@authsignal/browser 0.5.1-alpha → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/api/passkey-api-client.d.ts +7 -7
  2. package/dist/api/types.d.ts +9 -0
  3. package/dist/authsignal.d.ts +0 -3
  4. package/dist/helpers.d.ts +5 -3
  5. package/dist/index.js +79 -133
  6. package/dist/index.min.js +1 -1
  7. package/dist/passkey.d.ts +16 -12
  8. package/package.json +1 -1
  9. package/dist/api/authsignal-api-client.d.ts +0 -20
  10. package/dist/kiosk.d.ts +0 -16
package/dist/api/passkey-api-client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
1
+ import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, AuthsignalResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
2
2
  declare type PasskeyApiClientOptions = {
3
3
  baseUrl: string;
4
4
  tenantId: string;
@@ -9,18 +9,18 @@ export declare class PasskeyApiClient {
9
9
  constructor({ baseUrl, tenantId }: PasskeyApiClientOptions);
10
10
  registrationOptions({ token, username, authenticatorAttachment, }: {
11
11
  token: string;
12
- } & RegistrationOptsRequest): Promise<RegistrationOptsResponse>;
12
+ } & RegistrationOptsRequest): Promise<AuthsignalResponse<RegistrationOptsResponse>>;
13
13
  authenticationOptions({ token, challengeId, }: {
14
14
  token?: string;
15
- } & AuthenticationOptsRequest): Promise<AuthenticationOptsResponse>;
15
+ } & AuthenticationOptsRequest): Promise<AuthsignalResponse<AuthenticationOptsResponse>>;
16
16
  addAuthenticator({ token, challengeId, registrationCredential, }: {
17
17
  token: string;
18
- } & AddAuthenticatorRequest): Promise<AddAuthenticatorResponse>;
18
+ } & AddAuthenticatorRequest): Promise<AuthsignalResponse<AddAuthenticatorResponse>>;
19
19
  verify({ token, challengeId, authenticationCredential, deviceId, }: {
20
20
  token?: string;
21
- } & VerifyRequest): Promise<VerifyResponse>;
22
- getPasskeyAuthenticator(credentialId: string): Promise<PasskeyAuthenticatorResponse>;
23
- challenge(action: string): Promise<ChallengeResponse>;
21
+ } & VerifyRequest): Promise<AuthsignalResponse<VerifyResponse>>;
22
+ getPasskeyAuthenticator(credentialId: string): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
23
+ challenge(action: string): Promise<AuthsignalResponse<ChallengeResponse>>;
24
24
  private buildHeaders;
25
25
  }
26
26
  export {};
package/dist/api/types.d.ts CHANGED
@@ -31,6 +31,10 @@ export declare type VerifyRequest = {
31
31
  export declare type VerifyResponse = {
32
32
  isVerified: boolean;
33
33
  accessToken?: string;
34
+ userId?: string;
35
+ userAuthenticatorId?: string;
36
+ username?: string;
37
+ userDisplayName?: string;
34
38
  };
35
39
  export declare type PasskeyAuthenticatorResponse = {
36
40
  credentialId: string;
@@ -39,3 +43,8 @@ export declare type PasskeyAuthenticatorResponse = {
39
43
  export declare type ChallengeResponse = {
40
44
  challengeId: string;
41
45
  };
46
+ export declare type ErrorResponse = {
47
+ error: string;
48
+ errorDescription?: string;
49
+ };
50
+ export declare type AuthsignalResponse<T> = T | ErrorResponse;
package/dist/authsignal.d.ts CHANGED
@@ -1,14 +1,11 @@
1
1
  import { AuthsignalOptions, LaunchOptions, TokenPayload } from "./types";
2
2
  import { Passkey } from "./passkey";
3
- import { Kiosk } from "./kiosk";
4
3
  export declare class Authsignal {
5
4
  anonymousId: string;
6
5
  profilingId: string;
7
6
  cookieDomain: string;
8
7
  anonymousIdCookieName: string;
9
8
  passkey: Passkey;
10
- kiosk: Kiosk;
11
- private _token;
12
9
  constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
13
10
  launch(url: string, options?: {
14
11
  mode?: "redirect";
package/dist/helpers.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { ErrorResponse } from "./api/types";
1
2
  declare type CookieOptions = {
2
3
  name: string;
3
4
  value: string;
@@ -5,7 +6,8 @@ declare type CookieOptions = {
5
6
  domain: string;
6
7
  secure: boolean;
7
8
  };
8
- export declare const setCookie: ({ name, value, expire, domain, secure }: CookieOptions) => void;
9
- export declare const getCookieDomain: () => string;
10
- export declare const getCookie: (name: string) => string | null;
9
+ export declare function setCookie({ name, value, expire, domain, secure }: CookieOptions): void;
10
+ export declare function getCookieDomain(): string;
11
+ export declare function getCookie(name: string): string | null;
12
+ export declare function logErrorResponse(errorResponse: ErrorResponse): void;
11
13
  export {};
package/dist/index.js CHANGED
@@ -63,7 +63,7 @@ function v4(options, buf, offset) {
63
63
  return unsafeStringify(rnds);
64
64
  }
65
65
 
66
- var setCookie = function (_a) {
66
+ function setCookie(_a) {
67
67
  var name = _a.name, value = _a.value, expire = _a.expire, domain = _a.domain, secure = _a.secure;
68
68
  var expireString = expire === Infinity ? " expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + expire;
69
69
  document.cookie =
@@ -74,16 +74,20 @@ var setCookie = function (_a) {
74
74
  expireString +
75
75
  (domain ? "; domain=" + domain : "") +
76
76
  (secure ? "; secure" : "");
77
- };
78
- var getCookieDomain = function () {
77
+ }
78
+ function getCookieDomain() {
79
79
  return document.location.hostname.replace("www.", "");
80
- };
81
- var getCookie = function (name) {
80
+ }
81
+ function getCookie(name) {
82
82
  if (!name) {
83
83
  return null;
84
84
  }
85
85
  return (decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*" + encodeURIComponent(name).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*([^;]*).*$)|^.*$"), "$1")) || null);
86
- };
86
+ }
87
+ function logErrorResponse(errorResponse) {
88
+ var _a;
89
+ console.error((_a = errorResponse.errorDescription) !== null && _a !== void 0 ? _a : errorResponse.error);
90
+ }
87
91
 
88
92
  var AuthsignalWindowMessage;
89
93
  (function (AuthsignalWindowMessage) {
@@ -559,17 +563,13 @@ var PasskeyApiClient = /** @class */ (function () {
559
563
  switch (_b.label) {
560
564
  case 0:
561
565
  body = { challengeId: challengeId };
562
- return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
563
- method: "POST",
564
- headers: this.buildHeaders(token),
565
- body: JSON.stringify(body)
566
- })];
567
- case 1:
568
- response = _b.sent();
569
- if (!response.ok) {
570
- throw new Error(response.statusText);
571
- }
572
- return [2 /*return*/, response.json()];
566
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
567
+ method: "POST",
568
+ headers: this.buildHeaders(token),
569
+ body: JSON.stringify(body)
570
+ });
571
+ return [4 /*yield*/, response];
572
+ case 1: return [2 /*return*/, (_b.sent()).json()];
573
573
  }
574
574
  });
575
575
  });
@@ -669,14 +669,25 @@ var Passkey = /** @class */ (function () {
669
669
  this.anonymousId = anonymousId;
670
670
  }
671
671
  Passkey.prototype.signUp = function (_a) {
672
- var userName = _a.userName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
672
+ var userName = _a.userName, userDisplayName = _a.userDisplayName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
673
673
  return __awaiter(this, void 0, void 0, function () {
674
- var optionsResponse, registrationResponse, addAuthenticatorResponse;
674
+ var optionsInput, optionsResponse, registrationResponse, addAuthenticatorResponse;
675
675
  return __generator(this, function (_c) {
676
676
  switch (_c.label) {
677
- case 0: return [4 /*yield*/, this.api.registrationOptions({ username: userName, token: token, authenticatorAttachment: authenticatorAttachment })];
677
+ case 0:
678
+ optionsInput = {
679
+ username: userName,
680
+ displayName: userDisplayName,
681
+ token: token,
682
+ authenticatorAttachment: authenticatorAttachment
683
+ };
684
+ return [4 /*yield*/, this.api.registrationOptions(optionsInput)];
678
685
  case 1:
679
686
  optionsResponse = _c.sent();
687
+ if ("error" in optionsResponse) {
688
+ logErrorResponse(optionsResponse);
689
+ return [2 /*return*/];
690
+ }
680
691
  return [4 /*yield*/, startRegistration(optionsResponse.options)];
681
692
  case 2:
682
693
  registrationResponse = _c.sent();
@@ -687,20 +698,25 @@ var Passkey = /** @class */ (function () {
687
698
  })];
688
699
  case 3:
689
700
  addAuthenticatorResponse = _c.sent();
690
- if (addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.isVerified) {
701
+ if ("error" in addAuthenticatorResponse) {
702
+ logErrorResponse(addAuthenticatorResponse);
703
+ return [2 /*return*/];
704
+ }
705
+ if (addAuthenticatorResponse.isVerified) {
691
706
  this.storeCredentialAgainstDevice(registrationResponse);
692
707
  }
693
- return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
708
+ return [2 /*return*/, {
709
+ token: addAuthenticatorResponse.accessToken
710
+ }];
694
711
  }
695
712
  });
696
713
  });
697
714
  };
698
715
  Passkey.prototype.signIn = function (params) {
699
- var _a;
700
716
  return __awaiter(this, void 0, void 0, function () {
701
- var challengeResponse, _b, optionsResponse, authenticationResponse, verifyResponse;
702
- return __generator(this, function (_c) {
703
- switch (_c.label) {
717
+ var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName;
718
+ return __generator(this, function (_b) {
719
+ switch (_b.label) {
704
720
  case 0:
705
721
  if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
706
722
  throw new Error("autofill is not supported when providing a token");
@@ -708,31 +724,33 @@ var Passkey = /** @class */ (function () {
708
724
  if ((params === null || params === void 0 ? void 0 : params.action) && params.token) {
709
725
  throw new Error("action is not supported when providing a token");
710
726
  }
711
- if ((params === null || params === void 0 ? void 0 : params.action) && (params === null || params === void 0 ? void 0 : params.challengeId)) {
712
- throw new Error("action is not supported when providing a challengeId");
713
- }
714
- if ((params === null || params === void 0 ? void 0 : params.challengeId) && params.token) {
715
- throw new Error("challengeId is not supported when providing a token");
716
- }
717
727
  if (!(params === null || params === void 0 ? void 0 : params.action)) return [3 /*break*/, 2];
718
728
  return [4 /*yield*/, this.api.challenge(params.action)];
719
729
  case 1:
720
- _b = _c.sent();
730
+ _a = _b.sent();
721
731
  return [3 /*break*/, 3];
722
732
  case 2:
723
- _b = null;
724
- _c.label = 3;
733
+ _a = null;
734
+ _b.label = 3;
725
735
  case 3:
726
- challengeResponse = _b;
736
+ challengeResponse = _a;
737
+ if (challengeResponse && "error" in challengeResponse) {
738
+ logErrorResponse(challengeResponse);
739
+ return [2 /*return*/];
740
+ }
727
741
  return [4 /*yield*/, this.api.authenticationOptions({
728
742
  token: params === null || params === void 0 ? void 0 : params.token,
729
- challengeId: (_a = challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId) !== null && _a !== void 0 ? _a : params === null || params === void 0 ? void 0 : params.challengeId
743
+ challengeId: challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId
730
744
  })];
731
745
  case 4:
732
- optionsResponse = _c.sent();
746
+ optionsResponse = _b.sent();
747
+ if ("error" in optionsResponse) {
748
+ logErrorResponse(optionsResponse);
749
+ return [2 /*return*/];
750
+ }
733
751
  return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
734
752
  case 5:
735
- authenticationResponse = _c.sent();
753
+ authenticationResponse = _b.sent();
736
754
  return [4 /*yield*/, this.api.verify({
737
755
  challengeId: optionsResponse.challengeId,
738
756
  authenticationCredential: authenticationResponse,
@@ -740,11 +758,22 @@ var Passkey = /** @class */ (function () {
740
758
  deviceId: this.anonymousId
741
759
  })];
742
760
  case 6:
743
- verifyResponse = _c.sent();
744
- if (verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.isVerified) {
761
+ verifyResponse = _b.sent();
762
+ if ("error" in verifyResponse) {
763
+ logErrorResponse(verifyResponse);
764
+ return [2 /*return*/];
765
+ }
766
+ if (verifyResponse.isVerified) {
745
767
  this.storeCredentialAgainstDevice(authenticationResponse);
746
768
  }
747
- return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
769
+ token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName;
770
+ return [2 /*return*/, {
771
+ token: token,
772
+ userId: userId,
773
+ userAuthenticatorId: userAuthenticatorId,
774
+ userName: userName,
775
+ userDisplayName: userDisplayName
776
+ }];
748
777
  }
749
778
  });
750
779
  });
@@ -1287,6 +1316,10 @@ var PopupHandler = /** @class */ (function () {
1287
1316
  container.appendChild(overlay);
1288
1317
  container.appendChild(content);
1289
1318
  this.popup = new A11yDialog(container);
1319
+ // Safari and Firefox will fail the WebAuthn request if the document making
1320
+ // the request does not have focus. This will reduce the chances of that
1321
+ // happening by focusing on the dialog container.
1322
+ container.focus();
1290
1323
  // Make sure to remove any trace of the dialog on hide
1291
1324
  this.popup.on("hide", function () {
1292
1325
  _this.destroy();
@@ -1342,89 +1375,6 @@ function resizeIframe(event) {
1342
1375
  }
1343
1376
  }
1344
1377
 
1345
- var AuthsignalApiClient = /** @class */ (function () {
1346
- function AuthsignalApiClient(_a) {
1347
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1348
- this.tenantId = tenantId;
1349
- this.baseUrl = baseUrl;
1350
- }
1351
- AuthsignalApiClient.prototype.challenge = function (action) {
1352
- return __awaiter(this, void 0, void 0, function () {
1353
- var response;
1354
- return __generator(this, function (_a) {
1355
- switch (_a.label) {
1356
- case 0:
1357
- response = fetch("".concat(this.baseUrl, "/client/challenge"), {
1358
- method: "POST",
1359
- headers: this.buildHeaders(),
1360
- body: JSON.stringify({ action: action })
1361
- });
1362
- return [4 /*yield*/, response];
1363
- case 1: return [2 /*return*/, (_a.sent()).json()];
1364
- }
1365
- });
1366
- });
1367
- };
1368
- AuthsignalApiClient.prototype.verify = function (_a) {
1369
- var challengeId = _a.challengeId;
1370
- return __awaiter(this, void 0, void 0, function () {
1371
- var body, response;
1372
- return __generator(this, function (_b) {
1373
- switch (_b.label) {
1374
- case 0:
1375
- body = { challengeId: challengeId };
1376
- response = fetch("".concat(this.baseUrl, "/client/verify"), {
1377
- method: "POST",
1378
- headers: this.buildHeaders(),
1379
- body: JSON.stringify(body)
1380
- });
1381
- return [4 /*yield*/, response];
1382
- case 1: return [2 /*return*/, (_b.sent()).json()];
1383
- }
1384
- });
1385
- });
1386
- };
1387
- AuthsignalApiClient.prototype.buildHeaders = function (token) {
1388
- var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1389
- return {
1390
- "Content-Type": "application/json",
1391
- Authorization: authorizationHeader
1392
- };
1393
- };
1394
- return AuthsignalApiClient;
1395
- }());
1396
-
1397
- var Kiosk = /** @class */ (function () {
1398
- function Kiosk(_a) {
1399
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1400
- this.api = new AuthsignalApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1401
- }
1402
- Kiosk.prototype.challenge = function (params) {
1403
- return __awaiter(this, void 0, void 0, function () {
1404
- var result;
1405
- return __generator(this, function (_a) {
1406
- switch (_a.label) {
1407
- case 0: return [4 /*yield*/, this.api.challenge(params.action)];
1408
- case 1:
1409
- result = _a.sent();
1410
- return [2 /*return*/, result.challengeId];
1411
- }
1412
- });
1413
- });
1414
- };
1415
- Kiosk.prototype.verify = function (params) {
1416
- return __awaiter(this, void 0, void 0, function () {
1417
- return __generator(this, function (_a) {
1418
- switch (_a.label) {
1419
- case 0: return [4 /*yield*/, this.api.verify({ challengeId: params.challengeId })];
1420
- case 1: return [2 /*return*/, _a.sent()];
1421
- }
1422
- });
1423
- });
1424
- };
1425
- return Kiosk;
1426
- }());
1427
-
1428
1378
  var DEFAULT_COOKIE_NAME = "__as_aid";
1429
1379
  var DEFAULT_PROFILING_COOKIE_NAME = "__as_pid";
1430
1380
  var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
@@ -1436,7 +1386,6 @@ var Authsignal = /** @class */ (function () {
1436
1386
  this.profilingId = "";
1437
1387
  this.cookieDomain = "";
1438
1388
  this.anonymousIdCookieName = "";
1439
- this._token = undefined;
1440
1389
  this.cookieDomain = cookieDomain || getCookieDomain();
1441
1390
  this.anonymousIdCookieName = cookieName;
1442
1391
  if (!tenantId) {
@@ -1457,7 +1406,6 @@ var Authsignal = /** @class */ (function () {
1457
1406
  });
1458
1407
  }
1459
1408
  this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId });
1460
- this.kiosk = new Kiosk({ baseUrl: baseUrl, tenantId: tenantId });
1461
1409
  }
1462
1410
  Authsignal.prototype.launch = function (url, options) {
1463
1411
  switch (options === null || options === void 0 ? void 0 : options.mode) {
@@ -1508,12 +1456,12 @@ var Authsignal = /** @class */ (function () {
1508
1456
  window.location.href = url;
1509
1457
  };
1510
1458
  Authsignal.prototype.launchWithPopup = function (url, options) {
1511
- var _this = this;
1512
1459
  var popupOptions = options.popupOptions;
1513
1460
  var popupHandler = new PopupHandler({ width: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.width, isClosable: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.isClosable });
1514
1461
  var popupUrl = "".concat(url, "&mode=popup");
1515
1462
  popupHandler.show({ url: popupUrl });
1516
1463
  return new Promise(function (resolve) {
1464
+ var token = undefined;
1517
1465
  var onMessage = function (event) {
1518
1466
  var data = null;
1519
1467
  try {
@@ -1523,18 +1471,17 @@ var Authsignal = /** @class */ (function () {
1523
1471
  // Ignore if the event data is not valid JSON
1524
1472
  }
1525
1473
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1526
- _this._token = data.token;
1474
+ token = data.token;
1527
1475
  popupHandler.close();
1528
1476
  }
1529
1477
  };
1530
1478
  popupHandler.on("hide", function () {
1531
- resolve({ token: _this._token });
1479
+ resolve({ token: token });
1532
1480
  });
1533
1481
  window.addEventListener("message", onMessage, false);
1534
1482
  });
1535
1483
  };
1536
1484
  Authsignal.prototype.launchWithWindow = function (url, options) {
1537
- var _this = this;
1538
1485
  var windowOptions = options.windowOptions;
1539
1486
  var windowHandler = new WindowHandler();
1540
1487
  var windowUrl = "".concat(url, "&mode=popup");
@@ -1549,9 +1496,8 @@ var Authsignal = /** @class */ (function () {
1549
1496
  // Ignore if the event data is not valid JSON
1550
1497
  }
1551
1498
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1552
- _this._token = data.token;
1553
1499
  windowHandler.close();
1554
- resolve({ token: _this._token });
1500
+ resolve({ token: data.token });
1555
1501
  }
1556
1502
  };
1557
1503
  window.addEventListener("message", onMessage, false);
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function i(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const o=[];for(let e=0;e<256;++e)o.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||i)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(o[e[t+0]]+o[e[t+1]]+o[e[t+2]]+o[e[t+3]]+"-"+o[e[t+4]]+o[e[t+5]]+"-"+o[e[t+6]]+o[e[t+7]]+"-"+o[e[t+8]]+o[e[t+9]]+"-"+o[e[t+10]]+o[e[t+11]]+o[e[t+12]]+o[e[t+13]]+o[e[t+14]]+o[e[t+15]]).toLowerCase()}(a)}var s=function(e){var t=e.name,n=e.value,i=e.expire,o=e.domain,r=e.secure,a=i===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+i;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(o?"; domain="+o:"")+(r?"; secure":"")};function c(e,t,n,i){return new(n||(n=Promise))((function(o,r){function a(e){try{c(i.next(e))}catch(e){r(e)}}function s(e){try{c(i.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((i=i.apply(e,t||[])).next())}))}function u(e,t){var n,i,o,r,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,i&&(o=2&r[0]?i.return:r[0]?i.throw||((o=i.return)&&o.call(i),0):i.next)&&!(o=o.call(i,r[1])).done)return o;switch(i=0,o&&(r=[2&r[0],o.value]),r[0]){case 0:case 1:o=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,i=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!o||r[1]>o[0]&&r[1]<o[3])){a.label=r[1];break}if(6===r[0]&&a.label<o[1]){a.label=o[1],o=r;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(r);break}o[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],i=0}finally{n=o=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function l(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,i=t.padEnd(t.length+n,"="),o=atob(i),r=new ArrayBuffer(o.length),a=new Uint8Array(r);for(let e=0;e<o.length;e++)a[e]=o.charCodeAt(e);return r}function h(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function p(e){const{id:t}=e;return{...e,id:d(t),transports:e.transports}}function f(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class w extends Error{constructor({message:e,code:t,cause:n,name:i}){super(e,{cause:n}),this.name=i??n.name,this.code=t}}const m=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},g=["cross-platform","platform"];function y(e){if(e&&!(g.indexOf(e)<0))return e}async function v(e){if(!h())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:d(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(p)}};let i;n.signal=m.createNewAbortSignal();try{i=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new w({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new w({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new w({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new w({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new w({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new w({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new w({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!i)throw new Error("Registration was not completed");const{id:o,rawId:r,response:a,type:s}=i;let c,u,g,v;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){b("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(g=l(e))}catch(e){b("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{v=l(a.getAuthenticatorData())}catch(e){b("getAuthenticatorData()",e)}return{id:o,rawId:l(r),response:{attestationObject:l(a.attestationObject),clientDataJSON:l(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:g,authenticatorData:v},type:s,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:y(i.authenticatorAttachment)}}function b(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function E(e,t=!1){if(!h())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(p));const i={...e,challenge:d(e.challenge),allowCredentials:n},o={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');o.mediation="conditional",i.allowCredentials=[]}let r;o.publicKey=i,o.signal=m.createNewAbortSignal();try{r=await navigator.credentials.get(o)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new w({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:o})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let g;var v;return c.userHandle&&(v=c.userHandle,g=new TextDecoder("utf-8").decode(v)),{id:a,rawId:l(s),response:{authenticatorData:l(c.authenticatorData),clientDataJSON:l(c.clientDataJSON),signature:l(c.signature),userHandle:g},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:y(r.authenticatorAttachment)}}var A=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,i=e.authenticatorAttachment;return c(this,void 0,void 0,(function(){var e;return u(this,(function(o){switch(o.label){case 0:return e=Boolean(i)?{username:n,authenticatorAttachment:i}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return c(this,void 0,void 0,(function(){var e,i;return u(this,(function(o){switch(o.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:if(!(i=o.sent()).ok)throw new Error(i.statusText);return[2,i.json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,i=e.registrationCredential;return c(this,void 0,void 0,(function(){var e;return u(this,(function(o){switch(o.label){case 0:return e={challengeId:n,registrationCredential:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,i=e.authenticationCredential,o=e.deviceId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:i,deviceId:o},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return c(this,void 0,void 0,(function(){var t;return u(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,i=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new A({baseUrl:t,tenantId:n}),this.anonymousId=i}return e.prototype.signUp=function(e){var t=e.userName,n=e.token,i=e.authenticatorAttachment,o=void 0===i?"platform":i;return c(this,void 0,void 0,(function(){var e,i,r;return u(this,(function(a){switch(a.label){case 0:return[4,this.api.registrationOptions({username:t,token:n,authenticatorAttachment:o})];case 1:return[4,v((e=a.sent()).options)];case 2:return i=a.sent(),[4,this.api.addAuthenticator({challengeId:e.challengeId,registrationCredential:i,token:n})];case 3:return(null==(r=a.sent())?void 0:r.isVerified)&&this.storeCredentialAgainstDevice(i),[2,null==r?void 0:r.accessToken]}}))}))},e.prototype.signIn=function(e){var t;return c(this,void 0,void 0,(function(){var n,i,o,r,a;return u(this,(function(s){switch(s.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if((null==e?void 0:e.action)&&(null==e?void 0:e.challengeId))throw new Error("action is not supported when providing a challengeId");if((null==e?void 0:e.challengeId)&&e.token)throw new Error("challengeId is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return i=s.sent(),[3,3];case 2:i=null,s.label=3;case 3:return n=i,[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null!==(t=null==n?void 0:n.challengeId)&&void 0!==t?t:null==e?void 0:e.challengeId})];case 4:return[4,E((o=s.sent()).options,null==e?void 0:e.autofill)];case 5:return r=s.sent(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:r,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return(null==(a=s.sent())?void 0:a.isVerified)&&this.storeCredentialAgainstDevice(r),[2,null==a?void 0:a.accessToken]}}))}))},e.prototype.isAvailableOnDevice=function(){return c(this,void 0,void 0,(function(){var e;return u(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),I=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,i=void 0===n?400:n,o=e.height,r=function(e){var t=e.url,n=e.width,i=e.height,o=e.win;if(!o.top)return null;var r=o.top.outerHeight/2+o.top.screenY-i/2,a=o.top.outerWidth/2+o.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(i,", top=").concat(r,", left=").concat(a))}({url:t,width:i,height:void 0===o?500:o,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const _=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',S=":not(:disabled)";var O=[`a[href]${_}${C}`,`area[href]${_}${C}`,`input:not([type="hidden"]):not([type="radio"])${_}${C}${S}`,`input[type="radio"]${_}${C}${S}`,`select${_}${C}${S}`,`textarea${_}${C}${S}`,`button${_}${C}${S}`,`details${_} > summary:first-of-type${C}`,`iframe${_}${C}`,`audio[controls]${_}${C}`,`video[controls]${_}${C}`,`[contenteditable]${_}${C}`,`[tabindex]${_}${C}`];function k(e){(e.querySelector("[autofocus]")||e).focus()}function U(e,t){if(t&&T(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=$(e.shadowRoot,t);for(;n;){const e=U(n,t);if(e)return e;n=P(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=U(e,t);if(n)return n}}else{let n=$(e,t);for(;n;){const e=U(n,t);if(e)return e;n=P(n,t)}}var n;return!t&&T(e)?e:null}function $(e,t){return t?e.firstElementChild:e.lastElementChild}function P(e,t){return t?e.nextElementSibling:e.previousElementSibling}const T=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(O.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function N(e=document){const t=e.activeElement;return t?t.shadowRoot?N(t.shadowRoot)||document.activeElement:t:null}function D(e,t){const[n,i]=function(e){const t=U(e,!0);return[t,t?U(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const o=N();t.shiftKey&&o===n?(i.focus(),t.preventDefault()):t.shiftKey||o!==i||(n.focus(),t.preventDefault())}class x{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=N(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):k(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&D(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||k(this.$el)}}function L(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new x(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",L):L());var K="__authsignal-popup-container",H="__authsignal-popup-content",W="__authsignal-popup-overlay",M="__authsignal-popup-style",j="__authsignal-popup-iframe",q="385px",F=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(K)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,i=void 0===n?q:n,o=e.isClosable,r=void 0===o||o,a=i;CSS.supports("width",i)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=q);var s=document.createElement("div");s.setAttribute("id",K),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",W),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",H),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",M),l.textContent="\n #".concat(K,",\n #").concat(W," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(K," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(K,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(W," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(H," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(H," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new x(s),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(K)),t=document.querySelector("#".concat(M));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",G)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var i=document.createElement("iframe");i.setAttribute("id",j),i.setAttribute("name","authsignal"),i.setAttribute("title","Authsignal multi-factor authentication"),i.setAttribute("src",n),i.setAttribute("frameborder","0"),i.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var o=document.querySelector("#".concat(H));o&&o.appendChild(i),window.addEventListener("message",G),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function G(e){var t=document.querySelector("#".concat(j));t&&e.data.height&&(t.style.height=e.data.height+"px")}var V=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.challengeId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(n){switch(n.label){case 0:return e={challengeId:t},[4,fetch("".concat(this.baseUrl,"/client/verify"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify(e)})];case 1:return[2,n.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),z=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.api=new V({baseUrl:t,tenantId:n})}return e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,this.api.challenge(e.action)];case 1:return[2,t.sent().challengeId]}}))}))},e.prototype.verify=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,this.api.verify({challengeId:e.challengeId})];case 1:return[2,t.sent()]}}))}))},e}(),B="4a08uqve",J=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,i=void 0===n?"__as_aid":n,o=e.baseUrl,r=void 0===o?"https://api.authsignal.com/v1":o,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this._token=void 0,this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=i,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new R({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.kiosk=new z({baseUrl:r,tenantId:c})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(B,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(B,"&session_id=").concat(t),i=document.createElement("script");i.src=n,i.async=!1,i.id="as_adv_profile",document.head.appendChild(i);var o=document.createElement("noscript");o.setAttribute("id","as_adv_profile_pixel"),o.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(B,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(B,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),o&&(o.appendChild(r),document.body.prepend(o))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var i=this,o=n.popupOptions,r=new F({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),a="".concat(t,"&mode=popup");return r.show({url:a}),new Promise((function(t){r.on("hide",(function(){t({token:i._token})})),window.addEventListener("message",(function(t){var n=null;try{n=JSON.parse(t.data)}catch(e){}(null==n?void 0:n.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i._token=n.token,r.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var i=this,o=n.windowOptions,r=new I,a="".concat(t,"&mode=popup");return r.show({url:a,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i._token=o.token,r.close(),t({token:i._token}))}),!1)}))},t}();return e.Authsignal=J,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
1
+ var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(a)}function s(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(e){var t;console.error(null!==(t=e.errorDescription)&&void 0!==t?t:e.error)}function u(e,t,n,o){return new(n||(n=Promise))((function(i,r){function a(e){try{c(o.next(e))}catch(e){r(e)}}function s(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((o=o.apply(e,t||[])).next())}))}function l(e,t){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function d(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function h(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let e=0;e<i.length;e++)a[e]=i.charCodeAt(e);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(e){const{id:t}=e;return{...e,id:h(t),transports:e.transports}}function m(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class w extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const g=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},y=["cross-platform","platform"];function v(e){if(e&&!(y.indexOf(e)<0))return e}async function b(e){if(!p())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:h(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(f)}};let o;n.signal=g.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new w({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new w({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new w({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new w({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new w({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new w({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new w({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,y;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){E("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(l=d(e))}catch(e){E("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{y=d(a.getAuthenticatorData())}catch(e){E("getAuthenticatorData()",e)}return{id:i,rawId:d(r),response:{attestationObject:d(a.attestationObject),clientDataJSON:d(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:y},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:v(o.authenticatorAttachment)}}function E(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function A(e,t=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(f));const o={...e,challenge:h(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=g.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new w({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var y;return c.userHandle&&(y=c.userHandle,l=new TextDecoder("utf-8").decode(y)),{id:a,rawId:d(s),response:{authenticatorData:d(c.authenticatorData),clientDataJSON:d(c.clientDataJSON),signature:d(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:v(r.authenticatorAttachment)}}var R=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,o=e.authenticatorAttachment;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,o=e.registrationCredential;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,o=e.authenticationCredential,i=e.deviceId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),I=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new R({baseUrl:t,tenantId:n}),this.anonymousId=o}return e.prototype.signUp=function(e){var t=e.userName,n=e.userDisplayName,o=e.token,i=e.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var e,i,a,s;return l(this,(function(u){switch(u.label){case 0:return e={username:t,displayName:n,token:o,authenticatorAttachment:r},[4,this.api.registrationOptions(e)];case 1:return"error"in(i=u.sent())?(c(i),[2]):[4,b(i.options)];case 2:return a=u.sent(),[4,this.api.addAuthenticator({challengeId:i.challengeId,registrationCredential:a,token:o})];case 3:return"error"in(s=u.sent())?(c(s),[2]):(s.isVerified&&this.storeCredentialAgainstDevice(a),[2,{token:s.accessToken}])}}))}))},e.prototype.signIn=function(e){return u(this,void 0,void 0,(function(){var t,n,o,i,r,a,s,u,d,h;return l(this,(function(l){switch(l.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(t=n)&&"error"in t?(c(t),[2]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,A(o.options,null==e?void 0:e.autofill)];case 5:return i=l.sent(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,d=r.username,h=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:d,userDisplayName:h}])}}))}))},e.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var e;return l(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),_=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const C=":not([inert]):not([inert] *)",S=':not([tabindex^="-"])',O=":not(:disabled)";var k=[`a[href]${C}${S}`,`area[href]${C}${S}`,`input:not([type="hidden"]):not([type="radio"])${C}${S}${O}`,`input[type="radio"]${C}${S}${O}`,`select${C}${S}${O}`,`textarea${C}${S}${O}`,`button${C}${S}${O}`,`details${C} > summary:first-of-type${S}`,`iframe${C}${S}`,`audio[controls]${C}${S}`,`video[controls]${C}${S}`,`[contenteditable]${C}${S}`,`[tabindex]${C}${S}`];function $(e){(e.querySelector("[autofocus]")||e).focus()}function P(e,t){if(t&&U(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=T(e.shadowRoot,t);for(;n;){const e=P(n,t);if(e)return e;n=N(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=P(e,t);if(n)return n}}else{let n=T(e,t);for(;n;){const e=P(n,t);if(e)return e;n=N(n,t)}}var n;return!t&&U(e)?e:null}function T(e,t){return t?e.firstElementChild:e.lastElementChild}function N(e,t){return t?e.nextElementSibling:e.previousElementSibling}const U=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(k.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function D(e=document){const t=e.activeElement;return t?t.shadowRoot?D(t.shadowRoot)||document.activeElement:t:null}function x(e,t){const[n,o]=function(e){const t=P(e,!0);return[t,t?P(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=D();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class L{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=D(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):$(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&x(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||$(this.$el)}}function K(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new L(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",K):K());var H="__authsignal-popup-container",W="__authsignal-popup-content",M="__authsignal-popup-overlay",q="__authsignal-popup-style",F="__authsignal-popup-iframe",G="385px",j=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(H)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?G:n,i=e.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=G);var s=document.createElement("div");s.setAttribute("id",H),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",M),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",W),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",q),l.textContent="\n #".concat(H,",\n #").concat(M," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(H," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(H,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(M," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(W," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(W," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new L(s),s.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(H)),t=document.querySelector("#".concat(q));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",V)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",F),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(W));i&&i.appendChild(o),window.addEventListener("message",V),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function V(e){var t=document.querySelector("#".concat(F));t&&e.data.height&&(t.style.height=e.data.height+"px")}var z="4a08uqve",B=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new I({tenantId:c,baseUrl:r,anonymousId:this.anonymousId})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(z,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(z,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(z,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(z,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=n.popupOptions,i=new j({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(t,"&mode=popup");return i.show({url:r}),new Promise((function(t){var n=void 0;i.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var o=null;try{o=JSON.parse(t.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=n.windowOptions,i=new _,r="".concat(t,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),t({token:o.token}))}),!1)}))},t}();return e.Authsignal=B,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
package/dist/passkey.d.ts CHANGED
@@ -7,33 +7,37 @@ declare type PasskeyOptions = {
7
7
  };
8
8
  declare type SignUpParams = {
9
9
  userName?: string;
10
+ userDisplayName?: string;
10
11
  token: string;
11
12
  authenticatorAttachment?: AuthenticatorAttachment | null;
12
13
  };
14
+ declare type SignUpResponse = {
15
+ token?: string;
16
+ };
17
+ declare type SignInResponse = {
18
+ token?: string;
19
+ userId?: string;
20
+ userAuthenticatorId?: string;
21
+ userName?: string;
22
+ userDisplayName?: string;
23
+ };
13
24
  export declare class Passkey {
14
25
  api: PasskeyApiClient;
15
26
  private passkeyLocalStorageKey;
16
27
  private anonymousId;
17
28
  constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
18
- signUp({ userName, token, authenticatorAttachment }: SignUpParams): Promise<string | undefined>;
19
- signIn(): Promise<string | undefined>;
29
+ signUp({ userName, userDisplayName, token, authenticatorAttachment, }: SignUpParams): Promise<SignUpResponse | undefined>;
30
+ signIn(): Promise<SignInResponse | undefined>;
20
31
  signIn(params?: {
21
32
  action: string;
22
33
  autofill?: boolean;
23
- }): Promise<string | undefined>;
34
+ }): Promise<SignInResponse | undefined>;
24
35
  signIn(params?: {
25
36
  token: string;
26
- }): Promise<string | undefined>;
37
+ }): Promise<SignInResponse | undefined>;
27
38
  signIn(params?: {
28
39
  autofill: boolean;
29
- }): Promise<string | undefined>;
30
- signIn(params?: {
31
- autofill: boolean;
32
- challengeId?: string;
33
- }): Promise<string | undefined>;
34
- signIn(params?: {
35
- challengeId: string;
36
- }): Promise<string | undefined>;
40
+ }): Promise<SignInResponse | undefined>;
37
41
  isAvailableOnDevice(): Promise<boolean>;
38
42
  private storeCredentialAgainstDevice;
39
43
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "0.5.1-alpha",
3
+ "version": "0.5.1",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",
package/dist/api/authsignal-api-client.d.ts DELETED
@@ -1,20 +0,0 @@
1
- import { ChallengeResponse, VerifyResponse } from "./types";
2
- declare type AuthsignalApiClientOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
6
- export declare class AuthsignalApiClient {
7
- tenantId: string;
8
- baseUrl: string;
9
- constructor({ baseUrl, tenantId }: AuthsignalApiClientOptions);
10
- challenge(action: string): Promise<ChallengeResponse>;
11
- verify({ challengeId }: {
12
- challengeId: string;
13
- }): Promise<AnonymousVerifyResponse>;
14
- private buildHeaders;
15
- }
16
- export declare type AnonymousVerifyResponse = VerifyResponse & {
17
- isClaimed: boolean;
18
- isConsumed: boolean;
19
- };
20
- export {};
package/dist/kiosk.d.ts DELETED
@@ -1,16 +0,0 @@
1
- import { AnonymousVerifyResponse, AuthsignalApiClient } from "./api/authsignal-api-client";
2
- declare type KioskOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
6
- export declare class Kiosk {
7
- api: AuthsignalApiClient;
8
- constructor({ baseUrl, tenantId }: KioskOptions);
9
- challenge(params: {
10
- action: string;
11
- }): Promise<string>;
12
- verify(params: {
13
- challengeId: string;
14
- }): Promise<AnonymousVerifyResponse>;
15
- }
16
- export {};