@authsignal/browser 0.5.11 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/api/email-api-client.d.ts +6 -6
  2. package/dist/api/helpers.d.ts +6 -0
  3. package/dist/api/passkey-api-client.d.ts +9 -6
  4. package/dist/api/sms-api-client.d.ts +6 -5
  5. package/dist/api/totp-api-client.d.ts +5 -4
  6. package/dist/api/types/passkey.d.ts +1 -0
  7. package/dist/api/types/shared.d.ts +3 -0
  8. package/dist/api/types/totp.d.ts +2 -1
  9. package/dist/authsignal.d.ts +1 -1
  10. package/dist/email.d.ts +5 -5
  11. package/dist/index.js +246 -149
  12. package/dist/index.min.js +1 -1
  13. package/dist/passkey.d.ts +6 -2
  14. package/dist/sms.d.ts +5 -5
  15. package/dist/totp.d.ts +4 -5
  16. package/dist/types.d.ts +1 -0
  17. package/package.json +1 -1
package/dist/api/email-api-client.d.ts CHANGED
@@ -1,18 +1,18 @@
1
- import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
1
+ import { ApiClientOptions, AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
2
2
  export declare class EmailApiClient {
3
3
  tenantId: string;
4
4
  baseUrl: string;
5
- constructor({ baseUrl, tenantId }: ApiClientOptions);
5
+ onTokenExpired?: () => void;
6
+ constructor({ baseUrl, tenantId, onTokenExpired }: ApiClientOptions);
6
7
  enroll({ token, email }: {
7
8
  token: string;
8
9
  email: string;
9
- }): Promise<EnrollResponse>;
10
+ }): Promise<AuthsignalResponse<EnrollResponse>>;
10
11
  challenge({ token }: {
11
12
  token: string;
12
- }): Promise<ChallengeResponse>;
13
+ }): Promise<AuthsignalResponse<ChallengeResponse>>;
13
14
  verify({ token, code }: {
14
15
  token: string;
15
16
  code: string;
16
- }): Promise<VerifyResponse>;
17
- private buildHeaders;
17
+ }): Promise<AuthsignalResponse<VerifyResponse>>;
18
18
  }
package/dist/api/helpers.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { AuthsignalResponse } from "./types/shared";
1
2
  type BuildHeadersParams = {
2
3
  token?: string;
3
4
  tenantId: string;
@@ -6,4 +7,9 @@ export declare function buildHeaders({ token, tenantId }: BuildHeadersParams): {
6
7
  "Content-Type": string;
7
8
  Authorization: string;
8
9
  };
10
+ type HandleTokenExpiredParams<T> = {
11
+ response: AuthsignalResponse<T>;
12
+ onTokenExpired?: () => void;
13
+ };
14
+ export declare function handleTokenExpired<T extends object>({ response, onTokenExpired }: HandleTokenExpiredParams<T>): void;
9
15
  export {};
package/dist/api/passkey-api-client.d.ts CHANGED
@@ -3,19 +3,22 @@ import { ApiClientOptions, AuthsignalResponse, ChallengeResponse } from "./types
3
3
  export declare class PasskeyApiClient {
4
4
  tenantId: string;
5
5
  baseUrl: string;
6
- constructor({ baseUrl, tenantId }: ApiClientOptions);
7
- registrationOptions({ token, username, authenticatorAttachment, }: {
6
+ onTokenExpired?: () => void;
7
+ constructor({ baseUrl, tenantId, onTokenExpired }: ApiClientOptions);
8
+ registrationOptions({ token, username, authenticatorAttachment }: {
8
9
  token: string;
9
10
  } & RegistrationOptsRequest): Promise<AuthsignalResponse<RegistrationOptsResponse>>;
10
- authenticationOptions({ token, challengeId, }: {
11
+ authenticationOptions({ token, challengeId }: {
11
12
  token?: string;
12
13
  } & AuthenticationOptsRequest): Promise<AuthsignalResponse<AuthenticationOptsResponse>>;
13
- addAuthenticator({ token, challengeId, registrationCredential, }: {
14
+ addAuthenticator({ token, challengeId, registrationCredential }: {
14
15
  token: string;
15
16
  } & AddAuthenticatorRequest): Promise<AuthsignalResponse<AddAuthenticatorResponse>>;
16
- verify({ token, challengeId, authenticationCredential, deviceId, }: {
17
+ verify({ token, challengeId, authenticationCredential, deviceId }: {
17
18
  token?: string;
18
19
  } & VerifyRequest): Promise<AuthsignalResponse<VerifyResponse>>;
19
- getPasskeyAuthenticator(credentialId: string): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
20
+ getPasskeyAuthenticator({ credentialIds, }: {
21
+ credentialIds: string[];
22
+ }): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
20
23
  challenge(action: string): Promise<AuthsignalResponse<ChallengeResponse>>;
21
24
  }
package/dist/api/sms-api-client.d.ts CHANGED
@@ -1,17 +1,18 @@
1
- import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
1
+ import { ApiClientOptions, AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
2
2
  export declare class SmsApiClient {
3
3
  tenantId: string;
4
4
  baseUrl: string;
5
- constructor({ baseUrl, tenantId }: ApiClientOptions);
5
+ onTokenExpired?: () => void;
6
+ constructor({ baseUrl, tenantId, onTokenExpired }: ApiClientOptions);
6
7
  enroll({ token, phoneNumber }: {
7
8
  token: string;
8
9
  phoneNumber: string;
9
- }): Promise<EnrollResponse>;
10
+ }): Promise<AuthsignalResponse<EnrollResponse>>;
10
11
  challenge({ token }: {
11
12
  token: string;
12
- }): Promise<ChallengeResponse>;
13
+ }): Promise<AuthsignalResponse<ChallengeResponse>>;
13
14
  verify({ token, code }: {
14
15
  token: string;
15
16
  code: string;
16
- }): Promise<VerifyResponse>;
17
+ }): Promise<AuthsignalResponse<VerifyResponse>>;
17
18
  }
package/dist/api/totp-api-client.d.ts CHANGED
@@ -1,14 +1,15 @@
1
- import { ApiClientOptions, VerifyResponse } from "./types/shared";
1
+ import { ApiClientOptions, AuthsignalResponse, VerifyResponse } from "./types/shared";
2
2
  import { EnrollResponse } from "./types/totp";
3
3
  export declare class TotpApiClient {
4
4
  tenantId: string;
5
5
  baseUrl: string;
6
- constructor({ baseUrl, tenantId }: ApiClientOptions);
6
+ onTokenExpired?: () => void;
7
+ constructor({ baseUrl, tenantId, onTokenExpired }: ApiClientOptions);
7
8
  enroll({ token }: {
8
9
  token: string;
9
- }): Promise<EnrollResponse>;
10
+ }): Promise<AuthsignalResponse<EnrollResponse>>;
10
11
  verify({ token, code }: {
11
12
  token: string;
12
13
  code: string;
13
- }): Promise<VerifyResponse>;
14
+ }): Promise<AuthsignalResponse<VerifyResponse>>;
14
15
  }
package/dist/api/types/passkey.d.ts CHANGED
@@ -22,6 +22,7 @@ export type AddAuthenticatorResponse = {
22
22
  isVerified: boolean;
23
23
  accessToken?: string;
24
24
  userAuthenticatorId?: string;
25
+ userId?: string;
25
26
  };
26
27
  export type VerifyRequest = {
27
28
  challengeId: string;
package/dist/api/types/shared.d.ts CHANGED
@@ -1,9 +1,11 @@
1
1
  export type ApiClientOptions = {
2
2
  baseUrl: string;
3
3
  tenantId: string;
4
+ onTokenExpired?: () => void;
4
5
  };
5
6
  export type EnrollResponse = {
6
7
  userAuthenticatorId: string;
8
+ userId: string;
7
9
  };
8
10
  export type ChallengeResponse = {
9
11
  challengeId: string;
@@ -15,6 +17,7 @@ export type VerifyResponse = {
15
17
  };
16
18
  export type ErrorResponse = {
17
19
  error: string;
20
+ errorCode?: "token_expired" | (string & {});
18
21
  errorDescription?: string;
19
22
  };
20
23
  export type AuthsignalResponse<T> = T | ErrorResponse;
package/dist/api/types/totp.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  export type EnrollResponse = {
2
- userAuthenticatorID: string;
2
+ userAuthenticatorId: string;
3
+ userId: string;
3
4
  uri: string;
4
5
  secret: string;
5
6
  };
package/dist/authsignal.d.ts CHANGED
@@ -12,7 +12,7 @@ export declare class Authsignal {
12
12
  totp: Totp;
13
13
  email: Email;
14
14
  sms: Sms;
15
- constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
15
+ constructor({ cookieDomain, cookieName, baseUrl, tenantId, onTokenExpired, }: AuthsignalOptions);
16
16
  setToken(token: string): void;
17
17
  launch(url: string, options?: {
18
18
  mode?: "redirect";
package/dist/email.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
2
1
  type EmailOptions = {
3
2
  baseUrl: string;
4
3
  tenantId: string;
4
+ onTokenExpired?: () => void;
5
5
  };
6
6
  type EnrollParams = {
7
7
  email: string;
@@ -12,9 +12,9 @@ type VerifyParams = {
12
12
  export declare class Email {
13
13
  private api;
14
14
  private cache;
15
- constructor({ baseUrl, tenantId }: EmailOptions);
16
- enroll({ email }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
17
- challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
18
- verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
15
+ constructor({ baseUrl, tenantId, onTokenExpired }: EmailOptions);
16
+ enroll({ email }: EnrollParams): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").EnrollResponse>>;
17
+ challenge(): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").ChallengeResponse>>;
18
+ verify({ code }: VerifyParams): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").VerifyResponse>>;
19
19
  }
20
20
  export {};
package/dist/index.js CHANGED
@@ -109,6 +109,17 @@ OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
109
109
  PERFORMANCE OF THIS SOFTWARE.
110
110
  ***************************************************************************** */
111
111
 
112
+ var __assign = function() {
113
+ __assign = Object.assign || function __assign(t) {
114
+ for (var s, i = 1, n = arguments.length; i < n; i++) {
115
+ s = arguments[i];
116
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];
117
+ }
118
+ return t;
119
+ };
120
+ return __assign.apply(this, arguments);
121
+ };
122
+
112
123
  function __awaiter(thisArg, _arguments, P, generator) {
113
124
  function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
114
125
  return new (P || (P = Promise))(function (resolve, reject) {
@@ -531,16 +542,23 @@ function buildHeaders(_a) {
531
542
  Authorization: authorizationHeader,
532
543
  };
533
544
  }
545
+ function handleTokenExpired(_a) {
546
+ var response = _a.response, onTokenExpired = _a.onTokenExpired;
547
+ if ("error" in response && response.errorCode === "token_expired" && onTokenExpired) {
548
+ onTokenExpired();
549
+ }
550
+ }
534
551
 
535
552
  var PasskeyApiClient = /** @class */ (function () {
536
553
  function PasskeyApiClient(_a) {
537
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
554
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
538
555
  this.tenantId = tenantId;
539
556
  this.baseUrl = baseUrl;
557
+ this.onTokenExpired = onTokenExpired;
540
558
  }
541
559
  PasskeyApiClient.prototype.registrationOptions = function (_a) {
542
560
  return __awaiter(this, arguments, void 0, function (_b) {
543
- var body, response;
561
+ var body, response, responseJson;
544
562
  var token = _b.token, username = _b.username, authenticatorAttachment = _b.authenticatorAttachment;
545
563
  return __generator(this, function (_c) {
546
564
  switch (_c.label) {
@@ -548,39 +566,49 @@ var PasskeyApiClient = /** @class */ (function () {
548
566
  body = Boolean(authenticatorAttachment)
549
567
  ? { username: username, authenticatorAttachment: authenticatorAttachment }
550
568
  : { username: username };
551
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/registration-options"), {
552
- method: "POST",
553
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
554
- body: JSON.stringify(body),
555
- });
556
- return [4 /*yield*/, response];
557
- case 1: return [2 /*return*/, (_c.sent()).json()];
569
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/registration-options"), {
570
+ method: "POST",
571
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
572
+ body: JSON.stringify(body),
573
+ })];
574
+ case 1:
575
+ response = _c.sent();
576
+ return [4 /*yield*/, response.json()];
577
+ case 2:
578
+ responseJson = _c.sent();
579
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
580
+ return [2 /*return*/, responseJson];
558
581
  }
559
582
  });
560
583
  });
561
584
  };
562
585
  PasskeyApiClient.prototype.authenticationOptions = function (_a) {
563
586
  return __awaiter(this, arguments, void 0, function (_b) {
564
- var body, response;
587
+ var body, response, responseJson;
565
588
  var token = _b.token, challengeId = _b.challengeId;
566
589
  return __generator(this, function (_c) {
567
590
  switch (_c.label) {
568
591
  case 0:
569
592
  body = { challengeId: challengeId };
570
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
571
- method: "POST",
572
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
573
- body: JSON.stringify(body),
574
- });
575
- return [4 /*yield*/, response];
576
- case 1: return [2 /*return*/, (_c.sent()).json()];
593
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
594
+ method: "POST",
595
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
596
+ body: JSON.stringify(body),
597
+ })];
598
+ case 1:
599
+ response = _c.sent();
600
+ return [4 /*yield*/, response.json()];
601
+ case 2:
602
+ responseJson = _c.sent();
603
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
604
+ return [2 /*return*/, responseJson];
577
605
  }
578
606
  });
579
607
  });
580
608
  };
581
609
  PasskeyApiClient.prototype.addAuthenticator = function (_a) {
582
610
  return __awaiter(this, arguments, void 0, function (_b) {
583
- var body, response;
611
+ var body, response, responseJson;
584
612
  var token = _b.token, challengeId = _b.challengeId, registrationCredential = _b.registrationCredential;
585
613
  return __generator(this, function (_c) {
586
614
  switch (_c.label) {
@@ -589,47 +617,58 @@ var PasskeyApiClient = /** @class */ (function () {
589
617
  challengeId: challengeId,
590
618
  registrationCredential: registrationCredential,
591
619
  };
592
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey"), {
593
- method: "POST",
594
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
595
- body: JSON.stringify(body),
596
- });
597
- return [4 /*yield*/, response];
598
- case 1: return [2 /*return*/, (_c.sent()).json()];
620
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey"), {
621
+ method: "POST",
622
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
623
+ body: JSON.stringify(body),
624
+ })];
625
+ case 1:
626
+ response = _c.sent();
627
+ return [4 /*yield*/, response.json()];
628
+ case 2:
629
+ responseJson = _c.sent();
630
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
631
+ return [2 /*return*/, responseJson];
599
632
  }
600
633
  });
601
634
  });
602
635
  };
603
636
  PasskeyApiClient.prototype.verify = function (_a) {
604
637
  return __awaiter(this, arguments, void 0, function (_b) {
605
- var body, response;
638
+ var body, response, responseJson;
606
639
  var token = _b.token, challengeId = _b.challengeId, authenticationCredential = _b.authenticationCredential, deviceId = _b.deviceId;
607
640
  return __generator(this, function (_c) {
608
641
  switch (_c.label) {
609
642
  case 0:
610
643
  body = { challengeId: challengeId, authenticationCredential: authenticationCredential, deviceId: deviceId };
611
- response = fetch("".concat(this.baseUrl, "/client/verify/passkey"), {
612
- method: "POST",
613
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
614
- body: JSON.stringify(body),
615
- });
616
- return [4 /*yield*/, response];
617
- case 1: return [2 /*return*/, (_c.sent()).json()];
644
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/verify/passkey"), {
645
+ method: "POST",
646
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
647
+ body: JSON.stringify(body),
648
+ })];
649
+ case 1:
650
+ response = _c.sent();
651
+ return [4 /*yield*/, response.json()];
652
+ case 2:
653
+ responseJson = _c.sent();
654
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
655
+ return [2 /*return*/, responseJson];
618
656
  }
619
657
  });
620
658
  });
621
659
  };
622
- PasskeyApiClient.prototype.getPasskeyAuthenticator = function (credentialId) {
623
- return __awaiter(this, void 0, void 0, function () {
660
+ PasskeyApiClient.prototype.getPasskeyAuthenticator = function (_a) {
661
+ return __awaiter(this, arguments, void 0, function (_b) {
624
662
  var response;
625
- return __generator(this, function (_a) {
626
- switch (_a.label) {
627
- case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey?credentialId=").concat(credentialId), {
663
+ var credentialIds = _b.credentialIds;
664
+ return __generator(this, function (_c) {
665
+ switch (_c.label) {
666
+ case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey?credentialIds=").concat(credentialIds), {
628
667
  method: "GET",
629
668
  headers: buildHeaders({ tenantId: this.tenantId }),
630
669
  })];
631
670
  case 1:
632
- response = _a.sent();
671
+ response = _c.sent();
633
672
  if (!response.ok) {
634
673
  throw new Error(response.statusText);
635
674
  }
@@ -640,17 +679,21 @@ var PasskeyApiClient = /** @class */ (function () {
640
679
  };
641
680
  PasskeyApiClient.prototype.challenge = function (action) {
642
681
  return __awaiter(this, void 0, void 0, function () {
643
- var response;
682
+ var response, responseJson;
644
683
  return __generator(this, function (_a) {
645
684
  switch (_a.label) {
646
- case 0:
647
- response = fetch("".concat(this.baseUrl, "/client/challenge"), {
685
+ case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/challenge"), {
648
686
  method: "POST",
649
687
  headers: buildHeaders({ tenantId: this.tenantId }),
650
688
  body: JSON.stringify({ action: action }),
651
- });
652
- return [4 /*yield*/, response];
653
- case 1: return [2 /*return*/, (_a.sent()).json()];
689
+ })];
690
+ case 1:
691
+ response = _a.sent();
692
+ return [4 /*yield*/, response.json()];
693
+ case 2:
694
+ responseJson = _a.sent();
695
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
696
+ return [2 /*return*/, responseJson];
654
697
  }
655
698
  });
656
699
  });
@@ -677,10 +720,10 @@ var TokenCache = /** @class */ (function () {
677
720
 
678
721
  var Passkey = /** @class */ (function () {
679
722
  function Passkey(_a) {
680
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId, anonymousId = _a.anonymousId;
681
- this.passkeyLocalStorageKey = "as_passkey_credential_id";
723
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, anonymousId = _a.anonymousId, onTokenExpired = _a.onTokenExpired;
724
+ this.passkeyLocalStorageKey = "as_user_passkey_map";
682
725
  this.cache = TokenCache.shared;
683
- this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId });
726
+ this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId, onTokenExpired: onTokenExpired });
684
727
  this.anonymousId = anonymousId;
685
728
  }
686
729
  Passkey.prototype.signUp = function (_a) {
@@ -722,7 +765,7 @@ var Passkey = /** @class */ (function () {
722
765
  return [2 /*return*/, addAuthenticatorResponse];
723
766
  }
724
767
  if (addAuthenticatorResponse.isVerified) {
725
- this.storeCredentialAgainstDevice(registrationResponse);
768
+ this.storeCredentialAgainstDevice(__assign(__assign({}, registrationResponse), { userId: addAuthenticatorResponse.userId }));
726
769
  }
727
770
  if (addAuthenticatorResponse.accessToken) {
728
771
  this.cache.token = addAuthenticatorResponse.accessToken;
@@ -737,7 +780,7 @@ var Passkey = /** @class */ (function () {
737
780
  };
738
781
  Passkey.prototype.signIn = function (params) {
739
782
  return __awaiter(this, void 0, void 0, function () {
740
- var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName;
783
+ var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName, isVerified;
741
784
  return __generator(this, function (_b) {
742
785
  switch (_b.label) {
743
786
  case 0:
@@ -790,13 +833,14 @@ var Passkey = /** @class */ (function () {
790
833
  return [2 /*return*/, verifyResponse];
791
834
  }
792
835
  if (verifyResponse.isVerified) {
793
- this.storeCredentialAgainstDevice(authenticationResponse);
836
+ this.storeCredentialAgainstDevice(__assign(__assign({}, authenticationResponse), { userId: verifyResponse.userId }));
794
837
  }
795
838
  if (verifyResponse.accessToken) {
796
839
  this.cache.token = verifyResponse.accessToken;
797
840
  }
798
- token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName;
841
+ token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName, isVerified = verifyResponse.isVerified;
799
842
  return [2 /*return*/, {
843
+ isVerified: isVerified,
800
844
  token: token,
801
845
  userId: userId,
802
846
  userAuthenticatorId: userAuthenticatorId,
@@ -808,25 +852,35 @@ var Passkey = /** @class */ (function () {
808
852
  });
809
853
  });
810
854
  };
811
- Passkey.prototype.isAvailableOnDevice = function () {
812
- return __awaiter(this, void 0, void 0, function () {
813
- var credentialId;
814
- return __generator(this, function (_b) {
815
- switch (_b.label) {
855
+ Passkey.prototype.isAvailableOnDevice = function (_a) {
856
+ return __awaiter(this, arguments, void 0, function (_b) {
857
+ var storedCredentials, credentialsMap, credentialIds;
858
+ var _d;
859
+ var userId = _b.userId;
860
+ return __generator(this, function (_e) {
861
+ switch (_e.label) {
816
862
  case 0:
817
- credentialId = localStorage.getItem(this.passkeyLocalStorageKey);
818
- if (!credentialId) {
863
+ if (!userId) {
864
+ throw new Error("userId is required");
865
+ }
866
+ storedCredentials = localStorage.getItem(this.passkeyLocalStorageKey);
867
+ if (!storedCredentials) {
819
868
  return [2 /*return*/, false];
820
869
  }
821
- _b.label = 1;
870
+ credentialsMap = JSON.parse(storedCredentials);
871
+ credentialIds = (_d = credentialsMap[userId]) !== null && _d !== void 0 ? _d : [];
872
+ if (credentialIds.length === 0) {
873
+ return [2 /*return*/, false];
874
+ }
875
+ _e.label = 1;
822
876
  case 1:
823
- _b.trys.push([1, 3, , 4]);
824
- return [4 /*yield*/, this.api.getPasskeyAuthenticator(credentialId)];
877
+ _e.trys.push([1, 3, , 4]);
878
+ return [4 /*yield*/, this.api.getPasskeyAuthenticator({ credentialIds: credentialIds })];
825
879
  case 2:
826
- _b.sent();
880
+ _e.sent();
827
881
  return [2 /*return*/, true];
828
882
  case 3:
829
- _b.sent();
883
+ _e.sent();
830
884
  return [2 /*return*/, false];
831
885
  case 4: return [2 /*return*/];
832
886
  }
@@ -834,11 +888,21 @@ var Passkey = /** @class */ (function () {
834
888
  });
835
889
  };
836
890
  Passkey.prototype.storeCredentialAgainstDevice = function (_a) {
837
- var id = _a.id, authenticatorAttachment = _a.authenticatorAttachment;
891
+ var id = _a.id, authenticatorAttachment = _a.authenticatorAttachment, _b = _a.userId, userId = _b === void 0 ? "" : _b;
838
892
  if (authenticatorAttachment === "cross-platform") {
839
893
  return;
840
894
  }
841
- localStorage.setItem(this.passkeyLocalStorageKey, id);
895
+ var storedCredentials = localStorage.getItem(this.passkeyLocalStorageKey);
896
+ var credentialsMap = storedCredentials ? JSON.parse(storedCredentials) : {};
897
+ if (credentialsMap[userId]) {
898
+ if (!credentialsMap[userId].includes(id)) {
899
+ credentialsMap[userId].push(id);
900
+ }
901
+ }
902
+ else {
903
+ credentialsMap[userId] = [id];
904
+ }
905
+ localStorage.setItem(this.passkeyLocalStorageKey, JSON.stringify(credentialsMap));
842
906
  };
843
907
  return Passkey;
844
908
  }());
@@ -1407,42 +1471,52 @@ function resizeIframe(event) {
1407
1471
 
1408
1472
  var TotpApiClient = /** @class */ (function () {
1409
1473
  function TotpApiClient(_a) {
1410
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1474
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1411
1475
  this.tenantId = tenantId;
1412
1476
  this.baseUrl = baseUrl;
1477
+ this.onTokenExpired = onTokenExpired;
1413
1478
  }
1414
1479
  TotpApiClient.prototype.enroll = function (_a) {
1415
1480
  return __awaiter(this, arguments, void 0, function (_b) {
1416
- var response;
1481
+ var response, responseJson;
1417
1482
  var token = _b.token;
1418
1483
  return __generator(this, function (_c) {
1419
1484
  switch (_c.label) {
1420
- case 0:
1421
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/totp"), {
1485
+ case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/totp"), {
1422
1486
  method: "POST",
1423
1487
  headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1424
- });
1425
- return [4 /*yield*/, response];
1426
- case 1: return [2 /*return*/, (_c.sent()).json()];
1488
+ })];
1489
+ case 1:
1490
+ response = _c.sent();
1491
+ return [4 /*yield*/, response.json()];
1492
+ case 2:
1493
+ responseJson = _c.sent();
1494
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1495
+ return [2 /*return*/, responseJson];
1427
1496
  }
1428
1497
  });
1429
1498
  });
1430
1499
  };
1431
1500
  TotpApiClient.prototype.verify = function (_a) {
1432
1501
  return __awaiter(this, arguments, void 0, function (_b) {
1433
- var body, response;
1502
+ var body, response, responseJson;
1434
1503
  var token = _b.token, code = _b.code;
1435
1504
  return __generator(this, function (_c) {
1436
1505
  switch (_c.label) {
1437
1506
  case 0:
1438
1507
  body = { verificationCode: code };
1439
- response = fetch("".concat(this.baseUrl, "/client/verify/totp"), {
1440
- method: "POST",
1441
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1442
- body: JSON.stringify(body),
1443
- });
1444
- return [4 /*yield*/, response];
1445
- case 1: return [2 /*return*/, (_c.sent()).json()];
1508
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/verify/totp"), {
1509
+ method: "POST",
1510
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1511
+ body: JSON.stringify(body),
1512
+ })];
1513
+ case 1:
1514
+ response = _c.sent();
1515
+ return [4 /*yield*/, response.json()];
1516
+ case 2:
1517
+ responseJson = _c.sent();
1518
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1519
+ return [2 /*return*/, responseJson];
1446
1520
  }
1447
1521
  });
1448
1522
  });
@@ -1452,9 +1526,9 @@ var TotpApiClient = /** @class */ (function () {
1452
1526
 
1453
1527
  var Totp = /** @class */ (function () {
1454
1528
  function Totp(_a) {
1455
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1529
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1456
1530
  this.cache = TokenCache.shared;
1457
- this.api = new TotpApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1531
+ this.api = new TotpApiClient({ baseUrl: baseUrl, tenantId: tenantId, onTokenExpired: onTokenExpired });
1458
1532
  }
1459
1533
  Totp.prototype.enroll = function () {
1460
1534
  return __awaiter(this, void 0, void 0, function () {
@@ -1479,7 +1553,7 @@ var Totp = /** @class */ (function () {
1479
1553
  return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1480
1554
  case 1:
1481
1555
  verifyResponse = _c.sent();
1482
- if (verifyResponse.accessToken) {
1556
+ if ("accessToken" in verifyResponse && verifyResponse.accessToken) {
1483
1557
  this.cache.token = verifyResponse.accessToken;
1484
1558
  }
1485
1559
  return [2 /*return*/, verifyResponse];
@@ -1492,80 +1566,88 @@ var Totp = /** @class */ (function () {
1492
1566
 
1493
1567
  var EmailApiClient = /** @class */ (function () {
1494
1568
  function EmailApiClient(_a) {
1495
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1569
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1496
1570
  this.tenantId = tenantId;
1497
1571
  this.baseUrl = baseUrl;
1572
+ this.onTokenExpired = onTokenExpired;
1498
1573
  }
1499
1574
  EmailApiClient.prototype.enroll = function (_a) {
1500
1575
  return __awaiter(this, arguments, void 0, function (_b) {
1501
- var body, response;
1576
+ var body, response, responseJson;
1502
1577
  var token = _b.token, email = _b.email;
1503
1578
  return __generator(this, function (_c) {
1504
1579
  switch (_c.label) {
1505
1580
  case 0:
1506
1581
  body = { email: email };
1507
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/email-otp"), {
1508
- method: "POST",
1509
- headers: this.buildHeaders(token),
1510
- body: JSON.stringify(body),
1511
- });
1512
- return [4 /*yield*/, response];
1513
- case 1: return [2 /*return*/, (_c.sent()).json()];
1582
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/email-otp"), {
1583
+ method: "POST",
1584
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1585
+ body: JSON.stringify(body),
1586
+ })];
1587
+ case 1:
1588
+ response = _c.sent();
1589
+ return [4 /*yield*/, response.json()];
1590
+ case 2:
1591
+ responseJson = _c.sent();
1592
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1593
+ return [2 /*return*/, responseJson];
1514
1594
  }
1515
1595
  });
1516
1596
  });
1517
1597
  };
1518
1598
  EmailApiClient.prototype.challenge = function (_a) {
1519
1599
  return __awaiter(this, arguments, void 0, function (_b) {
1520
- var response;
1600
+ var response, responseJson;
1521
1601
  var token = _b.token;
1522
1602
  return __generator(this, function (_c) {
1523
1603
  switch (_c.label) {
1524
- case 0:
1525
- response = fetch("".concat(this.baseUrl, "/client/challenge/email-otp"), {
1604
+ case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/challenge/email-otp"), {
1526
1605
  method: "POST",
1527
- headers: this.buildHeaders(token),
1528
- });
1529
- return [4 /*yield*/, response];
1530
- case 1: return [2 /*return*/, (_c.sent()).json()];
1606
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1607
+ })];
1608
+ case 1:
1609
+ response = _c.sent();
1610
+ return [4 /*yield*/, response.json()];
1611
+ case 2:
1612
+ responseJson = _c.sent();
1613
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1614
+ return [2 /*return*/, responseJson];
1531
1615
  }
1532
1616
  });
1533
1617
  });
1534
1618
  };
1535
1619
  EmailApiClient.prototype.verify = function (_a) {
1536
1620
  return __awaiter(this, arguments, void 0, function (_b) {
1537
- var body, response;
1621
+ var body, response, responseJson;
1538
1622
  var token = _b.token, code = _b.code;
1539
1623
  return __generator(this, function (_c) {
1540
1624
  switch (_c.label) {
1541
1625
  case 0:
1542
1626
  body = { verificationCode: code };
1543
- response = fetch("".concat(this.baseUrl, "/client/verify/email-otp"), {
1544
- method: "POST",
1545
- headers: this.buildHeaders(token),
1546
- body: JSON.stringify(body),
1547
- });
1548
- return [4 /*yield*/, response];
1549
- case 1: return [2 /*return*/, (_c.sent()).json()];
1627
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/verify/email-otp"), {
1628
+ method: "POST",
1629
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1630
+ body: JSON.stringify(body),
1631
+ })];
1632
+ case 1:
1633
+ response = _c.sent();
1634
+ return [4 /*yield*/, response.json()];
1635
+ case 2:
1636
+ responseJson = _c.sent();
1637
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1638
+ return [2 /*return*/, responseJson];
1550
1639
  }
1551
1640
  });
1552
1641
  });
1553
1642
  };
1554
- EmailApiClient.prototype.buildHeaders = function (token) {
1555
- var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1556
- return {
1557
- "Content-Type": "application/json",
1558
- Authorization: authorizationHeader,
1559
- };
1560
- };
1561
1643
  return EmailApiClient;
1562
1644
  }());
1563
1645
 
1564
1646
  var Email = /** @class */ (function () {
1565
1647
  function Email(_a) {
1566
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1648
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1567
1649
  this.cache = TokenCache.shared;
1568
- this.api = new EmailApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1650
+ this.api = new EmailApiClient({ baseUrl: baseUrl, tenantId: tenantId, onTokenExpired: onTokenExpired });
1569
1651
  }
1570
1652
  Email.prototype.enroll = function (_a) {
1571
1653
  return __awaiter(this, arguments, void 0, function (_b) {
@@ -1601,7 +1683,7 @@ var Email = /** @class */ (function () {
1601
1683
  return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1602
1684
  case 1:
1603
1685
  verifyResponse = _c.sent();
1604
- if (verifyResponse.accessToken) {
1686
+ if ("accessToken" in verifyResponse && verifyResponse.accessToken) {
1605
1687
  this.cache.token = verifyResponse.accessToken;
1606
1688
  }
1607
1689
  return [2 /*return*/, verifyResponse];
@@ -1614,61 +1696,76 @@ var Email = /** @class */ (function () {
1614
1696
 
1615
1697
  var SmsApiClient = /** @class */ (function () {
1616
1698
  function SmsApiClient(_a) {
1617
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1699
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1618
1700
  this.tenantId = tenantId;
1619
1701
  this.baseUrl = baseUrl;
1702
+ this.onTokenExpired = onTokenExpired;
1620
1703
  }
1621
1704
  SmsApiClient.prototype.enroll = function (_a) {
1622
1705
  return __awaiter(this, arguments, void 0, function (_b) {
1623
- var body, response;
1706
+ var body, response, responseJson;
1624
1707
  var token = _b.token, phoneNumber = _b.phoneNumber;
1625
1708
  return __generator(this, function (_c) {
1626
1709
  switch (_c.label) {
1627
1710
  case 0:
1628
1711
  body = { phoneNumber: phoneNumber };
1629
- response = fetch("".concat(this.baseUrl, "/client/user-authenticators/sms"), {
1630
- method: "POST",
1631
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1632
- body: JSON.stringify(body),
1633
- });
1634
- return [4 /*yield*/, response];
1635
- case 1: return [2 /*return*/, (_c.sent()).json()];
1712
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/sms"), {
1713
+ method: "POST",
1714
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1715
+ body: JSON.stringify(body),
1716
+ })];
1717
+ case 1:
1718
+ response = _c.sent();
1719
+ return [4 /*yield*/, response.json()];
1720
+ case 2:
1721
+ responseJson = _c.sent();
1722
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1723
+ return [2 /*return*/, responseJson];
1636
1724
  }
1637
1725
  });
1638
1726
  });
1639
1727
  };
1640
1728
  SmsApiClient.prototype.challenge = function (_a) {
1641
1729
  return __awaiter(this, arguments, void 0, function (_b) {
1642
- var response;
1730
+ var response, responseJson;
1643
1731
  var token = _b.token;
1644
1732
  return __generator(this, function (_c) {
1645
1733
  switch (_c.label) {
1646
- case 0:
1647
- response = fetch("".concat(this.baseUrl, "/client/challenge/sms"), {
1734
+ case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/challenge/sms"), {
1648
1735
  method: "POST",
1649
1736
  headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1650
- });
1651
- return [4 /*yield*/, response];
1652
- case 1: return [2 /*return*/, (_c.sent()).json()];
1737
+ })];
1738
+ case 1:
1739
+ response = _c.sent();
1740
+ return [4 /*yield*/, response.json()];
1741
+ case 2:
1742
+ responseJson = _c.sent();
1743
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1744
+ return [2 /*return*/, responseJson];
1653
1745
  }
1654
1746
  });
1655
1747
  });
1656
1748
  };
1657
1749
  SmsApiClient.prototype.verify = function (_a) {
1658
1750
  return __awaiter(this, arguments, void 0, function (_b) {
1659
- var body, response;
1751
+ var body, response, responseJson;
1660
1752
  var token = _b.token, code = _b.code;
1661
1753
  return __generator(this, function (_c) {
1662
1754
  switch (_c.label) {
1663
1755
  case 0:
1664
1756
  body = { verificationCode: code };
1665
- response = fetch("".concat(this.baseUrl, "/client/verify/sms"), {
1666
- method: "POST",
1667
- headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1668
- body: JSON.stringify(body),
1669
- });
1670
- return [4 /*yield*/, response];
1671
- case 1: return [2 /*return*/, (_c.sent()).json()];
1757
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/verify/sms"), {
1758
+ method: "POST",
1759
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1760
+ body: JSON.stringify(body),
1761
+ })];
1762
+ case 1:
1763
+ response = _c.sent();
1764
+ return [4 /*yield*/, response.json()];
1765
+ case 2:
1766
+ responseJson = _c.sent();
1767
+ handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });
1768
+ return [2 /*return*/, responseJson];
1672
1769
  }
1673
1770
  });
1674
1771
  });
@@ -1678,9 +1775,9 @@ var SmsApiClient = /** @class */ (function () {
1678
1775
 
1679
1776
  var Sms = /** @class */ (function () {
1680
1777
  function Sms(_a) {
1681
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1778
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1682
1779
  this.cache = TokenCache.shared;
1683
- this.api = new SmsApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1780
+ this.api = new SmsApiClient({ baseUrl: baseUrl, tenantId: tenantId, onTokenExpired: onTokenExpired });
1684
1781
  }
1685
1782
  Sms.prototype.enroll = function (_a) {
1686
1783
  return __awaiter(this, arguments, void 0, function (_b) {
@@ -1716,7 +1813,7 @@ var Sms = /** @class */ (function () {
1716
1813
  return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1717
1814
  case 1:
1718
1815
  verifyResponse = _c.sent();
1719
- if (verifyResponse.accessToken) {
1816
+ if ("accessToken" in verifyResponse && verifyResponse.accessToken) {
1720
1817
  this.cache.token = verifyResponse.accessToken;
1721
1818
  }
1722
1819
  return [2 /*return*/, verifyResponse];
@@ -1733,7 +1830,7 @@ var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
1733
1830
  var TMX_ORG_ID = "4a08uqve";
1734
1831
  var Authsignal = /** @class */ (function () {
1735
1832
  function Authsignal(_a) {
1736
- var cookieDomain = _a.cookieDomain, _b = _a.cookieName, cookieName = _b === void 0 ? DEFAULT_COOKIE_NAME : _b, _c = _a.baseUrl, baseUrl = _c === void 0 ? DEFAULT_BASE_URL : _c, tenantId = _a.tenantId;
1833
+ var cookieDomain = _a.cookieDomain, _b = _a.cookieName, cookieName = _b === void 0 ? DEFAULT_COOKIE_NAME : _b, _c = _a.baseUrl, baseUrl = _c === void 0 ? DEFAULT_BASE_URL : _c, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;
1737
1834
  this.anonymousId = "";
1738
1835
  this.profilingId = "";
1739
1836
  this.cookieDomain = "";
@@ -1757,10 +1854,10 @@ var Authsignal = /** @class */ (function () {
1757
1854
  secure: document.location.protocol !== "http:",
1758
1855
  });
1759
1856
  }
1760
- this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId });
1761
- this.totp = new Totp({ tenantId: tenantId, baseUrl: baseUrl });
1762
- this.email = new Email({ tenantId: tenantId, baseUrl: baseUrl });
1763
- this.sms = new Sms({ tenantId: tenantId, baseUrl: baseUrl });
1857
+ this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId, onTokenExpired: onTokenExpired });
1858
+ this.totp = new Totp({ tenantId: tenantId, baseUrl: baseUrl, onTokenExpired: onTokenExpired });
1859
+ this.email = new Email({ tenantId: tenantId, baseUrl: baseUrl, onTokenExpired: onTokenExpired });
1860
+ this.sms = new Sms({ tenantId: tenantId, baseUrl: baseUrl, onTokenExpired: onTokenExpired });
1764
1861
  }
1765
1862
  Authsignal.prototype.setToken = function (token) {
1766
1863
  TokenCache.shared.token = token;
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(t){"use strict";let e;const n=new Uint8Array(16);function o(){if(!e&&(e="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!e))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return e(n)}const i=[];for(let t=0;t<256;++t)i.push((t+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(t,e,n){if(r.randomUUID&&!e&&!t)return r.randomUUID();const a=(t=t||{}).random||(t.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,e){n=n||0;for(let t=0;t<16;++t)e[n+t]=a[t];return e}return function(t,e=0){return(i[t[e+0]]+i[t[e+1]]+i[t[e+2]]+i[t[e+3]]+"-"+i[t[e+4]]+i[t[e+5]]+"-"+i[t[e+6]]+i[t[e+7]]+"-"+i[t[e+8]]+i[t[e+9]]+"-"+i[t[e+10]]+i[t[e+11]]+i[t[e+12]]+i[t[e+13]]+i[t[e+14]]+i[t[e+15]]).toLowerCase()}(a)}function s(t){var e=t.name,n=t.value,o=t.expire,i=t.domain,r=t.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(e)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(t){var e;console.error(null!==(e=t.errorDescription)&&void 0!==e?e:t.error)}function u(t,e,n,o){return new(n||(n=Promise))((function(i,r){function a(t){try{c(o.next(t))}catch(t){r(t)}}function s(t){try{c(o.throw(t))}catch(t){r(t)}}function c(t){var e;t.done?i(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(a,s)}c((o=o.apply(t,e||[])).next())}))}function l(t,e){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=e.call(t,a)}catch(t){r=[6,t],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function h(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,o=e.padEnd(e.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let t=0;t<i.length;t++)a[t]=i.charCodeAt(t);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(t){const{id:e}=t;return{...t,id:d(e),transports:t.transports}}function m(t){return"localhost"===t||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(t)}t.AuthsignalWindowMessage=void 0,(t.AuthsignalWindowMessage||(t.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class y extends Error{constructor({message:t,code:e,cause:n,name:o}){super(t,{cause:n}),this.name=o??n.name,this.code=e}}const w=new class{createNewAbortSignal(){if(this.controller){const t=new Error("Cancelling existing WebAuthn API call for new one");t.name="AbortError",this.controller.abort(t)}const t=new AbortController;return this.controller=t,t.signal}cancelCeremony(){if(this.controller){const t=new Error("Manually cancelling existing WebAuthn API call");t.name="AbortError",this.controller.abort(t),this.controller=void 0}}},g=["cross-platform","platform"];function v(t){if(t&&!(g.indexOf(t)<0))return t}async function b(t){if(!p())throw new Error("WebAuthn is not supported in this browser");const e={publicKey:{...t,challenge:d(t.challenge),user:{...t.user,id:d(t.user.id)},excludeCredentials:t.excludeCredentials?.map(f)}};let n;e.signal=w.createNewAbortSignal();try{n=await navigator.credentials.create(e)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new y({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new y({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new y({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new y({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new y({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new y({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new y({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new y({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new y({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new y({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new y({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:e})}if(!n)throw new Error("Registration was not completed");const{id:o,rawId:i,response:r,type:a}=n;let s,c,u,l;if("function"==typeof r.getTransports&&(s=r.getTransports()),"function"==typeof r.getPublicKeyAlgorithm)try{c=r.getPublicKeyAlgorithm()}catch(t){E("getPublicKeyAlgorithm()",t)}if("function"==typeof r.getPublicKey)try{const t=r.getPublicKey();null!==t&&(u=h(t))}catch(t){E("getPublicKey()",t)}if("function"==typeof r.getAuthenticatorData)try{l=h(r.getAuthenticatorData())}catch(t){E("getAuthenticatorData()",t)}return{id:o,rawId:h(i),response:{attestationObject:h(r.attestationObject),clientDataJSON:h(r.clientDataJSON),transports:s,publicKeyAlgorithm:c,publicKey:u,authenticatorData:l},type:a,clientExtensionResults:n.getClientExtensionResults(),authenticatorAttachment:v(n.authenticatorAttachment)}}function E(t,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${t}. You should report this error to them.\n`,e)}async function k(t,e=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==t.allowCredentials?.length&&(n=t.allowCredentials?.map(f));const o={...t,challenge:d(t.challenge),allowCredentials:n},i={};if(e){if(!await function(){if(!p())return new Promise((t=>t(!1)));const t=window.PublicKeyCredential;return void 0===t.isConditionalMediationAvailable?new Promise((t=>t(!1))):t.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=w.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new y({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new y({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new y({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==e)return new y({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new y({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;return c.userHandle&&(l=h(c.userHandle)),{id:a,rawId:h(s),response:{authenticatorData:h(c.authenticatorData),clientDataJSON:h(c.clientDataJSON),signature:h(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:v(r.authenticatorAttachment)}}function I(t){var e=t.token,n=t.tenantId;return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(n)))}}var A=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.registrationOptions=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.username,i=t.authenticatorAttachment;return l(this,(function(t){switch(t.label){case 0:return e=Boolean(i)?{username:o,authenticatorAttachment:i}:{username:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.authenticationOptions=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.challengeId;return l(this,(function(t){switch(t.label){case 0:return e={challengeId:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.addAuthenticator=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.challengeId,i=t.registrationCredential;return l(this,(function(t){switch(t.label){case 0:return e={challengeId:o,registrationCredential:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.challengeId,i=t.authenticationCredential,r=t.deviceId;return l(this,(function(t){switch(t.label){case 0:return e={challengeId:o,authenticationCredential:i,deviceId:r},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.getPasskeyAuthenticator=function(t){return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(t),{method:"GET",headers:I({tenantId:this.tenantId})})];case 1:if(!(e=n.sent()).ok)throw new Error(e.statusText);return[2,e.json()]}}))}))},t.prototype.challenge=function(t){return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:I({tenantId:this.tenantId}),body:JSON.stringify({action:t})})];case 1:return[2,e.sent().json()]}}))}))},t}(),R=function(){function t(){this.token=null}return t.prototype.handleTokenNotSetError=function(){var t="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(t)),{error:"TOKEN_NOT_SET",errorDescription:t}},t.shared=new t,t}(),S=function(){function t(t){var e=t.baseUrl,n=t.tenantId,o=t.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.cache=R.shared,this.api=new A({baseUrl:e,tenantId:n}),this.anonymousId=o}return t.prototype.signUp=function(t){return u(this,arguments,void 0,(function(t){var e,n,o,i,r,a=t.userName,s=t.userDisplayName,u=t.token,h=t.authenticatorAttachment,d=void 0===h?"platform":h;return l(this,(function(t){switch(t.label){case 0:return(e=null!=u?u:this.cache.token)?(n={username:a,displayName:s,token:e,authenticatorAttachment:d},[4,this.api.registrationOptions(n)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(o=t.sent())?(c(o),[2,o]):[4,b(o.options)];case 2:return i=t.sent(),[4,this.api.addAuthenticator({challengeId:o.challengeId,registrationCredential:i,token:e})];case 3:return"error"in(r=t.sent())?(c(r),[2,r]):(r.isVerified&&this.storeCredentialAgainstDevice(i),r.accessToken&&(this.cache.token=r.accessToken),[2,{token:r.accessToken,registrationResponse:i}])}}))}))},t.prototype.signIn=function(t){return u(this,void 0,void 0,(function(){var e,n,o,i,r,a,s,u,h,d;return l(this,(function(l){switch(l.label){case 0:if((null==t?void 0:t.token)&&t.autofill)throw new Error("autofill is not supported when providing a token");if((null==t?void 0:t.action)&&t.token)throw new Error("action is not supported when providing a token");return(null==t?void 0:t.action)?[4,this.api.challenge(t.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(e=n)&&"error"in e?(c(e),[2,e]):[4,this.api.authenticationOptions({token:null==t?void 0:t.token,challengeId:null==e?void 0:e.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2,o]):[4,k(o.options,null==t?void 0:t.autofill)];case 5:return i=l.sent(),(null==t?void 0:t.onVerificationStarted)&&t.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==t?void 0:t.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2,r]):(r.isVerified&&this.storeCredentialAgainstDevice(i),r.accessToken&&(this.cache.token=r.accessToken),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,h=r.username,d=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:h,userDisplayName:d,authenticationResponse:i}])}}))}))},t.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var t;return l(this,(function(e){switch(e.label){case 0:if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(t)];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},t.prototype.storeCredentialAgainstDevice=function(t){var e=t.id;"cross-platform"!==t.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,e)},t}(),_=function(){function t(){this.windowRef=null}return t.prototype.show=function(t){var e=t.url,n=t.width,o=void 0===n?400:n,i=t.height,r=function(t){var e=t.url,n=t.width,o=t.height,i=t.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(e,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:e,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},t.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},t}();const T=":not([inert]):not([inert] *)",O=':not([tabindex^="-"])',C=":not(:disabled)";var U=[`a[href]${T}${O}`,`area[href]${T}${O}`,`input:not([type="hidden"]):not([type="radio"])${T}${O}${C}`,`input[type="radio"]${T}${O}${C}`,`select${T}${O}${C}`,`textarea${T}${O}${C}`,`button${T}${O}${C}`,`details${T} > summary:first-of-type${O}`,`iframe${T}${O}`,`audio[controls]${T}${O}`,`video[controls]${T}${O}`,`[contenteditable]${T}${O}`,`[tabindex]${T}${O}`];function N(t){(t.querySelector("[autofocus]")||t).focus()}function P(t,e){if(e&&x(t))return t;if(!((n=t).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(t.shadowRoot){let n=$(t.shadowRoot,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}else if("slot"===t.localName){const n=t.assignedElements({flatten:!0});e||n.reverse();for(const t of n){const n=P(t,e);if(n)return n}}else{let n=$(t,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}var n;return!e&&x(t)?t:null}function $(t,e){return e?t.firstElementChild:t.lastElementChild}function D(t,e){return e?t.nextElementSibling:t.previousElementSibling}const x=t=>!t.shadowRoot?.delegatesFocus&&(t.matches(U.join(","))&&!(t=>!(!t.matches("details:not([open]) *")||t.matches("details>summary:first-of-type"))||!(t.offsetWidth||t.offsetHeight||t.getClientRects().length))(t));function L(t=document){const e=t.activeElement;return e?e.shadowRoot?L(e.shadowRoot)||document.activeElement:e:null}function K(t,e){const[n,o]=function(t){const e=P(t,!0);return[e,e?P(t,!1)||e:null]}(t);if(!n)return e.preventDefault();const i=L();e.shiftKey&&i===n?(o.focus(),e.preventDefault()):e.shiftKey||i!==o||(n.focus(),e.preventDefault())}class j{$el;id;previouslyFocused;shown;constructor(t){this.$el=t,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(t){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=L(),"BODY"===this.previouslyFocused?.tagName&&t?.target&&(this.previouslyFocused=t.target),"focus"===t?.type?this.maintainFocus(t):N(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",t)),this}hide(t){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",t),this):this}on(t,e,n){return this.$el.addEventListener(t,e,n),this}off(t,e,n){return this.$el.removeEventListener(t,e,n),this}fire(t,e){this.$el.dispatchEvent(new CustomEvent(t,{detail:e,cancelable:!0}))}handleTriggerClicks(t){const e=t.target;e.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(t),(e.closest(`[data-a11y-dialog-hide="${this.id}"]`)||e.closest("[data-a11y-dialog-hide]")&&e.closest('[aria-modal="true"]')===this.$el)&&this.hide(t)}bindKeypress(t){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let e=!1;try{e=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==t.key||"alertdialog"===this.$el.getAttribute("role")||e||(t.preventDefault(),this.hide(t)),"Tab"===t.key&&K(this.$el,t)}maintainFocus(t){t.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||N(this.$el)}}function H(){for(const t of document.querySelectorAll("[data-a11y-dialog]"))new j(t)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",H):H());var W="__authsignal-popup-container",M="__authsignal-popup-content",q="__authsignal-popup-overlay",F="__authsignal-popup-style",G="__authsignal-popup-iframe",J="385px",V=function(){function t(t){var e=t.width,n=t.isClosable;if(this.popup=null,document.querySelector("#".concat(W)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:e,isClosable:n})}return t.prototype.create=function(t){var e=this,n=t.width,o=void 0===n?J:n,i=t.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=J);var s=document.createElement("div");s.setAttribute("id",W),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",q),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",M),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",F),l.textContent="\n #".concat(W,",\n #").concat(q," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(W," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(W,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(q," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(M," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(M," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new j(s),s.focus(),this.popup.on("hide",(function(){e.destroy()}))},t.prototype.destroy=function(){var t=document.querySelector("#".concat(W)),e=document.querySelector("#".concat(F));t&&e&&(document.body.removeChild(t),document.head.removeChild(e)),window.removeEventListener("message",z)},t.prototype.show=function(t){var e,n=t.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",G),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(M));i&&i.appendChild(o),window.addEventListener("message",z),null===(e=this.popup)||void 0===e||e.show()},t.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},t.prototype.on=function(t,e){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(t,e)},t}();function z(t){var e=document.querySelector("#".concat(G));e&&t.data.height&&(e.style.height=t.data.height+"px")}var B=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){return u(this,arguments,void 0,(function(t){var e=t.token;return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.code;return l(this,(function(t){switch(t.label){case 0:return e={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t}(),Y=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new B({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.code;return l(this,(function(t){switch(t.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=t.sent()).accessToken&&(this.cache.token=e.accessToken),[2,e]}}))}))},t}(),X=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.email;return l(this,(function(t){switch(t.label){case 0:return e={email:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:this.buildHeaders(n),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.challenge=function(t){return u(this,arguments,void 0,(function(t){var e=t.token;return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:this.buildHeaders(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.code;return l(this,(function(t){switch(t.label){case 0:return e={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:this.buildHeaders(n),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.buildHeaders=function(t){return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},t}(),Q=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new X({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){return u(this,arguments,void 0,(function(t){var e=t.email;return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.code;return l(this,(function(t){switch(t.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=t.sent()).accessToken&&(this.cache.token=e.accessToken),[2,e]}}))}))},t}(),Z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.phoneNumber;return l(this,(function(t){switch(t.label){case 0:return e={phoneNumber:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.challenge=function(t){return u(this,arguments,void 0,(function(t){var e=t.token;return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.token,o=t.code;return l(this,(function(t){switch(t.label){case 0:return e={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:I({token:n,tenantId:this.tenantId}),body:JSON.stringify(e)})];case 1:return[2,t.sent().json()]}}))}))},t}(),tt=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new Z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){return u(this,arguments,void 0,(function(t){var e=t.phoneNumber;return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){return u(this,arguments,void 0,(function(t){var e,n=t.code;return l(this,(function(t){switch(t.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=t.sent()).accessToken&&(this.cache.token=e.accessToken),[2,e]}}))}))},t}(),et="4a08uqve",nt=function(){function e(t){var e=t.cookieDomain,n=t.cookieName,o=void 0===n?"__as_aid":n,i=t.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=t.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=e||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new S({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.totp=new Y({tenantId:c,baseUrl:r}),this.email=new Q({tenantId:c,baseUrl:r}),this.sms=new tt({tenantId:c,baseUrl:r})}return e.prototype.setToken=function(t){R.shared.token=t},e.prototype.launch=function(t,e){switch(null==e?void 0:e.mode){case"window":return this.launchWithWindow(t,e);case"popup":return this.launchWithPopup(t,e);default:this.launchWithRedirect(t)}},e.prototype.initAdvancedProfiling=function(t){var e=a();this.profilingId=e,s({name:"__as_pid",value:e,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=t?"".concat(t,"/fp/tags.js?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(et,"&session_id=").concat(e),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=t?"".concat(t,"/fp/tags?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags?org_id=".concat(et,"&session_id=").concat(e);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},e.prototype.launchWithRedirect=function(t){window.location.href=t},e.prototype.launchWithPopup=function(e,n){var o=n.popupOptions,i=new V({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(e,"&mode=popup");return i.show({url:r}),new Promise((function(e){var n=void 0;i.on("hide",(function(){e({token:n})})),window.addEventListener("message",(function(e){var o=null;try{o=JSON.parse(e.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},e.prototype.launchWithWindow=function(e,n){var o=n.windowOptions,i=new _,r="".concat(e,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(e){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),e({token:o.token}))}),!1)}))},e}();return t.Authsignal=nt,Object.defineProperty(t,"__esModule",{value:!0}),t}({});
1
+ var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function s(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const s=(e=e||{}).random||(e.rng||o)();if(s[6]=15&s[6]|64,s[8]=63&s[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=s[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(s)}function a(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,s=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+s+(i?"; domain="+i:"")+(r?"; secure":"")}function c(e){var t;console.error(null!==(t=e.errorDescription)&&void 0!==t?t:e.error)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";var u=function(){return u=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var i in t=arguments[n])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},u.apply(this,arguments)};function l(e,t,n,o){return new(n||(n=Promise))((function(i,r){function s(e){try{c(o.next(e))}catch(e){r(e)}}function a(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(s,a)}c((o=o.apply(e,t||[])).next())}))}function d(e,t){var n,o,i,r,s={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function a(r){return function(a){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;s;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return s.label++,{value:r[1],done:!1};case 5:s.label++,o=r[1],r=[0];continue;case 7:r=s.ops.pop(),s.trys.pop();continue;default:if(!(i=s.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){s=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){s.label=r[1];break}if(6===r[0]&&s.label<i[1]){s.label=i[1],i=r;break}if(i&&s.label<i[2]){s.label=i[2],s.ops.push(r);break}i[2]&&s.ops.pop(),s.trys.pop();continue}r=t.call(e,s)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,a])}}}function h(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function p(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),s=new Uint8Array(r);for(let e=0;e<i.length;e++)s[e]=i.charCodeAt(e);return r}function f(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function m(e){const{id:t}=e;return{...e,id:p(t),transports:e.transports}}function y(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class w extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const g=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},v=["cross-platform","platform"];function b(e){if(e&&!(v.indexOf(e)<0))return e}async function E(e){if(!f())throw new Error("WebAuthn is not supported in this browser");const t={publicKey:{...e,challenge:p(e.challenge),user:{...e.user,id:p(e.user.id)},excludeCredentials:e.excludeCredentials?.map(m)}};let n;t.signal=g.createNewAbortSignal();try{n=await navigator.credentials.create(t)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new w({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new w({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new w({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new w({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new w({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!y(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new w({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new w({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:t})}if(!n)throw new Error("Registration was not completed");const{id:o,rawId:i,response:r,type:s}=n;let a,c,u,l;if("function"==typeof r.getTransports&&(a=r.getTransports()),"function"==typeof r.getPublicKeyAlgorithm)try{c=r.getPublicKeyAlgorithm()}catch(e){k("getPublicKeyAlgorithm()",e)}if("function"==typeof r.getPublicKey)try{const e=r.getPublicKey();null!==e&&(u=h(e))}catch(e){k("getPublicKey()",e)}if("function"==typeof r.getAuthenticatorData)try{l=h(r.getAuthenticatorData())}catch(e){k("getAuthenticatorData()",e)}return{id:o,rawId:h(i),response:{attestationObject:h(r.attestationObject),clientDataJSON:h(r.clientDataJSON),transports:a,publicKeyAlgorithm:c,publicKey:u,authenticatorData:l},type:s,clientExtensionResults:n.getClientExtensionResults(),authenticatorAttachment:b(n.authenticatorAttachment)}}function k(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function I(e,t=!1){if(!f())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(m));const o={...e,challenge:p(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){if(!f())return new Promise((e=>e(!1)));const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=g.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!y(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new w({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:s,rawId:a,response:c,type:u}=r;let l;return c.userHandle&&(l=h(c.userHandle)),{id:s,rawId:h(a),response:{authenticatorData:h(c.authenticatorData),clientDataJSON:h(c.clientDataJSON),signature:h(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:b(r.authenticatorAttachment)}}function T(e){var t=e.token,n=e.tenantId;return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(n)))}}function A(e){var t=e.response,n=e.onTokenExpired;"error"in t&&"token_expired"===t.errorCode&&n&&n()}var R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.registrationOptions=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.username,r=e.authenticatorAttachment;return d(this,(function(e){switch(e.label){case 0:return t=Boolean(r)?{username:i,authenticatorAttachment:r}:{username:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.authenticationOptions=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.challengeId;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.addAuthenticator=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.challengeId,r=e.registrationCredential;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:i,registrationCredential:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.challengeId,r=e.authenticationCredential,s=e.deviceId;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:i,authenticationCredential:r,deviceId:s},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.credentialIds;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialIds=").concat(n),{method:"GET",headers:T({tenantId:this.tenantId})})];case 1:if(!(t=e.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return l(this,void 0,void 0,(function(){var t;return d(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:T({tenantId:this.tenantId}),body:JSON.stringify({action:e})})];case 1:return[4,n.sent().json()];case 2:return A({response:t=n.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e}(),S=function(){function e(){this.token=null}return e.prototype.handleTokenNotSetError=function(){var e="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(e)),{error:"TOKEN_NOT_SET",errorDescription:e}},e.shared=new e,e}(),_=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId,i=e.onTokenExpired;this.passkeyLocalStorageKey="as_user_passkey_map",this.cache=S.shared,this.api=new R({baseUrl:t,tenantId:n,onTokenExpired:i}),this.anonymousId=o}return e.prototype.signUp=function(e){return l(this,arguments,void 0,(function(e){var t,n,o,i,r,s=e.userName,a=e.userDisplayName,l=e.token,h=e.authenticatorAttachment,p=void 0===h?"platform":h;return d(this,(function(e){switch(e.label){case 0:return(t=null!=l?l:this.cache.token)?(n={username:s,displayName:a,token:t,authenticatorAttachment:p},[4,this.api.registrationOptions(n)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(o=e.sent())?(c(o),[2,o]):[4,E(o.options)];case 2:return i=e.sent(),[4,this.api.addAuthenticator({challengeId:o.challengeId,registrationCredential:i,token:t})];case 3:return"error"in(r=e.sent())?(c(r),[2,r]):(r.isVerified&&this.storeCredentialAgainstDevice(u(u({},i),{userId:r.userId})),r.accessToken&&(this.cache.token=r.accessToken),[2,{token:r.accessToken,registrationResponse:i}])}}))}))},e.prototype.signIn=function(e){return l(this,void 0,void 0,(function(){var t,n,o,i,r,s,a,l,h,p;return d(this,(function(d){switch(d.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=d.sent(),[3,3];case 2:n=null,d.label=3;case 3:return(t=n)&&"error"in t?(c(t),[2,t]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:return"error"in(o=d.sent())?(c(o),[2,o]):[4,I(o.options,null==e?void 0:e.autofill)];case 5:return i=d.sent(),(null==e?void 0:e.onVerificationStarted)&&e.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return"error"in(r=d.sent())?(c(r),[2,r]):(r.isVerified&&this.storeCredentialAgainstDevice(u(u({},i),{userId:r.userId})),r.accessToken&&(this.cache.token=r.accessToken),s=r.accessToken,a=r.userId,l=r.userAuthenticatorId,h=r.username,p=r.userDisplayName,[2,{isVerified:r.isVerified,token:s,userId:a,userAuthenticatorId:l,userName:h,userDisplayName:p,authenticationResponse:i}])}}))}))},e.prototype.isAvailableOnDevice=function(e){return l(this,arguments,void 0,(function(e){var t,n,o,i,r=e.userId;return d(this,(function(e){switch(e.label){case 0:if(!r)throw new Error("userId is required");if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];if(n=JSON.parse(t),0===(o=null!==(i=n[r])&&void 0!==i?i:[]).length)return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator({credentialIds:o})];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id,n=e.authenticatorAttachment,o=e.userId,i=void 0===o?"":o;if("cross-platform"!==n){var r=localStorage.getItem(this.passkeyLocalStorageKey),s=r?JSON.parse(r):{};s[i]?s[i].includes(t)||s[i].push(t):s[i]=[t],localStorage.setItem(this.passkeyLocalStorageKey,JSON.stringify(s))}},e}(),O=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,s=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(s))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const x=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',N=":not(:disabled)";var U=[`a[href]${x}${C}`,`area[href]${x}${C}`,`input:not([type="hidden"]):not([type="radio"])${x}${C}${N}`,`input[type="radio"]${x}${C}${N}`,`select${x}${C}${N}`,`textarea${x}${C}${N}`,`button${x}${C}${N}`,`details${x} > summary:first-of-type${C}`,`iframe${x}${C}`,`audio[controls]${x}${C}`,`video[controls]${x}${C}`,`[contenteditable]${x}${C}`,`[tabindex]${x}${C}`];function P(e){(e.querySelector("[autofocus]")||e).focus()}function $(e,t){if(t&&K(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=D(e.shadowRoot,t);for(;n;){const e=$(n,t);if(e)return e;n=L(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=$(e,t);if(n)return n}}else{let n=D(e,t);for(;n;){const e=$(n,t);if(e)return e;n=L(n,t)}}var n;return!t&&K(e)?e:null}function D(e,t){return t?e.firstElementChild:e.lastElementChild}function L(e,t){return t?e.nextElementSibling:e.previousElementSibling}const K=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(U.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function j(e=document){const t=e.activeElement;return t?t.shadowRoot?j(t.shadowRoot)||document.activeElement:t:null}function W(e,t){const[n,o]=function(e){const t=$(e,!0);return[t,t?$(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=j();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class M{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=j(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):P(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&W(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||P(this.$el)}}function H(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new M(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",H):H());var J="__authsignal-popup-container",q="__authsignal-popup-content",V="__authsignal-popup-overlay",F="__authsignal-popup-style",G="__authsignal-popup-iframe",z="385px",B=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(J)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?z:n,i=e.isClosable,r=void 0===i||i,s=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),s=z);var a=document.createElement("div");a.setAttribute("id",J),a.setAttribute("aria-hidden","true"),r||a.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",V),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",q),document.body.appendChild(a);var l=document.createElement("style");l.setAttribute("id",F),l.textContent="\n #".concat(J,",\n #").concat(V," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(J," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(J,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(V," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(q," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(s,";\n }\n\n #").concat(q," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),a.appendChild(c),a.appendChild(u),this.popup=new M(a),a.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(J)),t=document.querySelector("#".concat(F));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",Y)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",G),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(q));i&&i.appendChild(o),window.addEventListener("message",Y),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function Y(e){var t=document.querySelector("#".concat(G));t&&e.data.height&&(t.style.height=e.data.height+"px")}var X=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:T({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return A({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:i},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),Q=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=S.shared,this.api=new X({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(){return l(this,void 0,void 0,(function(){return d(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,t]}}))}))},e}(),Z=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.email;return d(this,(function(e){switch(e.label){case 0:return t={email:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:T({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return A({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:i},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ee=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=S.shared,this.api=new Z({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(e){return l(this,arguments,void 0,(function(e){var t=e.email;return d(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.challenge=function(){return l(this,void 0,void 0,(function(){return d(this,(function(e){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,t]}}))}))},e}(),te=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.phoneNumber;return d(this,(function(e){switch(e.label){case 0:return t={phoneNumber:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:T({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return A({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n,o=e.token,i=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:i},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:T({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return A({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ne=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=S.shared,this.api=new te({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(e){return l(this,arguments,void 0,(function(e){var t=e.phoneNumber;return d(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:t})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.challenge=function(){return l(this,void 0,void 0,(function(){return d(this,(function(e){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){return l(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,t]}}))}))},e}(),oe="4a08uqve",ie=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId,u=e.onTokenExpired;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var l,d=(l=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(l).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;d?this.anonymousId=d:(this.anonymousId=s(),a({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new _({tenantId:c,baseUrl:r,anonymousId:this.anonymousId,onTokenExpired:u}),this.totp=new Q({tenantId:c,baseUrl:r,onTokenExpired:u}),this.email=new ee({tenantId:c,baseUrl:r,onTokenExpired:u}),this.sms=new ne({tenantId:c,baseUrl:r,onTokenExpired:u})}return t.prototype.setToken=function(e){S.shared.token=e},t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=s();this.profilingId=t,a({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(oe,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(oe,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(oe,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(oe,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=n.popupOptions,i=new B({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(t,"&mode=popup");return i.show({url:r}),new Promise((function(t){var n=void 0;i.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var o=null;try{o=JSON.parse(t.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=n.windowOptions,i=new O,r="".concat(t,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),t({token:o.token}))}),!1)}))},t}();return e.Authsignal=ie,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
package/dist/passkey.d.ts CHANGED
@@ -5,6 +5,7 @@ type PasskeyOptions = {
5
5
  baseUrl: string;
6
6
  tenantId: string;
7
7
  anonymousId: string;
8
+ onTokenExpired?: () => void;
8
9
  };
9
10
  type SignUpParams = {
10
11
  userName?: string;
@@ -23,6 +24,7 @@ type SignInParams = {
23
24
  onVerificationStarted?: () => unknown;
24
25
  };
25
26
  type SignInResponse = {
27
+ isVerified: boolean;
26
28
  token?: string;
27
29
  userId?: string;
28
30
  userAuthenticatorId?: string;
@@ -35,10 +37,12 @@ export declare class Passkey {
35
37
  private passkeyLocalStorageKey;
36
38
  private anonymousId;
37
39
  private cache;
38
- constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
40
+ constructor({ baseUrl, tenantId, anonymousId, onTokenExpired }: PasskeyOptions);
39
41
  signUp({ userName, userDisplayName, token, authenticatorAttachment, }: SignUpParams): Promise<AuthsignalResponse<SignUpResponse>>;
40
42
  signIn(params?: SignInParams): Promise<AuthsignalResponse<SignInResponse>>;
41
- isAvailableOnDevice(): Promise<boolean>;
43
+ isAvailableOnDevice({ userId }: {
44
+ userId: string;
45
+ }): Promise<boolean>;
42
46
  private storeCredentialAgainstDevice;
43
47
  }
44
48
  export {};
package/dist/sms.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
2
1
  type SmsOptions = {
3
2
  baseUrl: string;
4
3
  tenantId: string;
4
+ onTokenExpired?: () => void;
5
5
  };
6
6
  type EnrollParams = {
7
7
  phoneNumber: string;
@@ -12,9 +12,9 @@ type VerifyParams = {
12
12
  export declare class Sms {
13
13
  private api;
14
14
  private cache;
15
- constructor({ baseUrl, tenantId }: SmsOptions);
16
- enroll({ phoneNumber }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
17
- challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
18
- verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
15
+ constructor({ baseUrl, tenantId, onTokenExpired }: SmsOptions);
16
+ enroll({ phoneNumber }: EnrollParams): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").EnrollResponse>>;
17
+ challenge(): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").ChallengeResponse>>;
18
+ verify({ code }: VerifyParams): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").VerifyResponse>>;
19
19
  }
20
20
  export {};
package/dist/totp.d.ts CHANGED
@@ -1,8 +1,7 @@
1
- import { AuthsignalResponse, VerifyResponse } from "./api/types/shared";
2
- import { EnrollResponse } from "./api/types/totp";
3
1
  type TotpOptions = {
4
2
  baseUrl: string;
5
3
  tenantId: string;
4
+ onTokenExpired?: () => void;
6
5
  };
7
6
  type VerifyParams = {
8
7
  code: string;
@@ -10,8 +9,8 @@ type VerifyParams = {
10
9
  export declare class Totp {
11
10
  private api;
12
11
  private cache;
13
- constructor({ baseUrl, tenantId }: TotpOptions);
14
- enroll(): Promise<AuthsignalResponse<EnrollResponse>>;
15
- verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
12
+ constructor({ baseUrl, tenantId, onTokenExpired }: TotpOptions);
13
+ enroll(): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/totp").EnrollResponse>>;
14
+ verify({ code }: VerifyParams): Promise<import("./api/types/shared").AuthsignalResponse<import("./api/types/shared").VerifyResponse>>;
16
15
  }
17
16
  export {};
package/dist/types.d.ts CHANGED
@@ -52,6 +52,7 @@ export type AuthsignalOptions = {
52
52
  cookieName?: string;
53
53
  baseUrl?: string;
54
54
  tenantId: string;
55
+ onTokenExpired?: () => void;
55
56
  };
56
57
  export declare enum AuthsignalWindowMessage {
57
58
  AUTHSIGNAL_CLOSE_POPUP = "AUTHSIGNAL_CLOSE_POPUP"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "0.5.11",
3
+ "version": "0.6.1",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",