@authsignal/browser 0.5.2-alpha → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/api/passkey-api-client.d.ts +7 -7
  2. package/dist/api/types.d.ts +9 -0
  3. package/dist/authsignal.d.ts +0 -3
  4. package/dist/helpers.d.ts +5 -3
  5. package/dist/index.js +82 -133
  6. package/dist/index.min.js +1 -1
  7. package/dist/passkey.d.ts +19 -19
  8. package/package.json +1 -1
  9. package/dist/api/authsignal-api-client.d.ts +0 -21
  10. package/dist/kiosk.d.ts +0 -16
package/dist/api/passkey-api-client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
1
+ import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, AuthsignalResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
2
2
  declare type PasskeyApiClientOptions = {
3
3
  baseUrl: string;
4
4
  tenantId: string;
@@ -9,18 +9,18 @@ export declare class PasskeyApiClient {
9
9
  constructor({ baseUrl, tenantId }: PasskeyApiClientOptions);
10
10
  registrationOptions({ token, username, authenticatorAttachment, }: {
11
11
  token: string;
12
- } & RegistrationOptsRequest): Promise<RegistrationOptsResponse>;
12
+ } & RegistrationOptsRequest): Promise<AuthsignalResponse<RegistrationOptsResponse>>;
13
13
  authenticationOptions({ token, challengeId, }: {
14
14
  token?: string;
15
- } & AuthenticationOptsRequest): Promise<AuthenticationOptsResponse>;
15
+ } & AuthenticationOptsRequest): Promise<AuthsignalResponse<AuthenticationOptsResponse>>;
16
16
  addAuthenticator({ token, challengeId, registrationCredential, }: {
17
17
  token: string;
18
- } & AddAuthenticatorRequest): Promise<AddAuthenticatorResponse>;
18
+ } & AddAuthenticatorRequest): Promise<AuthsignalResponse<AddAuthenticatorResponse>>;
19
19
  verify({ token, challengeId, authenticationCredential, deviceId, }: {
20
20
  token?: string;
21
- } & VerifyRequest): Promise<VerifyResponse>;
22
- getPasskeyAuthenticator(credentialId: string): Promise<PasskeyAuthenticatorResponse>;
23
- challenge(action: string): Promise<ChallengeResponse>;
21
+ } & VerifyRequest): Promise<AuthsignalResponse<VerifyResponse>>;
22
+ getPasskeyAuthenticator(credentialId: string): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
23
+ challenge(action: string): Promise<AuthsignalResponse<ChallengeResponse>>;
24
24
  private buildHeaders;
25
25
  }
26
26
  export {};
package/dist/api/types.d.ts CHANGED
@@ -31,6 +31,10 @@ export declare type VerifyRequest = {
31
31
  export declare type VerifyResponse = {
32
32
  isVerified: boolean;
33
33
  accessToken?: string;
34
+ userId?: string;
35
+ userAuthenticatorId?: string;
36
+ username?: string;
37
+ userDisplayName?: string;
34
38
  };
35
39
  export declare type PasskeyAuthenticatorResponse = {
36
40
  credentialId: string;
@@ -39,3 +43,8 @@ export declare type PasskeyAuthenticatorResponse = {
39
43
  export declare type ChallengeResponse = {
40
44
  challengeId: string;
41
45
  };
46
+ export declare type ErrorResponse = {
47
+ error: string;
48
+ errorDescription?: string;
49
+ };
50
+ export declare type AuthsignalResponse<T> = T | ErrorResponse;
package/dist/authsignal.d.ts CHANGED
@@ -1,14 +1,11 @@
1
1
  import { AuthsignalOptions, LaunchOptions, TokenPayload } from "./types";
2
2
  import { Passkey } from "./passkey";
3
- import { Kiosk } from "./kiosk";
4
3
  export declare class Authsignal {
5
4
  anonymousId: string;
6
5
  profilingId: string;
7
6
  cookieDomain: string;
8
7
  anonymousIdCookieName: string;
9
8
  passkey: Passkey;
10
- kiosk: Kiosk;
11
- private _token;
12
9
  constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
13
10
  launch(url: string, options?: {
14
11
  mode?: "redirect";
package/dist/helpers.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { ErrorResponse } from "./api/types";
1
2
  declare type CookieOptions = {
2
3
  name: string;
3
4
  value: string;
@@ -5,7 +6,8 @@ declare type CookieOptions = {
5
6
  domain: string;
6
7
  secure: boolean;
7
8
  };
8
- export declare const setCookie: ({ name, value, expire, domain, secure }: CookieOptions) => void;
9
- export declare const getCookieDomain: () => string;
10
- export declare const getCookie: (name: string) => string | null;
9
+ export declare function setCookie({ name, value, expire, domain, secure }: CookieOptions): void;
10
+ export declare function getCookieDomain(): string;
11
+ export declare function getCookie(name: string): string | null;
12
+ export declare function logErrorResponse(errorResponse: ErrorResponse): void;
11
13
  export {};
package/dist/index.js CHANGED
@@ -63,7 +63,7 @@ function v4(options, buf, offset) {
63
63
  return unsafeStringify(rnds);
64
64
  }
65
65
 
66
- var setCookie = function (_a) {
66
+ function setCookie(_a) {
67
67
  var name = _a.name, value = _a.value, expire = _a.expire, domain = _a.domain, secure = _a.secure;
68
68
  var expireString = expire === Infinity ? " expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + expire;
69
69
  document.cookie =
@@ -74,16 +74,20 @@ var setCookie = function (_a) {
74
74
  expireString +
75
75
  (domain ? "; domain=" + domain : "") +
76
76
  (secure ? "; secure" : "");
77
- };
78
- var getCookieDomain = function () {
77
+ }
78
+ function getCookieDomain() {
79
79
  return document.location.hostname.replace("www.", "");
80
- };
81
- var getCookie = function (name) {
80
+ }
81
+ function getCookie(name) {
82
82
  if (!name) {
83
83
  return null;
84
84
  }
85
85
  return (decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*" + encodeURIComponent(name).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*([^;]*).*$)|^.*$"), "$1")) || null);
86
- };
86
+ }
87
+ function logErrorResponse(errorResponse) {
88
+ var _a;
89
+ console.error((_a = errorResponse.errorDescription) !== null && _a !== void 0 ? _a : errorResponse.error);
90
+ }
87
91
 
88
92
  var AuthsignalWindowMessage;
89
93
  (function (AuthsignalWindowMessage) {
@@ -559,17 +563,13 @@ var PasskeyApiClient = /** @class */ (function () {
559
563
  switch (_b.label) {
560
564
  case 0:
561
565
  body = { challengeId: challengeId };
562
- return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
563
- method: "POST",
564
- headers: this.buildHeaders(token),
565
- body: JSON.stringify(body)
566
- })];
567
- case 1:
568
- response = _b.sent();
569
- if (!response.ok) {
570
- throw new Error(response.statusText);
571
- }
572
- return [2 /*return*/, response.json()];
566
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
567
+ method: "POST",
568
+ headers: this.buildHeaders(token),
569
+ body: JSON.stringify(body)
570
+ });
571
+ return [4 /*yield*/, response];
572
+ case 1: return [2 /*return*/, (_b.sent()).json()];
573
573
  }
574
574
  });
575
575
  });
@@ -669,14 +669,25 @@ var Passkey = /** @class */ (function () {
669
669
  this.anonymousId = anonymousId;
670
670
  }
671
671
  Passkey.prototype.signUp = function (_a) {
672
- var userName = _a.userName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
672
+ var userName = _a.userName, userDisplayName = _a.userDisplayName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
673
673
  return __awaiter(this, void 0, void 0, function () {
674
- var optionsResponse, registrationResponse, addAuthenticatorResponse;
674
+ var optionsInput, optionsResponse, registrationResponse, addAuthenticatorResponse;
675
675
  return __generator(this, function (_c) {
676
676
  switch (_c.label) {
677
- case 0: return [4 /*yield*/, this.api.registrationOptions({ username: userName, token: token, authenticatorAttachment: authenticatorAttachment })];
677
+ case 0:
678
+ optionsInput = {
679
+ username: userName,
680
+ displayName: userDisplayName,
681
+ token: token,
682
+ authenticatorAttachment: authenticatorAttachment
683
+ };
684
+ return [4 /*yield*/, this.api.registrationOptions(optionsInput)];
678
685
  case 1:
679
686
  optionsResponse = _c.sent();
687
+ if ("error" in optionsResponse) {
688
+ logErrorResponse(optionsResponse);
689
+ return [2 /*return*/];
690
+ }
680
691
  return [4 /*yield*/, startRegistration(optionsResponse.options)];
681
692
  case 2:
682
693
  registrationResponse = _c.sent();
@@ -687,20 +698,25 @@ var Passkey = /** @class */ (function () {
687
698
  })];
688
699
  case 3:
689
700
  addAuthenticatorResponse = _c.sent();
690
- if (addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.isVerified) {
701
+ if ("error" in addAuthenticatorResponse) {
702
+ logErrorResponse(addAuthenticatorResponse);
703
+ return [2 /*return*/];
704
+ }
705
+ if (addAuthenticatorResponse.isVerified) {
691
706
  this.storeCredentialAgainstDevice(registrationResponse);
692
707
  }
693
- return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
708
+ return [2 /*return*/, {
709
+ token: addAuthenticatorResponse.accessToken
710
+ }];
694
711
  }
695
712
  });
696
713
  });
697
714
  };
698
715
  Passkey.prototype.signIn = function (params) {
699
- var _a;
700
716
  return __awaiter(this, void 0, void 0, function () {
701
- var challengeResponse, _b, optionsResponse, authenticationResponse, verifyResponse;
702
- return __generator(this, function (_c) {
703
- switch (_c.label) {
717
+ var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName;
718
+ return __generator(this, function (_b) {
719
+ switch (_b.label) {
704
720
  case 0:
705
721
  if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
706
722
  throw new Error("autofill is not supported when providing a token");
@@ -708,31 +724,36 @@ var Passkey = /** @class */ (function () {
708
724
  if ((params === null || params === void 0 ? void 0 : params.action) && params.token) {
709
725
  throw new Error("action is not supported when providing a token");
710
726
  }
711
- if ((params === null || params === void 0 ? void 0 : params.action) && (params === null || params === void 0 ? void 0 : params.challengeId)) {
712
- throw new Error("action is not supported when providing a challengeId");
713
- }
714
- if ((params === null || params === void 0 ? void 0 : params.challengeId) && params.token) {
715
- throw new Error("challengeId is not supported when providing a token");
716
- }
717
727
  if (!(params === null || params === void 0 ? void 0 : params.action)) return [3 /*break*/, 2];
718
728
  return [4 /*yield*/, this.api.challenge(params.action)];
719
729
  case 1:
720
- _b = _c.sent();
730
+ _a = _b.sent();
721
731
  return [3 /*break*/, 3];
722
732
  case 2:
723
- _b = null;
724
- _c.label = 3;
733
+ _a = null;
734
+ _b.label = 3;
725
735
  case 3:
726
- challengeResponse = _b;
736
+ challengeResponse = _a;
737
+ if (challengeResponse && "error" in challengeResponse) {
738
+ logErrorResponse(challengeResponse);
739
+ return [2 /*return*/];
740
+ }
727
741
  return [4 /*yield*/, this.api.authenticationOptions({
728
742
  token: params === null || params === void 0 ? void 0 : params.token,
729
- challengeId: (_a = challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId) !== null && _a !== void 0 ? _a : params === null || params === void 0 ? void 0 : params.challengeId
743
+ challengeId: challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId
730
744
  })];
731
745
  case 4:
732
- optionsResponse = _c.sent();
746
+ optionsResponse = _b.sent();
747
+ if ("error" in optionsResponse) {
748
+ logErrorResponse(optionsResponse);
749
+ return [2 /*return*/];
750
+ }
733
751
  return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
734
752
  case 5:
735
- authenticationResponse = _c.sent();
753
+ authenticationResponse = _b.sent();
754
+ if (params === null || params === void 0 ? void 0 : params.onVerificationStarted) {
755
+ params.onVerificationStarted();
756
+ }
736
757
  return [4 /*yield*/, this.api.verify({
737
758
  challengeId: optionsResponse.challengeId,
738
759
  authenticationCredential: authenticationResponse,
@@ -740,11 +761,22 @@ var Passkey = /** @class */ (function () {
740
761
  deviceId: this.anonymousId
741
762
  })];
742
763
  case 6:
743
- verifyResponse = _c.sent();
744
- if (verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.isVerified) {
764
+ verifyResponse = _b.sent();
765
+ if ("error" in verifyResponse) {
766
+ logErrorResponse(verifyResponse);
767
+ return [2 /*return*/];
768
+ }
769
+ if (verifyResponse.isVerified) {
745
770
  this.storeCredentialAgainstDevice(authenticationResponse);
746
771
  }
747
- return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
772
+ token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName;
773
+ return [2 /*return*/, {
774
+ token: token,
775
+ userId: userId,
776
+ userAuthenticatorId: userAuthenticatorId,
777
+ userName: userName,
778
+ userDisplayName: userDisplayName
779
+ }];
748
780
  }
749
781
  });
750
782
  });
@@ -1287,6 +1319,10 @@ var PopupHandler = /** @class */ (function () {
1287
1319
  container.appendChild(overlay);
1288
1320
  container.appendChild(content);
1289
1321
  this.popup = new A11yDialog(container);
1322
+ // Safari and Firefox will fail the WebAuthn request if the document making
1323
+ // the request does not have focus. This will reduce the chances of that
1324
+ // happening by focusing on the dialog container.
1325
+ container.focus();
1290
1326
  // Make sure to remove any trace of the dialog on hide
1291
1327
  this.popup.on("hide", function () {
1292
1328
  _this.destroy();
@@ -1342,89 +1378,6 @@ function resizeIframe(event) {
1342
1378
  }
1343
1379
  }
1344
1380
 
1345
- var AuthsignalApiClient = /** @class */ (function () {
1346
- function AuthsignalApiClient(_a) {
1347
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1348
- this.tenantId = tenantId;
1349
- this.baseUrl = baseUrl;
1350
- }
1351
- AuthsignalApiClient.prototype.challenge = function (action) {
1352
- return __awaiter(this, void 0, void 0, function () {
1353
- var response;
1354
- return __generator(this, function (_a) {
1355
- switch (_a.label) {
1356
- case 0:
1357
- response = fetch("".concat(this.baseUrl, "/client/challenge"), {
1358
- method: "POST",
1359
- headers: this.buildHeaders(),
1360
- body: JSON.stringify({ action: action })
1361
- });
1362
- return [4 /*yield*/, response];
1363
- case 1: return [2 /*return*/, (_a.sent()).json()];
1364
- }
1365
- });
1366
- });
1367
- };
1368
- AuthsignalApiClient.prototype.verify = function (_a) {
1369
- var challengeId = _a.challengeId;
1370
- return __awaiter(this, void 0, void 0, function () {
1371
- var body, response;
1372
- return __generator(this, function (_b) {
1373
- switch (_b.label) {
1374
- case 0:
1375
- body = { challengeId: challengeId };
1376
- response = fetch("".concat(this.baseUrl, "/client/verify"), {
1377
- method: "POST",
1378
- headers: this.buildHeaders(),
1379
- body: JSON.stringify(body)
1380
- });
1381
- return [4 /*yield*/, response];
1382
- case 1: return [2 /*return*/, (_b.sent()).json()];
1383
- }
1384
- });
1385
- });
1386
- };
1387
- AuthsignalApiClient.prototype.buildHeaders = function (token) {
1388
- var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1389
- return {
1390
- "Content-Type": "application/json",
1391
- Authorization: authorizationHeader
1392
- };
1393
- };
1394
- return AuthsignalApiClient;
1395
- }());
1396
-
1397
- var Kiosk = /** @class */ (function () {
1398
- function Kiosk(_a) {
1399
- var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1400
- this.api = new AuthsignalApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1401
- }
1402
- Kiosk.prototype.challenge = function (params) {
1403
- return __awaiter(this, void 0, void 0, function () {
1404
- var result;
1405
- return __generator(this, function (_a) {
1406
- switch (_a.label) {
1407
- case 0: return [4 /*yield*/, this.api.challenge(params.action)];
1408
- case 1:
1409
- result = _a.sent();
1410
- return [2 /*return*/, result.challengeId];
1411
- }
1412
- });
1413
- });
1414
- };
1415
- Kiosk.prototype.verify = function (params) {
1416
- return __awaiter(this, void 0, void 0, function () {
1417
- return __generator(this, function (_a) {
1418
- switch (_a.label) {
1419
- case 0: return [4 /*yield*/, this.api.verify({ challengeId: params.challengeId })];
1420
- case 1: return [2 /*return*/, _a.sent()];
1421
- }
1422
- });
1423
- });
1424
- };
1425
- return Kiosk;
1426
- }());
1427
-
1428
1381
  var DEFAULT_COOKIE_NAME = "__as_aid";
1429
1382
  var DEFAULT_PROFILING_COOKIE_NAME = "__as_pid";
1430
1383
  var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
@@ -1436,7 +1389,6 @@ var Authsignal = /** @class */ (function () {
1436
1389
  this.profilingId = "";
1437
1390
  this.cookieDomain = "";
1438
1391
  this.anonymousIdCookieName = "";
1439
- this._token = undefined;
1440
1392
  this.cookieDomain = cookieDomain || getCookieDomain();
1441
1393
  this.anonymousIdCookieName = cookieName;
1442
1394
  if (!tenantId) {
@@ -1457,7 +1409,6 @@ var Authsignal = /** @class */ (function () {
1457
1409
  });
1458
1410
  }
1459
1411
  this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId });
1460
- this.kiosk = new Kiosk({ baseUrl: baseUrl, tenantId: tenantId });
1461
1412
  }
1462
1413
  Authsignal.prototype.launch = function (url, options) {
1463
1414
  switch (options === null || options === void 0 ? void 0 : options.mode) {
@@ -1508,12 +1459,12 @@ var Authsignal = /** @class */ (function () {
1508
1459
  window.location.href = url;
1509
1460
  };
1510
1461
  Authsignal.prototype.launchWithPopup = function (url, options) {
1511
- var _this = this;
1512
1462
  var popupOptions = options.popupOptions;
1513
1463
  var popupHandler = new PopupHandler({ width: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.width, isClosable: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.isClosable });
1514
1464
  var popupUrl = "".concat(url, "&mode=popup");
1515
1465
  popupHandler.show({ url: popupUrl });
1516
1466
  return new Promise(function (resolve) {
1467
+ var token = undefined;
1517
1468
  var onMessage = function (event) {
1518
1469
  var data = null;
1519
1470
  try {
@@ -1523,18 +1474,17 @@ var Authsignal = /** @class */ (function () {
1523
1474
  // Ignore if the event data is not valid JSON
1524
1475
  }
1525
1476
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1526
- _this._token = data.token;
1477
+ token = data.token;
1527
1478
  popupHandler.close();
1528
1479
  }
1529
1480
  };
1530
1481
  popupHandler.on("hide", function () {
1531
- resolve({ token: _this._token });
1482
+ resolve({ token: token });
1532
1483
  });
1533
1484
  window.addEventListener("message", onMessage, false);
1534
1485
  });
1535
1486
  };
1536
1487
  Authsignal.prototype.launchWithWindow = function (url, options) {
1537
- var _this = this;
1538
1488
  var windowOptions = options.windowOptions;
1539
1489
  var windowHandler = new WindowHandler();
1540
1490
  var windowUrl = "".concat(url, "&mode=popup");
@@ -1549,9 +1499,8 @@ var Authsignal = /** @class */ (function () {
1549
1499
  // Ignore if the event data is not valid JSON
1550
1500
  }
1551
1501
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1552
- _this._token = data.token;
1553
1502
  windowHandler.close();
1554
- resolve({ token: _this._token });
1503
+ resolve({ token: data.token });
1555
1504
  }
1556
1505
  };
1557
1506
  window.addEventListener("message", onMessage, false);
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function i(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const o=[];for(let e=0;e<256;++e)o.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||i)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(o[e[t+0]]+o[e[t+1]]+o[e[t+2]]+o[e[t+3]]+"-"+o[e[t+4]]+o[e[t+5]]+"-"+o[e[t+6]]+o[e[t+7]]+"-"+o[e[t+8]]+o[e[t+9]]+"-"+o[e[t+10]]+o[e[t+11]]+o[e[t+12]]+o[e[t+13]]+o[e[t+14]]+o[e[t+15]]).toLowerCase()}(a)}var s=function(e){var t=e.name,n=e.value,i=e.expire,o=e.domain,r=e.secure,a=i===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+i;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(o?"; domain="+o:"")+(r?"; secure":"")};function c(e,t,n,i){return new(n||(n=Promise))((function(o,r){function a(e){try{c(i.next(e))}catch(e){r(e)}}function s(e){try{c(i.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((i=i.apply(e,t||[])).next())}))}function u(e,t){var n,i,o,r,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,i&&(o=2&r[0]?i.return:r[0]?i.throw||((o=i.return)&&o.call(i),0):i.next)&&!(o=o.call(i,r[1])).done)return o;switch(i=0,o&&(r=[2&r[0],o.value]),r[0]){case 0:case 1:o=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,i=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!o||r[1]>o[0]&&r[1]<o[3])){a.label=r[1];break}if(6===r[0]&&a.label<o[1]){a.label=o[1],o=r;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(r);break}o[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],i=0}finally{n=o=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function l(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,i=t.padEnd(t.length+n,"="),o=atob(i),r=new ArrayBuffer(o.length),a=new Uint8Array(r);for(let e=0;e<o.length;e++)a[e]=o.charCodeAt(e);return r}function h(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function p(e){const{id:t}=e;return{...e,id:d(t),transports:e.transports}}function f(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class w extends Error{constructor({message:e,code:t,cause:n,name:i}){super(e,{cause:n}),this.name=i??n.name,this.code=t}}const m=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},g=["cross-platform","platform"];function y(e){if(e&&!(g.indexOf(e)<0))return e}async function v(e){if(!h())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:d(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(p)}};let i;n.signal=m.createNewAbortSignal();try{i=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new w({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new w({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new w({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new w({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new w({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new w({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new w({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!i)throw new Error("Registration was not completed");const{id:o,rawId:r,response:a,type:s}=i;let c,u,g,v;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){b("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(g=l(e))}catch(e){b("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{v=l(a.getAuthenticatorData())}catch(e){b("getAuthenticatorData()",e)}return{id:o,rawId:l(r),response:{attestationObject:l(a.attestationObject),clientDataJSON:l(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:g,authenticatorData:v},type:s,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:y(i.authenticatorAttachment)}}function b(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function E(e,t=!1){if(!h())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(p));const i={...e,challenge:d(e.challenge),allowCredentials:n},o={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');o.mediation="conditional",i.allowCredentials=[]}let r;o.publicKey=i,o.signal=m.createNewAbortSignal();try{r=await navigator.credentials.get(o)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new w({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:o})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let g;var v;return c.userHandle&&(v=c.userHandle,g=new TextDecoder("utf-8").decode(v)),{id:a,rawId:l(s),response:{authenticatorData:l(c.authenticatorData),clientDataJSON:l(c.clientDataJSON),signature:l(c.signature),userHandle:g},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:y(r.authenticatorAttachment)}}var A=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,i=e.authenticatorAttachment;return c(this,void 0,void 0,(function(){var e;return u(this,(function(o){switch(o.label){case 0:return e=Boolean(i)?{username:n,authenticatorAttachment:i}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return c(this,void 0,void 0,(function(){var e,i;return u(this,(function(o){switch(o.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:if(!(i=o.sent()).ok)throw new Error(i.statusText);return[2,i.json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,i=e.registrationCredential;return c(this,void 0,void 0,(function(){var e;return u(this,(function(o){switch(o.label){case 0:return e={challengeId:n,registrationCredential:i},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,i=e.authenticationCredential,o=e.deviceId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:i,deviceId:o},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return c(this,void 0,void 0,(function(){var t;return u(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,i=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new A({baseUrl:t,tenantId:n}),this.anonymousId=i}return e.prototype.signUp=function(e){var t=e.userName,n=e.token,i=e.authenticatorAttachment,o=void 0===i?"platform":i;return c(this,void 0,void 0,(function(){var e,i,r;return u(this,(function(a){switch(a.label){case 0:return[4,this.api.registrationOptions({username:t,token:n,authenticatorAttachment:o})];case 1:return[4,v((e=a.sent()).options)];case 2:return i=a.sent(),[4,this.api.addAuthenticator({challengeId:e.challengeId,registrationCredential:i,token:n})];case 3:return(null==(r=a.sent())?void 0:r.isVerified)&&this.storeCredentialAgainstDevice(i),[2,null==r?void 0:r.accessToken]}}))}))},e.prototype.signIn=function(e){var t;return c(this,void 0,void 0,(function(){var n,i,o,r,a;return u(this,(function(s){switch(s.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if((null==e?void 0:e.action)&&(null==e?void 0:e.challengeId))throw new Error("action is not supported when providing a challengeId");if((null==e?void 0:e.challengeId)&&e.token)throw new Error("challengeId is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return i=s.sent(),[3,3];case 2:i=null,s.label=3;case 3:return n=i,[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null!==(t=null==n?void 0:n.challengeId)&&void 0!==t?t:null==e?void 0:e.challengeId})];case 4:return[4,E((o=s.sent()).options,null==e?void 0:e.autofill)];case 5:return r=s.sent(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:r,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return(null==(a=s.sent())?void 0:a.isVerified)&&this.storeCredentialAgainstDevice(r),[2,null==a?void 0:a.accessToken]}}))}))},e.prototype.isAvailableOnDevice=function(){return c(this,void 0,void 0,(function(){var e;return u(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),I=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,i=void 0===n?400:n,o=e.height,r=function(e){var t=e.url,n=e.width,i=e.height,o=e.win;if(!o.top)return null;var r=o.top.outerHeight/2+o.top.screenY-i/2,a=o.top.outerWidth/2+o.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(i,", top=").concat(r,", left=").concat(a))}({url:t,width:i,height:void 0===o?500:o,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const _=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',S=":not(:disabled)";var O=[`a[href]${_}${C}`,`area[href]${_}${C}`,`input:not([type="hidden"]):not([type="radio"])${_}${C}${S}`,`input[type="radio"]${_}${C}${S}`,`select${_}${C}${S}`,`textarea${_}${C}${S}`,`button${_}${C}${S}`,`details${_} > summary:first-of-type${C}`,`iframe${_}${C}`,`audio[controls]${_}${C}`,`video[controls]${_}${C}`,`[contenteditable]${_}${C}`,`[tabindex]${_}${C}`];function k(e){(e.querySelector("[autofocus]")||e).focus()}function U(e,t){if(t&&T(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=$(e.shadowRoot,t);for(;n;){const e=U(n,t);if(e)return e;n=P(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=U(e,t);if(n)return n}}else{let n=$(e,t);for(;n;){const e=U(n,t);if(e)return e;n=P(n,t)}}var n;return!t&&T(e)?e:null}function $(e,t){return t?e.firstElementChild:e.lastElementChild}function P(e,t){return t?e.nextElementSibling:e.previousElementSibling}const T=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(O.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function N(e=document){const t=e.activeElement;return t?t.shadowRoot?N(t.shadowRoot)||document.activeElement:t:null}function D(e,t){const[n,i]=function(e){const t=U(e,!0);return[t,t?U(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const o=N();t.shiftKey&&o===n?(i.focus(),t.preventDefault()):t.shiftKey||o!==i||(n.focus(),t.preventDefault())}class x{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=N(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):k(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&D(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||k(this.$el)}}function L(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new x(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",L):L());var K="__authsignal-popup-container",H="__authsignal-popup-content",W="__authsignal-popup-overlay",M="__authsignal-popup-style",j="__authsignal-popup-iframe",q="385px",F=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(K)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,i=void 0===n?q:n,o=e.isClosable,r=void 0===o||o,a=i;CSS.supports("width",i)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=q);var s=document.createElement("div");s.setAttribute("id",K),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",W),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",H),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",M),l.textContent="\n #".concat(K,",\n #").concat(W," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(K," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(K,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(W," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(H," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(H," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new x(s),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(K)),t=document.querySelector("#".concat(M));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",G)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var i=document.createElement("iframe");i.setAttribute("id",j),i.setAttribute("name","authsignal"),i.setAttribute("title","Authsignal multi-factor authentication"),i.setAttribute("src",n),i.setAttribute("frameborder","0"),i.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var o=document.querySelector("#".concat(H));o&&o.appendChild(i),window.addEventListener("message",G),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function G(e){var t=document.querySelector("#".concat(j));t&&e.data.height&&(t.style.height=e.data.height+"px")}var V=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.challengeId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(n){switch(n.label){case 0:return e={challengeId:t},[4,fetch("".concat(this.baseUrl,"/client/verify"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify(e)})];case 1:return[2,n.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),z=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.api=new V({baseUrl:t,tenantId:n})}return e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,this.api.challenge(e.action)];case 1:return[2,t.sent().challengeId]}}))}))},e.prototype.verify=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,this.api.verify({challengeId:e.challengeId})];case 1:return[2,t.sent()]}}))}))},e}(),B="4a08uqve",J=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,i=void 0===n?"__as_aid":n,o=e.baseUrl,r=void 0===o?"https://api.authsignal.com/v1":o,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this._token=void 0,this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=i,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new R({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.kiosk=new z({baseUrl:r,tenantId:c})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(B,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(B,"&session_id=").concat(t),i=document.createElement("script");i.src=n,i.async=!1,i.id="as_adv_profile",document.head.appendChild(i);var o=document.createElement("noscript");o.setAttribute("id","as_adv_profile_pixel"),o.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(B,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(B,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),o&&(o.appendChild(r),document.body.prepend(o))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var i=this,o=n.popupOptions,r=new F({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),a="".concat(t,"&mode=popup");return r.show({url:a}),new Promise((function(t){r.on("hide",(function(){t({token:i._token})})),window.addEventListener("message",(function(t){var n=null;try{n=JSON.parse(t.data)}catch(e){}(null==n?void 0:n.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i._token=n.token,r.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var i=this,o=n.windowOptions,r=new I,a="".concat(t,"&mode=popup");return r.show({url:a,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i._token=o.token,r.close(),t({token:i._token}))}),!1)}))},t}();return e.Authsignal=J,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
1
+ var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(a)}function s(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(e){var t;console.error(null!==(t=e.errorDescription)&&void 0!==t?t:e.error)}function u(e,t,n,o){return new(n||(n=Promise))((function(i,r){function a(e){try{c(o.next(e))}catch(e){r(e)}}function s(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((o=o.apply(e,t||[])).next())}))}function l(e,t){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function d(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function h(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let e=0;e<i.length;e++)a[e]=i.charCodeAt(e);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(e){const{id:t}=e;return{...e,id:h(t),transports:e.transports}}function m(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class w extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const g=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},y=["cross-platform","platform"];function v(e){if(e&&!(y.indexOf(e)<0))return e}async function b(e){if(!p())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:h(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(f)}};let o;n.signal=g.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new w({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new w({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new w({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new w({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new w({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new w({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new w({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,y;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){E("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(l=d(e))}catch(e){E("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{y=d(a.getAuthenticatorData())}catch(e){E("getAuthenticatorData()",e)}return{id:i,rawId:d(r),response:{attestationObject:d(a.attestationObject),clientDataJSON:d(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:y},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:v(o.authenticatorAttachment)}}function E(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function A(e,t=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(f));const o={...e,challenge:h(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=g.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new w({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new w({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new w({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new w({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new w({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var y;return c.userHandle&&(y=c.userHandle,l=new TextDecoder("utf-8").decode(y)),{id:a,rawId:d(s),response:{authenticatorData:d(c.authenticatorData),clientDataJSON:d(c.clientDataJSON),signature:d(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:v(r.authenticatorAttachment)}}var R=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,o=e.authenticatorAttachment;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,o=e.registrationCredential;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,o=e.authenticationCredential,i=e.deviceId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),I=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new R({baseUrl:t,tenantId:n}),this.anonymousId=o}return e.prototype.signUp=function(e){var t=e.userName,n=e.userDisplayName,o=e.token,i=e.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var e,i,a,s;return l(this,(function(u){switch(u.label){case 0:return e={username:t,displayName:n,token:o,authenticatorAttachment:r},[4,this.api.registrationOptions(e)];case 1:return"error"in(i=u.sent())?(c(i),[2]):[4,b(i.options)];case 2:return a=u.sent(),[4,this.api.addAuthenticator({challengeId:i.challengeId,registrationCredential:a,token:o})];case 3:return"error"in(s=u.sent())?(c(s),[2]):(s.isVerified&&this.storeCredentialAgainstDevice(a),[2,{token:s.accessToken}])}}))}))},e.prototype.signIn=function(e){return u(this,void 0,void 0,(function(){var t,n,o,i,r,a,s,u,d,h;return l(this,(function(l){switch(l.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(t=n)&&"error"in t?(c(t),[2]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,A(o.options,null==e?void 0:e.autofill)];case 5:return i=l.sent(),(null==e?void 0:e.onVerificationStarted)&&e.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,d=r.username,h=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:d,userDisplayName:h}])}}))}))},e.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var e;return l(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),_=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const C=":not([inert]):not([inert] *)",S=':not([tabindex^="-"])',O=":not(:disabled)";var k=[`a[href]${C}${S}`,`area[href]${C}${S}`,`input:not([type="hidden"]):not([type="radio"])${C}${S}${O}`,`input[type="radio"]${C}${S}${O}`,`select${C}${S}${O}`,`textarea${C}${S}${O}`,`button${C}${S}${O}`,`details${C} > summary:first-of-type${S}`,`iframe${C}${S}`,`audio[controls]${C}${S}`,`video[controls]${C}${S}`,`[contenteditable]${C}${S}`,`[tabindex]${C}${S}`];function $(e){(e.querySelector("[autofocus]")||e).focus()}function P(e,t){if(t&&U(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=T(e.shadowRoot,t);for(;n;){const e=P(n,t);if(e)return e;n=N(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=P(e,t);if(n)return n}}else{let n=T(e,t);for(;n;){const e=P(n,t);if(e)return e;n=N(n,t)}}var n;return!t&&U(e)?e:null}function T(e,t){return t?e.firstElementChild:e.lastElementChild}function N(e,t){return t?e.nextElementSibling:e.previousElementSibling}const U=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(k.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function D(e=document){const t=e.activeElement;return t?t.shadowRoot?D(t.shadowRoot)||document.activeElement:t:null}function x(e,t){const[n,o]=function(e){const t=P(e,!0);return[t,t?P(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=D();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class L{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=D(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):$(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&x(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||$(this.$el)}}function K(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new L(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",K):K());var H="__authsignal-popup-container",W="__authsignal-popup-content",M="__authsignal-popup-overlay",q="__authsignal-popup-style",F="__authsignal-popup-iframe",G="385px",V=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(H)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?G:n,i=e.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=G);var s=document.createElement("div");s.setAttribute("id",H),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",M),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",W),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",q),l.textContent="\n #".concat(H,",\n #").concat(M," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(H," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(H,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(M," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(W," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(W," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new L(s),s.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(H)),t=document.querySelector("#".concat(q));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",j)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",F),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(W));i&&i.appendChild(o),window.addEventListener("message",j),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function j(e){var t=document.querySelector("#".concat(F));t&&e.data.height&&(t.style.height=e.data.height+"px")}var z="4a08uqve",B=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new I({tenantId:c,baseUrl:r,anonymousId:this.anonymousId})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(z,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(z,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(z,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(z,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=n.popupOptions,i=new V({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(t,"&mode=popup");return i.show({url:r}),new Promise((function(t){var n=void 0;i.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var o=null;try{o=JSON.parse(t.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=n.windowOptions,i=new _,r="".concat(t,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),t({token:o.token}))}),!1)}))},t}();return e.Authsignal=B,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
package/dist/passkey.d.ts CHANGED
@@ -7,33 +7,33 @@ declare type PasskeyOptions = {
7
7
  };
8
8
  declare type SignUpParams = {
9
9
  userName?: string;
10
+ userDisplayName?: string;
10
11
  token: string;
11
12
  authenticatorAttachment?: AuthenticatorAttachment | null;
12
13
  };
14
+ declare type SignUpResponse = {
15
+ token?: string;
16
+ };
17
+ declare type SignInParams = {
18
+ token?: string;
19
+ autofill?: boolean;
20
+ action?: string;
21
+ onVerificationStarted?: () => unknown;
22
+ };
23
+ declare type SignInResponse = {
24
+ token?: string;
25
+ userId?: string;
26
+ userAuthenticatorId?: string;
27
+ userName?: string;
28
+ userDisplayName?: string;
29
+ };
13
30
  export declare class Passkey {
14
31
  api: PasskeyApiClient;
15
32
  private passkeyLocalStorageKey;
16
33
  private anonymousId;
17
34
  constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
18
- signUp({ userName, token, authenticatorAttachment }: SignUpParams): Promise<string | undefined>;
19
- signIn(): Promise<string | undefined>;
20
- signIn(params?: {
21
- action: string;
22
- autofill?: boolean;
23
- }): Promise<string | undefined>;
24
- signIn(params?: {
25
- token: string;
26
- }): Promise<string | undefined>;
27
- signIn(params?: {
28
- autofill: boolean;
29
- }): Promise<string | undefined>;
30
- signIn(params?: {
31
- autofill: boolean;
32
- challengeId?: string;
33
- }): Promise<string | undefined>;
34
- signIn(params?: {
35
- challengeId: string;
36
- }): Promise<string | undefined>;
35
+ signUp({ userName, userDisplayName, token, authenticatorAttachment, }: SignUpParams): Promise<SignUpResponse | undefined>;
36
+ signIn(params?: SignInParams): Promise<SignInResponse | undefined>;
37
37
  isAvailableOnDevice(): Promise<boolean>;
38
38
  private storeCredentialAgainstDevice;
39
39
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "0.5.2-alpha",
3
+ "version": "0.5.2",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",
package/dist/api/authsignal-api-client.d.ts DELETED
@@ -1,21 +0,0 @@
1
- import { ChallengeResponse, VerifyResponse } from "./types";
2
- declare type AuthsignalApiClientOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
6
- export declare class AuthsignalApiClient {
7
- tenantId: string;
8
- baseUrl: string;
9
- constructor({ baseUrl, tenantId }: AuthsignalApiClientOptions);
10
- challenge(action: string): Promise<ChallengeResponse>;
11
- verify({ challengeId }: {
12
- challengeId: string;
13
- }): Promise<AnonymousVerifyResponse>;
14
- private buildHeaders;
15
- }
16
- export declare type AnonymousVerifyResponse = VerifyResponse & {
17
- isClaimed: boolean;
18
- isConsumed: boolean;
19
- error?: string;
20
- };
21
- export {};
package/dist/kiosk.d.ts DELETED
@@ -1,16 +0,0 @@
1
- import { AnonymousVerifyResponse, AuthsignalApiClient } from "./api/authsignal-api-client";
2
- declare type KioskOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
6
- export declare class Kiosk {
7
- api: AuthsignalApiClient;
8
- constructor({ baseUrl, tenantId }: KioskOptions);
9
- challenge(params: {
10
- action: string;
11
- }): Promise<string>;
12
- verify(params: {
13
- challengeId: string;
14
- }): Promise<AnonymousVerifyResponse>;
15
- }
16
- export {};