@authsignal/browser 1.6.1 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/api/push-api-client.d.ts +13 -0
  2. package/dist/api/qr-code-api-client.d.ts +2 -1
  3. package/dist/api/types/push.d.ts +8 -0
  4. package/dist/api/types/qr-code.d.ts +5 -1
  5. package/dist/api/types/websocket.d.ts +40 -0
  6. package/dist/api/websocket-client.d.ts +24 -0
  7. package/dist/authsignal.d.ts +2 -0
  8. package/dist/index.d.ts +2 -0
  9. package/dist/index.js +567 -8
  10. package/dist/index.min.js +1 -1
  11. package/dist/push.d.ts +19 -0
  12. package/dist/qr-code/base-qr-handler.d.ts +17 -0
  13. package/dist/qr-code/rest-qr-handler.d.ts +24 -0
  14. package/dist/qr-code/websocket-qr-handler.d.ts +16 -0
  15. package/dist/qr-code.d.ts +22 -9
  16. package/package.json +2 -1
package/dist/api/push-api-client.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ import { ApiClientOptions, ErrorResponse } from "./types/shared";
2
+ import { PushChallengeResponse, PushVerifyResponse } from "./types/push";
3
+ export declare class PushApiClient {
4
+ tenantId: string;
5
+ baseUrl: string;
6
+ constructor({ baseUrl, tenantId }: ApiClientOptions);
7
+ challenge({ action }: {
8
+ action: string;
9
+ }): Promise<PushChallengeResponse | ErrorResponse>;
10
+ verify({ challengeId }: {
11
+ challengeId: string;
12
+ }): Promise<PushVerifyResponse | ErrorResponse>;
13
+ }
package/dist/api/qr-code-api-client.d.ts CHANGED
@@ -4,8 +4,9 @@ export declare class QrCodeApiClient {
4
4
  tenantId: string;
5
5
  baseUrl: string;
6
6
  constructor({ baseUrl, tenantId }: ApiClientOptions);
7
- challenge({ action }: {
7
+ challenge({ action, custom, }: {
8
8
  action: string;
9
+ custom?: Record<string, unknown>;
9
10
  }): Promise<QrCodeChallengeResponse | ErrorResponse>;
10
11
  verify({ challengeId, deviceCode, }: {
11
12
  challengeId: string;
package/dist/api/types/push.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ export type PushChallengeResponse = {
2
+ challengeId: string;
3
+ };
4
+ export type PushVerifyResponse = {
5
+ isVerified: boolean;
6
+ isConsumed: boolean;
7
+ accessToken?: string;
8
+ };
package/dist/api/types/qr-code.d.ts CHANGED
@@ -1,6 +1,10 @@
1
1
  export type QrCodeChallengeResponse = {
2
2
  challengeId: string;
3
- deviceCode: string;
3
+ expiresAt: string;
4
+ /**
5
+ * Only available in polling mode
6
+ */
7
+ deviceCode?: string;
4
8
  };
5
9
  export type QrCodeVerifyResponse = {
6
10
  isClaimed: boolean;
package/dist/api/types/websocket.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ export type WebSocketMessageType = "CREATE_CHALLENGE" | "CHALLENGE_CREATED" | "STATE_CHANGE";
2
+ export type ChallengeState = "unclaimed" | "claimed" | "approved" | "rejected";
3
+ export interface CreateChallengeMessage {
4
+ type: "CREATE_CHALLENGE";
5
+ data: {
6
+ challengeType: "QR_CODE";
7
+ actionCode: string;
8
+ custom?: Record<string, unknown>;
9
+ };
10
+ }
11
+ export interface ChallengeCreatedMessage {
12
+ type: "CHALLENGE_CREATED";
13
+ data: {
14
+ challengeId: string;
15
+ challengeType: "QR_CODE";
16
+ expiresAt: string;
17
+ state: ChallengeState;
18
+ };
19
+ }
20
+ export interface StateChangeMessage {
21
+ type: "STATE_CHANGE";
22
+ data: {
23
+ challengeId: string;
24
+ state: ChallengeState;
25
+ accessToken?: string;
26
+ };
27
+ }
28
+ export type WebSocketMessage = CreateChallengeMessage | ChallengeCreatedMessage | StateChangeMessage;
29
+ export interface WebSocketQrCodeOptions {
30
+ action: string;
31
+ custom?: Record<string, unknown>;
32
+ refreshInterval?: number;
33
+ onRefresh?: (challengeId: string, expiresAt: string) => void;
34
+ onStateChange?: (state: ChallengeState, accessToken?: string) => void;
35
+ }
36
+ export interface WebSocketQrCodeResponse {
37
+ challengeId: string;
38
+ expiresAt: string;
39
+ state: ChallengeState;
40
+ }
package/dist/api/websocket-client.d.ts ADDED
@@ -0,0 +1,24 @@
1
+ import { WebSocketQrCodeOptions, WebSocketQrCodeResponse } from "./types/websocket";
2
+ export declare class WebSocketClient {
3
+ private ws;
4
+ private baseUrl;
5
+ private tenantId;
6
+ private messageHandlers;
7
+ private options;
8
+ private refreshInterval;
9
+ constructor({ baseUrl, tenantId }: {
10
+ baseUrl: string;
11
+ tenantId: string;
12
+ });
13
+ connect(): Promise<void>;
14
+ private handleMessage;
15
+ createQrCodeChallenge(options: WebSocketQrCodeOptions): Promise<WebSocketQrCodeResponse>;
16
+ private monitorChallengeState;
17
+ private startRefreshCycle;
18
+ private sendChallengeRequest;
19
+ private sendMessage;
20
+ refreshQrCodeChallenge({ custom }: {
21
+ custom?: Record<string, any>;
22
+ }): Promise<WebSocketQrCodeResponse>;
23
+ disconnect(): void;
24
+ }
package/dist/authsignal.d.ts CHANGED
@@ -6,6 +6,7 @@ import { Sms } from "./sms";
6
6
  import { EmailMagicLink } from "./email-magic-link";
7
7
  import { SecurityKey } from "./security-key";
8
8
  import { QrCode } from "./qr-code";
9
+ import { Push } from "./push";
9
10
  export declare class Authsignal {
10
11
  anonymousId: string;
11
12
  profilingId: string;
@@ -18,6 +19,7 @@ export declare class Authsignal {
18
19
  sms: Sms;
19
20
  securityKey: SecurityKey;
20
21
  qrCode: QrCode;
22
+ push: Push;
21
23
  constructor({ cookieDomain, cookieName, baseUrl, tenantId, onTokenExpired, }: AuthsignalOptions);
22
24
  setToken(token: string): void;
23
25
  launch(url: string, options?: {
package/dist/index.d.ts CHANGED
@@ -3,3 +3,5 @@ export * from "./types";
3
3
  export type { Authenticator, VerificationMethod, EnrollResponse, ChallengeResponse } from "./api/types/shared";
4
4
  export type { EnrollTotpResponse } from "./api/types/totp";
5
5
  export type { QrCodeChallengeResponse, QrCodeVerifyResponse } from "./api/types/qr-code";
6
+ export type { PushChallengeResponse, PushVerifyResponse } from "./api/types/push";
7
+ export type { WebSocketQrCodeOptions, WebSocketQrCodeResponse, ChallengeState } from "./api/types/websocket";
package/dist/index.js CHANGED
@@ -77,6 +77,22 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
77
77
  OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
78
78
  PERFORMANCE OF THIS SOFTWARE.
79
79
  ***************************************************************************** */
80
+ /* global Reflect, Promise */
81
+
82
+ var extendStatics = function(d, b) {
83
+ extendStatics = Object.setPrototypeOf ||
84
+ ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
85
+ function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
86
+ return extendStatics(d, b);
87
+ };
88
+
89
+ function __extends(d, b) {
90
+ if (typeof b !== "function" && b !== null)
91
+ throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
92
+ extendStatics(d, b);
93
+ function __() { this.constructor = d; }
94
+ d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
95
+ }
80
96
 
81
97
  var __assign = function() {
82
98
  __assign = Object.assign || function __assign(t) {
@@ -2574,11 +2590,11 @@ var QrCodeApiClient = /** @class */ (function () {
2574
2590
  QrCodeApiClient.prototype.challenge = function (_a) {
2575
2591
  return __awaiter(this, arguments, void 0, function (_b) {
2576
2592
  var body, response, responseJson;
2577
- var action = _b.action;
2593
+ var action = _b.action, custom = _b.custom;
2578
2594
  return __generator(this, function (_c) {
2579
2595
  switch (_c.label) {
2580
2596
  case 0:
2581
- body = { action: action };
2597
+ body = { action: action, custom: custom };
2582
2598
  return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/challenge/qr-code"), {
2583
2599
  method: "POST",
2584
2600
  headers: buildHeaders({ tenantId: this.tenantId }),
@@ -2620,12 +2636,554 @@ var QrCodeApiClient = /** @class */ (function () {
2620
2636
  return QrCodeApiClient;
2621
2637
  }());
2622
2638
 
2639
+ var BaseQrHandler = /** @class */ (function () {
2640
+ function BaseQrHandler() {
2641
+ }
2642
+ return BaseQrHandler;
2643
+ }());
2644
+
2645
+ var DEFAULT_REFRESH_INTERVAL = 9 * 60 * 1000;
2646
+ var DEFAULT_POLL_INTERVAL = 5 * 1000;
2647
+ var RestQrHandler = /** @class */ (function (_super) {
2648
+ __extends(RestQrHandler, _super);
2649
+ function RestQrHandler(_a) {
2650
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
2651
+ var _this = _super.call(this) || this;
2652
+ _this.api = new QrCodeApiClient({ baseUrl: baseUrl, tenantId: tenantId });
2653
+ return _this;
2654
+ }
2655
+ RestQrHandler.prototype.challenge = function (params) {
2656
+ return __awaiter(this, void 0, void 0, function () {
2657
+ var response, result, pollInterval_1, refreshInterval, onRefresh_1;
2658
+ var _this = this;
2659
+ return __generator(this, function (_a) {
2660
+ switch (_a.label) {
2661
+ case 0: return [4 /*yield*/, this.api.challenge({ action: params.action, custom: params.custom })];
2662
+ case 1:
2663
+ response = _a.sent();
2664
+ result = handleApiResponse(response);
2665
+ if (result.data) {
2666
+ this.currentChallengeParams = params;
2667
+ this.clearPolling();
2668
+ pollInterval_1 = params.pollInterval || DEFAULT_POLL_INTERVAL;
2669
+ refreshInterval = params.refreshInterval || DEFAULT_REFRESH_INTERVAL;
2670
+ if (result.data.deviceCode) {
2671
+ this.startPolling({
2672
+ challengeId: result.data.challengeId,
2673
+ deviceCode: result.data.deviceCode,
2674
+ onStateChange: params.onStateChange,
2675
+ pollInterval: pollInterval_1,
2676
+ });
2677
+ }
2678
+ if (params.onRefresh) {
2679
+ onRefresh_1 = params.onRefresh;
2680
+ this.startRefreshTimer(function () { return _this.performRefresh(params.action, params.custom, onRefresh_1, params.onStateChange, pollInterval_1); }, refreshInterval);
2681
+ }
2682
+ }
2683
+ return [2 /*return*/, result];
2684
+ }
2685
+ });
2686
+ });
2687
+ };
2688
+ RestQrHandler.prototype.refresh = function () {
2689
+ return __awaiter(this, arguments, void 0, function (_a) {
2690
+ var response, result, refreshInterval, _b, action_1, custom_1, onRefresh_2, onStateChange_1, pollInterval_2;
2691
+ var _this = this;
2692
+ var _c = _a === void 0 ? {} : _a, custom = _c.custom;
2693
+ return __generator(this, function (_d) {
2694
+ switch (_d.label) {
2695
+ case 0:
2696
+ if (!this.currentChallengeParams)
2697
+ return [2 /*return*/];
2698
+ return [4 /*yield*/, this.api.challenge({
2699
+ action: this.currentChallengeParams.action,
2700
+ custom: custom || this.currentChallengeParams.custom,
2701
+ })];
2702
+ case 1:
2703
+ response = _d.sent();
2704
+ result = handleApiResponse(response);
2705
+ if (result.data) {
2706
+ this.clearPolling();
2707
+ if (this.currentChallengeParams.onRefresh) {
2708
+ this.currentChallengeParams.onRefresh(result.data.challengeId, result.data.expiresAt);
2709
+ }
2710
+ if (result.data.deviceCode) {
2711
+ this.startPolling({
2712
+ challengeId: result.data.challengeId,
2713
+ deviceCode: result.data.deviceCode,
2714
+ onStateChange: this.currentChallengeParams.onStateChange,
2715
+ pollInterval: this.currentChallengeParams.pollInterval || DEFAULT_POLL_INTERVAL,
2716
+ });
2717
+ }
2718
+ if (this.currentChallengeParams.onRefresh) {
2719
+ refreshInterval = this.currentChallengeParams.refreshInterval || DEFAULT_REFRESH_INTERVAL;
2720
+ _b = this.currentChallengeParams, action_1 = _b.action, custom_1 = _b.custom, onRefresh_2 = _b.onRefresh, onStateChange_1 = _b.onStateChange, pollInterval_2 = _b.pollInterval;
2721
+ this.startRefreshTimer(function () { return _this.performRefresh(action_1, custom_1, onRefresh_2, onStateChange_1, pollInterval_2 || DEFAULT_POLL_INTERVAL); }, refreshInterval);
2722
+ }
2723
+ }
2724
+ return [2 /*return*/];
2725
+ }
2726
+ });
2727
+ });
2728
+ };
2729
+ RestQrHandler.prototype.disconnect = function () {
2730
+ this.clearPolling();
2731
+ this.clearRefreshTimer();
2732
+ this.currentChallengeParams = undefined;
2733
+ };
2734
+ RestQrHandler.prototype.startRefreshTimer = function (callback, interval) {
2735
+ var _this = this;
2736
+ this.clearRefreshTimer();
2737
+ this.refreshTimeout = setTimeout(function () { return __awaiter(_this, void 0, void 0, function () {
2738
+ return __generator(this, function (_a) {
2739
+ switch (_a.label) {
2740
+ case 0: return [4 /*yield*/, callback()];
2741
+ case 1:
2742
+ _a.sent();
2743
+ this.startRefreshTimer(callback, interval);
2744
+ return [2 /*return*/];
2745
+ }
2746
+ });
2747
+ }); }, interval);
2748
+ };
2749
+ RestQrHandler.prototype.clearRefreshTimer = function () {
2750
+ if (this.refreshTimeout) {
2751
+ clearTimeout(this.refreshTimeout);
2752
+ this.refreshTimeout = undefined;
2753
+ }
2754
+ };
2755
+ RestQrHandler.prototype.performRefresh = function (action, custom, onRefresh, onStateChange, pollInterval) {
2756
+ return __awaiter(this, void 0, void 0, function () {
2757
+ var response, result;
2758
+ return __generator(this, function (_a) {
2759
+ switch (_a.label) {
2760
+ case 0: return [4 /*yield*/, this.api.challenge({ action: action, custom: custom })];
2761
+ case 1:
2762
+ response = _a.sent();
2763
+ result = handleApiResponse(response);
2764
+ if (result.data) {
2765
+ this.clearPolling();
2766
+ onRefresh(result.data.challengeId, result.data.expiresAt);
2767
+ if (result.data.deviceCode) {
2768
+ this.startPolling({
2769
+ challengeId: result.data.challengeId,
2770
+ deviceCode: result.data.deviceCode,
2771
+ onStateChange: onStateChange,
2772
+ pollInterval: pollInterval,
2773
+ });
2774
+ }
2775
+ }
2776
+ return [2 /*return*/];
2777
+ }
2778
+ });
2779
+ });
2780
+ };
2781
+ RestQrHandler.prototype.startPolling = function (_a) {
2782
+ var _this = this;
2783
+ var challengeId = _a.challengeId, deviceCode = _a.deviceCode, onStateChange = _a.onStateChange, pollInterval = _a.pollInterval;
2784
+ this.pollingInterval = setInterval(function () { return __awaiter(_this, void 0, void 0, function () {
2785
+ var response, result;
2786
+ return __generator(this, function (_a) {
2787
+ switch (_a.label) {
2788
+ case 0: return [4 /*yield*/, this.api.verify({ challengeId: challengeId, deviceCode: deviceCode })];
2789
+ case 1:
2790
+ response = _a.sent();
2791
+ result = handleApiResponse(response);
2792
+ if (result.data) {
2793
+ if (result.data.isVerified) {
2794
+ onStateChange("approved", result.data.token);
2795
+ this.clearPolling();
2796
+ }
2797
+ else if (result.data.isClaimed) {
2798
+ onStateChange("claimed");
2799
+ }
2800
+ }
2801
+ return [2 /*return*/];
2802
+ }
2803
+ });
2804
+ }); }, pollInterval);
2805
+ };
2806
+ RestQrHandler.prototype.clearPolling = function () {
2807
+ if (this.pollingInterval) {
2808
+ clearInterval(this.pollingInterval);
2809
+ this.pollingInterval = undefined;
2810
+ }
2811
+ };
2812
+ return RestQrHandler;
2813
+ }(BaseQrHandler));
2814
+
2815
+ var CHALLENGE_CREATED_HANDLER = "CHALLENGE_CREATED_HANDLER";
2816
+ var WebSocketClient = /** @class */ (function () {
2817
+ function WebSocketClient(_a) {
2818
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
2819
+ this.ws = null;
2820
+ this.messageHandlers = new Map();
2821
+ this.options = null;
2822
+ this.refreshInterval = null;
2823
+ var wsUrl = baseUrl
2824
+ .replace("https://", "wss://")
2825
+ .replace("http://", "ws://")
2826
+ .replace("v1", "ws-v1-challenge")
2827
+ .replace("api", "api-ws");
2828
+ this.baseUrl = wsUrl;
2829
+ this.tenantId = tenantId;
2830
+ }
2831
+ WebSocketClient.prototype.connect = function () {
2832
+ return __awaiter(this, void 0, void 0, function () {
2833
+ var _this = this;
2834
+ return __generator(this, function (_a) {
2835
+ return [2 /*return*/, new Promise(function (resolve, reject) {
2836
+ try {
2837
+ _this.ws = new WebSocket(_this.baseUrl, ["authsignal-ws", "x.authsignal.tenant.".concat(_this.tenantId)]);
2838
+ _this.ws.onopen = function () {
2839
+ resolve();
2840
+ };
2841
+ _this.ws.onerror = function (error) {
2842
+ reject(new Error("WebSocket connection error: ".concat(error)));
2843
+ };
2844
+ _this.ws.onclose = function () {
2845
+ if (_this.refreshInterval) {
2846
+ clearInterval(_this.refreshInterval);
2847
+ _this.refreshInterval = null;
2848
+ }
2849
+ _this.messageHandlers.clear();
2850
+ _this.ws = null;
2851
+ };
2852
+ _this.ws.onmessage = function (event) {
2853
+ try {
2854
+ var message = JSON.parse(event.data);
2855
+ _this.handleMessage(message);
2856
+ }
2857
+ catch (error) {
2858
+ console.error("Failed to parse WebSocket message:", error);
2859
+ }
2860
+ };
2861
+ }
2862
+ catch (error) {
2863
+ reject(error);
2864
+ }
2865
+ })];
2866
+ });
2867
+ });
2868
+ };
2869
+ WebSocketClient.prototype.handleMessage = function (message) {
2870
+ if (message.type === "CHALLENGE_CREATED") {
2871
+ var handler = this.messageHandlers.get(CHALLENGE_CREATED_HANDLER);
2872
+ if (handler) {
2873
+ handler(message);
2874
+ }
2875
+ else {
2876
+ throw new Error("Challenge created handler not found");
2877
+ }
2878
+ }
2879
+ else if (message.type === "STATE_CHANGE") {
2880
+ var handler = this.messageHandlers.get(message.data.challengeId);
2881
+ if (handler) {
2882
+ handler(message);
2883
+ }
2884
+ }
2885
+ };
2886
+ WebSocketClient.prototype.createQrCodeChallenge = function (options) {
2887
+ return __awaiter(this, void 0, void 0, function () {
2888
+ var _this = this;
2889
+ return __generator(this, function (_a) {
2890
+ switch (_a.label) {
2891
+ case 0:
2892
+ if (!(!this.ws || this.ws.readyState !== WebSocket.OPEN)) return [3 /*break*/, 2];
2893
+ return [4 /*yield*/, this.connect()];
2894
+ case 1:
2895
+ _a.sent();
2896
+ _a.label = 2;
2897
+ case 2:
2898
+ if (this.refreshInterval) {
2899
+ clearInterval(this.refreshInterval);
2900
+ }
2901
+ this.options = options;
2902
+ return [2 /*return*/, new Promise(function (resolve, reject) {
2903
+ var handler = function (message) {
2904
+ if (message.type === "CHALLENGE_CREATED") {
2905
+ var created = message;
2906
+ _this.messageHandlers.delete(CHALLENGE_CREATED_HANDLER);
2907
+ _this.monitorChallengeState(created.data.challengeId, options);
2908
+ _this.startRefreshCycle(created.data.challengeId, options);
2909
+ resolve({
2910
+ challengeId: created.data.challengeId,
2911
+ expiresAt: created.data.expiresAt,
2912
+ state: created.data.state,
2913
+ });
2914
+ }
2915
+ };
2916
+ _this.messageHandlers.set(CHALLENGE_CREATED_HANDLER, handler);
2917
+ _this.sendChallengeRequest(options).catch(reject);
2918
+ })];
2919
+ }
2920
+ });
2921
+ });
2922
+ };
2923
+ WebSocketClient.prototype.monitorChallengeState = function (challengeId, options) {
2924
+ var _this = this;
2925
+ this.messageHandlers.set(challengeId, function (message) {
2926
+ var _a;
2927
+ if (message.type === "STATE_CHANGE") {
2928
+ var stateMessage = message;
2929
+ (_a = options.onStateChange) === null || _a === void 0 ? void 0 : _a.call(options, stateMessage.data.state, stateMessage.data.accessToken);
2930
+ if (stateMessage.data.state === "approved" || stateMessage.data.state === "rejected") {
2931
+ _this.messageHandlers.delete(challengeId);
2932
+ }
2933
+ }
2934
+ });
2935
+ };
2936
+ WebSocketClient.prototype.startRefreshCycle = function (currentChallengeId, options) {
2937
+ var _this = this;
2938
+ var interval = options.refreshInterval || 9 * 60 * 1000;
2939
+ var challengeId = currentChallengeId;
2940
+ this.refreshInterval = setInterval(function () { return __awaiter(_this, void 0, void 0, function () {
2941
+ var newChallenge, error_1;
2942
+ var _a;
2943
+ return __generator(this, function (_b) {
2944
+ switch (_b.label) {
2945
+ case 0:
2946
+ this.messageHandlers.delete(challengeId);
2947
+ _b.label = 1;
2948
+ case 1:
2949
+ _b.trys.push([1, 3, , 4]);
2950
+ return [4 /*yield*/, this.createQrCodeChallenge(options)];
2951
+ case 2:
2952
+ newChallenge = _b.sent();
2953
+ challengeId = newChallenge.challengeId;
2954
+ (_a = options.onRefresh) === null || _a === void 0 ? void 0 : _a.call(options, newChallenge.challengeId, newChallenge.expiresAt);
2955
+ return [3 /*break*/, 4];
2956
+ case 3:
2957
+ error_1 = _b.sent();
2958
+ console.error("Failed to refresh QR code challenge:", error_1);
2959
+ if (this.refreshInterval) {
2960
+ clearInterval(this.refreshInterval);
2961
+ this.refreshInterval = null;
2962
+ }
2963
+ return [3 /*break*/, 4];
2964
+ case 4: return [2 /*return*/];
2965
+ }
2966
+ });
2967
+ }); }, interval);
2968
+ };
2969
+ WebSocketClient.prototype.sendChallengeRequest = function (options) {
2970
+ return __awaiter(this, void 0, void 0, function () {
2971
+ return __generator(this, function (_a) {
2972
+ switch (_a.label) {
2973
+ case 0:
2974
+ if (!(!this.ws || this.ws.readyState !== WebSocket.OPEN)) return [3 /*break*/, 2];
2975
+ return [4 /*yield*/, this.connect()];
2976
+ case 1:
2977
+ _a.sent();
2978
+ _a.label = 2;
2979
+ case 2:
2980
+ if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
2981
+ throw new Error("WebSocket connection could not be established");
2982
+ }
2983
+ this.sendMessage({
2984
+ type: "CREATE_CHALLENGE",
2985
+ data: {
2986
+ challengeType: "QR_CODE",
2987
+ actionCode: options.action,
2988
+ custom: options.custom,
2989
+ },
2990
+ });
2991
+ return [2 /*return*/];
2992
+ }
2993
+ });
2994
+ });
2995
+ };
2996
+ WebSocketClient.prototype.sendMessage = function (message) {
2997
+ if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
2998
+ throw new Error("WebSocket not connected");
2999
+ }
3000
+ this.ws.send(JSON.stringify(message));
3001
+ };
3002
+ WebSocketClient.prototype.refreshQrCodeChallenge = function (_a) {
3003
+ return __awaiter(this, arguments, void 0, function (_b) {
3004
+ var newChallenge;
3005
+ var _c, _d;
3006
+ var custom = _b.custom;
3007
+ return __generator(this, function (_e) {
3008
+ switch (_e.label) {
3009
+ case 0:
3010
+ if (!this.options) {
3011
+ throw new Error("Call createQrCodeChallenge first");
3012
+ }
3013
+ return [4 /*yield*/, this.createQrCodeChallenge(__assign(__assign({}, this.options), (custom !== undefined && { custom: custom })))];
3014
+ case 1:
3015
+ newChallenge = _e.sent();
3016
+ (_d = (_c = this.options).onRefresh) === null || _d === void 0 ? void 0 : _d.call(_c, newChallenge.challengeId, newChallenge.expiresAt);
3017
+ return [2 /*return*/, newChallenge];
3018
+ }
3019
+ });
3020
+ });
3021
+ };
3022
+ WebSocketClient.prototype.disconnect = function () {
3023
+ if (this.ws) {
3024
+ this.ws.close();
3025
+ }
3026
+ };
3027
+ return WebSocketClient;
3028
+ }());
3029
+
3030
+ var WebSocketQrHandler = /** @class */ (function (_super) {
3031
+ __extends(WebSocketQrHandler, _super);
3032
+ function WebSocketQrHandler(_a) {
3033
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
3034
+ var _this = _super.call(this) || this;
3035
+ _this.wsClient = new WebSocketClient({ baseUrl: baseUrl, tenantId: tenantId });
3036
+ return _this;
3037
+ }
3038
+ WebSocketQrHandler.prototype.challenge = function (params) {
3039
+ return __awaiter(this, void 0, void 0, function () {
3040
+ var response;
3041
+ return __generator(this, function (_a) {
3042
+ switch (_a.label) {
3043
+ case 0: return [4 /*yield*/, this.wsClient.createQrCodeChallenge({
3044
+ action: params.action,
3045
+ custom: params.custom,
3046
+ refreshInterval: params.refreshInterval,
3047
+ onRefresh: params.onRefresh,
3048
+ onStateChange: params.onStateChange,
3049
+ })];
3050
+ case 1:
3051
+ response = _a.sent();
3052
+ return [2 /*return*/, {
3053
+ data: {
3054
+ challengeId: response.challengeId,
3055
+ expiresAt: response.expiresAt,
3056
+ },
3057
+ }];
3058
+ }
3059
+ });
3060
+ });
3061
+ };
3062
+ WebSocketQrHandler.prototype.refresh = function () {
3063
+ return __awaiter(this, arguments, void 0, function (_a) {
3064
+ var _b = _a === void 0 ? {} : _a, custom = _b.custom;
3065
+ return __generator(this, function (_c) {
3066
+ switch (_c.label) {
3067
+ case 0: return [4 /*yield*/, this.wsClient.refreshQrCodeChallenge({ custom: custom })];
3068
+ case 1:
3069
+ _c.sent();
3070
+ return [2 /*return*/];
3071
+ }
3072
+ });
3073
+ });
3074
+ };
3075
+ WebSocketQrHandler.prototype.disconnect = function () {
3076
+ this.wsClient.disconnect();
3077
+ };
3078
+ return WebSocketQrHandler;
3079
+ }(BaseQrHandler));
3080
+
2623
3081
  var QrCode = /** @class */ (function () {
2624
3082
  function QrCode(_a) {
2625
3083
  var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
2626
- this.api = new QrCodeApiClient({ baseUrl: baseUrl, tenantId: tenantId });
3084
+ this.handler = null;
3085
+ this.baseUrl = baseUrl;
3086
+ this.tenantId = tenantId;
3087
+ }
3088
+ QrCode.prototype.challenge = function (params) {
3089
+ return __awaiter(this, void 0, void 0, function () {
3090
+ var _a, polling, challengeParams;
3091
+ return __generator(this, function (_b) {
3092
+ _a = params.polling, polling = _a === void 0 ? false : _a, challengeParams = __rest(params, ["polling"]);
3093
+ if (this.handler) {
3094
+ this.handler.disconnect();
3095
+ }
3096
+ if (polling) {
3097
+ this.handler = new RestQrHandler({ baseUrl: this.baseUrl, tenantId: this.tenantId });
3098
+ }
3099
+ else {
3100
+ this.handler = new WebSocketQrHandler({ baseUrl: this.baseUrl, tenantId: this.tenantId });
3101
+ }
3102
+ return [2 /*return*/, this.handler.challenge(challengeParams)];
3103
+ });
3104
+ });
3105
+ };
3106
+ QrCode.prototype.refresh = function () {
3107
+ return __awaiter(this, arguments, void 0, function (_a) {
3108
+ var _b = _a === void 0 ? {} : _a, custom = _b.custom;
3109
+ return __generator(this, function (_c) {
3110
+ if (!this.handler) {
3111
+ throw new Error("challenge() must be called before refresh()");
3112
+ }
3113
+ return [2 /*return*/, this.handler.refresh({ custom: custom })];
3114
+ });
3115
+ });
3116
+ };
3117
+ QrCode.prototype.disconnect = function () {
3118
+ if (this.handler) {
3119
+ this.handler.disconnect();
3120
+ this.handler = null;
3121
+ }
3122
+ };
3123
+ return QrCode;
3124
+ }());
3125
+
3126
+ var PushApiClient = /** @class */ (function () {
3127
+ function PushApiClient(_a) {
3128
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
3129
+ this.tenantId = tenantId;
3130
+ this.baseUrl = baseUrl;
3131
+ }
3132
+ PushApiClient.prototype.challenge = function (_a) {
3133
+ return __awaiter(this, arguments, void 0, function (_b) {
3134
+ var body, response, responseJson;
3135
+ var action = _b.action;
3136
+ return __generator(this, function (_c) {
3137
+ switch (_c.label) {
3138
+ case 0:
3139
+ body = { action: action };
3140
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/challenge/push"), {
3141
+ method: "POST",
3142
+ headers: buildHeaders({ tenantId: this.tenantId }),
3143
+ body: JSON.stringify(body),
3144
+ })];
3145
+ case 1:
3146
+ response = _c.sent();
3147
+ return [4 /*yield*/, response.json()];
3148
+ case 2:
3149
+ responseJson = _c.sent();
3150
+ return [2 /*return*/, responseJson];
3151
+ }
3152
+ });
3153
+ });
3154
+ };
3155
+ PushApiClient.prototype.verify = function (_a) {
3156
+ return __awaiter(this, arguments, void 0, function (_b) {
3157
+ var body, response, responseJson;
3158
+ var challengeId = _b.challengeId;
3159
+ return __generator(this, function (_c) {
3160
+ switch (_c.label) {
3161
+ case 0:
3162
+ body = { challengeId: challengeId };
3163
+ return [4 /*yield*/, fetch("".concat(this.baseUrl, "/client/verify/push"), {
3164
+ method: "POST",
3165
+ headers: buildHeaders({ tenantId: this.tenantId }),
3166
+ body: JSON.stringify(body),
3167
+ })];
3168
+ case 1:
3169
+ response = _c.sent();
3170
+ return [4 /*yield*/, response.json()];
3171
+ case 2:
3172
+ responseJson = _c.sent();
3173
+ return [2 /*return*/, responseJson];
3174
+ }
3175
+ });
3176
+ });
3177
+ };
3178
+ return PushApiClient;
3179
+ }());
3180
+
3181
+ var Push = /** @class */ (function () {
3182
+ function Push(_a) {
3183
+ var baseUrl = _a.baseUrl, tenantId = _a.tenantId;
3184
+ this.api = new PushApiClient({ baseUrl: baseUrl, tenantId: tenantId });
2627
3185
  }
2628
- QrCode.prototype.challenge = function (_a) {
3186
+ Push.prototype.challenge = function (_a) {
2629
3187
  return __awaiter(this, arguments, void 0, function (_b) {
2630
3188
  var response;
2631
3189
  var action = _b.action;
@@ -2639,13 +3197,13 @@ var QrCode = /** @class */ (function () {
2639
3197
  });
2640
3198
  });
2641
3199
  };
2642
- QrCode.prototype.verify = function (_a) {
3200
+ Push.prototype.verify = function (_a) {
2643
3201
  return __awaiter(this, arguments, void 0, function (_b) {
2644
3202
  var response;
2645
- var challengeId = _b.challengeId, deviceCode = _b.deviceCode;
3203
+ var challengeId = _b.challengeId;
2646
3204
  return __generator(this, function (_c) {
2647
3205
  switch (_c.label) {
2648
- case 0: return [4 /*yield*/, this.api.verify({ challengeId: challengeId, deviceCode: deviceCode })];
3206
+ case 0: return [4 /*yield*/, this.api.verify({ challengeId: challengeId })];
2649
3207
  case 1:
2650
3208
  response = _c.sent();
2651
3209
  return [2 /*return*/, handleApiResponse(response)];
@@ -2653,7 +3211,7 @@ var QrCode = /** @class */ (function () {
2653
3211
  });
2654
3212
  });
2655
3213
  };
2656
- return QrCode;
3214
+ return Push;
2657
3215
  }());
2658
3216
 
2659
3217
  var DEFAULT_COOKIE_NAME = "__as_aid";
@@ -2693,6 +3251,7 @@ var Authsignal = /** @class */ (function () {
2693
3251
  this.sms = new Sms({ tenantId: tenantId, baseUrl: baseUrl, onTokenExpired: onTokenExpired });
2694
3252
  this.securityKey = new SecurityKey({ tenantId: tenantId, baseUrl: baseUrl, onTokenExpired: onTokenExpired });
2695
3253
  this.qrCode = new QrCode({ tenantId: tenantId, baseUrl: baseUrl });
3254
+ this.push = new Push({ tenantId: tenantId, baseUrl: baseUrl });
2696
3255
  }
2697
3256
  Authsignal.prototype.setToken = function (token) {
2698
3257
  TokenCache.shared.token = token;
package/dist/index.min.js CHANGED
@@ -1 +1 @@
1
- var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function o(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const r=[];for(let e=0;e<256;++e)r.push((e+256).toString(16).slice(1));var i={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function s(e,t,n){if(i.randomUUID&&!t&&!e)return i.randomUUID();const s=(e=e||{}).random||(e.rng||o)();if(s[6]=15&s[6]|64,s[8]=63&s[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=s[e];return t}return function(e,t=0){return(r[e[t+0]]+r[e[t+1]]+r[e[t+2]]+r[e[t+3]]+"-"+r[e[t+4]]+r[e[t+5]]+"-"+r[e[t+6]]+r[e[t+7]]+"-"+r[e[t+8]]+r[e[t+9]]+"-"+r[e[t+10]]+r[e[t+11]]+r[e[t+12]]+r[e[t+13]]+r[e[t+14]]+r[e[t+15]]).toLowerCase()}(s)}var a=function(){return a=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},a.apply(this,arguments)};function c(e,t,n,o){return new(n||(n=Promise))((function(r,i){function s(e){try{c(o.next(e))}catch(e){i(e)}}function a(e){try{c(o.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?r(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(s,a)}c((o=o.apply(e,t||[])).next())}))}function u(e,t){var n,o,r,i,s={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(i){return function(a){return function(i){if(n)throw new TypeError("Generator is already executing.");for(;s;)try{if(n=1,o&&(r=2&i[0]?o.return:i[0]?o.throw||((r=o.return)&&r.call(o),0):o.next)&&!(r=r.call(o,i[1])).done)return r;switch(o=0,r&&(i=[2&i[0],r.value]),i[0]){case 0:case 1:r=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,o=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(r=s.trys,(r=r.length>0&&r[r.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!r||i[1]>r[0]&&i[1]<r[3])){s.label=i[1];break}if(6===i[0]&&s.label<r[1]){s.label=r[1],r=i;break}if(r&&s.label<r[2]){s.label=r[2],s.ops.push(i);break}r[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],o=0}finally{n=r=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,a])}}}function l(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function h(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,o=t.padEnd(t.length+n,"="),r=atob(o),i=new ArrayBuffer(r.length),s=new Uint8Array(i);for(let e=0;e<r.length;e++)s[e]=r.charCodeAt(e);return i}function d(){return p.stubThis(void 0!==globalThis?.PublicKeyCredential&&"function"==typeof globalThis.PublicKeyCredential)}const p={stubThis:e=>e};function f(e){const{id:t}=e;return{...e,id:h(t),transports:e.transports}}function y(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class b extends Error{constructor({message:e,code:t,cause:n,name:o}){super(e,{cause:n}),Object.defineProperty(this,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.name=o??n.name,this.code=t}}const v=new class{constructor(){Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},m=["cross-platform","platform"];function g(e){if(e&&!(m.indexOf(e)<0))return e}async function w(e){!e.optionsJSON&&e.challenge&&(console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:t,useAutoRegister:n=!1}=e;if(!d())throw new Error("WebAuthn is not supported in this browser");const o={...t,challenge:h(t.challenge),user:{...t.user,id:h(t.user.id)},excludeCredentials:t.excludeCredentials?.map(f)},r={};let i;n&&(r.mediation="conditional"),r.publicKey=o,r.signal=v.createNewAbortSignal();try{i=await navigator.credentials.create(r)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new b({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new b({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("conditional"===t.mediation&&"required"===n.authenticatorSelection?.userVerification)return new b({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new b({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new b({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new b({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new b({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new b({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!y(t))return new b({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new b({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new b({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new b({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:r})}if(!i)throw new Error("Registration was not completed");const{id:s,rawId:a,response:c,type:u}=i;let p,m,w,E;if("function"==typeof c.getTransports&&(p=c.getTransports()),"function"==typeof c.getPublicKeyAlgorithm)try{m=c.getPublicKeyAlgorithm()}catch(e){k("getPublicKeyAlgorithm()",e)}if("function"==typeof c.getPublicKey)try{const e=c.getPublicKey();null!==e&&(w=l(e))}catch(e){k("getPublicKey()",e)}if("function"==typeof c.getAuthenticatorData)try{E=l(c.getAuthenticatorData())}catch(e){k("getAuthenticatorData()",e)}return{id:s,rawId:l(a),response:{attestationObject:l(c.attestationObject),clientDataJSON:l(c.clientDataJSON),transports:p,publicKeyAlgorithm:m,publicKey:w,authenticatorData:E},type:u,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:g(i.authenticatorAttachment)}}function k(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}const E={stubThis:e=>e};async function T(e){!e.optionsJSON&&e.challenge&&(console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:t,useBrowserAutofill:n=!1,verifyBrowserAutofillInput:o=!0}=e;if(!d())throw new Error("WebAuthn is not supported in this browser");let r;0!==t.allowCredentials?.length&&(r=t.allowCredentials?.map(f));const i={...t,challenge:h(t.challenge),allowCredentials:r},s={};if(n){if(!await function(){if(!d())return E.stubThis(new Promise((e=>e(!1))));const e=globalThis.PublicKeyCredential;return void 0===e?.isConditionalMediationAvailable?E.stubThis(new Promise((e=>e(!1)))):E.stubThis(e.isConditionalMediationAvailable())}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&o)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');s.mediation="conditional",i.allowCredentials=[]}let a;s.publicKey=i,s.signal=v.createNewAbortSignal();try{a=await navigator.credentials.get(s)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new b({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new b({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!y(t))return new b({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new b({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new b({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:s})}if(!a)throw new Error("Authentication was not completed");const{id:c,rawId:u,response:p,type:m}=a;let w;return p.userHandle&&(w=l(p.userHandle)),{id:c,rawId:l(u),response:{authenticatorData:l(p.authenticatorData),clientDataJSON:l(p.clientDataJSON),signature:l(p.signature),userHandle:w},type:m,clientExtensionResults:a.getClientExtensionResults(),authenticatorAttachment:g(a.authenticatorAttachment)}}function I(e){var t=e.name,n=e.value,o=e.expire,r=e.domain,i=e.secure,s=o===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+o;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+s+(r?"; domain="+r:"")+(i?"; secure":"")}function A(e){var t,n=null!==(t=e.errorDescription)&&void 0!==t?t:e.error;return console.error(n),{error:n}}function S(e){var t;if(e&&"object"==typeof e&&"error"in e){var n=null!==(t=e.errorDescription)&&void 0!==t?t:e.error;return console.error(n),{error:n}}if(e&&"object"==typeof e&&"accessToken"in e&&"string"==typeof e.accessToken){var o=e.accessToken,r=function(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}(e,["accessToken"]);return{data:a(a({},r),{token:o})}}return{data:e}}function O(e){var t,n;if(e instanceof b&&"ERROR_INVALID_RP_ID"===e.code){var o=(null===(n=null===(t=e.message)||void 0===t?void 0:t.match(/"([^"]*)"/))||void 0===n?void 0:n[1])||"";console.error('[Authsignal] The Relying Party ID "'.concat(o,'" is invalid for this domain.\n To learn more, visit https://docs.authsignal.com/scenarios/passkeys-prebuilt-ui#defining-the-relying-party'))}}function R(e){var t=e.token,n=e.tenantId;return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(n)))}}function x(e){var t=e.response,n=e.onTokenExpired;"error"in t&&"expired_token"===t.errorCode&&n&&n()}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";var C=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.registrationOptions=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.username,i=e.authenticatorAttachment;return u(this,(function(e){switch(e.label){case 0:return t=Boolean(i)?{username:r,authenticatorAttachment:i}:{username:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.authenticationOptions=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.challengeId;return u(this,(function(e){switch(e.label){case 0:return t={challengeId:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.addAuthenticator=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.challengeId,i=e.registrationCredential,s=e.conditionalCreate;return u(this,(function(e){switch(e.label){case 0:return t={challengeId:r,registrationCredential:i,conditionalCreate:s},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.challengeId,i=e.authenticationCredential,s=e.deviceId;return u(this,(function(e){switch(e.label){case 0:return t={challengeId:r,authenticationCredential:i,deviceId:s},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.credentialIds;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialIds=").concat(n),{method:"GET",headers:R({tenantId:this.tenantId})})];case 1:if(!(t=e.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return c(this,void 0,void 0,(function(){var t;return u(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:R({tenantId:this.tenantId}),body:JSON.stringify({action:e})})];case 1:return[4,n.sent().json()];case 2:return x({response:t=n.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e}(),U=function(){function e(){this.token=null}return e.prototype.handleTokenNotSetError=function(){var e="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(e)),{error:"TOKEN_NOT_SET",errorDescription:e}},e.shared=new e,e}(),_=!1,N=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.anonymousId,r=e.onTokenExpired;this.passkeyLocalStorageKey="as_user_passkey_map",this.cache=U.shared,this.api=new C({baseUrl:t,tenantId:n,onTokenExpired:r}),this.anonymousId=o}return e.prototype.signUp=function(e){return c(this,arguments,void 0,(function(e){var t,n,o,r,i,s,c=e.username,l=e.displayName,h=e.token,d=e.authenticatorAttachment,p=void 0===d?"platform":d,f=e.useAutoRegister,y=void 0!==f&&f;return u(this,(function(e){switch(e.label){case 0:return(t=null!=h?h:this.cache.token)?y?[4,this.doesBrowserSupportConditionalCreate()]:[3,2]:[2,this.cache.handleTokenNotSetError()];case 1:if(!e.sent())throw new Error("CONDITIONAL_CREATE_NOT_SUPPORTED");e.label=2;case 2:return n={username:c,displayName:l,token:t,authenticatorAttachment:p},[4,this.api.registrationOptions(n)];case 3:if("error"in(o=e.sent()))return[2,A(o)];e.label=4;case 4:return e.trys.push([4,7,,8]),[4,w({optionsJSON:o.options,useAutoRegister:y})];case 5:return r=e.sent(),[4,this.api.addAuthenticator({challengeId:o.challengeId,registrationCredential:r,token:t,conditionalCreate:y})];case 6:return"error"in(i=e.sent())?[2,A(i)]:(i.isVerified&&this.storeCredentialAgainstDevice(a(a({},r),{userId:i.userId})),i.accessToken&&(this.cache.token=i.accessToken),[2,{data:{token:i.accessToken,userAuthenticator:i.userAuthenticator,registrationResponse:r}}]);case 7:throw s=e.sent(),_=!1,O(s),s;case 8:return[2]}}))}))},e.prototype.signIn=function(e){return c(this,void 0,void 0,(function(){var t,n,o,r,i,s,c,l,h,d,p,f;return u(this,(function(u){switch(u.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if(null==e?void 0:e.autofill){if(_)return[2,{}];_=!0}return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=u.sent(),[3,3];case 2:n=null,u.label=3;case 3:return(t=n)&&"error"in t?(_=!1,[2,A(t)]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:if("error"in(o=u.sent()))return _=!1,[2,A(o)];u.label=5;case 5:return u.trys.push([5,8,,9]),[4,T({optionsJSON:o.options,useBrowserAutofill:null==e?void 0:e.autofill})];case 6:return r=u.sent(),(null==e?void 0:e.onVerificationStarted)&&e.onVerificationStarted(),[4,this.api.verify({challengeId:o.challengeId,authenticationCredential:r,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 7:return"error"in(i=u.sent())?(_=!1,[2,A(i)]):(i.isVerified&&this.storeCredentialAgainstDevice(a(a({},r),{userId:i.userId})),i.accessToken&&(this.cache.token=i.accessToken),s=i.accessToken,c=i.userId,l=i.userAuthenticatorId,h=i.username,d=i.userDisplayName,p=i.isVerified,_=!1,[2,{data:{isVerified:p,token:s,userId:c,userAuthenticatorId:l,username:h,displayName:d,authenticationResponse:r}}]);case 8:throw f=u.sent(),_=!1,O(f),f;case 9:return[2]}}))}))},e.prototype.isAvailableOnDevice=function(e){return c(this,arguments,void 0,(function(e){var t,n,o,r,i=e.userId;return u(this,(function(e){switch(e.label){case 0:if(!i)throw new Error("userId is required");if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];if(n=JSON.parse(t),0===(o=null!==(r=n[i])&&void 0!==r?r:[]).length)return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator({credentialIds:o})];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id,n=e.authenticatorAttachment,o=e.userId,r=void 0===o?"":o;if("cross-platform"!==n){var i=localStorage.getItem(this.passkeyLocalStorageKey),s=i?JSON.parse(i):{};s[r]?s[r].includes(t)||s[r].push(t):s[r]=[t],localStorage.setItem(this.passkeyLocalStorageKey,JSON.stringify(s))}},e.prototype.doesBrowserSupportConditionalCreate=function(){return c(this,void 0,void 0,(function(){return u(this,(function(e){switch(e.label){case 0:return window.PublicKeyCredential&&PublicKeyCredential.getClientCapabilities?[4,PublicKeyCredential.getClientCapabilities()]:[3,2];case 1:if(e.sent().conditionalCreate)return[2,!0];e.label=2;case 2:return[2,!1]}}))}))},e}(),P=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,o=void 0===n?400:n,r=e.height,i=function(e){var t=e.url,n=e.width,o=e.height,r=e.win;if(!r.top)return null;var i=r.top.outerHeight/2+r.top.screenY-o/2,s=r.top.outerWidth/2+r.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(o,", top=").concat(i,", left=").concat(s))}({url:t,width:o,height:void 0===r?500:r,win:window});if(!i)throw new Error("Window is not initialized");return this.windowRef=i,i},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const $=":not([inert]):not([inert] *)",D=':not([tabindex^="-"])',L=":not(:disabled)";var j=[`a[href]${$}${D}`,`area[href]${$}${D}`,`input:not([type="hidden"]):not([type="radio"])${$}${D}${L}`,`input[type="radio"]${$}${D}${L}`,`select${$}${D}${L}`,`textarea${$}${D}${L}`,`button${$}${D}${L}`,`details${$} > summary:first-of-type${D}`,`iframe${$}${D}`,`audio[controls]${$}${D}`,`video[controls]${$}${D}`,`[contenteditable]${$}${D}`,`[tabindex]${$}${D}`];function K(e){(e.querySelector("[autofocus]")||e).focus()}function J(e,t){if(t&&q(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=V(e.shadowRoot,t);for(;n;){const e=J(n,t);if(e)return e;n=W(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=J(e,t);if(n)return n}}else{let n=V(e,t);for(;n;){const e=J(n,t);if(e)return e;n=W(n,t)}}var n;return!t&&q(e)?e:null}function V(e,t){return t?e.firstElementChild:e.lastElementChild}function W(e,t){return t?e.nextElementSibling:e.previousElementSibling}const q=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(j.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function M(e=document){const t=e.activeElement;return t?t.shadowRoot?M(t.shadowRoot)||document.activeElement:t:null}function H(e,t){const[n,o]=function(e){const t=J(e,!0);return[t,t?J(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const r=M();t.shiftKey&&r===n?(o.focus(),t.preventDefault()):t.shiftKey||r!==o||(n.focus(),t.preventDefault())}class F{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=M(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):K(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&H(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||K(this.$el)}}function G(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new F(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",G):G());var B="__authsignal-popup-container",z="__authsignal-popup-content",Y="__authsignal-popup-overlay",X="__authsignal-popup-style",Q="__authsignal-popup-iframe",Z="385px",ee=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(B)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,o=void 0===n?Z:n,r=e.isClosable,i=void 0===r||r,s=o;CSS.supports("width",o)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),s=Z);var a=document.createElement("div");a.setAttribute("id",B),a.setAttribute("aria-hidden","true"),i||a.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",Y),i&&c.setAttribute("data-a11y-dialog-hide","true");var u=document.createElement("div");u.setAttribute("id",z),document.body.appendChild(a);var l=document.createElement("style");l.setAttribute("id",X),l.textContent="\n #".concat(B,",\n #").concat(Y," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(B," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(B,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(Y," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(z," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(s,";\n }\n\n #").concat(z," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",l),a.appendChild(c),a.appendChild(u),this.popup=new F(a),a.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(B)),t=document.querySelector("#".concat(X));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",te)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var o=document.createElement("iframe");o.setAttribute("id",Q),o.setAttribute("name","authsignal"),o.setAttribute("title","Authsignal multi-factor authentication"),o.setAttribute("src",n),o.setAttribute("frameborder","0"),o.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var r=document.querySelector("#".concat(z));r&&r.appendChild(o),window.addEventListener("message",te),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function te(e){var t=document.querySelector("#".concat(Q));t&&e.data.height&&(t.style.height=e.data.height+"px")}var ne=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:R({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.code;return u(this,(function(e){switch(e.label){case 0:return t={verificationCode:r},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),oe=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=U.shared,this.api=new ne({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(){return c(this,void 0,void 0,(function(){return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.code;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,S(t)]}}))}))},e}(),re=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.email;return u(this,(function(e){switch(e.label){case 0:return t={email:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:R({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.code;return u(this,(function(e){switch(e.label){case 0:return t={verificationCode:r},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ie=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=U.shared,this.api=new re({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t=e.email;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.challenge=function(){return c(this,void 0,void 0,(function(){return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.code;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,S(t)]}}))}))},e}(),se=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.phoneNumber;return u(this,(function(e){switch(e.label){case 0:return t={phoneNumber:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:R({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.code;return u(this,(function(e){switch(e.label){case 0:return t={verificationCode:r},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ae=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=U.shared,this.api=new se({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t=e.phoneNumber;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,phoneNumber:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.challenge=function(){return c(this,void 0,void 0,(function(){return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.code;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,S(t)]}}))}))},e}(),ce=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t,n,o=e.token,r=e.email;return u(this,(function(e){switch(e.label){case 0:return t={email:r},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-magic-link"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return x({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-magic-link"),{method:"POST",headers:R({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.checkVerificationStatus=function(e){return c(this,arguments,void 0,(function(e){var t,n=this,o=e.token;return u(this,(function(e){switch(e.label){case 0:return t=function(){return c(n,void 0,void 0,(function(){var e,n=this;return u(this,(function(r){switch(r.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/verify/email-magic-link/finalize"),{method:"POST",headers:R({token:o,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,r.sent().json()];case 2:return x({response:e=r.sent(),onTokenExpired:this.onTokenExpired}),e.isVerified?[2,e]:[2,new Promise((function(e){setTimeout((function(){return c(n,void 0,void 0,(function(){var n;return u(this,(function(o){switch(o.label){case 0:return n=e,[4,t()];case 1:return n.apply(void 0,[o.sent()]),[2]}}))}))}),1e3)}))]}}))}))},[4,t()];case 1:return[2,e.sent()]}}))}))},e}(),ue=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=U.shared,this.api=new ce({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(e){return c(this,arguments,void 0,(function(e){var t=e.email;return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.challenge=function(){return c(this,void 0,void 0,(function(){return u(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,S(e.sent())]}}))}))},e.prototype.checkVerificationStatus=function(){return c(this,void 0,void 0,(function(){var e;return u(this,(function(t){switch(t.label){case 0:return this.cache.token?[4,this.api.checkVerificationStatus({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(e=t.sent())&&e.accessToken&&(this.cache.token=e.accessToken),[2,S(e)]}}))}))},e}(),le=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=o}return e.prototype.registrationOptions=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key/registration-options"),{method:"POST",headers:R({token:n,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.authenticationOptions=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key/authentication-options"),{method:"POST",headers:R({token:n,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.addAuthenticator=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token,o=e.registrationCredential;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key"),{method:"POST",headers:R({token:n,tenantId:this.tenantId}),body:JSON.stringify(o)})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.token,o=e.authenticationCredential;return u(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/verify/security-key"),{method:"POST",headers:R({token:n,tenantId:this.tenantId}),body:JSON.stringify(o)})];case 1:return[4,e.sent().json()];case 2:return x({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e}(),he=function(){function e(e){var t=e.baseUrl,n=e.tenantId,o=e.onTokenExpired;this.cache=U.shared,this.api=new le({baseUrl:t,tenantId:n,onTokenExpired:o})}return e.prototype.enroll=function(){return c(this,void 0,void 0,(function(){var e,t,n,o,r;return u(this,(function(i){switch(i.label){case 0:return this.cache.token?(e={token:this.cache.token},[4,this.api.registrationOptions(e)]):[2,this.cache.handleTokenNotSetError()];case 1:if("error"in(t=i.sent()))return[2,A(t)];i.label=2;case 2:return i.trys.push([2,5,,6]),[4,w({optionsJSON:t})];case 3:return n=i.sent(),[4,this.api.addAuthenticator({registrationCredential:n,token:this.cache.token})];case 4:return"error"in(o=i.sent())?[2,A(o)]:(o.accessToken&&(this.cache.token=o.accessToken),[2,{data:{token:o.accessToken,registrationResponse:n}}]);case 5:throw O(r=i.sent()),r;case 6:return[2]}}))}))},e.prototype.verify=function(){return c(this,void 0,void 0,(function(){var e,t,n,o,r;return u(this,(function(i){switch(i.label){case 0:return this.cache.token?[4,this.api.authenticationOptions({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:if("error"in(e=i.sent()))return[2,A(e)];i.label=2;case 2:return i.trys.push([2,5,,6]),[4,T({optionsJSON:e})];case 3:return t=i.sent(),[4,this.api.verify({authenticationCredential:t,token:this.cache.token})];case 4:return"error"in(n=i.sent())?[2,A(n)]:(n.accessToken&&(this.cache.token=n.accessToken),o=n.accessToken,[2,{data:{isVerified:n.isVerified,token:o,authenticationResponse:t}}]);case 5:throw O(r=i.sent()),r;case 6:return[2]}}))}))},e}(),de=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.challenge=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.action;return u(this,(function(e){switch(e.label){case 0:return t={action:n},[4,fetch("".concat(this.baseUrl,"/client/challenge/qr-code"),{method:"POST",headers:R({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t,n=e.challengeId,o=e.deviceCode;return u(this,(function(e){switch(e.label){case 0:return t={challengeId:n,deviceCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/qr-code"),{method:"POST",headers:R({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e}(),pe=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.api=new de({baseUrl:t,tenantId:n})}return e.prototype.challenge=function(e){return c(this,arguments,void 0,(function(e){var t=e.action;return u(this,(function(e){switch(e.label){case 0:return[4,this.api.challenge({action:t})];case 1:return[2,S(e.sent())]}}))}))},e.prototype.verify=function(e){return c(this,arguments,void 0,(function(e){var t=e.challengeId,n=e.deviceCode;return u(this,(function(e){switch(e.label){case 0:return[4,this.api.verify({challengeId:t,deviceCode:n})];case 1:return[2,S(e.sent())]}}))}))},e}(),fe="4a08uqve",ye=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,o=void 0===n?"__as_aid":n,r=e.baseUrl,i=void 0===r?"https://api.authsignal.com/v1":r,a=e.tenantId,c=e.onTokenExpired;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=o,!a)throw new Error("tenantId is required");var u,l=(u=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(u).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;l?this.anonymousId=l:(this.anonymousId=s(),I({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new N({tenantId:a,baseUrl:i,anonymousId:this.anonymousId,onTokenExpired:c}),this.totp=new oe({tenantId:a,baseUrl:i,onTokenExpired:c}),this.email=new ie({tenantId:a,baseUrl:i,onTokenExpired:c}),this.emailML=new ue({tenantId:a,baseUrl:i,onTokenExpired:c}),this.sms=new ae({tenantId:a,baseUrl:i,onTokenExpired:c}),this.securityKey=new he({tenantId:a,baseUrl:i,onTokenExpired:c}),this.qrCode=new pe({tenantId:a,baseUrl:i})}return t.prototype.setToken=function(e){U.shared.token=e},t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=s();this.profilingId=t,I({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(fe,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(fe,"&session_id=").concat(t),o=document.createElement("script");o.src=n,o.async=!1,o.id="as_adv_profile",document.head.appendChild(o);var r=document.createElement("noscript");r.setAttribute("id","as_adv_profile_pixel"),r.setAttribute("aria-hidden","true");var i=document.createElement("iframe"),a=e?"".concat(e,"/fp/tags?org_id=").concat(fe,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(fe,"&session_id=").concat(t);i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("src",a),i.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),r&&(r.appendChild(i),document.body.prepend(r))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var o=n.popupOptions,r=new ee({width:null==o?void 0:o.width,isClosable:null==o?void 0:o.isClosable}),i="".concat(t,"&mode=popup");return r.show({url:i}),new Promise((function(t){var n=void 0;r.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var o=null;try{o=JSON.parse(t.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=o.token,r.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var o=n.windowOptions,r=new P,i="".concat(t,"&mode=popup");return r.show({url:i,width:null==o?void 0:o.width,height:null==o?void 0:o.height}),new Promise((function(t){window.addEventListener("message",(function(n){var o=null;try{o=JSON.parse(n.data)}catch(e){}(null==o?void 0:o.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(r.close(),t({token:o.token}))}),!1)}))},t}();return e.Authsignal=ye,e.WebAuthnError=b,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
1
+ var authsignal=function(e){"use strict";let t;const n=new Uint8Array(16);function r(){if(!t&&(t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!t))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return t(n)}const o=[];for(let e=0;e<256;++e)o.push((e+256).toString(16).slice(1));var i={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function s(e,t,n){if(i.randomUUID&&!t&&!e)return i.randomUUID();const s=(e=e||{}).random||(e.rng||r)();if(s[6]=15&s[6]|64,s[8]=63&s[8]|128,t){n=n||0;for(let e=0;e<16;++e)t[n+e]=s[e];return t}return function(e,t=0){return(o[e[t+0]]+o[e[t+1]]+o[e[t+2]]+o[e[t+3]]+"-"+o[e[t+4]]+o[e[t+5]]+"-"+o[e[t+6]]+o[e[t+7]]+"-"+o[e[t+8]]+o[e[t+9]]+"-"+o[e[t+10]]+o[e[t+11]]+o[e[t+12]]+o[e[t+13]]+o[e[t+14]]+o[e[t+15]]).toLowerCase()}(s)}var a=function(e,t){return a=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},a(e,t)};function c(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function n(){this.constructor=e}a(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}var l=function(){return l=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},l.apply(this,arguments)};function u(e,t){var n={};for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&t.indexOf(r)<0&&(n[r]=e[r]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var o=0;for(r=Object.getOwnPropertySymbols(e);o<r.length;o++)t.indexOf(r[o])<0&&Object.prototype.propertyIsEnumerable.call(e,r[o])&&(n[r[o]]=e[r[o]])}return n}function h(e,t,n,r){return new(n||(n=Promise))((function(o,i){function s(e){try{c(r.next(e))}catch(e){i(e)}}function a(e){try{c(r.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(s,a)}c((r=r.apply(e,t||[])).next())}))}function d(e,t){var n,r,o,i,s={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(i){return function(a){return function(i){if(n)throw new TypeError("Generator is already executing.");for(;s;)try{if(n=1,r&&(o=2&i[0]?r.return:i[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,i[1])).done)return o;switch(r=0,o&&(i=[2&i[0],o.value]),i[0]){case 0:case 1:o=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,r=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(o=s.trys,(o=o.length>0&&o[o.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!o||i[1]>o[0]&&i[1]<o[3])){s.label=i[1];break}if(6===i[0]&&s.label<o[1]){s.label=o[1],o=i;break}if(o&&s.label<o[2]){s.label=o[2],s.ops.push(i);break}o[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],r=0}finally{n=o=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,a])}}}function p(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function f(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,r=t.padEnd(t.length+n,"="),o=atob(r),i=new ArrayBuffer(o.length),s=new Uint8Array(i);for(let e=0;e<o.length;e++)s[e]=o.charCodeAt(e);return i}function v(){return g.stubThis(void 0!==globalThis?.PublicKeyCredential&&"function"==typeof globalThis.PublicKeyCredential)}const g={stubThis:e=>e};function y(e){const{id:t}=e;return{...e,id:f(t),transports:e.transports}}function b(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class m extends Error{constructor({message:e,code:t,cause:n,name:r}){super(e,{cause:n}),Object.defineProperty(this,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.name=r??n.name,this.code=t}}const w=new class{constructor(){Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},k=["cross-platform","platform"];function I(e){if(e&&!(k.indexOf(e)<0))return e}async function E(e){!e.optionsJSON&&e.challenge&&(console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:t,useAutoRegister:n=!1}=e;if(!v())throw new Error("WebAuthn is not supported in this browser");const r={...t,challenge:f(t.challenge),user:{...t.user,id:f(t.user.id)},excludeCredentials:t.excludeCredentials?.map(y)},o={};let i;n&&(o.mediation="conditional"),o.publicKey=r,o.signal=w.createNewAbortSignal();try{i=await navigator.credentials.create(o)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new m({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("conditional"===t.mediation&&"required"===n.authenticatorSelection?.userVerification)return new m({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new m({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new m({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new m({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new m({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!b(t))return new m({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new m({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new m({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:o})}if(!i)throw new Error("Registration was not completed");const{id:s,rawId:a,response:c,type:l}=i;let u,h,d,g;if("function"==typeof c.getTransports&&(u=c.getTransports()),"function"==typeof c.getPublicKeyAlgorithm)try{h=c.getPublicKeyAlgorithm()}catch(e){T("getPublicKeyAlgorithm()",e)}if("function"==typeof c.getPublicKey)try{const e=c.getPublicKey();null!==e&&(d=p(e))}catch(e){T("getPublicKey()",e)}if("function"==typeof c.getAuthenticatorData)try{g=p(c.getAuthenticatorData())}catch(e){T("getAuthenticatorData()",e)}return{id:s,rawId:p(a),response:{attestationObject:p(c.attestationObject),clientDataJSON:p(c.clientDataJSON),transports:u,publicKeyAlgorithm:h,publicKey:d,authenticatorData:g},type:l,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:I(i.authenticatorAttachment)}}function T(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}const S={stubThis:e=>e};async function C(e){!e.optionsJSON&&e.challenge&&(console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:t,useBrowserAutofill:n=!1,verifyBrowserAutofillInput:r=!0}=e;if(!v())throw new Error("WebAuthn is not supported in this browser");let o;0!==t.allowCredentials?.length&&(o=t.allowCredentials?.map(y));const i={...t,challenge:f(t.challenge),allowCredentials:o},s={};if(n){if(!await function(){if(!v())return S.stubThis(new Promise((e=>e(!1))));const e=globalThis.PublicKeyCredential;return void 0===e?.isConditionalMediationAvailable?S.stubThis(new Promise((e=>e(!1)))):S.stubThis(e.isConditionalMediationAvailable())}())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&r)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');s.mediation="conditional",i.allowCredentials=[]}let a;s.publicKey=i,s.signal=w.createNewAbortSignal();try{a=await navigator.credentials.get(s)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new m({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new m({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!b(t))return new m({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new m({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new m({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:s})}if(!a)throw new Error("Authentication was not completed");const{id:c,rawId:l,response:u,type:h}=a;let d;return u.userHandle&&(d=p(u.userHandle)),{id:c,rawId:p(l),response:{authenticatorData:p(u.authenticatorData),clientDataJSON:p(u.clientDataJSON),signature:p(u.signature),userHandle:d},type:h,clientExtensionResults:a.getClientExtensionResults(),authenticatorAttachment:I(a.authenticatorAttachment)}}function A(e){var t=e.name,n=e.value,r=e.expire,o=e.domain,i=e.secure,s=r===1/0?" expires=Fri, 31 Dec 9999 23:59:59 GMT":"; max-age="+r;document.cookie=encodeURIComponent(t)+"="+n+"; path=/;"+s+(o?"; domain="+o:"")+(i?"; secure":"")}function R(e){var t,n=null!==(t=e.errorDescription)&&void 0!==t?t:e.error;return console.error(n),{error:n}}function O(e){var t;if(e&&"object"==typeof e&&"error"in e){var n=null!==(t=e.errorDescription)&&void 0!==t?t:e.error;return console.error(n),{error:n}}if(e&&"object"==typeof e&&"accessToken"in e&&"string"==typeof e.accessToken){var r=e.accessToken,o=u(e,["accessToken"]);return{data:l(l({},o),{token:r})}}return{data:e}}function x(e){var t,n;if(e instanceof m&&"ERROR_INVALID_RP_ID"===e.code){var r=(null===(n=null===(t=e.message)||void 0===t?void 0:t.match(/"([^"]*)"/))||void 0===n?void 0:n[1])||"";console.error('[Authsignal] The Relying Party ID "'.concat(r,'" is invalid for this domain.\n To learn more, visit https://docs.authsignal.com/scenarios/passkeys-prebuilt-ui#defining-the-relying-party'))}}function U(e){var t=e.token,n=e.tenantId;return{"Content-Type":"application/json",Authorization:t?"Bearer ".concat(t):"Basic ".concat(window.btoa(encodeURIComponent(n)))}}function P(e){var t=e.response,n=e.onTokenExpired;"error"in t&&"expired_token"===t.errorCode&&n&&n()}e.AuthsignalWindowMessage=void 0,(e.AuthsignalWindowMessage||(e.AuthsignalWindowMessage={})).AUTHSIGNAL_CLOSE_POPUP="AUTHSIGNAL_CLOSE_POPUP";var _=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.registrationOptions=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.username,i=e.authenticatorAttachment;return d(this,(function(e){switch(e.label){case 0:return t=Boolean(i)?{username:o,authenticatorAttachment:i}:{username:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/registration-options"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.authenticationOptions=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.challengeId;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey/authentication-options"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.addAuthenticator=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.challengeId,i=e.registrationCredential,s=e.conditionalCreate;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:o,registrationCredential:i,conditionalCreate:s},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.challengeId,i=e.authenticationCredential,s=e.deviceId;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:o,authenticationCredential:i,deviceId:s},[4,fetch("".concat(this.baseUrl,"/client/verify/passkey"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.getPasskeyAuthenticator=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.credentialIds;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/passkey?credentialIds=").concat(n),{method:"GET",headers:U({tenantId:this.tenantId})})];case 1:if(!(t=e.sent()).ok)throw new Error(t.statusText);return[2,t.json()]}}))}))},e.prototype.challenge=function(e){return h(this,void 0,void 0,(function(){var t;return d(this,(function(n){switch(n.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge"),{method:"POST",headers:U({tenantId:this.tenantId}),body:JSON.stringify({action:e})})];case 1:return[4,n.sent().json()];case 2:return P({response:t=n.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e}(),N=function(){function e(){this.token=null}return e.prototype.handleTokenNotSetError=function(){var e="A token has not been set. Call 'setToken' first.";return console.error("Error: ".concat(e)),{error:"TOKEN_NOT_SET",errorDescription:e}},e.shared=new e,e}(),$=!1,D=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.anonymousId,o=e.onTokenExpired;this.passkeyLocalStorageKey="as_user_passkey_map",this.cache=N.shared,this.api=new _({baseUrl:t,tenantId:n,onTokenExpired:o}),this.anonymousId=r}return e.prototype.signUp=function(e){return h(this,arguments,void 0,(function(e){var t,n,r,o,i,s,a=e.username,c=e.displayName,u=e.token,h=e.authenticatorAttachment,p=void 0===h?"platform":h,f=e.useAutoRegister,v=void 0!==f&&f;return d(this,(function(e){switch(e.label){case 0:return(t=null!=u?u:this.cache.token)?v?[4,this.doesBrowserSupportConditionalCreate()]:[3,2]:[2,this.cache.handleTokenNotSetError()];case 1:if(!e.sent())throw new Error("CONDITIONAL_CREATE_NOT_SUPPORTED");e.label=2;case 2:return n={username:a,displayName:c,token:t,authenticatorAttachment:p},[4,this.api.registrationOptions(n)];case 3:if("error"in(r=e.sent()))return[2,R(r)];e.label=4;case 4:return e.trys.push([4,7,,8]),[4,E({optionsJSON:r.options,useAutoRegister:v})];case 5:return o=e.sent(),[4,this.api.addAuthenticator({challengeId:r.challengeId,registrationCredential:o,token:t,conditionalCreate:v})];case 6:return"error"in(i=e.sent())?[2,R(i)]:(i.isVerified&&this.storeCredentialAgainstDevice(l(l({},o),{userId:i.userId})),i.accessToken&&(this.cache.token=i.accessToken),[2,{data:{token:i.accessToken,userAuthenticator:i.userAuthenticator,registrationResponse:o}}]);case 7:throw s=e.sent(),$=!1,x(s),s;case 8:return[2]}}))}))},e.prototype.signIn=function(e){return h(this,void 0,void 0,(function(){var t,n,r,o,i,s,a,c,u,h,p,f;return d(this,(function(d){switch(d.label){case 0:if((null==e?void 0:e.token)&&e.autofill)throw new Error("autofill is not supported when providing a token");if((null==e?void 0:e.action)&&e.token)throw new Error("action is not supported when providing a token");if(null==e?void 0:e.autofill){if($)return[2,{}];$=!0}return(null==e?void 0:e.action)?[4,this.api.challenge(e.action)]:[3,2];case 1:return n=d.sent(),[3,3];case 2:n=null,d.label=3;case 3:return(t=n)&&"error"in t?($=!1,[2,R(t)]):[4,this.api.authenticationOptions({token:null==e?void 0:e.token,challengeId:null==t?void 0:t.challengeId})];case 4:if("error"in(r=d.sent()))return $=!1,[2,R(r)];d.label=5;case 5:return d.trys.push([5,8,,9]),[4,C({optionsJSON:r.options,useBrowserAutofill:null==e?void 0:e.autofill})];case 6:return o=d.sent(),(null==e?void 0:e.onVerificationStarted)&&e.onVerificationStarted(),[4,this.api.verify({challengeId:r.challengeId,authenticationCredential:o,token:null==e?void 0:e.token,deviceId:this.anonymousId})];case 7:return"error"in(i=d.sent())?($=!1,[2,R(i)]):(i.isVerified&&this.storeCredentialAgainstDevice(l(l({},o),{userId:i.userId})),i.accessToken&&(this.cache.token=i.accessToken),s=i.accessToken,a=i.userId,c=i.userAuthenticatorId,u=i.username,h=i.userDisplayName,p=i.isVerified,$=!1,[2,{data:{isVerified:p,token:s,userId:a,userAuthenticatorId:c,username:u,displayName:h,authenticationResponse:o}}]);case 8:throw f=d.sent(),$=!1,x(f),f;case 9:return[2]}}))}))},e.prototype.isAvailableOnDevice=function(e){return h(this,arguments,void 0,(function(e){var t,n,r,o,i=e.userId;return d(this,(function(e){switch(e.label){case 0:if(!i)throw new Error("userId is required");if(!(t=localStorage.getItem(this.passkeyLocalStorageKey)))return[2,!1];if(n=JSON.parse(t),0===(r=null!==(o=n[i])&&void 0!==o?o:[]).length)return[2,!1];e.label=1;case 1:return e.trys.push([1,3,,4]),[4,this.api.getPasskeyAuthenticator({credentialIds:r})];case 2:return e.sent(),[2,!0];case 3:return e.sent(),[2,!1];case 4:return[2]}}))}))},e.prototype.storeCredentialAgainstDevice=function(e){var t=e.id,n=e.authenticatorAttachment,r=e.userId,o=void 0===r?"":r;if("cross-platform"!==n){var i=localStorage.getItem(this.passkeyLocalStorageKey),s=i?JSON.parse(i):{};s[o]?s[o].includes(t)||s[o].push(t):s[o]=[t],localStorage.setItem(this.passkeyLocalStorageKey,JSON.stringify(s))}},e.prototype.doesBrowserSupportConditionalCreate=function(){return h(this,void 0,void 0,(function(){return d(this,(function(e){switch(e.label){case 0:return window.PublicKeyCredential&&PublicKeyCredential.getClientCapabilities?[4,PublicKeyCredential.getClientCapabilities()]:[3,2];case 1:if(e.sent().conditionalCreate)return[2,!0];e.label=2;case 2:return[2,!1]}}))}))},e}(),L=function(){function e(){this.windowRef=null}return e.prototype.show=function(e){var t=e.url,n=e.width,r=void 0===n?400:n,o=e.height,i=function(e){var t=e.url,n=e.width,r=e.height,o=e.win;if(!o.top)return null;var i=o.top.outerHeight/2+o.top.screenY-r/2,s=o.top.outerWidth/2+o.top.screenX-n/2;return window.open(t,"","toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=".concat(n,", height=").concat(r,", top=").concat(i,", left=").concat(s))}({url:t,width:r,height:void 0===o?500:o,win:window});if(!i)throw new Error("Window is not initialized");return this.windowRef=i,i},e.prototype.close=function(){if(!this.windowRef)throw new Error("Window is not initialized");this.windowRef.close()},e}();const j=":not([inert]):not([inert] *)",J=':not([tabindex^="-"])',K=":not(:disabled)";var H=[`a[href]${j}${J}`,`area[href]${j}${J}`,`input:not([type="hidden"]):not([type="radio"])${j}${J}${K}`,`input[type="radio"]${j}${J}${K}`,`select${j}${J}${K}`,`textarea${j}${J}${K}`,`button${j}${J}${K}`,`details${j} > summary:first-of-type${J}`,`iframe${j}${J}`,`audio[controls]${j}${J}`,`video[controls]${j}${J}`,`[contenteditable]${j}${J}`,`[tabindex]${j}${J}`];function W(e){(e.querySelector("[autofocus]")||e).focus()}function M(e,t){if(t&&G(e))return e;if(!((n=e).shadowRoot&&"-1"===n.getAttribute("tabindex")||n.matches(":disabled,[hidden],[inert]")))if(e.shadowRoot){let n=V(e.shadowRoot,t);for(;n;){const e=M(n,t);if(e)return e;n=q(n,t)}}else if("slot"===e.localName){const n=e.assignedElements({flatten:!0});t||n.reverse();for(const e of n){const n=M(e,t);if(n)return n}}else{let n=V(e,t);for(;n;){const e=M(n,t);if(e)return e;n=q(n,t)}}var n;return!t&&G(e)?e:null}function V(e,t){return t?e.firstElementChild:e.lastElementChild}function q(e,t){return t?e.nextElementSibling:e.previousElementSibling}const G=e=>!e.shadowRoot?.delegatesFocus&&(e.matches(H.join(","))&&!(e=>!(!e.matches("details:not([open]) *")||e.matches("details>summary:first-of-type"))||!(e.offsetWidth||e.offsetHeight||e.getClientRects().length))(e));function F(e=document){const t=e.activeElement;return t?t.shadowRoot?F(t.shadowRoot)||document.activeElement:t:null}function B(e,t){const[n,r]=function(e){const t=M(e,!0);return[t,t?M(e,!1)||t:null]}(e);if(!n)return t.preventDefault();const o=F();t.shiftKey&&o===n?(r.focus(),t.preventDefault()):t.shiftKey||o!==r||(n.focus(),t.preventDefault())}class z{$el;id;previouslyFocused;shown;constructor(e){this.$el=e,this.id=this.$el.getAttribute("data-a11y-dialog")||this.$el.id,this.previouslyFocused=null,this.shown=!1,this.maintainFocus=this.maintainFocus.bind(this),this.bindKeypress=this.bindKeypress.bind(this),this.handleTriggerClicks=this.handleTriggerClicks.bind(this),this.show=this.show.bind(this),this.hide=this.hide.bind(this),this.$el.setAttribute("aria-hidden","true"),this.$el.setAttribute("aria-modal","true"),this.$el.setAttribute("tabindex","-1"),this.$el.hasAttribute("role")||this.$el.setAttribute("role","dialog"),document.addEventListener("click",this.handleTriggerClicks,!0)}destroy(){return this.hide(),document.removeEventListener("click",this.handleTriggerClicks,!0),this.$el.replaceWith(this.$el.cloneNode(!0)),this.fire("destroy"),this}show(e){return this.shown||(this.shown=!0,this.$el.removeAttribute("aria-hidden"),this.previouslyFocused=F(),"BODY"===this.previouslyFocused?.tagName&&e?.target&&(this.previouslyFocused=e.target),"focus"===e?.type?this.maintainFocus(e):W(this.$el),document.body.addEventListener("focus",this.maintainFocus,!0),this.$el.addEventListener("keydown",this.bindKeypress,!0),this.fire("show",e)),this}hide(e){return this.shown?(this.shown=!1,this.$el.setAttribute("aria-hidden","true"),this.previouslyFocused?.focus?.(),document.body.removeEventListener("focus",this.maintainFocus,!0),this.$el.removeEventListener("keydown",this.bindKeypress,!0),this.fire("hide",e),this):this}on(e,t,n){return this.$el.addEventListener(e,t,n),this}off(e,t,n){return this.$el.removeEventListener(e,t,n),this}fire(e,t){this.$el.dispatchEvent(new CustomEvent(e,{detail:t,cancelable:!0}))}handleTriggerClicks(e){const t=e.target;t.closest(`[data-a11y-dialog-show="${this.id}"]`)&&this.show(e),(t.closest(`[data-a11y-dialog-hide="${this.id}"]`)||t.closest("[data-a11y-dialog-hide]")&&t.closest('[aria-modal="true"]')===this.$el)&&this.hide(e)}bindKeypress(e){if(document.activeElement?.closest('[aria-modal="true"]')!==this.$el)return;let t=!1;try{t=!!this.$el.querySelector('[popover]:not([popover="manual"]):popover-open')}catch{}"Escape"!==e.key||"alertdialog"===this.$el.getAttribute("role")||t||(e.preventDefault(),this.hide(e)),"Tab"===e.key&&B(this.$el,e)}maintainFocus(e){e.target.closest('[aria-modal="true"], [data-a11y-dialog-ignore-focus-trap]')||W(this.$el)}}function Y(){for(const e of document.querySelectorAll("[data-a11y-dialog]"))new z(e)}"undefined"!=typeof document&&("loading"===document.readyState?document.addEventListener("DOMContentLoaded",Y):Y());var Q="__authsignal-popup-container",X="__authsignal-popup-content",Z="__authsignal-popup-overlay",ee="__authsignal-popup-style",te="__authsignal-popup-iframe",ne="385px",re=function(){function e(e){var t=e.width,n=e.isClosable;if(this.popup=null,document.querySelector("#".concat(Q)))throw new Error("Multiple instances of Authsignal popup is not supported.");this.create({width:t,isClosable:n})}return e.prototype.create=function(e){var t=this,n=e.width,r=void 0===n?ne:n,o=e.isClosable,i=void 0===o||o,s=r;CSS.supports("width",r)||(console.warn("Invalid CSS value for `popupOptions.width`. Using default value instead."),s=ne);var a=document.createElement("div");a.setAttribute("id",Q),a.setAttribute("aria-hidden","true"),i||a.setAttribute("role","alertdialog");var c=document.createElement("div");c.setAttribute("id",Z),i&&c.setAttribute("data-a11y-dialog-hide","true");var l=document.createElement("div");l.setAttribute("id",X),document.body.appendChild(a);var u=document.createElement("style");u.setAttribute("id",ee),u.textContent="\n #".concat(Q,",\n #").concat(Z," {\n position: fixed;\n top: 0;\n right: 0;\n bottom: 0;\n left: 0;\n }\n\n #").concat(Q," {\n z-index: 2147483647;\n display: flex;\n }\n\n #").concat(Q,"[aria-hidden='true'] {\n display: none;\n }\n\n #").concat(Z," {\n background-color: rgba(0, 0, 0, 0.18);\n }\n\n #").concat(X," {\n margin: auto;\n z-index: 2147483647;\n position: relative;\n background-color: transparent;\n border-radius: 8px;\n width: ").concat(s,";\n }\n\n #").concat(X," iframe {\n width: 1px;\n min-width: 100%;\n border-radius: inherit;\n max-height: 95vh;\n height: ").concat("384px",";\n }\n "),document.head.insertAdjacentElement("beforeend",u),a.appendChild(c),a.appendChild(l),this.popup=new z(a),a.focus(),this.popup.on("hide",(function(){t.destroy()}))},e.prototype.destroy=function(){var e=document.querySelector("#".concat(Q)),t=document.querySelector("#".concat(ee));e&&t&&(document.body.removeChild(e),document.head.removeChild(t)),window.removeEventListener("message",oe)},e.prototype.show=function(e){var t,n=e.url;if(!this.popup)throw new Error("Popup is not initialized");var r=document.createElement("iframe");r.setAttribute("id",te),r.setAttribute("name","authsignal"),r.setAttribute("title","Authsignal multi-factor authentication"),r.setAttribute("src",n),r.setAttribute("frameborder","0"),r.setAttribute("allow","publickey-credentials-get *; publickey-credentials-create *; clipboard-write");var o=document.querySelector("#".concat(X));o&&o.appendChild(r),window.addEventListener("message",oe),null===(t=this.popup)||void 0===t||t.show()},e.prototype.close=function(){if(!this.popup)throw new Error("Popup is not initialized");this.popup.hide()},e.prototype.on=function(e,t){if(!this.popup)throw new Error("Popup is not initialized");this.popup.on(e,t)},e}();function oe(e){var t=document.querySelector("#".concat(te));t&&e.data.height&&(t.style.height=e.data.height+"px")}var ie=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/totp"),{method:"POST",headers:U({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/totp"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),se=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.cache=N.shared,this.api=new ie({baseUrl:t,tenantId:n,onTokenExpired:r})}return e.prototype.enroll=function(){return h(this,void 0,void 0,(function(){return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,O(t)]}}))}))},e}(),ae=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.email;return d(this,(function(e){switch(e.label){case 0:return t={email:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-otp"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-otp"),{method:"POST",headers:U({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/email-otp"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ce=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.cache=N.shared,this.api=new ae({baseUrl:t,tenantId:n,onTokenExpired:r})}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t=e.email;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.challenge=function(){return h(this,void 0,void 0,(function(){return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,O(t)]}}))}))},e}(),le=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.phoneNumber;return d(this,(function(e){switch(e.label){case 0:return t={phoneNumber:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/sms"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/sms"),{method:"POST",headers:U({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.code;return d(this,(function(e){switch(e.label){case 0:return t={verificationCode:o},[4,fetch("".concat(this.baseUrl,"/client/verify/sms"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e}(),ue=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.cache=N.shared,this.api=new le({baseUrl:t,tenantId:n,onTokenExpired:r})}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t=e.phoneNumber;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,phoneNumber:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.challenge=function(){return h(this,void 0,void 0,(function(){return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.code;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.verify({token:this.cache.token,code:n})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(t=e.sent())&&t.accessToken&&(this.cache.token=t.accessToken),[2,O(t)]}}))}))},e}(),he=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t,n,r=e.token,o=e.email;return d(this,(function(e){switch(e.label){case 0:return t={email:o},[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/email-magic-link"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return P({response:n=e.sent(),onTokenExpired:this.onTokenExpired}),[2,n]}}))}))},e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/challenge/email-magic-link"),{method:"POST",headers:U({token:n,tenantId:this.tenantId})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.checkVerificationStatus=function(e){return h(this,arguments,void 0,(function(e){var t,n=this,r=e.token;return d(this,(function(e){switch(e.label){case 0:return t=function(){return h(n,void 0,void 0,(function(){var e,n=this;return d(this,(function(o){switch(o.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/verify/email-magic-link/finalize"),{method:"POST",headers:U({token:r,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,o.sent().json()];case 2:return P({response:e=o.sent(),onTokenExpired:this.onTokenExpired}),e.isVerified?[2,e]:[2,new Promise((function(e){setTimeout((function(){return h(n,void 0,void 0,(function(){var n;return d(this,(function(r){switch(r.label){case 0:return n=e,[4,t()];case 1:return n.apply(void 0,[r.sent()]),[2]}}))}))}),1e3)}))]}}))}))},[4,t()];case 1:return[2,e.sent()]}}))}))},e}(),de=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.cache=N.shared,this.api=new he({baseUrl:t,tenantId:n,onTokenExpired:r})}return e.prototype.enroll=function(e){return h(this,arguments,void 0,(function(e){var t=e.email;return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.enroll({token:this.cache.token,email:t})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.challenge=function(){return h(this,void 0,void 0,(function(){return d(this,(function(e){switch(e.label){case 0:return this.cache.token?[4,this.api.challenge({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return[2,O(e.sent())]}}))}))},e.prototype.checkVerificationStatus=function(){return h(this,void 0,void 0,(function(){var e;return d(this,(function(t){switch(t.label){case 0:return this.cache.token?[4,this.api.checkVerificationStatus({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:return"accessToken"in(e=t.sent())&&e.accessToken&&(this.cache.token=e.accessToken),[2,O(e)]}}))}))},e}(),pe=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.tenantId=n,this.baseUrl=t,this.onTokenExpired=r}return e.prototype.registrationOptions=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key/registration-options"),{method:"POST",headers:U({token:n,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.authenticationOptions=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key/authentication-options"),{method:"POST",headers:U({token:n,tenantId:this.tenantId}),body:JSON.stringify({})})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.addAuthenticator=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token,r=e.registrationCredential;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/user-authenticators/security-key"),{method:"POST",headers:U({token:n,tenantId:this.tenantId}),body:JSON.stringify(r)})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.token,r=e.authenticationCredential;return d(this,(function(e){switch(e.label){case 0:return[4,fetch("".concat(this.baseUrl,"/client/verify/security-key"),{method:"POST",headers:U({token:n,tenantId:this.tenantId}),body:JSON.stringify(r)})];case 1:return[4,e.sent().json()];case 2:return P({response:t=e.sent(),onTokenExpired:this.onTokenExpired}),[2,t]}}))}))},e}(),fe=function(){function e(e){var t=e.baseUrl,n=e.tenantId,r=e.onTokenExpired;this.cache=N.shared,this.api=new pe({baseUrl:t,tenantId:n,onTokenExpired:r})}return e.prototype.enroll=function(){return h(this,void 0,void 0,(function(){var e,t,n,r,o;return d(this,(function(i){switch(i.label){case 0:return this.cache.token?(e={token:this.cache.token},[4,this.api.registrationOptions(e)]):[2,this.cache.handleTokenNotSetError()];case 1:if("error"in(t=i.sent()))return[2,R(t)];i.label=2;case 2:return i.trys.push([2,5,,6]),[4,E({optionsJSON:t})];case 3:return n=i.sent(),[4,this.api.addAuthenticator({registrationCredential:n,token:this.cache.token})];case 4:return"error"in(r=i.sent())?[2,R(r)]:(r.accessToken&&(this.cache.token=r.accessToken),[2,{data:{token:r.accessToken,registrationResponse:n}}]);case 5:throw x(o=i.sent()),o;case 6:return[2]}}))}))},e.prototype.verify=function(){return h(this,void 0,void 0,(function(){var e,t,n,r,o;return d(this,(function(i){switch(i.label){case 0:return this.cache.token?[4,this.api.authenticationOptions({token:this.cache.token})]:[2,this.cache.handleTokenNotSetError()];case 1:if("error"in(e=i.sent()))return[2,R(e)];i.label=2;case 2:return i.trys.push([2,5,,6]),[4,C({optionsJSON:e})];case 3:return t=i.sent(),[4,this.api.verify({authenticationCredential:t,token:this.cache.token})];case 4:return"error"in(n=i.sent())?[2,R(n)]:(n.accessToken&&(this.cache.token=n.accessToken),r=n.accessToken,[2,{data:{isVerified:n.isVerified,token:r,authenticationResponse:t}}]);case 5:throw x(o=i.sent()),o;case 6:return[2]}}))}))},e}(),ve=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.action,r=e.custom;return d(this,(function(e){switch(e.label){case 0:return t={action:n,custom:r},[4,fetch("".concat(this.baseUrl,"/client/challenge/qr-code"),{method:"POST",headers:U({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.challengeId,r=e.deviceCode;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:n,deviceCode:r},[4,fetch("".concat(this.baseUrl,"/client/verify/qr-code"),{method:"POST",headers:U({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e}(),ge=function(){},ye=54e4,be=5e3,me=function(e){function t(t){var n=t.baseUrl,r=t.tenantId,o=e.call(this)||this;return o.api=new ve({baseUrl:n,tenantId:r}),o}return c(t,e),t.prototype.challenge=function(e){return h(this,void 0,void 0,(function(){var t,n,r,o,i,s=this;return d(this,(function(a){switch(a.label){case 0:return[4,this.api.challenge({action:e.action,custom:e.custom})];case 1:return t=a.sent(),(n=O(t)).data&&(this.currentChallengeParams=e,this.clearPolling(),r=e.pollInterval||be,o=e.refreshInterval||ye,n.data.deviceCode&&this.startPolling({challengeId:n.data.challengeId,deviceCode:n.data.deviceCode,onStateChange:e.onStateChange,pollInterval:r}),e.onRefresh&&(i=e.onRefresh,this.startRefreshTimer((function(){return s.performRefresh(e.action,e.custom,i,e.onStateChange,r)}),o))),[2,n]}}))}))},t.prototype.refresh=function(){return h(this,arguments,void 0,(function(e){var t,n,r,o,i,s,a,c,l,u=this,h=(void 0===e?{}:e).custom;return d(this,(function(e){switch(e.label){case 0:return this.currentChallengeParams?[4,this.api.challenge({action:this.currentChallengeParams.action,custom:h||this.currentChallengeParams.custom})]:[2];case 1:return t=e.sent(),(n=O(t)).data&&(this.clearPolling(),this.currentChallengeParams.onRefresh&&this.currentChallengeParams.onRefresh(n.data.challengeId,n.data.expiresAt),n.data.deviceCode&&this.startPolling({challengeId:n.data.challengeId,deviceCode:n.data.deviceCode,onStateChange:this.currentChallengeParams.onStateChange,pollInterval:this.currentChallengeParams.pollInterval||be}),this.currentChallengeParams.onRefresh&&(r=this.currentChallengeParams.refreshInterval||ye,o=this.currentChallengeParams,i=o.action,s=o.custom,a=o.onRefresh,c=o.onStateChange,l=o.pollInterval,this.startRefreshTimer((function(){return u.performRefresh(i,s,a,c,l||be)}),r))),[2]}}))}))},t.prototype.disconnect=function(){this.clearPolling(),this.clearRefreshTimer(),this.currentChallengeParams=void 0},t.prototype.startRefreshTimer=function(e,t){var n=this;this.clearRefreshTimer(),this.refreshTimeout=setTimeout((function(){return h(n,void 0,void 0,(function(){return d(this,(function(n){switch(n.label){case 0:return[4,e()];case 1:return n.sent(),this.startRefreshTimer(e,t),[2]}}))}))}),t)},t.prototype.clearRefreshTimer=function(){this.refreshTimeout&&(clearTimeout(this.refreshTimeout),this.refreshTimeout=void 0)},t.prototype.performRefresh=function(e,t,n,r,o){return h(this,void 0,void 0,(function(){var i,s;return d(this,(function(a){switch(a.label){case 0:return[4,this.api.challenge({action:e,custom:t})];case 1:return i=a.sent(),(s=O(i)).data&&(this.clearPolling(),n(s.data.challengeId,s.data.expiresAt),s.data.deviceCode&&this.startPolling({challengeId:s.data.challengeId,deviceCode:s.data.deviceCode,onStateChange:r,pollInterval:o})),[2]}}))}))},t.prototype.startPolling=function(e){var t=this,n=e.challengeId,r=e.deviceCode,o=e.onStateChange,i=e.pollInterval;this.pollingInterval=setInterval((function(){return h(t,void 0,void 0,(function(){var e,t;return d(this,(function(i){switch(i.label){case 0:return[4,this.api.verify({challengeId:n,deviceCode:r})];case 1:return e=i.sent(),(t=O(e)).data&&(t.data.isVerified?(o("approved",t.data.token),this.clearPolling()):t.data.isClaimed&&o("claimed")),[2]}}))}))}),i)},t.prototype.clearPolling=function(){this.pollingInterval&&(clearInterval(this.pollingInterval),this.pollingInterval=void 0)},t}(ge),we="CHALLENGE_CREATED_HANDLER",ke=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.ws=null,this.messageHandlers=new Map,this.options=null,this.refreshInterval=null;var r=t.replace("https://","wss://").replace("http://","ws://").replace("v1","ws-v1-challenge").replace("api","api-ws");this.baseUrl=r,this.tenantId=n}return e.prototype.connect=function(){return h(this,void 0,void 0,(function(){var e=this;return d(this,(function(t){return[2,new Promise((function(t,n){try{e.ws=new WebSocket(e.baseUrl,["authsignal-ws","x.authsignal.tenant.".concat(e.tenantId)]),e.ws.onopen=function(){t()},e.ws.onerror=function(e){n(new Error("WebSocket connection error: ".concat(e)))},e.ws.onclose=function(){e.refreshInterval&&(clearInterval(e.refreshInterval),e.refreshInterval=null),e.messageHandlers.clear(),e.ws=null},e.ws.onmessage=function(t){try{var n=JSON.parse(t.data);e.handleMessage(n)}catch(e){console.error("Failed to parse WebSocket message:",e)}}}catch(e){n(e)}}))]}))}))},e.prototype.handleMessage=function(e){if("CHALLENGE_CREATED"===e.type){if(!(t=this.messageHandlers.get(we)))throw new Error("Challenge created handler not found");t(e)}else if("STATE_CHANGE"===e.type){var t;(t=this.messageHandlers.get(e.data.challengeId))&&t(e)}},e.prototype.createQrCodeChallenge=function(e){return h(this,void 0,void 0,(function(){var t=this;return d(this,(function(n){switch(n.label){case 0:return this.ws&&this.ws.readyState===WebSocket.OPEN?[3,2]:[4,this.connect()];case 1:n.sent(),n.label=2;case 2:return this.refreshInterval&&clearInterval(this.refreshInterval),this.options=e,[2,new Promise((function(n,r){t.messageHandlers.set(we,(function(r){if("CHALLENGE_CREATED"===r.type){var o=r;t.messageHandlers.delete(we),t.monitorChallengeState(o.data.challengeId,e),t.startRefreshCycle(o.data.challengeId,e),n({challengeId:o.data.challengeId,expiresAt:o.data.expiresAt,state:o.data.state})}})),t.sendChallengeRequest(e).catch(r)}))]}}))}))},e.prototype.monitorChallengeState=function(e,t){var n=this;this.messageHandlers.set(e,(function(r){var o;if("STATE_CHANGE"===r.type){var i=r;null===(o=t.onStateChange)||void 0===o||o.call(t,i.data.state,i.data.accessToken),"approved"!==i.data.state&&"rejected"!==i.data.state||n.messageHandlers.delete(e)}}))},e.prototype.startRefreshCycle=function(e,t){var n=this,r=t.refreshInterval||54e4,o=e;this.refreshInterval=setInterval((function(){return h(n,void 0,void 0,(function(){var e,n,r;return d(this,(function(i){switch(i.label){case 0:this.messageHandlers.delete(o),i.label=1;case 1:return i.trys.push([1,3,,4]),[4,this.createQrCodeChallenge(t)];case 2:return e=i.sent(),o=e.challengeId,null===(r=t.onRefresh)||void 0===r||r.call(t,e.challengeId,e.expiresAt),[3,4];case 3:return n=i.sent(),console.error("Failed to refresh QR code challenge:",n),this.refreshInterval&&(clearInterval(this.refreshInterval),this.refreshInterval=null),[3,4];case 4:return[2]}}))}))}),r)},e.prototype.sendChallengeRequest=function(e){return h(this,void 0,void 0,(function(){return d(this,(function(t){switch(t.label){case 0:return this.ws&&this.ws.readyState===WebSocket.OPEN?[3,2]:[4,this.connect()];case 1:t.sent(),t.label=2;case 2:if(!this.ws||this.ws.readyState!==WebSocket.OPEN)throw new Error("WebSocket connection could not be established");return this.sendMessage({type:"CREATE_CHALLENGE",data:{challengeType:"QR_CODE",actionCode:e.action,custom:e.custom}}),[2]}}))}))},e.prototype.sendMessage=function(e){if(!this.ws||this.ws.readyState!==WebSocket.OPEN)throw new Error("WebSocket not connected");this.ws.send(JSON.stringify(e))},e.prototype.refreshQrCodeChallenge=function(e){return h(this,arguments,void 0,(function(e){var t,n,r,o=e.custom;return d(this,(function(e){switch(e.label){case 0:if(!this.options)throw new Error("Call createQrCodeChallenge first");return[4,this.createQrCodeChallenge(l(l({},this.options),void 0!==o&&{custom:o}))];case 1:return t=e.sent(),null===(r=(n=this.options).onRefresh)||void 0===r||r.call(n,t.challengeId,t.expiresAt),[2,t]}}))}))},e.prototype.disconnect=function(){this.ws&&this.ws.close()},e}(),Ie=function(e){function t(t){var n=t.baseUrl,r=t.tenantId,o=e.call(this)||this;return o.wsClient=new ke({baseUrl:n,tenantId:r}),o}return c(t,e),t.prototype.challenge=function(e){return h(this,void 0,void 0,(function(){var t;return d(this,(function(n){switch(n.label){case 0:return[4,this.wsClient.createQrCodeChallenge({action:e.action,custom:e.custom,refreshInterval:e.refreshInterval,onRefresh:e.onRefresh,onStateChange:e.onStateChange})];case 1:return[2,{data:{challengeId:(t=n.sent()).challengeId,expiresAt:t.expiresAt}}]}}))}))},t.prototype.refresh=function(){return h(this,arguments,void 0,(function(e){var t=(void 0===e?{}:e).custom;return d(this,(function(e){switch(e.label){case 0:return[4,this.wsClient.refreshQrCodeChallenge({custom:t})];case 1:return e.sent(),[2]}}))}))},t.prototype.disconnect=function(){this.wsClient.disconnect()},t}(ge),Ee=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.handler=null,this.baseUrl=t,this.tenantId=n}return e.prototype.challenge=function(e){return h(this,void 0,void 0,(function(){var t,n,r;return d(this,(function(o){return t=e.polling,n=void 0!==t&&t,r=u(e,["polling"]),this.handler&&this.handler.disconnect(),this.handler=n?new me({baseUrl:this.baseUrl,tenantId:this.tenantId}):new Ie({baseUrl:this.baseUrl,tenantId:this.tenantId}),[2,this.handler.challenge(r)]}))}))},e.prototype.refresh=function(){return h(this,arguments,void 0,(function(e){var t=(void 0===e?{}:e).custom;return d(this,(function(e){if(!this.handler)throw new Error("challenge() must be called before refresh()");return[2,this.handler.refresh({custom:t})]}))}))},e.prototype.disconnect=function(){this.handler&&(this.handler.disconnect(),this.handler=null)},e}(),Te=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.tenantId=n,this.baseUrl=t}return e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.action;return d(this,(function(e){switch(e.label){case 0:return t={action:n},[4,fetch("".concat(this.baseUrl,"/client/challenge/push"),{method:"POST",headers:U({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t,n=e.challengeId;return d(this,(function(e){switch(e.label){case 0:return t={challengeId:n},[4,fetch("".concat(this.baseUrl,"/client/verify/push"),{method:"POST",headers:U({tenantId:this.tenantId}),body:JSON.stringify(t)})];case 1:return[4,e.sent().json()];case 2:return[2,e.sent()]}}))}))},e}(),Se=function(){function e(e){var t=e.baseUrl,n=e.tenantId;this.api=new Te({baseUrl:t,tenantId:n})}return e.prototype.challenge=function(e){return h(this,arguments,void 0,(function(e){var t=e.action;return d(this,(function(e){switch(e.label){case 0:return[4,this.api.challenge({action:t})];case 1:return[2,O(e.sent())]}}))}))},e.prototype.verify=function(e){return h(this,arguments,void 0,(function(e){var t=e.challengeId;return d(this,(function(e){switch(e.label){case 0:return[4,this.api.verify({challengeId:t})];case 1:return[2,O(e.sent())]}}))}))},e}(),Ce="4a08uqve",Ae=function(){function t(e){var t=e.cookieDomain,n=e.cookieName,r=void 0===n?"__as_aid":n,o=e.baseUrl,i=void 0===o?"https://api.authsignal.com/v1":o,a=e.tenantId,c=e.onTokenExpired;if(this.anonymousId="",this.profilingId="",this.cookieDomain="",this.anonymousIdCookieName="",this.cookieDomain=t||document.location.hostname.replace("www.",""),this.anonymousIdCookieName=r,!a)throw new Error("tenantId is required");var l,u=(l=this.anonymousIdCookieName)&&decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(l).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null;u?this.anonymousId=u:(this.anonymousId=s(),A({name:this.anonymousIdCookieName,value:this.anonymousId,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol})),this.passkey=new D({tenantId:a,baseUrl:i,anonymousId:this.anonymousId,onTokenExpired:c}),this.totp=new se({tenantId:a,baseUrl:i,onTokenExpired:c}),this.email=new ce({tenantId:a,baseUrl:i,onTokenExpired:c}),this.emailML=new de({tenantId:a,baseUrl:i,onTokenExpired:c}),this.sms=new ue({tenantId:a,baseUrl:i,onTokenExpired:c}),this.securityKey=new fe({tenantId:a,baseUrl:i,onTokenExpired:c}),this.qrCode=new Ee({tenantId:a,baseUrl:i}),this.push=new Se({tenantId:a,baseUrl:i})}return t.prototype.setToken=function(e){N.shared.token=e},t.prototype.launch=function(e,t){switch(null==t?void 0:t.mode){case"window":return this.launchWithWindow(e,t);case"popup":return this.launchWithPopup(e,t);default:this.launchWithRedirect(e)}},t.prototype.initAdvancedProfiling=function(e){var t=s();this.profilingId=t,A({name:"__as_pid",value:t,expire:1/0,domain:this.cookieDomain,secure:"http:"!==document.location.protocol});var n=e?"".concat(e,"/fp/tags.js?org_id=").concat(Ce,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags.js?org_id=".concat(Ce,"&session_id=").concat(t),r=document.createElement("script");r.src=n,r.async=!1,r.id="as_adv_profile",document.head.appendChild(r);var o=document.createElement("noscript");o.setAttribute("id","as_adv_profile_pixel"),o.setAttribute("aria-hidden","true");var i=document.createElement("iframe"),a=e?"".concat(e,"/fp/tags?org_id=").concat(Ce,"&session_id=").concat(t):"https://h.online-metrix.net/fp/tags?org_id=".concat(Ce,"&session_id=").concat(t);i.setAttribute("id","as_adv_profile_pixel"),i.setAttribute("src",a),i.setAttribute("style","width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"),o&&(o.appendChild(i),document.body.prepend(o))},t.prototype.launchWithRedirect=function(e){window.location.href=e},t.prototype.launchWithPopup=function(t,n){var r=n.popupOptions,o=new re({width:null==r?void 0:r.width,isClosable:null==r?void 0:r.isClosable}),i="".concat(t,"&mode=popup");return o.show({url:i}),new Promise((function(t){var n=void 0;o.on("hide",(function(){t({token:n})})),window.addEventListener("message",(function(t){var r=null;try{r=JSON.parse(t.data)}catch(e){}(null==r?void 0:r.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(n=r.token,o.close())}),!1)}))},t.prototype.launchWithWindow=function(t,n){var r=n.windowOptions,o=new L,i="".concat(t,"&mode=popup");return o.show({url:i,width:null==r?void 0:r.width,height:null==r?void 0:r.height}),new Promise((function(t){window.addEventListener("message",(function(n){var r=null;try{r=JSON.parse(n.data)}catch(e){}(null==r?void 0:r.event)===e.AuthsignalWindowMessage.AUTHSIGNAL_CLOSE_POPUP&&(o.close(),t({token:r.token}))}),!1)}))},t}();return e.Authsignal=Ae,e.WebAuthnError=m,Object.defineProperty(e,"__esModule",{value:!0}),e}({});
package/dist/push.d.ts ADDED
@@ -0,0 +1,19 @@
1
+ import { PushChallengeResponse, PushVerifyResponse } from "./api/types/push";
2
+ import { AuthsignalResponse } from "./types";
3
+ type PushOptions = {
4
+ baseUrl: string;
5
+ tenantId: string;
6
+ };
7
+ type ChallengeParams = {
8
+ action: string;
9
+ };
10
+ type VerifyParams = {
11
+ challengeId: string;
12
+ };
13
+ export declare class Push {
14
+ private api;
15
+ constructor({ baseUrl, tenantId }: PushOptions);
16
+ challenge({ action }: ChallengeParams): Promise<AuthsignalResponse<PushChallengeResponse>>;
17
+ verify({ challengeId }: VerifyParams): Promise<AuthsignalResponse<PushVerifyResponse>>;
18
+ }
19
+ export {};
package/dist/qr-code/base-qr-handler.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { ChallengeParams } from "../qr-code";
2
+ import { AuthsignalResponse } from "../types";
3
+ import { QrCodeChallengeResponse } from "../api/types/qr-code";
4
+ export interface QrHandler {
5
+ challenge(params: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
6
+ refresh(params: {
7
+ custom?: Record<string, unknown>;
8
+ }): Promise<void>;
9
+ disconnect(): void;
10
+ }
11
+ export declare abstract class BaseQrHandler implements QrHandler {
12
+ abstract challenge(params: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
13
+ abstract refresh(params: {
14
+ custom?: Record<string, unknown>;
15
+ }): Promise<void>;
16
+ abstract disconnect(): void;
17
+ }
package/dist/qr-code/rest-qr-handler.d.ts ADDED
@@ -0,0 +1,24 @@
1
+ import { QrCodeChallengeResponse } from "../api/types/qr-code";
2
+ import { AuthsignalResponse } from "../types";
3
+ import { ChallengeParams } from "../qr-code";
4
+ import { BaseQrHandler } from "./base-qr-handler";
5
+ export declare class RestQrHandler extends BaseQrHandler {
6
+ private api;
7
+ private pollingInterval?;
8
+ private refreshTimeout?;
9
+ private currentChallengeParams?;
10
+ constructor({ baseUrl, tenantId }: {
11
+ baseUrl: string;
12
+ tenantId: string;
13
+ });
14
+ challenge(params: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
15
+ refresh({ custom }?: {
16
+ custom?: Record<string, unknown>;
17
+ }): Promise<void>;
18
+ disconnect(): void;
19
+ private startRefreshTimer;
20
+ private clearRefreshTimer;
21
+ private performRefresh;
22
+ private startPolling;
23
+ private clearPolling;
24
+ }
package/dist/qr-code/websocket-qr-handler.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ import { QrCodeChallengeResponse } from "../api/types/qr-code";
2
+ import { AuthsignalResponse } from "../types";
3
+ import { ChallengeParams } from "../qr-code";
4
+ import { BaseQrHandler } from "./base-qr-handler";
5
+ export declare class WebSocketQrHandler extends BaseQrHandler {
6
+ private wsClient;
7
+ constructor({ baseUrl, tenantId }: {
8
+ baseUrl: string;
9
+ tenantId: string;
10
+ });
11
+ challenge(params: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
12
+ refresh({ custom }?: {
13
+ custom?: Record<string, unknown>;
14
+ }): Promise<void>;
15
+ disconnect(): void;
16
+ }
package/dist/qr-code.d.ts CHANGED
@@ -1,20 +1,33 @@
1
- import { QrCodeChallengeResponse, QrCodeVerifyResponse } from "./api/types/qr-code";
1
+ import { QrCodeChallengeResponse } from "./api/types/qr-code";
2
+ import { ChallengeState } from "./api/types/websocket";
2
3
  import { AuthsignalResponse } from "./types";
3
4
  type QrCodeOptions = {
4
5
  baseUrl: string;
5
6
  tenantId: string;
6
7
  };
7
- type ChallengeParams = {
8
+ export type ChallengeParams = {
8
9
  action: string;
9
- };
10
- type VerifyParams = {
11
- challengeId: string;
12
- deviceCode: string;
10
+ custom?: Record<string, unknown>;
11
+ /** Use REST API polling instead of WebSocket connection. Default: false */
12
+ polling?: boolean;
13
+ /** The interval in milliseconds at which the QR code challenge will be polled. Default: 5 seconds (Only used when polling is true)*/
14
+ pollInterval?: number;
15
+ /** The interval in milliseconds at which the QR code challenge will be refreshed. Default: 9 minutes */
16
+ refreshInterval?: number;
17
+ /** A callback function that is called when the QR code challenge is refreshed. */
18
+ onRefresh?: (challengeId: string, expiresAt: string) => void;
19
+ /** A callback function that is called when the state of the QR code challenge changes. */
20
+ onStateChange: (state: ChallengeState, accessToken?: string) => void;
13
21
  };
14
22
  export declare class QrCode {
15
- private api;
23
+ private handler;
24
+ private baseUrl;
25
+ private tenantId;
16
26
  constructor({ baseUrl, tenantId }: QrCodeOptions);
17
- challenge({ action }: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
18
- verify({ challengeId, deviceCode }: VerifyParams): Promise<AuthsignalResponse<QrCodeVerifyResponse>>;
27
+ challenge(params: ChallengeParams): Promise<AuthsignalResponse<QrCodeChallengeResponse>>;
28
+ refresh({ custom }?: {
29
+ custom?: Record<string, unknown>;
30
+ }): Promise<void>;
31
+ disconnect(): void;
19
32
  }
20
33
  export {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@authsignal/browser",
3
- "version": "1.6.1",
3
+ "version": "1.8.0",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.js",
@@ -15,6 +15,7 @@
15
15
  "passwordless",
16
16
  "fido2",
17
17
  "biometrics",
18
+ "push",
18
19
  "typescript"
19
20
  ],
20
21
  "license": "MIT",