@junobuild/ic-client 3.1.3 → 3.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/actor.js +1 -1
  2. package/actor.js.map +3 -3
  3. package/actor.mjs +1 -1
  4. package/actor.mjs.map +3 -3
  5. package/declarations/satellite/satellite.factory.certified.did.js +13 -2
  6. package/declarations/satellite/satellite.factory.did.js +13 -2
  7. package/declarations/satellite/satellite.factory.did.mjs +13 -2
  8. package/declarations/sputnik/sputnik.factory.certified.did.js +13 -2
  9. package/declarations/sputnik/sputnik.factory.did.js +13 -2
  10. package/package.json +1 -1
  11. package/webauthn.js +1 -1
  12. package/webauthn.js.map +3 -3
  13. package/webauthn.mjs +1 -1
  14. package/webauthn.mjs.map +3 -3
package/webauthn.mjs.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["src/webauthn/aaguid.ts", "src/webauthn/agent-js/cose-utils.ts", "src/webauthn/agent-js/cose-key.ts", "src/webauthn/credential.ts", "src/webauthn/errors.ts", "src/webauthn/identity.ts", "src/webauthn/_constants.ts", "src/webauthn/_options.ts", "src/webauthn/_progress.ts", "src/webauthn/types/progress.ts", "src/webauthn/utils.ts"],
4
- "sourcesContent": ["import {uint8ArrayToArrayOfNumber} from '@dfinity/utils';\n\n/**\n * Extracts the AAGUID (Authenticator Attestation GUID) from a WebAuthn data buffer.\n *\n * The AAGUID is a 16-byte value located at offsets 37..53 within `authenticatorData`\n * when **attested credential data** is present (i.e., during registration/attestation).\n *\n * For assertion (sign-in) responses, `authenticatorData` is typically 37 bytes and\n * does not include an AAGUID.\n *\n * If the extracted value is all zeros (`00000000-0000-0000-0000-000000000000`),\n * this function returns `{ unknownProvider: null }` since some passkey providers\n * intentionally use a zero AAGUID.\n *\n * @param {Object} params\n * @param {Uint8Array} params.authData - The WebAuthn `authenticatorData` bytes.\n * @returns {{aaguid: string; bytes: Uint8Array} | {invalidAuthData: null} | {unknownProvider: null}}\n * - { aaguidText, aaguidBytes } for valid AAGUID\n * - { unknownProvider: null } for all-zero AAGUID\n * - { invalidAuthData: null } if `authData` is invalid (too short, too long, etc.)\n *\n * @see https://web.dev/articles/webauthn-aaguid\n */\nexport const extractAAGUID = ({\n authData\n}: {\n authData: Uint8Array;\n}):\n | {aaguidText: string; aaguidBytes: Uint8Array}\n | {invalidAuthData: null}\n | {unknownProvider: null} => {\n if (authData.byteLength < 37) {\n return {invalidAuthData: null};\n }\n\n if (authData.byteLength < 53) {\n return {invalidAuthData: null};\n }\n\n const bytes = authData.slice(37, 53);\n\n const result = bytesToAAGUID({bytes});\n\n if ('aaguid' in result) {\n return {aaguidBytes: bytes, aaguidText: result.aaguid};\n }\n\n return {unknownProvider: null};\n};\n\n/**\n * Convert 16 AAGUID bytes to canonical UUID string (lowercase, hyphenated).\n *\n * Returns:\n * - { aaguid } for non-zero AAGUIDs\n * - { unknownProvider: null } for all-zero AAGUID\n * - { invalidBytes: null } if length \u2260 16\n *\n * @param {{bytes: Uint8Array | number[]}} params\n * @returns {{aaguid: string} | {invalidBytes: null} | {unknownProvider: null}}\n */\nexport const bytesToAAGUID = ({\n bytes\n}: {\n bytes: Uint8Array | number[];\n}): {aaguid: string} | {invalidBytes: null} | {unknownProvider: null} => {\n if (bytes.length !== 16) {\n return {invalidBytes: null};\n }\n\n const hex = (bytes instanceof Uint8Array ? uint8ArrayToArrayOfNumber(bytes) : bytes)\n .map((byte) => byte.toString(16).padStart(2, '0'))\n .join('');\n\n const aaguid = hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, '$1-$2-$3-$4-$5');\n\n // \"00000000-0000-0000-0000-0000000000000\" represents an unknown passkey provider. Some passkey providers use this AAGUID intentionally.\n // Source: https://web.dev/articles/webauthn-aaguid\n if (aaguid === '00000000-0000-0000-0000-000000000000') {\n return {unknownProvider: null};\n }\n\n return {aaguid};\n};\n", "import {DER_COSE_OID, wrapDER, type DerEncodedPublicKey} from '@dfinity/agent';\n\n/**\n * \u26A0\uFE0F !!!WARNING!!! \u26A0\uFE0F\n * This module is a copy/paste of the webauthn functions not exposed by Agent-js.\n * It is therefore not covered by any tests (\u203C\uFE0F) in this library.\n *\n * @see https://github.com/dfinity/agent-js/blob/main/packages/identity/src/identity/webauthn.ts\n */\n\n/**\n * From the documentation;\n * The authData is a byte array described in the spec. Parsing it will involve slicing bytes from\n * the array and converting them into usable objects.\n *\n * See https://webauthn.guide/#registration (subsection \"Example: Parsing the authenticator data\").\n * @param authData The authData field of the attestation response.\n * @returns The COSE key of the authData.\n */\nexport function _authDataToCose(authData: Uint8Array): Uint8Array {\n const dataView = new DataView(new ArrayBuffer(2));\n const idLenBytes = authData.slice(53, 55);\n [...new Uint8Array(idLenBytes)].forEach((v, i) => dataView.setUint8(i, v));\n const credentialIdLength = dataView.getUint16(0);\n\n // Get the public key object.\n return authData.slice(55 + credentialIdLength);\n}\n\nexport function _coseToDerEncodedBlob(cose: Uint8Array): DerEncodedPublicKey {\n return wrapDER(cose, DER_COSE_OID) as DerEncodedPublicKey;\n}\n", "import type {DerEncodedPublicKey} from '@dfinity/agent';\nimport type {PublicKeyWithToRaw} from '../types/identity';\nimport {_coseToDerEncodedBlob} from './cose-utils';\n\n/**\n * \u26A0\uFE0F !!!WARNING!!! \u26A0\uFE0F\n * This module is a copy/paste of the webauthn classes not exposed by Agent-js\n * extended with mandatory toRaw() and encodedKey made private.\n * It is therefore not covered by that many tests (\u203C\uFE0F) in this library.\n *\n * @see https://github.com/dfinity/agent-js/blob/main/packages/identity/src/identity/webauthn.ts\n */\n\n/**\n * COSE-encoded key (CBOR Object Signing and Encryption).\n * serialized as a Uint8Array.\n */\nexport type CoseEncodedKey = Uint8Array;\n\nexport class CosePublicKey implements PublicKeyWithToRaw {\n readonly #encodedKey: DerEncodedPublicKey;\n\n public constructor(protected _cose: CoseEncodedKey) {\n this.#encodedKey = _coseToDerEncodedBlob(_cose);\n }\n\n public toDer(): DerEncodedPublicKey {\n return this.#encodedKey;\n }\n\n public toRaw(): Uint8Array {\n return new Uint8Array(this.#encodedKey); // Strip __derEncodedPublicKey__\n }\n}\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {extractAAGUID} from './aaguid';\nimport {type CoseEncodedKey, CosePublicKey} from './agent-js/cose-key';\nimport type {PublicKeyWithToRaw} from './types/identity';\n\n/**\n * Arguments to initialize a WebAuthn object.\n */\nexport interface InitWebAuthnCredentialArgs {\n /**\n * The credential ID (authenticator\u2019s `rawId`) as bytes.\n */\n rawId: Uint8Array;\n\n /**\n * COSE-encoded public key extracted from attestation/authData.\n */\n cose: CoseEncodedKey;\n}\n\nexport interface InitWebAuthnNewCredentialArgs extends InitWebAuthnCredentialArgs {\n /**\n * The authenticator data from the attestation.\n */\n authData: Uint8Array;\n}\n\n/**\n * A wrapper around a WebAuthn credential that provides various base information such as its ID or public key.\n */\nexport abstract class WebAuthnCredential {\n readonly #credentialId: Uint8Array;\n readonly #publicKey: CosePublicKey;\n\n /**\n * @param args - {@link InitWebAuthnCredentialArgs} used to initialize the credential.\n * @param args.rawId - Credential ID (`rawId`) as bytes.\n * @param args.cose - COSE-encoded public key.\n */\n constructor({rawId: credentialId, cose}: InitWebAuthnCredentialArgs) {\n this.#credentialId = credentialId;\n this.#publicKey = new CosePublicKey(cose);\n }\n\n /**\n * Returns the public key for this credential.\n */\n getPublicKey(): PublicKeyWithToRaw {\n return this.#publicKey;\n }\n\n /**\n * Returns the credential ID as bytes.\n */\n getCredentialId(): Uint8Array {\n return this.#credentialId;\n }\n\n /**\n * Returns the credential ID as textual representation (a base64 string).\n */\n getCredentialIdText(): string {\n return uint8ArrayToBase64(this.#credentialId);\n }\n}\n\n/**\n * A wrapper around a newly created WebAuthn credential.\n * It is created using `navigator.credentials.create` which provides an attestation.\n */\nexport class WebAuthnNewCredential extends WebAuthnCredential {\n readonly #aaguidText: string | undefined;\n readonly #aaguidBytes: Uint8Array | undefined;\n\n /**\n * @param args - {@link InitWebAuthnNewCredentialArgs} used to initialize the credential.\n * @param args.rawId - Credential ID (`rawId`) as bytes.\n * @param args.cose - COSE-encoded public key.\n * @params args.authData - Authenticator data from the attestation.\n */\n constructor({authData, ...rest}: InitWebAuthnNewCredentialArgs) {\n super(rest);\n\n const optionAaguid = extractAAGUID({authData});\n this.#aaguidText = 'aaguidText' in optionAaguid ? optionAaguid.aaguidText : undefined;\n this.#aaguidBytes = 'aaguidBytes' in optionAaguid ? optionAaguid.aaguidBytes : undefined;\n }\n\n /**\n * Returns AAGUID (Authenticator Attestation GUID).\n */\n getAAGUID(): Uint8Array | undefined {\n return this.#aaguidBytes;\n }\n\n /**\n * Returns the textual representation of the AAGUID (Authenticator Attestation GUID).\n */\n getAAGUIDText(): string | undefined {\n return this.#aaguidText;\n }\n}\n\n/**\n * A wrapper around a retrieval of existing WebAuthn credential.\n * It is created using `navigator.credentials.get` which provides an assertion.\n */\nexport class WebAuthnExistingCredential extends WebAuthnCredential {}\n", "export class WebAuthnIdentityHostnameError extends Error {}\nexport class WebAuthnIdentityCredentialNotInitializedError extends Error {}\nexport class WebAuthnIdentityCreateCredentialOnTheDeviceError extends Error {}\nexport class WebAuthnIdentityCredentialNotPublicKeyError extends Error {}\nexport class WebAuthnIdentityNoAttestationError extends Error {}\nexport class WebAuthnIdentityInvalidCredentialIdError extends Error {}\nexport class WebAuthnIdentityEncodeCborSignatureError extends Error {}\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse/authenticatorData\nexport class WebAuthnIdentityNoAuthenticatorDataError extends Error {}\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse/signature\nexport class WebAuthnIdentityNoSignatureError extends Error {}\n", "import {Cbor, type Signature, SignIdentity} from '@dfinity/agent';\nimport {arrayBufferToUint8Array, isNullish, uint8ArraysEqual} from '@dfinity/utils';\nimport {AUTHENTICATOR_ABORT_TIMEOUT} from './_constants';\nimport {createPasskeyOptions, retrievePasskeyOptions} from './_options';\nimport {execute} from './_progress';\nimport {_authDataToCose} from './agent-js/cose-utils';\nimport {\n type InitWebAuthnNewCredentialArgs,\n type WebAuthnCredential,\n WebAuthnExistingCredential,\n WebAuthnNewCredential\n} from './credential';\nimport {\n WebAuthnIdentityCreateCredentialOnTheDeviceError,\n WebAuthnIdentityCredentialNotInitializedError,\n WebAuthnIdentityCredentialNotPublicKeyError,\n WebAuthnIdentityEncodeCborSignatureError,\n WebAuthnIdentityInvalidCredentialIdError,\n WebAuthnIdentityNoAttestationError,\n WebAuthnIdentityNoAuthenticatorDataError\n} from './errors';\nimport type {\n AuthenticatorOptions,\n CreateWebAuthnIdentityWithExistingCredentialArgs,\n CreateWebAuthnIdentityWithNewCredentialArgs,\n PublicKeyWithToRaw,\n RetrievePublicKeyFn\n} from './types/identity';\nimport type {PasskeyOptions} from './types/passkey';\nimport {\n type WebAuthnSignProgressArgs,\n type WebAuthnSignProgressFn,\n WebAuthnSignProgressStep\n} from './types/progress';\n\ntype PublicKeyCredentialWithAttachment = Omit<PublicKeyCredential, 'response'> & {\n response: AuthenticatorAssertionResponse & {\n attestationObject?: ArrayBuffer;\n };\n};\n\nconst createAbortSignal = ({\n timeout\n}: Pick<AuthenticatorOptions<PasskeyOptions>, 'timeout'>): AbortSignal =>\n AbortSignal.timeout(timeout ?? AUTHENTICATOR_ABORT_TIMEOUT);\n\nconst retrieveCredentials = async ({\n challenge,\n credentialIds,\n passkeyOptions,\n timeout\n}: {\n challenge: Uint8Array;\n credentialIds?: Uint8Array[];\n} & AuthenticatorOptions<PasskeyOptions>): Promise<Credential | null> =>\n await navigator.credentials.get({\n publicKey: {\n ...retrievePasskeyOptions(passkeyOptions),\n challenge: challenge.buffer as BufferSource,\n allowCredentials: (credentialIds ?? []).map((id) => ({\n id: id.buffer as BufferSource,\n type: 'public-key'\n }))\n },\n signal: createAbortSignal({timeout})\n });\n\ntype WebAuthnState<T extends WebAuthnCredential> =\n | {status: 'pending'; retrievePublicKey: RetrievePublicKeyFn}\n | {status: 'initialized'; credential: T};\n\nconst assertWebAuthnStateInitialized: <T extends WebAuthnCredential>(\n state: WebAuthnState<T>\n) => asserts state is {\n status: 'initialized';\n credential: T;\n} = <T extends WebAuthnCredential>(state: WebAuthnState<T>): void => {\n if (state.status !== 'initialized') {\n throw new WebAuthnIdentityCredentialNotInitializedError();\n }\n};\n\nconst assertNonNullishCredential: (\n credential: Credential | null\n) => asserts credential is Credential = (credential: Credential | null): void => {\n if (isNullish(credential)) {\n throw new WebAuthnIdentityCreateCredentialOnTheDeviceError();\n }\n};\n\nconst assertCredentialPublicKey: (\n credential: Credential\n) => asserts credential is PublicKeyCredentialWithAttachment = ({type}: Credential): void => {\n if (type !== 'public-key') {\n throw new WebAuthnIdentityCredentialNotPublicKeyError();\n }\n};\n\n/**\n * A signing identity for the Internet Computer, backed by a WebAuthn credential.\n *\n * Use one of the factory methods to construct an instance:\n * - {@link WebAuthnIdentity.createWithNewCredential} to create a new passkey on the device.\n * - {@link WebAuthnIdentity.createWithExistingCredential} to use an existing passkey.\n *\n * @template T Concrete credential type for this identity\n * ({@link WebAuthnNewCredential} or {@link WebAuthnExistingCredential}).\n */\nexport class WebAuthnIdentity<T extends WebAuthnCredential> extends SignIdentity {\n readonly #onSignProgress: WebAuthnSignProgressFn | undefined;\n #state: WebAuthnState<T>;\n\n /**\n * @hidden Use the factory methods instead.\n *\n * Initializes the identity in either:\n * - **pending** state (existing-credential path; public key not yet known), or\n * - **initialized** state (new-credential path; public key known immediately).\n *\n * @private\n */\n private constructor({\n onProgress,\n ...args\n }: WebAuthnSignProgressArgs &\n (\n | InitWebAuthnNewCredentialArgs\n | Pick<CreateWebAuthnIdentityWithExistingCredentialArgs, 'retrievePublicKey'>\n )) {\n super();\n\n this.#onSignProgress = onProgress;\n\n if ('retrievePublicKey' in args) {\n const {retrievePublicKey} = args;\n\n this.#state = {\n status: 'pending',\n retrievePublicKey\n };\n\n return;\n }\n\n this.#state = WebAuthnIdentity.#createInitializedState({\n credential: new WebAuthnNewCredential(args)\n });\n }\n\n static #createInitializedState<T extends WebAuthnCredential>({\n credential\n }: {\n credential: WebAuthnNewCredential | WebAuthnExistingCredential;\n }): WebAuthnState<T> {\n return {\n status: 'initialized',\n credential: credential as T\n };\n }\n\n /**\n * Creates a new passkey on the device and returns an initialized identity.\n *\n * If you chain `create` and `sign`, the user will be prompted twice to authenticate\n * with their authenticator. You can track progress via the `onProgress` callback.\n *\n * @param args {@link CreateWebAuthnIdentityWithNewCredentialArgs} Options to create the passkey.\n * @returns A {@link WebAuthnIdentity} parameterized with {@link WebAuthnNewCredential}.\n */\n static async createWithNewCredential({\n passkeyOptions,\n timeout,\n ...restArgs\n }: CreateWebAuthnIdentityWithNewCredentialArgs = {}): Promise<\n WebAuthnIdentity<WebAuthnNewCredential>\n > {\n const credential = await navigator.credentials.create({\n publicKey: createPasskeyOptions(passkeyOptions),\n signal: createAbortSignal({timeout})\n });\n\n assertNonNullishCredential(credential);\n assertCredentialPublicKey(credential);\n\n const {\n response: {attestationObject},\n rawId\n } = credential;\n\n if (isNullish(attestationObject)) {\n throw new WebAuthnIdentityNoAttestationError();\n }\n\n // We have to parse the attestationObject as CBOR to ultimately retrieve the public key.\n // Similar as what's implemented in AgentJS.\n const {authData} = Cbor.decode<{authData: Uint8Array}>(\n arrayBufferToUint8Array(attestationObject)\n );\n\n const cose = _authDataToCose(authData);\n\n return new WebAuthnIdentity<WebAuthnNewCredential>({\n ...restArgs,\n rawId: arrayBufferToUint8Array(rawId),\n cose,\n authData\n });\n }\n\n /**\n * Creates an identity for an existing passkey.\n *\n * @param args {@link CreateWebAuthnIdentityWithExistingCredentialArgs} Options to retrieve the passkey.\n * @returns A {@link WebAuthnIdentity} parameterized with {@link WebAuthnExistingCredential}.\n */\n // We use async for consistency reason and because it might be future prone.\n // eslint-disable-next-line require-await\n static async createWithExistingCredential(\n args: CreateWebAuthnIdentityWithExistingCredentialArgs\n ): Promise<WebAuthnIdentity<WebAuthnExistingCredential>> {\n return new WebAuthnIdentity<WebAuthnExistingCredential>(args);\n }\n\n /**\n * Returns the credential\u2019s public key.\n *\n * @returns {PublicKey}\n * @throws WebAuthnIdentityCredentialNotInitializedError if the identity has not signed\n * any request yet.\n */\n override getPublicKey(): PublicKeyWithToRaw {\n assertWebAuthnStateInitialized(this.#state);\n\n const {credential} = this.#state;\n\n return credential.getPublicKey();\n }\n\n /**\n * Returns the concrete credential wrapper for this identity.\n *\n * For identities created with:\n * - `createWithNewCredential` \u2192 {@link WebAuthnNewCredential}\n * - `createWithExistingCredential` \u2192 {@link WebAuthnExistingCredential}\n *\n * @throws WebAuthnIdentityCredentialNotInitializedError if the identity has not signed\n * any request yet.\n */\n getCredential(): T {\n assertWebAuthnStateInitialized(this.#state);\n\n const {credential} = this.#state;\n\n return credential;\n }\n\n /**\n * Signs an arbitrary blob using the platform authenticator.\n *\n * @param blob Bytes to sign (used as the WebAuthn challenge).\n * @returns {Promise<Signature>} CBOR-encoded signature payload.\n */\n override async sign(blob: Uint8Array): Promise<Signature> {\n // 1. Request user credential (navigator.credentials.get)\n const requestCredential = async (): Promise<PublicKeyCredential> => {\n const credential = await retrieveCredentials({\n challenge: blob,\n ...(this.#state.status === 'initialized' && {\n credentialIds: [this.#state.credential.getCredentialId()]\n })\n });\n\n assertNonNullishCredential(credential);\n assertCredentialPublicKey(credential);\n\n return credential;\n };\n\n const credential = await execute({\n fn: requestCredential,\n step: WebAuthnSignProgressStep.RequestingUserCredential,\n onProgress: this.#onSignProgress\n });\n\n // 2. Assert credential ID if already initialized or load public key from backend and init state\n const finalizingCredential = async () => {\n const {rawId} = credential;\n\n // If the state was already initialized - credentials.create - then we \"only\"\n // assert that the rawId retrieved by credentials.get is equals to the one already known.\n if (this.#state.status === 'initialized') {\n if (\n !uint8ArraysEqual({\n a: this.#state.credential.getCredentialId(),\n b: arrayBufferToUint8Array(rawId)\n })\n ) {\n throw new WebAuthnIdentityInvalidCredentialIdError();\n }\n\n return;\n }\n\n // If the state was pending, we need to retrieve the public key for the credential\n // that was saved during a previous sign-up\n // because credentials.get does not provide an attestation.\n const {retrievePublicKey} = this.#state;\n\n const cose = await retrievePublicKey({\n credentialId: arrayBufferToUint8Array(rawId)\n });\n\n this.#state = WebAuthnIdentity.#createInitializedState({\n credential: new WebAuthnExistingCredential({\n rawId: arrayBufferToUint8Array(rawId),\n cose\n })\n });\n };\n\n await execute({\n fn: finalizingCredential,\n step: WebAuthnSignProgressStep.FinalizingCredential,\n onProgress: this.#onSignProgress\n });\n\n // 3. Sign the request\n // eslint-disable-next-line require-await\n const encodeSignature = async (): Promise<Signature> => {\n const {response} = credential;\n\n const {clientDataJSON} = response;\n\n // Only the response of type AuthenticatorAssertionResponse provides authenticatorData and signature\n // which is the type of response we are expecting.\n const {authenticatorData, signature} =\n 'authenticatorData' in response && 'signature' in response\n ? (response as AuthenticatorAssertionResponse)\n : {};\n\n if (isNullish(authenticatorData)) {\n throw new WebAuthnIdentityNoAuthenticatorDataError();\n }\n\n if (isNullish(signature)) {\n throw new WebAuthnIdentityNoAuthenticatorDataError();\n }\n\n const encoded = Cbor.encode({\n authenticator_data: authenticatorData,\n client_data_json: new TextDecoder().decode(clientDataJSON),\n signature: arrayBufferToUint8Array(signature)\n });\n\n if (isNullish(encoded)) {\n throw new WebAuthnIdentityEncodeCborSignatureError();\n }\n\n // Similar as AgentJS code.\n Object.assign(encoded, {\n __signature__: undefined\n });\n\n return encoded as Signature;\n };\n\n return await execute({\n fn: encodeSignature,\n step: WebAuthnSignProgressStep.Signing,\n onProgress: this.#onSignProgress\n });\n }\n}\n", "// See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for a complete\n// list of these algorithms. We only list the ones we support here.\n//\n// According Google tutorial, https://web.dev/articles/passkey-registration, specifying\n// support for ECDSA with P-256 (-7) and RSA PKCS#1 (-257) gives complete coverage.\nexport const PUBLIC_KEY_COSE_ALGORITHMS = {\n ECDSA_WITH_SHA256: -7,\n RSA_WITH_SHA256: -257\n};\n\nexport const AUTHENTICATOR_ABORT_TIMEOUT = 60000;\n", "import {isNullish} from '@dfinity/utils';\nimport {PUBLIC_KEY_COSE_ALGORITHMS} from './_constants';\nimport {WebAuthnIdentityHostnameError} from './errors';\nimport type {CreatePasskeyOptions, PasskeyOptions} from './types/passkey';\n\nconst randomValue = (): BufferSource => window.crypto.getRandomValues(new Uint8Array(16));\n\n/**\n * When creating a passkey, the challenge can simply be a random value.\n * Since the server doesn\u2019t need to verify the authenticity of the key,\n * it doesn\u2019t have to generate the challenge itself.\n *\n * In contrast, when signing a request with our credentials,\n * the request itself becomes the data (blob), the challenge, that must be signed.\n */\nconst createChallenge = (): BufferSource => randomValue();\n\n/**\n * The user ID is set to a random value, which holds little relevance\n * for the end user beyond being unique.\n *\n * Ultimately, once signed in, the user's actual identifier will be\n * the public key (principal) of the identity used to interact with the IC.\n */\nconst createUserId = (): BufferSource => randomValue();\n\nconst hostname = (): string => {\n const {\n location: {href}\n } = window;\n\n const url = URL.parse(href);\n\n if (isNullish(url)) {\n throw new WebAuthnIdentityHostnameError();\n }\n\n const {hostname} = url;\n\n return hostname;\n};\n\nconst relyingPartyId = ({appId}: Pick<PasskeyOptions, 'appId'>): string => appId?.id ?? hostname();\n\nexport const createPasskeyOptions = ({\n appId,\n user: userOptions\n}: CreatePasskeyOptions = {}): PublicKeyCredentialCreationOptions => {\n const {\n document: {title: name}\n } = window;\n\n const relyingParty = (): Pick<PublicKeyCredentialCreationOptions, 'rp'> => ({\n rp: {\n // Note: deprecated in WebAuthn L3\n name: appId?.name ?? name,\n id: relyingPartyId({appId})\n }\n });\n\n const user = (): Pick<PublicKeyCredentialCreationOptions, 'user'> => ({\n user: {\n id: createUserId(),\n name: userOptions?.name ?? userOptions?.displayName ?? name,\n displayName: userOptions?.displayName ?? name\n }\n });\n\n return {\n // We want to receive the attestation statement as generated by the authenticator\n attestation: 'direct',\n challenge: createChallenge(),\n ...relyingParty(),\n ...user(),\n pubKeyCredParams: Object.values(PUBLIC_KEY_COSE_ALGORITHMS).map((algorithm) => ({\n type: 'public-key',\n alg: algorithm\n })),\n excludeCredentials: [],\n authenticatorSelection: {\n // At least for now, we want a simplified flow and therefore indicates that we want a\n // platform authenticator ((an authenticator embedded to the platform device).\n authenticatorAttachment: 'platform',\n userVerification: 'preferred',\n // Along with requireResidentKey, make passkey discoverable,\n residentKey: 'required',\n requireResidentKey: true\n }\n };\n};\n\nexport const retrievePasskeyOptions = (\n options: PasskeyOptions = {}\n): Omit<PublicKeyCredentialRequestOptions, 'challenge'> => ({\n rpId: relyingPartyId(options),\n allowCredentials: [],\n userVerification: 'required'\n});\n", "import type {WebAuthnSignProgress, WebAuthnSignProgressArgs} from './types/progress';\n\nexport const execute = async <T>({\n fn,\n step,\n onProgress\n}: {\n fn: () => Promise<T>;\n} & Pick<WebAuthnSignProgress, 'step'> &\n WebAuthnSignProgressArgs): Promise<T> => {\n onProgress?.({\n step,\n state: 'in_progress'\n });\n\n try {\n const result = await fn();\n\n onProgress?.({\n step,\n state: 'success'\n });\n\n return result;\n } catch (err: unknown) {\n onProgress?.({\n step,\n state: 'error'\n });\n\n throw err;\n }\n};\n", "/**\n * Progress steps in the WebAuthn signing flow.\n */\nexport enum WebAuthnSignProgressStep {\n /** Calling `navigator.credentials.get` to obtain an assertion. */\n RequestingUserCredential,\n /** Verifying/initializing the credential (e.g., ID match, loading public key). */\n FinalizingCredential,\n /** Producing the signature and encoding the result. */\n Signing\n}\n\n/**\n * Status of the current step.\n */\nexport type WebAuthnSignProgressState = 'in_progress' | 'success' | 'error';\n\n/**\n * Payload emitted on progress updates.\n */\nexport interface WebAuthnSignProgress {\n /** The step being executed. */\n step: WebAuthnSignProgressStep;\n /** State of that step. */\n state: WebAuthnSignProgressState;\n}\n\n/**\n * Callback invoked on each progress update.\n */\nexport type WebAuthnSignProgressFn = (progress: WebAuthnSignProgress) => void;\n\n/**\n * Optional handler for progress updates.\n */\nexport interface WebAuthnSignProgressArgs {\n onProgress?: WebAuthnSignProgressFn;\n}\n", "import {nonNullish} from '@dfinity/utils';\n\n/**\n * Checks if a user-verifying platform authenticator (passkeys) is available on this device / browser.\n *\n * Returns `true` when:\n * 1) `window.PublicKeyCredential` exists, and\n * 2) the browser reports a user-verifying **platform** authenticator is available\n * (e.g., Touch ID, Windows Hello, Android biometrics/PIN).\n *\n * @returns {Promise<boolean>} `true` if an authenticator is available, otherwise `false`.\n */\nexport const isWebAuthnAvailable = async (): Promise<boolean> => {\n if (\n nonNullish(window.PublicKeyCredential) &&\n 'isUserVerifyingPlatformAuthenticatorAvailable' in PublicKeyCredential\n ) {\n return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();\n }\n\n return false;\n};\n"],
5
- "mappings": ";;AAAA,OAAQ,6BAAAA,MAAgC,iBAwBjC,IAAMC,EAAgB,CAAC,CAC5B,SAAAC,CACF,IAK+B,CAC7B,GAAIA,EAAS,WAAa,GACxB,MAAO,CAAC,gBAAiB,IAAI,EAG/B,GAAIA,EAAS,WAAa,GACxB,MAAO,CAAC,gBAAiB,IAAI,EAG/B,IAAMC,EAAQD,EAAS,MAAM,GAAI,EAAE,EAE7BE,EAASC,EAAc,CAAC,MAAAF,CAAK,CAAC,EAEpC,MAAI,WAAYC,EACP,CAAC,YAAaD,EAAO,WAAYC,EAAO,MAAM,EAGhD,CAAC,gBAAiB,IAAI,CAC/B,EAaaC,EAAgB,CAAC,CAC5B,MAAAF,CACF,IAEyE,CACvE,GAAIA,EAAM,SAAW,GACnB,MAAO,CAAC,aAAc,IAAI,EAO5B,IAAMG,GAJOH,aAAiB,WAAaH,EAA0BG,CAAK,EAAIA,GAC3E,IAAKI,GAASA,EAAK,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAChD,KAAK,EAAE,EAES,QAAQ,oCAAqC,gBAAgB,EAIhF,OAAID,IAAW,uCACN,CAAC,gBAAiB,IAAI,EAGxB,CAAC,OAAAA,CAAM,CAChB,ECpFA,OAAQ,gBAAAE,EAAc,WAAAC,MAAwC,iBAmBvD,SAASC,EAAgBC,EAAkC,CAChE,IAAMC,EAAW,IAAI,SAAS,IAAI,YAAY,CAAC,CAAC,EAC1CC,EAAaF,EAAS,MAAM,GAAI,EAAE,EACxC,CAAC,GAAG,IAAI,WAAWE,CAAU,CAAC,EAAE,QAAQ,CAACC,EAAGC,IAAMH,EAAS,SAASG,EAAGD,CAAC,CAAC,EACzE,IAAME,EAAqBJ,EAAS,UAAU,CAAC,EAG/C,OAAOD,EAAS,MAAM,GAAKK,CAAkB,CAC/C,CAEO,SAASC,EAAsBC,EAAuC,CAC3E,OAAOT,EAAQS,EAAMV,CAAY,CACnC,CCZO,IAAMW,EAAN,KAAkD,CAGhD,YAAsBC,EAAuB,CAAvB,WAAAA,EAC3B,KAAKC,GAAcC,EAAsBF,CAAK,CAChD,CAJSC,GAMF,OAA6B,CAClC,OAAO,KAAKA,EACd,CAEO,OAAoB,CACzB,OAAO,IAAI,WAAW,KAAKA,EAAW,CACxC,CACF,ECjCA,OAAQ,sBAAAE,MAAyB,iBA8B1B,IAAeC,EAAf,KAAkC,CAC9BC,GACAC,GAOT,YAAY,CAAC,MAAOC,EAAc,KAAAC,CAAI,EAA+B,CACnE,KAAKH,GAAgBE,EACrB,KAAKD,GAAa,IAAIG,EAAcD,CAAI,CAC1C,CAKA,cAAmC,CACjC,OAAO,KAAKF,EACd,CAKA,iBAA8B,CAC5B,OAAO,KAAKD,EACd,CAKA,qBAA8B,CAC5B,OAAOK,EAAmB,KAAKL,EAAa,CAC9C,CACF,EAMaM,EAAN,cAAoCP,CAAmB,CACnDQ,GACAC,GAQT,YAAY,CAAC,SAAAC,EAAU,GAAGC,CAAI,EAAkC,CAC9D,MAAMA,CAAI,EAEV,IAAMC,EAAeC,EAAc,CAAC,SAAAH,CAAQ,CAAC,EAC7C,KAAKF,GAAc,eAAgBI,EAAeA,EAAa,WAAa,OAC5E,KAAKH,GAAe,gBAAiBG,EAAeA,EAAa,YAAc,MACjF,CAKA,WAAoC,CAClC,OAAO,KAAKH,EACd,CAKA,eAAoC,CAClC,OAAO,KAAKD,EACd,CACF,EAMaM,EAAN,cAAyCd,CAAmB,CAAC,EC3G7D,IAAMe,EAAN,cAA4C,KAAM,CAAC,EAC7CC,EAAN,cAA4D,KAAM,CAAC,EAC7DC,EAAN,cAA+D,KAAM,CAAC,EAChEC,EAAN,cAA0D,KAAM,CAAC,EAC3DC,EAAN,cAAiD,KAAM,CAAC,EAClDC,EAAN,cAAuD,KAAM,CAAC,EACxDC,EAAN,cAAuD,KAAM,CAAC,EAExDC,EAAN,cAAuD,KAAM,CAAC,EAExDC,EAAN,cAA+C,KAAM,CAAC,ECV7D,OAAQ,QAAAC,EAAsB,gBAAAC,MAAmB,iBACjD,OAAQ,2BAAAC,EAAyB,aAAAC,EAAW,oBAAAC,MAAuB,iBCI5D,IAAMC,EAA6B,CACxC,kBAAmB,GACnB,gBAAiB,IACnB,EAEaC,EAA8B,ICV3C,OAAQ,aAAAC,MAAgB,iBAKxB,IAAMC,EAAc,IAAoB,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAUlFC,EAAkB,IAAoBD,EAAY,EASlDE,EAAe,IAAoBF,EAAY,EAE/CG,EAAW,IAAc,CAC7B,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEEC,EAAM,IAAI,MAAMD,CAAI,EAE1B,GAAIE,EAAUD,CAAG,EACf,MAAM,IAAIE,EAGZ,GAAM,CAAC,SAAAJ,CAAQ,EAAIE,EAEnB,OAAOF,CACT,EAEMK,EAAiB,CAAC,CAAC,MAAAC,CAAK,IAA6CA,GAAO,IAAMN,EAAS,EAEpFO,EAAuB,CAAC,CACnC,MAAAD,EACA,KAAME,CACR,EAA0B,CAAC,IAA0C,CACnE,GAAM,CACJ,SAAU,CAAC,MAAOC,CAAI,CACxB,EAAI,OAEEC,EAAe,KAAuD,CAC1E,GAAI,CAEF,KAAMJ,GAAO,MAAQG,EACrB,GAAIJ,EAAe,CAAC,MAAAC,CAAK,CAAC,CAC5B,CACF,GAEMK,EAAO,KAAyD,CACpE,KAAM,CACJ,GAAIZ,EAAa,EACjB,KAAMS,GAAa,MAAQA,GAAa,aAAeC,EACvD,YAAaD,GAAa,aAAeC,CAC3C,CACF,GAEA,MAAO,CAEL,YAAa,SACb,UAAWX,EAAgB,EAC3B,GAAGY,EAAa,EAChB,GAAGC,EAAK,EACR,iBAAkB,OAAO,OAAOC,CAA0B,EAAE,IAAKC,IAAe,CAC9E,KAAM,aACN,IAAKA,CACP,EAAE,EACF,mBAAoB,CAAC,EACrB,uBAAwB,CAGtB,wBAAyB,WACzB,iBAAkB,YAElB,YAAa,WACb,mBAAoB,EACtB,CACF,CACF,EAEaC,EAAyB,CACpCC,EAA0B,CAAC,KAC+B,CAC1D,KAAMV,EAAeU,CAAO,EAC5B,iBAAkB,CAAC,EACnB,iBAAkB,UACpB,GC/FO,IAAMC,EAAU,MAAU,CAC/B,GAAAC,EACA,KAAAC,EACA,WAAAC,CACF,IAG2C,CACzCA,IAAa,CACX,KAAAD,EACA,MAAO,aACT,CAAC,EAED,GAAI,CACF,IAAME,EAAS,MAAMH,EAAG,EAExB,OAAAE,IAAa,CACX,KAAAD,EACA,MAAO,SACT,CAAC,EAEME,CACT,OAASC,EAAc,CACrB,MAAAF,IAAa,CACX,KAAAD,EACA,MAAO,OACT,CAAC,EAEKG,CACR,CACF,EC7BO,IAAKC,OAEVA,IAAA,uDAEAA,IAAA,+CAEAA,IAAA,qBANUA,OAAA,IJsCZ,IAAMC,EAAoB,CAAC,CACzB,QAAAC,CACF,IACE,YAAY,QAAQA,GAAWC,CAA2B,EAEtDC,GAAsB,MAAO,CACjC,UAAAC,EACA,cAAAC,EACA,eAAAC,EACA,QAAAL,CACF,IAIE,MAAM,UAAU,YAAY,IAAI,CAC9B,UAAW,CACT,GAAGM,EAAuBD,CAAc,EACxC,UAAWF,EAAU,OACrB,kBAAmBC,GAAiB,CAAC,GAAG,IAAKG,IAAQ,CACnD,GAAIA,EAAG,OACP,KAAM,YACR,EAAE,CACJ,EACA,OAAQR,EAAkB,CAAC,QAAAC,CAAO,CAAC,CACrC,CAAC,EAMGQ,EAK6BC,GAAkC,CACnE,GAAIA,EAAM,SAAW,cACnB,MAAM,IAAIC,CAEd,EAEMC,EAEmCC,GAAwC,CAC/E,GAAIC,EAAUD,CAAU,EACtB,MAAM,IAAIE,CAEd,EAEMC,EAEyD,CAAC,CAAC,KAAAC,CAAI,IAAwB,CAC3F,GAAIA,IAAS,aACX,MAAM,IAAIC,CAEd,EAYaC,EAAN,MAAMC,UAAuDC,CAAa,CACtEC,GACTC,GAWQ,YAAY,CAClB,WAAAC,EACA,GAAGC,CACL,EAIK,CAKH,GAJA,MAAM,EAEN,KAAKH,GAAkBE,EAEnB,sBAAuBC,EAAM,CAC/B,GAAM,CAAC,kBAAAC,CAAiB,EAAID,EAE5B,KAAKF,GAAS,CACZ,OAAQ,UACR,kBAAAG,CACF,EAEA,MACF,CAEA,KAAKH,GAASH,EAAiBO,GAAwB,CACrD,WAAY,IAAIC,EAAsBH,CAAI,CAC5C,CAAC,CACH,CAEA,MAAOE,GAAsD,CAC3D,WAAAd,CACF,EAEqB,CACnB,MAAO,CACL,OAAQ,cACR,WAAYA,CACd,CACF,CAWA,aAAa,wBAAwB,CACnC,eAAAP,EACA,QAAAL,EACA,GAAG4B,CACL,EAAiD,CAAC,EAEhD,CACA,IAAMhB,EAAa,MAAM,UAAU,YAAY,OAAO,CACpD,UAAWiB,EAAqBxB,CAAc,EAC9C,OAAQN,EAAkB,CAAC,QAAAC,CAAO,CAAC,CACrC,CAAC,EAEDW,EAA2BC,CAAU,EACrCG,EAA0BH,CAAU,EAEpC,GAAM,CACJ,SAAU,CAAC,kBAAAkB,CAAiB,EAC5B,MAAAC,CACF,EAAInB,EAEJ,GAAIC,EAAUiB,CAAiB,EAC7B,MAAM,IAAIE,EAKZ,GAAM,CAAC,SAAAC,CAAQ,EAAIC,EAAK,OACtBC,EAAwBL,CAAiB,CAC3C,EAEMM,EAAOC,EAAgBJ,CAAQ,EAErC,OAAO,IAAId,EAAwC,CACjD,GAAGS,EACH,MAAOO,EAAwBJ,CAAK,EACpC,KAAAK,EACA,SAAAH,CACF,CAAC,CACH,CAUA,aAAa,6BACXT,EACuD,CACvD,OAAO,IAAIL,EAA6CK,CAAI,CAC9D,CASS,cAAmC,CAC1ChB,EAA+B,KAAKc,EAAM,EAE1C,GAAM,CAAC,WAAAV,CAAU,EAAI,KAAKU,GAE1B,OAAOV,EAAW,aAAa,CACjC,CAYA,eAAmB,CACjBJ,EAA+B,KAAKc,EAAM,EAE1C,GAAM,CAAC,WAAAV,CAAU,EAAI,KAAKU,GAE1B,OAAOV,CACT,CAQA,MAAe,KAAK0B,EAAsC,CAgBxD,IAAM1B,EAAa,MAAM2B,EAAQ,CAC/B,GAfwB,SAA0C,CAClE,IAAM3B,EAAa,MAAMV,GAAoB,CAC3C,UAAWoC,EACX,GAAI,KAAKhB,GAAO,SAAW,eAAiB,CAC1C,cAAe,CAAC,KAAKA,GAAO,WAAW,gBAAgB,CAAC,CAC1D,CACF,CAAC,EAED,OAAAX,EAA2BC,CAAU,EACrCG,EAA0BH,CAAU,EAE7BA,CACT,EAIE,OACA,WAAY,KAAKS,EACnB,CAAC,EAsCD,aAAMkB,EAAQ,CACZ,GApC2B,SAAY,CACvC,GAAM,CAAC,MAAAR,CAAK,EAAInB,EAIhB,GAAI,KAAKU,GAAO,SAAW,cAAe,CACxC,GACE,CAACkB,EAAiB,CAChB,EAAG,KAAKlB,GAAO,WAAW,gBAAgB,EAC1C,EAAGa,EAAwBJ,CAAK,CAClC,CAAC,EAED,MAAM,IAAIU,EAGZ,MACF,CAKA,GAAM,CAAC,kBAAAhB,CAAiB,EAAI,KAAKH,GAE3Bc,EAAO,MAAMX,EAAkB,CACnC,aAAcU,EAAwBJ,CAAK,CAC7C,CAAC,EAED,KAAKT,GAASH,EAAiBO,GAAwB,CACrD,WAAY,IAAIgB,EAA2B,CACzC,MAAOP,EAAwBJ,CAAK,EACpC,KAAAK,CACF,CAAC,CACH,CAAC,CACH,EAIE,OACA,WAAY,KAAKf,EACnB,CAAC,EA0CM,MAAMkB,EAAQ,CACnB,GAvCsB,SAAgC,CACtD,GAAM,CAAC,SAAAI,CAAQ,EAAI/B,EAEb,CAAC,eAAAgC,CAAc,EAAID,EAInB,CAAC,kBAAAE,EAAmB,UAAAC,CAAS,EACjC,sBAAuBH,GAAY,cAAeA,EAC7CA,EACD,CAAC,EAEP,GAAI9B,EAAUgC,CAAiB,EAC7B,MAAM,IAAIE,EAGZ,GAAIlC,EAAUiC,CAAS,EACrB,MAAM,IAAIC,EAGZ,IAAMC,EAAUd,EAAK,OAAO,CAC1B,mBAAoBW,EACpB,iBAAkB,IAAI,YAAY,EAAE,OAAOD,CAAc,EACzD,UAAWT,EAAwBW,CAAS,CAC9C,CAAC,EAED,GAAIjC,EAAUmC,CAAO,EACnB,MAAM,IAAIC,EAIZ,cAAO,OAAOD,EAAS,CACrB,cAAe,MACjB,CAAC,EAEMA,CACT,EAIE,OACA,WAAY,KAAK3B,EACnB,CAAC,CACH,CACF,EKpXA,OAAQ,cAAA6B,OAAiB,iBAYlB,IAAMC,GAAsB,SAE/BD,GAAW,OAAO,mBAAmB,GACrC,kDAAmD,oBAE5C,MAAM,oBAAoB,8CAA8C,EAG1E",
6
- "names": ["uint8ArrayToArrayOfNumber", "extractAAGUID", "authData", "bytes", "result", "bytesToAAGUID", "aaguid", "byte", "DER_COSE_OID", "wrapDER", "_authDataToCose", "authData", "dataView", "idLenBytes", "v", "i", "credentialIdLength", "_coseToDerEncodedBlob", "cose", "CosePublicKey", "_cose", "#encodedKey", "_coseToDerEncodedBlob", "uint8ArrayToBase64", "WebAuthnCredential", "#credentialId", "#publicKey", "credentialId", "cose", "CosePublicKey", "uint8ArrayToBase64", "WebAuthnNewCredential", "#aaguidText", "#aaguidBytes", "authData", "rest", "optionAaguid", "extractAAGUID", "WebAuthnExistingCredential", "WebAuthnIdentityHostnameError", "WebAuthnIdentityCredentialNotInitializedError", "WebAuthnIdentityCreateCredentialOnTheDeviceError", "WebAuthnIdentityCredentialNotPublicKeyError", "WebAuthnIdentityNoAttestationError", "WebAuthnIdentityInvalidCredentialIdError", "WebAuthnIdentityEncodeCborSignatureError", "WebAuthnIdentityNoAuthenticatorDataError", "WebAuthnIdentityNoSignatureError", "Cbor", "SignIdentity", "arrayBufferToUint8Array", "isNullish", "uint8ArraysEqual", "PUBLIC_KEY_COSE_ALGORITHMS", "AUTHENTICATOR_ABORT_TIMEOUT", "isNullish", "randomValue", "createChallenge", "createUserId", "hostname", "href", "url", "isNullish", "WebAuthnIdentityHostnameError", "relyingPartyId", "appId", "createPasskeyOptions", "userOptions", "name", "relyingParty", "user", "PUBLIC_KEY_COSE_ALGORITHMS", "algorithm", "retrievePasskeyOptions", "options", "execute", "fn", "step", "onProgress", "result", "err", "WebAuthnSignProgressStep", "createAbortSignal", "timeout", "AUTHENTICATOR_ABORT_TIMEOUT", "retrieveCredentials", "challenge", "credentialIds", "passkeyOptions", "retrievePasskeyOptions", "id", "assertWebAuthnStateInitialized", "state", "WebAuthnIdentityCredentialNotInitializedError", "assertNonNullishCredential", "credential", "isNullish", "WebAuthnIdentityCreateCredentialOnTheDeviceError", "assertCredentialPublicKey", "type", "WebAuthnIdentityCredentialNotPublicKeyError", "WebAuthnIdentity", "_WebAuthnIdentity", "SignIdentity", "#onSignProgress", "#state", "onProgress", "args", "retrievePublicKey", "#createInitializedState", "WebAuthnNewCredential", "restArgs", "createPasskeyOptions", "attestationObject", "rawId", "WebAuthnIdentityNoAttestationError", "authData", "Cbor", "arrayBufferToUint8Array", "cose", "_authDataToCose", "blob", "execute", "uint8ArraysEqual", "WebAuthnIdentityInvalidCredentialIdError", "WebAuthnExistingCredential", "response", "clientDataJSON", "authenticatorData", "signature", "WebAuthnIdentityNoAuthenticatorDataError", "encoded", "WebAuthnIdentityEncodeCborSignatureError", "nonNullish", "isWebAuthnAvailable"]
4
+ "sourcesContent": ["import {uint8ArrayToArrayOfNumber} from '@dfinity/utils';\n\n/**\n * Extracts the AAGUID (Authenticator Attestation GUID) from a WebAuthn data buffer.\n *\n * The AAGUID is a 16-byte value located at offsets 37..53 within `authenticatorData`\n * when **attested credential data** is present (i.e., during registration/attestation).\n *\n * For assertion (sign-in) responses, `authenticatorData` is typically 37 bytes and\n * does not include an AAGUID.\n *\n * If the extracted value is all zeros (`00000000-0000-0000-0000-000000000000`),\n * this function returns `{ unknownProvider: null }` since some passkey providers\n * intentionally use a zero AAGUID.\n *\n * @param {Object} params\n * @param {Uint8Array} params.authData - The WebAuthn `authenticatorData` bytes.\n * @returns {{aaguid: string; bytes: Uint8Array} | {invalidAuthData: null} | {unknownProvider: null}}\n * - { aaguidText, aaguidBytes } for valid AAGUID\n * - { unknownProvider: null } for all-zero AAGUID\n * - { invalidAuthData: null } if `authData` is invalid (too short, too long, etc.)\n *\n * @see https://web.dev/articles/webauthn-aaguid\n */\nexport const extractAAGUID = ({\n authData\n}: {\n authData: Uint8Array;\n}):\n | {aaguidText: string; aaguidBytes: Uint8Array}\n | {invalidAuthData: null}\n | {unknownProvider: null} => {\n if (authData.byteLength < 37) {\n return {invalidAuthData: null};\n }\n\n if (authData.byteLength < 53) {\n return {invalidAuthData: null};\n }\n\n const bytes = authData.slice(37, 53);\n\n const result = bytesToAAGUID({bytes});\n\n if ('aaguid' in result) {\n return {aaguidBytes: bytes, aaguidText: result.aaguid};\n }\n\n return {unknownProvider: null};\n};\n\n/**\n * Convert 16 AAGUID bytes to canonical UUID string (lowercase, hyphenated).\n *\n * Returns:\n * - { aaguid } for non-zero AAGUIDs\n * - { unknownProvider: null } for all-zero AAGUID\n * - { invalidBytes: null } if length \u2260 16\n *\n * @param {{bytes: Uint8Array | number[]}} params\n * @returns {{aaguid: string} | {invalidBytes: null} | {unknownProvider: null}}\n */\nexport const bytesToAAGUID = ({\n bytes\n}: {\n bytes: Uint8Array | number[];\n}): {aaguid: string} | {invalidBytes: null} | {unknownProvider: null} => {\n if (bytes.length !== 16) {\n return {invalidBytes: null};\n }\n\n const hex = (bytes instanceof Uint8Array ? uint8ArrayToArrayOfNumber(bytes) : bytes)\n .map((byte) => byte.toString(16).padStart(2, '0'))\n .join('');\n\n const aaguid = hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, '$1-$2-$3-$4-$5');\n\n // \"00000000-0000-0000-0000-0000000000000\" represents an unknown passkey provider. Some passkey providers use this AAGUID intentionally.\n // Source: https://web.dev/articles/webauthn-aaguid\n if (aaguid === '00000000-0000-0000-0000-000000000000') {\n return {unknownProvider: null};\n }\n\n return {aaguid};\n};\n", "import {DER_COSE_OID, wrapDER, type DerEncodedPublicKey} from '@dfinity/agent';\n\n/**\n * \u26A0\uFE0F !!!WARNING!!! \u26A0\uFE0F\n * This module is a copy/paste of the webauthn functions not exposed by Agent-js.\n * It is therefore not covered by any tests (\u203C\uFE0F) in this library.\n *\n * @see https://github.com/dfinity/agent-js/blob/main/packages/identity/src/identity/webauthn.ts\n */\n\n/**\n * From the documentation;\n * The authData is a byte array described in the spec. Parsing it will involve slicing bytes from\n * the array and converting them into usable objects.\n *\n * See https://webauthn.guide/#registration (subsection \"Example: Parsing the authenticator data\").\n * @param authData The authData field of the attestation response.\n * @returns The COSE key of the authData.\n */\nexport function _authDataToCose(authData: Uint8Array): Uint8Array {\n const dataView = new DataView(new ArrayBuffer(2));\n const idLenBytes = authData.slice(53, 55);\n [...new Uint8Array(idLenBytes)].forEach((v, i) => dataView.setUint8(i, v));\n const credentialIdLength = dataView.getUint16(0);\n\n // Get the public key object.\n return authData.slice(55 + credentialIdLength);\n}\n\nexport function _coseToDerEncodedBlob(cose: Uint8Array): DerEncodedPublicKey {\n return wrapDER(cose, DER_COSE_OID) as DerEncodedPublicKey;\n}\n", "import type {DerEncodedPublicKey} from '@dfinity/agent';\nimport type {PublicKeyWithToRaw} from '../types/identity';\nimport {_coseToDerEncodedBlob} from './cose-utils';\n\n/**\n * \u26A0\uFE0F !!!WARNING!!! \u26A0\uFE0F\n * This module is a copy/paste of the webauthn classes not exposed by Agent-js\n * extended with mandatory toRaw() and encodedKey made private.\n * It is therefore not covered by that many tests (\u203C\uFE0F) in this library.\n *\n * @see https://github.com/dfinity/agent-js/blob/main/packages/identity/src/identity/webauthn.ts\n */\n\n/**\n * COSE-encoded key (CBOR Object Signing and Encryption).\n * serialized as a Uint8Array.\n */\nexport type CoseEncodedKey = Uint8Array;\n\nexport class CosePublicKey implements PublicKeyWithToRaw {\n readonly #encodedKey: DerEncodedPublicKey;\n\n public constructor(protected _cose: CoseEncodedKey) {\n this.#encodedKey = _coseToDerEncodedBlob(_cose);\n }\n\n public toDer(): DerEncodedPublicKey {\n return this.#encodedKey;\n }\n\n public toRaw(): Uint8Array {\n return new Uint8Array(this.#encodedKey); // Strip __derEncodedPublicKey__\n }\n}\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {extractAAGUID} from './aaguid';\nimport {type CoseEncodedKey, CosePublicKey} from './agent-js/cose-key';\nimport type {PublicKeyWithToRaw} from './types/identity';\n\n/**\n * Arguments to initialize a WebAuthn object.\n */\nexport interface InitWebAuthnCredentialArgs {\n /**\n * The credential ID (authenticator\u2019s `rawId`) as bytes.\n */\n rawId: Uint8Array;\n\n /**\n * COSE-encoded public key extracted from attestation/authData.\n */\n cose: CoseEncodedKey;\n}\n\nexport interface InitWebAuthnNewCredentialArgs extends InitWebAuthnCredentialArgs {\n /**\n * The authenticator data from the attestation.\n */\n authData: Uint8Array;\n}\n\n/**\n * A wrapper around a WebAuthn credential that provides various base information such as its ID or public key.\n */\nexport abstract class WebAuthnCredential {\n readonly #credentialId: Uint8Array;\n readonly #publicKey: CosePublicKey;\n\n /**\n * @param args - {@link InitWebAuthnCredentialArgs} used to initialize the credential.\n * @param args.rawId - Credential ID (`rawId`) as bytes.\n * @param args.cose - COSE-encoded public key.\n */\n constructor({rawId: credentialId, cose}: InitWebAuthnCredentialArgs) {\n this.#credentialId = credentialId;\n this.#publicKey = new CosePublicKey(cose);\n }\n\n /**\n * Returns the public key for this credential.\n */\n getPublicKey(): PublicKeyWithToRaw {\n return this.#publicKey;\n }\n\n /**\n * Returns the credential ID as bytes.\n */\n getCredentialId(): Uint8Array {\n return this.#credentialId;\n }\n\n /**\n * Returns the credential ID as textual representation (a base64 string).\n */\n getCredentialIdText(): string {\n return uint8ArrayToBase64(this.#credentialId);\n }\n}\n\n/**\n * A wrapper around a newly created WebAuthn credential.\n * It is created using `navigator.credentials.create` which provides an attestation.\n */\nexport class WebAuthnNewCredential extends WebAuthnCredential {\n readonly #aaguidText: string | undefined;\n readonly #aaguidBytes: Uint8Array | undefined;\n\n /**\n * @param args - {@link InitWebAuthnNewCredentialArgs} used to initialize the credential.\n * @param args.rawId - Credential ID (`rawId`) as bytes.\n * @param args.cose - COSE-encoded public key.\n * @params args.authData - Authenticator data from the attestation.\n */\n constructor({authData, ...rest}: InitWebAuthnNewCredentialArgs) {\n super(rest);\n\n const optionAaguid = extractAAGUID({authData});\n this.#aaguidText = 'aaguidText' in optionAaguid ? optionAaguid.aaguidText : undefined;\n this.#aaguidBytes = 'aaguidBytes' in optionAaguid ? optionAaguid.aaguidBytes : undefined;\n }\n\n /**\n * Returns AAGUID (Authenticator Attestation GUID).\n */\n getAAGUID(): Uint8Array | undefined {\n return this.#aaguidBytes;\n }\n\n /**\n * Returns the textual representation of the AAGUID (Authenticator Attestation GUID).\n */\n getAAGUIDText(): string | undefined {\n return this.#aaguidText;\n }\n}\n\n/**\n * A wrapper around a retrieval of existing WebAuthn credential.\n * It is created using `navigator.credentials.get` which provides an assertion.\n */\nexport class WebAuthnExistingCredential extends WebAuthnCredential {}\n", "export class WebAuthnIdentityHostnameError extends Error {}\nexport class WebAuthnIdentityCredentialNotInitializedError extends Error {}\nexport class WebAuthnIdentityCreateCredentialOnTheDeviceError extends Error {}\nexport class WebAuthnIdentityCredentialNotPublicKeyError extends Error {}\nexport class WebAuthnIdentityNoAttestationError extends Error {}\nexport class WebAuthnIdentityInvalidCredentialIdError extends Error {}\nexport class WebAuthnIdentityEncodeCborSignatureError extends Error {}\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse/authenticatorData\nexport class WebAuthnIdentityNoAuthenticatorDataError extends Error {}\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse/signature\nexport class WebAuthnIdentityNoSignatureError extends Error {}\n", "import {Cbor, type Signature, SignIdentity} from '@dfinity/agent';\nimport {arrayBufferToUint8Array, isNullish, uint8ArraysEqual} from '@dfinity/utils';\nimport {AUTHENTICATOR_ABORT_TIMEOUT} from './_constants';\nimport {createPasskeyOptions, retrievePasskeyOptions} from './_options';\nimport {execute} from './_progress';\nimport {_authDataToCose} from './agent-js/cose-utils';\nimport {\n type InitWebAuthnNewCredentialArgs,\n type WebAuthnCredential,\n WebAuthnExistingCredential,\n WebAuthnNewCredential\n} from './credential';\nimport {\n WebAuthnIdentityCreateCredentialOnTheDeviceError,\n WebAuthnIdentityCredentialNotInitializedError,\n WebAuthnIdentityCredentialNotPublicKeyError,\n WebAuthnIdentityEncodeCborSignatureError,\n WebAuthnIdentityInvalidCredentialIdError,\n WebAuthnIdentityNoAttestationError,\n WebAuthnIdentityNoAuthenticatorDataError\n} from './errors';\nimport type {\n AuthenticatorOptions,\n CreateWebAuthnIdentityWithExistingCredentialArgs,\n CreateWebAuthnIdentityWithNewCredentialArgs,\n PublicKeyWithToRaw,\n RetrievePublicKeyFn\n} from './types/identity';\nimport type {PasskeyOptions} from './types/passkey';\nimport {\n type WebAuthnSignProgressArgs,\n type WebAuthnSignProgressFn,\n WebAuthnSignProgressStep\n} from './types/progress';\n\ntype PublicKeyCredentialWithAttachment = Omit<PublicKeyCredential, 'response'> & {\n response: AuthenticatorAssertionResponse & {\n attestationObject?: ArrayBuffer;\n };\n};\n\nconst createAbortSignal = ({\n timeout\n}: Pick<AuthenticatorOptions<PasskeyOptions>, 'timeout'>): AbortSignal =>\n AbortSignal.timeout(timeout ?? AUTHENTICATOR_ABORT_TIMEOUT);\n\nconst retrieveCredentials = async ({\n challenge,\n credentialIds,\n passkeyOptions,\n timeout\n}: {\n challenge: Uint8Array;\n credentialIds?: Uint8Array[];\n} & AuthenticatorOptions<PasskeyOptions>): Promise<Credential | null> =>\n await navigator.credentials.get({\n publicKey: {\n ...retrievePasskeyOptions(passkeyOptions),\n challenge: challenge.buffer as BufferSource,\n allowCredentials: (credentialIds ?? []).map((id) => ({\n id: id.buffer as BufferSource,\n type: 'public-key'\n }))\n },\n signal: createAbortSignal({timeout})\n });\n\ntype WebAuthnState<T extends WebAuthnCredential> =\n | {status: 'pending'; retrievePublicKey: RetrievePublicKeyFn}\n | {status: 'initialized'; credential: T};\n\nconst assertWebAuthnStateInitialized: <T extends WebAuthnCredential>(\n state: WebAuthnState<T>\n) => asserts state is {\n status: 'initialized';\n credential: T;\n} = <T extends WebAuthnCredential>(state: WebAuthnState<T>): void => {\n if (state.status !== 'initialized') {\n throw new WebAuthnIdentityCredentialNotInitializedError();\n }\n};\n\nconst assertNonNullishCredential: (\n credential: Credential | null\n) => asserts credential is Credential = (credential: Credential | null): void => {\n if (isNullish(credential)) {\n throw new WebAuthnIdentityCreateCredentialOnTheDeviceError();\n }\n};\n\nconst assertCredentialPublicKey: (\n credential: Credential\n) => asserts credential is PublicKeyCredentialWithAttachment = ({type}: Credential): void => {\n if (type !== 'public-key') {\n throw new WebAuthnIdentityCredentialNotPublicKeyError();\n }\n};\n\n/**\n * A signing identity for the Internet Computer, backed by a WebAuthn credential.\n *\n * Use one of the factory methods to construct an instance:\n * - {@link WebAuthnIdentity.createWithNewCredential} to create a new passkey on the device.\n * - {@link WebAuthnIdentity.createWithExistingCredential} to use an existing passkey.\n *\n * @template T Concrete credential type for this identity\n * ({@link WebAuthnNewCredential} or {@link WebAuthnExistingCredential}).\n */\nexport class WebAuthnIdentity<T extends WebAuthnCredential> extends SignIdentity {\n readonly #onSignProgress: WebAuthnSignProgressFn | undefined;\n #state: WebAuthnState<T>;\n\n /**\n * @hidden Use the factory methods instead.\n *\n * Initializes the identity in either:\n * - **pending** state (existing-credential path; public key not yet known), or\n * - **initialized** state (new-credential path; public key known immediately).\n *\n * @private\n */\n private constructor({\n onProgress,\n ...args\n }: WebAuthnSignProgressArgs &\n (\n | InitWebAuthnNewCredentialArgs\n | Pick<CreateWebAuthnIdentityWithExistingCredentialArgs, 'retrievePublicKey'>\n )) {\n super();\n\n this.#onSignProgress = onProgress;\n\n if ('retrievePublicKey' in args) {\n const {retrievePublicKey} = args;\n\n this.#state = {\n status: 'pending',\n retrievePublicKey\n };\n\n return;\n }\n\n this.#state = WebAuthnIdentity.#createInitializedState({\n credential: new WebAuthnNewCredential(args)\n });\n }\n\n static #createInitializedState<T extends WebAuthnCredential>({\n credential\n }: {\n credential: WebAuthnNewCredential | WebAuthnExistingCredential;\n }): WebAuthnState<T> {\n return {\n status: 'initialized',\n credential: credential as T\n };\n }\n\n /**\n * Creates a new passkey on the device and returns an initialized identity.\n *\n * If you chain `create` and `sign`, the user will be prompted twice to authenticate\n * with their authenticator. You can track progress via the `onProgress` callback.\n *\n * @param args {@link CreateWebAuthnIdentityWithNewCredentialArgs} Options to create the passkey.\n * @returns A {@link WebAuthnIdentity} parameterized with {@link WebAuthnNewCredential}.\n */\n static async createWithNewCredential({\n passkeyOptions,\n timeout,\n ...restArgs\n }: CreateWebAuthnIdentityWithNewCredentialArgs = {}): Promise<\n WebAuthnIdentity<WebAuthnNewCredential>\n > {\n const credential = await navigator.credentials.create({\n publicKey: createPasskeyOptions(passkeyOptions),\n signal: createAbortSignal({timeout})\n });\n\n assertNonNullishCredential(credential);\n assertCredentialPublicKey(credential);\n\n const {\n response: {attestationObject},\n rawId\n } = credential;\n\n if (isNullish(attestationObject)) {\n throw new WebAuthnIdentityNoAttestationError();\n }\n\n // We have to parse the attestationObject as CBOR to ultimately retrieve the public key.\n // Similar as what's implemented in AgentJS.\n const {authData} = Cbor.decode<{authData: Uint8Array}>(\n arrayBufferToUint8Array(attestationObject)\n );\n\n const cose = _authDataToCose(authData);\n\n return new WebAuthnIdentity<WebAuthnNewCredential>({\n ...restArgs,\n rawId: arrayBufferToUint8Array(rawId),\n cose,\n authData\n });\n }\n\n /**\n * Creates an identity for an existing passkey.\n *\n * @param args {@link CreateWebAuthnIdentityWithExistingCredentialArgs} Options to retrieve the passkey.\n * @returns A {@link WebAuthnIdentity} parameterized with {@link WebAuthnExistingCredential}.\n */\n // We use async for consistency reason and because it might be future prone.\n // eslint-disable-next-line require-await\n static async createWithExistingCredential(\n args: CreateWebAuthnIdentityWithExistingCredentialArgs\n ): Promise<WebAuthnIdentity<WebAuthnExistingCredential>> {\n return new WebAuthnIdentity<WebAuthnExistingCredential>(args);\n }\n\n /**\n * Returns the credential\u2019s public key.\n *\n * @returns {PublicKey}\n * @throws WebAuthnIdentityCredentialNotInitializedError if the identity has not signed\n * any request yet.\n */\n override getPublicKey(): PublicKeyWithToRaw {\n assertWebAuthnStateInitialized(this.#state);\n\n const {credential} = this.#state;\n\n return credential.getPublicKey();\n }\n\n /**\n * Returns the concrete credential wrapper for this identity.\n *\n * For identities created with:\n * - `createWithNewCredential` \u2192 {@link WebAuthnNewCredential}\n * - `createWithExistingCredential` \u2192 {@link WebAuthnExistingCredential}\n *\n * @throws WebAuthnIdentityCredentialNotInitializedError if the identity has not signed\n * any request yet.\n */\n getCredential(): T {\n assertWebAuthnStateInitialized(this.#state);\n\n const {credential} = this.#state;\n\n return credential;\n }\n\n /**\n * Signs an arbitrary blob using the platform authenticator.\n *\n * @param blob Bytes to sign (used as the WebAuthn challenge).\n * @returns {Promise<Signature>} CBOR-encoded signature payload.\n */\n override async sign(blob: Uint8Array): Promise<Signature> {\n // 1. Request user credential (navigator.credentials.get)\n const requestCredential = async (): Promise<PublicKeyCredential> => {\n const credential = await retrieveCredentials({\n challenge: blob,\n ...(this.#state.status === 'initialized' && {\n credentialIds: [this.#state.credential.getCredentialId()]\n })\n });\n\n assertNonNullishCredential(credential);\n assertCredentialPublicKey(credential);\n\n return credential;\n };\n\n const credential = await execute({\n fn: requestCredential,\n step: WebAuthnSignProgressStep.RequestingUserCredential,\n onProgress: this.#onSignProgress\n });\n\n // 2. Assert credential ID if already initialized or load public key from backend and init state\n const finalizingCredential = async () => {\n const {rawId} = credential;\n\n // If the state was already initialized - credentials.create - then we \"only\"\n // assert that the rawId retrieved by credentials.get is equals to the one already known.\n if (this.#state.status === 'initialized') {\n if (\n !uint8ArraysEqual({\n a: this.#state.credential.getCredentialId(),\n b: arrayBufferToUint8Array(rawId)\n })\n ) {\n throw new WebAuthnIdentityInvalidCredentialIdError();\n }\n\n return;\n }\n\n // If the state was pending, we need to retrieve the public key for the credential\n // that was saved during a previous sign-up\n // because credentials.get does not provide an attestation.\n const {retrievePublicKey} = this.#state;\n\n const cose = await retrievePublicKey({\n credentialId: arrayBufferToUint8Array(rawId)\n });\n\n this.#state = WebAuthnIdentity.#createInitializedState({\n credential: new WebAuthnExistingCredential({\n rawId: arrayBufferToUint8Array(rawId),\n cose\n })\n });\n };\n\n await execute({\n fn: finalizingCredential,\n step: WebAuthnSignProgressStep.FinalizingCredential,\n onProgress: this.#onSignProgress\n });\n\n // 3. Sign the request\n // eslint-disable-next-line require-await\n const encodeSignature = async (): Promise<Signature> => {\n const {response} = credential;\n\n const {clientDataJSON} = response;\n\n // Only the response of type AuthenticatorAssertionResponse provides authenticatorData and signature\n // which is the type of response we are expecting.\n const {authenticatorData, signature} =\n 'authenticatorData' in response && 'signature' in response\n ? (response as AuthenticatorAssertionResponse)\n : {};\n\n if (isNullish(authenticatorData)) {\n throw new WebAuthnIdentityNoAuthenticatorDataError();\n }\n\n if (isNullish(signature)) {\n throw new WebAuthnIdentityNoAuthenticatorDataError();\n }\n\n const encoded = Cbor.encode({\n authenticator_data: authenticatorData,\n client_data_json: new TextDecoder().decode(clientDataJSON),\n signature: arrayBufferToUint8Array(signature)\n });\n\n if (isNullish(encoded)) {\n throw new WebAuthnIdentityEncodeCborSignatureError();\n }\n\n // Similar as AgentJS code.\n Object.assign(encoded, {\n __signature__: undefined\n });\n\n return encoded as Signature;\n };\n\n return await execute({\n fn: encodeSignature,\n step: WebAuthnSignProgressStep.Signing,\n onProgress: this.#onSignProgress\n });\n }\n}\n", "// See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for a complete\n// list of these algorithms. We only list the ones we support here.\n//\n// According Google tutorial, https://web.dev/articles/passkey-registration, specifying\n// support for ECDSA with P-256 (-7) and RSA PKCS#1 (-257) gives complete coverage.\nexport const PUBLIC_KEY_COSE_ALGORITHMS = {\n ECDSA_WITH_SHA256: -7,\n RSA_WITH_SHA256: -257\n};\n\nexport const AUTHENTICATOR_ABORT_TIMEOUT = 60000;\n", "import {PUBLIC_KEY_COSE_ALGORITHMS} from './_constants';\nimport {WebAuthnIdentityHostnameError} from './errors';\nimport type {CreatePasskeyOptions, PasskeyOptions} from './types/passkey';\n\nconst randomValue = (): BufferSource => window.crypto.getRandomValues(new Uint8Array(16));\n\n/**\n * When creating a passkey, the challenge can simply be a random value.\n * Since the server doesn\u2019t need to verify the authenticity of the key,\n * it doesn\u2019t have to generate the challenge itself.\n *\n * In contrast, when signing a request with our credentials,\n * the request itself becomes the data (blob), the challenge, that must be signed.\n */\nconst createChallenge = (): BufferSource => randomValue();\n\n/**\n * The user ID is set to a random value, which holds little relevance\n * for the end user beyond being unique.\n *\n * Ultimately, once signed in, the user's actual identifier will be\n * the public key (principal) of the identity used to interact with the IC.\n */\nconst createUserId = (): BufferSource => randomValue();\n\nconst hostname = (): string => {\n const {\n location: {href}\n } = window;\n\n try {\n const {hostname} = new URL(href);\n return hostname;\n } catch {\n throw new WebAuthnIdentityHostnameError();\n }\n};\n\nconst relyingPartyId = ({appId}: Pick<PasskeyOptions, 'appId'>): string => appId?.id ?? hostname();\n\nexport const createPasskeyOptions = ({\n appId,\n user: userOptions\n}: CreatePasskeyOptions = {}): PublicKeyCredentialCreationOptions => {\n const {\n document: {title: name}\n } = window;\n\n const relyingParty = (): Pick<PublicKeyCredentialCreationOptions, 'rp'> => ({\n rp: {\n // Note: deprecated in WebAuthn L3\n name: appId?.name ?? name,\n id: relyingPartyId({appId})\n }\n });\n\n const user = (): Pick<PublicKeyCredentialCreationOptions, 'user'> => ({\n user: {\n id: createUserId(),\n name: userOptions?.name ?? userOptions?.displayName ?? name,\n displayName: userOptions?.displayName ?? name\n }\n });\n\n return {\n // We want to receive the attestation statement as generated by the authenticator\n attestation: 'direct',\n challenge: createChallenge(),\n ...relyingParty(),\n ...user(),\n pubKeyCredParams: Object.values(PUBLIC_KEY_COSE_ALGORITHMS).map((algorithm) => ({\n type: 'public-key',\n alg: algorithm\n })),\n excludeCredentials: [],\n authenticatorSelection: {\n // At least for now, we want a simplified flow and therefore indicates that we want a\n // platform authenticator ((an authenticator embedded to the platform device).\n authenticatorAttachment: 'platform',\n userVerification: 'preferred',\n // Along with requireResidentKey, make passkey discoverable,\n residentKey: 'required',\n requireResidentKey: true\n }\n };\n};\n\nexport const retrievePasskeyOptions = (\n options: PasskeyOptions = {}\n): Omit<PublicKeyCredentialRequestOptions, 'challenge'> => ({\n rpId: relyingPartyId(options),\n allowCredentials: [],\n userVerification: 'required'\n});\n", "import type {WebAuthnSignProgress, WebAuthnSignProgressArgs} from './types/progress';\n\nexport const execute = async <T>({\n fn,\n step,\n onProgress\n}: {\n fn: () => Promise<T>;\n} & Pick<WebAuthnSignProgress, 'step'> &\n WebAuthnSignProgressArgs): Promise<T> => {\n onProgress?.({\n step,\n state: 'in_progress'\n });\n\n try {\n const result = await fn();\n\n onProgress?.({\n step,\n state: 'success'\n });\n\n return result;\n } catch (err: unknown) {\n onProgress?.({\n step,\n state: 'error'\n });\n\n throw err;\n }\n};\n", "/**\n * Progress steps in the WebAuthn signing flow.\n */\nexport enum WebAuthnSignProgressStep {\n /** Calling `navigator.credentials.get` to obtain an assertion. */\n RequestingUserCredential,\n /** Verifying/initializing the credential (e.g., ID match, loading public key). */\n FinalizingCredential,\n /** Producing the signature and encoding the result. */\n Signing\n}\n\n/**\n * Status of the current step.\n */\nexport type WebAuthnSignProgressState = 'in_progress' | 'success' | 'error';\n\n/**\n * Payload emitted on progress updates.\n */\nexport interface WebAuthnSignProgress {\n /** The step being executed. */\n step: WebAuthnSignProgressStep;\n /** State of that step. */\n state: WebAuthnSignProgressState;\n}\n\n/**\n * Callback invoked on each progress update.\n */\nexport type WebAuthnSignProgressFn = (progress: WebAuthnSignProgress) => void;\n\n/**\n * Optional handler for progress updates.\n */\nexport interface WebAuthnSignProgressArgs {\n onProgress?: WebAuthnSignProgressFn;\n}\n", "import {nonNullish} from '@dfinity/utils';\n\n/**\n * Checks if a user-verifying platform authenticator (passkeys) is available on this device / browser.\n *\n * Returns `true` when:\n * 1) `window.PublicKeyCredential` exists, and\n * 2) the browser reports a user-verifying **platform** authenticator is available\n * (e.g., Touch ID, Windows Hello, Android biometrics/PIN).\n *\n * @returns {Promise<boolean>} `true` if an authenticator is available, otherwise `false`.\n */\nexport const isWebAuthnAvailable = async (): Promise<boolean> => {\n if (\n nonNullish(window.PublicKeyCredential) &&\n 'isUserVerifyingPlatformAuthenticatorAvailable' in PublicKeyCredential\n ) {\n return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();\n }\n\n return false;\n};\n"],
5
+ "mappings": ";;AAAA,OAAQ,6BAAAA,MAAgC,iBAwBjC,IAAMC,EAAgB,CAAC,CAC5B,SAAAC,CACF,IAK+B,CAC7B,GAAIA,EAAS,WAAa,GACxB,MAAO,CAAC,gBAAiB,IAAI,EAG/B,GAAIA,EAAS,WAAa,GACxB,MAAO,CAAC,gBAAiB,IAAI,EAG/B,IAAMC,EAAQD,EAAS,MAAM,GAAI,EAAE,EAE7BE,EAASC,EAAc,CAAC,MAAAF,CAAK,CAAC,EAEpC,MAAI,WAAYC,EACP,CAAC,YAAaD,EAAO,WAAYC,EAAO,MAAM,EAGhD,CAAC,gBAAiB,IAAI,CAC/B,EAaaC,EAAgB,CAAC,CAC5B,MAAAF,CACF,IAEyE,CACvE,GAAIA,EAAM,SAAW,GACnB,MAAO,CAAC,aAAc,IAAI,EAO5B,IAAMG,GAJOH,aAAiB,WAAaH,EAA0BG,CAAK,EAAIA,GAC3E,IAAKI,GAASA,EAAK,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAChD,KAAK,EAAE,EAES,QAAQ,oCAAqC,gBAAgB,EAIhF,OAAID,IAAW,uCACN,CAAC,gBAAiB,IAAI,EAGxB,CAAC,OAAAA,CAAM,CAChB,ECpFA,OAAQ,gBAAAE,EAAc,WAAAC,MAAwC,iBAmBvD,SAASC,EAAgBC,EAAkC,CAChE,IAAMC,EAAW,IAAI,SAAS,IAAI,YAAY,CAAC,CAAC,EAC1CC,EAAaF,EAAS,MAAM,GAAI,EAAE,EACxC,CAAC,GAAG,IAAI,WAAWE,CAAU,CAAC,EAAE,QAAQ,CAACC,EAAGC,IAAMH,EAAS,SAASG,EAAGD,CAAC,CAAC,EACzE,IAAME,EAAqBJ,EAAS,UAAU,CAAC,EAG/C,OAAOD,EAAS,MAAM,GAAKK,CAAkB,CAC/C,CAEO,SAASC,EAAsBC,EAAuC,CAC3E,OAAOT,EAAQS,EAAMV,CAAY,CACnC,CCZO,IAAMW,EAAN,KAAkD,CAGhD,YAAsBC,EAAuB,CAAvB,WAAAA,EAC3B,KAAKC,GAAcC,EAAsBF,CAAK,CAChD,CAJSC,GAMF,OAA6B,CAClC,OAAO,KAAKA,EACd,CAEO,OAAoB,CACzB,OAAO,IAAI,WAAW,KAAKA,EAAW,CACxC,CACF,ECjCA,OAAQ,sBAAAE,MAAyB,iBA8B1B,IAAeC,EAAf,KAAkC,CAC9BC,GACAC,GAOT,YAAY,CAAC,MAAOC,EAAc,KAAAC,CAAI,EAA+B,CACnE,KAAKH,GAAgBE,EACrB,KAAKD,GAAa,IAAIG,EAAcD,CAAI,CAC1C,CAKA,cAAmC,CACjC,OAAO,KAAKF,EACd,CAKA,iBAA8B,CAC5B,OAAO,KAAKD,EACd,CAKA,qBAA8B,CAC5B,OAAOK,EAAmB,KAAKL,EAAa,CAC9C,CACF,EAMaM,EAAN,cAAoCP,CAAmB,CACnDQ,GACAC,GAQT,YAAY,CAAC,SAAAC,EAAU,GAAGC,CAAI,EAAkC,CAC9D,MAAMA,CAAI,EAEV,IAAMC,EAAeC,EAAc,CAAC,SAAAH,CAAQ,CAAC,EAC7C,KAAKF,GAAc,eAAgBI,EAAeA,EAAa,WAAa,OAC5E,KAAKH,GAAe,gBAAiBG,EAAeA,EAAa,YAAc,MACjF,CAKA,WAAoC,CAClC,OAAO,KAAKH,EACd,CAKA,eAAoC,CAClC,OAAO,KAAKD,EACd,CACF,EAMaM,EAAN,cAAyCd,CAAmB,CAAC,EC3G7D,IAAMe,EAAN,cAA4C,KAAM,CAAC,EAC7CC,EAAN,cAA4D,KAAM,CAAC,EAC7DC,EAAN,cAA+D,KAAM,CAAC,EAChEC,EAAN,cAA0D,KAAM,CAAC,EAC3DC,EAAN,cAAiD,KAAM,CAAC,EAClDC,EAAN,cAAuD,KAAM,CAAC,EACxDC,EAAN,cAAuD,KAAM,CAAC,EAExDC,EAAN,cAAuD,KAAM,CAAC,EAExDC,EAAN,cAA+C,KAAM,CAAC,ECV7D,OAAQ,QAAAC,EAAsB,gBAAAC,MAAmB,iBACjD,OAAQ,2BAAAC,EAAyB,aAAAC,EAAW,oBAAAC,MAAuB,iBCI5D,IAAMC,EAA6B,CACxC,kBAAmB,GACnB,gBAAiB,IACnB,EAEaC,EAA8B,ICN3C,IAAMC,EAAc,IAAoB,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAUlFC,EAAkB,IAAoBD,EAAY,EASlDE,EAAe,IAAoBF,EAAY,EAE/CG,EAAW,IAAc,CAC7B,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAI,CACF,GAAM,CAAC,SAAAD,CAAQ,EAAI,IAAI,IAAIC,CAAI,EAC/B,OAAOD,CACT,MAAQ,CACN,MAAM,IAAIE,CACZ,CACF,EAEMC,EAAiB,CAAC,CAAC,MAAAC,CAAK,IAA6CA,GAAO,IAAMJ,EAAS,EAEpFK,EAAuB,CAAC,CACnC,MAAAD,EACA,KAAME,CACR,EAA0B,CAAC,IAA0C,CACnE,GAAM,CACJ,SAAU,CAAC,MAAOC,CAAI,CACxB,EAAI,OAEEC,EAAe,KAAuD,CAC1E,GAAI,CAEF,KAAMJ,GAAO,MAAQG,EACrB,GAAIJ,EAAe,CAAC,MAAAC,CAAK,CAAC,CAC5B,CACF,GAEMK,EAAO,KAAyD,CACpE,KAAM,CACJ,GAAIV,EAAa,EACjB,KAAMO,GAAa,MAAQA,GAAa,aAAeC,EACvD,YAAaD,GAAa,aAAeC,CAC3C,CACF,GAEA,MAAO,CAEL,YAAa,SACb,UAAWT,EAAgB,EAC3B,GAAGU,EAAa,EAChB,GAAGC,EAAK,EACR,iBAAkB,OAAO,OAAOC,CAA0B,EAAE,IAAKC,IAAe,CAC9E,KAAM,aACN,IAAKA,CACP,EAAE,EACF,mBAAoB,CAAC,EACrB,uBAAwB,CAGtB,wBAAyB,WACzB,iBAAkB,YAElB,YAAa,WACb,mBAAoB,EACtB,CACF,CACF,EAEaC,EAAyB,CACpCC,EAA0B,CAAC,KAC+B,CAC1D,KAAMV,EAAeU,CAAO,EAC5B,iBAAkB,CAAC,EACnB,iBAAkB,UACpB,GC3FO,IAAMC,EAAU,MAAU,CAC/B,GAAAC,EACA,KAAAC,EACA,WAAAC,CACF,IAG2C,CACzCA,IAAa,CACX,KAAAD,EACA,MAAO,aACT,CAAC,EAED,GAAI,CACF,IAAME,EAAS,MAAMH,EAAG,EAExB,OAAAE,IAAa,CACX,KAAAD,EACA,MAAO,SACT,CAAC,EAEME,CACT,OAASC,EAAc,CACrB,MAAAF,IAAa,CACX,KAAAD,EACA,MAAO,OACT,CAAC,EAEKG,CACR,CACF,EC7BO,IAAKC,OAEVA,IAAA,uDAEAA,IAAA,+CAEAA,IAAA,qBANUA,OAAA,IJsCZ,IAAMC,EAAoB,CAAC,CACzB,QAAAC,CACF,IACE,YAAY,QAAQA,GAAWC,CAA2B,EAEtDC,EAAsB,MAAO,CACjC,UAAAC,EACA,cAAAC,EACA,eAAAC,EACA,QAAAL,CACF,IAIE,MAAM,UAAU,YAAY,IAAI,CAC9B,UAAW,CACT,GAAGM,EAAuBD,CAAc,EACxC,UAAWF,EAAU,OACrB,kBAAmBC,GAAiB,CAAC,GAAG,IAAKG,IAAQ,CACnD,GAAIA,EAAG,OACP,KAAM,YACR,EAAE,CACJ,EACA,OAAQR,EAAkB,CAAC,QAAAC,CAAO,CAAC,CACrC,CAAC,EAMGQ,EAK6BC,GAAkC,CACnE,GAAIA,EAAM,SAAW,cACnB,MAAM,IAAIC,CAEd,EAEMC,EAEmCC,GAAwC,CAC/E,GAAIC,EAAUD,CAAU,EACtB,MAAM,IAAIE,CAEd,EAEMC,EAEyD,CAAC,CAAC,KAAAC,CAAI,IAAwB,CAC3F,GAAIA,IAAS,aACX,MAAM,IAAIC,CAEd,EAYaC,EAAN,MAAMC,UAAuDC,CAAa,CACtEC,GACTC,GAWQ,YAAY,CAClB,WAAAC,EACA,GAAGC,CACL,EAIK,CAKH,GAJA,MAAM,EAEN,KAAKH,GAAkBE,EAEnB,sBAAuBC,EAAM,CAC/B,GAAM,CAAC,kBAAAC,CAAiB,EAAID,EAE5B,KAAKF,GAAS,CACZ,OAAQ,UACR,kBAAAG,CACF,EAEA,MACF,CAEA,KAAKH,GAASH,EAAiBO,GAAwB,CACrD,WAAY,IAAIC,EAAsBH,CAAI,CAC5C,CAAC,CACH,CAEA,MAAOE,GAAsD,CAC3D,WAAAd,CACF,EAEqB,CACnB,MAAO,CACL,OAAQ,cACR,WAAYA,CACd,CACF,CAWA,aAAa,wBAAwB,CACnC,eAAAP,EACA,QAAAL,EACA,GAAG4B,CACL,EAAiD,CAAC,EAEhD,CACA,IAAMhB,EAAa,MAAM,UAAU,YAAY,OAAO,CACpD,UAAWiB,EAAqBxB,CAAc,EAC9C,OAAQN,EAAkB,CAAC,QAAAC,CAAO,CAAC,CACrC,CAAC,EAEDW,EAA2BC,CAAU,EACrCG,EAA0BH,CAAU,EAEpC,GAAM,CACJ,SAAU,CAAC,kBAAAkB,CAAiB,EAC5B,MAAAC,CACF,EAAInB,EAEJ,GAAIC,EAAUiB,CAAiB,EAC7B,MAAM,IAAIE,EAKZ,GAAM,CAAC,SAAAC,CAAQ,EAAIC,EAAK,OACtBC,EAAwBL,CAAiB,CAC3C,EAEMM,EAAOC,EAAgBJ,CAAQ,EAErC,OAAO,IAAId,EAAwC,CACjD,GAAGS,EACH,MAAOO,EAAwBJ,CAAK,EACpC,KAAAK,EACA,SAAAH,CACF,CAAC,CACH,CAUA,aAAa,6BACXT,EACuD,CACvD,OAAO,IAAIL,EAA6CK,CAAI,CAC9D,CASS,cAAmC,CAC1ChB,EAA+B,KAAKc,EAAM,EAE1C,GAAM,CAAC,WAAAV,CAAU,EAAI,KAAKU,GAE1B,OAAOV,EAAW,aAAa,CACjC,CAYA,eAAmB,CACjBJ,EAA+B,KAAKc,EAAM,EAE1C,GAAM,CAAC,WAAAV,CAAU,EAAI,KAAKU,GAE1B,OAAOV,CACT,CAQA,MAAe,KAAK0B,EAAsC,CAgBxD,IAAM1B,EAAa,MAAM2B,EAAQ,CAC/B,GAfwB,SAA0C,CAClE,IAAM3B,EAAa,MAAMV,EAAoB,CAC3C,UAAWoC,EACX,GAAI,KAAKhB,GAAO,SAAW,eAAiB,CAC1C,cAAe,CAAC,KAAKA,GAAO,WAAW,gBAAgB,CAAC,CAC1D,CACF,CAAC,EAED,OAAAX,EAA2BC,CAAU,EACrCG,EAA0BH,CAAU,EAE7BA,CACT,EAIE,OACA,WAAY,KAAKS,EACnB,CAAC,EAsCD,aAAMkB,EAAQ,CACZ,GApC2B,SAAY,CACvC,GAAM,CAAC,MAAAR,CAAK,EAAInB,EAIhB,GAAI,KAAKU,GAAO,SAAW,cAAe,CACxC,GACE,CAACkB,EAAiB,CAChB,EAAG,KAAKlB,GAAO,WAAW,gBAAgB,EAC1C,EAAGa,EAAwBJ,CAAK,CAClC,CAAC,EAED,MAAM,IAAIU,EAGZ,MACF,CAKA,GAAM,CAAC,kBAAAhB,CAAiB,EAAI,KAAKH,GAE3Bc,EAAO,MAAMX,EAAkB,CACnC,aAAcU,EAAwBJ,CAAK,CAC7C,CAAC,EAED,KAAKT,GAASH,EAAiBO,GAAwB,CACrD,WAAY,IAAIgB,EAA2B,CACzC,MAAOP,EAAwBJ,CAAK,EACpC,KAAAK,CACF,CAAC,CACH,CAAC,CACH,EAIE,OACA,WAAY,KAAKf,EACnB,CAAC,EA0CM,MAAMkB,EAAQ,CACnB,GAvCsB,SAAgC,CACtD,GAAM,CAAC,SAAAI,CAAQ,EAAI/B,EAEb,CAAC,eAAAgC,CAAc,EAAID,EAInB,CAAC,kBAAAE,EAAmB,UAAAC,CAAS,EACjC,sBAAuBH,GAAY,cAAeA,EAC7CA,EACD,CAAC,EAEP,GAAI9B,EAAUgC,CAAiB,EAC7B,MAAM,IAAIE,EAGZ,GAAIlC,EAAUiC,CAAS,EACrB,MAAM,IAAIC,EAGZ,IAAMC,EAAUd,EAAK,OAAO,CAC1B,mBAAoBW,EACpB,iBAAkB,IAAI,YAAY,EAAE,OAAOD,CAAc,EACzD,UAAWT,EAAwBW,CAAS,CAC9C,CAAC,EAED,GAAIjC,EAAUmC,CAAO,EACnB,MAAM,IAAIC,EAIZ,cAAO,OAAOD,EAAS,CACrB,cAAe,MACjB,CAAC,EAEMA,CACT,EAIE,OACA,WAAY,KAAK3B,EACnB,CAAC,CACH,CACF,EKpXA,OAAQ,cAAA6B,OAAiB,iBAYlB,IAAMC,GAAsB,SAE/BD,GAAW,OAAO,mBAAmB,GACrC,kDAAmD,oBAE5C,MAAM,oBAAoB,8CAA8C,EAG1E",
6
+ "names": ["uint8ArrayToArrayOfNumber", "extractAAGUID", "authData", "bytes", "result", "bytesToAAGUID", "aaguid", "byte", "DER_COSE_OID", "wrapDER", "_authDataToCose", "authData", "dataView", "idLenBytes", "v", "i", "credentialIdLength", "_coseToDerEncodedBlob", "cose", "CosePublicKey", "_cose", "#encodedKey", "_coseToDerEncodedBlob", "uint8ArrayToBase64", "WebAuthnCredential", "#credentialId", "#publicKey", "credentialId", "cose", "CosePublicKey", "uint8ArrayToBase64", "WebAuthnNewCredential", "#aaguidText", "#aaguidBytes", "authData", "rest", "optionAaguid", "extractAAGUID", "WebAuthnExistingCredential", "WebAuthnIdentityHostnameError", "WebAuthnIdentityCredentialNotInitializedError", "WebAuthnIdentityCreateCredentialOnTheDeviceError", "WebAuthnIdentityCredentialNotPublicKeyError", "WebAuthnIdentityNoAttestationError", "WebAuthnIdentityInvalidCredentialIdError", "WebAuthnIdentityEncodeCborSignatureError", "WebAuthnIdentityNoAuthenticatorDataError", "WebAuthnIdentityNoSignatureError", "Cbor", "SignIdentity", "arrayBufferToUint8Array", "isNullish", "uint8ArraysEqual", "PUBLIC_KEY_COSE_ALGORITHMS", "AUTHENTICATOR_ABORT_TIMEOUT", "randomValue", "createChallenge", "createUserId", "hostname", "href", "WebAuthnIdentityHostnameError", "relyingPartyId", "appId", "createPasskeyOptions", "userOptions", "name", "relyingParty", "user", "PUBLIC_KEY_COSE_ALGORITHMS", "algorithm", "retrievePasskeyOptions", "options", "execute", "fn", "step", "onProgress", "result", "err", "WebAuthnSignProgressStep", "createAbortSignal", "timeout", "AUTHENTICATOR_ABORT_TIMEOUT", "retrieveCredentials", "challenge", "credentialIds", "passkeyOptions", "retrievePasskeyOptions", "id", "assertWebAuthnStateInitialized", "state", "WebAuthnIdentityCredentialNotInitializedError", "assertNonNullishCredential", "credential", "isNullish", "WebAuthnIdentityCreateCredentialOnTheDeviceError", "assertCredentialPublicKey", "type", "WebAuthnIdentityCredentialNotPublicKeyError", "WebAuthnIdentity", "_WebAuthnIdentity", "SignIdentity", "#onSignProgress", "#state", "onProgress", "args", "retrievePublicKey", "#createInitializedState", "WebAuthnNewCredential", "restArgs", "createPasskeyOptions", "attestationObject", "rawId", "WebAuthnIdentityNoAttestationError", "authData", "Cbor", "arrayBufferToUint8Array", "cose", "_authDataToCose", "blob", "execute", "uint8ArraysEqual", "WebAuthnIdentityInvalidCredentialIdError", "WebAuthnExistingCredential", "response", "clientDataJSON", "authenticatorData", "signature", "WebAuthnIdentityNoAuthenticatorDataError", "encoded", "WebAuthnIdentityEncodeCborSignatureError", "nonNullish", "isWebAuthnAvailable"]
7
7
  }