@nauth-toolkit/mfa-passkey 0.1.3

package/LICENSE

@@ -0,0 +1,90 @@
+NAUTH TOOLKIT EARLY ACCESS LICENSE
+Version 1.0 (December 2025)
+
+================================================================================
+FUTURE OPEN SOURCE NOTICE
+================================================================================
+NAuth Toolkit will transition to an open-source license (MIT or Apache 2.0) for
+core authentication features once the project reaches production readiness.
+
+This Early Access License is temporary and designed to:
+• Allow developers to build with nauth-toolkit during preview/beta
+• Provide clear expectations during the pre-release phase
+• Enable feedback and real-world testing before GA
+
+We're committed to keeping core auth free and open source. Premium features
+(enterprise SSO, advanced compliance, hosted options) will be offered separately
+under fair commercial terms.
+
+================================================================================
+EARLY ACCESS LICENSE TERMS
+================================================================================
+
+1. Grant of Use
+   You are granted a free, non-exclusive, non-transferable license to:
+   - Install and use nauth-toolkit packages in development, testing, staging,
+     and production environments
+   - Modify the code for your own internal use
+   - Deploy applications using nauth-toolkit to serve your users
+
+   You may NOT:
+   - Redistribute NAuth Toolkit as a standalone product or service
+   - Sell, sublicense, or offer NAuth Toolkit as part of a competing auth
+     platform or toolkit
+   - Remove or alter copyright notices
+
+2. No Fees During Early Access
+   There are no license fees, subscription costs, or usage charges during the
+   Early Access period. You may use nauth-toolkit freely for commercial and
+   non-commercial purposes within the terms of this license.
+
+3. Production Use
+   Production use is permitted but comes with standard early-access caveats:
+   - Features and APIs may change between preview releases
+   - Support is community-based (GitHub issues/discussions)
+   - No SLA or guaranteed uptime (you run it on your infrastructure)
+
+   We recommend thorough testing and having rollback plans for critical systems.
+
+4. Future Transition
+   When nauth-toolkit releases v1.0 GA:
+   - Core packages will adopt an open-source license (MIT or Apache 2.0)
+   - Your existing deployments will continue to work
+   - Premium features (if any) will be clearly documented with separate licensing
+   - No forced upgrades or surprise fees
+
+5. Ownership
+   NAuth Toolkit is developed and maintained by Noorix Digital Solutions.
+   You retain full ownership of your applications and data.
+
+6. Data and Privacy
+   NAuth Toolkit runs in YOUR infrastructure and database. You control all data.
+   You are responsible for compliance with applicable data protection laws.
+
+7. Disclaimer of Warranty
+   THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
+
+8. Limitation of Liability
+   IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
+   SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS
+   OF PROFITS, REVENUE, DATA, OR USE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGES.
+
+9. Termination
+   This license remains in effect until:
+   - You stop using nauth-toolkit, or
+   - The project transitions to open source (at which point the new license applies)
+
+   If you breach these terms, your license terminates and you must stop using the
+   software.
+
+10. Contact and Support
+    - Documentation: https://nauth.dev
+    - Issues/Discussions: GitHub (when public repository launches)
+    - Commercial inquiries: Contact admin@noorix.com
+
+================================================================================
+Thank you for being an early adopter. Your feedback shapes the future of NAuth.
+================================================================================

package/README.md

@@ -0,0 +1,30 @@
+# @nauth-toolkit/mfa-passkey
+
+Passkey/WebAuthn MFA provider for nauth-toolkit
+
+## ⚠️ Preview Release Notice
+
+**This is a preview release for internal testing. Do not use in production yet.**
+
+This package is part of nauth-toolkit and is currently in early access/preview. Features and APIs may change between releases. For production use, please wait for the stable v1.0 release.
+
+## Installation
+
+```bash
+npm install @nauth-toolkit/mfa-passkey@preview
+# or
+yarn add @nauth-toolkit/mfa-passkey@preview
+```
+
+## License
+
+See LICENSE file in the package root for full license terms.
+
+## Documentation
+
+Full documentation: https://nauth.dev
+
+## Support
+
+- Issues/Discussions: GitHub (when repository is public)
+- Documentation: https://nauth.dev

package/dist/nestjs/index.d.ts

@@ -0,0 +1,5 @@
+export { PasskeyMFAModule } from './passkey-mfa.module';
+export * from '../src/passkey.service';
+export * from '../src/passkey-mfa-provider.service';
+export * from '../src/dto/mfa.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/nestjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,cAAc,wBAAwB,CAAC;AACvC,cAAc,qCAAqC,CAAC;AACpD,cAAc,oBAAoB,CAAC"}

package/dist/nestjs/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasskeyMFAModule = void 0;
+var passkey_mfa_module_1 = require("./passkey-mfa.module");
+Object.defineProperty(exports, "PasskeyMFAModule", { enumerable: true, get: function () { return passkey_mfa_module_1.PasskeyMFAModule; } });
+__exportStar(require("../src/passkey.service"), exports);
+__exportStar(require("../src/passkey-mfa-provider.service"), exports);
+__exportStar(require("../src/dto/mfa.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/nestjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAMA,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AAGzB,yDAAuC;AACvC,sEAAoD;AACpD,qDAAmC"}

package/dist/nestjs/passkey-mfa.module.d.ts

@@ -0,0 +1,10 @@
+import { OnModuleInit } from '@nestjs/common';
+import { PasskeyMFAProviderService } from '../src/passkey-mfa-provider.service';
+import { MFAService } from '@nauth-toolkit/core';
+export declare class PasskeyMFAModule implements OnModuleInit {
+    private readonly passkeyMFAProvider;
+    private readonly mfaService;
+    constructor(passkeyMFAProvider: PasskeyMFAProviderService, mfaService: MFAService);
+    onModuleInit(): void;
+}
+//# sourceMappingURL=passkey-mfa.module.d.ts.map

package/dist/nestjs/passkey-mfa.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey-mfa.module.d.ts","sourceRoot":"","sources":["../../nestjs/passkey-mfa.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAGhF,OAAO,EAAE,UAAU,EAAwE,MAAM,qBAAqB,CAAC;AAwBvH,qBAmDa,gBAAiB,YAAW,YAAY;IAEjD,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU;gBADV,kBAAkB,EAAE,yBAAyB,EAC7C,UAAU,EAAE,UAAU;IAMzC,YAAY,IAAI,IAAI;CAMrB"}

package/dist/nestjs/passkey-mfa.module.js

@@ -0,0 +1,66 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasskeyMFAModule = void 0;
+const common_1 = require("@nestjs/common");
+const passkey_mfa_provider_service_1 = require("../src/passkey-mfa-provider.service");
+const passkey_service_1 = require("../src/passkey.service");
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+let PasskeyMFAModule = class PasskeyMFAModule {
+    passkeyMFAProvider;
+    mfaService;
+    constructor(passkeyMFAProvider, mfaService) {
+        this.passkeyMFAProvider = passkeyMFAProvider;
+        this.mfaService = mfaService;
+    }
+    onModuleInit() {
+        if (!this.mfaService) {
+            throw new Error('MFAService is not available. Ensure AuthModule.forRoot() is imported before PasskeyMFAModule.');
+        }
+        this.mfaService.registerProvider(this.passkeyMFAProvider);
+    }
+};
+exports.PasskeyMFAModule = PasskeyMFAModule;
+exports.PasskeyMFAModule = PasskeyMFAModule = __decorate([
+    (0, common_1.Module)({
+        providers: [
+            {
+                provide: passkey_service_1.PasskeyService,
+                useFactory: (config, logger) => {
+                    return new passkey_service_1.PasskeyService(config, logger);
+                },
+                inject: ['NAUTH_CONFIG', 'NAUTH_LOGGER'],
+            },
+            {
+                provide: passkey_mfa_provider_service_1.PasskeyMFAProviderService,
+                useFactory: (mfaDeviceRepository, userRepository, config, logger, passwordService, passkeyService, challengeService, auditService, clientInfoService) => {
+                    return new passkey_mfa_provider_service_1.PasskeyMFAProviderService(mfaDeviceRepository, userRepository, config, logger, passwordService, passkeyService, challengeService, auditService, clientInfoService);
+                },
+                inject: [
+                    'MFADeviceRepository',
+                    'UserRepository',
+                    'NAUTH_CONFIG',
+                    'NAUTH_LOGGER',
+                    { token: internal_1.PasswordService, optional: true },
+                    passkey_service_1.PasskeyService,
+                    { token: 'ChallengeService', optional: true },
+                    { token: internal_1.AuthAuditService, optional: true },
+                    { token: core_1.ClientInfoService, optional: true },
+                ],
+            },
+        ],
+        exports: [passkey_service_1.PasskeyService, passkey_mfa_provider_service_1.PasskeyMFAProviderService],
+    }),
+    __metadata("design:paramtypes", [passkey_mfa_provider_service_1.PasskeyMFAProviderService,
+        core_1.MFAService])
+], PasskeyMFAModule);
+//# sourceMappingURL=passkey-mfa.module.js.map

package/dist/nestjs/passkey-mfa.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey-mfa.module.js","sourceRoot":"","sources":["../../nestjs/passkey-mfa.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,sFAAgF;AAChF,4DAAwD;AAExD,8CAAuH;AAEvH,2DAA6G;AAyEtG,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAER;IACA;IAFnB,YACmB,kBAA6C,EAC7C,UAAsB;QADtB,uBAAkB,GAAlB,kBAAkB,CAA2B;QAC7C,eAAU,GAAV,UAAU,CAAY;IACtC,CAAC;IAKJ,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC5D,CAAC;CACF,CAAA;AAfY,4CAAgB;2BAAhB,gBAAgB;IAnD5B,IAAA,eAAM,EAAC;QACN,SAAS,EAAE;YAET;gBACE,OAAO,EAAE,gCAAc;gBACvB,UAAU,EAAE,CAAC,MAAmB,EAAE,MAAmB,EAAE,EAAE;oBACvD,OAAO,IAAI,gCAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC5C,CAAC;gBACD,MAAM,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC;aACzC;YAED;gBACE,OAAO,EAAE,wDAAyB;gBAClC,UAAU,EAAE,CACV,mBAA8C,EAC9C,cAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,eAAgC,EAChC,cAA8B,EAC9B,gBAAqB,EACrB,YAAiB,EACjB,iBAAsB,EACtB,EAAE;oBACF,OAAO,IAAI,wDAAyB,CAClC,mBAAmB,EACnB,cAAc,EACd,MAAM,EACN,MAAM,EACN,eAAe,EACf,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,CAClB,CAAC;gBACJ,CAAC;gBACD,MAAM,EAAE;oBACN,qBAAqB;oBACrB,gBAAgB;oBAChB,cAAc;oBACd,cAAc;oBACd,EAAE,KAAK,EAAE,0BAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;oBAC1C,gCAAc;oBACd,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBAC7C,EAAE,KAAK,EAAE,2BAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBACnD,EAAE,KAAK,EAAE,wBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE;iBAC7C;aACF;SACF;QACD,OAAO,EAAE,CAAC,gCAAc,EAAE,wDAAyB,CAAC;KACrD,CAAC;qCAGuC,wDAAyB;QACjC,iBAAU;GAH9B,gBAAgB,CAe5B"}

package/dist/src/dto/mfa.dto.d.ts

@@ -0,0 +1,143 @@
+export interface MFAChallengeResponseDTO {
+    challengeName: 'MFA_REQUIRED';
+    session: string;
+    challengeParameters: {
+        availableMethods: Array<'totp' | 'sms' | 'passkey' | 'backup'>;
+        preferredMethod?: 'totp' | 'sms' | 'passkey';
+        maskedPhone?: string;
+    };
+}
+export interface VerifyMFACodeDTO {
+    session: string;
+    method: 'totp' | 'sms' | 'backup';
+    code: string;
+    trustDevice?: boolean;
+    deviceId?: string;
+}
+export interface VerifyPasskeyDTO {
+    session: string;
+    credential: {
+        id: string;
+        rawId: string;
+        response: {
+            clientDataJSON: string;
+            authenticatorData: string;
+            signature: string;
+            userHandle?: string;
+        };
+        type: 'public-key';
+    };
+    trustDevice?: boolean;
+}
+export interface SetupTOTPResponseDTO {
+    secret: string;
+    qrCode: string;
+    manualEntryKey: string;
+    issuer: string;
+    accountName: string;
+}
+export interface VerifyTOTPSetupDTO {
+    secret: string;
+    code: string;
+    deviceName?: string;
+}
+export interface SetupSMSMFADTO {
+    phoneNumber: string;
+    deviceName?: string;
+}
+export interface VerifySMSMFASetupDTO {
+    phoneNumber: string;
+    code: string;
+}
+export interface SendSMSMFACodeDTO {
+    session: string;
+}
+export interface SetupPasskeyResponseDTO {
+    options: {
+        challenge: string;
+        rp: {
+            name: string;
+            id: string;
+        };
+        user: {
+            id: string;
+            name: string;
+            displayName: string;
+        };
+        pubKeyCredParams: Array<{
+            type: 'public-key';
+            alg: number;
+        }>;
+        timeout: number;
+        attestation: 'none' | 'indirect' | 'direct';
+        authenticatorSelection?: {
+            authenticatorAttachment?: 'platform' | 'cross-platform';
+            requireResidentKey?: boolean;
+            userVerification?: 'required' | 'preferred' | 'discouraged';
+        };
+        excludeCredentials?: Array<{
+            id: string;
+            type: 'public-key';
+            transports?: string[];
+        }>;
+    };
+}
+export interface VerifyPasskeySetupDTO {
+    credential: {
+        id: string;
+        rawId: string;
+        response: {
+            clientDataJSON: string;
+            attestationObject: string;
+        };
+        type: 'public-key';
+    };
+    deviceName?: string;
+}
+export interface GetPasskeyChallengeResponseDTO {
+    options: {
+        challenge: string;
+        timeout: number;
+        rpId: string;
+        allowCredentials: Array<{
+            id: string;
+            type: 'public-key';
+            transports?: string[];
+        }>;
+        userVerification: 'required' | 'preferred' | 'discouraged';
+    };
+}
+export interface GenerateBackupCodesResponseDTO {
+    codes: string[];
+    generated: string;
+}
+export interface MFADeviceDTO {
+    id: number;
+    type: 'totp' | 'sms' | 'passkey';
+    name: string;
+    isActive: boolean;
+    isPrimary: boolean;
+    lastUsedAt?: string;
+    createdAt: string;
+    maskedPhone?: string;
+}
+export interface ListMFADevicesResponseDTO {
+    devices: MFADeviceDTO[];
+    hasBackupCodes: boolean;
+}
+export interface UpdateMFADeviceDTO {
+    name?: string;
+    isPrimary?: boolean;
+}
+export interface DisableMFADeviceDTO {
+    password: string;
+}
+export interface MFAStatusResponseDTO {
+    enabled: boolean;
+    required: boolean;
+    gracePeriodEnds?: string;
+    configuredMethods: Array<'totp' | 'sms' | 'passkey'>;
+    preferredMethod?: 'totp' | 'sms' | 'passkey';
+    hasBackupCodes: boolean;
+}
+//# sourceMappingURL=mfa.dto.d.ts.map

package/dist/src/dto/mfa.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.dto.d.ts","sourceRoot":"","sources":["../../../src/dto/mfa.dto.ts"],"names":[],"mappings":"AAiCA,MAAM,WAAW,uBAAuB;IAItC,aAAa,EAAE,cAAc,CAAC;IAM9B,OAAO,EAAE,MAAM,CAAC;IAKhB,mBAAmB,EAAE;QAInB,gBAAgB,EAAE,KAAK,CAAC,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,CAAC,CAAC;QAK/D,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;QAM7C,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AA6BD,MAAM,WAAW,gBAAgB;IAI/B,OAAO,EAAE,MAAM,CAAC;IAKhB,MAAM,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;IAKlC,IAAI,EAAE,MAAM,CAAC;IAQb,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AA0BD,MAAM,WAAW,gBAAgB;IAI/B,OAAO,EAAE,MAAM,CAAC;IAKhB,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE;YACR,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,SAAS,EAAE,MAAM,CAAC;YAClB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,IAAI,EAAE,YAAY,CAAC;KACpB,CAAC;IAMF,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAuBD,MAAM,WAAW,oBAAoB;IAKnC,MAAM,EAAE,MAAM,CAAC;IAMf,MAAM,EAAE,MAAM,CAAC;IAOf,cAAc,EAAE,MAAM,CAAC;IAKvB,MAAM,EAAE,MAAM,CAAC;IAKf,WAAW,EAAE,MAAM,CAAC;CACrB;AAiBD,MAAM,WAAW,kBAAkB;IAIjC,MAAM,EAAE,MAAM,CAAC;IAKf,IAAI,EAAE,MAAM,CAAC;IAMb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAoBD,MAAM,WAAW,cAAc;IAK7B,WAAW,EAAE,MAAM,CAAC;IAMpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAeD,MAAM,WAAW,oBAAoB;IAInC,WAAW,EAAE,MAAM,CAAC;IAKpB,IAAI,EAAE,MAAM,CAAC;CACd;AAcD,MAAM,WAAW,iBAAiB;IAIhC,OAAO,EAAE,MAAM,CAAC;CACjB;AA4BD,MAAM,WAAW,uBAAuB;IAKtC,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,EAAE,EAAE;YACF,IAAI,EAAE,MAAM,CAAC;YACb,EAAE,EAAE,MAAM,CAAC;SACZ,CAAC;QACF,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,gBAAgB,EAAE,KAAK,CAAC;YACtB,IAAI,EAAE,YAAY,CAAC;YACnB,GAAG,EAAE,MAAM,CAAC;SACb,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;QAC5C,sBAAsB,CAAC,EAAE;YACvB,uBAAuB,CAAC,EAAE,UAAU,GAAG,gBAAgB,CAAC;YACxD,kBAAkB,CAAC,EAAE,OAAO,CAAC;YAC7B,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;SAC7D,CAAC;QACF,kBAAkB,CAAC,EAAE,KAAK,CAAC;YACzB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,YAAY,CAAC;YACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;SACvB,CAAC,CAAC;KACJ,CAAC;CACH;AAuBD,MAAM,WAAW,qBAAqB;IAIpC,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE;YACR,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,MAAM,CAAC;SAC3B,CAAC;QACF,IAAI,EAAE,YAAY,CAAC;KACpB,CAAC;IAMF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAoBD,MAAM,WAAW,8BAA8B;IAK7C,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,gBAAgB,EAAE,KAAK,CAAC;YACtB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,YAAY,CAAC;YACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;SACvB,CAAC,CAAC;QACH,gBAAgB,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;KAC5D,CAAC;CACH;AAwBD,MAAM,WAAW,8BAA8B;IAK7C,KAAK,EAAE,MAAM,EAAE,CAAC;IAKhB,SAAS,EAAE,MAAM,CAAC;CACnB;AAwBD,MAAM,WAAW,YAAY;IAI3B,EAAE,EAAE,MAAM,CAAC;IAKX,IAAI,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAKjC,IAAI,EAAE,MAAM,CAAC;IAKb,QAAQ,EAAE,OAAO,CAAC;IAKlB,SAAS,EAAE,OAAO,CAAC;IAKnB,UAAU,CAAC,EAAE,MAAM,CAAC;IAKpB,SAAS,EAAE,MAAM,CAAC;IAKlB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAkBD,MAAM,WAAW,yBAAyB;IAIxC,OAAO,EAAE,YAAY,EAAE,CAAC;IAKxB,cAAc,EAAE,OAAO,CAAC;CACzB;AAeD,MAAM,WAAW,kBAAkB;IAIjC,IAAI,CAAC,EAAE,MAAM,CAAC;IAKd,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAcD,MAAM,WAAW,mBAAmB;IAIlC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAuBD,MAAM,WAAW,oBAAoB;IAInC,OAAO,EAAE,OAAO,CAAC;IAKjB,QAAQ,EAAE,OAAO,CAAC;IAMlB,eAAe,CAAC,EAAE,MAAM,CAAC;IAKzB,iBAAiB,EAAE,KAAK,CAAC,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC,CAAC;IAKrD,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAK7C,cAAc,EAAE,OAAO,CAAC;CACzB"}

package/dist/src/dto/mfa.dto.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=mfa.dto.js.map

package/dist/src/dto/mfa.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.dto.js","sourceRoot":"","sources":["../../../src/dto/mfa.dto.ts"],"names":[],"mappings":""}

package/dist/src/index.d.ts

@@ -0,0 +1,4 @@
+export { PasskeyService } from './passkey.service';
+export { PasskeyMFAProviderService } from './passkey-mfa-provider.service';
+export * from './dto/mfa.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,cAAc,eAAe,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasskeyMFAProviderService = exports.PasskeyService = void 0;
+var passkey_service_1 = require("./passkey.service");
+Object.defineProperty(exports, "PasskeyService", { enumerable: true, get: function () { return passkey_service_1.PasskeyService; } });
+var passkey_mfa_provider_service_1 = require("./passkey-mfa-provider.service");
+Object.defineProperty(exports, "PasskeyMFAProviderService", { enumerable: true, get: function () { return passkey_mfa_provider_service_1.PasskeyMFAProviderService; } });
+__exportStar(require("./dto/mfa.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAOA,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AACvB,+EAA2E;AAAlE,yIAAA,yBAAyB,OAAA;AAClC,gDAA8B"}

package/dist/src/passkey-mfa-provider.service.d.ts

@@ -0,0 +1,15 @@
+import { Repository } from 'typeorm';
+import { BaseMFADevice, BaseUser, IUser, NAuthConfig, NAuthLogger, MFAMethod } from '@nauth-toolkit/core';
+import { BaseMFAProviderService } from '@nauth-toolkit/core/internal';
+import { PasskeyService } from './passkey.service';
+import { SetupPasskeyResponseDTO, GetPasskeyChallengeResponseDTO } from './dto/mfa.dto';
+export declare class PasskeyMFAProviderService extends BaseMFAProviderService {
+    private readonly passkeyService;
+    readonly methodName = MFAMethod.PASSKEY;
+    constructor(mfaDeviceRepository: Repository<BaseMFADevice>, userRepository: Repository<BaseUser>, config: NAuthConfig, logger: NAuthLogger, passwordService: unknown, passkeyService: PasskeyService, challengeService?: unknown, auditService?: unknown, clientInfoService?: unknown);
+    setup(user: IUser, _setupData?: unknown): Promise<SetupPasskeyResponseDTO>;
+    verifySetup(user: IUser, verificationData: unknown, deviceName?: string): Promise<number>;
+    verify(user: IUser, code: unknown, deviceId?: number): Promise<boolean>;
+    sendChallenge(user: IUser): Promise<GetPasskeyChallengeResponseDTO>;
+}
+//# sourceMappingURL=passkey-mfa-provider.service.d.ts.map

package/dist/src/passkey-mfa-provider.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey-mfa-provider.service.d.ts","sourceRoot":"","sources":["../../src/passkey-mfa-provider.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,aAAa,EACb,QAAQ,EACR,KAAK,EAEL,WAAW,EACX,WAAW,EAGX,SAAS,EACV,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,uBAAuB,EAAyB,8BAA8B,EAAE,MAAM,eAAe,CAAC;AA6B/G,qBAAa,yBAA0B,SAAQ,sBAAsB;IASjE,OAAO,CAAC,QAAQ,CAAC,cAAc;IARjC,QAAQ,CAAC,UAAU,qBAAqB;gBAGtC,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAC9C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,eAAe,EAAE,OAAO,EACP,cAAc,EAAE,cAAc,EAC/C,gBAAgB,CAAC,EAAE,OAAO,EAC1B,YAAY,CAAC,EAAE,OAAO,EACtB,iBAAiB,CAAC,EAAE,OAAO;IA+BvB,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAiD1E,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAyHzF,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgFvE,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,8BAA8B,CAAC;CAoB1E"}

package/dist/src/passkey-mfa-provider.service.js

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasskeyMFAProviderService = void 0;
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+class PasskeyMFAProviderService extends internal_1.BaseMFAProviderService {
+    passkeyService;
+    methodName = core_1.MFAMethod.PASSKEY;
+    constructor(mfaDeviceRepository, userRepository, config, logger, passwordService, passkeyService, challengeService, auditService, clientInfoService) {
+        super(mfaDeviceRepository, userRepository, config, logger, passwordService, challengeService, auditService, clientInfoService);
+        this.passkeyService = passkeyService;
+    }
+    async setup(user, _setupData) {
+        this.logger?.log?.(`Setting up passkey for user: ${user.sub}`);
+        if (!this.isMethodAllowed()) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey is not enabled', { feature: 'passkey' });
+        }
+        const userEntity = user;
+        const userId = userEntity.id;
+        const existingDevices = await this.getUserDevices(userId);
+        const options = await this.passkeyService.generateRegistrationOptions(user.sub, user.email, `${userEntity.firstName || ''} ${userEntity.lastName || ''}`.trim() || user.email, existingDevices);
+        this.logger?.log?.(`Passkey registration options generated for user: ${user.sub}`);
+        return options;
+    }
+    async verifySetup(user, verificationData, deviceName) {
+        this.logger?.log?.(`Verifying passkey setup for user: ${user.sub}`);
+        let dto;
+        let expectedChallenge;
+        let transports;
+        if (verificationData &&
+            typeof verificationData === 'object' &&
+            'credential' in verificationData &&
+            'expectedChallenge' in verificationData) {
+            const wrapped = verificationData;
+            dto = wrapped.credential;
+            expectedChallenge = wrapped.expectedChallenge;
+            transports = wrapped.transports;
+            if (!expectedChallenge || typeof expectedChallenge !== 'string' || expectedChallenge.trim().length === 0) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Expected challenge is required and must be a non-empty string');
+            }
+            if (!dto.credential || typeof dto.credential !== 'object') {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Credential is required and must be an object');
+            }
+            const cred = dto.credential;
+            if (!cred.id || !cred.rawId || !cred.response) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Credential must have id, rawId, and response fields');
+            }
+            const response = cred.response;
+            if (!response.clientDataJSON || !response.attestationObject) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Credential response must have clientDataJSON and attestationObject fields');
+            }
+        }
+        else {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey verification requires { credential, expectedChallenge }. Use MFAService.verifySetup or provide both.');
+        }
+        const verified = await this.passkeyService.verifyRegistration(dto.credential, expectedChallenge, transports);
+        if (!verified.verified) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey verification failed');
+        }
+        const userEntity = user;
+        const userId = userEntity.id;
+        const userMfaEnabled = userEntity.mfaEnabled || false;
+        const device = await this.createDevice(userId, {
+            name: deviceName || dto.deviceName || 'Passkey Device',
+            credentialId: verified.credentialId,
+            publicKey: verified.publicKey,
+            counter: verified.counter,
+            transports: verified.transports,
+            isActive: true,
+            isPrimary: !userMfaEnabled,
+        });
+        await this.enableMFAForUser(user);
+        this.logger?.log?.(`Passkey setup completed for user: ${user.sub}`);
+        return device.id;
+    }
+    async verify(user, code, deviceId) {
+        this.logger?.log?.(`Verifying passkey for user: ${user.sub}`);
+        let credential;
+        let expectedChallenge;
+        if (code && typeof code === 'object' && 'credential' in code && 'expectedChallenge' in code) {
+            const data = code;
+            credential = data.credential;
+            expectedChallenge = data.expectedChallenge;
+        }
+        else {
+            this.logger?.warn?.('Invalid passkey verification data format');
+            return false;
+        }
+        const userEntity = user;
+        const userId = userEntity.id;
+        const device = deviceId
+            ? await this.findDevice(userId, deviceId)
+            : await this.mfaDeviceRepository.findOne({
+                where: {
+                    userId,
+                    type: core_1.MFAMethod.PASSKEY,
+                    credentialId: credential.id,
+                    isActive: true,
+                },
+            });
+        if (!device) {
+            this.logger?.warn?.('Passkey device not found');
+            return false;
+        }
+        try {
+            const result = await this.passkeyService.verifyAuthentication(credential, expectedChallenge, device);
+            if (result.verified) {
+                const deviceEntity = device;
+                deviceEntity.counter = result.newCounter;
+                deviceEntity.lastUsedAt = new Date();
+                deviceEntity.usageCount = (deviceEntity.usageCount || 0) + 1;
+                await this.mfaDeviceRepository.save(deviceEntity);
+                this.logger?.log?.(`Passkey verified successfully for user: ${user.sub}`);
+                return true;
+            }
+        }
+        catch (error) {
+            this.logger?.error?.('Passkey verification error', error);
+        }
+        return false;
+    }
+    async sendChallenge(user) {
+        this.logger?.log?.(`Generating passkey challenge for user: ${user.sub}`);
+        const userEntity = user;
+        const userId = userEntity.id;
+        const devices = await this.getUserDevices(userId);
+        const passkeyDevices = devices.filter((d) => d.type === core_1.MFAMethod.PASSKEY && d.isActive);
+        if (passkeyDevices.length === 0) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.NOT_FOUND, 'No passkey devices registered', { deviceType: 'passkey' });
+        }
+        const options = await this.passkeyService.generateAuthenticationOptions(passkeyDevices);
+        this.logger?.log?.(`Passkey challenge generated for user: ${user.sub}`);
+        return options;
+    }
+}
+exports.PasskeyMFAProviderService = PasskeyMFAProviderService;
+//# sourceMappingURL=passkey-mfa-provider.service.js.map

package/dist/src/passkey-mfa-provider.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey-mfa-provider.service.js","sourceRoot":"","sources":["../../src/passkey-mfa-provider.service.ts"],"names":[],"mappings":";;;AAEA,8CAU6B;AAE7B,2DAAsE;AA+BtE,MAAa,yBAA0B,SAAQ,iCAAsB;IAShD;IARV,UAAU,GAAG,gBAAS,CAAC,OAAO,CAAC;IAExC,YACE,mBAA8C,EAC9C,cAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,eAAwB,EACP,cAA8B,EAC/C,gBAA0B,EAC1B,YAAsB,EACtB,iBAA2B;QAE3B,KAAK,CACH,mBAAmB,EACnB,cAAc,EACd,MAAM,EACN,MAAM,EACN,eAAe,EACf,gBAAuB,EACvB,YAAmB,EACnB,iBAAwB,CACzB,CAAC;QAde,mBAAc,GAAd,cAAc,CAAgB;IAejD,CAAC;IAmBD,KAAK,CAAC,KAAK,CAAC,IAAW,EAAE,UAAoB;QAC3C,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gCAAgC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAG/D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,wBAAwB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9G,CAAC;QAGD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QACvC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAG1D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,2BAA2B,CACnE,IAAI,CAAC,GAAG,EACR,IAAI,CAAC,KAAK,EACV,GAAI,UAAU,CAAC,SAAoB,IAAI,EAAE,IAAK,UAAU,CAAC,QAAmB,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK,EACzG,eAAe,CAChB,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,oDAAoD,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEnF,OAAO,OAAO,CAAC;IACjB,CAAC;IAyBD,KAAK,CAAC,WAAW,CAAC,IAAW,EAAE,gBAAyB,EAAE,UAAmB;QAC3E,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qCAAqC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAIpE,IAAI,GAA0B,CAAC;QAC/B,IAAI,iBAAyB,CAAC;QAC9B,IAAI,UAAgC,CAAC;QAErC,IACE,gBAAgB;YAChB,OAAO,gBAAgB,KAAK,QAAQ;YACpC,YAAY,IAAI,gBAAgB;YAChC,mBAAmB,IAAI,gBAAgB,EACvC,CAAC;YAED,MAAM,OAAO,GAAG,gBAIf,CAAC;YACF,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC;YACzB,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;YAC9C,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YAGhC,IAAI,CAAC,iBAAiB,IAAI,OAAO,iBAAiB,KAAK,QAAQ,IAAI,iBAAiB,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzG,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,+DAA+D,CAChE,CAAC;YACJ,CAAC;YAGD,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBAC1D,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,8CAA8C,CAAC,CAAC;YAC5G,CAAC;YAED,MAAM,IAAI,GAAG,GAAG,CAAC,UAAqC,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9C,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,qDAAqD,CACtD,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAmC,CAAC;YAC1D,IAAI,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC;gBAC5D,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,2EAA2E,CAC5E,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,8GAA8G,CAC/G,CAAC;QACJ,CAAC;QAKD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC3D,GAAG,CAAC,UAAiD,EACrD,iBAAiB,EACjB,UAAU,CACX,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,6BAA6B,CAAC,CAAC;QAC3F,CAAC;QAGD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QACvC,MAAM,cAAc,GAAI,UAAU,CAAC,UAAsB,IAAI,KAAK,CAAC;QAQnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE;YAC7C,IAAI,EAAE,UAAU,IAAI,GAAG,CAAC,UAAU,IAAI,gBAAgB;YACtD,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,CAAC,cAAc;SAC3B,CAAC,CAAC;QAGH,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qCAAqC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEpE,OAAO,MAAM,CAAC,EAAE,CAAC;IACnB,CAAC;IAqBD,KAAK,CAAC,MAAM,CAAC,IAAW,EAAE,IAAa,EAAE,QAAiB;QACxD,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,+BAA+B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAG9D,IAAI,UAAsC,CAAC;QAC3C,IAAI,iBAAyB,CAAC;QAE9B,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,YAAY,IAAI,IAAI,IAAI,mBAAmB,IAAI,IAAI,EAAE,CAAC;YAC5F,MAAM,IAAI,GAAG,IAA6E,CAAC;YAC3F,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;YAC7B,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,0CAA0C,CAAC,CAAC;YAChE,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QAGvC,MAAM,MAAM,GAAG,QAAQ;YACrB,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC;YACzC,CAAC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;gBACrC,KAAK,EAAE;oBACL,MAAM;oBACN,IAAI,EAAE,gBAAS,CAAC,OAAO;oBACvB,YAAY,EAAE,UAAU,CAAC,EAAE;oBAC3B,QAAQ,EAAE,IAAI;iBACf;aACyB,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,0BAA0B,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YAGH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,oBAAoB,CAC3D,UAAU,EACV,iBAAiB,EACjB,MAA+B,CAChC,CAAC;YAEF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAEpB,MAAM,YAAY,GAAG,MAA4C,CAAC;gBAClE,YAAY,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;gBACzC,YAAY,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;gBACrC,YAAY,CAAC,UAAU,GAAG,CAAE,YAAY,CAAC,UAAqB,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;gBACzE,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,YAAuC,CAAC,CAAC;gBAE7E,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,2CAA2C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAC1E,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAkBD,KAAK,CAAC,aAAa,CAAC,IAAW;QAC7B,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,0CAA0C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAGzE,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAS,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEzF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,SAAS,EAAE,+BAA+B,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QAChH,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,yCAAyC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAExE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAzTD,8DAyTC"}

package/dist/src/passkey.service.d.ts

@@ -0,0 +1,26 @@
+import type { RegistrationResponseJSON, AuthenticationResponseJSON } from '@simplewebauthn/types';
+import { NAuthConfig, NAuthLogger, IMFADevice } from '@nauth-toolkit/core';
+import { SetupPasskeyResponseDTO, GetPasskeyChallengeResponseDTO } from './dto/mfa.dto';
+export declare class PasskeyService {
+    private readonly config;
+    private readonly logger;
+    private readonly defaultConfig;
+    constructor(config: NAuthConfig, logger: NAuthLogger);
+    private getPasskeyConfig;
+    generateRegistrationOptions(userId: string, userEmail: string, userName: string, existingDevices?: IMFADevice[]): Promise<SetupPasskeyResponseDTO>;
+    verifyRegistration(credential: RegistrationResponseJSON, expectedChallenge: string, transports?: string[]): Promise<{
+        verified: boolean;
+        credentialId: string;
+        publicKey: string;
+        counter: number;
+        transports: string[];
+    }>;
+    generateAuthenticationOptions(userDevices: IMFADevice[]): Promise<GetPasskeyChallengeResponseDTO>;
+    verifyAuthentication(credential: AuthenticationResponseJSON, expectedChallenge: string, device: IMFADevice): Promise<{
+        verified: boolean;
+        newCounter: number;
+    }>;
+    isSupported(): boolean;
+    maskCredentialId(credentialId: string): string;
+}
+//# sourceMappingURL=passkey.service.d.ts.map

package/dist/src/passkey.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.service.d.ts","sourceRoot":"","sources":["../../src/passkey.service.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,wBAAwB,EACxB,0BAA0B,EAE3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,WAAW,EAEX,WAAW,EAIX,UAAU,EACX,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,8BAA8B,EAAE,MAAM,eAAe,CAAC;AAcxF,qBAAa,cAAc;IAOvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPzB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAG5B;gBAGiB,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW;IAUtC,OAAO,CAAC,gBAAgB;IA6BlB,2BAA2B,CAC/B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,eAAe,GAAE,UAAU,EAAO,GACjC,OAAO,CAAC,uBAAuB,CAAC;IA+C7B,kBAAkB,CACtB,UAAU,EAAE,wBAAwB,EACpC,iBAAiB,EAAE,MAAM,EACzB,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,OAAO,CAAC;QACT,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB,CAAC;IA8EI,6BAA6B,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAwDjG,oBAAoB,CACxB,UAAU,EAAE,0BAA0B,EACtC,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC;QACT,QAAQ,EAAE,OAAO,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IA2EF,WAAW,IAAI,OAAO;IAetB,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM;CAM/C"}