@authsignal/browser 0.5.5 → 0.5.7

package/dist/api/email-api-client.d.ts

@@ -0,0 +1,18 @@
+import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
+export declare class EmailApiClient {
+    tenantId: string;
+    baseUrl: string;
+    constructor({ baseUrl, tenantId }: ApiClientOptions);
+    enroll({ token, email }: {
+        token: string;
+        email: string;
+    }): Promise<EnrollResponse>;
+    challenge({ token }: {
+        token: string;
+    }): Promise<ChallengeResponse>;
+    verify({ token, code }: {
+        token: string;
+        code: string;
+    }): Promise<VerifyResponse>;
+    private buildHeaders;
+}

package/dist/api/helpers.d.ts

@@ -0,0 +1,9 @@
+declare type BuildHeadersParams = {
+    token?: string;
+    tenantId: string;
+};
+export declare function buildHeaders({ token, tenantId }: BuildHeadersParams): {
+    "Content-Type": string;
+    Authorization: string;
+};
+export {};

package/dist/api/index.d.ts

@@ -0,0 +1 @@
+export * from "./passkey-api-client";

package/dist/api/passkey-api-client.d.ts

@@ -0,0 +1,21 @@
+import { AddAuthenticatorRequest, AddAuthenticatorResponse, AuthenticationOptsRequest, AuthenticationOptsResponse, PasskeyAuthenticatorResponse, RegistrationOptsRequest, RegistrationOptsResponse, VerifyRequest, VerifyResponse } from "./types/passkey";
+import { ApiClientOptions, AuthsignalResponse, ChallengeResponse } from "./types/shared";
+export declare class PasskeyApiClient {
+    tenantId: string;
+    baseUrl: string;
+    constructor({ baseUrl, tenantId }: ApiClientOptions);
+    registrationOptions({ token, username, authenticatorAttachment, }: {
+        token: string;
+    } & RegistrationOptsRequest): Promise<AuthsignalResponse<RegistrationOptsResponse>>;
+    authenticationOptions({ token, challengeId, }: {
+        token?: string;
+    } & AuthenticationOptsRequest): Promise<AuthsignalResponse<AuthenticationOptsResponse>>;
+    addAuthenticator({ token, challengeId, registrationCredential, }: {
+        token: string;
+    } & AddAuthenticatorRequest): Promise<AuthsignalResponse<AddAuthenticatorResponse>>;
+    verify({ token, challengeId, authenticationCredential, deviceId, }: {
+        token?: string;
+    } & VerifyRequest): Promise<AuthsignalResponse<VerifyResponse>>;
+    getPasskeyAuthenticator(credentialId: string): Promise<AuthsignalResponse<PasskeyAuthenticatorResponse>>;
+    challenge(action: string): Promise<AuthsignalResponse<ChallengeResponse>>;
+}

package/dist/api/sms-api-client.d.ts

@@ -0,0 +1,17 @@
+import { ApiClientOptions, ChallengeResponse, EnrollResponse, VerifyResponse } from "./types/shared";
+export declare class SmsApiClient {
+    tenantId: string;
+    baseUrl: string;
+    constructor({ baseUrl, tenantId }: ApiClientOptions);
+    enroll({ token, phoneNumber }: {
+        token: string;
+        phoneNumber: string;
+    }): Promise<EnrollResponse>;
+    challenge({ token }: {
+        token: string;
+    }): Promise<ChallengeResponse>;
+    verify({ token, code }: {
+        token: string;
+        code: string;
+    }): Promise<VerifyResponse>;
+}

package/dist/api/totp-api-client.d.ts

@@ -0,0 +1,14 @@
+import { ApiClientOptions, VerifyResponse } from "./types/shared";
+import { EnrollResponse } from "./types/totp";
+export declare class TotpApiClient {
+    tenantId: string;
+    baseUrl: string;
+    constructor({ baseUrl, tenantId }: ApiClientOptions);
+    enroll({ token }: {
+        token: string;
+    }): Promise<EnrollResponse>;
+    verify({ token, code }: {
+        token: string;
+        code: string;
+    }): Promise<VerifyResponse>;
+}

package/dist/api/types/passkey.d.ts

@@ -0,0 +1,42 @@
+import { AuthenticationResponseJSON, AuthenticatorAttachment, PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from "@simplewebauthn/types";
+export declare type RegistrationOptsRequest = {
+    username?: string;
+    authenticatorAttachment?: AuthenticatorAttachment | null;
+};
+export declare type RegistrationOptsResponse = {
+    challengeId: string;
+    options: PublicKeyCredentialCreationOptionsJSON;
+};
+export declare type AuthenticationOptsRequest = {
+    challengeId?: string;
+};
+export declare type AuthenticationOptsResponse = {
+    challengeId: string;
+    options: PublicKeyCredentialCreationOptionsJSON;
+};
+export declare type AddAuthenticatorRequest = {
+    challengeId: string;
+    registrationCredential: RegistrationResponseJSON;
+};
+export declare type AddAuthenticatorResponse = {
+    isVerified: boolean;
+    accessToken?: string;
+    userAuthenticatorId?: string;
+};
+export declare type VerifyRequest = {
+    challengeId: string;
+    authenticationCredential: AuthenticationResponseJSON;
+    deviceId?: string;
+};
+export declare type VerifyResponse = {
+    isVerified: boolean;
+    accessToken?: string;
+    userId?: string;
+    userAuthenticatorId?: string;
+    username?: string;
+    userDisplayName?: string;
+};
+export declare type PasskeyAuthenticatorResponse = {
+    credentialId: string;
+    verifiedAt: string;
+};

package/dist/api/types/shared.d.ts

@@ -0,0 +1,20 @@
+export declare type ApiClientOptions = {
+    baseUrl: string;
+    tenantId: string;
+};
+export declare type EnrollResponse = {
+    userAuthenticatorId: string;
+};
+export declare type ChallengeResponse = {
+    challengeId: string;
+};
+export declare type VerifyResponse = {
+    isVerified: boolean;
+    token?: string;
+    failureReason?: string;
+};
+export declare type ErrorResponse = {
+    error: string;
+    errorDescription?: string;
+};
+export declare type AuthsignalResponse<T> = T | ErrorResponse;

package/dist/api/types/totp.d.ts

@@ -0,0 +1,5 @@
+export declare type EnrollResponse = {
+    userAuthenticatorID: string;
+    uri: string;
+    secret: string;
+};

package/dist/authsignal.d.ts

@@ -0,0 +1,30 @@
+import { AuthsignalOptions, LaunchOptions, TokenPayload } from "./types";
+import { Passkey } from "./passkey";
+import { Totp } from "./totp";
+import { Email } from "./email";
+import { Sms } from "./sms";
+export declare class Authsignal {
+    anonymousId: string;
+    profilingId: string;
+    cookieDomain: string;
+    anonymousIdCookieName: string;
+    passkey: Passkey;
+    totp: Totp;
+    email: Email;
+    sms: Sms;
+    constructor({ cookieDomain, cookieName, baseUrl, tenantId, }: AuthsignalOptions);
+    setToken(token: string): void;
+    launch(url: string, options?: {
+        mode?: "redirect";
+    } & LaunchOptions): undefined;
+    launch(url: string, options?: {
+        mode: "popup";
+    } & LaunchOptions): Promise<TokenPayload>;
+    launch(url: string, options?: {
+        mode: "window";
+    } & LaunchOptions): Promise<TokenPayload>;
+    initAdvancedProfiling(baseUrl?: string): void;
+    private launchWithRedirect;
+    private launchWithPopup;
+    private launchWithWindow;
+}

package/dist/email.d.ts

@@ -0,0 +1,20 @@
+import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
+declare type EmailOptions = {
+    baseUrl: string;
+    tenantId: string;
+};
+declare type EnrollParams = {
+    email: string;
+};
+declare type VerifyParams = {
+    code: string;
+};
+export declare class Email {
+    private api;
+    private cache;
+    constructor({ baseUrl, tenantId }: EmailOptions);
+    enroll({ email }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
+    challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
+    verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
+}
+export {};

package/dist/handlers/index.d.ts

@@ -0,0 +1,2 @@
+export { WindowHandler } from "./window-handler";
+export { PopupHandler } from "./popup-handler";

package/dist/handlers/popup-handler.d.ts

@@ -0,0 +1,18 @@
+import { A11yDialogEvent } from "a11y-dialog";
+declare type PopupShowInput = {
+    url: string;
+};
+declare type PopupHandlerOptions = {
+    width?: string;
+    isClosable?: boolean;
+};
+export declare class PopupHandler {
+    private popup;
+    constructor({ width, isClosable }: PopupHandlerOptions);
+    create({ width, isClosable }: PopupHandlerOptions): void;
+    destroy(): void;
+    show({ url }: PopupShowInput): void;
+    close(): void;
+    on(event: A11yDialogEvent, listener: EventListener): void;
+}
+export {};

package/dist/handlers/window-handler.d.ts

@@ -0,0 +1,11 @@
+declare type WindowShowInput = {
+    url: string;
+    width?: number;
+    height?: number;
+};
+export declare class WindowHandler {
+    private windowRef;
+    show({ url, width, height }: WindowShowInput): Window;
+    close(): void;
+}
+export {};

package/dist/helpers.d.ts

@@ -0,0 +1,13 @@
+import { ErrorResponse } from "./api/types/shared";
+declare type CookieOptions = {
+    name: string;
+    value: string;
+    expire: number;
+    domain: string;
+    secure: boolean;
+};
+export declare function setCookie({ name, value, expire, domain, secure }: CookieOptions): void;
+export declare function getCookieDomain(): string;
+export declare function getCookie(name: string): string | null;
+export declare function logErrorResponse(errorResponse: ErrorResponse): void;
+export {};

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./authsignal";
+export * from "./types";

package/dist/index.js

@@ -528,15 +528,12 @@ async function startAuthentication(requestOptionsJSON, useBrowserAutofill = fals
     };
 }
 
-var version = "0.5.5";
-
 function buildHeaders(_a) {
     var token = _a.token, tenantId = _a.tenantId;
     var authorizationHeader = token ? "Bearer ".concat(token) : "Basic ".concat(window.btoa(encodeURIComponent(tenantId)));
     return {
         "Content-Type": "application/json",
-        Authorization: authorizationHeader,
-        "X-Authsignal-Browser-Version": version
+        Authorization: authorizationHeader
     };
 }
 
@@ -1435,7 +1432,7 @@ var TotpApiClient = /** @class */ (function () {
             return __generator(this, function (_b) {
                 switch (_b.label) {
                     case 0:
-                        body = { code: code };
+                        body = { verificationCode: code };
                         response = fetch("".concat(this.baseUrl, "/client/verify/totp"), {
                             method: "POST",
                             headers: buildHeaders({ token: token, tenantId: this.tenantId }),
@@ -1539,7 +1536,7 @@ var EmailApiClient = /** @class */ (function () {
             return __generator(this, function (_b) {
                 switch (_b.label) {
                     case 0:
-                        body = { code: code };
+                        body = { verificationCode: code };
                         response = fetch("".concat(this.baseUrl, "/client/verify/email-otp"), {
                             method: "POST",
                             headers: this.buildHeaders(token),
@@ -1661,7 +1658,7 @@ var SmsApiClient = /** @class */ (function () {
             return __generator(this, function (_b) {
                 switch (_b.label) {
                     case 0:
-                        body = { code: code };
+                        body = { verificationCode: code };
                         response = fetch("".concat(this.baseUrl, "/client/verify/sms"), {
                             method: "POST",
                             headers: buildHeaders({ token: token, tenantId: this.tenantId }),

package/dist/index.min.js

@@ -1 +1 @@
-var authsignal=function(t){"use strict";let e;const n=new Uint8Array(16);function o(){if(!e&&(e="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!e))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return e(n)}const i=[];for(let t=0;t<256;++t)i.push((t+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(t,e,n){if(r.randomUUID&&!e&&!t)return r.randomUUID();const a=(t=t||{}).random||(t.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,e){n=n||0;for(let t=0;t<16;++t)e[n+t]=a[t];return e}return function(t,e=0){return(i[t[e+0]]+i[t[e+1]]+i[t[e+2]]+i[t[e+3]]+"-"+i[t[e+4]]+i[t[e+5]]+"-"+i[t[e+6]]+i[t[e+7]]+"-"+i[t[e+8]]+i[t[e+9]]+"-"+i[t[e+10]]+i[t[e+11]]+i[t[e+12]]+i[t[e+13]]+i[t[e+14]]+i[t[e+15]]).toLowerCase()}(a)}function s(t){var e=t.name,n=t.value,o=t.expire,i=t.domain,r=t.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(e)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(t){var e;console.error(null!==(e=t.errorDescription)&&void 0!==e?e:t.error)}function u(t,e,n,o){return new(n||(n=Promise))((function(i,r){function a(t){try{c(o.next(t))}catch(t){r(t)}}function s(t){try{c(o.throw(t))}catch(t){r(t)}}function c(t){var e;t.done?i(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(a,s)}c((o=o.apply(t,e||[])).next())}))}function l(t,e){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=e.call(t,a)}catch(t){r=[6,t],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function h(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,o=e.padEnd(e.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let t=0;t<i.length;t++)a[t]=i.charCodeAt(t);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(t){const{id:e}=t;return{...t,id:d(e),transports:t.transports}}function m(t){return"localhost"===t||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(t)}t.AuthsignalWindowMessage=void 0,(t.AuthsignalWindowMessage||(t.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class v extends Error{constructor({message:t,code:e,cause:n,name:o}){super(t,{cause:n}),this.name=o??n.name,this.code=e}}const y=new class{createNewAbortSignal(){if(this.controller){const t=new Error("Cancelling existing WebAuthn API call for new one");t.name="AbortError",this.controller.abort(t)}const t=new AbortController;return this.controller=t,t.signal}cancelCeremony(){if(this.controller){const t=new Error("Manually cancelling existing WebAuthn API call");t.name="AbortError",this.controller.abort(t),this.controller=void 0}}},w=["cross-platform","platform"];function g(t){if(t&&!(w.indexOf(t)<0))return t}async function b(t){if(!p())throw new Error("WebAuthn is not supported in this browser");var e;const n={publicKey:{...t,challenge:d(t.challenge),user:{...t.user,id:(e=t.user.id,(new TextEncoder).encode(e))},excludeCredentials:t.excludeCredentials?.map(f)}};let o;n.signal=y.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new v({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new v({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new v({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new v({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new v({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new v({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new v({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,w;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(t){E("getPublicKeyAlgorithm()",t)}if("function"==typeof a.getPublicKey)try{const t=a.getPublicKey();null!==t&&(l=h(t))}catch(t){E("getPublicKey()",t)}if("function"==typeof a.getAuthenticatorData)try{w=h(a.getAuthenticatorData())}catch(t){E("getAuthenticatorData()",t)}return{id:i,rawId:h(r),response:{attestationObject:h(a.attestationObject),clientDataJSON:h(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:w},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:g(o.authenticatorAttachment)}}function E(t,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${t}. You should report this error to them.\n`,e)}async function A(t,e=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==t.allowCredentials?.length&&(n=t.allowCredentials?.map(f));const o={...t,challenge:d(t.challenge),allowCredentials:n},i={};if(e){if(!await function(){const t=window.PublicKeyCredential;return void 0===t.isConditionalMediationAvailable?new Promise((t=>t(!1))):t.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=y.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==e)return new v({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var w;return c.userHandle&&(w=c.userHandle,l=new TextDecoder("utf-8").decode(w)),{id:a,rawId:h(s),response:{authenticatorData:h(c.authenticatorData),clientDataJSON:h(c.clientDataJSON),signature:h(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:g(r.authenticatorAttachment)}}function I(t){var e=t.token,n=t.tenantId;return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(n))),"X-Authsignal-Browser-Version":"0.5.5"}}var k=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.registrationOptions=function(t){var e=t.token,n=t.username,o=t.authenticatorAttachment;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.authenticationOptions=function(t){var e=t.token,n=t.challengeId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.addAuthenticator=function(t){var e=t.token,n=t.challengeId,o=t.registrationCredential;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.challengeId,o=t.authenticationCredential,i=t.deviceId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(r){switch(r.label){case 0:return t={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,r.sent().json()]}}))}))},t.prototype.getPasskeyAuthenticator=function(t){return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(t),{method:"GET",headers:I({tenantId:this.tenantId})})];case 1:if(!(e=n.sent()).ok)throw new Error(e.statusText);return[2,e.json()]}}))}))},t.prototype.challenge=function(t){return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:I({tenantId:this.tenantId}),body:JSON.stringify({action:t})})];case 1:return[2,e.sent().json()]}}))}))},t}(),R=function(){function t(){this.token=null}return t.prototype.handleTokenNotSetError=function(){var t="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(t)),{error:"TOKEN_NOT_SET",errorDescription:t}},t.shared=new t,t}(),S=function(){function t(t){var e=t.baseUrl,n=t.tenantId,o=t.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.cache=R.shared,this.api=new k({baseUrl:e,tenantId:n}),this.anonymousId=o}return t.prototype.signUp=function(t){var e=t.userName,n=t.userDisplayName,o=t.token,i=t.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var t,i,a,s,u;return l(this,(function(l){switch(l.label){case 0:return(t=null!=o?o:this.cache.token)?(i={username:e,displayName:n,token:t,authenticatorAttachment:r},[4,this.api.registrationOptions(i)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(a=l.sent())?(c(a),[2]):[4,b(a.options)];case 2:return s=l.sent(),[4,this.api.addAuthenticator({challengeId:a.challengeId,registrationCredential:s,token:t})];case 3:return"error"in(u=l.sent())?(c(u),[2]):(u.isVerified&&this.storeCredentialAgainstDevice(s),[2,{token:u.accessToken}])}}))}))},t.prototype.signIn=function(t){return u(this,void 0,void 0,(function(){var e,n,o,i,r,a,s,u,h,d;return l(this,(function(l){switch(l.label){case 0:if((null==t?void 0:t.token)&&t.autofill)throw new Error("autofill is not supported when providing a token");if((null==t?void 0:t.action)&&t.token)throw new Error("action is not supported when providing a token");return(null==t?void 0:t.action)?[4,this.api.challenge(t.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(e=n)&&"error"in e?(c(e),[2]):[4,this.api.authenticationOptions({token:null==t?void 0:t.token,challengeId:null==e?void 0:e.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,A(o.options,null==t?void 0:t.autofill)];case 5:return i=l.sent(),(null==t?void 0:t.onVerificationStarted)&&t.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==t?void 0:t.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,h=r.username,d=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:h,userDisplayName:d}])}}))}))},t.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var t;return l(this,(function(e){switch(e.label){case 0:if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(t)];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},t.prototype.storeCredentialAgainstDevice=function(t){var e=t.id;"cross-platform"!==t.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,e)},t}(),_=function(){function t(){this.windowRef=null}return t.prototype.show=function(t){var e=t.url,n=t.width,o=void 0===n?400:n,i=t.height,r=function(t){var e=t.url,n=t.width,o=t.height,i=t.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(e,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:e,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},t.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},t}();const O=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',T=":not(:disabled)";var U=[`a[href]${O}${C}`,`area[href]${O}${C}`,`input:not([type="hidden"]):not([type="radio"])${O}${C}${T}`,`input[type="radio"]${O}${C}${T}`,`select${O}${C}${T}`,`textarea${O}${C}${T}`,`button${O}${C}${T}`,`details${O} > summary:first-of-type${C}`,`iframe${O}${C}`,`audio[controls]${O}${C}`,`video[controls]${O}${C}`,`[contenteditable]${O}${C}`,`[tabindex]${O}${C}`];function N(t){(t.querySelector("[autofocus]")||t).focus()}function P(t,e){if(e&&x(t))return t;if(!((n=t).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(t.shadowRoot){let n=$(t.shadowRoot,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}else if("slot"===t.localName){const n=t.assignedElements({flatten:!0});e||n.reverse();for(const t of n){const n=P(t,e);if(n)return n}}else{let n=$(t,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}var n;return!e&&x(t)?t:null}function $(t,e){return e?t.firstElementChild:t.lastElementChild}function D(t,e){return e?t.nextElementSibling:t.previousElementSibling}const x=t=>!t.shadowRoot?.delegatesFocus&&(t.matches(U.join(","))&&!(t=>!(!t.matches("details:not([open]) *")||t.matches("details>summary:first-of-type"))||!(t.offsetWidth||t.offsetHeight||t.getClientRects().length))(t));function L(t=document){const e=t.activeElement;return e?e.shadowRoot?L(e.shadowRoot)||document.activeElement:e:null}function K(t,e){const[n,o]=function(t){const e=P(t,!0);return[e,e?P(t,!1)||e:null]}(t);if(!n)return e.preventDefault();const i=L();e.shiftKey&&i===n?(o.focus(),e.preventDefault()):e.shiftKey||i!==o||(n.focus(),e.preventDefault())}class j{$el;id;previouslyFocused;shown;constructor(t){this.$el=t,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(t){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=L(),"BODY"===this.previouslyFocused?.tagName&&t?.target&&(this.previouslyFocused=t.target),"focus"===t?.type?this.maintainFocus(t):N(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",t)),this}hide(t){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",t),this):this}on(t,e,n){return this.$el.addEventListener(t,e,n),this}off(t,e,n){return this.$el.removeEventListener(t,e,n),this}fire(t,e){this.$el.dispatchEvent(new CustomEvent(t,{detail:e,cancelable:!0}))}handleTriggerClicks(t){const e=t.target;e.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(t),(e.closest(`[data-a11y-dialog-hide="${this.id}"]`)||e.closest("[data-a11y-dialog-hide]")&&e.closest('[aria-modal="true"]')===this.$el)&&this.hide(t)}bindKeypress(t){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let e=!1;try{e=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==t.key||"alertdialog"===this.$el.getAttribute("role")||e||(t.preventDefault(),this.hide(t)),"Tab"===t.key&&K(this.$el,t)}maintainFocus(t){t.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||N(this.$el)}}function H(){for(const t of document.querySelectorAll("[data-a11y-dialog]"))new j(t)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",H):H());var W="__authsignal-popup-container",M="__authsignal-popup-content",q="__authsignal-popup-overlay",V="__authsignal-popup-style",F="__authsignal-popup-iframe",G="385px",J=function(){function t(t){var e=t.width,n=t.isClosable;if(this.popup=null,document.querySelector("#".concat(W)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:e,isClosable:n})}return t.prototype.create=function(t){var e=this,n=t.width,o=void 0===n?G:n,i=t.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=G);var s=document.createElement("div");s.setAttribute("id",W),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",q),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",M),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",V),l.textContent="\n      #".concat(W,",\n      #").concat(q," {\n        position: fixed;\n        top: 0;\n        right: 0;\n        bottom: 0;\n        left: 0;\n      }\n\n      #").concat(W," {\n        z-index: 2147483647;\n        display: flex;\n      }\n\n      #").concat(W,"[aria-hidden='true'] {\n        display: none;\n      }\n\n      #").concat(q," {\n        background-color: rgba(0, 0, 0, 0.18);\n      }\n\n      #").concat(M," {\n        margin: auto;\n        z-index: 2147483647;\n        position: relative;\n        background-color: transparent;\n        border-radius: 8px;\n        width: ").concat(a,";\n      }\n\n      #").concat(M," iframe {\n        width: 1px;\n        min-width: 100%;\n        border-radius: inherit;\n        max-height: 95vh;\n        height: ").concat("384px",";\n      }\n    "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new j(s),s.focus(),this.popup.on("hide",(function(){e.destroy()}))},t.prototype.destroy=function(){var t=document.querySelector("#".concat(W)),e=document.querySelector("#".concat(V));t&&e&&(document.body.removeChild(t),document.head.removeChild(e)),window.removeEventListener("message",B)},t.prototype.show=function(t){var e,n=t.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",F),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(M));i&&i.appendChild(o),window.addEventListener("message",B),null===(e=this.popup)||void 0===e||e.show()},t.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},t.prototype.on=function(t,e){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(t,e)},t}();function B(t){var e=document.querySelector("#".concat(F));e&&t.data.height&&(e.style.height=t.data.height+"px")}var z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),Y=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),X=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.email;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={email:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:this.buildHeaders(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.buildHeaders=function(t){return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},t}(),Q=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new X({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.email;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),Z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.phoneNumber;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={phoneNumber:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={code:n},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:I({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),tt=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new Z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.phoneNumber;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),et="4a08uqve",nt=function(){function e(t){var e=t.cookieDomain,n=t.cookieName,o=void 0===n?"__as_aid":n,i=t.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=t.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=e||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new S({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.totp=new Y({tenantId:c,baseUrl:r}),this.email=new Q({tenantId:c,baseUrl:r}),this.sms=new tt({tenantId:c,baseUrl:r})}return e.prototype.setToken=function(t){R.shared.token=t},e.prototype.launch=function(t,e){switch(null==e?void 0:e.mode){case"window":return this.launchWithWindow(t,e);case"popup":return this.launchWithPopup(t,e);default:this.launchWithRedirect(t)}},e.prototype.initAdvancedProfiling=function(t){var e=a();this.profilingId=e,s({name:"__as_pid",value:e,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=t?"".concat(t,"/fp/tags.js?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(et,"&session_id=").concat(e),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=t?"".concat(t,"/fp/tags?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags?org_id=".concat(et,"&session_id=").concat(e);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},e.prototype.launchWithRedirect=function(t){window.location.href=t},e.prototype.launchWithPopup=function(e,n){var o=n.popupOptions,i=new J({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(e,"&mode=popup");return i.show({url:r}),new Promise((function(e){var n=void 0;i.on("hide",(function(){e({token:n})})),window.addEventListener("message",(function(e){var o=null;try{o=JSON.parse(e.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},e.prototype.launchWithWindow=function(e,n){var o=n.windowOptions,i=new _,r="".concat(e,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(e){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),e({token:o.token}))}),!1)}))},e}();return t.Authsignal=nt,Object.defineProperty(t,"__esModule",{value:!0}),t}({});
+var authsignal=function(t){"use strict";let e;const n=new Uint8Array(16);function o(){if(!e&&(e="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!e))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return e(n)}const i=[];for(let t=0;t<256;++t)i.push((t+256).toString(16).slice(1));var r={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function a(t,e,n){if(r.randomUUID&&!e&&!t)return r.randomUUID();const a=(t=t||{}).random||(t.rng||o)();if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,e){n=n||0;for(let t=0;t<16;++t)e[n+t]=a[t];return e}return function(t,e=0){return(i[t[e+0]]+i[t[e+1]]+i[t[e+2]]+i[t[e+3]]+"-"+i[t[e+4]]+i[t[e+5]]+"-"+i[t[e+6]]+i[t[e+7]]+"-"+i[t[e+8]]+i[t[e+9]]+"-"+i[t[e+10]]+i[t[e+11]]+i[t[e+12]]+i[t[e+13]]+i[t[e+14]]+i[t[e+15]]).toLowerCase()}(a)}function s(t){var e=t.name,n=t.value,o=t.expire,i=t.domain,r=t.secure,a=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(e)+"="+n+"; path=/;"+a+(i?"; domain="+i:"")+(r?"; secure":"")}function c(t){var e;console.error(null!==(e=t.errorDescription)&&void 0!==e?e:t.error)}function u(t,e,n,o){return new(n||(n=Promise))((function(i,r){function a(t){try{c(o.next(t))}catch(t){r(t)}}function s(t){try{c(o.throw(t))}catch(t){r(t)}}function c(t){var e;t.done?i(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(a,s)}c((o=o.apply(t,e||[])).next())}))}function l(t,e){var n,o,i,r,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return r={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(r[Symbol.iterator]=function(){return this}),r;function s(r){return function(s){return function(r){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,o&&(i=2&r[0]?o.return:r[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,r[1])).done)return i;switch(o=0,i&&(r=[2&r[0],i.value]),r[0]){case 0:case 1:i=r;break;case 4:return a.label++,{value:r[1],done:!1};case 5:a.label++,o=r[1],r=[0];continue;case 7:r=a.ops.pop(),a.trys.pop();continue;default:if(!(i=a.trys,(i=i.length>0&&i[i.length-1])||6!==r[0]&&2!==r[0])){a=0;continue}if(3===r[0]&&(!i||r[1]>i[0]&&r[1]<i[3])){a.label=r[1];break}if(6===r[0]&&a.label<i[1]){a.label=i[1],i=r;break}if(i&&a.label<i[2]){a.label=i[2],a.ops.push(r);break}i[2]&&a.ops.pop(),a.trys.pop();continue}r=e.call(t,a)}catch(t){r=[6,t],o=0}finally{n=i=0}if(5&r[0])throw r[1];return{value:r[0]?r[1]:void 0,done:!0}}([r,s])}}}function h(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function d(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,o=e.padEnd(e.length+n,"="),i=atob(o),r=new ArrayBuffer(i.length),a=new Uint8Array(r);for(let t=0;t<i.length;t++)a[t]=i.charCodeAt(t);return r}function p(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function f(t){const{id:e}=t;return{...t,id:d(e),transports:t.transports}}function m(t){return"localhost"===t||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(t)}t.AuthsignalWindowMessage=void 0,(t.AuthsignalWindowMessage||(t.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";class v extends Error{constructor({message:t,code:e,cause:n,name:o}){super(t,{cause:n}),this.name=o??n.name,this.code=e}}const y=new class{createNewAbortSignal(){if(this.controller){const t=new Error("Cancelling existing WebAuthn API call for new one");t.name="AbortError",this.controller.abort(t)}const t=new AbortController;return this.controller=t,t.signal}cancelCeremony(){if(this.controller){const t=new Error("Manually cancelling existing WebAuthn API call");t.name="AbortError",this.controller.abort(t),this.controller=void 0}}},w=["cross-platform","platform"];function g(t){if(t&&!(w.indexOf(t)<0))return t}async function b(t){if(!p())throw new Error("WebAuthn is not supported in this browser");var e;const n={publicKey:{...t,challenge:d(t.challenge),user:{...t.user,id:(e=t.user.id,(new TextEncoder).encode(e))},excludeCredentials:t.excludeCredentials?.map(f)}};let o;n.signal=y.createNewAbortSignal();try{o=await navigator.credentials.create(n)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new v({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new v({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new v({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new v({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new v({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new v({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new v({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:n})}if(!o)throw new Error("Registration was not completed");const{id:i,rawId:r,response:a,type:s}=o;let c,u,l,w;if("function"==typeof a.getTransports&&(c=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{u=a.getPublicKeyAlgorithm()}catch(t){E("getPublicKeyAlgorithm()",t)}if("function"==typeof a.getPublicKey)try{const t=a.getPublicKey();null!==t&&(l=h(t))}catch(t){E("getPublicKey()",t)}if("function"==typeof a.getAuthenticatorData)try{w=h(a.getAuthenticatorData())}catch(t){E("getAuthenticatorData()",t)}return{id:i,rawId:h(r),response:{attestationObject:h(a.attestationObject),clientDataJSON:h(a.clientDataJSON),transports:c,publicKeyAlgorithm:u,publicKey:l,authenticatorData:w},type:s,clientExtensionResults:o.getClientExtensionResults(),authenticatorAttachment:g(o.authenticatorAttachment)}}function E(t,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${t}. You should report this error to them.\n`,e)}async function I(t,e=!1){if(!p())throw new Error("WebAuthn is not supported in this browser");let n;0!==t.allowCredentials?.length&&(n=t.allowCredentials?.map(f));const o={...t,challenge:d(t.challenge),allowCredentials:n},i={};if(e){if(!await function(){const t=window.PublicKeyCredential;return void 0===t.isConditionalMediationAvailable?new Promise((t=>t(!1))):t.isConditionalMediationAvailable()}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');i.mediation="conditional",o.allowCredentials=[]}let r;i.publicKey=o,i.signal=y.createNewAbortSignal();try{r=await navigator.credentials.get(i)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new v({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new v({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if(!m(e))return new v({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==e)return new v({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new v({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:t,options:i})}if(!r)throw new Error("Authentication was not completed");const{id:a,rawId:s,response:c,type:u}=r;let l;var w;return c.userHandle&&(w=c.userHandle,l=new TextDecoder("utf-8").decode(w)),{id:a,rawId:h(s),response:{authenticatorData:h(c.authenticatorData),clientDataJSON:h(c.clientDataJSON),signature:h(c.signature),userHandle:l},type:u,clientExtensionResults:r.getClientExtensionResults(),authenticatorAttachment:g(r.authenticatorAttachment)}}function A(t){var e=t.token,n=t.tenantId;return{"Content-Type":"application/json",Authorization:e?"Bearer ".concat(e):"Basic ".concat(window.btoa(encodeURIComponent(n)))}}var k=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.registrationOptions=function(t){var e=t.token,n=t.username,o=t.authenticatorAttachment;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t=Boolean(o)?{username:n,authenticatorAttachment:o}:{username:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.authenticationOptions=function(t){var e=t.token,n=t.challengeId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.addAuthenticator=function(t){var e=t.token,n=t.challengeId,o=t.registrationCredential;return u(this,void 0,void 0,(function(){var t;return l(this,(function(i){switch(i.label){case 0:return t={challengeId:n,registrationCredential:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,i.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.challengeId,o=t.authenticationCredential,i=t.deviceId;return u(this,void 0,void 0,(function(){var t;return l(this,(function(r){switch(r.label){case 0:return t={challengeId:n,authenticationCredential:o,deviceId:i},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,r.sent().json()]}}))}))},t.prototype.getPasskeyAuthenticator=function(t){return u(this,void 0,void 0,(function(){var e;return l(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialId=").concat(t),{method:"GET",headers:A({tenantId:this.tenantId})})];case 1:if(!(e=n.sent()).ok)throw new Error(e.statusText);return[2,e.json()]}}))}))},t.prototype.challenge=function(t){return u(this,void 0,void 0,(function(){return l(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:A({tenantId:this.tenantId}),body:JSON.stringify({action:t})})];case 1:return[2,e.sent().json()]}}))}))},t}(),R=function(){function t(){this.token=null}return t.prototype.handleTokenNotSetError=function(){var t="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(t)),{error:"TOKEN_NOT_SET",errorDescription:t}},t.shared=new t,t}(),S=function(){function t(t){var e=t.baseUrl,n=t.tenantId,o=t.anonymousId;this.passkeyLocalStorageKey="as_passkey_credential_id",this.cache=R.shared,this.api=new k({baseUrl:e,tenantId:n}),this.anonymousId=o}return t.prototype.signUp=function(t){var e=t.userName,n=t.userDisplayName,o=t.token,i=t.authenticatorAttachment,r=void 0===i?"platform":i;return u(this,void 0,void 0,(function(){var t,i,a,s,u;return l(this,(function(l){switch(l.label){case 0:return(t=null!=o?o:this.cache.token)?(i={username:e,displayName:n,token:t,authenticatorAttachment:r},[4,this.api.registrationOptions(i)]):[2,this.cache.handleTokenNotSetError()];case 1:return"error"in(a=l.sent())?(c(a),[2]):[4,b(a.options)];case 2:return s=l.sent(),[4,this.api.addAuthenticator({challengeId:a.challengeId,registrationCredential:s,token:t})];case 3:return"error"in(u=l.sent())?(c(u),[2]):(u.isVerified&&this.storeCredentialAgainstDevice(s),[2,{token:u.accessToken}])}}))}))},t.prototype.signIn=function(t){return u(this,void 0,void 0,(function(){var e,n,o,i,r,a,s,u,h,d;return l(this,(function(l){switch(l.label){case 0:if((null==t?void 0:t.token)&&t.autofill)throw new Error("autofill is not supported when providing a token");if((null==t?void 0:t.action)&&t.token)throw new Error("action is not supported when providing a token");return(null==t?void 0:t.action)?[4,this.api.challenge(t.action)]:[3,2];case 1:return n=l.sent(),[3,3];case 2:n=null,l.label=3;case 3:return(e=n)&&"error"in e?(c(e),[2]):[4,this.api.authenticationOptions({token:null==t?void 0:t.token,challengeId:null==e?void 0:e.challengeId})];case 4:return"error"in(o=l.sent())?(c(o),[2]):[4,I(o.options,null==t?void 0:t.autofill)];case 5:return i=l.sent(),(null==t?void 0:t.onVerificationStarted)&&t.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:i,token:null==t?void 0:t.token,deviceId:this.anonymousId})];case 6:return"error"in(r=l.sent())?(c(r),[2]):(r.isVerified&&this.storeCredentialAgainstDevice(i),a=r.accessToken,s=r.userId,u=r.userAuthenticatorId,h=r.username,d=r.userDisplayName,[2,{token:a,userId:s,userAuthenticatorId:u,userName:h,userDisplayName:d}])}}))}))},t.prototype.isAvailableOnDevice=function(){return u(this,void 0,void 0,(function(){var t;return l(this,(function(e){switch(e.label){case 0:if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator(t)];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},t.prototype.storeCredentialAgainstDevice=function(t){var e=t.id;"cross-platform"!==t.authenticatorAttachment&&localStorage.setItem(this.passkeyLocalStorageKey,e)},t}(),_=function(){function t(){this.windowRef=null}return t.prototype.show=function(t){var e=t.url,n=t.width,o=void 0===n?400:n,i=t.height,r=function(t){var e=t.url,n=t.width,o=t.height,i=t.win;if(!i.top)return null;var r=i.top.outerHeight/2+i.top.screenY-o/2,a=i.top.outerWidth/2+i.top.screenX-n/2;return window.open(e,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(r,", left=").concat(a))}({url:e,width:o,height:void 0===i?500:i,win:window});if(!r)throw new Error("Window is not initialized");return this.windowRef=r,r},t.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},t}();const O=":not([inert]):not([inert] *)",C=':not([tabindex^="-"])',T=":not(:disabled)";var U=[`a[href]${O}${C}`,`area[href]${O}${C}`,`input:not([type="hidden"]):not([type="radio"])${O}${C}${T}`,`input[type="radio"]${O}${C}${T}`,`select${O}${C}${T}`,`textarea${O}${C}${T}`,`button${O}${C}${T}`,`details${O} > summary:first-of-type${C}`,`iframe${O}${C}`,`audio[controls]${O}${C}`,`video[controls]${O}${C}`,`[contenteditable]${O}${C}`,`[tabindex]${O}${C}`];function N(t){(t.querySelector("[autofocus]")||t).focus()}function P(t,e){if(e&&x(t))return t;if(!((n=t).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(t.shadowRoot){let n=$(t.shadowRoot,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}else if("slot"===t.localName){const n=t.assignedElements({flatten:!0});e||n.reverse();for(const t of n){const n=P(t,e);if(n)return n}}else{let n=$(t,e);for(;n;){const t=P(n,e);if(t)return t;n=D(n,e)}}var n;return!e&&x(t)?t:null}function $(t,e){return e?t.firstElementChild:t.lastElementChild}function D(t,e){return e?t.nextElementSibling:t.previousElementSibling}const x=t=>!t.shadowRoot?.delegatesFocus&&(t.matches(U.join(","))&&!(t=>!(!t.matches("details:not([open]) *")||t.matches("details>summary:first-of-type"))||!(t.offsetWidth||t.offsetHeight||t.getClientRects().length))(t));function L(t=document){const e=t.activeElement;return e?e.shadowRoot?L(e.shadowRoot)||document.activeElement:e:null}function K(t,e){const[n,o]=function(t){const e=P(t,!0);return[e,e?P(t,!1)||e:null]}(t);if(!n)return e.preventDefault();const i=L();e.shiftKey&&i===n?(o.focus(),e.preventDefault()):e.shiftKey||i!==o||(n.focus(),e.preventDefault())}class j{$el;id;previouslyFocused;shown;constructor(t){this.$el=t,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(t){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=L(),"BODY"===this.previouslyFocused?.tagName&&t?.target&&(this.previouslyFocused=t.target),"focus"===t?.type?this.maintainFocus(t):N(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",t)),this}hide(t){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",t),this):this}on(t,e,n){return this.$el.addEventListener(t,e,n),this}off(t,e,n){return this.$el.removeEventListener(t,e,n),this}fire(t,e){this.$el.dispatchEvent(new CustomEvent(t,{detail:e,cancelable:!0}))}handleTriggerClicks(t){const e=t.target;e.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(t),(e.closest(`[data-a11y-dialog-hide="${this.id}"]`)||e.closest("[data-a11y-dialog-hide]")&&e.closest('[aria-modal="true"]')===this.$el)&&this.hide(t)}bindKeypress(t){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let e=!1;try{e=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==t.key||"alertdialog"===this.$el.getAttribute("role")||e||(t.preventDefault(),this.hide(t)),"Tab"===t.key&&K(this.$el,t)}maintainFocus(t){t.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||N(this.$el)}}function H(){for(const t of document.querySelectorAll("[data-a11y-dialog]"))new j(t)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",H):H());var W="__authsignal-popup-container",M="__authsignal-popup-content",q="__authsignal-popup-overlay",F="__authsignal-popup-style",G="__authsignal-popup-iframe",J="385px",V=function(){function t(t){var e=t.width,n=t.isClosable;if(this.popup=null,document.querySelector("#".concat(W)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:e,isClosable:n})}return t.prototype.create=function(t){var e=this,n=t.width,o=void 0===n?J:n,i=t.isClosable,r=void 0===i||i,a=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),a=J);var s=document.createElement("div");s.setAttribute("id",W),s.setAttribute("aria-hidden","true"),r||s.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",q),r&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",M),document.body.appendChild(s);var l=document.createElement("style");l.setAttribute("id",F),l.textContent="\n      #".concat(W,",\n      #").concat(q," {\n        position: fixed;\n        top: 0;\n        right: 0;\n        bottom: 0;\n        left: 0;\n      }\n\n      #").concat(W," {\n        z-index: 2147483647;\n        display: flex;\n      }\n\n      #").concat(W,"[aria-hidden='true'] {\n        display: none;\n      }\n\n      #").concat(q," {\n        background-color: rgba(0, 0, 0, 0.18);\n      }\n\n      #").concat(M," {\n        margin: auto;\n        z-index: 2147483647;\n        position: relative;\n        background-color: transparent;\n        border-radius: 8px;\n        width: ").concat(a,";\n      }\n\n      #").concat(M," iframe {\n        width: 1px;\n        min-width: 100%;\n        border-radius: inherit;\n        max-height: 95vh;\n        height: ").concat("384px",";\n      }\n    "),document.head.insertAdjacentElement("beforeend",l),s.appendChild(c),s.appendChild(u),this.popup=new j(s),s.focus(),this.popup.on("hide",(function(){e.destroy()}))},t.prototype.destroy=function(){var t=document.querySelector("#".concat(W)),e=document.querySelector("#".concat(F));t&&e&&(document.body.removeChild(t),document.head.removeChild(e)),window.removeEventListener("message",z)},t.prototype.show=function(t){var e,n=t.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",G),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var i=document.querySelector("#".concat(M));i&&i.appendChild(o),window.addEventListener("message",z),null===(e=this.popup)||void 0===e||e.show()},t.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},t.prototype.on=function(t,e){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(t,e)},t}();function z(t){var e=document.querySelector("#".concat(G));e&&t.data.height&&(e.style.height=t.data.height+"px")}var B=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:A({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={verificationCode:n},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),Y=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new B({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),X=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.email;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={email:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:this.buildHeaders(e)})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={verificationCode:n},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:this.buildHeaders(e),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.buildHeaders=function(t){return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(this.tenantId)))}},t}(),Q=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new X({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.email;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,email:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),Z=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.tenantId=n,this.baseUrl=e}return t.prototype.enroll=function(t){var e=t.token,n=t.phoneNumber;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={phoneNumber:n},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t.prototype.challenge=function(t){var e=t.token;return u(this,void 0,void 0,(function(){return l(this,(function(t){switch(t.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:A({token:e,tenantId:this.tenantId})})];case 1:return[2,t.sent().json()]}}))}))},t.prototype.verify=function(t){var e=t.token,n=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(o){switch(o.label){case 0:return t={verificationCode:n},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:A({token:e,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[2,o.sent().json()]}}))}))},t}(),tt=function(){function t(t){var e=t.baseUrl,n=t.tenantId;this.cache=R.shared,this.api=new Z({baseUrl:e,tenantId:n})}return t.prototype.enroll=function(t){var e=t.phoneNumber;return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.enroll({token:this.cache.token,phoneNumber:e})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.challenge=function(){return u(this,void 0,void 0,(function(){return l(this,(function(t){return this.cache.token?[2,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()]}))}))},t.prototype.verify=function(t){var e=t.code;return u(this,void 0,void 0,(function(){var t;return l(this,(function(n){switch(n.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:e})]:[2,this.cache.handleTokenNotSetError()];case 1:return(t=n.sent()).token&&(this.cache.token=t.token),[2,t]}}))}))},t}(),et="4a08uqve",nt=function(){function e(t){var e=t.cookieDomain,n=t.cookieName,o=void 0===n?"__as_aid":n,i=t.baseUrl,r=void 0===i?"https://api.authsignal.com/v1":i,c=t.tenantId;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=e||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!c)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=a(),s({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new S({tenantId:c,baseUrl:r,anonymousId:this.anonymousId}),this.totp=new Y({tenantId:c,baseUrl:r}),this.email=new Q({tenantId:c,baseUrl:r}),this.sms=new tt({tenantId:c,baseUrl:r})}return e.prototype.setToken=function(t){R.shared.token=t},e.prototype.launch=function(t,e){switch(null==e?void 0:e.mode){case"window":return this.launchWithWindow(t,e);case"popup":return this.launchWithPopup(t,e);default:this.launchWithRedirect(t)}},e.prototype.initAdvancedProfiling=function(t){var e=a();this.profilingId=e,s({name:"__as_pid",value:e,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=t?"".concat(t,"/fp/tags.js?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(et,"&session_id=").concat(e),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var i=document.createElement("noscript");i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("aria-hidden","true");var r=document.createElement("iframe"),c=t?"".concat(t,"/fp/tags?org_id=").concat(et,"&session_id=").concat(e):"https://h.online-metrix.net/fp/tags?org_id=".concat(et,"&session_id=").concat(e);r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("src",c),r.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),i&&(i.appendChild(r),document.body.prepend(i))},e.prototype.launchWithRedirect=function(t){window.location.href=t},e.prototype.launchWithPopup=function(e,n){var o=n.popupOptions,i=new V({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),r="".concat(e,"&mode=popup");return i.show({url:r}),new Promise((function(e){var n=void 0;i.on("hide",(function(){e({token:n})})),window.addEventListener("message",(function(e){var o=null;try{o=JSON.parse(e.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,i.close())}),!1)}))},e.prototype.launchWithWindow=function(e,n){var o=n.windowOptions,i=new _,r="".concat(e,"&mode=popup");return i.show({url:r,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(e){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(t){}(null==o?void 0:o.event)===t.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(i.close(),e({token:o.token}))}),!1)}))},e}();return t.Authsignal=nt,Object.defineProperty(t,"__esModule",{value:!0}),t}({});

package/dist/passkey.d.ts

@@ -0,0 +1,42 @@
+import { PasskeyApiClient } from "./api";
+import { AuthenticatorAttachment } from "@simplewebauthn/types";
+import { AuthsignalResponse } from "./api/types/shared";
+declare type PasskeyOptions = {
+    baseUrl: string;
+    tenantId: string;
+    anonymousId: string;
+};
+declare type SignUpParams = {
+    userName?: string;
+    userDisplayName?: string;
+    token: string;
+    authenticatorAttachment?: AuthenticatorAttachment | null;
+};
+declare type SignUpResponse = {
+    token?: string;
+};
+declare type SignInParams = {
+    token?: string;
+    autofill?: boolean;
+    action?: string;
+    onVerificationStarted?: () => unknown;
+};
+declare type SignInResponse = {
+    token?: string;
+    userId?: string;
+    userAuthenticatorId?: string;
+    userName?: string;
+    userDisplayName?: string;
+};
+export declare class Passkey {
+    api: PasskeyApiClient;
+    private passkeyLocalStorageKey;
+    private anonymousId;
+    private cache;
+    constructor({ baseUrl, tenantId, anonymousId }: PasskeyOptions);
+    signUp({ userName, userDisplayName, token, authenticatorAttachment, }: SignUpParams): Promise<AuthsignalResponse<SignUpResponse | undefined>>;
+    signIn(params?: SignInParams): Promise<SignInResponse | undefined>;
+    isAvailableOnDevice(): Promise<boolean>;
+    private storeCredentialAgainstDevice;
+}
+export {};

package/dist/sms.d.ts

@@ -0,0 +1,20 @@
+import { AuthsignalResponse, ChallengeResponse, EnrollResponse, VerifyResponse } from "./api/types/shared";
+declare type SmsOptions = {
+    baseUrl: string;
+    tenantId: string;
+};
+declare type EnrollParams = {
+    phoneNumber: string;
+};
+declare type VerifyParams = {
+    code: string;
+};
+export declare class Sms {
+    private api;
+    private cache;
+    constructor({ baseUrl, tenantId }: SmsOptions);
+    enroll({ phoneNumber }: EnrollParams): Promise<AuthsignalResponse<EnrollResponse>>;
+    challenge(): Promise<AuthsignalResponse<ChallengeResponse>>;
+    verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
+}
+export {};

package/dist/token-cache.d.ts

@@ -0,0 +1,6 @@
+import { ErrorResponse } from "./api/types/shared";
+export declare class TokenCache {
+    token: string | null;
+    static shared: TokenCache;
+    handleTokenNotSetError(): ErrorResponse;
+}

package/dist/totp.d.ts

@@ -0,0 +1,17 @@
+import { AuthsignalResponse, VerifyResponse } from "./api/types/shared";
+import { EnrollResponse } from "./api/types/totp";
+declare type TotpOptions = {
+    baseUrl: string;
+    tenantId: string;
+};
+declare type VerifyParams = {
+    code: string;
+};
+export declare class Totp {
+    private api;
+    private cache;
+    constructor({ baseUrl, tenantId }: TotpOptions);
+    enroll(): Promise<AuthsignalResponse<EnrollResponse>>;
+    verify({ code }: VerifyParams): Promise<AuthsignalResponse<VerifyResponse>>;
+}
+export {};

package/dist/types.d.ts

@@ -0,0 +1,66 @@
+declare type BaseLaunchOptions = {
+    /**
+     *  How the Authsignal Prebuilt MFA page should launch.
+     *  `popup` will cause it to open in a overlay, whilst `redirect`
+     *  will trigger a full page redirect.
+     *  If no value is supplied, mode defaults to `redirect`.
+     */
+    mode?: "popup" | "redirect" | "window";
+};
+export declare type RedirectLaunchOptions = BaseLaunchOptions & {
+    mode: "redirect";
+};
+export declare type PopupLaunchOptions = BaseLaunchOptions & {
+    mode: "popup";
+    popupOptions?: {
+        /** Any valid CSS value for the `width` property. */
+        width?: string;
+        /**
+         * @deprecated The popup will automatically resize to fit the content.
+         */
+        height?: string;
+        /**
+         * Whether the popup is closable with the escape key and by clicking the backdrop.
+         */
+        isClosable?: boolean;
+    };
+};
+export declare type WindowLaunchOptions = BaseLaunchOptions & {
+    mode: "window";
+    windowOptions?: {
+        width?: number;
+        height?: number;
+    };
+};
+export declare type LaunchOptions = RedirectLaunchOptions | PopupLaunchOptions | WindowLaunchOptions;
+export declare type AuthsignalOptions = {
+    /**
+     * Cookie domain that will be used to identify
+     * users. If not set, location.hostname will be used
+     */
+    cookieDomain?: string;
+    /**
+     * Tracking host (where API calls will be sent). If not set,
+     * we'd try to do the best to "guess" it. Last resort is t.authsignal.com.
+     *
+     * Though this parameter is not required, it's highly recommended to set is explicitly
+     */
+    trackingHost?: string;
+    /**
+     * Name of id cookie. `__as_aid` by default
+     */
+    cookieName?: string;
+    baseUrl?: string;
+    tenantId: string;
+};
+export declare enum AuthsignalWindowMessage {
+    AUTHSIGNAL_CLOSE_POPUP = "AUTHSIGNAL_CLOSE_POPUP"
+}
+export declare type AuthsignalWindowMessageData = {
+    event: AuthsignalWindowMessage;
+    token: string;
+};
+export declare type TokenPayload = {
+    token?: string;
+};
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@authsignal/browser",
-  "version": "0.5.5",
+  "version": "0.5.7",
   "type": "module",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -34,7 +34,6 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^14.1.0",
     "@rollup/plugin-terser": "^0.4.3",
     "@rollup/plugin-typescript": "^8.5.0",