@moon-x/core 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -0
- package/dist/index.mjs +1 -1
- package/dist/{interfaces-9k0eKCc4.d.ts → interfaces-Bm7fGOAI.d.ts} +73 -24
- package/dist/{interfaces-fNhwnCeY.d.mts → interfaces-CYtJHALV.d.mts} +73 -24
- package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.mts} +2 -0
- package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.ts} +2 -0
- package/dist/react/index.d.mts +1 -0
- package/dist/react/index.d.ts +1 -0
- package/dist/react/index.js +2 -1
- package/dist/react/index.mjs +2 -1
- package/dist/sdk/index.d.mts +26 -12
- package/dist/sdk/index.d.ts +26 -12
- package/dist/sdk/index.js +57 -8
- package/dist/sdk/index.mjs +46 -8
- package/dist/types/index.d.mts +19 -3
- package/dist/types/index.d.ts +19 -3
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +23 -116
- package/dist/web/index.mjs +24 -60
- package/package.json +6 -2
package/dist/sdk/index.js
CHANGED
|
@@ -34,7 +34,8 @@ __export(sdk_exports, {
|
|
|
34
34
|
getHeadlessAuthenticationMethods: () => getHeadlessAuthenticationMethods,
|
|
35
35
|
getHeadlessEthereumMethods: () => getHeadlessEthereumMethods,
|
|
36
36
|
getHeadlessGeneralMethods: () => getHeadlessGeneralMethods,
|
|
37
|
-
getHeadlessSolanaMethods: () => getHeadlessSolanaMethods
|
|
37
|
+
getHeadlessSolanaMethods: () => getHeadlessSolanaMethods,
|
|
38
|
+
getPresenceToken: () => getPresenceToken
|
|
38
39
|
});
|
|
39
40
|
module.exports = __toCommonJS(sdk_exports);
|
|
40
41
|
|
|
@@ -282,6 +283,16 @@ var PostMessageMethod = {
|
|
|
282
283
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
283
284
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
284
285
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
286
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
287
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
288
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
289
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
290
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
291
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
292
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
293
|
+
// the server. The server also defensively never reads it.
|
|
294
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
295
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
285
296
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
286
297
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
287
298
|
// to learn which credential IDs to put in allowCredentials and to
|
|
@@ -306,7 +317,8 @@ var assertPasskeyInParent = async ({
|
|
|
306
317
|
transport,
|
|
307
318
|
passkey,
|
|
308
319
|
publishableKey,
|
|
309
|
-
requireFreshAssertion = false
|
|
320
|
+
requireFreshAssertion = false,
|
|
321
|
+
validateCredentialInAllowList = false
|
|
310
322
|
}) => {
|
|
311
323
|
if (!requireFreshAssertion) {
|
|
312
324
|
const cached = readParentAssertCache();
|
|
@@ -332,6 +344,9 @@ var assertPasskeyInParent = async ({
|
|
|
332
344
|
challenge,
|
|
333
345
|
allowCredentials: []
|
|
334
346
|
});
|
|
347
|
+
if (validateCredentialInAllowList && !allowList.includes(credential.rawIdB64url)) {
|
|
348
|
+
throw new Error("unknown_passkey_for_this_account");
|
|
349
|
+
}
|
|
335
350
|
const result = {
|
|
336
351
|
userHandleB64url: credential.userHandleB64url,
|
|
337
352
|
credentialIdB64url: credential.rawIdB64url
|
|
@@ -340,6 +355,35 @@ var assertPasskeyInParent = async ({
|
|
|
340
355
|
return result;
|
|
341
356
|
};
|
|
342
357
|
|
|
358
|
+
// src/sdk/get-presence-token.ts
|
|
359
|
+
var getPresenceToken = async ({
|
|
360
|
+
transport,
|
|
361
|
+
passkey,
|
|
362
|
+
publishableKey,
|
|
363
|
+
relyingPartyOrigin
|
|
364
|
+
}) => {
|
|
365
|
+
const { token, optionsJSON } = await transport.send(
|
|
366
|
+
PostMessageType.AUTH,
|
|
367
|
+
PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
|
|
368
|
+
{ publishableKey, relyingPartyOrigin }
|
|
369
|
+
);
|
|
370
|
+
const response = await passkey.assertForServer({ optionsJSON });
|
|
371
|
+
const verify = await transport.send(
|
|
372
|
+
PostMessageType.AUTH,
|
|
373
|
+
PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
|
|
374
|
+
{
|
|
375
|
+
publishableKey,
|
|
376
|
+
relyingPartyOrigin,
|
|
377
|
+
token,
|
|
378
|
+
response
|
|
379
|
+
}
|
|
380
|
+
);
|
|
381
|
+
return {
|
|
382
|
+
presenceToken: verify.presence_token,
|
|
383
|
+
expiresAt: verify.expires_at
|
|
384
|
+
};
|
|
385
|
+
};
|
|
386
|
+
|
|
343
387
|
// src/sdk/headless-ethereum.ts
|
|
344
388
|
var getHeadlessEthereumMethods = ({
|
|
345
389
|
transport,
|
|
@@ -624,13 +668,17 @@ var getHeadlessSolanaMethods = ({
|
|
|
624
668
|
var getHeadlessAuthenticationMethods = ({
|
|
625
669
|
transport,
|
|
626
670
|
publishableKey,
|
|
627
|
-
emailConfig,
|
|
628
671
|
setIsAuthenticated,
|
|
629
672
|
setUser
|
|
630
673
|
}) => ({
|
|
631
|
-
/**
|
|
674
|
+
/**
|
|
675
|
+
* Send a one-time passcode to the user's email address. Returns the
|
|
676
|
+
* server's response — most importantly `expires_at` (unix seconds),
|
|
677
|
+
* which the UI uses to render a countdown that cannot drift from the
|
|
678
|
+
* authoritative server-side TTL.
|
|
679
|
+
*/
|
|
632
680
|
sendCode: async (params) => {
|
|
633
|
-
await transport.send(
|
|
681
|
+
const response = await transport.send(
|
|
634
682
|
PostMessageType.AUTH,
|
|
635
683
|
PostMessageMethod.LOGIN_CREATE,
|
|
636
684
|
{
|
|
@@ -641,6 +689,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
641
689
|
);
|
|
642
690
|
authState.clearEmail();
|
|
643
691
|
authState.setEmail(params.email);
|
|
692
|
+
return response;
|
|
644
693
|
},
|
|
645
694
|
/**
|
|
646
695
|
* Verify the OTP and complete the login. The iframe-app handles
|
|
@@ -656,8 +705,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
656
705
|
{
|
|
657
706
|
email,
|
|
658
707
|
code: params.code,
|
|
659
|
-
publishableKey
|
|
660
|
-
expiresIn: emailConfig?.expiresIn
|
|
708
|
+
publishableKey
|
|
661
709
|
}
|
|
662
710
|
);
|
|
663
711
|
authState.clearEmail();
|
|
@@ -860,5 +908,6 @@ var getHeadlessGeneralMethods = ({
|
|
|
860
908
|
getHeadlessAuthenticationMethods,
|
|
861
909
|
getHeadlessEthereumMethods,
|
|
862
910
|
getHeadlessGeneralMethods,
|
|
863
|
-
getHeadlessSolanaMethods
|
|
911
|
+
getHeadlessSolanaMethods,
|
|
912
|
+
getPresenceToken
|
|
864
913
|
});
|
package/dist/sdk/index.mjs
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import {
|
|
2
2
|
PostMessageMethod,
|
|
3
3
|
PostMessageType
|
|
4
|
-
} from "../chunk-
|
|
4
|
+
} from "../chunk-VVL65GIB.mjs";
|
|
5
5
|
import {
|
|
6
6
|
arrayLikeToBytes,
|
|
7
7
|
authState,
|
|
@@ -22,7 +22,8 @@ var assertPasskeyInParent = async ({
|
|
|
22
22
|
transport,
|
|
23
23
|
passkey,
|
|
24
24
|
publishableKey,
|
|
25
|
-
requireFreshAssertion = false
|
|
25
|
+
requireFreshAssertion = false,
|
|
26
|
+
validateCredentialInAllowList = false
|
|
26
27
|
}) => {
|
|
27
28
|
if (!requireFreshAssertion) {
|
|
28
29
|
const cached = readParentAssertCache();
|
|
@@ -48,6 +49,9 @@ var assertPasskeyInParent = async ({
|
|
|
48
49
|
challenge,
|
|
49
50
|
allowCredentials: []
|
|
50
51
|
});
|
|
52
|
+
if (validateCredentialInAllowList && !allowList.includes(credential.rawIdB64url)) {
|
|
53
|
+
throw new Error("unknown_passkey_for_this_account");
|
|
54
|
+
}
|
|
51
55
|
const result = {
|
|
52
56
|
userHandleB64url: credential.userHandleB64url,
|
|
53
57
|
credentialIdB64url: credential.rawIdB64url
|
|
@@ -56,6 +60,35 @@ var assertPasskeyInParent = async ({
|
|
|
56
60
|
return result;
|
|
57
61
|
};
|
|
58
62
|
|
|
63
|
+
// src/sdk/get-presence-token.ts
|
|
64
|
+
var getPresenceToken = async ({
|
|
65
|
+
transport,
|
|
66
|
+
passkey,
|
|
67
|
+
publishableKey,
|
|
68
|
+
relyingPartyOrigin
|
|
69
|
+
}) => {
|
|
70
|
+
const { token, optionsJSON } = await transport.send(
|
|
71
|
+
PostMessageType.AUTH,
|
|
72
|
+
PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
|
|
73
|
+
{ publishableKey, relyingPartyOrigin }
|
|
74
|
+
);
|
|
75
|
+
const response = await passkey.assertForServer({ optionsJSON });
|
|
76
|
+
const verify = await transport.send(
|
|
77
|
+
PostMessageType.AUTH,
|
|
78
|
+
PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
|
|
79
|
+
{
|
|
80
|
+
publishableKey,
|
|
81
|
+
relyingPartyOrigin,
|
|
82
|
+
token,
|
|
83
|
+
response
|
|
84
|
+
}
|
|
85
|
+
);
|
|
86
|
+
return {
|
|
87
|
+
presenceToken: verify.presence_token,
|
|
88
|
+
expiresAt: verify.expires_at
|
|
89
|
+
};
|
|
90
|
+
};
|
|
91
|
+
|
|
59
92
|
// src/sdk/headless-ethereum.ts
|
|
60
93
|
var getHeadlessEthereumMethods = ({
|
|
61
94
|
transport,
|
|
@@ -340,13 +373,17 @@ var getHeadlessSolanaMethods = ({
|
|
|
340
373
|
var getHeadlessAuthenticationMethods = ({
|
|
341
374
|
transport,
|
|
342
375
|
publishableKey,
|
|
343
|
-
emailConfig,
|
|
344
376
|
setIsAuthenticated,
|
|
345
377
|
setUser
|
|
346
378
|
}) => ({
|
|
347
|
-
/**
|
|
379
|
+
/**
|
|
380
|
+
* Send a one-time passcode to the user's email address. Returns the
|
|
381
|
+
* server's response — most importantly `expires_at` (unix seconds),
|
|
382
|
+
* which the UI uses to render a countdown that cannot drift from the
|
|
383
|
+
* authoritative server-side TTL.
|
|
384
|
+
*/
|
|
348
385
|
sendCode: async (params) => {
|
|
349
|
-
await transport.send(
|
|
386
|
+
const response = await transport.send(
|
|
350
387
|
PostMessageType.AUTH,
|
|
351
388
|
PostMessageMethod.LOGIN_CREATE,
|
|
352
389
|
{
|
|
@@ -357,6 +394,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
357
394
|
);
|
|
358
395
|
authState.clearEmail();
|
|
359
396
|
authState.setEmail(params.email);
|
|
397
|
+
return response;
|
|
360
398
|
},
|
|
361
399
|
/**
|
|
362
400
|
* Verify the OTP and complete the login. The iframe-app handles
|
|
@@ -372,8 +410,7 @@ var getHeadlessAuthenticationMethods = ({
|
|
|
372
410
|
{
|
|
373
411
|
email,
|
|
374
412
|
code: params.code,
|
|
375
|
-
publishableKey
|
|
376
|
-
expiresIn: emailConfig?.expiresIn
|
|
413
|
+
publishableKey
|
|
377
414
|
}
|
|
378
415
|
);
|
|
379
416
|
authState.clearEmail();
|
|
@@ -575,5 +612,6 @@ export {
|
|
|
575
612
|
getHeadlessAuthenticationMethods,
|
|
576
613
|
getHeadlessEthereumMethods,
|
|
577
614
|
getHeadlessGeneralMethods,
|
|
578
|
-
getHeadlessSolanaMethods
|
|
615
|
+
getHeadlessSolanaMethods,
|
|
616
|
+
getPresenceToken
|
|
579
617
|
};
|
package/dist/types/index.d.mts
CHANGED
|
@@ -205,6 +205,23 @@ interface IdentityTokenClaims extends BaseTokenClaims {
|
|
|
205
205
|
picture?: string;
|
|
206
206
|
[key: string]: unknown;
|
|
207
207
|
}
|
|
208
|
+
/**
|
|
209
|
+
* Presence-token claims. Minted after a verified passkey assertion
|
|
210
|
+
* (the parent-side "step-up" ceremony). Customer backends verify these
|
|
211
|
+
* via the app's JWKS to gate high-risk routes without holding their
|
|
212
|
+
* own session/step-up model. Short-lived (5min by default, server-side
|
|
213
|
+
* configurable).
|
|
214
|
+
*
|
|
215
|
+
* `tt: "presence"` is the type discriminator — the verify primitive
|
|
216
|
+
* rejects anything else, so a long-lived access token cannot be
|
|
217
|
+
* substituted for a presence proof.
|
|
218
|
+
*/
|
|
219
|
+
interface PresenceTokenClaims extends BaseTokenClaims {
|
|
220
|
+
/** Token type discriminator. Always "presence" for this shape. */
|
|
221
|
+
tt: "presence";
|
|
222
|
+
/** Base64url credential id of the WebAuthn credential that asserted. */
|
|
223
|
+
cid: string;
|
|
224
|
+
}
|
|
208
225
|
/** Result of `@moon-x/node-sdk`'s `client.auth.verifySession(...)`. */
|
|
209
226
|
interface VerifiedSession {
|
|
210
227
|
access: AccessTokenClaims;
|
|
@@ -728,7 +745,6 @@ interface PasskeyEnrollConfig {
|
|
|
728
745
|
}
|
|
729
746
|
interface EmailOtpConfig {
|
|
730
747
|
skipVerifiedSuccess?: boolean;
|
|
731
|
-
expiresIn?: number;
|
|
732
748
|
verifiedDisplayTime?: number;
|
|
733
749
|
verifyEmailTitle?: string;
|
|
734
750
|
verifyEmailResendTitle?: string;
|
|
@@ -897,7 +913,6 @@ interface AuthProviderConfig {
|
|
|
897
913
|
interface SendEmailOtpRequest {
|
|
898
914
|
publishableKey: string;
|
|
899
915
|
email: string;
|
|
900
|
-
expiresIn?: number;
|
|
901
916
|
}
|
|
902
917
|
interface VerifyEmailOtpRequest {
|
|
903
918
|
publishableKey: string;
|
|
@@ -906,6 +921,7 @@ interface VerifyEmailOtpRequest {
|
|
|
906
921
|
}
|
|
907
922
|
interface SendEmailOtpResponse {
|
|
908
923
|
ok: boolean;
|
|
924
|
+
expires_at: number;
|
|
909
925
|
}
|
|
910
926
|
interface VerifyEmailOtpUser {
|
|
911
927
|
id: string;
|
|
@@ -1187,4 +1203,4 @@ interface WalletVerifyRequest {
|
|
|
1187
1203
|
sessionExpiresIn: number;
|
|
1188
1204
|
}
|
|
1189
1205
|
|
|
1190
|
-
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
|
1206
|
+
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
package/dist/types/index.d.ts
CHANGED
|
@@ -205,6 +205,23 @@ interface IdentityTokenClaims extends BaseTokenClaims {
|
|
|
205
205
|
picture?: string;
|
|
206
206
|
[key: string]: unknown;
|
|
207
207
|
}
|
|
208
|
+
/**
|
|
209
|
+
* Presence-token claims. Minted after a verified passkey assertion
|
|
210
|
+
* (the parent-side "step-up" ceremony). Customer backends verify these
|
|
211
|
+
* via the app's JWKS to gate high-risk routes without holding their
|
|
212
|
+
* own session/step-up model. Short-lived (5min by default, server-side
|
|
213
|
+
* configurable).
|
|
214
|
+
*
|
|
215
|
+
* `tt: "presence"` is the type discriminator — the verify primitive
|
|
216
|
+
* rejects anything else, so a long-lived access token cannot be
|
|
217
|
+
* substituted for a presence proof.
|
|
218
|
+
*/
|
|
219
|
+
interface PresenceTokenClaims extends BaseTokenClaims {
|
|
220
|
+
/** Token type discriminator. Always "presence" for this shape. */
|
|
221
|
+
tt: "presence";
|
|
222
|
+
/** Base64url credential id of the WebAuthn credential that asserted. */
|
|
223
|
+
cid: string;
|
|
224
|
+
}
|
|
208
225
|
/** Result of `@moon-x/node-sdk`'s `client.auth.verifySession(...)`. */
|
|
209
226
|
interface VerifiedSession {
|
|
210
227
|
access: AccessTokenClaims;
|
|
@@ -728,7 +745,6 @@ interface PasskeyEnrollConfig {
|
|
|
728
745
|
}
|
|
729
746
|
interface EmailOtpConfig {
|
|
730
747
|
skipVerifiedSuccess?: boolean;
|
|
731
|
-
expiresIn?: number;
|
|
732
748
|
verifiedDisplayTime?: number;
|
|
733
749
|
verifyEmailTitle?: string;
|
|
734
750
|
verifyEmailResendTitle?: string;
|
|
@@ -897,7 +913,6 @@ interface AuthProviderConfig {
|
|
|
897
913
|
interface SendEmailOtpRequest {
|
|
898
914
|
publishableKey: string;
|
|
899
915
|
email: string;
|
|
900
|
-
expiresIn?: number;
|
|
901
916
|
}
|
|
902
917
|
interface VerifyEmailOtpRequest {
|
|
903
918
|
publishableKey: string;
|
|
@@ -906,6 +921,7 @@ interface VerifyEmailOtpRequest {
|
|
|
906
921
|
}
|
|
907
922
|
interface SendEmailOtpResponse {
|
|
908
923
|
ok: boolean;
|
|
924
|
+
expires_at: number;
|
|
909
925
|
}
|
|
910
926
|
interface VerifyEmailOtpUser {
|
|
911
927
|
id: string;
|
|
@@ -1187,4 +1203,4 @@ interface WalletVerifyRequest {
|
|
|
1187
1203
|
sessionExpiresIn: number;
|
|
1188
1204
|
}
|
|
1189
1205
|
|
|
1190
|
-
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
|
1206
|
+
export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
|
package/dist/utils/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-
|
|
1
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-CmgAfkOS.mjs';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Get the appropriate MoonKey API URL based on environment configuration
|
package/dist/utils/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-
|
|
1
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-CmgAfkOS.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Get the appropriate MoonKey API URL based on environment configuration
|
package/dist/utils/index.js
CHANGED
|
@@ -156,6 +156,16 @@ var PostMessageMethod = {
|
|
|
156
156
|
// begin/verify HTTP calls (where the session JWT lives).
|
|
157
157
|
PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
|
|
158
158
|
PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
|
|
159
|
+
// Passkey-asserted step-up ("presence token"). Same split as register:
|
|
160
|
+
// parent owns the WebAuthn API call; iframe owns the begin/verify
|
|
161
|
+
// HTTP halves (where the session JWT lives). Mints a short-lived
|
|
162
|
+
// (`tt:"presence"`) JWT app backends can verify over JWKS.
|
|
163
|
+
// CRITICAL: parent MUST strip response.userHandle from the assertion
|
|
164
|
+
// before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
|
|
165
|
+
// material in MoonX's overloaded model and has no business reaching
|
|
166
|
+
// the server. The server also defensively never reads it.
|
|
167
|
+
PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
|
|
168
|
+
PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
|
|
159
169
|
GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
|
|
160
170
|
// Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
|
|
161
171
|
// to learn which credential IDs to put in allowCredentials and to
|
package/dist/utils/index.mjs
CHANGED
package/dist/web/index.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PostMessageClient } from '../post-message-
|
|
2
|
-
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-
|
|
1
|
+
import { P as PostMessageClient } from '../post-message-CmgAfkOS.mjs';
|
|
2
|
+
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-CYtJHALV.mjs';
|
|
3
3
|
|
|
4
4
|
declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
|
|
5
5
|
/**
|
package/dist/web/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { P as PostMessageClient } from '../post-message-
|
|
2
|
-
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-
|
|
1
|
+
import { P as PostMessageClient } from '../post-message-CmgAfkOS.js';
|
|
2
|
+
import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-Bm7fGOAI.js';
|
|
3
3
|
|
|
4
4
|
declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
|
|
5
5
|
/**
|
package/dist/web/index.js
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/web/index.ts
|
|
@@ -310,127 +300,44 @@ var createIframeTransport = ({
|
|
|
310
300
|
isReady
|
|
311
301
|
});
|
|
312
302
|
|
|
313
|
-
// src/lib/auth/authentication-state.ts
|
|
314
|
-
var AuthenticationState = class {
|
|
315
|
-
constructor() {
|
|
316
|
-
this.email = null;
|
|
317
|
-
}
|
|
318
|
-
setEmail(email) {
|
|
319
|
-
this.email = email;
|
|
320
|
-
}
|
|
321
|
-
getEmail() {
|
|
322
|
-
return this.email;
|
|
323
|
-
}
|
|
324
|
-
clearEmail() {
|
|
325
|
-
this.email = null;
|
|
326
|
-
}
|
|
327
|
-
clear() {
|
|
328
|
-
this.clearEmail();
|
|
329
|
-
}
|
|
330
|
-
};
|
|
331
|
-
var authState = new AuthenticationState();
|
|
332
|
-
|
|
333
|
-
// src/lib/passkey/passkey-codec.ts
|
|
334
|
-
var fromB64url = (b64url) => {
|
|
335
|
-
const base64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
|
|
336
|
-
const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
|
|
337
|
-
const binary = atob(padded);
|
|
338
|
-
const bytes = new Uint8Array(binary.length);
|
|
339
|
-
for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
|
|
340
|
-
return bytes;
|
|
341
|
-
};
|
|
342
|
-
var toB64url = (bytes) => {
|
|
343
|
-
let str = "";
|
|
344
|
-
for (let i = 0; i < bytes.length; i++) str += String.fromCharCode(bytes[i]);
|
|
345
|
-
return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
346
|
-
};
|
|
347
|
-
|
|
348
|
-
// src/lib/ethereum/chains.ts
|
|
349
|
-
var import_viem = require("viem");
|
|
350
|
-
|
|
351
|
-
// src/lib/ethereum/siwe.ts
|
|
352
|
-
var import_siwe = require("siwe");
|
|
353
|
-
var import_viem2 = require("viem");
|
|
354
|
-
|
|
355
|
-
// src/lib/ethereum/tx-prep.ts
|
|
356
|
-
var import_viem3 = require("viem");
|
|
357
|
-
|
|
358
|
-
// src/lib/solana/siws.ts
|
|
359
|
-
var nacl = __toESM(require("tweetnacl"));
|
|
360
|
-
|
|
361
|
-
// src/lib/solana/transaction-log-parser.ts
|
|
362
|
-
var import_web3 = require("@solana/web3.js");
|
|
363
|
-
var import_bn = __toESM(require("bn.js"));
|
|
364
|
-
|
|
365
303
|
// src/web/webauthn-passkey.ts
|
|
304
|
+
var import_browser = require("@simplewebauthn/browser");
|
|
366
305
|
var createWebAuthnPasskey = () => ({
|
|
367
306
|
assert: async ({ rpId, challenge }) => {
|
|
368
|
-
const
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
challenge: challengeBytes,
|
|
307
|
+
const result = await (0, import_browser.startAuthentication)({
|
|
308
|
+
optionsJSON: {
|
|
309
|
+
challenge,
|
|
372
310
|
rpId,
|
|
373
311
|
userVerification: "preferred",
|
|
374
|
-
// Empty allowCredentials → discoverable login → userHandle is
|
|
375
|
-
// REQUIRED on the response. See `parent-passkey-assert.ts`
|
|
376
|
-
// for the full rationale.
|
|
377
312
|
allowCredentials: []
|
|
378
313
|
}
|
|
379
314
|
});
|
|
380
|
-
if (!
|
|
381
|
-
const assertion = credential.response;
|
|
382
|
-
if (!assertion.userHandle) {
|
|
315
|
+
if (!result.response.userHandle) {
|
|
383
316
|
throw new Error("user_handle_missing");
|
|
384
317
|
}
|
|
385
318
|
return {
|
|
386
|
-
rawIdB64url:
|
|
387
|
-
userHandleB64url:
|
|
319
|
+
rawIdB64url: result.rawId,
|
|
320
|
+
userHandleB64url: result.response.userHandle
|
|
388
321
|
};
|
|
389
322
|
},
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
userId,
|
|
394
|
-
userName,
|
|
395
|
-
userDisplayName,
|
|
396
|
-
challenge,
|
|
397
|
-
excludeCredentials
|
|
398
|
-
}) => {
|
|
399
|
-
const challengeBytes = fromB64url(challenge);
|
|
400
|
-
const credential = await navigator.credentials.create({
|
|
401
|
-
publicKey: {
|
|
402
|
-
rp: { id: rpId, name: rpName },
|
|
403
|
-
user: {
|
|
404
|
-
id: userId,
|
|
405
|
-
name: userName,
|
|
406
|
-
displayName: userDisplayName
|
|
407
|
-
},
|
|
408
|
-
challenge: challengeBytes,
|
|
409
|
-
pubKeyCredParams: [
|
|
410
|
-
{ type: "public-key", alg: -7 },
|
|
411
|
-
// ES256
|
|
412
|
-
{ type: "public-key", alg: -257 }
|
|
413
|
-
// RS256
|
|
414
|
-
],
|
|
415
|
-
authenticatorSelection: {
|
|
416
|
-
residentKey: "required",
|
|
417
|
-
userVerification: "preferred"
|
|
418
|
-
},
|
|
419
|
-
excludeCredentials: (excludeCredentials ?? []).map((id) => ({
|
|
420
|
-
id: fromB64url(id),
|
|
421
|
-
type: "public-key"
|
|
422
|
-
}))
|
|
423
|
-
}
|
|
323
|
+
assertForServer: async ({ optionsJSON }) => {
|
|
324
|
+
const result = await (0, import_browser.startAuthentication)({
|
|
325
|
+
optionsJSON
|
|
424
326
|
});
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
327
|
+
const sanitized = {
|
|
328
|
+
id: result.id,
|
|
329
|
+
rawId: result.rawId,
|
|
330
|
+
type: result.type,
|
|
331
|
+
response: {
|
|
332
|
+
clientDataJSON: result.response.clientDataJSON,
|
|
333
|
+
authenticatorData: result.response.authenticatorData,
|
|
334
|
+
signature: result.response.signature,
|
|
335
|
+
userHandle: void 0
|
|
336
|
+
},
|
|
337
|
+
clientExtensionResults: result.clientExtensionResults,
|
|
338
|
+
authenticatorAttachment: result.authenticatorAttachment
|
|
433
339
|
};
|
|
340
|
+
return sanitized;
|
|
434
341
|
}
|
|
435
342
|
});
|
|
436
343
|
|