@better-auth/passkey 1.4.0-beta.16

package/LICENSE.md

@@ -0,0 +1,17 @@
+The MIT License (MIT)
+Copyright (c) 2024 - present, Bereket Engida
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+and associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute,
+sublicense, and/or sell copies of the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,54 @@
+# Better Auth Passkey Plugin
+
+## Installation
+
+```bash
+# Using npm
+npm install better-auth @better-auth/passkey
+
+# Using yarn
+yarn add better-auth @better-auth/passkey
+
+# Using pnpm
+pnpm add better-auth @better-auth/passkey
+
+# Using bun
+bun add better-auth @better-auth/passkey
+```
+
+## Usage
+
+### Server
+
+```typescript
+import { betterAuth } from "better-auth";
+import { passkey } from "@better-auth/passkey";
+
+export const auth = betterAuth({
+  plugins: [
+    passkey({
+      rpID: "example.com",
+      rpName: "My App",
+    }),
+  ],
+});
+```
+
+### Client
+
+```typescript
+import { createAuthClient } from "better-auth/client";
+import { passkeyClient } from "@better-auth/passkey/client";
+
+export const authClient = createAuthClient({
+  plugins: [passkeyClient()],
+});
+```
+
+## Documentation
+
+For more information, visit the [Better Auth Passkey documentation](https://better-auth.com/docs/plugins/passkey).
+
+## License
+
+MIT

package/dist/client.d.ts

@@ -0,0 +1,199 @@
+import { n as Passkey, t as passkey } from "./index-B_gZWjC3.js";
+import * as nanostores0 from "nanostores";
+import { atom } from "nanostores";
+import * as better_auth0 from "better-auth";
+import * as _better_fetch_fetch0 from "@better-fetch/fetch";
+import { BetterFetch, BetterFetchOption } from "@better-fetch/fetch";
+import { ClientStore } from "@better-auth/core";
+import { Session, User } from "better-auth/types";
+
+//#region src/client.d.ts
+declare const getPasskeyActions: ($fetch: BetterFetch, {
+  $listPasskeys,
+  $store
+}: {
+  $listPasskeys: ReturnType<typeof atom<any>>;
+  $store: ClientStore;
+}) => {
+  signIn: {
+    /**
+     * Sign in with a registered passkey
+     */
+    passkey: (opts?: {
+      autoFill?: boolean;
+      fetchOptions?: BetterFetchOption;
+    } | undefined, options?: BetterFetchOption | undefined) => Promise<{
+      data: null;
+      error: {
+        message?: string | undefined;
+        status: number;
+        statusText: string;
+      };
+    } | {
+      data: {
+        session: Session;
+        user: User;
+      };
+      error: null;
+    } | {
+      data: null;
+      error: {
+        code: string;
+        message: string;
+        status: number;
+        statusText: string;
+      };
+    }>;
+  };
+  passkey: {
+    /**
+     * Add a passkey to the user account
+     */
+    addPasskey: (opts?: {
+      fetchOptions?: BetterFetchOption;
+      /**
+       * The name of the passkey. This is used to
+       * identify the passkey in the UI.
+       */
+      name?: string;
+      /**
+       * The type of attachment for the passkey. Defaults to both
+       * platform and cross-platform allowed, with platform preferred.
+       */
+      authenticatorAttachment?: "platform" | "cross-platform";
+      /**
+       * Try to silently create a passkey with the password manager that the user just signed
+       * in with.
+       * @default false
+       */
+      useAutoRegister?: boolean;
+    } | undefined, fetchOpts?: BetterFetchOption | undefined) => Promise<{
+      data: null;
+      error: {
+        message?: string | undefined;
+        status: number;
+        statusText: string;
+      };
+    } | {
+      data: null;
+      error: {
+        code: string;
+        message: string;
+        status: number;
+        statusText: string;
+      };
+    } | undefined>;
+  };
+  /**
+   * Inferred Internal Types
+   */
+  $Infer: {
+    Passkey: Passkey;
+  };
+};
+declare const passkeyClient: () => {
+  id: "passkey";
+  $InferServerPlugin: ReturnType<typeof passkey>;
+  getActions: ($fetch: BetterFetch, $store: ClientStore) => {
+    signIn: {
+      /**
+       * Sign in with a registered passkey
+       */
+      passkey: (opts?: {
+        autoFill?: boolean;
+        fetchOptions?: BetterFetchOption;
+      } | undefined, options?: BetterFetchOption | undefined) => Promise<{
+        data: null;
+        error: {
+          message?: string | undefined;
+          status: number;
+          statusText: string;
+        };
+      } | {
+        data: {
+          session: Session;
+          user: User;
+        };
+        error: null;
+      } | {
+        data: null;
+        error: {
+          code: string;
+          message: string;
+          status: number;
+          statusText: string;
+        };
+      }>;
+    };
+    passkey: {
+      /**
+       * Add a passkey to the user account
+       */
+      addPasskey: (opts?: {
+        fetchOptions?: BetterFetchOption;
+        /**
+         * The name of the passkey. This is used to
+         * identify the passkey in the UI.
+         */
+        name?: string;
+        /**
+         * The type of attachment for the passkey. Defaults to both
+         * platform and cross-platform allowed, with platform preferred.
+         */
+        authenticatorAttachment?: "platform" | "cross-platform";
+        /**
+         * Try to silently create a passkey with the password manager that the user just signed
+         * in with.
+         * @default false
+         */
+        useAutoRegister?: boolean;
+      } | undefined, fetchOpts?: BetterFetchOption | undefined) => Promise<{
+        data: null;
+        error: {
+          message?: string | undefined;
+          status: number;
+          statusText: string;
+        };
+      } | {
+        data: null;
+        error: {
+          code: string;
+          message: string;
+          status: number;
+          statusText: string;
+        };
+      } | undefined>;
+    };
+    /**
+     * Inferred Internal Types
+     */
+    $Infer: {
+      Passkey: Passkey;
+    };
+  };
+  getAtoms($fetch: BetterFetch): {
+    listPasskeys: nanostores0.PreinitializedWritableAtom<{
+      data: Passkey[] | null;
+      error: null | _better_fetch_fetch0.BetterFetchError;
+      isPending: boolean;
+      isRefetching: boolean;
+      refetch: (queryParams?: {
+        query?: better_auth0.SessionQueryParams;
+      } | undefined) => void;
+    }> & object;
+    $listPasskeys: nanostores0.PreinitializedWritableAtom<any> & object;
+  };
+  pathMethods: {
+    "/passkey/register": "POST";
+    "/passkey/authenticate": "POST";
+  };
+  atomListeners: ({
+    matcher(path: string): path is "/passkey/verify-registration" | "/passkey/delete-passkey" | "/passkey/update-passkey" | "/sign-out";
+    signal: "$listPasskeys";
+  } | {
+    matcher: (path: string) => path is "/passkey/verify-authentication";
+    signal: "$sessionSignal";
+  })[];
+};
+//#endregion
+export { getPasskeyActions, passkeyClient };

package/dist/client.js

@@ -0,0 +1,145 @@
+import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
+import { useAuthQuery } from "better-auth/client";
+import { atom } from "nanostores";
+
+//#region src/client.ts
+const getPasskeyActions = ($fetch, { $listPasskeys, $store }) => {
+	const signInPasskey = async (opts, options) => {
+		const response = await $fetch("/passkey/generate-authenticate-options", {
+			method: "POST",
+			throw: false
+		});
+		if (!response.data) return response;
+		try {
+			const verified = await $fetch("/passkey/verify-authentication", {
+				body: { response: await startAuthentication({
+					optionsJSON: response.data,
+					useBrowserAutofill: opts?.autoFill
+				}) },
+				...opts?.fetchOptions,
+				...options,
+				method: "POST",
+				throw: false
+			});
+			$listPasskeys.set(Math.random());
+			$store.notify("$sessionSignal");
+			return verified;
+		} catch (e) {
+			return {
+				data: null,
+				error: {
+					code: "AUTH_CANCELLED",
+					message: "auth cancelled",
+					status: 400,
+					statusText: "BAD_REQUEST"
+				}
+			};
+		}
+	};
+	const registerPasskey = async (opts, fetchOpts) => {
+		const options = await $fetch("/passkey/generate-register-options", {
+			method: "GET",
+			query: {
+				...opts?.authenticatorAttachment && { authenticatorAttachment: opts.authenticatorAttachment },
+				...opts?.name && { name: opts.name }
+			},
+			throw: false
+		});
+		if (!options.data) return options;
+		try {
+			const res = await startRegistration({
+				optionsJSON: options.data,
+				useAutoRegister: opts?.useAutoRegister
+			});
+			const verified = await $fetch("/passkey/verify-registration", {
+				...opts?.fetchOptions,
+				...fetchOpts,
+				body: {
+					response: res,
+					name: opts?.name
+				},
+				method: "POST",
+				throw: false
+			});
+			if (!verified.data) return verified;
+			$listPasskeys.set(Math.random());
+		} catch (e) {
+			if (e instanceof WebAuthnError) {
+				if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") return {
+					data: null,
+					error: {
+						code: e.code,
+						message: "previously registered",
+						status: 400,
+						statusText: "BAD_REQUEST"
+					}
+				};
+				if (e.code === "ERROR_CEREMONY_ABORTED") return {
+					data: null,
+					error: {
+						code: e.code,
+						message: "registration cancelled",
+						status: 400,
+						statusText: "BAD_REQUEST"
+					}
+				};
+				return {
+					data: null,
+					error: {
+						code: e.code,
+						message: e.message,
+						status: 400,
+						statusText: "BAD_REQUEST"
+					}
+				};
+			}
+			return {
+				data: null,
+				error: {
+					code: "UNKNOWN_ERROR",
+					message: e instanceof Error ? e.message : "unknown error",
+					status: 500,
+					statusText: "INTERNAL_SERVER_ERROR"
+				}
+			};
+		}
+	};
+	return {
+		signIn: { passkey: signInPasskey },
+		passkey: { addPasskey: registerPasskey },
+		$Infer: {}
+	};
+};
+const passkeyClient = () => {
+	const $listPasskeys = atom();
+	return {
+		id: "passkey",
+		$InferServerPlugin: {},
+		getActions: ($fetch, $store) => getPasskeyActions($fetch, {
+			$listPasskeys,
+			$store
+		}),
+		getAtoms($fetch) {
+			return {
+				listPasskeys: useAuthQuery($listPasskeys, "/passkey/list-user-passkeys", $fetch, { method: "GET" }),
+				$listPasskeys
+			};
+		},
+		pathMethods: {
+			"/passkey/register": "POST",
+			"/passkey/authenticate": "POST"
+		},
+		atomListeners: [{
+			matcher(path) {
+				return path === "/passkey/verify-registration" || path === "/passkey/delete-passkey" || path === "/passkey/update-passkey" || path === "/sign-out";
+			},
+			signal: "$listPasskeys"
+		}, {
+			matcher: (path) => path === "/passkey/verify-authentication",
+			signal: "$sessionSignal"
+		}]
+	};
+};
+
+//#endregion
+export { getPasskeyActions, passkeyClient };