removeEventListener('click', this._show);
-    }.bind(this)
-  );
-  // Remove the click event listener from all dialog closers
-  this._closers.forEach(
-    function (closer) {
-      closer.removeEventListener('click', this._hide);
-    }.bind(this)
-  );
-  // Execute all callbacks registered for the `destroy` event
-  this._fire('destroy');
+function identifyAuthenticationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            return new WebAuthnError({
+                message: 'Authentication ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'NotAllowedError') {
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = window.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            return new WebAuthnError({
+                message: `${window.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rpId !== effectiveDomain) {
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}
-  // Keep an object of listener types mapped to callback functions
-  this._listeners = {};
+async function startAuthentication(requestOptionsJSON, useBrowserAutofill = false) {
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    let allowCredentials;
+    if (requestOptionsJSON.allowCredentials?.length !== 0) {
+        allowCredentials = requestOptionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
+    }
+    const publicKey = {
+        ...requestOptionsJSON,
+        challenge: base64URLStringToBuffer(requestOptionsJSON.challenge),
+        allowCredentials,
+    };
+    const options = {};
+    if (useBrowserAutofill) {
+        if (!(await browserSupportsWebAuthnAutofill())) {
+            throw Error('Browser does not support WebAuthn autofill');
+        }
+        const eligibleInputs = document.querySelectorAll('input[autocomplete*=\'webauthn\']');
+        if (eligibleInputs.length < 1) {
+            throw Error('No <input> with `"webauthn"` in its `autocomplete` attribute was detected');
+        }
+        options.mediation = 'conditional';
+        publicKey.allowCredentials = [];
+    }
+    options.publicKey = publicKey;
+    options.signal = webauthnAbortService.createNewAbortSignal();
+    let credential;
+    try {
+        credential = (await navigator.credentials.get(options));
+    }
+    catch (err) {
+        throw identifyAuthenticationError({ error: err, options });
+    }
+    if (!credential) {
+        throw new Error('Authentication was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    let userHandle = undefined;
+    if (response.userHandle) {
+        userHandle = bufferToUTF8String(response.userHandle);
+    }
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            authenticatorData: bufferToBase64URLString(response.authenticatorData),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            signature: bufferToBase64URLString(response.signature),
+            userHandle,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}
-  return this
-};
+// eslint-lint-disable-next-line @typescript-eslint/naming-convention
+class HTTPError extends Error {
+    constructor(response, request, options) {
+        const code = (response.status || response.status === 0) ? response.status : '';
+        const title = response.statusText || '';
+        const status = `${code} ${title}`.trim();
+        const reason = status ? `status code ${status}` : 'an unknown error';
+        super(`Request failed with ${reason}`);
+        Object.defineProperty(this, "response", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "request", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "options", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.name = 'HTTPError';
+        this.response = response;
+        this.request = request;
+        this.options = options;
+    }
+}
-/**
- * Register a new callback for the given event type
- *
- * @param {string} type
- * @param {Function} handler
- */
-A11yDialog.prototype.on = function (type, handler) {
-  if (typeof this._listeners[type] === 'undefined') {
-    this._listeners[type] = [];
-  }
+class TimeoutError extends Error {
+    constructor(request) {
+        super('Request timed out');
+        Object.defineProperty(this, "request", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.name = 'TimeoutError';
+        this.request = request;
+    }
+}
-  this._listeners[type].push(handler);
+// eslint-disable-next-line @typescript-eslint/ban-types
+const isObject = (value) => value !== null && typeof value === 'object';
-  return this
+const validateAndMerge = (...sources) => {
+    for (const source of sources) {
+        if ((!isObject(source) || Array.isArray(source)) && typeof source !== 'undefined') {
+            throw new TypeError('The `options` argument must be an object');
+        }
+    }
+    return deepMerge({}, ...sources);
 };
-/**
- * Unregister an existing callback for the given event type
- *
- * @param {string} type
- * @param {Function} handler
- */
-A11yDialog.prototype.off = function (type, handler) {
-  var index = (this._listeners[type] || []).indexOf(handler);
-  if (index > -1) {
-    this._listeners[type].splice(index, 1);
-  }
-  return this
+const mergeHeaders = (source1 = {}, source2 = {}) => {
+    const result = new globalThis.Headers(source1);
+    const isHeadersInstance = source2 instanceof globalThis.Headers;
+    const source = new globalThis.Headers(source2);
+    for (const [key, value] of source.entries()) {
+        if ((isHeadersInstance && value === 'undefined') || value === undefined) {
+            result.delete(key);
+        }
+        else {
+            result.set(key, value);
+        }
+    }
+    return result;
+};
+// TODO: Make this strongly-typed (no `any`).
+const deepMerge = (...sources) => {
+    let returnValue = {};
+    let headers = {};
+    for (const source of sources) {
+        if (Array.isArray(source)) {
+            if (!Array.isArray(returnValue)) {
+                returnValue = [];
+            }
+            returnValue = [...returnValue, ...source];
+        }
+        else if (isObject(source)) {
+            for (let [key, value] of Object.entries(source)) {
+                if (isObject(value) && key in returnValue) {
+                    value = deepMerge(returnValue[key], value);
+                }
+                returnValue = { ...returnValue, [key]: value };
+            }
+            if (isObject(source.headers)) {
+                headers = mergeHeaders(headers, source.headers);
+                returnValue.headers = headers;
+            }
+        }
+    }
+    return returnValue;
 };
-/**
- * Iterate over all registered handlers for given type and call them all with
- * the dialog element as first argument, event as second argument (if any). Also
- * dispatch a custom event on the DOM element itself to make it possible to
- * react to the lifecycle of auto-instantiated dialogs.
- *
- * @access private
- * @param {string} type
- * @param {CustomEvent} event
- */
-A11yDialog.prototype._fire = function (type, event) {
-  var listeners = this._listeners[type] || [];
-  var domEvent = new CustomEvent(type, { detail: event });
-  this.$el.dispatchEvent(domEvent);
-  listeners.forEach(
-    function (listener) {
-      listener(this.$el, event);
-    }.bind(this)
-  );
+const supportsRequestStreams = (() => {
+    let duplexAccessed = false;
+    let hasContentType = false;
+    const supportsReadableStream = typeof globalThis.ReadableStream === 'function';
+    const supportsRequest = typeof globalThis.Request === 'function';
+    if (supportsReadableStream && supportsRequest) {
+        hasContentType = new globalThis.Request('https://a.com', {
+            body: new globalThis.ReadableStream(),
+            method: 'POST',
+            // @ts-expect-error - Types are outdated.
+            get duplex() {
+                duplexAccessed = true;
+                return 'half';
+            },
+        }).headers.has('Content-Type');
+    }
+    return duplexAccessed && !hasContentType;
+})();
+const supportsAbortController = typeof globalThis.AbortController === 'function';
+const supportsResponseStreams = typeof globalThis.ReadableStream === 'function';
+const supportsFormData = typeof globalThis.FormData === 'function';
+const requestMethods = ['get', 'post', 'put', 'patch', 'head', 'delete'];
+const responseTypes = {
+    json: 'application/json',
+    text: 'text/*',
+    formData: 'multipart/form-data',
+    arrayBuffer: '*/*',
+    blob: '*/*',
 };
+// The maximum value of a 32bit int (see issue #117)
+const maxSafeTimeout = 2147483647;
+const stop = Symbol('stop');
-/**
- * Private event handler used when listening to some specific key presses
- * (namely ESCAPE and TAB)
- *
- * @access private
- * @param {Event} event
- */
-A11yDialog.prototype._bindKeypress = function (event) {
-  // This is an escape hatch in case there are nested dialogs, so the keypresses
-  // are only reacted to for the most recent one
-  const focused = document.activeElement;
-  if (focused && focused.closest('[aria-modal="true"]') !== this.$el) return
-  // If the dialog is shown and the ESCAPE key is being pressed, prevent any
-  // further effects from the ESCAPE key and hide the dialog, unless its role
-  // is 'alertdialog', which should be modal
-  if (
-    this.shown &&
-    event.key === ESCAPE_KEY &&
-    this.$el.getAttribute('role') !== 'alertdialog'
-  ) {
-    event.preventDefault();
-    this.hide(event);
-  }
-  // If the dialog is shown and the TAB key is being pressed, make sure the
-  // focus stays trapped within the dialog element
-  if (this.shown && event.key === TAB_KEY) {
-    trapTabKey(this.$el, event);
-  }
+const normalizeRequestMethod = (input) => requestMethods.includes(input) ? input.toUpperCase() : input;
+const retryMethods = ['get', 'put', 'head', 'delete', 'options', 'trace'];
+const retryStatusCodes = [408, 413, 429, 500, 502, 503, 504];
+const retryAfterStatusCodes = [413, 429, 503];
+const defaultRetryOptions = {
+    limit: 2,
+    methods: retryMethods,
+    statusCodes: retryStatusCodes,
+    afterStatusCodes: retryAfterStatusCodes,
+    maxRetryAfter: Number.POSITIVE_INFINITY,
+    backoffLimit: Number.POSITIVE_INFINITY,
 };
-/**
- * Private event handler used when making sure the focus stays within the
- * currently open dialog
- *
- * @access private
- * @param {Event} event
- */
-A11yDialog.prototype._maintainFocus = function (event) {
-  // If the dialog is shown and the focus is not within a dialog element (either
-  // this one or another one in case of nested dialogs) or within an element
-  // with the `data-a11y-dialog-focus-trap-ignore` attribute, move it back to
-  // its first focusable child.
-  // See: https://github.com/KittyGiraudel/a11y-dialog/issues/177
-  if (
-    this.shown &&
-    !event.target.closest('[aria-modal="true"]') &&
-    !event.target.closest('[data-a11y-dialog-ignore-focus-trap]')
-  ) {
-    moveFocusToDialog(this.$el);
-  }
+const normalizeRetryOptions = (retry = {}) => {
+    if (typeof retry === 'number') {
+        return {
+            ...defaultRetryOptions,
+            limit: retry,
+        };
+    }
+    if (retry.methods && !Array.isArray(retry.methods)) {
+        throw new Error('retry.methods must be an array');
+    }
+    if (retry.statusCodes && !Array.isArray(retry.statusCodes)) {
+        throw new Error('retry.statusCodes must be an array');
+    }
+    return {
+        ...defaultRetryOptions,
+        ...retry,
+        afterStatusCodes: retryAfterStatusCodes,
+    };
 };
-/**
- * Convert a NodeList into an array
- *
- * @param {NodeList} collection
- * @return {Array<Element>}
- */
-function toArray(collection) {
-  return Array.prototype.slice.call(collection)
-}
-/**
- * Query the DOM for nodes matching the given selector, scoped to context (or
- * the whole document)
- *
- * @param {String} selector
- * @param {Element} [context = document]
- * @return {Array<Element>}
- */
-function $$(selector, context) {
-  return toArray((context || document).querySelectorAll(selector))
-}
-/**
- * Set the focus to the first element with `autofocus` with the element or the
- * element itself
- *
- * @param {Element} node
- */
-function moveFocusToDialog(node) {
-  var focused = node.querySelector('[autofocus]') || node;
-  focused.focus();
-}
-/**
- * Get the focusable children of the given element
- *
- * @param {Element} node
- * @return {Array<Element>}
- */
-function getFocusableChildren(node) {
-  return $$(focusableSelectors.join(','), node).filter(function (child) {
-    return !!(
-      child.offsetWidth ||
-      child.offsetHeight ||
-      child.getClientRects().length
-    )
-  })
+// `Promise.race()` workaround (#91)
+async function timeout(request, abortController, options) {
+    return new Promise((resolve, reject) => {
+        const timeoutId = setTimeout(() => {
+            if (abortController) {
+                abortController.abort();
+            }
+            reject(new TimeoutError(request));
+        }, options.timeout);
+        void options
+            .fetch(request)
+            .then(resolve)
+            .catch(reject)
+            .then(() => {
+            clearTimeout(timeoutId);
+        });
+    });
 }
-/**
- * Trap the focus inside the given element
- *
- * @param {Element} node
- * @param {Event} event
- */
-function trapTabKey(node, event) {
-  var focusableChildren = getFocusableChildren(node);
-  var focusedItemIndex = focusableChildren.indexOf(document.activeElement);
-  // If the SHIFT key is being pressed while tabbing (moving backwards) and
-  // the currently focused item is the first one, move the focus to the last
-  // focusable item from the dialog element
-  if (event.shiftKey && focusedItemIndex === 0) {
-    focusableChildren[focusableChildren.length - 1].focus();
-    event.preventDefault();
-    // If the SHIFT key is not being pressed (moving forwards) and the currently
-    // focused item is the last one, move the focus to the first focusable item
-    // from the dialog element
-  } else if (
-    !event.shiftKey &&
-    focusedItemIndex === focusableChildren.length - 1
-  ) {
-    focusableChildren[0].focus();
-    event.preventDefault();
-  }
+// DOMException is supported on most modern browsers and Node.js 18+.
+// @see https://developer.mozilla.org/en-US/docs/Web/API/DOMException#browser_compatibility
+const isDomExceptionSupported = Boolean(globalThis.DOMException);
+// TODO: When targeting Node.js 18, use `signal.throwIfAborted()` (https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal/throwIfAborted)
+function composeAbortError(signal) {
+    /*
+    NOTE: Use DomException with AbortError name as specified in MDN docs (https://developer.mozilla.org/en-US/docs/Web/API/AbortController/abort)
+    > When abort() is called, the fetch() promise rejects with an Error of type DOMException, with name AbortError.
+    */
+    if (isDomExceptionSupported) {
+        return new DOMException(signal?.reason ?? 'The operation was aborted.', 'AbortError');
+    }
+    // DOMException not supported. Fall back to use of error and override name.
+    const error = new Error(signal?.reason ?? 'The operation was aborted.');
+    error.name = 'AbortError';
+    return error;
 }
-function instantiateDialogs() {
-  $$('[data-a11y-dialog]').forEach(function (node) {
-    new A11yDialog(node);
-  });
+// https://github.com/sindresorhus/delay/tree/ab98ae8dfcb38e1593286c94d934e70d14a4e111
+async function delay(ms, { signal }) {
+    return new Promise((resolve, reject) => {
+        if (signal) {
+            if (signal.aborted) {
+                reject(composeAbortError(signal));
+                return;
+            }
+            signal.addEventListener('abort', handleAbort, { once: true });
+        }
+        function handleAbort() {
+            reject(composeAbortError(signal));
+            clearTimeout(timeoutId);
+        }
+        const timeoutId = setTimeout(() => {
+            signal?.removeEventListener('abort', handleAbort);
+            resolve();
+        }, ms);
+    });
 }
-if (typeof document !== 'undefined') {
-  if (document.readyState === 'loading') {
-    document.addEventListener('DOMContentLoaded', instantiateDialogs);
-  } else {
-    if (window.requestAnimationFrame) {
-      window.requestAnimationFrame(instantiateDialogs);
-    } else {
-      window.setTimeout(instantiateDialogs, 16);
-    }
-  }
-}
-var CONTAINER_ID = "__authsignal-popup-container";
-var CONTENT_ID = "__authsignal-popup-content";
-var OVERLAY_ID = "__authsignal-popup-overlay";
-var STYLE_ID = "__authsignal-popup-style";
-var IFRAME_ID = "__authsignal-popup-iframe";
-var DEFAULT_WIDTH = "385px";
-var INITIAL_HEIGHT = "384px";
-var PopupHandler = /** @class */ (function () {
-    function PopupHandler(_a) {
-        var width = _a.width;
-        this.popup = null;
-        if (document.querySelector("#".concat(CONTAINER_ID))) {
-            throw new Error("Multiple instances of Authsignal popup is not supported.");
+class Ky {
+    // eslint-disable-next-line @typescript-eslint/promise-function-async
+    static create(input, options) {
+        const ky = new Ky(input, options);
+        const fn = async () => {
+            if (ky._options.timeout > maxSafeTimeout) {
+                throw new RangeError(`The \`timeout\` option cannot be greater than ${maxSafeTimeout}`);
+            }
+            // Delay the fetch so that body method shortcuts can set the Accept header
+            await Promise.resolve();
+            let response = await ky._fetch();
+            for (const hook of ky._options.hooks.afterResponse) {
+                // eslint-disable-next-line no-await-in-loop
+                const modifiedResponse = await hook(ky.request, ky._options, ky._decorateResponse(response.clone()));
+                if (modifiedResponse instanceof globalThis.Response) {
+                    response = modifiedResponse;
+                }
+            }
+            ky._decorateResponse(response);
+            if (!response.ok && ky._options.throwHttpErrors) {
+                let error = new HTTPError(response, ky.request, ky._options);
+                for (const hook of ky._options.hooks.beforeError) {
+                    // eslint-disable-next-line no-await-in-loop
+                    error = await hook(error);
+                }
+                throw error;
+            }
+            // If `onDownloadProgress` is passed, it uses the stream API internally
+            /* istanbul ignore next */
+            if (ky._options.onDownloadProgress) {
+                if (typeof ky._options.onDownloadProgress !== 'function') {
+                    throw new TypeError('The `onDownloadProgress` option must be a function');
+                }
+                if (!supportsResponseStreams) {
+                    throw new Error('Streams are not supported in your environment. `ReadableStream` is missing.');
+                }
+                return ky._stream(response.clone(), ky._options.onDownloadProgress);
+            }
+            return response;
+        };
+        const isRetriableMethod = ky._options.retry.methods.includes(ky.request.method.toLowerCase());
+        const result = (isRetriableMethod ? ky._retry(fn) : fn());
+        for (const [type, mimeType] of Object.entries(responseTypes)) {
+            result[type] = async () => {
+                // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+                ky.request.headers.set('accept', ky.request.headers.get('accept') || mimeType);
+                const awaitedResult = await result;
+                const response = awaitedResult.clone();
+                if (type === 'json') {
+                    if (response.status === 204) {
+                        return '';
+                    }
+                    const arrayBuffer = await response.clone().arrayBuffer();
+                    const responseSize = arrayBuffer.byteLength;
+                    if (responseSize === 0) {
+                        return '';
+                    }
+                    if (options.parseJson) {
+                        return options.parseJson(await response.text());
+                    }
+                }
+                return response[type]();
+            };
         }
-        this.create({ width: width });
+        return result;
     }
-    PopupHandler.prototype.create = function (_a) {
-        var _this = this;
-        var _b = _a.width, width = _b === void 0 ? DEFAULT_WIDTH : _b;
-        var isWidthValidCSSValue = CSS.supports("width", width);
-        var popupWidth = width;
-        if (!isWidthValidCSSValue) {
-            console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead.");
-            popupWidth = DEFAULT_WIDTH;
-        }
-        // Create dialog container
-        var container = document.createElement("div");
-        container.setAttribute("id", CONTAINER_ID);
-        container.setAttribute("aria-hidden", "true");
-        // Create dialog overlay
-        var overlay = document.createElement("div");
-        overlay.setAttribute("id", OVERLAY_ID);
-        overlay.setAttribute("data-a11y-dialog-hide", "true");
-        // Create dialog content
-        var content = document.createElement("div");
-        content.setAttribute("id", CONTENT_ID);
-        document.body.appendChild(container);
-        // Create CSS for dialog
-        var style = document.createElement("style");
-        style.setAttribute("id", STYLE_ID);
-        style.textContent = "\n      #".concat(CONTAINER_ID, ",\n      #").concat(OVERLAY_ID, " {\n        position: fixed;\n        top: 0;\n        right: 0;\n        bottom: 0;\n        left: 0;\n      }\n\n      #").concat(CONTAINER_ID, " {\n        z-index: 2147483647;\n        display: flex;\n      }\n\n      #").concat(CONTAINER_ID, "[aria-hidden='true'] {\n        display: none;\n      }\n\n      #").concat(OVERLAY_ID, " {\n        background-color: rgba(0, 0, 0, 0.18);\n      }\n\n      #").concat(CONTENT_ID, " {\n        margin: auto;\n        z-index: 2147483647;\n        position: relative;\n        background-color: transparent;\n        border-radius: 8px;\n        width: ").concat(popupWidth, ";\n      }\n\n      #").concat(CONTENT_ID, " iframe {\n        width: 1px;\n        min-width: 100%;\n        border-radius: inherit;\n        max-height: 95vh;\n        height: ").concat(INITIAL_HEIGHT, ";\n      }\n    ");
-        // Attach the created elements
-        document.head.insertAdjacentElement("beforeend", style);
-        container.appendChild(overlay);
-        container.appendChild(content);
-        this.popup = new A11yDialog(container);
-        // Make sure to remove any trace of the dialog on hide
-        this.popup.on("hide", function () {
-            _this.destroy();
+    // eslint-disable-next-line complexity
+    constructor(input, options = {}) {
+        Object.defineProperty(this, "request", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
         });
-    };
-    PopupHandler.prototype.destroy = function () {
-        var dialogEl = document.querySelector("#".concat(CONTAINER_ID));
-        var styleEl = document.querySelector("#".concat(STYLE_ID));
-        if (dialogEl && styleEl) {
-            document.body.removeChild(dialogEl);
-            document.head.removeChild(styleEl);
+        Object.defineProperty(this, "abortController", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_retryCount", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 0
+        });
+        Object.defineProperty(this, "_input", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_options", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this._input = input;
+        this._options = {
+            // TODO: credentials can be removed when the spec change is implemented in all browsers. Context: https://www.chromestatus.com/feature/4539473312350208
+            credentials: this._input.credentials || 'same-origin',
+            ...options,
+            headers: mergeHeaders(this._input.headers, options.headers),
+            hooks: deepMerge({
+                beforeRequest: [],
+                beforeRetry: [],
+                beforeError: [],
+                afterResponse: [],
+            }, options.hooks),
+            method: normalizeRequestMethod(options.method ?? this._input.method),
+            // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+            prefixUrl: String(options.prefixUrl || ''),
+            retry: normalizeRetryOptions(options.retry),
+            throwHttpErrors: options.throwHttpErrors !== false,
+            timeout: typeof options.timeout === 'undefined' ? 10000 : options.timeout,
+            fetch: options.fetch ?? globalThis.fetch.bind(globalThis),
+        };
+        if (typeof this._input !== 'string' && !(this._input instanceof URL || this._input instanceof globalThis.Request)) {
+            throw new TypeError('`input` must be a string, URL, or Request');
         }
-        window.removeEventListener("message", resizeIframe);
-    };
-    PopupHandler.prototype.show = function (_a) {
-        var _b;
-        var url = _a.url;
-        if (!this.popup) {
-            throw new Error("Popup is not initialized");
+        if (this._options.prefixUrl && typeof this._input === 'string') {
+            if (this._input.startsWith('/')) {
+                throw new Error('`input` must not begin with a slash when using `prefixUrl`');
+            }
+            if (!this._options.prefixUrl.endsWith('/')) {
+                this._options.prefixUrl += '/';
+            }
+            this._input = this._options.prefixUrl + this._input;
         }
-        var iframe = document.createElement("iframe");
-        iframe.setAttribute("id", IFRAME_ID);
-        iframe.setAttribute("name", "authsignal");
-        iframe.setAttribute("title", "Authsignal multi-factor authentication");
-        iframe.setAttribute("src", url);
-        iframe.setAttribute("frameborder", "0");
-        iframe.setAttribute("allow", "publickey-credentials-get *; publickey-credentials-create *; clipboard-write");
-        var dialogContent = document.querySelector("#".concat(CONTENT_ID));
-        if (dialogContent) {
-            dialogContent.appendChild(iframe);
+        if (supportsAbortController) {
+            this.abortController = new globalThis.AbortController();
+            if (this._options.signal) {
+                const originalSignal = this._options.signal;
+                this._options.signal.addEventListener('abort', () => {
+                    this.abortController.abort(originalSignal.reason);
+                });
+            }
+            this._options.signal = this.abortController.signal;
         }
-        window.addEventListener("message", resizeIframe);
-        (_b = this.popup) === null || _b === void 0 ? void 0 : _b.show();
-    };
-    PopupHandler.prototype.close = function () {
-        if (!this.popup) {
-            throw new Error("Popup is not initialized");
+        if (supportsRequestStreams) {
+            // @ts-expect-error - Types are outdated.
+            this._options.duplex = 'half';
         }
-        this.popup.hide();
-    };
-    PopupHandler.prototype.on = function (event, handler) {
-        if (!this.popup) {
-            throw new Error("Popup is not initialized");
+        this.request = new globalThis.Request(this._input, this._options);
+        if (this._options.searchParams) {
+            // eslint-disable-next-line unicorn/prevent-abbreviations
+            const textSearchParams = typeof this._options.searchParams === 'string'
+                ? this._options.searchParams.replace(/^\?/, '')
+                : new URLSearchParams(this._options.searchParams).toString();
+            // eslint-disable-next-line unicorn/prevent-abbreviations
+            const searchParams = '?' + textSearchParams;
+            const url = this.request.url.replace(/(?:\?.*?)?(?=#|$)/, searchParams);
+            // To provide correct form boundary, Content-Type header should be deleted each time when new Request instantiated from another one
+            if (((supportsFormData && this._options.body instanceof globalThis.FormData)
+                || this._options.body instanceof URLSearchParams) && !(this._options.headers && this._options.headers['content-type'])) {
+                this.request.headers.delete('content-type');
+            }
+            // The spread of `this.request` is required as otherwise it misses the `duplex` option for some reason and throws.
+            this.request = new globalThis.Request(new globalThis.Request(url, { ...this.request }), this._options);
+        }
+        if (this._options.json !== undefined) {
+            this._options.body = JSON.stringify(this._options.json);
+            this.request.headers.set('content-type', this._options.headers.get('content-type') ?? 'application/json');
+            this.request = new globalThis.Request(this.request, { body: this._options.body });
         }
-        this.popup.on(event, handler);
-    };
-    return PopupHandler;
-}());
-function resizeIframe(event) {
-    var iframeEl = document.querySelector("#".concat(IFRAME_ID));
-    if (iframeEl && event.data.height) {
-        iframeEl.style.height = event.data.height + "px";
     }
-}
-/******************************************************************************
-Copyright (c) Microsoft Corporation.
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted.
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-***************************************************************************** */
-function __rest(s, e) {
-    var t = {};
-    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
-        t[p] = s[p];
-    if (s != null && typeof Object.getOwnPropertySymbols === "function")
-        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
-            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
-                t[p[i]] = s[p[i]];
-        }
-    return t;
-}
-function __awaiter(thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-}
-function __generator(thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-}
-/* [@simplewebauthn/browser@8.2.1] */
-function utf8StringToBuffer(value) {
-    return new TextEncoder().encode(value);
-}
-function bufferToBase64URLString(buffer) {
-    const bytes = new Uint8Array(buffer);
-    let str = '';
-    for (const charCode of bytes) {
-        str += String.fromCharCode(charCode);
-    }
-    const base64String = btoa(str);
-    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-function base64URLStringToBuffer(base64URLString) {
-    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
-    const padLength = (4 - (base64.length % 4)) % 4;
-    const padded = base64.padEnd(base64.length + padLength, '=');
-    const binary = atob(padded);
-    const buffer = new ArrayBuffer(binary.length);
-    const bytes = new Uint8Array(buffer);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return buffer;
-}
-function browserSupportsWebAuthn() {
-    return (window?.PublicKeyCredential !== undefined &&
-        typeof window.PublicKeyCredential === 'function');
-}
-function toPublicKeyCredentialDescriptor(descriptor) {
-    const { id } = descriptor;
-    return {
-        ...descriptor,
-        id: base64URLStringToBuffer(id),
-        transports: descriptor.transports,
-    };
-}
-function isValidDomain(hostname) {
-    return (hostname === 'localhost' ||
-        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
-}
-class WebAuthnError extends Error {
-    constructor({ message, code, cause, name, }) {
-        super(message, { cause });
-        this.name = name ?? cause.name;
-        this.code = code;
-    }
-}
-function identifyRegistrationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Registration ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
+    _calculateRetryDelay(error) {
+        this._retryCount++;
+        if (this._retryCount < this._options.retry.limit && !(error instanceof TimeoutError)) {
+            if (error instanceof HTTPError) {
+                if (!this._options.retry.statusCodes.includes(error.response.status)) {
+                    return 0;
+                }
+                const retryAfter = error.response.headers.get('Retry-After');
+                if (retryAfter && this._options.retry.afterStatusCodes.includes(error.response.status)) {
+                    let after = Number(retryAfter);
+                    if (Number.isNaN(after)) {
+                        after = Date.parse(retryAfter) - Date.now();
+                    }
+                    else {
+                        after *= 1000;
+                    }
+                    if (typeof this._options.retry.maxRetryAfter !== 'undefined' && after > this._options.retry.maxRetryAfter) {
+                        return 0;
+                    }
+                    return after;
+                }
+                if (error.response.status === 413) {
+                    return 0;
+                }
+            }
+            const BACKOFF_FACTOR = 0.3;
+            return Math.min(this._options.retry.backoffLimit, BACKOFF_FACTOR * (2 ** (this._retryCount - 1)) * 1000);
         }
+        return 0;
     }
-    else if (error.name === 'ConstraintError') {
-        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
-            return new WebAuthnError({
-                message: 'Discoverable credentials were required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
-                cause: error,
-            });
-        }
-        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
-            return new WebAuthnError({
-                message: 'User verification was required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
-                cause: error,
-            });
+    _decorateResponse(response) {
+        if (this._options.parseJson) {
+            response.json = async () => this._options.parseJson(await response.text());
         }
+        return response;
     }
-    else if (error.name === 'InvalidStateError') {
-        return new WebAuthnError({
-            message: 'The authenticator was previously registered',
-            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotSupportedError') {
-        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
-        if (validPubKeyCredParams.length === 0) {
-            return new WebAuthnError({
-                message: 'No entry in pubKeyCredParams was of type "public-key"',
-                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
-                cause: error,
-            });
+    async _retry(fn) {
+        try {
+            return await fn();
+            // eslint-disable-next-line @typescript-eslint/no-implicit-any-catch
+        }
+        catch (error) {
+            const ms = Math.min(this._calculateRetryDelay(error), maxSafeTimeout);
+            if (ms !== 0 && this._retryCount > 0) {
+                await delay(ms, { signal: this._options.signal });
+                for (const hook of this._options.hooks.beforeRetry) {
+                    // eslint-disable-next-line no-await-in-loop
+                    const hookResult = await hook({
+                        request: this.request,
+                        options: this._options,
+                        error: error,
+                        retryCount: this._retryCount,
+                    });
+                    // If `stop` is returned from the hook, the retry process is stopped
+                    if (hookResult === stop) {
+                        return;
+                    }
+                }
+                return this._retry(fn);
+            }
+            throw error;
         }
-        return new WebAuthnError({
-            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
-            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
-            cause: error,
-        });
     }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
+    async _fetch() {
+        for (const hook of this._options.hooks.beforeRequest) {
+            // eslint-disable-next-line no-await-in-loop
+            const result = await hook(this.request, this._options);
+            if (result instanceof Request) {
+                this.request = result;
+                break;
+            }
+            if (result instanceof Response) {
+                return result;
+            }
         }
-        else if (publicKey.rp.id !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
-            });
+        if (this._options.timeout === false) {
+            return this._options.fetch(this.request.clone());
         }
+        return timeout(this.request.clone(), this.abortController, this._options);
     }
-    else if (error.name === 'TypeError') {
-        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
-            return new WebAuthnError({
-                message: 'User ID was not between 1 and 64 characters',
-                code: 'ERROR_INVALID_USER_ID_LENGTH',
-                cause: error,
+    /* istanbul ignore next */
+    _stream(response, onDownloadProgress) {
+        const totalBytes = Number(response.headers.get('content-length')) || 0;
+        let transferredBytes = 0;
+        if (response.status === 204) {
+            if (onDownloadProgress) {
+                onDownloadProgress({ percent: 1, totalBytes, transferredBytes }, new Uint8Array());
+            }
+            return new globalThis.Response(null, {
+                status: response.status,
+                statusText: response.statusText,
+                headers: response.headers,
             });
         }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
+        return new globalThis.Response(new globalThis.ReadableStream({
+            async start(controller) {
+                const reader = response.body.getReader();
+                if (onDownloadProgress) {
+                    onDownloadProgress({ percent: 0, transferredBytes: 0, totalBytes }, new Uint8Array());
+                }
+                async function read() {
+                    const { done, value } = await reader.read();
+                    if (done) {
+                        controller.close();
+                        return;
+                    }
+                    if (onDownloadProgress) {
+                        transferredBytes += value.byteLength;
+                        const percent = totalBytes === 0 ? 0 : transferredBytes / totalBytes;
+                        onDownloadProgress({ percent, transferredBytes, totalBytes }, value);
+                    }
+                    controller.enqueue(value);
+                    await read();
+                }
+                await read();
+            },
+        }), {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
         });
     }
-    return error;
-}
-class WebAuthnAbortService {
-    createNewAbortSignal() {
-        if (this.controller) {
-            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
-            abortError.name = 'AbortError';
-            this.controller.abort(abortError);
-        }
-        const newController = new AbortController();
-        this.controller = newController;
-        return newController.signal;
-    }
-}
-const webauthnAbortService = new WebAuthnAbortService();
-const attachments = ['cross-platform', 'platform'];
-function toAuthenticatorAttachment(attachment) {
-    if (!attachment) {
-        return;
-    }
-    if (attachments.indexOf(attachment) < 0) {
-        return;
-    }
-    return attachment;
-}
-async function startRegistration(creationOptionsJSON) {
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    const publicKey = {
-        ...creationOptionsJSON,
-        challenge: base64URLStringToBuffer(creationOptionsJSON.challenge),
-        user: {
-            ...creationOptionsJSON.user,
-            id: utf8StringToBuffer(creationOptionsJSON.user.id),
-        },
-        excludeCredentials: creationOptionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
-    };
-    const options = { publicKey };
-    options.signal = webauthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.create(options));
-    }
-    catch (err) {
-        throw identifyRegistrationError({ error: err, options });
-    }
-    if (!credential) {
-        throw new Error('Registration was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let transports = undefined;
-    if (typeof response.getTransports === 'function') {
-        transports = response.getTransports();
-    }
-    let responsePublicKeyAlgorithm = undefined;
-    if (typeof response.getPublicKeyAlgorithm === 'function') {
-        try {
-            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
-        }
-    }
-    let responsePublicKey = undefined;
-    if (typeof response.getPublicKey === 'function') {
-        try {
-            const _publicKey = response.getPublicKey();
-            if (_publicKey !== null) {
-                responsePublicKey = bufferToBase64URLString(_publicKey);
-            }
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKey()', error);
-        }
-    }
-    let responseAuthenticatorData;
-    if (typeof response.getAuthenticatorData === 'function') {
-        try {
-            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getAuthenticatorData()', error);
-        }
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            attestationObject: bufferToBase64URLString(response.attestationObject),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            transports,
-            publicKeyAlgorithm: responsePublicKeyAlgorithm,
-            publicKey: responsePublicKey,
-            authenticatorData: responseAuthenticatorData,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-function warnOnBrokenImplementation(methodName, cause) {
-    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
-}
-function bufferToUTF8String(value) {
-    return new TextDecoder('utf-8').decode(value);
 }
-function browserSupportsWebAuthnAutofill() {
-    const globalPublicKeyCredential = window
-        .PublicKeyCredential;
-    if (globalPublicKeyCredential.isConditionalMediationAvailable === undefined) {
-        return new Promise((resolve) => resolve(false));
+/*! MIT License © Sindre Sorhus */
+const createInstance = (defaults) => {
+    // eslint-disable-next-line @typescript-eslint/promise-function-async
+    const ky = (input, options) => Ky.create(input, validateAndMerge(defaults, options));
+    for (const method of requestMethods) {
+        // eslint-disable-next-line @typescript-eslint/promise-function-async
+        ky[method] = (input, options) => Ky.create(input, validateAndMerge(defaults, options, { method }));
     }
-    return globalPublicKeyCredential.isConditionalMediationAvailable();
-}
+    ky.create = (newDefaults) => createInstance(validateAndMerge(newDefaults));
+    ky.extend = (newDefaults) => createInstance(validateAndMerge(defaults, newDefaults));
+    ky.stop = stop;
+    return ky;
+};
+const ky = createInstance();
+var ky$1 = ky;
-function identifyAuthenticationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Authentication ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
+var PasskeyApiClient = /** @class */ (function () {
+    function PasskeyApiClient(_a) {
+        var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
+        this.tenantId = tenantId;
+        this.api = ky$1.create({
+            prefixUrl: baseUrl
         });
     }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
-        }
-        else if (publicKey.rpId !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
+    PasskeyApiClient.prototype.registrationOptions = function (_a) {
+        var token = _a.token, userName = _a.userName;
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey/registration-options", {
+                            json: { username: userName },
+                            headers: this.buildHeaders(token)
+                        })];
+                    case 1:
+                        response = _b.sent();
+                        return [2 /*return*/, response.json()];
+                }
             });
-        }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
         });
-    }
-    return error;
-}
-async function startAuthentication(requestOptionsJSON, useBrowserAutofill = false) {
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    let allowCredentials;
-    if (requestOptionsJSON.allowCredentials?.length !== 0) {
-        allowCredentials = requestOptionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
-    }
-    const publicKey = {
-        ...requestOptionsJSON,
-        challenge: base64URLStringToBuffer(requestOptionsJSON.challenge),
-        allowCredentials,
     };
-    const options = {};
-    if (useBrowserAutofill) {
-        if (!(await browserSupportsWebAuthnAutofill())) {
-            throw Error('Browser does not support WebAuthn autofill');
-        }
-        const eligibleInputs = document.querySelectorAll('input[autocomplete*=\'webauthn\']');
-        if (eligibleInputs.length < 1) {
-            throw Error('No <input> with `"webauthn"` in its `autocomplete` attribute was detected');
-        }
-        options.mediation = 'conditional';
-        publicKey.allowCredentials = [];
-    }
-    options.publicKey = publicKey;
-    options.signal = webauthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.get(options));
-    }
-    catch (err) {
-        throw identifyAuthenticationError({ error: err, options });
-    }
-    if (!credential) {
-        throw new Error('Authentication was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let userHandle = undefined;
-    if (response.userHandle) {
-        userHandle = bufferToUTF8String(response.userHandle);
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            authenticatorData: bufferToBase64URLString(response.authenticatorData),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            signature: bufferToBase64URLString(response.signature),
-            userHandle,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-// eslint-lint-disable-next-line @typescript-eslint/naming-convention
-class HTTPError extends Error {
-    constructor(response, request, options) {
-        const code = (response.status || response.status === 0) ? response.status : '';
-        const title = response.statusText || '';
-        const status = `${code} ${title}`.trim();
-        const reason = status ? `status code ${status}` : 'an unknown error';
-        super(`Request failed with ${reason}`);
-        Object.defineProperty(this, "response", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
+    PasskeyApiClient.prototype.authenticationOptions = function (_a) {
+        var token = _a.token;
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey/authentication-options", {
+                            json: {},
+                            headers: this.buildHeaders(token)
+                        })];
+                    case 1:
+                        response = _b.sent();
+                        return [2 /*return*/, response.json()];
+                }
+            });
         });
-        Object.defineProperty(this, "request", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
+    };
+    PasskeyApiClient.prototype.addAuthenticator = function (_a) {
+        var token = _a.token, rest = __rest(_a, ["token"]);
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey", {
+                            json: rest,
+                            headers: this.buildHeaders(token)
+                        })];
+                    case 1:
+                        response = _b.sent();
+                        return [2 /*return*/, response.json()];
+                }
+            });
         });
-        Object.defineProperty(this, "options", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
+    };
+    PasskeyApiClient.prototype.verify = function (_a) {
+        var token = _a.token, rest = __rest(_a, ["token"]);
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.api.post("client/verify/passkey", {
+                            json: rest,
+                            headers: this.buildHeaders(token)
+                        })];
+                    case 1:
+                        response = _b.sent();
+                        return [2 /*return*/, response.json()];
+                }
+            });
         });
-        this.name = 'HTTPError';
-        this.response = response;
-        this.request = request;
-        this.options = options;
-    }
-}
+    };
+    PasskeyApiClient.prototype.buildHeaders = function (token) {
+        var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
+        return {
+            Authorization: authorizationHeader
+        };
+    };
+    return PasskeyApiClient;
+}());
-class TimeoutError extends Error {
-    constructor(request) {
-        super('Request timed out');
-        Object.defineProperty(this, "request", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        this.name = 'TimeoutError';
-        this.request = request;
+var Passkey = /** @class */ (function () {
+    function Passkey(_a) {
+        var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
+        this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId });
     }
-}
-// eslint-disable-next-line @typescript-eslint/ban-types
-const isObject = (value) => value !== null && typeof value === 'object';
+    Passkey.prototype.signUp = function (_a) {
+        var userName = _a.userName, token = _a.token;
+        return __awaiter(this, void 0, void 0, function () {
+            var optionsResponse, registrationResponse, addAuthenticatorResponse;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.api.registrationOptions({ userName: userName, token: token })];
+                    case 1:
+                        optionsResponse = _b.sent();
+                        return [4 /*yield*/, startRegistration(optionsResponse.options)];
+                    case 2:
+                        registrationResponse = _b.sent();
+                        return [4 /*yield*/, this.api.addAuthenticator({
+                                challengeId: optionsResponse.challengeId,
+                                registrationCredential: registrationResponse,
+                                token: token
+                            })];
+                    case 3:
+                        addAuthenticatorResponse = _b.sent();
+                        return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
+                }
+            });
+        });
+    };
+    Passkey.prototype.signIn = function (params) {
+        return __awaiter(this, void 0, void 0, function () {
+            var optionsResponse, authenticationResponse, verifyResponse;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
+                            throw new Error("Autofill is not supported when providing a token");
+                        }
+                        return [4 /*yield*/, this.api.authenticationOptions({ token: params === null || params === void 0 ? void 0 : params.token })];
+                    case 1:
+                        optionsResponse = _a.sent();
+                        return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
+                    case 2:
+                        authenticationResponse = _a.sent();
+                        return [4 /*yield*/, this.api.verify({
+                                challengeId: optionsResponse.challengeId,
+                                authenticationCredential: authenticationResponse,
+                                token: params === null || params === void 0 ? void 0 : params.token
+                            })];
+                    case 3:
+                        verifyResponse = _a.sent();
+                        return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
+                }
+            });
+        });
+    };
+    return Passkey;
+}());
-const validateAndMerge = (...sources) => {
-    for (const source of sources) {
-        if ((!isObject(source) || Array.isArray(source)) && typeof source !== 'undefined') {
-            throw new TypeError('The `options` argument must be an object');
-        }
+var DEFAULT_WIDTH$1 = 400;
+var DEFAULT_HEIGHT = 500;
+var WindowHandler = /** @class */ (function () {
+    function WindowHandler() {
+        this.windowRef = null;
     }
-    return deepMerge({}, ...sources);
-};
-const mergeHeaders = (source1 = {}, source2 = {}) => {
-    const result = new globalThis.Headers(source1);
-    const isHeadersInstance = source2 instanceof globalThis.Headers;
-    const source = new globalThis.Headers(source2);
-    for (const [key, value] of source.entries()) {
-        if ((isHeadersInstance && value === 'undefined') || value === undefined) {
-            result.delete(key);
+    WindowHandler.prototype.show = function (_a) {
+        var url = _a.url, _b = _a.width, width = _b === void 0 ? DEFAULT_WIDTH$1 : _b, _c = _a.height, height = _c === void 0 ? DEFAULT_HEIGHT : _c;
+        var windowRef = openWindow({ url: url, width: width, height: height, win: window });
+        if (!windowRef) {
+            throw new Error("Window is not initialized");
         }
-        else {
-            result.set(key, value);
+        this.windowRef = windowRef;
+        return windowRef;
+    };
+    WindowHandler.prototype.close = function () {
+        if (!this.windowRef) {
+            throw new Error("Window is not initialized");
         }
+        this.windowRef.close();
+    };
+    return WindowHandler;
+}());
+function openWindow(_a) {
+    var url = _a.url, width = _a.width, height = _a.height, win = _a.win;
+    if (!win.top) {
+        return null;
     }
-    return result;
-};
-// TODO: Make this strongly-typed (no `any`).
-const deepMerge = (...sources) => {
-    let returnValue = {};
-    let headers = {};
-    for (const source of sources) {
-        if (Array.isArray(source)) {
-            if (!Array.isArray(returnValue)) {
-                returnValue = [];
-            }
-            returnValue = [...returnValue, ...source];
-        }
-        else if (isObject(source)) {
-            for (let [key, value] of Object.entries(source)) {
-                if (isObject(value) && key in returnValue) {
-                    value = deepMerge(returnValue[key], value);
-                }
-                returnValue = { ...returnValue, [key]: value };
-            }
-            if (isObject(source.headers)) {
-                headers = mergeHeaders(headers, source.headers);
-                returnValue.headers = headers;
-            }
-        }
-    }
-    return returnValue;
-};
+    var y = win.top.outerHeight / 2 + win.top.screenY - height / 2;
+    var x = win.top.outerWidth / 2 + win.top.screenX - width / 2;
+    return window.open(url, "", "toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(width, ", height=").concat(height, ", top=").concat(y, ", left=").concat(x));
+}
-const supportsRequestStreams = (() => {
-    let duplexAccessed = false;
-    let hasContentType = false;
-    const supportsReadableStream = typeof globalThis.ReadableStream === 'function';
-    const supportsRequest = typeof globalThis.Request === 'function';
-    if (supportsReadableStream && supportsRequest) {
-        hasContentType = new globalThis.Request('https://a.com', {
-            body: new globalThis.ReadableStream(),
-            method: 'POST',
-            // @ts-expect-error - Types are outdated.
-            get duplex() {
-                duplexAccessed = true;
-                return 'half';
-            },
-        }).headers.has('Content-Type');
-    }
-    return duplexAccessed && !hasContentType;
-})();
-const supportsAbortController = typeof globalThis.AbortController === 'function';
-const supportsResponseStreams = typeof globalThis.ReadableStream === 'function';
-const supportsFormData = typeof globalThis.FormData === 'function';
-const requestMethods = ['get', 'post', 'put', 'patch', 'head', 'delete'];
-const responseTypes = {
-    json: 'application/json',
-    text: 'text/*',
-    formData: 'multipart/form-data',
-    arrayBuffer: '*/*',
-    blob: '*/*',
-};
-// The maximum value of a 32bit int (see issue #117)
-const maxSafeTimeout = 2147483647;
-const stop = Symbol('stop');
+var focusableSelectors = [
+  'a[href]:not([tabindex^="-"])',
+  'area[href]:not([tabindex^="-"])',
+  'input:not([type="hidden"]):not([type="radio"]):not([disabled]):not([tabindex^="-"])',
+  'input[type="radio"]:not([disabled]):not([tabindex^="-"])',
+  'select:not([disabled]):not([tabindex^="-"])',
+  'textarea:not([disabled]):not([tabindex^="-"])',
+  'button:not([disabled]):not([tabindex^="-"])',
+  'iframe:not([tabindex^="-"])',
+  'audio[controls]:not([tabindex^="-"])',
+  'video[controls]:not([tabindex^="-"])',
+  '[contenteditable]:not([tabindex^="-"])',
+  '[tabindex]:not([tabindex^="-"])',
+];
-const normalizeRequestMethod = (input) => requestMethods.includes(input) ? input.toUpperCase() : input;
-const retryMethods = ['get', 'put', 'head', 'delete', 'options', 'trace'];
-const retryStatusCodes = [408, 413, 429, 500, 502, 503, 504];
-const retryAfterStatusCodes = [413, 429, 503];
-const defaultRetryOptions = {
-    limit: 2,
-    methods: retryMethods,
-    statusCodes: retryStatusCodes,
-    afterStatusCodes: retryAfterStatusCodes,
-    maxRetryAfter: Number.POSITIVE_INFINITY,
-    backoffLimit: Number.POSITIVE_INFINITY,
-};
-const normalizeRetryOptions = (retry = {}) => {
-    if (typeof retry === 'number') {
-        return {
-            ...defaultRetryOptions,
-            limit: retry,
-        };
-    }
-    if (retry.methods && !Array.isArray(retry.methods)) {
-        throw new Error('retry.methods must be an array');
-    }
-    if (retry.statusCodes && !Array.isArray(retry.statusCodes)) {
-        throw new Error('retry.statusCodes must be an array');
-    }
-    return {
-        ...defaultRetryOptions,
-        ...retry,
-        afterStatusCodes: retryAfterStatusCodes,
-    };
-};
+var TAB_KEY = 'Tab';
+var ESCAPE_KEY = 'Escape';
-// `Promise.race()` workaround (#91)
-async function timeout(request, abortController, options) {
-    return new Promise((resolve, reject) => {
-        const timeoutId = setTimeout(() => {
-            if (abortController) {
-                abortController.abort();
-            }
-            reject(new TimeoutError(request));
-        }, options.timeout);
-        void options
-            .fetch(request)
-            .then(resolve)
-            .catch(reject)
-            .then(() => {
-            clearTimeout(timeoutId);
-        });
-    });
-}
+/**
+ * Define the constructor to instantiate a dialog
+ *
+ * @constructor
+ * @param {Element} element
+ */
+function A11yDialog(element) {
+  // Prebind the functions that will be bound in addEventListener and
+  // removeEventListener to avoid losing references
+  this._show = this.show.bind(this);
+  this._hide = this.hide.bind(this);
+  this._maintainFocus = this._maintainFocus.bind(this);
+  this._bindKeypress = this._bindKeypress.bind(this);
-// DOMException is supported on most modern browsers and Node.js 18+.
-// @see https://developer.mozilla.org/en-US/docs/Web/API/DOMException#browser_compatibility
-const isDomExceptionSupported = Boolean(globalThis.DOMException);
-// TODO: When targeting Node.js 18, use `signal.throwIfAborted()` (https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal/throwIfAborted)
-function composeAbortError(signal) {
-    /*
-    NOTE: Use DomException with AbortError name as specified in MDN docs (https://developer.mozilla.org/en-US/docs/Web/API/AbortController/abort)
-    > When abort() is called, the fetch() promise rejects with an Error of type DOMException, with name AbortError.
-    */
-    if (isDomExceptionSupported) {
-        return new DOMException(signal?.reason ?? 'The operation was aborted.', 'AbortError');
-    }
-    // DOMException not supported. Fall back to use of error and override name.
-    const error = new Error(signal?.reason ?? 'The operation was aborted.');
-    error.name = 'AbortError';
-    return error;
-}
+  this.$el = element;
+  this.shown = false;
+  this._id = this.$el.getAttribute('data-a11y-dialog') || this.$el.id;
+  this._previouslyFocused = null;
+  this._listeners = {};
-// https://github.com/sindresorhus/delay/tree/ab98ae8dfcb38e1593286c94d934e70d14a4e111
-async function delay(ms, { signal }) {
-    return new Promise((resolve, reject) => {
-        if (signal) {
-            if (signal.aborted) {
-                reject(composeAbortError(signal));
-                return;
-            }
-            signal.addEventListener('abort', handleAbort, { once: true });
-        }
-        function handleAbort() {
-            reject(composeAbortError(signal));
-            clearTimeout(timeoutId);
-        }
-        const timeoutId = setTimeout(() => {
-            signal?.removeEventListener('abort', handleAbort);
-            resolve();
-        }, ms);
-    });
+  // Initialise everything needed for the dialog to work properly
+  this.create();
 }
-class Ky {
-    // eslint-disable-next-line @typescript-eslint/promise-function-async
-    static create(input, options) {
-        const ky = new Ky(input, options);
-        const fn = async () => {
-            if (ky._options.timeout > maxSafeTimeout) {
-                throw new RangeError(`The \`timeout\` option cannot be greater than ${maxSafeTimeout}`);
-            }
-            // Delay the fetch so that body method shortcuts can set the Accept header
-            await Promise.resolve();
-            let response = await ky._fetch();
-            for (const hook of ky._options.hooks.afterResponse) {
-                // eslint-disable-next-line no-await-in-loop
-                const modifiedResponse = await hook(ky.request, ky._options, ky._decorateResponse(response.clone()));
-                if (modifiedResponse instanceof globalThis.Response) {
-                    response = modifiedResponse;
-                }
-            }
-            ky._decorateResponse(response);
-            if (!response.ok && ky._options.throwHttpErrors) {
-                let error = new HTTPError(response, ky.request, ky._options);
-                for (const hook of ky._options.hooks.beforeError) {
-                    // eslint-disable-next-line no-await-in-loop
-                    error = await hook(error);
-                }
-                throw error;
-            }
-            // If `onDownloadProgress` is passed, it uses the stream API internally
-            /* istanbul ignore next */
-            if (ky._options.onDownloadProgress) {
-                if (typeof ky._options.onDownloadProgress !== 'function') {
-                    throw new TypeError('The `onDownloadProgress` option must be a function');
-                }
-                if (!supportsResponseStreams) {
-                    throw new Error('Streams are not supported in your environment. `ReadableStream` is missing.');
-                }
-                return ky._stream(response.clone(), ky._options.onDownloadProgress);
-            }
-            return response;
-        };
-        const isRetriableMethod = ky._options.retry.methods.includes(ky.request.method.toLowerCase());
-        const result = (isRetriableMethod ? ky._retry(fn) : fn());
-        for (const [type, mimeType] of Object.entries(responseTypes)) {
-            result[type] = async () => {
-                // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
-                ky.request.headers.set('accept', ky.request.headers.get('accept') || mimeType);
-                const awaitedResult = await result;
-                const response = awaitedResult.clone();
-                if (type === 'json') {
-                    if (response.status === 204) {
-                        return '';
-                    }
-                    const arrayBuffer = await response.clone().arrayBuffer();
-                    const responseSize = arrayBuffer.byteLength;
-                    if (responseSize === 0) {
-                        return '';
-                    }
-                    if (options.parseJson) {
-                        return options.parseJson(await response.text());
-                    }
-                }
-                return response[type]();
-            };
-        }
-        return result;
-    }
-    // eslint-disable-next-line complexity
-    constructor(input, options = {}) {
-        Object.defineProperty(this, "request", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        Object.defineProperty(this, "abortController", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        Object.defineProperty(this, "_retryCount", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: 0
-        });
-        Object.defineProperty(this, "_input", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        Object.defineProperty(this, "_options", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        this._input = input;
-        this._options = {
-            // TODO: credentials can be removed when the spec change is implemented in all browsers. Context: https://www.chromestatus.com/feature/4539473312350208
-            credentials: this._input.credentials || 'same-origin',
-            ...options,
-            headers: mergeHeaders(this._input.headers, options.headers),
-            hooks: deepMerge({
-                beforeRequest: [],
-                beforeRetry: [],
-                beforeError: [],
-                afterResponse: [],
-            }, options.hooks),
-            method: normalizeRequestMethod(options.method ?? this._input.method),
-            // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
-            prefixUrl: String(options.prefixUrl || ''),
-            retry: normalizeRetryOptions(options.retry),
-            throwHttpErrors: options.throwHttpErrors !== false,
-            timeout: typeof options.timeout === 'undefined' ? 10000 : options.timeout,
-            fetch: options.fetch ?? globalThis.fetch.bind(globalThis),
-        };
-        if (typeof this._input !== 'string' && !(this._input instanceof URL || this._input instanceof globalThis.Request)) {
-            throw new TypeError('`input` must be a string, URL, or Request');
-        }
-        if (this._options.prefixUrl && typeof this._input === 'string') {
-            if (this._input.startsWith('/')) {
-                throw new Error('`input` must not begin with a slash when using `prefixUrl`');
-            }
-            if (!this._options.prefixUrl.endsWith('/')) {
-                this._options.prefixUrl += '/';
-            }
-            this._input = this._options.prefixUrl + this._input;
-        }
-        if (supportsAbortController) {
-            this.abortController = new globalThis.AbortController();
-            if (this._options.signal) {
-                const originalSignal = this._options.signal;
-                this._options.signal.addEventListener('abort', () => {
-                    this.abortController.abort(originalSignal.reason);
-                });
-            }
-            this._options.signal = this.abortController.signal;
-        }
-        if (supportsRequestStreams) {
-            // @ts-expect-error - Types are outdated.
-            this._options.duplex = 'half';
-        }
-        this.request = new globalThis.Request(this._input, this._options);
-        if (this._options.searchParams) {
-            // eslint-disable-next-line unicorn/prevent-abbreviations
-            const textSearchParams = typeof this._options.searchParams === 'string'
-                ? this._options.searchParams.replace(/^\?/, '')
-                : new URLSearchParams(this._options.searchParams).toString();
-            // eslint-disable-next-line unicorn/prevent-abbreviations
-            const searchParams = '?' + textSearchParams;
-            const url = this.request.url.replace(/(?:\?.*?)?(?=#|$)/, searchParams);
-            // To provide correct form boundary, Content-Type header should be deleted each time when new Request instantiated from another one
-            if (((supportsFormData && this._options.body instanceof globalThis.FormData)
-                || this._options.body instanceof URLSearchParams) && !(this._options.headers && this._options.headers['content-type'])) {
-                this.request.headers.delete('content-type');
-            }
-            // The spread of `this.request` is required as otherwise it misses the `duplex` option for some reason and throws.
-            this.request = new globalThis.Request(new globalThis.Request(url, { ...this.request }), this._options);
-        }
-        if (this._options.json !== undefined) {
-            this._options.body = JSON.stringify(this._options.json);
-            this.request.headers.set('content-type', this._options.headers.get('content-type') ?? 'application/json');
-            this.request = new globalThis.Request(this.request, { body: this._options.body });
-        }
-    }
-    _calculateRetryDelay(error) {
-        this._retryCount++;
-        if (this._retryCount < this._options.retry.limit && !(error instanceof TimeoutError)) {
-            if (error instanceof HTTPError) {
-                if (!this._options.retry.statusCodes.includes(error.response.status)) {
-                    return 0;
-                }
-                const retryAfter = error.response.headers.get('Retry-After');
-                if (retryAfter && this._options.retry.afterStatusCodes.includes(error.response.status)) {
-                    let after = Number(retryAfter);
-                    if (Number.isNaN(after)) {
-                        after = Date.parse(retryAfter) - Date.now();
-                    }
-                    else {
-                        after *= 1000;
-                    }
-                    if (typeof this._options.retry.maxRetryAfter !== 'undefined' && after > this._options.retry.maxRetryAfter) {
-                        return 0;
-                    }
-                    return after;
-                }
-                if (error.response.status === 413) {
-                    return 0;
-                }
-            }
-            const BACKOFF_FACTOR = 0.3;
-            return Math.min(this._options.retry.backoffLimit, BACKOFF_FACTOR * (2 ** (this._retryCount - 1)) * 1000);
-        }
-        return 0;
-    }
-    _decorateResponse(response) {
-        if (this._options.parseJson) {
-            response.json = async () => this._options.parseJson(await response.text());
-        }
-        return response;
-    }
-    async _retry(fn) {
-        try {
-            return await fn();
-            // eslint-disable-next-line @typescript-eslint/no-implicit-any-catch
-        }
-        catch (error) {
-            const ms = Math.min(this._calculateRetryDelay(error), maxSafeTimeout);
-            if (ms !== 0 && this._retryCount > 0) {
-                await delay(ms, { signal: this._options.signal });
-                for (const hook of this._options.hooks.beforeRetry) {
-                    // eslint-disable-next-line no-await-in-loop
-                    const hookResult = await hook({
-                        request: this.request,
-                        options: this._options,
-                        error: error,
-                        retryCount: this._retryCount,
-                    });
-                    // If `stop` is returned from the hook, the retry process is stopped
-                    if (hookResult === stop) {
-                        return;
-                    }
-                }
-                return this._retry(fn);
-            }
-            throw error;
-        }
-    }
-    async _fetch() {
-        for (const hook of this._options.hooks.beforeRequest) {
-            // eslint-disable-next-line no-await-in-loop
-            const result = await hook(this.request, this._options);
-            if (result instanceof Request) {
-                this.request = result;
-                break;
-            }
-            if (result instanceof Response) {
-                return result;
-            }
-        }
-        if (this._options.timeout === false) {
-            return this._options.fetch(this.request.clone());
-        }
-        return timeout(this.request.clone(), this.abortController, this._options);
-    }
-    /* istanbul ignore next */
-    _stream(response, onDownloadProgress) {
-        const totalBytes = Number(response.headers.get('content-length')) || 0;
-        let transferredBytes = 0;
-        if (response.status === 204) {
-            if (onDownloadProgress) {
-                onDownloadProgress({ percent: 1, totalBytes, transferredBytes }, new Uint8Array());
-            }
-            return new globalThis.Response(null, {
-                status: response.status,
-                statusText: response.statusText,
-                headers: response.headers,
-            });
-        }
-        return new globalThis.Response(new globalThis.ReadableStream({
-            async start(controller) {
-                const reader = response.body.getReader();
-                if (onDownloadProgress) {
-                    onDownloadProgress({ percent: 0, transferredBytes: 0, totalBytes }, new Uint8Array());
-                }
-                async function read() {
-                    const { done, value } = await reader.read();
-                    if (done) {
-                        controller.close();
-                        return;
-                    }
-                    if (onDownloadProgress) {
-                        transferredBytes += value.byteLength;
-                        const percent = totalBytes === 0 ? 0 : transferredBytes / totalBytes;
-                        onDownloadProgress({ percent, transferredBytes, totalBytes }, value);
-                    }
-                    controller.enqueue(value);
-                    await read();
-                }
-                await read();
-            },
-        }), {
-            status: response.status,
-            statusText: response.statusText,
-            headers: response.headers,
-        });
-    }
+/**
+ * Set up everything necessary for the dialog to be functioning
+ *
+ * @param {(NodeList | Element | string)} targets
+ * @return {this}
+ */
+A11yDialog.prototype.create = function () {
+  this.$el.setAttribute('aria-hidden', true);
+  this.$el.setAttribute('aria-modal', true);
+  this.$el.setAttribute('tabindex', -1);
+  if (!this.$el.hasAttribute('role')) {
+    this.$el.setAttribute('role', 'dialog');
+  }
+  // Keep a collection of dialog openers, each of which will be bound a click
+  // event listener to open the dialog
+  this._openers = $$('[data-a11y-dialog-show="' + this._id + '"]');
+  this._openers.forEach(
+    function (opener) {
+      opener.addEventListener('click', this._show);
+    }.bind(this)
+  );
+  // Keep a collection of dialog closers, each of which will be bound a click
+  // event listener to close the dialog
+  const $el = this.$el;
+  this._closers = $$('[data-a11y-dialog-hide]', this.$el)
+    // This filter is necessary in case there are nested dialogs, so that
+    // only closers from the current dialog are retrieved and effective
+    .filter(function (closer) {
+      // Testing for `[aria-modal="true"]` is not enough since this attribute
+      // and the collect of closers is done at instantation time, when nested
+      // dialogs might not have yet been instantiated. Note that if the dialogs
+      // are manually instantiated, this could still fail because none of these
+      // selectors would match; this would cause closers to close all parent
+      // dialogs instead of just the current one
+      return closer.closest('[aria-modal="true"], [data-a11y-dialog]') === $el
+    })
+    .concat($$('[data-a11y-dialog-hide="' + this._id + '"]'));
+  this._closers.forEach(
+    function (closer) {
+      closer.addEventListener('click', this._hide);
+    }.bind(this)
+  );
+  // Execute all callbacks registered for the `create` event
+  this._fire('create');
+  return this
+};
+/**
+ * Show the dialog element, disable all the targets (siblings), trap the
+ * current focus within it, listen for some specific key presses and fire all
+ * registered callbacks for `show` event
+ *
+ * @param {CustomEvent} event
+ * @return {this}
+ */
+A11yDialog.prototype.show = function (event) {
+  // If the dialog is already open, abort
+  if (this.shown) {
+    return this
+  }
+  // Keep a reference to the currently focused element to be able to restore
+  // it later
+  this._previouslyFocused = document.activeElement;
+  this.$el.removeAttribute('aria-hidden');
+  this.shown = true;
+  // Set the focus to the dialog element
+  moveFocusToDialog(this.$el);
+  // Bind a focus event listener to the body element to make sure the focus
+  // stays trapped inside the dialog while open, and start listening for some
+  // specific key presses (TAB and ESC)
+  document.body.addEventListener('focus', this._maintainFocus, true);
+  document.addEventListener('keydown', this._bindKeypress);
+  // Execute all callbacks registered for the `show` event
+  this._fire('show', event);
+  return this
+};
+/**
+ * Hide the dialog element, enable all the targets (siblings), restore the
+ * focus to the previously active element, stop listening for some specific
+ * key presses and fire all registered callbacks for `hide` event
+ *
+ * @param {CustomEvent} event
+ * @return {this}
+ */
+A11yDialog.prototype.hide = function (event) {
+  // If the dialog is already closed, abort
+  if (!this.shown) {
+    return this
+  }
+  this.shown = false;
+  this.$el.setAttribute('aria-hidden', 'true');
+  // If there was a focused element before the dialog was opened (and it has a
+  // `focus` method), restore the focus back to it
+  // See: https://github.com/KittyGiraudel/a11y-dialog/issues/108
+  if (this._previouslyFocused && this._previouslyFocused.focus) {
+    this._previouslyFocused.focus();
+  }
+  // Remove the focus event listener to the body element and stop listening
+  // for specific key presses
+  document.body.removeEventListener('focus', this._maintainFocus, true);
+  document.removeEventListener('keydown', this._bindKeypress);
+  // Execute all callbacks registered for the `hide` event
+  this._fire('hide', event);
+  return this
+};
+/**
+ * Destroy the current instance (after making sure the dialog has been hidden)
+ * and remove all associated listeners from dialog openers and closers
+ *
+ * @return {this}
+ */
+A11yDialog.prototype.destroy = function () {
+  // Hide the dialog to avoid destroying an open instance
+  this.hide();
+  // Remove the click event listener from all dialog openers
+  this._openers.forEach(
+    function (opener) {
+      opener.removeEventListener('click', this._show);
+    }.bind(this)
+  );
+  // Remove the click event listener from all dialog closers
+  this._closers.forEach(
+    function (closer) {
+      closer.removeEventListener('click', this._hide);
+    }.bind(this)
+  );
+  // Execute all callbacks registered for the `destroy` event
+  this._fire('destroy');
+  // Keep an object of listener types mapped to callback functions
+  this._listeners = {};
+  return this
+};
+/**
+ * Register a new callback for the given event type
+ *
+ * @param {string} type
+ * @param {Function} handler
+ */
+A11yDialog.prototype.on = function (type, handler) {
+  if (typeof this._listeners[type] === 'undefined') {
+    this._listeners[type] = [];
+  }
+  this._listeners[type].push(handler);
+  return this
+};
+/**
+ * Unregister an existing callback for the given event type
+ *
+ * @param {string} type
+ * @param {Function} handler
+ */
+A11yDialog.prototype.off = function (type, handler) {
+  var index = (this._listeners[type] || []).indexOf(handler);
+  if (index > -1) {
+    this._listeners[type].splice(index, 1);
+  }
+  return this
+};
+/**
+ * Iterate over all registered handlers for given type and call them all with
+ * the dialog element as first argument, event as second argument (if any). Also
+ * dispatch a custom event on the DOM element itself to make it possible to
+ * react to the lifecycle of auto-instantiated dialogs.
+ *
+ * @access private
+ * @param {string} type
+ * @param {CustomEvent} event
+ */
+A11yDialog.prototype._fire = function (type, event) {
+  var listeners = this._listeners[type] || [];
+  var domEvent = new CustomEvent(type, { detail: event });
+  this.$el.dispatchEvent(domEvent);
+  listeners.forEach(
+    function (listener) {
+      listener(this.$el, event);
+    }.bind(this)
+  );
+};
+/**
+ * Private event handler used when listening to some specific key presses
+ * (namely ESCAPE and TAB)
+ *
+ * @access private
+ * @param {Event} event
+ */
+A11yDialog.prototype._bindKeypress = function (event) {
+  // This is an escape hatch in case there are nested dialogs, so the keypresses
+  // are only reacted to for the most recent one
+  const focused = document.activeElement;
+  if (focused && focused.closest('[aria-modal="true"]') !== this.$el) return
+  // If the dialog is shown and the ESCAPE key is being pressed, prevent any
+  // further effects from the ESCAPE key and hide the dialog, unless its role
+  // is 'alertdialog', which should be modal
+  if (
+    this.shown &&
+    event.key === ESCAPE_KEY &&
+    this.$el.getAttribute('role') !== 'alertdialog'
+  ) {
+    event.preventDefault();
+    this.hide(event);
+  }
+  // If the dialog is shown and the TAB key is being pressed, make sure the
+  // focus stays trapped within the dialog element
+  if (this.shown && event.key === TAB_KEY) {
+    trapTabKey(this.$el, event);
+  }
+};
+/**
+ * Private event handler used when making sure the focus stays within the
+ * currently open dialog
+ *
+ * @access private
+ * @param {Event} event
+ */
+A11yDialog.prototype._maintainFocus = function (event) {
+  // If the dialog is shown and the focus is not within a dialog element (either
+  // this one or another one in case of nested dialogs) or within an element
+  // with the `data-a11y-dialog-focus-trap-ignore` attribute, move it back to
+  // its first focusable child.
+  // See: https://github.com/KittyGiraudel/a11y-dialog/issues/177
+  if (
+    this.shown &&
+    !event.target.closest('[aria-modal="true"]') &&
+    !event.target.closest('[data-a11y-dialog-ignore-focus-trap]')
+  ) {
+    moveFocusToDialog(this.$el);
+  }
+};
+/**
+ * Convert a NodeList into an array
+ *
+ * @param {NodeList} collection
+ * @return {Array<Element>}
+ */
+function toArray(collection) {
+  return Array.prototype.slice.call(collection)
+}
+/**
+ * Query the DOM for nodes matching the given selector, scoped to context (or
+ * the whole document)
+ *
+ * @param {String} selector
+ * @param {Element} [context = document]
+ * @return {Array<Element>}
+ */
+function $$(selector, context) {
+  return toArray((context || document).querySelectorAll(selector))
+}
+/**
+ * Set the focus to the first element with `autofocus` with the element or the
+ * element itself
+ *
+ * @param {Element} node
+ */
+function moveFocusToDialog(node) {
+  var focused = node.querySelector('[autofocus]') || node;
+  focused.focus();
+}
+/**
+ * Get the focusable children of the given element
+ *
+ * @param {Element} node
+ * @return {Array<Element>}
+ */
+function getFocusableChildren(node) {
+  return $$(focusableSelectors.join(','), node).filter(function (child) {
+    return !!(
+      child.offsetWidth ||
+      child.offsetHeight ||
+      child.getClientRects().length
+    )
+  })
+}
+/**
+ * Trap the focus inside the given element
+ *
+ * @param {Element} node
+ * @param {Event} event
+ */
+function trapTabKey(node, event) {
+  var focusableChildren = getFocusableChildren(node);
+  var focusedItemIndex = focusableChildren.indexOf(document.activeElement);
+  // If the SHIFT key is being pressed while tabbing (moving backwards) and
+  // the currently focused item is the first one, move the focus to the last
+  // focusable item from the dialog element
+  if (event.shiftKey && focusedItemIndex === 0) {
+    focusableChildren[focusableChildren.length - 1].focus();
+    event.preventDefault();
+    // If the SHIFT key is not being pressed (moving forwards) and the currently
+    // focused item is the last one, move the focus to the first focusable item
+    // from the dialog element
+  } else if (
+    !event.shiftKey &&
+    focusedItemIndex === focusableChildren.length - 1
+  ) {
+    focusableChildren[0].focus();
+    event.preventDefault();
+  }
+}
+function instantiateDialogs() {
+  $$('[data-a11y-dialog]').forEach(function (node) {
+    new A11yDialog(node);
+  });
 }
-/*! MIT License © Sindre Sorhus */
-const createInstance = (defaults) => {
-    // eslint-disable-next-line @typescript-eslint/promise-function-async
-    const ky = (input, options) => Ky.create(input, validateAndMerge(defaults, options));
-    for (const method of requestMethods) {
-        // eslint-disable-next-line @typescript-eslint/promise-function-async
-        ky[method] = (input, options) => Ky.create(input, validateAndMerge(defaults, options, { method }));
+if (typeof document !== 'undefined') {
+  if (document.readyState === 'loading') {
+    document.addEventListener('DOMContentLoaded', instantiateDialogs);
+  } else {
+    if (window.requestAnimationFrame) {
+      window.requestAnimationFrame(instantiateDialogs);
+    } else {
+      window.setTimeout(instantiateDialogs, 16);
     }
-    ky.create = (newDefaults) => createInstance(validateAndMerge(newDefaults));
-    ky.extend = (newDefaults) => createInstance(validateAndMerge(defaults, newDefaults));
-    ky.stop = stop;
-    return ky;
-};
-const ky = createInstance();
-var ky$1 = ky;
+  }
+}
-var PasskeyApiClient = /** @class */ (function () {
-    function PasskeyApiClient(_a) {
-        var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
-        this.tenantId = tenantId;
-        this.api = ky$1.create({
-            prefixUrl: baseUrl
-        });
+var CONTAINER_ID = "__authsignal-popup-container";
+var CONTENT_ID = "__authsignal-popup-content";
+var OVERLAY_ID = "__authsignal-popup-overlay";
+var STYLE_ID = "__authsignal-popup-style";
+var IFRAME_ID = "__authsignal-popup-iframe";
+var DEFAULT_WIDTH = "385px";
+var INITIAL_HEIGHT = "384px";
+var PopupHandler = /** @class */ (function () {
+    function PopupHandler(_a) {
+        var width = _a.width;
+        this.popup = null;
+        if (document.querySelector("#".concat(CONTAINER_ID))) {
+            throw new Error("Multiple instances of Authsignal popup is not supported.");
+        }
+        this.create({ width: width });
     }
-    PasskeyApiClient.prototype.registrationOptions = function (_a) {
-        var token = _a.token, userName = _a.userName;
-        return __awaiter(this, void 0, void 0, function () {
-            var response;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey/registration-options", {
-                            json: { username: userName },
-                            headers: this.buildHeaders(token)
-                        })];
-                    case 1:
-                        response = _b.sent();
-                        return [2 /*return*/, response.json()];
-                }
-            });
+    PopupHandler.prototype.create = function (_a) {
+        var _this = this;
+        var _b = _a.width, width = _b === void 0 ? DEFAULT_WIDTH : _b;
+        var isWidthValidCSSValue = CSS.supports("width", width);
+        var popupWidth = width;
+        if (!isWidthValidCSSValue) {
+            console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead.");
+            popupWidth = DEFAULT_WIDTH;
+        }
+        // Create dialog container
+        var container = document.createElement("div");
+        container.setAttribute("id", CONTAINER_ID);
+        container.setAttribute("aria-hidden", "true");
+        // Create dialog overlay
+        var overlay = document.createElement("div");
+        overlay.setAttribute("id", OVERLAY_ID);
+        overlay.setAttribute("data-a11y-dialog-hide", "true");
+        // Create dialog content
+        var content = document.createElement("div");
+        content.setAttribute("id", CONTENT_ID);
+        document.body.appendChild(container);
+        // Create CSS for dialog
+        var style = document.createElement("style");
+        style.setAttribute("id", STYLE_ID);
+        style.textContent = "\n      #".concat(CONTAINER_ID, ",\n      #").concat(OVERLAY_ID, " {\n        position: fixed;\n        top: 0;\n        right: 0;\n        bottom: 0;\n        left: 0;\n      }\n\n      #").concat(CONTAINER_ID, " {\n        z-index: 2147483647;\n        display: flex;\n      }\n\n      #").concat(CONTAINER_ID, "[aria-hidden='true'] {\n        display: none;\n      }\n\n      #").concat(OVERLAY_ID, " {\n        background-color: rgba(0, 0, 0, 0.18);\n      }\n\n      #").concat(CONTENT_ID, " {\n        margin: auto;\n        z-index: 2147483647;\n        position: relative;\n        background-color: transparent;\n        border-radius: 8px;\n        width: ").concat(popupWidth, ";\n      }\n\n      #").concat(CONTENT_ID, " iframe {\n        width: 1px;\n        min-width: 100%;\n        border-radius: inherit;\n        max-height: 95vh;\n        height: ").concat(INITIAL_HEIGHT, ";\n      }\n    ");
+        // Attach the created elements
+        document.head.insertAdjacentElement("beforeend", style);
+        container.appendChild(overlay);
+        container.appendChild(content);
+        this.popup = new A11yDialog(container);
+        // Make sure to remove any trace of the dialog on hide
+        this.popup.on("hide", function () {
+            _this.destroy();
         });
     };
-    PasskeyApiClient.prototype.authenticationOptions = function (_a) {
-        var token = _a.token;
-        return __awaiter(this, void 0, void 0, function () {
-            var response;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey/authentication-options", {
-                            json: {},
-                            headers: this.buildHeaders(token)
-                        })];
-                    case 1:
-                        response = _b.sent();
-                        return [2 /*return*/, response.json()];
-                }
-            });
-        });
+    PopupHandler.prototype.destroy = function () {
+        var dialogEl = document.querySelector("#".concat(CONTAINER_ID));
+        var styleEl = document.querySelector("#".concat(STYLE_ID));
+        if (dialogEl && styleEl) {
+            document.body.removeChild(dialogEl);
+            document.head.removeChild(styleEl);
+        }
+        window.removeEventListener("message", resizeIframe);
     };
-    PasskeyApiClient.prototype.addAuthenticator = function (_a) {
-        var token = _a.token, rest = __rest(_a, ["token"]);
-        return __awaiter(this, void 0, void 0, function () {
-            var response;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.api.post("client/user-authenticators/passkey", {
-                            json: rest,
-                            headers: this.buildHeaders(token)
-                        })];
-                    case 1:
-                        response = _b.sent();
-                        return [2 /*return*/, response.json()];
-                }
-            });
-        });
+    PopupHandler.prototype.show = function (_a) {
+        var _b;
+        var url = _a.url;
+        if (!this.popup) {
+            throw new Error("Popup is not initialized");
+        }
+        var iframe = document.createElement("iframe");
+        iframe.setAttribute("id", IFRAME_ID);
+        iframe.setAttribute("name", "authsignal");
+        iframe.setAttribute("title", "Authsignal multi-factor authentication");
+        iframe.setAttribute("src", url);
+        iframe.setAttribute("frameborder", "0");
+        iframe.setAttribute("allow", "publickey-credentials-get *; publickey-credentials-create *; clipboard-write");
+        var dialogContent = document.querySelector("#".concat(CONTENT_ID));
+        if (dialogContent) {
+            dialogContent.appendChild(iframe);
+        }
+        window.addEventListener("message", resizeIframe);
+        (_b = this.popup) === null || _b === void 0 ? void 0 : _b.show();
     };
-    PasskeyApiClient.prototype.verify = function (_a) {
-        var token = _a.token, rest = __rest(_a, ["token"]);
-        return __awaiter(this, void 0, void 0, function () {
-            var response;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.api.post("client/verify/passkey", {
-                            json: rest,
-                            headers: this.buildHeaders(token)
-                        })];
-                    case 1:
-                        response = _b.sent();
-                        return [2 /*return*/, response.json()];
-                }
-            });
-        });
+    PopupHandler.prototype.close = function () {
+        if (!this.popup) {
+            throw new Error("Popup is not initialized");
+        }
+        this.popup.hide();
     };
-    PasskeyApiClient.prototype.buildHeaders = function (token) {
-        var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
-        return {
-            Authorization: authorizationHeader
-        };
+    PopupHandler.prototype.on = function (event, handler) {
+        if (!this.popup) {
+            throw new Error("Popup is not initialized");
+        }
+        this.popup.on(event, handler);
     };
-    return PasskeyApiClient;
+    return PopupHandler;
 }());
-var Passkey = /** @class */ (function () {
-    function Passkey(_a) {
-        var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
-        this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId });
+function resizeIframe(event) {
+    var iframeEl = document.querySelector("#".concat(IFRAME_ID));
+    if (iframeEl && event.data.height) {
+        iframeEl.style.height = event.data.height + "px";
     }
-    Passkey.prototype.signUp = function (_a) {
-        var userName = _a.userName, token = _a.token;
-        return __awaiter(this, void 0, void 0, function () {
-            var optionsResponse, registrationResponse, addAuthenticatorResponse;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.api.registrationOptions({ userName: userName, token: token })];
-                    case 1:
-                        optionsResponse = _b.sent();
-                        return [4 /*yield*/, startRegistration(optionsResponse.options)];
-                    case 2:
-                        registrationResponse = _b.sent();
-                        return [4 /*yield*/, this.api.addAuthenticator({
-                                challengeId: optionsResponse.challengeId,
-                                registrationCredential: registrationResponse,
-                                token: token
-                            })];
-                    case 3:
-                        addAuthenticatorResponse = _b.sent();
-                        return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
-                }
-            });
-        });
-    };
-    Passkey.prototype.signIn = function (params) {
-        return __awaiter(this, void 0, void 0, function () {
-            var optionsResponse, authenticationResponse, verifyResponse;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
-                            throw new Error("Autofill is not supported when providing a token");
-                        }
-                        return [4 /*yield*/, this.api.authenticationOptions({ token: params === null || params === void 0 ? void 0 : params.token })];
-                    case 1:
-                        optionsResponse = _a.sent();
-                        return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
-                    case 2:
-                        authenticationResponse = _a.sent();
-                        return [4 /*yield*/, this.api.verify({
-                                challengeId: optionsResponse.challengeId,
-                                authenticationCredential: authenticationResponse,
-                                token: params === null || params === void 0 ? void 0 : params.token
-                            })];
-                    case 3:
-                        verifyResponse = _a.sent();
-                        return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
-                }
-            });
-        });
-    };
-    return Passkey;
-}());
+}
 var DEFAULT_COOKIE_NAME = "__as_aid";
+var DEFAULT_PROFILING_COOKIE_NAME = "__as_pid";
 var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
+var TMX_ORG_ID = "4a08uqve";
 var Authsignal = /** @class */ (function () {
     function Authsignal(_a) {
         var cookieDomain = _a.cookieDomain, _b = _a.cookieName, cookieName = _b === void 0 ? DEFAULT_COOKIE_NAME : _b, _c = _a.baseUrl, baseUrl = _c === void 0 ? DEFAULT_BASE_URL : _c, tenantId = _a.tenantId;
         this.anonymousId = "";
+        this.profilingId = "";
         this.cookieDomain = "";
         this.anonymousIdCookieName = "";
         this._token = undefined;
@@ -1780,6 +1783,40 @@ var Authsignal = /** @class */ (function () {
                 this.launchWithRedirect(url);
         }
     };
+    Authsignal.prototype.initAdvancedProfiling = function (baseUrl) {
+        var profilingId = v4();
+        this.profilingId = profilingId;
+        setCookie({
+            name: DEFAULT_PROFILING_COOKIE_NAME,
+            value: profilingId,
+            expire: Infinity,
+            domain: this.cookieDomain,
+            secure: document.location.protocol !== "http:"
+        });
+        var tmxProfilingScruiptUrl = baseUrl
+            ? "".concat(baseUrl, "/fp/tags.js?org_id=").concat(TMX_ORG_ID, "&session_id=").concat(profilingId)
+            : "https://h.online-metrix.net/fp/tags.js?org_id=".concat(TMX_ORG_ID, "&session_id=").concat(profilingId);
+        var script = document.createElement("script");
+        script.src = tmxProfilingScruiptUrl;
+        script.async = false;
+        script.id = "as_adv_profile";
+        document.head.appendChild(script);
+        var pixelContainer = document.createElement("noscript");
+        pixelContainer.setAttribute("id", "as_adv_profile_pixel");
+        pixelContainer.setAttribute("aria-hidden", "true");
+        // Instantiate Pixel
+        var iframe = document.createElement("iframe");
+        var profilingPixelUrl = baseUrl
+            ? "".concat(baseUrl, "/fp/tags?org_id=").concat(TMX_ORG_ID, "&session_id=").concat(profilingId)
+            : "https://h.online-metrix.net/fp/tags?org_id=".concat(TMX_ORG_ID, "&session_id=").concat(profilingId);
+        iframe.setAttribute("id", "as_adv_profile_pixel");
+        iframe.setAttribute("src", profilingPixelUrl);
+        iframe.setAttribute("style", "width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;");
+        if (pixelContainer) {
+            pixelContainer.appendChild(iframe);
+            document.body.prepend(pixelContainer);
+        }
+    };
     Authsignal.prototype.launchWithRedirect = function (url) {
         window.location.href = url;
     };