@dfns/sdk 0.3.4 → 0.4.0-alpha.2

package/baseAuthApi.d.ts

@@ -1,5 +1,5 @@
 import { FirstFactorAttestation, RecoveryFactorAttestation, SecondFactorAttestation, UserRegistrationChallenge } from './store';
-import { AllowCredential, CredentialKind, FirstFactorAssertion, RecoveryKeyAssertion, SecondFactorAssertion } from './signer';
+import { CredentialKind, FirstFactorAssertion, RecoveryKeyAssertion, SecondFactorAssertion, UserActionChallenge } from './signer';
 import { HttpMethod } from './utils/fetch';
 export type DfnsBaseApiOptions = {
     appId: string;
@@ -13,21 +13,7 @@ export type CreateUserActionChallengeRequest = {
     userActionHttpPath: string;
     userActionServerKind: 'Api';
 };
-export type CredentialFactor = 'first' | 'second' | 'either';
-export type UserActionChallengeResponse = {
-    supportedCredentialKinds: {
-        kind: CredentialKind;
-        factor: CredentialFactor;
-        requiresSecondFactor: boolean;
-    }[];
-    challenge: string;
-    challengeIdentifier: string;
-    externalAuthenticationUrl: string;
-    allowCredentials: {
-        key: AllowCredential[];
-        webauthn: AllowCredential[];
-    };
-};
+export type UserActionChallengeResponse = UserActionChallenge;
 export type SignUserActionChallengeRequest = {
     challengeIdentifier: string;
     firstFactor: FirstFactorAssertion;

package/dfnsAuthenticator.js

@@ -7,10 +7,10 @@ class DfnsAuthenticator {
         this.apiOptions = apiOptions;
     }
     async login(request) {
-        const { challenge, challengeIdentifier, allowCredentials } = await baseAuthApi_1.BaseAuthApi.createUserLoginChallenge(request, this.apiOptions);
-        const assertion = await this.apiOptions.signer.sign(challenge, allowCredentials);
+        const challenge = await baseAuthApi_1.BaseAuthApi.createUserLoginChallenge(request, this.apiOptions);
+        const assertion = await this.apiOptions.signer.sign(challenge);
         return baseAuthApi_1.BaseAuthApi.createUserLogin({
-            challengeIdentifier,
+            challengeIdentifier: challenge.challengeIdentifier,
             firstFactor: assertion,
         }, this.apiOptions);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dfns/sdk",
-  "version": "0.3.4",
+  "version": "0.4.0-alpha.2",
   "dependencies": {
     "buffer": "6.0.3",
     "cross-fetch": "3.1.6",

package/signer.d.ts

@@ -1,3 +1,4 @@
+export type CredentialFactor = 'first' | 'second' | 'either';
 export type CredentialKind = 'Key' | 'Fido2' | 'Password' | 'Totp' | 'RecoveryKey';
 export type CredentialTransport = 'usb' | 'nfc' | 'ble' | 'internal';
 export type AllowCredential = {
@@ -5,6 +6,25 @@ export type AllowCredential = {
     id: string;
     transports: CredentialTransport[];
 };
+export type SupportedCredential = {
+    kind: CredentialKind;
+    factor: CredentialFactor;
+    requiresSecondFactor: boolean;
+};
+export type UserActionChallenge = {
+    supportedCredentialKinds: SupportedCredential[];
+    rp: {
+        id: string;
+        name: string;
+    };
+    challenge: string;
+    challengeIdentifier: string;
+    externalAuthenticationUrl: string;
+    allowCredentials: {
+        key: AllowCredential[];
+        webauthn: AllowCredential[];
+    };
+};
 export type KeyAssertion = {
     kind: 'Key';
     credentialAssertion: {
@@ -45,8 +65,5 @@ export type FirstFactorAssertion = KeyAssertion | Fido2Assertion | PasswordAsser
 export type SecondFactorAssertion = KeyAssertion | Fido2Assertion | TotpAssertion;
 export type CredentialAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion | TotpAssertion;
 export interface CredentialSigner<T extends CredentialAssertion = FirstFactorAssertion> {
-    sign(challenge: string, allowCredentials: {
-        key: AllowCredential[];
-        webauthn: AllowCredential[];
-    }): Promise<T>;
+    sign(challenge: UserActionChallenge): Promise<T>;
 }

package/utils/crypto.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.rawSignatureToAns1 = exports.exportPublicKeyInPemFormatBrowser = void 0;
+const buffer_1 = require("buffer");
 const base64_1 = require("./base64");
 const string_1 = require("./string");
 const bigint_1 = require("./bigint");
@@ -8,7 +9,7 @@ const bigint_1 = require("./bigint");
 // Adding `Browser` in the function name to distinguish with native node crypto module usage
 const exportPublicKeyInPemFormatBrowser = async (key) => {
     const exported = await crypto.subtle.exportKey('spki', key.publicKey);
-    const b64Exported = (0, base64_1.toBase64)(Buffer.from(exported));
+    const b64Exported = (0, base64_1.toBase64)(buffer_1.Buffer.from(exported));
     const pem = `-----BEGIN PUBLIC KEY-----\n${(0, string_1.splitString)(b64Exported).join("\n")}\n-----END PUBLIC KEY-----`;
     return pem;
 };

package/utils/fetch.js

@@ -83,15 +83,15 @@ const userAction = (fetch) => {
                 ...options.apiOptions,
                 baseUrl: options.apiOptions.baseAuthUrl || options.apiOptions.baseUrl,
             };
-            const { challenge, challengeIdentifier, allowCredentials } = await baseAuthApi_1.BaseAuthApi.createUserActionChallenge({
+            const challenge = await baseAuthApi_1.BaseAuthApi.createUserActionChallenge({
                 userActionPayload: options.body ?? '',
                 userActionHttpMethod: options.method,
                 userActionHttpPath: resource.pathname,
                 userActionServerKind: apiOptions?.userActionServerKind || 'Api',
             }, apiOptions);
-            const assertion = await apiOptions.signer.sign(challenge, allowCredentials);
+            const assertion = await apiOptions.signer.sign(challenge);
             const { userAction } = await baseAuthApi_1.BaseAuthApi.signUserActionChallenge({
-                challengeIdentifier,
+                challengeIdentifier: challenge.challengeIdentifier,
                 firstFactor: assertion,
             }, apiOptions);
             options.headers = {