@authsignal/browser 0.5.3-alpha → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/index.js +448 -60
  2. package/dist/index.min.js +1 -1
  3. package/package.json +2 -1
  4. package/dist/api/index.d.ts +0 -1
  5. package/dist/api/passkey-api-client.d.ts +0 -26
  6. package/dist/api/types.d.ts +0 -41
  7. package/dist/authsignal.d.ts +0 -24
  8. package/dist/handlers/index.d.ts +0 -2
  9. package/dist/handlers/popup-handler.d.ts +0 -18
  10. package/dist/handlers/window-handler.d.ts +0 -11
  11. package/dist/helpers.d.ts +0 -11
  12. package/dist/index.d.ts +0 -2
  13. package/dist/passkey.d.ts +0 -40
  14. package/dist/types.d.ts +0 -66
package/dist/index.js CHANGED
@@ -63,7 +63,7 @@ function v4(options, buf, offset) {
63
63
  return unsafeStringify(rnds);
64
64
  }
65
65
 
66
- var setCookie = function (_a) {
66
+ function setCookie(_a) {
67
67
  var name = _a.name, value = _a.value, expire = _a.expire, domain = _a.domain, secure = _a.secure;
68
68
  var expireString = expire === Infinity ? " expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + expire;
69
69
  document.cookie =
@@ -74,16 +74,20 @@ var setCookie = function (_a) {
74
74
  expireString +
75
75
  (domain ? "; domain=" + domain : "") +
76
76
  (secure ? "; secure" : "");
77
- };
78
- var getCookieDomain = function () {
77
+ }
78
+ function getCookieDomain() {
79
79
  return document.location.hostname.replace("www.", "");
80
- };
81
- var getCookie = function (name) {
80
+ }
81
+ function getCookie(name) {
82
82
  if (!name) {
83
83
  return null;
84
84
  }
85
85
  return (decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*" + encodeURIComponent(name).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*([^;]*).*$)|^.*$"), "$1")) || null);
86
- };
86
+ }
87
+ function logErrorResponse(errorResponse) {
88
+ var _a;
89
+ console.error((_a = errorResponse.errorDescription) !== null && _a !== void 0 ? _a : errorResponse.error);
90
+ }
87
91
 
88
92
  var AuthsignalWindowMessage;
89
93
  (function (AuthsignalWindowMessage) {
@@ -524,6 +528,18 @@ async function startAuthentication(requestOptionsJSON, useBrowserAutofill = fals
524
528
  };
525
529
  }
526
530
 
531
+ var version = "0.5.4";
532
+
533
+ function buildHeaders(_a) {
534
+ var token = _a.token, tenantId = _a.tenantId;
535
+ var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(tenantId)));
536
+ return {
537
+ "Content-Type": "application/json",
538
+ Authorization: authorizationHeader,
539
+ "X-Authsignal-Browser-Version": version
540
+ };
541
+ }
542
+
527
543
  var PasskeyApiClient = /** @class */ (function () {
528
544
  function PasskeyApiClient(_a) {
529
545
  var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
@@ -542,7 +558,7 @@ var PasskeyApiClient = /** @class */ (function () {
542
558
  : { username: username };
543
559
  response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/registration-options"), {
544
560
  method: "POST",
545
- headers: this.buildHeaders(token),
561
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
546
562
  body: JSON.stringify(body)
547
563
  });
548
564
  return [4 /*yield*/, response];
@@ -559,17 +575,13 @@ var PasskeyApiClient = /** @class */ (function () {
559
575
  switch (_b.label) {
560
576
  case 0:
561
577
  body = { challengeId: challengeId };
562
- return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
563
- method: "POST",
564
- headers: this.buildHeaders(token),
565
- body: JSON.stringify(body)
566
- })];
567
- case 1:
568
- response = _b.sent();
569
- if (!response.ok) {
570
- throw new Error(response.statusText);
571
- }
572
- return [2 /*return*/, response.json()];
578
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey/authentication-options"), {
579
+ method: "POST",
580
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
581
+ body: JSON.stringify(body)
582
+ });
583
+ return [4 /*yield*/, response];
584
+ case 1: return [2 /*return*/, (_b.sent()).json()];
573
585
  }
574
586
  });
575
587
  });
@@ -587,7 +599,7 @@ var PasskeyApiClient = /** @class */ (function () {
587
599
  };
588
600
  response = fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey"), {
589
601
  method: "POST",
590
- headers: this.buildHeaders(token),
602
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
591
603
  body: JSON.stringify(body)
592
604
  });
593
605
  return [4 /*yield*/, response];
@@ -606,7 +618,7 @@ var PasskeyApiClient = /** @class */ (function () {
606
618
  body = { challengeId: challengeId, authenticationCredential: authenticationCredential, deviceId: deviceId };
607
619
  response = fetch("".concat(this.baseUrl, "/client/verify/passkey"), {
608
620
  method: "POST",
609
- headers: this.buildHeaders(token),
621
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
610
622
  body: JSON.stringify(body)
611
623
  });
612
624
  return [4 /*yield*/, response];
@@ -622,7 +634,7 @@ var PasskeyApiClient = /** @class */ (function () {
622
634
  switch (_a.label) {
623
635
  case 0: return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/user-authenticators/passkey?credentialId=").concat(credentialId), {
624
636
  method: "GET",
625
- headers: this.buildHeaders()
637
+ headers: buildHeaders({ tenantId: this.tenantId })
626
638
  })];
627
639
  case 1:
628
640
  response = _a.sent();
@@ -642,7 +654,7 @@ var PasskeyApiClient = /** @class */ (function () {
642
654
  case 0:
643
655
  response = fetch("".concat(this.baseUrl, "/client/challenge"), {
644
656
  method: "POST",
645
- headers: this.buildHeaders(),
657
+ headers: buildHeaders({ tenantId: this.tenantId }),
646
658
  body: JSON.stringify({ action: action })
647
659
  });
648
660
  return [4 /*yield*/, response];
@@ -651,56 +663,87 @@ var PasskeyApiClient = /** @class */ (function () {
651
663
  });
652
664
  });
653
665
  };
654
- PasskeyApiClient.prototype.buildHeaders = function (token) {
655
- var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
666
+ return PasskeyApiClient;
667
+ }());
668
+
669
+ var TokenCache = /** @class */ (function () {
670
+ function TokenCache() {
671
+ this.token = null;
672
+ }
673
+ TokenCache.prototype.handleTokenNotSetError = function () {
674
+ var error = "A token has not been set. Call 'setToken' first.";
675
+ var errorCode = "TOKEN_NOT_SET";
676
+ console.error("Error: ".concat(error));
656
677
  return {
657
- "Content-Type": "application/json",
658
- Authorization: authorizationHeader
678
+ error: errorCode,
679
+ errorDescription: error
659
680
  };
660
681
  };
661
- return PasskeyApiClient;
682
+ TokenCache.shared = new TokenCache();
683
+ return TokenCache;
662
684
  }());
663
685
 
664
686
  var Passkey = /** @class */ (function () {
665
687
  function Passkey(_a) {
666
688
  var baseUrl = _a.baseUrl, tenantId = _a.tenantId, anonymousId = _a.anonymousId;
667
689
  this.passkeyLocalStorageKey = "as_passkey_credential_id";
690
+ this.cache = TokenCache.shared;
668
691
  this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId });
669
692
  this.anonymousId = anonymousId;
670
693
  }
671
694
  Passkey.prototype.signUp = function (_a) {
672
- var userName = _a.userName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
695
+ var userName = _a.userName, userDisplayName = _a.userDisplayName, token = _a.token, _b = _a.authenticatorAttachment, authenticatorAttachment = _b === void 0 ? "platform" : _b;
673
696
  return __awaiter(this, void 0, void 0, function () {
674
- var optionsResponse, registrationResponse, addAuthenticatorResponse;
697
+ var userToken, optionsInput, optionsResponse, registrationResponse, addAuthenticatorResponse;
675
698
  return __generator(this, function (_c) {
676
699
  switch (_c.label) {
677
- case 0: return [4 /*yield*/, this.api.registrationOptions({ username: userName, token: token, authenticatorAttachment: authenticatorAttachment })];
700
+ case 0:
701
+ userToken = token !== null && token !== void 0 ? token : this.cache.token;
702
+ if (!userToken) {
703
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
704
+ }
705
+ optionsInput = {
706
+ username: userName,
707
+ displayName: userDisplayName,
708
+ token: userToken,
709
+ authenticatorAttachment: authenticatorAttachment
710
+ };
711
+ return [4 /*yield*/, this.api.registrationOptions(optionsInput)];
678
712
  case 1:
679
713
  optionsResponse = _c.sent();
714
+ if ("error" in optionsResponse) {
715
+ logErrorResponse(optionsResponse);
716
+ return [2 /*return*/];
717
+ }
680
718
  return [4 /*yield*/, startRegistration(optionsResponse.options)];
681
719
  case 2:
682
720
  registrationResponse = _c.sent();
683
721
  return [4 /*yield*/, this.api.addAuthenticator({
684
722
  challengeId: optionsResponse.challengeId,
685
723
  registrationCredential: registrationResponse,
686
- token: token
724
+ token: userToken
687
725
  })];
688
726
  case 3:
689
727
  addAuthenticatorResponse = _c.sent();
690
- if (addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.isVerified) {
728
+ if ("error" in addAuthenticatorResponse) {
729
+ logErrorResponse(addAuthenticatorResponse);
730
+ return [2 /*return*/];
731
+ }
732
+ if (addAuthenticatorResponse.isVerified) {
691
733
  this.storeCredentialAgainstDevice(registrationResponse);
692
734
  }
693
- return [2 /*return*/, addAuthenticatorResponse === null || addAuthenticatorResponse === void 0 ? void 0 : addAuthenticatorResponse.accessToken];
735
+ return [2 /*return*/, {
736
+ token: addAuthenticatorResponse.accessToken
737
+ }];
694
738
  }
695
739
  });
696
740
  });
697
741
  };
698
742
  Passkey.prototype.signIn = function (params) {
699
- var _a;
700
743
  return __awaiter(this, void 0, void 0, function () {
701
- var challengeResponse, _b, optionsResponse, authenticationResponse, verifyResponse;
702
- return __generator(this, function (_c) {
703
- switch (_c.label) {
744
+ var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, userName, userDisplayName;
745
+ return __generator(this, function (_b) {
746
+ switch (_b.label) {
704
747
  case 0:
705
748
  if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {
706
749
  throw new Error("autofill is not supported when providing a token");
@@ -708,31 +751,36 @@ var Passkey = /** @class */ (function () {
708
751
  if ((params === null || params === void 0 ? void 0 : params.action) && params.token) {
709
752
  throw new Error("action is not supported when providing a token");
710
753
  }
711
- if ((params === null || params === void 0 ? void 0 : params.action) && (params === null || params === void 0 ? void 0 : params.challengeId)) {
712
- throw new Error("action is not supported when providing a challengeId");
713
- }
714
- if ((params === null || params === void 0 ? void 0 : params.challengeId) && params.token) {
715
- throw new Error("challengeId is not supported when providing a token");
716
- }
717
754
  if (!(params === null || params === void 0 ? void 0 : params.action)) return [3 /*break*/, 2];
718
755
  return [4 /*yield*/, this.api.challenge(params.action)];
719
756
  case 1:
720
- _b = _c.sent();
757
+ _a = _b.sent();
721
758
  return [3 /*break*/, 3];
722
759
  case 2:
723
- _b = null;
724
- _c.label = 3;
760
+ _a = null;
761
+ _b.label = 3;
725
762
  case 3:
726
- challengeResponse = _b;
763
+ challengeResponse = _a;
764
+ if (challengeResponse && "error" in challengeResponse) {
765
+ logErrorResponse(challengeResponse);
766
+ return [2 /*return*/];
767
+ }
727
768
  return [4 /*yield*/, this.api.authenticationOptions({
728
769
  token: params === null || params === void 0 ? void 0 : params.token,
729
- challengeId: (_a = challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId) !== null && _a !== void 0 ? _a : params === null || params === void 0 ? void 0 : params.challengeId
770
+ challengeId: challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId
730
771
  })];
731
772
  case 4:
732
- optionsResponse = _c.sent();
773
+ optionsResponse = _b.sent();
774
+ if ("error" in optionsResponse) {
775
+ logErrorResponse(optionsResponse);
776
+ return [2 /*return*/];
777
+ }
733
778
  return [4 /*yield*/, startAuthentication(optionsResponse.options, params === null || params === void 0 ? void 0 : params.autofill)];
734
779
  case 5:
735
- authenticationResponse = _c.sent();
780
+ authenticationResponse = _b.sent();
781
+ if (params === null || params === void 0 ? void 0 : params.onVerificationStarted) {
782
+ params.onVerificationStarted();
783
+ }
736
784
  return [4 /*yield*/, this.api.verify({
737
785
  challengeId: optionsResponse.challengeId,
738
786
  authenticationCredential: authenticationResponse,
@@ -740,11 +788,22 @@ var Passkey = /** @class */ (function () {
740
788
  deviceId: this.anonymousId
741
789
  })];
742
790
  case 6:
743
- verifyResponse = _c.sent();
744
- if (verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.isVerified) {
791
+ verifyResponse = _b.sent();
792
+ if ("error" in verifyResponse) {
793
+ logErrorResponse(verifyResponse);
794
+ return [2 /*return*/];
795
+ }
796
+ if (verifyResponse.isVerified) {
745
797
  this.storeCredentialAgainstDevice(authenticationResponse);
746
798
  }
747
- return [2 /*return*/, verifyResponse === null || verifyResponse === void 0 ? void 0 : verifyResponse.accessToken];
799
+ token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, userName = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName;
800
+ return [2 /*return*/, {
801
+ token: token,
802
+ userId: userId,
803
+ userAuthenticatorId: userAuthenticatorId,
804
+ userName: userName,
805
+ userDisplayName: userDisplayName
806
+ }];
748
807
  }
749
808
  });
750
809
  });
@@ -1287,6 +1346,10 @@ var PopupHandler = /** @class */ (function () {
1287
1346
  container.appendChild(overlay);
1288
1347
  container.appendChild(content);
1289
1348
  this.popup = new A11yDialog(container);
1349
+ // Safari and Firefox will fail the WebAuthn request if the document making
1350
+ // the request does not have focus. This will reduce the chances of that
1351
+ // happening by focusing on the dialog container.
1352
+ container.focus();
1290
1353
  // Make sure to remove any trace of the dialog on hide
1291
1354
  this.popup.on("hide", function () {
1292
1355
  _this.destroy();
@@ -1342,6 +1405,328 @@ function resizeIframe(event) {
1342
1405
  }
1343
1406
  }
1344
1407
 
1408
+ var TotpApiClient = /** @class */ (function () {
1409
+ function TotpApiClient(_a) {
1410
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1411
+ this.tenantId = tenantId;
1412
+ this.baseUrl = baseUrl;
1413
+ }
1414
+ TotpApiClient.prototype.enroll = function (_a) {
1415
+ var token = _a.token;
1416
+ return __awaiter(this, void 0, void 0, function () {
1417
+ var response;
1418
+ return __generator(this, function (_b) {
1419
+ switch (_b.label) {
1420
+ case 0:
1421
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/totp"), {
1422
+ method: "POST",
1423
+ headers: buildHeaders({ token: token, tenantId: this.tenantId })
1424
+ });
1425
+ return [4 /*yield*/, response];
1426
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1427
+ }
1428
+ });
1429
+ });
1430
+ };
1431
+ TotpApiClient.prototype.verify = function (_a) {
1432
+ var token = _a.token, code = _a.code;
1433
+ return __awaiter(this, void 0, void 0, function () {
1434
+ var body, response;
1435
+ return __generator(this, function (_b) {
1436
+ switch (_b.label) {
1437
+ case 0:
1438
+ body = { code: code };
1439
+ response = fetch("".concat(this.baseUrl, "/client/verify/totp"), {
1440
+ method: "POST",
1441
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1442
+ body: JSON.stringify(body)
1443
+ });
1444
+ return [4 /*yield*/, response];
1445
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1446
+ }
1447
+ });
1448
+ });
1449
+ };
1450
+ return TotpApiClient;
1451
+ }());
1452
+
1453
+ var Totp = /** @class */ (function () {
1454
+ function Totp(_a) {
1455
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1456
+ this.cache = TokenCache.shared;
1457
+ this.api = new TotpApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1458
+ }
1459
+ Totp.prototype.enroll = function () {
1460
+ return __awaiter(this, void 0, void 0, function () {
1461
+ return __generator(this, function (_a) {
1462
+ if (!this.cache.token) {
1463
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1464
+ }
1465
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token })];
1466
+ });
1467
+ });
1468
+ };
1469
+ Totp.prototype.verify = function (_a) {
1470
+ var code = _a.code;
1471
+ return __awaiter(this, void 0, void 0, function () {
1472
+ var verifyResponse;
1473
+ return __generator(this, function (_b) {
1474
+ switch (_b.label) {
1475
+ case 0:
1476
+ if (!this.cache.token) {
1477
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1478
+ }
1479
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1480
+ case 1:
1481
+ verifyResponse = _b.sent();
1482
+ if (verifyResponse.token) {
1483
+ this.cache.token = verifyResponse.token;
1484
+ }
1485
+ return [2 /*return*/, verifyResponse];
1486
+ }
1487
+ });
1488
+ });
1489
+ };
1490
+ return Totp;
1491
+ }());
1492
+
1493
+ var EmailApiClient = /** @class */ (function () {
1494
+ function EmailApiClient(_a) {
1495
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1496
+ this.tenantId = tenantId;
1497
+ this.baseUrl = baseUrl;
1498
+ }
1499
+ EmailApiClient.prototype.enroll = function (_a) {
1500
+ var token = _a.token, email = _a.email;
1501
+ return __awaiter(this, void 0, void 0, function () {
1502
+ var body, response;
1503
+ return __generator(this, function (_b) {
1504
+ switch (_b.label) {
1505
+ case 0:
1506
+ body = { email: email };
1507
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/email-otp"), {
1508
+ method: "POST",
1509
+ headers: this.buildHeaders(token),
1510
+ body: JSON.stringify(body)
1511
+ });
1512
+ return [4 /*yield*/, response];
1513
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1514
+ }
1515
+ });
1516
+ });
1517
+ };
1518
+ EmailApiClient.prototype.challenge = function (_a) {
1519
+ var token = _a.token;
1520
+ return __awaiter(this, void 0, void 0, function () {
1521
+ var response;
1522
+ return __generator(this, function (_b) {
1523
+ switch (_b.label) {
1524
+ case 0:
1525
+ response = fetch("".concat(this.baseUrl, "/client/challenge/email-otp"), {
1526
+ method: "POST",
1527
+ headers: this.buildHeaders(token)
1528
+ });
1529
+ return [4 /*yield*/, response];
1530
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1531
+ }
1532
+ });
1533
+ });
1534
+ };
1535
+ EmailApiClient.prototype.verify = function (_a) {
1536
+ var token = _a.token, code = _a.code;
1537
+ return __awaiter(this, void 0, void 0, function () {
1538
+ var body, response;
1539
+ return __generator(this, function (_b) {
1540
+ switch (_b.label) {
1541
+ case 0:
1542
+ body = { code: code };
1543
+ response = fetch("".concat(this.baseUrl, "/client/verify/email-otp"), {
1544
+ method: "POST",
1545
+ headers: this.buildHeaders(token),
1546
+ body: JSON.stringify(body)
1547
+ });
1548
+ return [4 /*yield*/, response];
1549
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1550
+ }
1551
+ });
1552
+ });
1553
+ };
1554
+ EmailApiClient.prototype.buildHeaders = function (token) {
1555
+ var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)));
1556
+ return {
1557
+ "Content-Type": "application/json",
1558
+ Authorization: authorizationHeader
1559
+ };
1560
+ };
1561
+ return EmailApiClient;
1562
+ }());
1563
+
1564
+ var Email = /** @class */ (function () {
1565
+ function Email(_a) {
1566
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1567
+ this.cache = TokenCache.shared;
1568
+ this.api = new EmailApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1569
+ }
1570
+ Email.prototype.enroll = function (_a) {
1571
+ var email = _a.email;
1572
+ return __awaiter(this, void 0, void 0, function () {
1573
+ return __generator(this, function (_b) {
1574
+ if (!this.cache.token) {
1575
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1576
+ }
1577
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token, email: email })];
1578
+ });
1579
+ });
1580
+ };
1581
+ Email.prototype.challenge = function () {
1582
+ return __awaiter(this, void 0, void 0, function () {
1583
+ return __generator(this, function (_a) {
1584
+ if (!this.cache.token) {
1585
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1586
+ }
1587
+ return [2 /*return*/, this.api.challenge({ token: this.cache.token })];
1588
+ });
1589
+ });
1590
+ };
1591
+ Email.prototype.verify = function (_a) {
1592
+ var code = _a.code;
1593
+ return __awaiter(this, void 0, void 0, function () {
1594
+ var verifyResponse;
1595
+ return __generator(this, function (_b) {
1596
+ switch (_b.label) {
1597
+ case 0:
1598
+ if (!this.cache.token) {
1599
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1600
+ }
1601
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1602
+ case 1:
1603
+ verifyResponse = _b.sent();
1604
+ if (verifyResponse.token) {
1605
+ this.cache.token = verifyResponse.token;
1606
+ }
1607
+ return [2 /*return*/, verifyResponse];
1608
+ }
1609
+ });
1610
+ });
1611
+ };
1612
+ return Email;
1613
+ }());
1614
+
1615
+ var SmsApiClient = /** @class */ (function () {
1616
+ function SmsApiClient(_a) {
1617
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1618
+ this.tenantId = tenantId;
1619
+ this.baseUrl = baseUrl;
1620
+ }
1621
+ SmsApiClient.prototype.enroll = function (_a) {
1622
+ var token = _a.token, phoneNumber = _a.phoneNumber;
1623
+ return __awaiter(this, void 0, void 0, function () {
1624
+ var body, response;
1625
+ return __generator(this, function (_b) {
1626
+ switch (_b.label) {
1627
+ case 0:
1628
+ body = { phoneNumber: phoneNumber };
1629
+ response = fetch("".concat(this.baseUrl, "/client/user-authenticators/sms"), {
1630
+ method: "POST",
1631
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1632
+ body: JSON.stringify(body)
1633
+ });
1634
+ return [4 /*yield*/, response];
1635
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1636
+ }
1637
+ });
1638
+ });
1639
+ };
1640
+ SmsApiClient.prototype.challenge = function (_a) {
1641
+ var token = _a.token;
1642
+ return __awaiter(this, void 0, void 0, function () {
1643
+ var response;
1644
+ return __generator(this, function (_b) {
1645
+ switch (_b.label) {
1646
+ case 0:
1647
+ response = fetch("".concat(this.baseUrl, "/client/challenge/sms"), {
1648
+ method: "POST",
1649
+ headers: buildHeaders({ token: token, tenantId: this.tenantId })
1650
+ });
1651
+ return [4 /*yield*/, response];
1652
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1653
+ }
1654
+ });
1655
+ });
1656
+ };
1657
+ SmsApiClient.prototype.verify = function (_a) {
1658
+ var token = _a.token, code = _a.code;
1659
+ return __awaiter(this, void 0, void 0, function () {
1660
+ var body, response;
1661
+ return __generator(this, function (_b) {
1662
+ switch (_b.label) {
1663
+ case 0:
1664
+ body = { code: code };
1665
+ response = fetch("".concat(this.baseUrl, "/client/verify/sms"), {
1666
+ method: "POST",
1667
+ headers: buildHeaders({ token: token, tenantId: this.tenantId }),
1668
+ body: JSON.stringify(body)
1669
+ });
1670
+ return [4 /*yield*/, response];
1671
+ case 1: return [2 /*return*/, (_b.sent()).json()];
1672
+ }
1673
+ });
1674
+ });
1675
+ };
1676
+ return SmsApiClient;
1677
+ }());
1678
+
1679
+ var Sms = /** @class */ (function () {
1680
+ function Sms(_a) {
1681
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
1682
+ this.cache = TokenCache.shared;
1683
+ this.api = new SmsApiClient({ baseUrl: baseUrl, tenantId: tenantId });
1684
+ }
1685
+ Sms.prototype.enroll = function (_a) {
1686
+ var phoneNumber = _a.phoneNumber;
1687
+ return __awaiter(this, void 0, void 0, function () {
1688
+ return __generator(this, function (_b) {
1689
+ if (!this.cache.token) {
1690
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1691
+ }
1692
+ return [2 /*return*/, this.api.enroll({ token: this.cache.token, phoneNumber: phoneNumber })];
1693
+ });
1694
+ });
1695
+ };
1696
+ Sms.prototype.challenge = function () {
1697
+ return __awaiter(this, void 0, void 0, function () {
1698
+ return __generator(this, function (_a) {
1699
+ if (!this.cache.token) {
1700
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1701
+ }
1702
+ return [2 /*return*/, this.api.challenge({ token: this.cache.token })];
1703
+ });
1704
+ });
1705
+ };
1706
+ Sms.prototype.verify = function (_a) {
1707
+ var code = _a.code;
1708
+ return __awaiter(this, void 0, void 0, function () {
1709
+ var verifyResponse;
1710
+ return __generator(this, function (_b) {
1711
+ switch (_b.label) {
1712
+ case 0:
1713
+ if (!this.cache.token) {
1714
+ return [2 /*return*/, this.cache.handleTokenNotSetError()];
1715
+ }
1716
+ return [4 /*yield*/, this.api.verify({ token: this.cache.token, code: code })];
1717
+ case 1:
1718
+ verifyResponse = _b.sent();
1719
+ if (verifyResponse.token) {
1720
+ this.cache.token = verifyResponse.token;
1721
+ }
1722
+ return [2 /*return*/, verifyResponse];
1723
+ }
1724
+ });
1725
+ });
1726
+ };
1727
+ return Sms;
1728
+ }());
1729
+
1345
1730
  var DEFAULT_COOKIE_NAME = "__as_aid";
1346
1731
  var DEFAULT_PROFILING_COOKIE_NAME = "__as_pid";
1347
1732
  var DEFAULT_BASE_URL = "https://api.authsignal.com/v1";
@@ -1353,7 +1738,6 @@ var Authsignal = /** @class */ (function () {
1353
1738
  this.profilingId = "";
1354
1739
  this.cookieDomain = "";
1355
1740
  this.anonymousIdCookieName = "";
1356
- this._token = undefined;
1357
1741
  this.cookieDomain = cookieDomain || getCookieDomain();
1358
1742
  this.anonymousIdCookieName = cookieName;
1359
1743
  if (!tenantId) {
@@ -1374,7 +1758,13 @@ var Authsignal = /** @class */ (function () {
1374
1758
  });
1375
1759
  }
1376
1760
  this.passkey = new Passkey({ tenantId: tenantId, baseUrl: baseUrl, anonymousId: this.anonymousId });
1761
+ this.totp = new Totp({ tenantId: tenantId, baseUrl: baseUrl });
1762
+ this.email = new Email({ tenantId: tenantId, baseUrl: baseUrl });
1763
+ this.sms = new Sms({ tenantId: tenantId, baseUrl: baseUrl });
1377
1764
  }
1765
+ Authsignal.prototype.setToken = function (token) {
1766
+ TokenCache.shared.token = token;
1767
+ };
1378
1768
  Authsignal.prototype.launch = function (url, options) {
1379
1769
  switch (options === null || options === void 0 ? void 0 : options.mode) {
1380
1770
  case "window":
@@ -1424,12 +1814,12 @@ var Authsignal = /** @class */ (function () {
1424
1814
  window.location.href = url;
1425
1815
  };
1426
1816
  Authsignal.prototype.launchWithPopup = function (url, options) {
1427
- var _this = this;
1428
1817
  var popupOptions = options.popupOptions;
1429
1818
  var popupHandler = new PopupHandler({ width: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.width, isClosable: popupOptions === null || popupOptions === void 0 ? void 0 : popupOptions.isClosable });
1430
1819
  var popupUrl = "".concat(url, "&mode=popup");
1431
1820
  popupHandler.show({ url: popupUrl });
1432
1821
  return new Promise(function (resolve) {
1822
+ var token = undefined;
1433
1823
  var onMessage = function (event) {
1434
1824
  var data = null;
1435
1825
  try {
@@ -1439,18 +1829,17 @@ var Authsignal = /** @class */ (function () {
1439
1829
  // Ignore if the event data is not valid JSON
1440
1830
  }
1441
1831
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1442
- _this._token = data.token;
1832
+ token = data.token;
1443
1833
  popupHandler.close();
1444
1834
  }
1445
1835
  };
1446
1836
  popupHandler.on("hide", function () {
1447
- resolve({ token: _this._token });
1837
+ resolve({ token: token });
1448
1838
  });
1449
1839
  window.addEventListener("message", onMessage, false);
1450
1840
  });
1451
1841
  };
1452
1842
  Authsignal.prototype.launchWithWindow = function (url, options) {
1453
- var _this = this;
1454
1843
  var windowOptions = options.windowOptions;
1455
1844
  var windowHandler = new WindowHandler();
1456
1845
  var windowUrl = "".concat(url, "&mode=popup");
@@ -1465,9 +1854,8 @@ var Authsignal = /** @class */ (function () {
1465
1854
  // Ignore if the event data is not valid JSON
1466
1855
  }
1467
1856
  if ((data === null || data === void 0 ? void 0 : data.event) === AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP) {
1468
- _this._token = data.token;
1469
1857
  windowHandler.close();
1470
- resolve({ token: _this._token });
1858
+ resolve({ token: data.token });
1471
1859
  }
1472
1860
  };
1473
1861
  window.addEventListener("message", onMessage, false);
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const i=[];for(let e=0;e<256;++e)i.push((e+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(e,t,n){if(r.randomUUID&&!t&&!e)return r.randomUUID();const a=(e=e||{}).random||(e.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=a[e];return t}return function(e,t=0){return(i[e[t+0]]+i[e[t+1]]+i[e[t+2]]+i[e[t+3]]+"-"+i[e[t+4]]+i[e[t+5]]+"-"+i[e[t+6]]+i[e[t+7]]+"-"+i[e[t+8]]+i[e[t+9]]+"-"+i[e[t+10]]+i[e[t+11]]+i[e[t+12]]+i[e[t+13]]+i[e[t+14]]+i[e[t+15]]).toLowerCase()}(a)}var s=function(e){var t=e.name,n=e.value,o=e.expire,i=e.domain,r=e.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")};function c(e,t,n,o){return new(n||(n=Promise))((function(i,r){function a(e){try{c(o.next(e))}catch(e){r(e)}}function s(e){try{c(o.throw(e))}catch(e){r(e)}}function c(e){var t;e.done?i(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}c((o=o.apply(e,t||[])).next())}))}function u(e,t){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=t.call(e,a)}catch(e){r=[6,e],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function l(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let e=0;e<i.length;e++)a[e]=i.charCodeAt(e);return r}function h(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function p(e){const{id:t}=e;return{...e,id:d(t),transports:e.transports}}function f(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class m extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),this.name=o??n.name,this.code=t}}const w=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},g=["cross-platform","platform"];function y(e){if(e&&!(g.indexOf(e)<0))return e}async function v(e){if(!h())throw new Error("WebAuthn is not supported in this browser");var t;const n={publicKey:{...e,challenge:d(e.challenge),user:{...e.user,id:(t=e.user.id,(new TextEncoder).encode(t))},excludeCredentials:e.excludeCredentials?.map(p)}};let o;n.signal=w.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new m({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new m({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new m({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new m({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new m({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new m({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new m({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new m({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,g,v;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(e){b("getPublicKeyAlgorithm()",e)}if("function"==typeof a.getPublicKey)try{const e=a.getPublicKey();null!==e&&(g=l(e))}catch(e){b("getPublicKey()",e)}if("function"==typeof a.getAuthenticatorData)try{v=l(a.getAuthenticatorData())}catch(e){b("getAuthenticatorData()",e)}return{id:i,rawId:l(r),response:{attestationObject:l(a.attestationObject),clientDataJSON:l(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:g,authenticatorData:v},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:y(o.authenticatorAttachment)}}function b(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}async function E(e,t=!1){if(!h())throw new Error("WebAuthn is not supported in this browser");let n;0!==e.allowCredentials?.length&&(n=e.allowCredentials?.map(p));const o={...e,challenge:d(e.challenge),allowCredentials:n},i={};if(t){if(!await function(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=w.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!f(t))return new m({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new m({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let g;var v;return c.userHandle&&(v=c.userHandle,g=new TextDecoder("utf-8").decode(v)),{id:a,rawId:l(s),response:{authenticatorData:l(c.authenticatorData),clientDataJSON:l(c.clientDataJSON),signature:l(c.signature),userHandle:g},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:y(r.authenticatorAttachment)}}var A=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.registrationOptions=function(e){var t=e.token,n=e.username,o=e.authenticatorAttachment;return c(this,void 0,void 0,(function(){var e;return u(this,(function(i){switch(i.label){case 0:return e=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.authenticationOptions=function(e){var t=e.token,n=e.challengeId;return c(this,void 0,void 0,(function(){var e,o;return u(this,(function(i){switch(i.label){case 0:return e={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:if(!(o=i.sent()).ok)throw new Error(o.statusText);return[2,o.json()]}}))}))},e.prototype.addAuthenticator=function(e){var t=e.token,n=e.challengeId,o=e.registrationCredential;return c(this,void 0,void 0,(function(){var e;return u(this,(function(i){switch(i.label){case 0:return e={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,i.sent().json()]}}))}))},e.prototype.verify=function(e){var t=e.token,n=e.challengeId,o=e.authenticationCredential,i=e.deviceId;return c(this,void 0,void 0,(function(){var e;return u(this,(function(r){switch(r.label){case 0:return e={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:this.buildHeaders(t),body:JSON.stringify(e)})];case 1:return[2,r.sent().json()]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return c(this,void 0,void 0,(function(){var t;return u(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(e),{method:"GET",headers:this.buildHeaders()})];case 1:if(!(t=n.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){return u(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:this.buildHeaders(),body:JSON.stringify({action:e})})];case 1:return[2,t.sent().json()]}}))}))},e.prototype.buildHeaders=function(e){return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},e}(),R=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.api=new A({baseUrl:t,tenantId:n}),this.anonymousId=o}return e.prototype.signUp=function(e){var t=e.userName,n=e.token,o=e.authenticatorAttachment,i=void 0===o?"platform":o;return c(this,void 0,void 0,(function(){var e,o,r;return u(this,(function(a){switch(a.label){case 0:return[4,this.api.registrationOptions({username:t,token:n,authenticatorAttachment:i})];case 1:return[4,v((e=a.sent()).options)];case 2:return o=a.sent(),[4,this.api.addAuthenticator({challengeId:e.challengeId,registrationCredential:o,token:n})];case 3:return(null==(r=a.sent())?void 0:r.isVerified)&&this.storeCredentialAgainstDevice(o),[2,null==r?void 0:r.accessToken]}}))}))},e.prototype.signIn=function(e){var t;return c(this,void 0,void 0,(function(){var n,o,i,r,a;return u(this,(function(s){switch(s.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if((null==e?void 0:e.action)&&(null==e?void 0:e.challengeId))throw new Error("action is not supported when providing a challengeId");if((null==e?void 0:e.challengeId)&&e.token)throw new Error("challengeId is not supported when providing a token");return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return o=s.sent(),[3,3];case 2:o=null,s.label=3;case 3:return n=o,[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null!==(t=null==n?void 0:n.challengeId)&&void 0!==t?t:null==e?void 0:e.challengeId})];case 4:return[4,E((i=s.sent()).options,null==e?void 0:e.autofill)];case 5:return r=s.sent(),[4,this.api.verify({challengeId:i.challengeId,authenticationCredential:r,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 6:return(null==(a=s.sent())?void 0:a.isVerified)&&this.storeCredentialAgainstDevice(r),[2,null==a?void 0:a.accessToken]}}))}))},e.prototype.isAvailableOnDevice=function(){return c(this,void 0,void 0,(function(){var e;return u(this,(function(t){switch(t.label){case 0:if(!(e=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];t.label=1;case 1:return t.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(e)];case 2:return t.sent(),[2,!0];case 3:return t.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id;"cross-platform"!==e.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,t)},e}(),I=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,i=e.height,r=function(e){var t=e.url,n=e.width,o=e.height,i=e.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:t,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const _=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',S=":not(:disabled)";var O=[`a[href]${_}${C}`,`area[href]${_}${C}`,`input:not([type="hidden"]):not([type="radio"])${_}${C}${S}`,`input[type="radio"]${_}${C}${S}`,`select${_}${C}${S}`,`textarea${_}${C}${S}`,`button${_}${C}${S}`,`details${_} > summary:first-of-type${C}`,`iframe${_}${C}`,`audio[controls]${_}${C}`,`video[controls]${_}${C}`,`[contenteditable]${_}${C}`,`[tabindex]${_}${C}`];function k(e){(e.querySelector("[autofocus]")||e).focus()}function $(e,t){if(t&&U(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=P(e.shadowRoot,t);for(;n;){const e=$(n,t);if(e)return e;n=T(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=$(e,t);if(n)return n}}else{let n=P(e,t);for(;n;){const e=$(n,t);if(e)return e;n=T(n,t)}}var n;return!t&&U(e)?e:null}function P(e,t){return t?e.firstElementChild:e.lastElementChild}function T(e,t){return t?e.nextElementSibling:e.previousElementSibling}const U=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(O.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function N(e=document){const t=e.activeElement;return t?t.shadowRoot?N(t.shadowRoot)||document.activeElement:t:null}function D(e,t){const[n,o]=function(e){const t=$(e,!0);return[t,t?$(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const i=N();t.shiftKey&&i===n?(o.focus(),t.preventDefault()):t.shiftKey||i!==o||(n.focus(),t.preventDefault())}class x{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=N(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):k(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&D(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||k(this.$el)}}function L(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new x(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",L):L());var K="__authsignal-popup-container",H="__authsignal-popup-content",W="__authsignal-popup-overlay",M="__authsignal-popup-style",q="__authsignal-popup-iframe",F="385px",G=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(K)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?F:n,i=e.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=F);var s=document.createElement("div");s.setAttribute("id",K),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",W),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",H),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",M),l.textContent="\n #".concat(K,",\n #").concat(W," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(K," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(K,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(W," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(H," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(H," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new x(s),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(K)),t=document.querySelector("#".concat(M));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",j)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",q),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(H));i&&i.appendChild(o),window.addEventListener("message",j),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function j(e){var t=document.querySelector("#".concat(q));t&&e.data.height&&(t.style.height=e.data.height+"px")}var V="4a08uqve",z=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,i=e.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=e.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this._token=void 0,this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new R({tenantId:c,baseUrl:r,anonymousId:this.anonymousId})}return t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=a();this.profilingId=t,s({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(V,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(V,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=e?"".concat(e,"/fp/tags?org_id=").concat(V,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(V,"&session_id=").concat(t);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=this,i=n.popupOptions,r=new G({width:null==i?void 0:i.width,isClosable:null==i?void 0:i.isClosable}),a="".concat(t,"&mode=popup");return r.show({url:a}),new Promise((function(t){r.on("hide",(function(){t({token:o._token})})),window.addEventListener("message",(function(t){var n=null;try{n=JSON.parse(t.data)}catch(e){}(null==n?void 0:n.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(o._token=n.token,r.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=this,i=n.windowOptions,r=new I,a="".concat(t,"&mode=popup");return r.show({url:a,width:null==i?void 0:i.width,height:null==i?void 0:i.height}),new Promise((function(t){window.addEventListener("message",(function(n){var i=null;try{i=JSON.parse(n.data)}catch(e){}(null==i?void 0:i.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(o._token=i.token,r.close(),t({token:o._token}))}),!1)}))},t}();return e.Authsignal=z,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
1
+ var authsignal=function(t){"use strict";let e;const n=new Uint8Array(16);function o(){if(!e&&(e="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!e))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return e(n)}const i=[];for(let t=0;t<256;++t)i.push((t+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(t,e,n){if(r.randomUUID&&!e&&!t)return r.randomUUID();const a=(t=t||{}).random||(t.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,e){n=n||0;for(let t=0;t<16;++t)e[n+t]=a[t];return e}return function(t,e=0){return(i[t[e+0]]+i[t[e+1]]+i[t[e+2]]+i[t[e+3]]+"-"+i[t[e+4]]+i[t[e+5]]+"-"+i[t[e+6]]+i[t[e+7]]+"-"+i[t[e+8]]+i[t[e+9]]+"-"+i[t[e+10]]+i[t[e+11]]+i[t[e+12]]+i[t[e+13]]+i[t[e+14]]+i[t[e+15]]).toLowerCase()}(a)}function s(t){var e=t.name,n=t.value,o=t.expire,i=t.domain,r=t.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(e)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(t){var e;console.error(null!==(e=t.errorDescription)&&void 0!==e?e:t.error)}function u(t,e,n,o){return new(n||(n=Promise))((function(i,r){function a(t){try{c(o.next(t))}catch(t){r(t)}}function s(t){try{c(o.throw(t))}catch(t){r(t)}}function c(t){var e;t.done?i(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(a,s)}c((o=o.apply(t,e||[])).next())}))}function l(t,e){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=e.call(t,a)}catch(t){r=[6,t],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function h(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,o=e.padEnd(e.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let t=0;t<i.length;t++)a[t]=i.charCodeAt(t);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(t){const{id:e}=t;return{...t,id:d(e),transports:t.transports}}function m(t){return"localhost"===t||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(t)}t.AuthsignalWindowMessage=void 0,(t.AuthsignalWindowMessage||(t.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class v extends Error{constructor({message:t,code:e,cause:n,name:o}){super(t,{cause:n}),this.name=o??n.name,this.code=e}}const y=new class{createNewAbortSignal(){if(this.controller){const t=new Error("Cancelling existing WebAuthn API call for new one");t.name="AbortError",this.controller.abort(t)}const t=new AbortController;return this.controller=t,t.signal}cancelCeremony(){if(this.controller){const t=new Error("Manually cancelling existing WebAuthn API call");t.name="AbortError",this.controller.abort(t),this.controller=void 0}}},w=["cross-platform","platform"];function g(t){if(t&&!(w.indexOf(t)<0))return t}async function b(t){if(!p())throw new Error("WebAuthn is not supported in this browser");var e;const n={publicKey:{...t,challenge:d(t.challenge),user:{...t.user,id:(e=t.user.id,(new TextEncoder).encode(e))},excludeCredentials:t.excludeCredentials?.map(f)}};let o;n.signal=y.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new v({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new v({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new v({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new v({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new v({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new v({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new v({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,w;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(t){E("getPublicKeyAlgorithm()",t)}if("function"==typeof a.getPublicKey)try{const t=a.getPublicKey();null!==t&&(l=h(t))}catch(t){E("getPublicKey()",t)}if("function"==typeof a.getAuthenticatorData)try{w=h(a.getAuthenticatorData())}catch(t){E("getAuthenticatorData()",t)}return{id:i,rawId:h(r),response:{attestationObject:h(a.attestationObject),clientDataJSON:h(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:w},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:g(o.authenticatorAttachment)}}function E(t,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${t}. You should report this error to them.\n`,e)}async function A(t,e=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==t.allowCredentials?.length&&(n=t.allowCredentials?.map(f));const o={...t,challenge:d(t.challenge),allowCredentials:n},i={};if(e){if(!await function(){const t=window.PublicKeyCredential;return void 0===t.isConditionalMediationAvailable?new Promise((t=>t(!1))):t.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=y.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==e)return new v({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var w;return c.userHandle&&(w=c.userHandle,l=new TextDecoder("utf-8").decode(w)),{id:a,rawId:h(s),response:{authenticatorData:h(c.authenticatorData),clientDataJSON:h(c.clientDataJSON),signature:h(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:g(r.authenticatorAttachment)}}function I(t){var e=t.token,n=t.tenantId;return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(n))),"X-Authsignal-Browser-Version":"0.5.4"}}var k=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.registrationOptions=function(t){var e=t.token,n=t.username,o=t.authenticatorAttachment;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.authenticationOptions=function(t){var e=t.token,n=t.challengeId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.addAuthenticator=function(t){var e=t.token,n=t.challengeId,o=t.registrationCredential;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.challengeId,o=t.authenticationCredential,i=t.deviceId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(r){switch(r.label){case 0:return t={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,r.sent().json()]}}))}))},t.prototype.getPasskeyAuthenticator=function(t){return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(t),{method:"GET",headers:I({tenantId:this.tenantId})})];case 1:if(!(e=n.sent()).ok)throw new Error(e.statusText);return[2,e.json()]}}))}))},t.prototype.challenge=function(t){return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:I({tenantId:this.tenantId}),body:JSON.stringify({action:t})})];case 1:return[2,e.sent().json()]}}))}))},t}(),R=function(){function t(){this.token=null}return t.prototype.handleTokenNotSetError=function(){var t="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(t)),{error:"TOKEN_NOT_SET",errorDescription:t}},t.shared=new t,t}(),S=function(){function t(t){var e=t.baseUrl,n=t.tenantId,o=t.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.cache=R.shared,this.api=new k({baseUrl:e,tenantId:n}),this.anonymousId=o}return t.prototype.signUp=function(t){var e=t.userName,n=t.userDisplayName,o=t.token,i=t.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var t,i,a,s,u;return l(this,(function(l){switch(l.label){case 0:return(t=null!=o?o:this.cache.token)?(i={username:e,displayName:n,token:t,authenticatorAttachment:r},[4,this.api.registrationOptions(i)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(a=l.sent())?(c(a),[2]):[4,b(a.options)];case 2:return s=l.sent(),[4,this.api.addAuthenticator({challengeId:a.challengeId,registrationCredential:s,token:t})];case 3:return"error"in(u=l.sent())?(c(u),[2]):(u.isVerified&&this.storeCredentialAgainstDevice(s),[2,{token:u.accessToken}])}}))}))},t.prototype.signIn=function(t){return u(this,void 0,void 0,(function(){var e,n,o,i,r,a,s,u,h,d;return l(this,(function(l){switch(l.label){case 0:if((null==t?void 0:t.token)&&t.autofill)throw new Error("autofill is not supported when providing a token");if((null==t?void 0:t.action)&&t.token)throw new Error("action is not supported when providing a token");return(null==t?void 0:t.action)?[4,this.api.challenge(t.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(e=n)&&"error"in e?(c(e),[2]):[4,this.api.authenticationOptions({token:null==t?void 0:t.token,challengeId:null==e?void 0:e.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,A(o.options,null==t?void 0:t.autofill)];case 5:return i=l.sent(),(null==t?void 0:t.onVerificationStarted)&&t.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==t?void 0:t.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,h=r.username,d=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:h,userDisplayName:d}])}}))}))},t.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var t;return l(this,(function(e){switch(e.label){case 0:if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(t)];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},t.prototype.storeCredentialAgainstDevice=function(t){var e=t.id;"cross-platform"!==t.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,e)},t}(),_=function(){function t(){this.windowRef=null}return t.prototype.show=function(t){var e=t.url,n=t.width,o=void 0===n?400:n,i=t.height,r=function(t){var e=t.url,n=t.width,o=t.height,i=t.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(e,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:e,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},t.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},t}();const O=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',T=":not(:disabled)";var U=[`a[href]${O}${C}`,`area[href]${O}${C}`,`input:not([type="hidden"]):not([type="radio"])${O}${C}${T}`,`input[type="radio"]${O}${C}${T}`,`select${O}${C}${T}`,`textarea${O}${C}${T}`,`button${O}${C}${T}`,`details${O} > summary:first-of-type${C}`,`iframe${O}${C}`,`audio[controls]${O}${C}`,`video[controls]${O}${C}`,`[contenteditable]${O}${C}`,`[tabindex]${O}${C}`];function N(t){(t.querySelector("[autofocus]")||t).focus()}function P(t,e){if(e&&x(t))return t;if(!((n=t).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(t.shadowRoot){let n=$(t.shadowRoot,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}else if("slot"===t.localName){const n=t.assignedElements({flatten:!0});e||n.reverse();for(const t of n){const n=P(t,e);if(n)return n}}else{let n=$(t,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}var n;return!e&&x(t)?t:null}function $(t,e){return e?t.firstElementChild:t.lastElementChild}function D(t,e){return e?t.nextElementSibling:t.previousElementSibling}const x=t=>!t.shadowRoot?.delegatesFocus&&(t.matches(U.join(","))&&!(t=>!(!t.matches("details:not([open]) *")||t.matches("details>summary:first-of-type"))||!(t.offsetWidth||t.offsetHeight||t.getClientRects().length))(t));function L(t=document){const e=t.activeElement;return e?e.shadowRoot?L(e.shadowRoot)||document.activeElement:e:null}function K(t,e){const[n,o]=function(t){const e=P(t,!0);return[e,e?P(t,!1)||e:null]}(t);if(!n)return e.preventDefault();const i=L();e.shiftKey&&i===n?(o.focus(),e.preventDefault()):e.shiftKey||i!==o||(n.focus(),e.preventDefault())}class j{$el;id;previouslyFocused;shown;constructor(t){this.$el=t,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(t){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=L(),"BODY"===this.previouslyFocused?.tagName&&t?.target&&(this.previouslyFocused=t.target),"focus"===t?.type?this.maintainFocus(t):N(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",t)),this}hide(t){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",t),this):this}on(t,e,n){return this.$el.addEventListener(t,e,n),this}off(t,e,n){return this.$el.removeEventListener(t,e,n),this}fire(t,e){this.$el.dispatchEvent(new CustomEvent(t,{detail:e,cancelable:!0}))}handleTriggerClicks(t){const e=t.target;e.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(t),(e.closest(`[data-a11y-dialog-hide="${this.id}"]`)||e.closest("[data-a11y-dialog-hide]")&&e.closest('[aria-modal="true"]')===this.$el)&&this.hide(t)}bindKeypress(t){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let e=!1;try{e=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==t.key||"alertdialog"===this.$el.getAttribute("role")||e||(t.preventDefault(),this.hide(t)),"Tab"===t.key&&K(this.$el,t)}maintainFocus(t){t.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||N(this.$el)}}function H(){for(const t of document.querySelectorAll("[data-a11y-dialog]"))new j(t)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",H):H());var W="__authsignal-popup-container",M="__authsignal-popup-content",q="__authsignal-popup-overlay",V="__authsignal-popup-style",F="__authsignal-popup-iframe",G="385px",J=function(){function t(t){var e=t.width,n=t.isClosable;if(this.popup=null,document.querySelector("#".concat(W)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:e,isClosable:n})}return t.prototype.create=function(t){var e=this,n=t.width,o=void 0===n?G:n,i=t.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=G);var s=document.createElement("div");s.setAttribute("id",W),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",q),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",M),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",V),l.textContent="\n #".concat(W,",\n #").concat(q," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(W," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(W,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(q," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(M," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(a,";\n }\n\n #").concat(M," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new j(s),s.focus(),this.popup.on("hide",(function(){e.destroy()}))},t.prototype.destroy=function(){var t=document.querySelector("#".concat(W)),e=document.querySelector("#".concat(V));t&&e&&(document.body.removeChild(t),document.head.removeChild(e)),window.removeEventListener("message",B)},t.prototype.show=function(t){var e,n=t.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",F),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(M));i&&i.appendChild(o),window.addEventListener("message",B),null===(e=this.popup)||void 0===e||e.show()},t.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},t.prototype.on=function(t,e){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(t,e)},t}();function B(t){var e=document.querySelector("#".concat(F));e&&t.data.height&&(e.style.height=t.data.height+"px")}var z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),Y=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),X=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.email;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={email:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:this.buildHeaders(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.buildHeaders=function(t){return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},t}(),Q=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new X({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.email;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),Z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.phoneNumber;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={phoneNumber:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),tt=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new Z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.phoneNumber;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),et="4a08uqve",nt=function(){function e(t){var e=t.cookieDomain,n=t.cookieName,o=void 0===n?"__as_aid":n,i=t.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=t.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=e||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new S({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.totp=new Y({tenantId:c,baseUrl:r}),this.email=new Q({tenantId:c,baseUrl:r}),this.sms=new tt({tenantId:c,baseUrl:r})}return e.prototype.setToken=function(t){R.shared.token=t},e.prototype.launch=function(t,e){switch(null==e?void 0:e.mode){case"window":return this.launchWithWindow(t,e);case"popup":return this.launchWithPopup(t,e);default:this.launchWithRedirect(t)}},e.prototype.initAdvancedProfiling=function(t){var e=a();this.profilingId=e,s({name:"__as_pid",value:e,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=t?"".concat(t,"/fp/tags.js?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(et,"&session_id=").concat(e),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=t?"".concat(t,"/fp/tags?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags?org_id=".concat(et,"&session_id=").concat(e);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},e.prototype.launchWithRedirect=function(t){window.location.href=t},e.prototype.launchWithPopup=function(e,n){var o=n.popupOptions,i=new J({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(e,"&mode=popup");return i.show({url:r}),new Promise((function(e){var n=void 0;i.on("hide",(function(){e({token:n})})),window.addEventListener("message",(function(e){var o=null;try{o=JSON.parse(e.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},e.prototype.launchWithWindow=function(e,n){var o=n.windowOptions,i=new _,r="".concat(e,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(e){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),e({token:o.token}))}),!1)}))},e}();return t.Authsignal=nt,Object.defineProperty(t,"__esModule",{value:!0}),t}({});
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "0.5.3-alpha",
3
+ "version": "0.5.4",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",
@@ -34,6 +34,7 @@
34
34
  "uuid": "^9.0.0"
35
35
  },
36
36
  "devDependencies": {
37
+ "@rollup/plugin-json": "^6.1.0",
37
38
  "@rollup/plugin-node-resolve": "^14.1.0",
38
39
  "@rollup/plugin-terser": "^0.4.3",
39
40
  "@rollup/plugin-typescript": "^8.5.0",
package/dist/api/index.d.ts DELETED
@@ -1 +0,0 @@
1
- export * from "./passkey-api-client";
package/dist/api/passkey-api-client.d.ts DELETED
@@ -1,26 +0,0 @@
1
- import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, ChallengeResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types";
2
- declare type PasskeyApiClientOptions = {
3
- baseUrl: string;
4
- tenantId: string;
5
- };
6
- export declare class PasskeyApiClient {
7
- tenantId: string;
8
- baseUrl: string;
9
- constructor({ baseUrl, tenantId }: PasskeyApiClientOptions);
10
- registrationOptions({ token, username, authenticatorAttachment, }: {
11
- token: string;
12
- } & RegistrationOptsRequest): Promise<RegistrationOptsResponse>;
13
- authenticationOptions({ token, challengeId, }: {
14
- token?: string;
15
- } & AuthenticationOptsRequest): Promise<AuthenticationOptsResponse>;
16
- addAuthenticator({ token, challengeId, registrationCredential, }: {
17
- token: string;
18
- } & AddAuthenticatorRequest): Promise<AddAuthenticatorResponse>;
19
- verify({ token, challengeId, authenticationCredential, deviceId, }: {
20
- token?: string;
21
- } & VerifyRequest): Promise<VerifyResponse>;
22
- getPasskeyAuthenticator(credentialId: string): Promise<PasskeyAuthenticatorResponse>;
23
- challenge(action: string): Promise<ChallengeResponse>;
24
- private buildHeaders;
25
- }
26
- export {};
package/dist/api/types.d.ts DELETED
@@ -1,41 +0,0 @@
1
- import { AuthenticationResponseJSON, AuthenticatorAttachment, PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from "@simplewebauthn/types";
2
- export declare type RegistrationOptsRequest = {
3
- username?: string;
4
- authenticatorAttachment?: AuthenticatorAttachment | null;
5
- };
6
- export declare type RegistrationOptsResponse = {
7
- challengeId: string;
8
- options: PublicKeyCredentialCreationOptionsJSON;
9
- };
10
- export declare type AuthenticationOptsRequest = {
11
- challengeId?: string;
12
- };
13
- export declare type AuthenticationOptsResponse = {
14
- challengeId: string;
15
- options: PublicKeyCredentialCreationOptionsJSON;
16
- };
17
- export declare type AddAuthenticatorRequest = {
18
- challengeId: string;
19
- registrationCredential: RegistrationResponseJSON;
20
- };
21
- export declare type AddAuthenticatorResponse = {
22
- isVerified: boolean;
23
- accessToken?: string;
24
- userAuthenticatorId?: string;
25
- };
26
- export declare type VerifyRequest = {
27
- challengeId: string;
28
- authenticationCredential: AuthenticationResponseJSON;
29
- deviceId?: string;
30
- };
31
- export declare type VerifyResponse = {
32
- isVerified: boolean;
33
- accessToken?: string;
34
- };
35
- export declare type PasskeyAuthenticatorResponse = {
36
- credentialId: string;
37
- verifiedAt: string;
38
- };
39
- export declare type ChallengeResponse = {
40
- challengeId: string;
41
- };
package/dist/authsignal.d.ts DELETED
@@ -1,24 +0,0 @@
1
- import { AuthsignalOptions, LaunchOptions, TokenPayload } from "./types";
2
- import { Passkey } from "./passkey";
3
- export declare class Authsignal {
4
- anonymousId: string;
5
- profilingId: string;
6
- cookieDomain: string;
7
- anonymousIdCookieName: string;
8
- passkey: Passkey;
9
- private _token;
10
- constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
11
- launch(url: string, options?: {
12
- mode?: "redirect";
13
- } & LaunchOptions): undefined;
14
- launch(url: string, options?: {
15
- mode: "popup";
16
- } & LaunchOptions): Promise<TokenPayload>;
17
- launch(url: string, options?: {
18
- mode: "window";
19
- } & LaunchOptions): Promise<TokenPayload>;
20
- initAdvancedProfiling(baseUrl?: string): void;
21
- private launchWithRedirect;
22
- private launchWithPopup;
23
- private launchWithWindow;
24
- }
package/dist/handlers/index.d.ts DELETED
@@ -1,2 +0,0 @@
1
- export { WindowHandler } from "./window-handler";
2
- export { PopupHandler } from "./popup-handler";
package/dist/handlers/popup-handler.d.ts DELETED
@@ -1,18 +0,0 @@
1
- import { A11yDialogEvent } from "a11y-dialog";
2
- declare type PopupShowInput = {
3
- url: string;
4
- };
5
- declare type PopupHandlerOptions = {
6
- width?: string;
7
- isClosable?: boolean;
8
- };
9
- export declare class PopupHandler {
10
- private popup;
11
- constructor({ width, isClosable }: PopupHandlerOptions);
12
- create({ width, isClosable }: PopupHandlerOptions): void;
13
- destroy(): void;
14
- show({ url }: PopupShowInput): void;
15
- close(): void;
16
- on(event: A11yDialogEvent, listener: EventListener): void;
17
- }
18
- export {};
package/dist/handlers/window-handler.d.ts DELETED
@@ -1,11 +0,0 @@
1
- declare type WindowShowInput = {
2
- url: string;
3
- width?: number;
4
- height?: number;
5
- };
6
- export declare class WindowHandler {
7
- private windowRef;
8
- show({ url, width, height }: WindowShowInput): Window;
9
- close(): void;
10
- }
11
- export {};
package/dist/helpers.d.ts DELETED
@@ -1,11 +0,0 @@
1
- declare type CookieOptions = {
2
- name: string;
3
- value: string;
4
- expire: number;
5
- domain: string;
6
- secure: boolean;
7
- };
8
- export declare const setCookie: ({ name, value, expire, domain, secure }: CookieOptions) => void;
9
- export declare const getCookieDomain: () => string;
10
- export declare const getCookie: (name: string) => string | null;
11
- export {};
package/dist/index.d.ts DELETED
@@ -1,2 +0,0 @@
1
- export * from "./authsignal";
2
- export * from "./types";
package/dist/passkey.d.ts DELETED
@@ -1,40 +0,0 @@
1
- import { PasskeyApiClient } from "./api";
2
- import { AuthenticatorAttachment } from "@simplewebauthn/types";
3
- declare type PasskeyOptions = {
4
- baseUrl: string;
5
- tenantId: string;
6
- anonymousId: string;
7
- };
8
- declare type SignUpParams = {
9
- userName?: string;
10
- token: string;
11
- authenticatorAttachment?: AuthenticatorAttachment | null;
12
- };
13
- export declare class Passkey {
14
- api: PasskeyApiClient;
15
- private passkeyLocalStorageKey;
16
- private anonymousId;
17
- constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
18
- signUp({ userName, token, authenticatorAttachment }: SignUpParams): Promise<string | undefined>;
19
- signIn(): Promise<string | undefined>;
20
- signIn(params?: {
21
- action: string;
22
- autofill?: boolean;
23
- }): Promise<string | undefined>;
24
- signIn(params?: {
25
- token: string;
26
- }): Promise<string | undefined>;
27
- signIn(params?: {
28
- autofill: boolean;
29
- }): Promise<string | undefined>;
30
- signIn(params?: {
31
- autofill: boolean;
32
- challengeId?: string;
33
- }): Promise<string | undefined>;
34
- signIn(params?: {
35
- challengeId: string;
36
- }): Promise<string | undefined>;
37
- isAvailableOnDevice(): Promise<boolean>;
38
- private storeCredentialAgainstDevice;
39
- }
40
- export {};
package/dist/types.d.ts DELETED
@@ -1,66 +0,0 @@
1
- declare type BaseLaunchOptions = {
2
- /**
3
- * How the Authsignal Prebuilt MFA page should launch.
4
- * `popup` will cause it to open in a overlay, whilst `redirect`
5
- * will trigger a full page redirect.
6
- * If no value is supplied, mode defaults to `redirect`.
7
- */
8
- mode?: "popup" | "redirect" | "window";
9
- };
10
- export declare type RedirectLaunchOptions = BaseLaunchOptions & {
11
- mode: "redirect";
12
- };
13
- export declare type PopupLaunchOptions = BaseLaunchOptions & {
14
- mode: "popup";
15
- popupOptions?: {
16
- /** Any valid CSS value for the `width` property. */
17
- width?: string;
18
- /**
19
- * @deprecated The popup will automatically resize to fit the content.
20
- */
21
- height?: string;
22
- /**
23
- * Whether the popup is closable with the escape key and by clicking the backdrop.
24
- */
25
- isClosable?: boolean;
26
- };
27
- };
28
- export declare type WindowLaunchOptions = BaseLaunchOptions & {
29
- mode: "window";
30
- windowOptions?: {
31
- width?: number;
32
- height?: number;
33
- };
34
- };
35
- export declare type LaunchOptions = RedirectLaunchOptions | PopupLaunchOptions | WindowLaunchOptions;
36
- export declare type AuthsignalOptions = {
37
- /**
38
- * Cookie domain that will be used to identify
39
- * users. If not set, location.hostname will be used
40
- */
41
- cookieDomain?: string;
42
- /**
43
- * Tracking host (where API calls will be sent). If not set,
44
- * we'd try to do the best to "guess" it. Last resort is t.authsignal.com.
45
- *
46
- * Though this parameter is not required, it's highly recommended to set is explicitly
47
- */
48
- trackingHost?: string;
49
- /**
50
- * Name of id cookie. `__as_aid` by default
51
- */
52
- cookieName?: string;
53
- baseUrl?: string;
54
- tenantId: string;
55
- };
56
- export declare enum AuthsignalWindowMessage {
57
- AUTHSIGNAL_CLOSE_POPUP = "AUTHSIGNAL_CLOSE_POPUP"
58
- }
59
- export declare type AuthsignalWindowMessageData = {
60
- event: AuthsignalWindowMessage;
61
- token: string;
62
- };
63
- export declare type TokenPayload = {
64
- token?: string;
65
- };
66
- export {};