@authsignal/browser 0.5.3-alpha → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/api/email-api-client.d.ts +18 -0
  2. package/dist/api/passkey-api-client.d.ts +9 -13
  3. package/dist/api/sms-api-client.d.ts +18 -0
  4. package/dist/api/totp-api-client.d.ts +15 -0
  5. package/dist/api/{types.d.ts → types/passkey.d.ts} +4 -3
  6. package/dist/api/types/shared.d.ts +20 -0
  7. package/dist/api/types/totp.d.ts +5 -0
  8. package/dist/authsignal.d.ts +7 -1
  9. package/dist/email.d.ts +20 -0
  10. package/dist/helpers.d.ts +5 -3
  11. package/dist/index.js +447 -50
  12. package/dist/index.min.js +1 -1
  13. package/dist/passkey.d.ts +21 -19
  14. package/dist/sms.d.ts +20 -0
  15. package/dist/token-cache.d.ts +6 -0
  16. package/dist/totp.d.ts +17 -0
  17. package/package.json +1 -1
package/dist/api/email-api-client.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
2
+ export declare class EmailApiClient {
3
+ tenantId: string;
4
+ baseUrl: string;
5
+ constructor({ baseUrl, tenantId }: ApiClientOptions);
6
+ enroll({ token, email }: {
7
+ token: string;
8
+ email: string;
9
+ }): Promise<EnrollResponse>;
10
+ challenge({ token }: {
11
+ token: string;
12
+ }): Promise<ChallengeResponse>;
13
+ verify({ token, code }: {
14
+ token: string;
15
+ code: string;
16
+ }): Promise<VerifyResponse>;
17
+ private buildHeaders;
18
+ }
package/dist/api/passkey-api-client.d.ts CHANGED
@@ -1,26 +1,22 @@
1
- import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
2
- declare type PasskeyApiClientOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
1
+ import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types/passkey";
2
+ import { ApiClientOptions, AuthsignalResponse, ChallengeResponse } from "./types/shared";
6
3
  export declare class PasskeyApiClient {
7
4
  tenantId: string;
8
5
  baseUrl: string;
9
- constructor({ baseUrl, tenantId }: PasskeyApiClientOptions);
6
+ constructor({ baseUrl, tenantId }: ApiClientOptions);
10
7
  registrationOptions({ token, username, authenticatorAttachment, }: {
11
8
  token: string;
12
- } & RegistrationOptsRequest): Promise<RegistrationOptsResponse>;
9
+ } & RegistrationOptsRequest): Promise<AuthsignalResponse<RegistrationOptsResponse>>;
13
10
  authenticationOptions({ token, challengeId, }: {
14
11
  token?: string;
15
- } & AuthenticationOptsRequest): Promise<AuthenticationOptsResponse>;
12
+ } & AuthenticationOptsRequest): Promise<AuthsignalResponse<AuthenticationOptsResponse>>;
16
13
  addAuthenticator({ token, challengeId, registrationCredential, }: {
17
14
  token: string;
18
- } & AddAuthenticatorRequest): Promise<AddAuthenticatorResponse>;
15
+ } & AddAuthenticatorRequest): Promise<AuthsignalResponse<AddAuthenticatorResponse>>;
19
16
  verify({ token, challengeId, authenticationCredential, deviceId, }: {
20
17
  token?: string;
21
- } & VerifyRequest): Promise<VerifyResponse>;
22
- getPasskeyAuthenticator(credentialId: string): Promise<PasskeyAuthenticatorResponse>;
23
- challenge(action: string): Promise<ChallengeResponse>;
18
+ } & VerifyRequest): Promise<AuthsignalResponse<VerifyResponse>>;
19
+ getPasskeyAuthenticator(credentialId: string): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
20
+ challenge(action: string): Promise<AuthsignalResponse<ChallengeResponse>>;
24
21
  private buildHeaders;
25
22
  }
26
- export {};
package/dist/api/sms-api-client.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
2
+ export declare class SmsApiClient {
3
+ tenantId: string;
4
+ baseUrl: string;
5
+ constructor({ baseUrl, tenantId }: ApiClientOptions);
6
+ enroll({ token, phoneNumber }: {
7
+ token: string;
8
+ phoneNumber: string;
9
+ }): Promise<EnrollResponse>;
10
+ challenge({ token }: {
11
+ token: string;
12
+ }): Promise<ChallengeResponse>;
13
+ verify({ token, code }: {
14
+ token: string;
15
+ code: string;
16
+ }): Promise<VerifyResponse>;
17
+ private buildHeaders;
18
+ }
package/dist/api/totp-api-client.d.ts ADDED
@@ -0,0 +1,15 @@
1
+ import { ApiClientOptions, VerifyResponse } from "./types/shared";
2
+ import { EnrollResponse } from "./types/totp";
3
+ export declare class TotpApiClient {
4
+ tenantId: string;
5
+ baseUrl: string;
6
+ constructor({ baseUrl, tenantId }: ApiClientOptions);
7
+ enroll({ token }: {
8
+ token: string;
9
+ }): Promise<EnrollResponse>;
10
+ verify({ token, code }: {
11
+ token: string;
12
+ code: string;
13
+ }): Promise<VerifyResponse>;
14
+ private buildHeaders;
15
+ }
package/dist/api/{types.d.ts → types/passkey.d.ts} RENAMED
@@ -31,11 +31,12 @@ export declare type VerifyRequest = {
31
31
  export declare type VerifyResponse = {
32
32
  isVerified: boolean;
33
33
  accessToken?: string;
34
+ userId?: string;
35
+ userAuthenticatorId?: string;
36
+ username?: string;
37
+ userDisplayName?: string;
34
38
  };
35
39
  export declare type PasskeyAuthenticatorResponse = {
36
40
  credentialId: string;
37
41
  verifiedAt: string;
38
42
  };
39
- export declare type ChallengeResponse = {
40
- challengeId: string;
41
- };
package/dist/api/types/shared.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ export declare type ApiClientOptions = {
2
+ baseUrl: string;
3
+ tenantId: string;
4
+ };
5
+ export declare type EnrollResponse = {
6
+ userAuthenticatorId: string;
7
+ };
8
+ export declare type ChallengeResponse = {
9
+ challengeId: string;
10
+ };
11
+ export declare type VerifyResponse = {
12
+ isVerified: boolean;
13
+ token?: string;
14
+ failureReason?: string;
15
+ };
16
+ export declare type ErrorResponse = {
17
+ error: string;
18
+ errorDescription?: string;
19
+ };
20
+ export declare type AuthsignalResponse<T> = T | ErrorResponse;
package/dist/api/types/totp.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ export declare type EnrollResponse = {
2
+ userAuthenticatorID: string;
3
+ uri: string;
4
+ secret: string;
5
+ };
package/dist/authsignal.d.ts CHANGED
@@ -1,13 +1,19 @@
1
1
  import { AuthsignalOptions, LaunchOptions, TokenPayload } from "./types";
2
2
  import { Passkey } from "./passkey";
3
+ import { Totp } from "./totp";
4
+ import { Email } from "./email";
5
+ import { Sms } from "./sms";
3
6
  export declare class Authsignal {
4
7
  anonymousId: string;
5
8
  profilingId: string;
6
9
  cookieDomain: string;
7
10
  anonymousIdCookieName: string;
8
11
  passkey: Passkey;
9
- private _token;
12
+ totp: Totp;
13
+ email: Email;
14
+ sms: Sms;
10
15
  constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
16
+ setToken(token: string): void;
11
17
  launch(url: string, options?: {
12
18
  mode?: "redirect";
13
19
  } & LaunchOptions): undefined;
package/dist/email.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
2
+ declare type EmailOptions = {
3
+ baseUrl: string;
4
+ tenantId: string;
5
+ };
6
+ declare type EnrollParams = {
7
+ email: string;
8
+ };
9
+ declare type VerifyParams = {
10
+ code: string;
11
+ };
12
+ export declare class Email {
13
+ private api;
14
+ private cache;
15
+ constructor({ baseUrl, tenantId }: EmailOptions);
16
+ enroll({ email }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
17
+ challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
18
+ verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
19
+ }
20
+ export {};
package/dist/helpers.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { ErrorResponse } from "./api/types/shared";
1
2
  declare type CookieOptions = {
2
3
  name: string;
3
4
  value: string;
@@ -5,7 +6,8 @@ declare type CookieOptions = {
5
6
  domain: string;
6
7
  secure: boolean;
7
8
  };
8
- export declare const setCookie: ({ name, value, expire, domain, secure }: CookieOptions) => void;
9
- export declare const getCookieDomain: () => string;
10
- export declare const getCookie: (name: string) => string | null;
9
+ export declare function setCookie({ name, value, expire, domain, secure }: CookieOptions): void;
10
+ export declare function getCookieDomain(): string;
11
+ export declare function getCookie(name: string): string | null;
12
+ export declare function logErrorResponse(errorResponse: ErrorResponse): void;
11
13
  export {};
package/dist/index.js CHANGED
@@ -63,7 +63,7 @@ function v4(options, buf, offset) {
63
63
  return unsafeStringify(rnds);
64
64
  }
65
65
 
66
- var setCookie = function (_a) {
66
+ function setCookie(_a) {
67
67
  var name = _a.name, value = _a.value, expire = _a.expire, domain = _a.domain, secure = _a.secure;
68
68
  var expireString = expire === Infinity ? " expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + expire;
69
69
  document.cookie =
@@ -74,16 +74,20 @@ var setCookie = function (_a) {
74
74
  expireString +
75
75
  (domain ? "; domain=" + domain : "") +
76
76
  (secure ? "; secure" : "");
77
- };
78
- var getCookieDomain = function () {
77
+ }
78
+ function getCookieDomain() {
79
79
  return document.location.hostname.replace("www.", "");
80
- };
81
- var getCookie = function (name) {
80
+ }
81
+ function getCookie(name) {
82
82
  if (!name) {
83
83
  return null;
84
84
  }
85
85
  return (decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*" + encodeURIComponent(name).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*([^;]*).*$)|^.*$"), "$1")) || null);
86
- };
86
+ }
87
+ function logErrorResponse(errorResponse) {
88
+ var _a;
89
+ console.error((_a = errorResponse.errorDescription) !== null && _a !== void 0 ? _a : errorResponse.error);
90
+ }
87
91
 
88
92
  var AuthsignalWindowMessage;
89
93
  (function (AuthsignalWindowMessage) {
@@ -559,17 +563,13 @@ var PasskeyApiClient = /** @class */ (function () {
559
563
  switch (_b.label) {
560
564
  case 0:
561
565
  body = { challengeId: challengeId };
562
- return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
563
- method: "POST",
564
- headers: this.buildHeaders(token),
565
- body: JSON.stringify(body)
566
- })];
567
- case 1:
568
- response = _b.sent();
569
- if (!response.ok) {
570
- throw new Error(response.statusText);
571
- }
572
- return [2 /*return*/, response.json()];
566
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
567
+ method: "POST",
568
+ headers: this.buildHeaders(token),
569
+ body: JSON.stringify(body)
570
+ });
571
+ return [4 /*yield*/, response];
572
+ case 1: return [2 /*return*/, (_b.sent()).json()];
573
573
  }
574
574
  });
575
575
  });
@@ -661,46 +661,84 @@ var PasskeyApiClient = /** @class */ (function () {
661
661
  return PasskeyApiClient;
662
662
  }());
663
663
 
664
+ var TokenCache = /** @class */ (function () {
665
+ function TokenCache() {
666
+ this.token = null;
667
+ }
668
+ TokenCache.prototype.handleTokenNotSetError = function () {
669
+ var error = "A token has not been set. Call 'setToken' first.";
670
+ var errorCode = "TOKEN_NOT_SET";
671
+ console.error("Error: ".concat(error));
672
+ return {
673
+ error: errorCode,
674
+ errorDescription: error
675
+ };
676
+ };
677
+ TokenCache.shared = new TokenCache();
678
+ return TokenCache;
679
+ }());
680
+
664
681
  var Passkey = /** @class */ (function () {
665
682
  function Passkey(_a) {
666
683
  var baseUrl = _a.baseUrl, tenantId = _a.tenantId, anonymousId = _a.anonymousId;
667
684
  this.passkeyLocalStorageKey = "as_passkey_credential_id";
685
+ this.cache = TokenCache.shared;
668
686
  this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId });
669
687
  this.anonymousId = anonymousId;
670
688
  }
671
689
  Passkey.prototype.signUp = function (_a) {
672
- var userName = _a.userName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
690
+ var userName = _a.userName, userDisplayName = _a.userDisplayName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
673
691
  return __awaiter(this, void 0, void 0, function () {
674
- var optionsResponse, registrationResponse, addAuthenticatorResponse;
692
+ var userToken, optionsInput, optionsResponse, registrationResponse, addAuthenticatorResponse;
675
693
  return __generator(this, function (_c) {
676
694
  switch (_c.label) {
677
- case 0: return [4 /*yield*/, this.api.registrationOptions({ username: userName, token: token, authenticatorAttachment: authenticatorAttachment })];
695
+ case 0:
696
+ userToken = token !== null && token !== void 0 ? token : this.cache.token;
697
+ if (!userToken) {
698
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
699
+ }
700
+ optionsInput = {
701
+ username: userName,
702
+ displayName: userDisplayName,
703
+ token: userToken,
704
+ authenticatorAttachment: authenticatorAttachment
705
+ };
706
+ return [4 /*yield*/, this.api.registrationOptions(optionsInput)];
678
707
  case 1:
679
708
  optionsResponse = _c.sent();
709
+ if ("error" in optionsResponse) {
710
+ logErrorResponse(optionsResponse);
711
+ return [2 /*return*/];
712
+ }
680
713
  return [4 /*yield*/, startRegistration(optionsResponse.options)];
681
714
  case 2:
682
715
  registrationResponse = _c.sent();
683
716
  return [4 /*yield*/, this.api.addAuthenticator({
684
717
  challengeId: optionsResponse.challengeId,
685
718
  registrationCredential: registrationResponse,
686
- token: token
719
+ token: userToken
687
720
  })];
688
721
  case 3:
689
722
  addAuthenticatorResponse = _c.sent();
690
- if (addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.isVerified) {
723
+ if ("error" in addAuthenticatorResponse) {
724
+ logErrorResponse(addAuthenticatorResponse);
725
+ return [2 /*return*/];
726
+ }
727
+ if (addAuthenticatorResponse.isVerified) {
691
728
  this.storeCredentialAgainstDevice(registrationResponse);
692
729
  }
693
- return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
730
+ return [2 /*return*/, {
731
+ token: addAuthenticatorResponse.accessToken
732
+ }];
694
733
  }
695
734
  });
696
735
  });
697
736
  };
698
737
  Passkey.prototype.signIn = function (params) {
699
- var _a;
700
738
  return __awaiter(this, void 0, void 0, function () {
701
- var challengeResponse, _b, optionsResponse, authenticationResponse, verifyResponse;
702
- return __generator(this, function (_c) {
703
- switch (_c.label) {
739
+ var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName;
740
+ return __generator(this, function (_b) {
741
+ switch (_b.label) {
704
742
  case 0:
705
743
  if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
706
744
  throw new Error("autofill is not supported when providing a token");
@@ -708,31 +746,36 @@ var Passkey = /** @class */ (function () {
708
746
  if ((params === null || params === void 0 ? void 0 : params.action) && params.token) {
709
747
  throw new Error("action is not supported when providing a token");
710
748
  }
711
- if ((params === null || params === void 0 ? void 0 : params.action) && (params === null || params === void 0 ? void 0 : params.challengeId)) {
712
- throw new Error("action is not supported when providing a challengeId");
713
- }
714
- if ((params === null || params === void 0 ? void 0 : params.challengeId) && params.token) {
715
- throw new Error("challengeId is not supported when providing a token");
716
- }
717
749
  if (!(params === null || params === void 0 ? void 0 : params.action)) return [3 /*break*/, 2];
718
750
  return [4 /*yield*/, this.api.challenge(params.action)];
719
751
  case 1:
720
- _b = _c.sent();
752
+ _a = _b.sent();
721
753
  return [3 /*break*/, 3];
722
754
  case 2:
723
- _b = null;
724
- _c.label = 3;
755
+ _a = null;
756
+ _b.label = 3;
725
757
  case 3:
726
- challengeResponse = _b;
758
+ challengeResponse = _a;
759
+ if (challengeResponse && "error" in challengeResponse) {
760
+ logErrorResponse(challengeResponse);
761
+ return [2 /*return*/];
762
+ }
727
763
  return [4 /*yield*/, this.api.authenticationOptions({
728
764
  token: params === null || params === void 0 ? void 0 : params.token,
729
- challengeId: (_a = challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId) !== null && _a !== void 0 ? _a : params === null || params === void 0 ? void 0 : params.challengeId
765
+ challengeId: challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId
730
766
  })];
731
767
  case 4:
732
- optionsResponse = _c.sent();
768
+ optionsResponse = _b.sent();
769
+ if ("error" in optionsResponse) {
770
+ logErrorResponse(optionsResponse);
771
+ return [2 /*return*/];
772
+ }
733
773
  return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
734
774
  case 5:
735
- authenticationResponse = _c.sent();
775
+ authenticationResponse = _b.sent();
776
+ if (params === null || params === void 0 ? void 0 : params.onVerificationStarted) {
777
+ params.onVerificationStarted();
778
+ }
736
779
  return [4 /*yield*/, this.api.verify({
737
780
  challengeId: optionsResponse.challengeId,
738
781
  authenticationCredential: authenticationResponse,
@@ -740,11 +783,22 @@ var Passkey = /** @class */ (function () {
740
783
  deviceId: this.anonymousId
741
784
  })];
742
785
  case 6:
743
- verifyResponse = _c.sent();
744
- if (verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.isVerified) {
786
+ verifyResponse = _b.sent();
787
+ if ("error" in verifyResponse) {
788
+ logErrorResponse(verifyResponse);
789
+ return [2 /*return*/];
790
+ }
791
+ if (verifyResponse.isVerified) {
745
792
  this.storeCredentialAgainstDevice(authenticationResponse);
746
793
  }
747
- return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
794
+ token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName;
795
+ return [2 /*return*/, {
796
+ token: token,
797
+ userId: userId,
798
+ userAuthenticatorId: userAuthenticatorId,
799
+ userName: userName,
800
+ userDisplayName: userDisplayName
801
+ }];
748
802
  }
749
803
  });
750
804
  });
@@ -1287,6 +1341,10 @@ var PopupHandler = /** @class */ (function () {
1287
1341
  container.appendChild(overlay);
1288
1342
  container.appendChild(content);
1289
1343
  this.popup = new A11yDialog(container);
1344
+ // Safari and Firefox will fail the WebAuthn request if the document making
1345
+ // the request does not have focus. This will reduce the chances of that
1346
+ // happening by focusing on the dialog container.
1347
+ container.focus();
1290
1348
  // Make sure to remove any trace of the dialog on hide
1291
1349
  this.popup.on("hide", function () {
1292
1350
  _this.destroy();
@@ -1342,6 +1400,342 @@ function resizeIframe(event) {
1342
1400
  }
1343
1401
  }
1344
1402
 
1403
+ var TotpApiClient = /** @class */ (function () {
1404
+ function TotpApiClient(_a) {
1405
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1406
+ this.tenantId = tenantId;
1407
+ this.baseUrl = baseUrl;
1408
+ }
1409
+ TotpApiClient.prototype.enroll = function (_a) {
1410
+ var token = _a.token;
1411
+ return __awaiter(this, void 0, void 0, function () {
1412
+ var response;
1413
+ return __generator(this, function (_b) {
1414
+ switch (_b.label) {
1415
+ case 0:
1416
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/totp"), {
1417
+ method: "POST",
1418
+ headers: this.buildHeaders(token)
1419
+ });
1420
+ return [4 /*yield*/, response];
1421
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1422
+ }
1423
+ });
1424
+ });
1425
+ };
1426
+ TotpApiClient.prototype.verify = function (_a) {
1427
+ var token = _a.token, code = _a.code;
1428
+ return __awaiter(this, void 0, void 0, function () {
1429
+ var body, response;
1430
+ return __generator(this, function (_b) {
1431
+ switch (_b.label) {
1432
+ case 0:
1433
+ body = { code: code };
1434
+ response = fetch("".concat(this.baseUrl, "/client/verify/totp"), {
1435
+ method: "POST",
1436
+ headers: this.buildHeaders(token),
1437
+ body: JSON.stringify(body)
1438
+ });
1439
+ return [4 /*yield*/, response];
1440
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1441
+ }
1442
+ });
1443
+ });
1444
+ };
1445
+ TotpApiClient.prototype.buildHeaders = function (token) {
1446
+ var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1447
+ return {
1448
+ "Content-Type": "application/json",
1449
+ Authorization: authorizationHeader
1450
+ };
1451
+ };
1452
+ return TotpApiClient;
1453
+ }());
1454
+
1455
+ var Totp = /** @class */ (function () {
1456
+ function Totp(_a) {
1457
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1458
+ this.cache = TokenCache.shared;
1459
+ this.api = new TotpApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1460
+ }
1461
+ Totp.prototype.enroll = function () {
1462
+ return __awaiter(this, void 0, void 0, function () {
1463
+ return __generator(this, function (_a) {
1464
+ if (!this.cache.token) {
1465
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1466
+ }
1467
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token })];
1468
+ });
1469
+ });
1470
+ };
1471
+ Totp.prototype.verify = function (_a) {
1472
+ var code = _a.code;
1473
+ return __awaiter(this, void 0, void 0, function () {
1474
+ var verifyResponse;
1475
+ return __generator(this, function (_b) {
1476
+ switch (_b.label) {
1477
+ case 0:
1478
+ if (!this.cache.token) {
1479
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1480
+ }
1481
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1482
+ case 1:
1483
+ verifyResponse = _b.sent();
1484
+ if (verifyResponse.token) {
1485
+ this.cache.token = verifyResponse.token;
1486
+ }
1487
+ return [2 /*return*/, verifyResponse];
1488
+ }
1489
+ });
1490
+ });
1491
+ };
1492
+ return Totp;
1493
+ }());
1494
+
1495
+ var EmailApiClient = /** @class */ (function () {
1496
+ function EmailApiClient(_a) {
1497
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1498
+ this.tenantId = tenantId;
1499
+ this.baseUrl = baseUrl;
1500
+ }
1501
+ EmailApiClient.prototype.enroll = function (_a) {
1502
+ var token = _a.token, email = _a.email;
1503
+ return __awaiter(this, void 0, void 0, function () {
1504
+ var body, response;
1505
+ return __generator(this, function (_b) {
1506
+ switch (_b.label) {
1507
+ case 0:
1508
+ body = { email: email };
1509
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/email-otp"), {
1510
+ method: "POST",
1511
+ headers: this.buildHeaders(token),
1512
+ body: JSON.stringify(body)
1513
+ });
1514
+ return [4 /*yield*/, response];
1515
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1516
+ }
1517
+ });
1518
+ });
1519
+ };
1520
+ EmailApiClient.prototype.challenge = function (_a) {
1521
+ var token = _a.token;
1522
+ return __awaiter(this, void 0, void 0, function () {
1523
+ var response;
1524
+ return __generator(this, function (_b) {
1525
+ switch (_b.label) {
1526
+ case 0:
1527
+ response = fetch("".concat(this.baseUrl, "/client/challenge/email-otp"), {
1528
+ method: "POST",
1529
+ headers: this.buildHeaders(token)
1530
+ });
1531
+ return [4 /*yield*/, response];
1532
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1533
+ }
1534
+ });
1535
+ });
1536
+ };
1537
+ EmailApiClient.prototype.verify = function (_a) {
1538
+ var token = _a.token, code = _a.code;
1539
+ return __awaiter(this, void 0, void 0, function () {
1540
+ var body, response;
1541
+ return __generator(this, function (_b) {
1542
+ switch (_b.label) {
1543
+ case 0:
1544
+ body = { code: code };
1545
+ response = fetch("".concat(this.baseUrl, "/client/verify/email-otp"), {
1546
+ method: "POST",
1547
+ headers: this.buildHeaders(token),
1548
+ body: JSON.stringify(body)
1549
+ });
1550
+ return [4 /*yield*/, response];
1551
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1552
+ }
1553
+ });
1554
+ });
1555
+ };
1556
+ EmailApiClient.prototype.buildHeaders = function (token) {
1557
+ var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1558
+ return {
1559
+ "Content-Type": "application/json",
1560
+ Authorization: authorizationHeader
1561
+ };
1562
+ };
1563
+ return EmailApiClient;
1564
+ }());
1565
+
1566
+ var Email = /** @class */ (function () {
1567
+ function Email(_a) {
1568
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1569
+ this.cache = TokenCache.shared;
1570
+ this.api = new EmailApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1571
+ }
1572
+ Email.prototype.enroll = function (_a) {
1573
+ var email = _a.email;
1574
+ return __awaiter(this, void 0, void 0, function () {
1575
+ return __generator(this, function (_b) {
1576
+ if (!this.cache.token) {
1577
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1578
+ }
1579
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token, email: email })];
1580
+ });
1581
+ });
1582
+ };
1583
+ Email.prototype.challenge = function () {
1584
+ return __awaiter(this, void 0, void 0, function () {
1585
+ return __generator(this, function (_a) {
1586
+ if (!this.cache.token) {
1587
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1588
+ }
1589
+ return [2 /*return*/, this.api.challenge({ token: this.cache.token })];
1590
+ });
1591
+ });
1592
+ };
1593
+ Email.prototype.verify = function (_a) {
1594
+ var code = _a.code;
1595
+ return __awaiter(this, void 0, void 0, function () {
1596
+ var verifyResponse;
1597
+ return __generator(this, function (_b) {
1598
+ switch (_b.label) {
1599
+ case 0:
1600
+ if (!this.cache.token) {
1601
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1602
+ }
1603
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1604
+ case 1:
1605
+ verifyResponse = _b.sent();
1606
+ if (verifyResponse.token) {
1607
+ this.cache.token = verifyResponse.token;
1608
+ }
1609
+ return [2 /*return*/, verifyResponse];
1610
+ }
1611
+ });
1612
+ });
1613
+ };
1614
+ return Email;
1615
+ }());
1616
+
1617
+ var SmsApiClient = /** @class */ (function () {
1618
+ function SmsApiClient(_a) {
1619
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1620
+ this.tenantId = tenantId;
1621
+ this.baseUrl = baseUrl;
1622
+ }
1623
+ SmsApiClient.prototype.enroll = function (_a) {
1624
+ var token = _a.token, phoneNumber = _a.phoneNumber;
1625
+ return __awaiter(this, void 0, void 0, function () {
1626
+ var body, response;
1627
+ return __generator(this, function (_b) {
1628
+ switch (_b.label) {
1629
+ case 0:
1630
+ body = { phoneNumber: phoneNumber };
1631
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/sms"), {
1632
+ method: "POST",
1633
+ headers: this.buildHeaders(token),
1634
+ body: JSON.stringify(body)
1635
+ });
1636
+ return [4 /*yield*/, response];
1637
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1638
+ }
1639
+ });
1640
+ });
1641
+ };
1642
+ SmsApiClient.prototype.challenge = function (_a) {
1643
+ var token = _a.token;
1644
+ return __awaiter(this, void 0, void 0, function () {
1645
+ var response;
1646
+ return __generator(this, function (_b) {
1647
+ switch (_b.label) {
1648
+ case 0:
1649
+ response = fetch("".concat(this.baseUrl, "/client/challenge/sms"), {
1650
+ method: "POST",
1651
+ headers: this.buildHeaders(token)
1652
+ });
1653
+ return [4 /*yield*/, response];
1654
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1655
+ }
1656
+ });
1657
+ });
1658
+ };
1659
+ SmsApiClient.prototype.verify = function (_a) {
1660
+ var token = _a.token, code = _a.code;
1661
+ return __awaiter(this, void 0, void 0, function () {
1662
+ var body, response;
1663
+ return __generator(this, function (_b) {
1664
+ switch (_b.label) {
1665
+ case 0:
1666
+ body = { code: code };
1667
+ response = fetch("".concat(this.baseUrl, "/client/verify/sms"), {
1668
+ method: "POST",
1669
+ headers: this.buildHeaders(token),
1670
+ body: JSON.stringify(body)
1671
+ });
1672
+ return [4 /*yield*/, response];
1673
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1674
+ }
1675
+ });
1676
+ });
1677
+ };
1678
+ SmsApiClient.prototype.buildHeaders = function (token) {
1679
+ var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1680
+ return {
1681
+ "Content-Type": "application/json",
1682
+ Authorization: authorizationHeader
1683
+ };
1684
+ };
1685
+ return SmsApiClient;
1686
+ }());
1687
+
1688
+ var Sms = /** @class */ (function () {
1689
+ function Sms(_a) {
1690
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1691
+ this.cache = TokenCache.shared;
1692
+ this.api = new SmsApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1693
+ }
1694
+ Sms.prototype.enroll = function (_a) {
1695
+ var phoneNumber = _a.phoneNumber;
1696
+ return __awaiter(this, void 0, void 0, function () {
1697
+ return __generator(this, function (_b) {
1698
+ if (!this.cache.token) {
1699
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1700
+ }
1701
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token, phoneNumber: phoneNumber })];
1702
+ });
1703
+ });
1704
+ };
1705
+ Sms.prototype.challenge = function () {
1706
+ return __awaiter(this, void 0, void 0, function () {
1707
+ return __generator(this, function (_a) {
1708
+ if (!this.cache.token) {
1709
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1710
+ }
1711
+ return [2 /*return*/, this.api.challenge({ token: this.cache.token })];
1712
+ });
1713
+ });
1714
+ };
1715
+ Sms.prototype.verify = function (_a) {
1716
+ var code = _a.code;
1717
+ return __awaiter(this, void 0, void 0, function () {
1718
+ var verifyResponse;
1719
+ return __generator(this, function (_b) {
1720
+ switch (_b.label) {
1721
+ case 0:
1722
+ if (!this.cache.token) {
1723
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1724
+ }
1725
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1726
+ case 1:
1727
+ verifyResponse = _b.sent();
1728
+ if (verifyResponse.token) {
1729
+ this.cache.token = verifyResponse.token;
1730
+ }
1731
+ return [2 /*return*/, verifyResponse];
1732
+ }
1733
+ });
1734
+ });
1735
+ };
1736
+ return Sms;
1737
+ }());
1738
+
1345
1739
  var DEFAULT_COOKIE_NAME = "__as_aid";
1346
1740
  var DEFAULT_PROFILING_COOKIE_NAME = "__as_pid";
1347
1741
  var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
@@ -1353,7 +1747,6 @@ var Authsignal = /** @class */ (function () {
1353
1747
  this.profilingId = "";
1354
1748
  this.cookieDomain = "";
1355
1749
  this.anonymousIdCookieName = "";
1356
- this._token = undefined;
1357
1750
  this.cookieDomain = cookieDomain || getCookieDomain();
1358
1751
  this.anonymousIdCookieName = cookieName;
1359
1752
  if (!tenantId) {
@@ -1374,7 +1767,13 @@ var Authsignal = /** @class */ (function () {
1374
1767
  });
1375
1768
  }
1376
1769
  this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId });
1770
+ this.totp = new Totp({ tenantId: tenantId, baseUrl: baseUrl });
1771
+ this.email = new Email({ tenantId: tenantId, baseUrl: baseUrl });
1772
+ this.sms = new Sms({ tenantId: tenantId, baseUrl: baseUrl });
1377
1773
  }
1774
+ Authsignal.prototype.setToken = function (token) {
1775
+ TokenCache.shared.token = token;
1776
+ };
1378
1777
  Authsignal.prototype.launch = function (url, options) {
1379
1778
  switch (options === null || options === void 0 ? void 0 : options.mode) {
1380
1779
  case "window":
@@ -1424,12 +1823,12 @@ var Authsignal = /** @class */ (function () {
1424
1823
  window.location.href = url;
1425
1824
  };
1426
1825
  Authsignal.prototype.launchWithPopup = function (url, options) {
1427
- var _this = this;
1428
1826
  var popupOptions = options.popupOptions;
1429
1827
  var popupHandler = new PopupHandler({ width: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.width, isClosable: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.isClosable });
1430
1828
  var popupUrl = "".concat(url, "&mode=popup");
1431
1829
  popupHandler.show({ url: popupUrl });
1432
1830
  return new Promise(function (resolve) {
1831
+ var token = undefined;
1433
1832
  var onMessage = function (event) {
1434
1833
  var data = null;
1435
1834
  try {
@@ -1439,18 +1838,17 @@ var Authsignal = /** @class */ (function () {
1439
1838
  // Ignore if the event data is not valid JSON
1440
1839
  }
1441
1840
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1442
- _this._token = data.token;
1841
+ token = data.token;
1443
1842
  popupHandler.close();
1444
1843
  }
1445
1844
  };
1446
1845
  popupHandler.on("hide", function () {
1447
- resolve({ token: _this._token });
1846
+ resolve({ token: token });
1448
1847
  });
1449
1848
  window.addEventListener("message", onMessage, false);
1450
1849
  });
1451
1850
  };
1452
1851
  Authsignal.prototype.launchWithWindow = function (url, options) {
1453
- var _this = this;
1454
1852
  var windowOptions = options.windowOptions;
1455
1853
  var windowHandler = new WindowHandler();
1456
1854
  var windowUrl = "".concat(url, "&mode=popup");
@@ -1465,9 +1863,8 @@ var Authsignal = /** @class */ (function () {
1465
1863
  // Ignore if the event data is not valid JSON
1466
1864
  }
1467
1865
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1468
- _this._token = data.token;
1469
1866
  windowHandler.close();
1470
- resolve({ token: _this._token });
1867
+ resolve({ token: data.token });
1471
1868
  }
1472
1869
  };
1473
1870
  window.addEventListener("message", onMessage, false);
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(a)}var s=function(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")};function c(e,t,n,o){return new(n||(n=Promise))((function(i,r){function a(e){try{c(o.next(e))}catch(e){r(e)}}function s(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((o=o.apply(e,t||[])).next())}))}function u(e,t){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function l(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let e=0;e<i.length;e++)a[e]=i.charCodeAt(e);return r}function h(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function p(e){const{id:t}=e;return{...e,id:d(t),transports:e.transports}}function f(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class m extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const w=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},g=["cross-platform","platform"];function y(e){if(e&&!(g.indexOf(e)<0))return e}async function v(e){if(!h())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:d(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(p)}};let o;n.signal=w.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new m({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new m({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new m({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new m({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new m({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new m({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new m({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new m({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,g,v;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){b("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(g=l(e))}catch(e){b("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{v=l(a.getAuthenticatorData())}catch(e){b("getAuthenticatorData()",e)}return{id:i,rawId:l(r),response:{attestationObject:l(a.attestationObject),clientDataJSON:l(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:g,authenticatorData:v},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:y(o.authenticatorAttachment)}}function b(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function E(e,t=!1){if(!h())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(p));const o={...e,challenge:d(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=w.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new m({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new m({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let g;var v;return c.userHandle&&(v=c.userHandle,g=new TextDecoder("utf-8").decode(v)),{id:a,rawId:l(s),response:{authenticatorData:l(c.authenticatorData),clientDataJSON:l(c.clientDataJSON),signature:l(c.signature),userHandle:g},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:y(r.authenticatorAttachment)}}var A=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,o=e.authenticatorAttachment;return c(this,void 0,void 0,(function(){var e;return u(this,(function(i){switch(i.label){case 0:return e=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return c(this,void 0,void 0,(function(){var e,o;return u(this,(function(i){switch(i.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:if(!(o=i.sent()).ok)throw new Error(o.statusText);return[2,o.json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,o=e.registrationCredential;return c(this,void 0,void 0,(function(){var e;return u(this,(function(i){switch(i.label){case 0:return e={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,o=e.authenticationCredential,i=e.deviceId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return c(this,void 0,void 0,(function(){var t;return u(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new A({baseUrl:t,tenantId:n}),this.anonymousId=o}return e.prototype.signUp=function(e){var t=e.userName,n=e.token,o=e.authenticatorAttachment,i=void 0===o?"platform":o;return c(this,void 0,void 0,(function(){var e,o,r;return u(this,(function(a){switch(a.label){case 0:return[4,this.api.registrationOptions({username:t,token:n,authenticatorAttachment:i})];case 1:return[4,v((e=a.sent()).options)];case 2:return o=a.sent(),[4,this.api.addAuthenticator({challengeId:e.challengeId,registrationCredential:o,token:n})];case 3:return(null==(r=a.sent())?void 0:r.isVerified)&&this.storeCredentialAgainstDevice(o),[2,null==r?void 0:r.accessToken]}}))}))},e.prototype.signIn=function(e){var t;return c(this,void 0,void 0,(function(){var n,o,i,r,a;return u(this,(function(s){switch(s.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if((null==e?void 0:e.action)&&(null==e?void 0:e.challengeId))throw new Error("action is not supported when providing a challengeId");if((null==e?void 0:e.challengeId)&&e.token)throw new Error("challengeId is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return o=s.sent(),[3,3];case 2:o=null,s.label=3;case 3:return n=o,[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null!==(t=null==n?void 0:n.challengeId)&&void 0!==t?t:null==e?void 0:e.challengeId})];case 4:return[4,E((i=s.sent()).options,null==e?void 0:e.autofill)];case 5:return r=s.sent(),[4,this.api.verify({challengeId:i.challengeId,authenticationCredential:r,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return(null==(a=s.sent())?void 0:a.isVerified)&&this.storeCredentialAgainstDevice(r),[2,null==a?void 0:a.accessToken]}}))}))},e.prototype.isAvailableOnDevice=function(){return c(this,void 0,void 0,(function(){var e;return u(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),I=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const _=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',S=":not(:disabled)";var O=[`a[href]${_}${C}`,`area[href]${_}${C}`,`input:not([type="hidden"]):not([type="radio"])${_}${C}${S}`,`input[type="radio"]${_}${C}${S}`,`select${_}${C}${S}`,`textarea${_}${C}${S}`,`button${_}${C}${S}`,`details${_} > summary:first-of-type${C}`,`iframe${_}${C}`,`audio[controls]${_}${C}`,`video[controls]${_}${C}`,`[contenteditable]${_}${C}`,`[tabindex]${_}${C}`];function k(e){(e.querySelector("[autofocus]")||e).focus()}function $(e,t){if(t&&U(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=P(e.shadowRoot,t);for(;n;){const e=$(n,t);if(e)return e;n=T(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=$(e,t);if(n)return n}}else{let n=P(e,t);for(;n;){const e=$(n,t);if(e)return e;n=T(n,t)}}var n;return!t&&U(e)?e:null}function P(e,t){return t?e.firstElementChild:e.lastElementChild}function T(e,t){return t?e.nextElementSibling:e.previousElementSibling}const U=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(O.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function N(e=document){const t=e.activeElement;return t?t.shadowRoot?N(t.shadowRoot)||document.activeElement:t:null}function D(e,t){const[n,o]=function(e){const t=$(e,!0);return[t,t?$(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=N();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class x{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=N(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):k(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&D(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||k(this.$el)}}function L(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new x(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",L):L());var K="__authsignal-popup-container",H="__authsignal-popup-content",W="__authsignal-popup-overlay",M="__authsignal-popup-style",q="__authsignal-popup-iframe",F="385px",G=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(K)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?F:n,i=e.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=F);var s=document.createElement("div");s.setAttribute("id",K),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",W),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",H),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",M),l.textContent="\n #".concat(K,",\n #").concat(W," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(K," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(K,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(W," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(H," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(H," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new x(s),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(K)),t=document.querySelector("#".concat(M));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",j)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",q),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(H));i&&i.appendChild(o),window.addEventListener("message",j),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function j(e){var t=document.querySelector("#".concat(q));t&&e.data.height&&(t.style.height=e.data.height+"px")}var V="4a08uqve",z=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this._token=void 0,this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new R({tenantId:c,baseUrl:r,anonymousId:this.anonymousId})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(V,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(V,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(V,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(V,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=this,i=n.popupOptions,r=new G({width:null==i?void 0:i.width,isClosable:null==i?void 0:i.isClosable}),a="".concat(t,"&mode=popup");return r.show({url:a}),new Promise((function(t){r.on("hide",(function(){t({token:o._token})})),window.addEventListener("message",(function(t){var n=null;try{n=JSON.parse(t.data)}catch(e){}(null==n?void 0:n.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(o._token=n.token,r.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=this,i=n.windowOptions,r=new I,a="".concat(t,"&mode=popup");return r.show({url:a,width:null==i?void 0:i.width,height:null==i?void 0:i.height}),new Promise((function(t){window.addEventListener("message",(function(n){var i=null;try{i=JSON.parse(n.data)}catch(e){}(null==i?void 0:i.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(o._token=i.token,r.close(),t({token:o._token}))}),!1)}))},t}();return e.Authsignal=z,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
1
+ var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(a)}function s(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(e){var t;console.error(null!==(t=e.errorDescription)&&void 0!==t?t:e.error)}function u(e,t,n,o){return new(n||(n=Promise))((function(i,r){function a(e){try{c(o.next(e))}catch(e){r(e)}}function s(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((o=o.apply(e,t||[])).next())}))}function l(e,t){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function d(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function h(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let e=0;e<i.length;e++)a[e]=i.charCodeAt(e);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(e){const{id:t}=e;return{...e,id:h(t),transports:e.transports}}function m(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class v extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const y=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},w=["cross-platform","platform"];function b(e){if(e&&!(w.indexOf(e)<0))return e}async function g(e){if(!p())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:h(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(f)}};let o;n.signal=y.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new v({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new v({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new v({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new v({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new v({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new v({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new v({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new v({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new v({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,w;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){E("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(l=d(e))}catch(e){E("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{w=d(a.getAuthenticatorData())}catch(e){E("getAuthenticatorData()",e)}return{id:i,rawId:d(r),response:{attestationObject:d(a.attestationObject),clientDataJSON:d(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:w},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:b(o.authenticatorAttachment)}}function E(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function A(e,t=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(f));const o={...e,challenge:h(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=y.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new v({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new v({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!m(t))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new v({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var w;return c.userHandle&&(w=c.userHandle,l=new TextDecoder("utf-8").decode(w)),{id:a,rawId:d(s),response:{authenticatorData:d(c.authenticatorData),clientDataJSON:d(c.clientDataJSON),signature:d(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:b(r.authenticatorAttachment)}}var k=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,o=e.authenticatorAttachment;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,o=e.registrationCredential;return u(this,void 0,void 0,(function(){var e;return l(this,(function(i){switch(i.label){case 0:return e={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,o=e.authenticationCredential,i=e.deviceId;return u(this,void 0,void 0,(function(){var e;return l(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),I=function(){function e(){this.token=null}return e.prototype.handleTokenNotSetError=function(){var e="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(e)),{error:"TOKEN_NOT_SET",errorDescription:e}},e.shared=new e,e}(),R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.cache=I.shared,this.api=new k({baseUrl:t,tenantId:n}),this.anonymousId=o}return e.prototype.signUp=function(e){var t=e.userName,n=e.userDisplayName,o=e.token,i=e.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var e,i,a,s,u;return l(this,(function(l){switch(l.label){case 0:return(e=null!=o?o:this.cache.token)?(i={username:t,displayName:n,token:e,authenticatorAttachment:r},[4,this.api.registrationOptions(i)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(a=l.sent())?(c(a),[2]):[4,g(a.options)];case 2:return s=l.sent(),[4,this.api.addAuthenticator({challengeId:a.challengeId,registrationCredential:s,token:e})];case 3:return"error"in(u=l.sent())?(c(u),[2]):(u.isVerified&&this.storeCredentialAgainstDevice(s),[2,{token:u.accessToken}])}}))}))},e.prototype.signIn=function(e){return u(this,void 0,void 0,(function(){var t,n,o,i,r,a,s,u,d,h;return l(this,(function(l){switch(l.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(t=n)&&"error"in t?(c(t),[2]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,A(o.options,null==e?void 0:e.autofill)];case 5:return i=l.sent(),(null==e?void 0:e.onVerificationStarted)&&e.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,d=r.username,h=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:d,userDisplayName:h}])}}))}))},e.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var e;return l(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),S=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const _=":not([inert]):not([inert] *)",O=':not([tabindex^="-"])',C=":not(:disabled)";var T=[`a[href]${_}${O}`,`area[href]${_}${O}`,`input:not([type="hidden"]):not([type="radio"])${_}${O}${C}`,`input[type="radio"]${_}${O}${C}`,`select${_}${O}${C}`,`textarea${_}${O}${C}`,`button${_}${O}${C}`,`details${_} > summary:first-of-type${O}`,`iframe${_}${O}`,`audio[controls]${_}${O}`,`video[controls]${_}${O}`,`[contenteditable]${_}${O}`,`[tabindex]${_}${O}`];function U(e){(e.querySelector("[autofocus]")||e).focus()}function N(e,t){if(t&&D(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=P(e.shadowRoot,t);for(;n;){const e=N(n,t);if(e)return e;n=$(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=N(e,t);if(n)return n}}else{let n=P(e,t);for(;n;){const e=N(n,t);if(e)return e;n=$(n,t)}}var n;return!t&&D(e)?e:null}function P(e,t){return t?e.firstElementChild:e.lastElementChild}function $(e,t){return t?e.nextElementSibling:e.previousElementSibling}const D=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(T.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function x(e=document){const t=e.activeElement;return t?t.shadowRoot?x(t.shadowRoot)||document.activeElement:t:null}function L(e,t){const[n,o]=function(e){const t=N(e,!0);return[t,t?N(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=x();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class H{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=x(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):U(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&L(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||U(this.$el)}}function K(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new H(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",K):K());var j="__authsignal-popup-container",W="__authsignal-popup-content",M="__authsignal-popup-overlay",q="__authsignal-popup-style",B="__authsignal-popup-iframe",F="385px",G=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(j)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?F:n,i=e.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=F);var s=document.createElement("div");s.setAttribute("id",j),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",M),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",W),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",q),l.textContent="\n #".concat(j,",\n #").concat(M," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(j," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(j,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(M," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(W," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(W," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new H(s),s.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(j)),t=document.querySelector("#".concat(q));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",J)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",B),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(W));i&&i.appendChild(o),window.addEventListener("message",J),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function J(e){var t=document.querySelector("#".concat(B));t&&e.data.height&&(t.style.height=e.data.height+"px")}var V=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.enroll=function(e){var t=e.token;return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:this.buildHeaders(t)})];case 1:return[2,e.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),z=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.cache=I.shared,this.api=new V({baseUrl:t,tenantId:n})}return e.prototype.enroll=function(){return u(this,void 0,void 0,(function(){return l(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){var t=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=n.sent()).token&&(this.cache.token=e.token),[2,e]}}))}))},e}(),Y=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.enroll=function(e){var t=e.token,n=e.email;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={email:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.challenge=function(e){var t=e.token;return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:this.buildHeaders(t)})];case 1:return[2,e.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),X=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.cache=I.shared,this.api=new Y({baseUrl:t,tenantId:n})}return e.prototype.enroll=function(e){var t=e.email;return u(this,void 0,void 0,(function(){return l(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(e){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){var t=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=n.sent()).token&&(this.cache.token=e.token),[2,e]}}))}))},e}(),Q=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.enroll=function(e){var t=e.token,n=e.phoneNumber;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={phoneNumber:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.challenge=function(e){var t=e.token;return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:this.buildHeaders(t)})];case 1:return[2,e.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(o){switch(o.label){case 0:return e={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,o.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),Z=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.cache=I.shared,this.api=new Q({baseUrl:t,tenantId:n})}return e.prototype.enroll=function(e){var t=e.phoneNumber;return u(this,void 0,void 0,(function(){return l(this,(function(e){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:t})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(e){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},e.prototype.verify=function(e){var t=e.code;return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return(e=n.sent()).token&&(this.cache.token=e.token),[2,e]}}))}))},e}(),ee="4a08uqve",te=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new R({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.totp=new z({tenantId:c,baseUrl:r}),this.email=new X({tenantId:c,baseUrl:r}),this.sms=new Z({tenantId:c,baseUrl:r})}return t.prototype.setToken=function(e){I.shared.token=e},t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(ee,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(ee,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(ee,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(ee,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=n.popupOptions,i=new G({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(t,"&mode=popup");return i.show({url:r}),new Promise((function(t){var n=void 0;i.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var o=null;try{o=JSON.parse(t.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=n.windowOptions,i=new S,r="".concat(t,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),t({token:o.token}))}),!1)}))},t}();return e.Authsignal=te,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
package/dist/passkey.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { PasskeyApiClient } from "./api";
2
2
  import { AuthenticatorAttachment } from "@simplewebauthn/types";
3
+ import { AuthsignalResponse } from "./api/types/shared";
3
4
  declare type PasskeyOptions = {
4
5
  baseUrl: string;
5
6
  tenantId: string;
@@ -7,33 +8,34 @@ declare type PasskeyOptions = {
7
8
  };
8
9
  declare type SignUpParams = {
9
10
  userName?: string;
11
+ userDisplayName?: string;
10
12
  token: string;
11
13
  authenticatorAttachment?: AuthenticatorAttachment | null;
12
14
  };
15
+ declare type SignUpResponse = {
16
+ token?: string;
17
+ };
18
+ declare type SignInParams = {
19
+ token?: string;
20
+ autofill?: boolean;
21
+ action?: string;
22
+ onVerificationStarted?: () => unknown;
23
+ };
24
+ declare type SignInResponse = {
25
+ token?: string;
26
+ userId?: string;
27
+ userAuthenticatorId?: string;
28
+ userName?: string;
29
+ userDisplayName?: string;
30
+ };
13
31
  export declare class Passkey {
14
32
  api: PasskeyApiClient;
15
33
  private passkeyLocalStorageKey;
16
34
  private anonymousId;
35
+ private cache;
17
36
  constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
18
- signUp({ userName, token, authenticatorAttachment }: SignUpParams): Promise<string | undefined>;
19
- signIn(): Promise<string | undefined>;
20
- signIn(params?: {
21
- action: string;
22
- autofill?: boolean;
23
- }): Promise<string | undefined>;
24
- signIn(params?: {
25
- token: string;
26
- }): Promise<string | undefined>;
27
- signIn(params?: {
28
- autofill: boolean;
29
- }): Promise<string | undefined>;
30
- signIn(params?: {
31
- autofill: boolean;
32
- challengeId?: string;
33
- }): Promise<string | undefined>;
34
- signIn(params?: {
35
- challengeId: string;
36
- }): Promise<string | undefined>;
37
+ signUp({ userName, userDisplayName, token, authenticatorAttachment, }: SignUpParams): Promise<AuthsignalResponse<SignUpResponse | undefined>>;
38
+ signIn(params?: SignInParams): Promise<SignInResponse | undefined>;
37
39
  isAvailableOnDevice(): Promise<boolean>;
38
40
  private storeCredentialAgainstDevice;
39
41
  }
package/dist/sms.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
2
+ declare type SmsOptions = {
3
+ baseUrl: string;
4
+ tenantId: string;
5
+ };
6
+ declare type EnrollParams = {
7
+ phoneNumber: string;
8
+ };
9
+ declare type VerifyParams = {
10
+ code: string;
11
+ };
12
+ export declare class Sms {
13
+ private api;
14
+ private cache;
15
+ constructor({ baseUrl, tenantId }: SmsOptions);
16
+ enroll({ phoneNumber }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
17
+ challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
18
+ verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
19
+ }
20
+ export {};
package/dist/token-cache.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ import { ErrorResponse } from "./api/types/shared";
2
+ export declare class TokenCache {
3
+ token: string | null;
4
+ static shared: TokenCache;
5
+ handleTokenNotSetError(): ErrorResponse;
6
+ }
package/dist/totp.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { AuthsignalResponse, VerifyResponse } from "./api/types/shared";
2
+ import { EnrollResponse } from "./api/types/totp";
3
+ declare type TotpOptions = {
4
+ baseUrl: string;
5
+ tenantId: string;
6
+ };
7
+ declare type VerifyParams = {
8
+ code: string;
9
+ };
10
+ export declare class Totp {
11
+ private api;
12
+ private cache;
13
+ constructor({ baseUrl, tenantId }: TotpOptions);
14
+ enroll(): Promise<AuthsignalResponse<EnrollResponse>>;
15
+ verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
16
+ }
17
+ export {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "0.5.3-alpha",
3
+ "version": "0.5.3",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",