@bradford-tech/supabase-integrity-attest 0.8.0 → 0.8.1

package/esm/src/attestation.d.ts

@@ -40,7 +40,12 @@ export interface AttestationCbor {
     };
     authData: Uint8Array;
 }
-/** Decode an Apple App Attest attestation object from raw CBOR bytes. */
+/**
+ * Decode an Apple App Attest attestation object from raw CBOR bytes.
+ *
+ * @throws {AttestationError} with code `INVALID_FORMAT` if the data is not
+ *   a valid attestation CBOR structure.
+ */
 export declare function decodeAttestationCbor(data: Uint8Array): AttestationCbor;
 /**
  * Verify an Apple App Attest attestation.

package/esm/src/attestation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../src/src/attestation.ts"],"names":[],"mappings":"AAaA,yCAAyC;AACzC,MAAM,WAAW,OAAO;IACtB,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,OAAO,EAAE,UAAU,CAAC;IACpB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACvC,uFAAuF;IACvF,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,GAAG,EAAE,UAAU,EAAE,CAAC;QAClB,OAAO,EAAE,UAAU,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE,UAAU,CAAC;CACtB;AAsGD,yEAAyE;AACzE,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAyEvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,UAAU,GAAG,MAAM,EACnC,WAAW,EAAE,UAAU,GAAG,MAAM,EAChC,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,iBAAiB,CAAC,CAkJ5B"}
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../src/src/attestation.ts"],"names":[],"mappings":"AAgBA,yCAAyC;AACzC,MAAM,WAAW,OAAO;IACtB,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,OAAO,EAAE,UAAU,CAAC;IACpB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACvC,uFAAuF;IACvF,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,GAAG,EAAE,UAAU,EAAE,CAAC;QAClB,OAAO,EAAE,UAAU,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE,UAAU,CAAC;CACtB;AAsGD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAwFvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,UAAU,GAAG,MAAM,EACnC,WAAW,EAAE,UAAU,GAAG,MAAM,EAChC,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,iBAAiB,CAAC,CAoJ5B"}

package/esm/src/attestation.js

@@ -3,7 +3,7 @@ import { decodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.10/base64.js";
 import { extractNonceFromCert, extractPublicKeyFromCert, verifyCertificateChain, } from "./certificate.js";
 import { AAGUID_DEVELOPMENT, AAGUID_PRODUCTION } from "./constants.js";
 import { AttestationError, AttestationErrorCode } from "./errors.js";
-import { parseAttestationAuthData } from "./authdata.js";
+import { parseAttestationAuthData, } from "./authdata.js";
 import { concat, constantTimeEqual, exportKeyToPem, toBytes } from "./utils.js";
 /** Read a CBOR unsigned integer (additional info + following bytes). */
 function readCborUint(data, offset) {
@@ -88,72 +88,86 @@ function findCborTextKey(data, key, startOffset) {
     }
     return -1;
 }
-/** Decode an Apple App Attest attestation object from raw CBOR bytes. */
+/**
+ * Decode an Apple App Attest attestation object from raw CBOR bytes.
+ *
+ * @throws {AttestationError} with code `INVALID_FORMAT` if the data is not
+ *   a valid attestation CBOR structure.
+ */
 export function decodeAttestationCbor(data) {
-    // Verify top-level is a CBOR map
-    const majorType = (data[0] >> 5) & 0x07;
-    if (majorType !== 5) {
-        throw new Error("Expected CBOR map at top level");
-    }
-    // Find "fmt" key and read its value
-    const fmtKeyPos = findCborTextKey(data, "fmt", 0);
-    if (fmtKeyPos === -1)
-        throw new Error('Missing "fmt" key');
-    const fmtKeyEnd = fmtKeyPos + 1 + 3; // 0x63 + "fmt"
-    const { value: fmt } = readCborText(data, fmtKeyEnd);
-    // Find "attStmt" key
-    const attStmtKeyPos = findCborTextKey(data, "attStmt", 0);
-    if (attStmtKeyPos === -1)
-        throw new Error('Missing "attStmt" key');
-    // After "attStmt" key: 0x67 + "attStmt" = 8 bytes
-    const attStmtValuePos = attStmtKeyPos + 8;
-    // attStmt value should be a map
-    const attStmtMajor = (data[attStmtValuePos] >> 5) & 0x07;
-    if (attStmtMajor !== 5)
-        throw new Error("attStmt is not a CBOR map");
-    // Find "x5c" key within attStmt
-    const x5cKeyPos = findCborTextKey(data, "x5c", attStmtValuePos);
-    if (x5cKeyPos === -1)
-        throw new Error('Missing "x5c" key in attStmt');
-    const x5cValuePos = x5cKeyPos + 4; // 0x63 + "x5c"
-    // x5c value is an array
-    const x5cMajor = (data[x5cValuePos] >> 5) & 0x07;
-    if (x5cMajor !== 4)
-        throw new Error("x5c is not a CBOR array");
-    const { value: x5cCount, end: x5cFirstItemPos } = readCborUint(data, x5cValuePos);
-    // Read each certificate byte string
-    const x5c = [];
-    let pos = x5cFirstItemPos;
-    for (let i = 0; i < x5cCount; i++) {
-        const { value: cert, end } = readCborBytes(data, pos);
-        x5c.push(cert);
-        pos = end;
+    try {
+        // Verify top-level is a CBOR map
+        const majorType = (data[0] >> 5) & 0x07;
+        if (majorType !== 5) {
+            throw new Error("Expected CBOR map at top level");
+        }
+        // Find "fmt" key and read its value
+        const fmtKeyPos = findCborTextKey(data, "fmt", 0);
+        if (fmtKeyPos === -1)
+            throw new Error('Missing "fmt" key');
+        const fmtKeyEnd = fmtKeyPos + 1 + 3; // 0x63 + "fmt"
+        const { value: fmt } = readCborText(data, fmtKeyEnd);
+        // Find "attStmt" key
+        const attStmtKeyPos = findCborTextKey(data, "attStmt", 0);
+        if (attStmtKeyPos === -1)
+            throw new Error('Missing "attStmt" key');
+        // After "attStmt" key: 0x67 + "attStmt" = 8 bytes
+        const attStmtValuePos = attStmtKeyPos + 8;
+        // attStmt value should be a map
+        const attStmtMajor = (data[attStmtValuePos] >> 5) & 0x07;
+        if (attStmtMajor !== 5)
+            throw new Error("attStmt is not a CBOR map");
+        // Find "x5c" key within attStmt
+        const x5cKeyPos = findCborTextKey(data, "x5c", attStmtValuePos);
+        if (x5cKeyPos === -1)
+            throw new Error('Missing "x5c" key in attStmt');
+        const x5cValuePos = x5cKeyPos + 4; // 0x63 + "x5c"
+        // x5c value is an array
+        const x5cMajor = (data[x5cValuePos] >> 5) & 0x07;
+        if (x5cMajor !== 4)
+            throw new Error("x5c is not a CBOR array");
+        const { value: x5cCount, end: x5cFirstItemPos } = readCborUint(data, x5cValuePos);
+        // Read each certificate byte string
+        const x5c = [];
+        let pos = x5cFirstItemPos;
+        for (let i = 0; i < x5cCount; i++) {
+            const { value: cert, end } = readCborBytes(data, pos);
+            x5c.push(cert);
+            pos = end;
+        }
+        // After x5c, find "receipt" key
+        const receiptKeyPos = findCborTextKey(data, "receipt", pos);
+        if (receiptKeyPos === -1) {
+            throw new Error('Missing "receipt" key in attStmt');
+        }
+        // Find "authData" key - search from after the receipt key position
+        const authDataKeyPos = findCborTextKey(data, "authData", receiptKeyPos);
+        if (authDataKeyPos === -1) {
+            throw new Error('Missing "authData" key');
+        }
+        // The receipt value is the bytes between the receipt key end and the authData key start.
+        // Receipt key: 0x67 + "receipt" = 8 bytes
+        const receiptValueStart = receiptKeyPos + 8;
+        // Read the receipt CBOR header to get the data start offset
+        const receiptMajor = (data[receiptValueStart] >> 5) & 0x07;
+        if (receiptMajor !== 2) {
+            throw new Error("receipt is not a CBOR byte string");
+        }
+        const { end: receiptDataStart } = readCborUint(data, receiptValueStart);
+        // The actual receipt data extends to just before the authData key.
+        // This handles the case where Apple's CBOR length header is incorrect.
+        const receipt = data.slice(receiptDataStart, authDataKeyPos);
+        // Read authData value
+        // authData key: 0x68 + "authData" = 9 bytes
+        const authDataValuePos = authDataKeyPos + 9;
+        const { value: authData } = readCborBytes(data, authDataValuePos);
+        return { fmt, attStmt: { x5c, receipt }, authData };
     }
-    // After x5c, find "receipt" key
-    const receiptKeyPos = findCborTextKey(data, "receipt", pos);
-    if (receiptKeyPos === -1)
-        throw new Error('Missing "receipt" key in attStmt');
-    // Find "authData" key - search from after the receipt key position
-    const authDataKeyPos = findCborTextKey(data, "authData", receiptKeyPos);
-    if (authDataKeyPos === -1) {
-        throw new Error('Missing "authData" key');
+    catch (e) {
+        if (e instanceof AttestationError)
+            throw e;
+        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Failed to CBOR-decode attestation object: ${e instanceof Error ? e.message : String(e)}`, { cause: e });
     }
-    // The receipt value is the bytes between the receipt key end and the authData key start.
-    // Receipt key: 0x67 + "receipt" = 8 bytes
-    const receiptValueStart = receiptKeyPos + 8;
-    // Read the receipt CBOR header to get the data start offset
-    const receiptMajor = (data[receiptValueStart] >> 5) & 0x07;
-    if (receiptMajor !== 2)
-        throw new Error("receipt is not a CBOR byte string");
-    const { end: receiptDataStart } = readCborUint(data, receiptValueStart);
-    // The actual receipt data extends to just before the authData key.
-    // This handles the case where Apple's CBOR length header is incorrect.
-    const receipt = data.slice(receiptDataStart, authDataKeyPos);
-    // Read authData value
-    // authData key: 0x68 + "authData" = 9 bytes
-    const authDataValuePos = authDataKeyPos + 9;
-    const { value: authData } = readCborBytes(data, authDataValuePos);
-    return { fmt, attStmt: { x5c, receipt }, authData };
 }
 /**
  * Verify an Apple App Attest attestation.
@@ -188,13 +202,7 @@ export async function verifyAttestation(appInfo, keyId, clientDataHash, attestat
         attestationBytes = attestation;
     }
     // Step 1: CBOR decode attestation -> { fmt, attStmt: { x5c, receipt }, authData }
-    let decoded;
-    try {
-        decoded = decodeAttestationCbor(attestationBytes);
-    }
-    catch {
-        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, "Failed to CBOR-decode attestation object");
-    }
+    const decoded = decodeAttestationCbor(attestationBytes);
     // Step 2: Validate fmt === "apple-appattest"
     if (decoded.fmt !== "apple-appattest") {
         throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Invalid attestation format: expected "apple-appattest", got "${decoded.fmt}"`);
@@ -228,7 +236,13 @@ export async function verifyAttestation(appInfo, keyId, clientDataHash, attestat
         throw new AttestationError(AttestationErrorCode.KEY_ID_MISMATCH, "Public key hash does not match keyId");
     }
     // Step 11: Parse authData
-    const parsedAuthData = parseAttestationAuthData(authData);
+    let parsedAuthData;
+    try {
+        parsedAuthData = parseAttestationAuthData(authData);
+    }
+    catch (e) {
+        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Invalid authenticatorData: ${e instanceof Error ? e.message : String(e)}`);
+    }
     // Step 12: Verify rpIdHash === SHA-256(appId)
     const appIdHash = new Uint8Array(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(appInfo.appId)));
     if (!constantTimeEqual(parsedAuthData.rpIdHash, appIdHash)) {

package/esm/src/authdata.d.ts

@@ -6,7 +6,6 @@ export interface AssertionAuthData {
 export interface AttestationAuthData extends AssertionAuthData {
     aaguid: Uint8Array;
     credentialId: Uint8Array;
-    coseKeyBytes: Uint8Array;
 }
 export declare function parseAssertionAuthData(data: Uint8Array): AssertionAuthData;
 export declare function parseAttestationAuthData(data: Uint8Array): AttestationAuthData;

package/esm/src/authdata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authdata.d.ts","sourceRoot":"","sources":["../../src/src/authdata.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;IAC5D,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,UAAU,CAAC;IACzB,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,iBAAiB,CAgB1E;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,GACf,mBAAmB,CAiCrB"}
+{"version":3,"file":"authdata.d.ts","sourceRoot":"","sources":["../../src/src/authdata.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;IAC5D,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,iBAAiB,CAgB1E;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,GACf,mBAAmB,CA+BrB"}

package/esm/src/authdata.js

@@ -19,11 +19,9 @@ export function parseAttestationAuthData(data) {
         throw new Error(`authenticatorData truncated: credentialIdLength=${credentialIdLength} but only ${data.length - 55} bytes remain`);
     }
     const credentialId = data.slice(55, 55 + credentialIdLength);
-    const coseKeyBytes = data.slice(55 + credentialIdLength);
     return {
         ...base,
         aaguid,
         credentialId,
-        coseKeyBytes,
     };
 }

package/esm/src/with-assertion.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"with-assertion.d.ts","sourceRoot":"","sources":["../../src/src/with-assertion.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAsB,MAAM,aAAa,CAAC;AAEjE,iEAAiE;AACjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AACjE,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AAEjE,0EAA0E;AAC1E,MAAM,MAAM,SAAS,GAAG;IACtB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,mFAAmF;AACnF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,OAAO,EAAE,UAAU,CAAC;IACpB,mEAAmE;IACnE,OAAO,EAAE,gBAAgB,CAAC;CAC3B,CAAC;AAEF,0EAA0E;AAC1E,MAAM,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,MAAM,oBAAoB,GAAG;IACjC,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,wFAAwF;IACxF,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D;;;;;;;;;;;;;;;;OAgBG;IACH,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9E,8DAA8D;IAC9D,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,uEAAuE;IACvE,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,OAAO,KACT,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAmCF;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,gBAAgB,KACtB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAChC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAmGrC"}
+{"version":3,"file":"with-assertion.d.ts","sourceRoot":"","sources":["../../src/src/with-assertion.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAsB,MAAM,aAAa,CAAC;AAEjE,iEAAiE;AACjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AACjE,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AAEjE,0EAA0E;AAC1E,MAAM,MAAM,SAAS,GAAG;IACtB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,mFAAmF;AACnF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,OAAO,EAAE,UAAU,CAAC;IACpB,mEAAmE;IACnE,OAAO,EAAE,gBAAgB,CAAC;CAC3B,CAAC;AAEF,0EAA0E;AAC1E,MAAM,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,MAAM,oBAAoB,GAAG;IACjC,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,wFAAwF;IACxF,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D;;;;;;;;;;;;;;;;OAgBG;IACH,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9E,8DAA8D;IAC9D,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,uEAAuE;IACvE,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,OAAO,KACT,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAqCF;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,gBAAgB,KACtB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAChC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAmGrC"}

package/esm/src/with-assertion.js

@@ -19,7 +19,9 @@ function defaultErrorResponse(error) {
         ? 500
         : error.code === AssertionErrorCode.INVALID_FORMAT
             ? 400
-            : 401;
+            : error.code === AssertionErrorCode.SIGN_COUNT_STALE
+                ? 409
+                : 401;
     return new Response(JSON.stringify({ error: error.message, code: error.code }), { status, headers: { "Content-Type": "application/json" } });
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bradford-tech/supabase-integrity-attest",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "Verify Apple App Attest attestations and assertions using WebCrypto.",
   "homepage": "https://integrity-attest.bradford.tech",
   "repository": {