npm - @glideidentity/web-client-sdk - Versions diffs - 5.1.3 → 6.0.0-beta.1 - Mend

@glideidentity/web-client-sdk 5.1.3 → 6.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/README.md +337 -526
package/dist/browser/web-client-sdk.min.js +1 -1
package/dist/cjs/adapters/index.js +15 -0
package/dist/cjs/adapters/react.js +192 -0
package/dist/cjs/adapters/vanilla.js +38 -0
package/dist/cjs/adapters/vue.js +187 -0
package/dist/cjs/browser.js +58 -0
package/dist/cjs/client/http.js +159 -0
package/dist/cjs/client/index.js +19 -0
package/dist/cjs/client/logger.js +135 -0
package/dist/cjs/client/phone-auth-client.js +439 -0
package/dist/cjs/client/strategies/polling.js +177 -0
package/dist/cjs/core/errors.js +204 -0
package/dist/cjs/core/index.js +83 -0
package/dist/cjs/core/type-guards.js +196 -0
package/dist/cjs/core/types.js +25 -0
package/dist/{core/phone-auth/validation-utils.js → cjs/core/validators.js} +70 -23
package/dist/cjs/index.js +81 -0
package/dist/cjs/ui/index.js +11 -0
package/dist/{core/phone-auth → cjs}/ui/mobile-debug-console.js +149 -78
package/dist/cjs/ui/modal.js +1122 -0
package/dist/esm/adapters/index.js +11 -0
package/dist/esm/adapters/react.js +182 -0
package/dist/esm/adapters/vanilla.js +29 -0
package/dist/esm/adapters/vue.js +177 -0
package/dist/esm/browser.js +30 -11
package/dist/esm/client/http.js +156 -0
package/dist/esm/client/index.js +11 -0
package/dist/esm/client/logger.js +131 -0
package/dist/esm/client/phone-auth-client.js +435 -0
package/dist/esm/client/strategies/polling.js +174 -0
package/dist/esm/core/errors.js +193 -0
package/dist/esm/core/index.js +60 -0
package/dist/esm/core/type-guards.js +181 -0
package/dist/esm/core/types.js +22 -1
package/dist/esm/core/{phone-auth/validation-utils.js → validators.js} +66 -21
package/dist/esm/index.js +45 -17
package/dist/esm/ui/index.js +5 -0
package/dist/esm/{core/phone-auth/ui → ui}/mobile-debug-console.js +149 -78
package/dist/esm/ui/modal.js +1117 -0
package/dist/types/adapters/index.d.ts +10 -0
package/dist/types/adapters/index.d.ts.map +1 -0
package/dist/types/adapters/react.d.ts +70 -0
package/dist/types/adapters/react.d.ts.map +1 -0
package/dist/types/adapters/vanilla.d.ts +29 -0
package/dist/types/adapters/vanilla.d.ts.map +1 -0
package/dist/types/adapters/vue.d.ts +71 -0
package/dist/types/adapters/vue.d.ts.map +1 -0
package/dist/types/browser.d.ts +27 -0
package/dist/types/browser.d.ts.map +1 -0
package/dist/types/client/http.d.ts +41 -0
package/dist/types/client/http.d.ts.map +1 -0
package/dist/types/client/index.d.ts +10 -0
package/dist/types/client/index.d.ts.map +1 -0
package/dist/types/client/logger.d.ts +36 -0
package/dist/types/client/logger.d.ts.map +1 -0
package/dist/types/client/phone-auth-client.d.ts +91 -0
package/dist/types/client/phone-auth-client.d.ts.map +1 -0
package/dist/types/client/strategies/polling.d.ts +36 -0
package/dist/types/client/strategies/polling.d.ts.map +1 -0
package/dist/types/core/errors.d.ts +71 -0
package/dist/types/core/errors.d.ts.map +1 -0
package/dist/types/core/index.d.ts +38 -0
package/dist/types/core/index.d.ts.map +1 -0
package/dist/types/core/type-guards.d.ts +118 -0
package/dist/types/core/type-guards.d.ts.map +1 -0
package/dist/types/core/types.d.ts +534 -0
package/dist/types/core/types.d.ts.map +1 -0
package/dist/types/core/validators.d.ts +63 -0
package/dist/types/core/validators.d.ts.map +1 -0
package/dist/types/index.d.ts +40 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/ui/index.d.ts +6 -0
package/dist/types/ui/index.d.ts.map +1 -0
package/dist/{esm/core/phone-auth → types}/ui/mobile-debug-console.d.ts +1 -0
package/dist/types/ui/mobile-debug-console.d.ts.map +1 -0
package/dist/types/ui/modal.d.ts +87 -0
package/dist/types/ui/modal.d.ts.map +1 -0
package/package.json +48 -34
package/dist/adapters/angular/client.service.d.ts +0 -7
package/dist/adapters/angular/client.service.js +0 -30
package/dist/adapters/angular/index.d.ts +0 -3
package/dist/adapters/angular/index.js +0 -18
package/dist/adapters/angular/phone-auth.service.d.ts +0 -38
package/dist/adapters/angular/phone-auth.service.js +0 -130
package/dist/adapters/react/index.d.ts +0 -9
package/dist/adapters/react/index.js +0 -28
package/dist/adapters/react/useClient.d.ts +0 -26
package/dist/adapters/react/useClient.js +0 -121
package/dist/adapters/react/usePhoneAuth.d.ts +0 -23
package/dist/adapters/react/usePhoneAuth.js +0 -95
package/dist/adapters/vanilla/client.d.ts +0 -8
package/dist/adapters/vanilla/client.js +0 -33
package/dist/adapters/vanilla/index.d.ts +0 -3
package/dist/adapters/vanilla/index.js +0 -18
package/dist/adapters/vanilla/phone-auth.d.ts +0 -46
package/dist/adapters/vanilla/phone-auth.js +0 -138
package/dist/adapters/vue/index.d.ts +0 -10
package/dist/adapters/vue/index.js +0 -36
package/dist/adapters/vue/useClient.d.ts +0 -115
package/dist/adapters/vue/useClient.js +0 -131
package/dist/adapters/vue/usePhoneAuth.d.ts +0 -94
package/dist/adapters/vue/usePhoneAuth.js +0 -103
package/dist/browser.d.ts +0 -7
package/dist/browser.js +0 -31
package/dist/core/client.d.ts +0 -22
package/dist/core/client.js +0 -77
package/dist/core/logger.d.ts +0 -130
package/dist/core/logger.js +0 -370
package/dist/core/phone-auth/api-types.d.ts +0 -593
package/dist/core/phone-auth/api-types.js +0 -215
package/dist/core/phone-auth/client.d.ts +0 -189
package/dist/core/phone-auth/client.js +0 -1441
package/dist/core/phone-auth/error-utils.d.ts +0 -110
package/dist/core/phone-auth/error-utils.js +0 -350
package/dist/core/phone-auth/index.d.ts +0 -7
package/dist/core/phone-auth/index.js +0 -50
package/dist/core/phone-auth/status-types.d.ts +0 -107
package/dist/core/phone-auth/status-types.js +0 -31
package/dist/core/phone-auth/strategies/desktop.d.ts +0 -122
package/dist/core/phone-auth/strategies/desktop.js +0 -596
package/dist/core/phone-auth/strategies/index.d.ts +0 -11
package/dist/core/phone-auth/strategies/index.js +0 -15
package/dist/core/phone-auth/strategies/link.d.ts +0 -89
package/dist/core/phone-auth/strategies/link.js +0 -384
package/dist/core/phone-auth/strategies/ts43.d.ts +0 -32
package/dist/core/phone-auth/strategies/ts43.js +0 -161
package/dist/core/phone-auth/strategies/types.d.ts +0 -18
package/dist/core/phone-auth/strategies/types.js +0 -6
package/dist/core/phone-auth/type-guards.d.ts +0 -143
package/dist/core/phone-auth/type-guards.js +0 -198
package/dist/core/phone-auth/types.d.ts +0 -237
package/dist/core/phone-auth/types.js +0 -93
package/dist/core/phone-auth/ui/mobile-debug-console.d.ts +0 -25
package/dist/core/phone-auth/ui/modal.d.ts +0 -88
package/dist/core/phone-auth/ui/modal.js +0 -598
package/dist/core/phone-auth/validation-utils.d.ts +0 -44
package/dist/core/types.d.ts +0 -62
package/dist/core/types.js +0 -2
package/dist/core/version.d.ts +0 -1
package/dist/core/version.js +0 -5
package/dist/esm/adapters/angular/client.service.d.ts +0 -7
package/dist/esm/adapters/angular/client.service.js +0 -27
package/dist/esm/adapters/angular/index.d.ts +0 -3
package/dist/esm/adapters/angular/index.js +0 -4
package/dist/esm/adapters/angular/phone-auth.service.d.ts +0 -38
package/dist/esm/adapters/angular/phone-auth.service.js +0 -127
package/dist/esm/adapters/react/index.d.ts +0 -9
package/dist/esm/adapters/react/index.js +0 -8
package/dist/esm/adapters/react/useClient.d.ts +0 -26
package/dist/esm/adapters/react/useClient.js +0 -116
package/dist/esm/adapters/react/usePhoneAuth.d.ts +0 -23
package/dist/esm/adapters/react/usePhoneAuth.js +0 -92
package/dist/esm/adapters/vanilla/client.d.ts +0 -8
package/dist/esm/adapters/vanilla/client.js +0 -29
package/dist/esm/adapters/vanilla/index.d.ts +0 -3
package/dist/esm/adapters/vanilla/index.js +0 -4
package/dist/esm/adapters/vanilla/phone-auth.d.ts +0 -46
package/dist/esm/adapters/vanilla/phone-auth.js +0 -134
package/dist/esm/adapters/vue/index.d.ts +0 -10
package/dist/esm/adapters/vue/index.js +0 -11
package/dist/esm/adapters/vue/useClient.d.ts +0 -115
package/dist/esm/adapters/vue/useClient.js +0 -127
package/dist/esm/adapters/vue/usePhoneAuth.d.ts +0 -94
package/dist/esm/adapters/vue/usePhoneAuth.js +0 -100
package/dist/esm/browser.d.ts +0 -7
package/dist/esm/core/client.d.ts +0 -22
package/dist/esm/core/client.js +0 -70
package/dist/esm/core/logger.d.ts +0 -130
package/dist/esm/core/logger.js +0 -359
package/dist/esm/core/phone-auth/api-types.d.ts +0 -593
package/dist/esm/core/phone-auth/api-types.js +0 -203
package/dist/esm/core/phone-auth/client.d.ts +0 -189
package/dist/esm/core/phone-auth/client.js +0 -1404
package/dist/esm/core/phone-auth/error-utils.d.ts +0 -110
package/dist/esm/core/phone-auth/error-utils.js +0 -338
package/dist/esm/core/phone-auth/index.d.ts +0 -7
package/dist/esm/core/phone-auth/index.js +0 -8
package/dist/esm/core/phone-auth/status-types.d.ts +0 -107
package/dist/esm/core/phone-auth/status-types.js +0 -26
package/dist/esm/core/phone-auth/strategies/desktop.d.ts +0 -122
package/dist/esm/core/phone-auth/strategies/desktop.js +0 -590
package/dist/esm/core/phone-auth/strategies/index.d.ts +0 -11
package/dist/esm/core/phone-auth/strategies/index.js +0 -7
package/dist/esm/core/phone-auth/strategies/link.d.ts +0 -89
package/dist/esm/core/phone-auth/strategies/link.js +0 -380
package/dist/esm/core/phone-auth/strategies/ts43.d.ts +0 -32
package/dist/esm/core/phone-auth/strategies/ts43.js +0 -157
package/dist/esm/core/phone-auth/strategies/types.d.ts +0 -18
package/dist/esm/core/phone-auth/strategies/types.js +0 -5
package/dist/esm/core/phone-auth/type-guards.d.ts +0 -143
package/dist/esm/core/phone-auth/type-guards.js +0 -185
package/dist/esm/core/phone-auth/types.d.ts +0 -237
package/dist/esm/core/phone-auth/types.js +0 -76
package/dist/esm/core/phone-auth/ui/modal.d.ts +0 -88
package/dist/esm/core/phone-auth/ui/modal.js +0 -594
package/dist/esm/core/phone-auth/validation-utils.d.ts +0 -44
package/dist/esm/core/types.d.ts +0 -62
package/dist/esm/core/version.d.ts +0 -1
package/dist/esm/core/version.js +0 -2
package/dist/esm/index.d.ts +0 -12
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55

package/dist/cjs/client/logger.js ADDED Viewed

@@ -0,0 +1,135 @@
+"use strict";
+/**
+ * Logger for Phone Authentication SDK.
+ *
+ * Provides a simple console-based logger with:
+ * - Debug mode toggle
+ * - PII sanitization
+ * - Configurable prefix
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLogger = createLogger;
+exports.createNoopLogger = createNoopLogger;
+// ============================================================================
+// PII SANITIZATION
+// ============================================================================
+/**
+ * Patterns to detect and sanitize PII.
+ */
+const PII_PATTERNS = {
+    // Phone numbers: +1234567890 or variations
+    phone: /(\+?[1-9]\d{6,14})/g,
+    // Email addresses
+    email: /([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/g,
+    // JWT tokens (three base64 segments separated by dots)
+    jwt: /(eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*)/g,
+    // Session keys (long alphanumeric strings)
+    sessionKey: /session[_-]?key["']?\s*[:=]\s*["']?([a-zA-Z0-9_-]{20,})["']?/gi,
+};
+/**
+ * Sanitize data to remove PII before logging.
+ */
+function sanitize(data) {
+    if (data === null || data === undefined) {
+        return data;
+    }
+    if (typeof data === 'string') {
+        let sanitized = data;
+        // Mask phone numbers: +1234567890 -> +1***7890
+        sanitized = sanitized.replace(PII_PATTERNS.phone, (match) => {
+            if (match.length < 8)
+                return match; // Too short to be a phone
+            const visible = 4;
+            return match.slice(0, 2) + '***' + match.slice(-visible);
+        });
+        // Mask emails: user@example.com -> u***@example.com
+        sanitized = sanitized.replace(PII_PATTERNS.email, (match) => {
+            const [local, domain] = match.split('@');
+            return local.slice(0, 1) + '***@' + domain;
+        });
+        // Mask JWTs: eyJ... -> [JWT]
+        sanitized = sanitized.replace(PII_PATTERNS.jwt, '[JWT]');
+        // Mask session keys
+        sanitized = sanitized.replace(PII_PATTERNS.sessionKey, (match, key) => {
+            return match.replace(key, key.slice(0, 4) + '***' + key.slice(-4));
+        });
+        return sanitized;
+    }
+    if (Array.isArray(data)) {
+        return data.map(sanitize);
+    }
+    if (typeof data === 'object') {
+        const sanitized = {};
+        for (const [key, value] of Object.entries(data)) {
+            // Completely mask sensitive field values
+            const sensitiveFields = ['phone_number', 'phoneNumber', 'credential', 'token', 'password', 'secret'];
+            if (sensitiveFields.some(f => key.toLowerCase().includes(f.toLowerCase()))) {
+                sanitized[key] = typeof value === 'string' ? '[REDACTED]' : value;
+            }
+            else {
+                sanitized[key] = sanitize(value);
+            }
+        }
+        return sanitized;
+    }
+    return data;
+}
+// ============================================================================
+// LOGGER IMPLEMENTATION
+// ============================================================================
+/**
+ * Create a logger instance.
+ *
+ * @example
+ * ```typescript
+ * const logger = createLogger({ debug: true });
+ * logger.debug('Preparing request', { use_case: 'GetPhoneNumber' });
+ * logger.error('Request failed', { code: 'NETWORK_ERROR' });
+ * ```
+ */
+function createLogger(config = {}) {
+    const { debug = false, prefix = '[PhoneAuth]' } = config;
+    /**
+     * Format a log message.
+     */
+    function format(message, data) {
+        const formattedMessage = `${prefix} ${message}`;
+        if (data !== undefined) {
+            const sanitizedData = sanitize(data);
+            return [formattedMessage, sanitizedData];
+        }
+        return [formattedMessage];
+    }
+    return {
+        debug(message, data) {
+            if (debug) {
+                const args = format(message, data);
+                console.debug(...args);
+            }
+        },
+        info(message, data) {
+            const args = format(message, data);
+            console.info(...args);
+        },
+        warn(message, data) {
+            const args = format(message, data);
+            console.warn(...args);
+        },
+        error(message, data) {
+            const args = format(message, data);
+            console.error(...args);
+        },
+    };
+}
+/**
+ * Create a no-op logger (silent).
+ * Useful for testing or when logging is not needed.
+ */
+function createNoopLogger() {
+    return {
+        debug: () => { },
+        info: () => { },
+        warn: () => { },
+        error: () => { },
+    };
+}

package/dist/cjs/client/phone-auth-client.js ADDED Viewed

@@ -0,0 +1,439 @@
+"use strict";
+/**
+ * Phone Authentication Client
+ *
+ * Main SDK client for phone number authentication.
+ * Supports all strategies: TS43 (Android), Link (iOS), Desktop (QR).
+ *
+ * IMPORTANT: invokeSecurePrompt must be called from a user gesture (button click)
+ * because both iOS App Clips and Android Digital Credentials API require
+ * transient activation (user interaction) to open system UI.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PhoneAuthClient = void 0;
+const core_1 = require("../core");
+const errors_1 = require("../core/errors");
+const http_1 = require("./http");
+const logger_1 = require("./logger");
+const polling_1 = require("./strategies/polling");
+const modal_1 = require("../ui/modal");
+const mobile_debug_console_1 = require("../ui/mobile-debug-console");
+class PhoneAuthClient {
+    constructor(config = {}) {
+        // Build complete config with defaults
+        this.config = {
+            ...config,
+            endpoints: {
+                prepare: config.endpoints?.prepare || '/api/magic-auth/prepare',
+                process: config.endpoints?.process || '/api/magic-auth/process',
+                polling: config.endpoints?.polling,
+            },
+            timeout: config.timeout || 30000,
+            pollingInterval: config.pollingInterval || 2000,
+            maxPollingAttempts: config.maxPollingAttempts || 30,
+            debug: config.debug || false,
+        };
+        // Use custom or default HTTP client
+        this.http = config.httpClient || (0, http_1.createHttpClient)({
+            timeout: this.config.timeout,
+            headers: config.headers,
+            dynamicHeaders: config.dynamicHeaders,
+        });
+        // Use custom or default logger
+        this.logger = config.logger || (this.config.debug
+            ? (0, logger_1.createLogger)({ debug: true })
+            : (0, logger_1.createNoopLogger)());
+        this.logger.debug('PhoneAuthClient initialized', {
+            endpoints: this.config.endpoints,
+            timeout: this.config.timeout,
+        });
+        // Initialize mobile debug console if configured
+        if (config.devtools?.showMobileConsole && typeof window !== 'undefined') {
+            mobile_debug_console_1.MobileDebugConsole.init();
+            this.logger.info('Mobile debug console enabled');
+        }
+    }
+    // ==========================================================================
+    // PUBLIC API - High-Level
+    // ==========================================================================
+    /**
+     * Complete authentication flow in one call.
+     *
+     * @example
+     * ```typescript
+     * // Get phone number
+     * const result = await client.authenticate({ use_case: 'GetPhoneNumber' });
+     * console.log(result.phone_number);
+     *
+     * // Verify phone number
+     * const result = await client.authenticate({
+     *   use_case: 'VerifyPhoneNumber',
+     *   phone_number: '+14155551234'
+     * });
+     * console.log(result.verified);
+     * ```
+     */
+    async authenticate(request, options) {
+        // Step 1: Prepare
+        const prepared = await this.prepare(request);
+        // Step 2: Invoke
+        const invokeResult = await this.invokeSecurePrompt(prepared, options);
+        // Step 3: Wait for credential and process
+        const credential = await invokeResult.credential;
+        // Determine use_case from (in priority order):
+        // 1. session.use_case (direct field)
+        // 2. session.metadata.use_case (server returns it in metadata)
+        // 3. request.use_case (fallback to original request)
+        const useCase = prepared.session.use_case
+            || prepared.session.metadata?.use_case
+            || request.use_case;
+        if (!useCase) {
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_RESPONSE, 'Could not determine use_case from session or request');
+        }
+        if (useCase === core_1.USE_CASE.VERIFY_PHONE_NUMBER) {
+            return this.verifyPhoneNumber(credential, prepared.session);
+        }
+        else {
+            return this.getPhoneNumber(credential, prepared.session);
+        }
+    }
+    // ==========================================================================
+    // PUBLIC API - Granular Steps
+    // ==========================================================================
+    /**
+     * Step 1: Prepare authentication request.
+     *
+     * Validates input and sends prepare request to backend.
+     */
+    async prepare(request) {
+        this.logger.debug('Preparing authentication', { use_case: request.use_case });
+        // Validate phone number if provided
+        if (request.phone_number) {
+            const phoneValidation = (0, core_1.validatePhoneNumber)(request.phone_number);
+            if (!phoneValidation.valid) {
+                throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_PHONE_NUMBER, phoneValidation.error);
+            }
+        }
+        // Validate PLMN if provided (deprecated)
+        if (request.plmn) {
+            const plmnValidation = (0, core_1.validatePlmn)(request.plmn);
+            if (!plmnValidation.valid) {
+                throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_PLMN, plmnValidation.error);
+            }
+        }
+        // Validate use_case is provided (unless parent_session_id is given)
+        if (!request.use_case && !request.options?.parent_session_id) {
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.MISSING_PARAMETERS, 'use_case is required');
+        }
+        // Build request with client info
+        const requestBody = {
+            ...request,
+            id: request.id || this.generateRequestId(),
+            client_info: request.client_info || {
+                user_agent: navigator.userAgent,
+                platform: navigator.platform,
+            },
+        };
+        try {
+            const response = await this.http.post(this.config.endpoints.prepare, requestBody);
+            this.logger.debug('Prepare successful', {
+                strategy: response.authentication_strategy,
+                sessionKey: response.session.session_key,
+            });
+            return response;
+        }
+        catch (error) {
+            this.logger.error('Prepare failed', error);
+            throw error;
+        }
+    }
+    /**
+     * Step 2: Invoke secure prompt for authentication.
+     *
+     * IMPORTANT: Must be called from a user gesture (button click).
+     *
+     * Returns unified InvokeResult with:
+     * - credential: Promise that resolves to AuthCredential
+     * - cancel?: Function to cancel (Link/Desktop only)
+     * - strategy: The authentication strategy used
+     * - session: Session info
+     */
+    async invokeSecurePrompt(prepared, options) {
+        const { authentication_strategy: strategy, session, data } = prepared;
+        this.logger.debug('Invoking secure prompt', { strategy });
+        switch (strategy) {
+            case core_1.AUTHENTICATION_STRATEGY.TS43:
+                return this.handleTS43(data, session);
+            case core_1.AUTHENTICATION_STRATEGY.LINK:
+                return this.handleLink(data, session, options);
+            case core_1.AUTHENTICATION_STRATEGY.DESKTOP:
+                return this.handleDesktop(data, session, options);
+            default:
+                throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.UNSUPPORTED_STRATEGY, `Unknown strategy: ${strategy}`);
+        }
+    }
+    /**
+     * Step 3A: Get phone number from credential.
+     */
+    async getPhoneNumber(credential, session) {
+        this.logger.debug('Getting phone number');
+        const requestBody = {
+            session,
+            credential: credential.credential,
+            use_case: core_1.USE_CASE.GET_PHONE_NUMBER,
+        };
+        try {
+            const response = await this.http.post(this.config.endpoints.process, requestBody);
+            this.logger.info('Phone number retrieved');
+            return response;
+        }
+        catch (error) {
+            this.logger.error('Get phone number failed', error);
+            throw error;
+        }
+    }
+    /**
+     * Step 3B: Verify phone number with credential.
+     */
+    async verifyPhoneNumber(credential, session) {
+        this.logger.debug('Verifying phone number');
+        const requestBody = {
+            session,
+            credential: credential.credential,
+            use_case: core_1.USE_CASE.VERIFY_PHONE_NUMBER,
+        };
+        try {
+            const response = await this.http.post(this.config.endpoints.process, requestBody);
+            this.logger.info('Phone number verified', { verified: response.verified });
+            return response;
+        }
+        catch (error) {
+            this.logger.error('Verify phone number failed', error);
+            throw error;
+        }
+    }
+    // ==========================================================================
+    // PUBLIC API - Utilities
+    // ==========================================================================
+    /**
+     * Check if Digital Credentials API is supported.
+     */
+    isSupported() {
+        if (typeof window === 'undefined')
+            return false;
+        return 'DigitalCredential' in window;
+    }
+    /**
+     * Get browser support info for debugging.
+     */
+    getBrowserSupportInfo() {
+        if (typeof window === 'undefined') {
+            return { supported: false, browser: 'unknown', message: 'Not in browser' };
+        }
+        const userAgent = navigator.userAgent;
+        const isChrome = /Chrome/.test(userAgent) && /Google Inc/.test(navigator.vendor);
+        const isEdge = /Edg\//.test(userAgent);
+        const supported = this.isSupported();
+        if (supported) {
+            return {
+                supported: true,
+                browser: isChrome ? 'Chrome' : isEdge ? 'Edge' : 'Other',
+            };
+        }
+        return {
+            supported: false,
+            browser: isChrome ? 'Chrome' : isEdge ? 'Edge' : 'Other',
+            message: 'Enable chrome://flags/#web-identity-digital-credentials',
+        };
+    }
+    // ==========================================================================
+    // PRIVATE - Strategy Handlers
+    // ==========================================================================
+    /**
+     * Handle TS43 strategy (Android Digital Credentials API).
+     */
+    async handleTS43(data, session) {
+        // Check browser support
+        if (!this.isSupported()) {
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.BROWSER_NOT_SUPPORTED, 'Digital Credentials API not available');
+        }
+        // Build credential request
+        const credentialRequest = {
+            digital: {
+                requests: [{
+                        protocol: data.protocol,
+                        data: data.data,
+                    }],
+            },
+        };
+        this.logger.debug('Invoking Digital Credentials API');
+        // Create credential promise
+        const credentialPromise = (async () => {
+            try {
+                const response = await navigator.credentials.get(credentialRequest);
+                const digitalResponse = response;
+                if (!digitalResponse?.data?.vp_token) {
+                    throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_RESPONSE, 'No credential returned from Digital Credentials API');
+                }
+                // Extract credential from vp_token
+                const vpToken = digitalResponse.data.vp_token;
+                const credentialValue = typeof vpToken === 'string'
+                    ? vpToken
+                    : Object.values(vpToken)[0];
+                const credential = Array.isArray(credentialValue)
+                    ? credentialValue[0]
+                    : credentialValue;
+                // Validate credential is not empty/undefined
+                if (!credential || (typeof credential === 'string' && credential.trim() === '')) {
+                    throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_RESPONSE, 'Empty credential returned from Digital Credentials API');
+                }
+                return {
+                    credential: credential,
+                    session,
+                    authenticated: true,
+                };
+            }
+            catch (error) {
+                // If it's already an AuthError, rethrow it directly
+                if ((0, errors_1.isAuthError)(error)) {
+                    throw error;
+                }
+                // Map browser errors to SDK errors
+                const err = error;
+                if (err.name === 'NotAllowedError' ||
+                    (err.name === 'NetworkError' && err.code === 19)) {
+                    throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.USER_CANCELLED, 'User cancelled authentication');
+                }
+                if (err.name === 'NotSupportedError') {
+                    throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.BROWSER_NOT_SUPPORTED, 'Browser not supported');
+                }
+                throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.NETWORK_ERROR, err.message || 'Credential request failed');
+            }
+        })();
+        // TS43 returns immediately (no cancel needed)
+        return {
+            credential: credentialPromise,
+            cancel: undefined,
+            strategy: core_1.AUTHENTICATION_STRATEGY.TS43,
+            session,
+        };
+    }
+    /**
+     * Handle Link strategy (iOS App Clips).
+     * Uses window.location.href to navigate to the App Clip.
+     */
+    handleLink(data, session, options) {
+        if (!data.url) {
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.INVALID_RESPONSE, 'Missing link URL');
+        }
+        this.logger.debug('Opening App Clip', { url: data.url });
+        // Navigate to App Clip URL (must be from user gesture)
+        // Using window.location.href for better iOS compatibility
+        window.location.href = data.url;
+        // Start polling for authentication status
+        const polling = (0, polling_1.createPollingHandler)({
+            sessionKey: session.session_key,
+            interval: options?.pollingInterval || this.config.pollingInterval,
+            maxAttempts: options?.maxPollingAttempts || this.config.maxPollingAttempts,
+            pollingEndpoint: options?.pollingEndpoint || this.config.endpoints.polling,
+            statusUrl: data.status_url,
+            logger: this.logger,
+        });
+        // Create credential promise from polling
+        const credentialPromise = polling.start().then(result => {
+            if (result.status === 'completed' && result.credential) {
+                return {
+                    credential: result.credential,
+                    session: result.session || session,
+                    authenticated: true,
+                };
+            }
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.VERIFICATION_FAILED, result.message || 'Link authentication failed');
+        });
+        return {
+            credential: credentialPromise,
+            cancel: () => polling.cancel(),
+            strategy: core_1.AUTHENTICATION_STRATEGY.LINK,
+            session,
+        };
+    }
+    /**
+     * Handle Desktop strategy (QR code).
+     */
+    handleDesktop(data, session, options) {
+        // Extract session ID for polling
+        const sessionId = data.data?.session_id || session.session_key;
+        this.logger.debug('Starting desktop authentication', { sessionId });
+        // Start polling for authentication status
+        const polling = (0, polling_1.createPollingHandler)({
+            sessionKey: sessionId,
+            interval: options?.pollingInterval || this.config.pollingInterval,
+            maxAttempts: options?.maxPollingAttempts || this.config.maxPollingAttempts,
+            pollingEndpoint: options?.pollingEndpoint || this.config.endpoints.polling,
+            statusUrl: data.data?.status_url,
+            logger: this.logger,
+        });
+        // Show modal UI if not prevented
+        let modal = null;
+        if (!options?.preventDefaultUI) {
+            try {
+                // Create QR code data from DesktopData
+                const qrData = (0, modal_1.createQRCodeDataFromDesktop)(data);
+                // Create and show modal
+                modal = new modal_1.AuthModal(options?.modalOptions);
+                modal.showQRCode(qrData, options?.modalOptions?.description || 'Scan with your phone camera');
+                // Set close callback to cancel polling
+                modal.setCloseCallback(() => {
+                    this.logger.debug('Modal closed by user, cancelling authentication');
+                    polling.cancel();
+                });
+                this.logger.debug('Desktop modal displayed');
+            }
+            catch (e) {
+                this.logger.warn('Failed to show modal, continuing with polling only', e);
+            }
+        }
+        // Create credential promise from polling
+        const credentialPromise = polling.start().then(result => {
+            // Close modal on success
+            if (modal) {
+                modal.close();
+            }
+            if (result.status === 'completed' && result.credential) {
+                return {
+                    credential: result.credential,
+                    session: result.session || session,
+                    authenticated: true,
+                };
+            }
+            throw (0, errors_1.createAuthError)(errors_1.ERROR_CODES.VERIFICATION_FAILED, result.message || 'Desktop authentication failed');
+        }).catch(error => {
+            // Close modal on error
+            if (modal) {
+                modal.close();
+            }
+            throw error;
+        });
+        return {
+            credential: credentialPromise,
+            cancel: () => {
+                polling.cancel();
+                if (modal) {
+                    modal.close();
+                }
+            },
+            strategy: core_1.AUTHENTICATION_STRATEGY.DESKTOP,
+            session,
+        };
+    }
+    // ==========================================================================
+    // PRIVATE - Utilities
+    // ==========================================================================
+    /**
+     * Generate a unique request ID.
+     */
+    generateRequestId() {
+        return `web-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
+    }
+}
+exports.PhoneAuthClient = PhoneAuthClient;