@omni2fa/core 0.8.0 → 0.8.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 BlackApplication
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/client/Omni2FaClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Omni2FaClient.d.ts","sourceRoot":"","sources":["../../src/client/Omni2FaClient.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACR,sBAAsB,EACtB,qBAAqB,EACrB,sBAAsB,EACtB,sBAAsB,EACtB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EAExB,qBAAqB,EACrB,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC9B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAUjE,qBAAa,aAAc,YAAW,cAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAc;IACpC,OAAO,CAAC,aAAa,CAA8B;gBAEvC,MAAM,EAAE,mBAAmB;IA2BvC,0FAA0F;IAC1F,OAAO,CAAC,iBAAiB;IAMzB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAI3C,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAI3C,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,GAAG,IAAI;IAIrD;;;;OAIG;YACW,cAAc;IAmB5B,OAAO,CAAC,QAAQ;IAQV,WAAW,IAAI,OAAO,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAKxD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAUzD,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC;IAKnE,qBAAqB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKpG,oBAAoB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAKrG,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKtG,qBAAqB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAKvG,uBAAuB,IAAI,OAAO,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAK3E,yBAAyB,CAAC,OAAO,EAAE,4BAA4B,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK5G,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK3F,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK7F,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK5F,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKlG,WAAW,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAKxF,YAAY,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK1F,YAAY,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAKxF,uBAAuB,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK3E,OAAO,CAAC,MAAM;IAed,OAAO,CAAC,SAAS;CAUpB"}
+{"version":3,"file":"Omni2FaClient.d.ts","sourceRoot":"","sources":["../../src/client/Omni2FaClient.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACR,sBAAsB,EACtB,qBAAqB,EACrB,sBAAsB,EACtB,sBAAsB,EACtB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EAExB,qBAAqB,EACrB,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,qBAAqB,EACrB,4BAA4B,EAC5B,2BAA2B,EAC9B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAiCjE,qBAAa,aAAc,YAAW,cAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAc;IACpC,OAAO,CAAC,aAAa,CAA8B;gBAEvC,MAAM,EAAE,mBAAmB;IA2BvC,0FAA0F;IAC1F,OAAO,CAAC,iBAAiB;IAMzB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAI3C,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAI3C,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,GAAG,IAAI;IAIrD;;;;OAIG;YACW,cAAc;IAmB5B,OAAO,CAAC,QAAQ;IAQV,WAAW,IAAI,OAAO,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAKxD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAUzD,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC;IAKnE,qBAAqB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKpG,oBAAoB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAKrG,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKtG,qBAAqB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAKvG,uBAAuB,IAAI,OAAO,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAK3E,yBAAyB,CAAC,OAAO,EAAE,4BAA4B,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK5G,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK3F,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK7F,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK5F,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAKlG,WAAW,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAKxF,YAAY,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAK1F,YAAY,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAKxF,uBAAuB,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAK3E,OAAO,CAAC,MAAM;IAed,OAAO,CAAC,SAAS;CAUpB"}

package/dist/index.cjs

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const V=require("openapi-fetch"),s=require("xstate");class N{map=new Map;get(e){return this.map.get(e)??null}set(e,r){this.map.set(e,r)}remove(e){this.map.delete(e)}}const i={InvalidCode:"INVALID_CODE",PreAuthExpired:"PREAUTH_EXPIRED",PreAuthInvalid:"PREAUTH_INVALID",ChallengeNotFound:"CHALLENGE_NOT_FOUND",ChallengeConsumed:"CHALLENGE_CONSUMED",TooManyAttempts:"TOO_MANY_ATTEMPTS",MethodNotFound:"METHOD_NOT_FOUND",TypeAlreadyEnrolled:"TYPE_ALREADY_ENROLLED",MaxMethodsReached:"MAX_METHODS_REACHED",LastMethodProtected:"LAST_METHOD_PROTECTED",RecoveryCodeInvalid:"RECOVERY_CODE_INVALID",RecoveryCodeUsed:"RECOVERY_CODE_USED",WebAuthnVerificationFailed:"WEBAUTHN_VERIFICATION_FAILED",ValidationFailed:"VALIDATION_FAILED",StepUpRequired:"STEP_UP_REQUIRED",NetworkError:"NETWORK_ERROR",Unknown:"UNKNOWN"},S={[i.InvalidCode]:"The code you entered is invalid.",[i.PreAuthExpired]:"Your session has expired. Please sign in again.",[i.PreAuthInvalid]:"Your session is invalid. Please sign in again.",[i.ChallengeNotFound]:"No active verification step. Please restart.",[i.ChallengeConsumed]:"This verification step was already used. Please sign in again.",[i.TooManyAttempts]:"Too many attempts. Please wait before trying again.",[i.MethodNotFound]:"The selected 2FA method was not found.",[i.TypeAlreadyEnrolled]:"You already have this type of 2FA enabled.",[i.MaxMethodsReached]:"You have reached the maximum number of 2FA methods.",[i.LastMethodProtected]:"You cannot remove your last 2FA method.",[i.RecoveryCodeInvalid]:"The recovery code is invalid.",[i.RecoveryCodeUsed]:"This recovery code has already been used.",[i.WebAuthnVerificationFailed]:"Security key verification failed.",[i.ValidationFailed]:"The request was malformed.",[i.StepUpRequired]:"Please confirm two-factor authentication to continue.",[i.NetworkError]:"Network error. Please check your connection.",[i.Unknown]:"An unexpected error occurred."};function I(t){return S[t]??S[i.Unknown]}const R="X-Omni2FA-StepUp",Y="omni2fa:preauth",q="omni2fa:session",T="http://omni2fa.local";class D{storage;preAuthKey;sessionKey;basePath;inner;stepUpHandler=null;constructor(e){this.storage=e.storage??new N,this.preAuthKey=e.preAuthStorageKey??Y,this.sessionKey=e.sessionStorageKey??q,this.basePath=new URL(e.baseUrl,T).pathname.replace(/\/$/,""),this.inner=V({baseUrl:e.baseUrl,fetch:e.fetch??globalThis.fetch.bind(globalThis),...e.credentials?{credentials:e.credentials}:{}}),this.inner.use({onRequest:({request:r})=>{if(r.headers.has("Authorization"))return r;const n=this.isPreAuthEndpoint(r.url)?this.getPreAuthToken():this.getSessionToken();return n&&r.headers.set("Authorization",`Bearer ${n}`),r}})}isPreAuthEndpoint(e){const r=new URL(e,T).pathname;return(r.startsWith(this.basePath)?r.slice(this.basePath.length):r).startsWith("/challenge/")}setPreAuthToken(e){this.setToken(this.preAuthKey,e)}getPreAuthToken(){return this.storage.get(this.preAuthKey)}setSessionToken(e){this.setToken(this.sessionKey,e)}getSessionToken(){return this.storage.get(this.sessionKey)}setStepUpHandler(e){this.stepUpHandler=e}async sendWithStepUp(e){const r=await e({});if(r.error!==void 0&&r.response.status===403&&r.error.code===i.StepUpRequired&&this.stepUpHandler!==null){const n=r.error.details?.availableMethods??[],o=await this.stepUpHandler(n);if(o)return e({[R]:o})}return r}setToken(e,r){r===null||r.length===0?this.storage.remove(e):this.storage.set(e,r)}async listMethods(){const{data:e,error:r,response:n}=await this.inner.GET("/methods");return this.toCall(e,r,n)}async removeMethod(e){const{error:r,response:n}=await this.sendWithStepUp(o=>this.inner.DELETE("/methods/{methodId}",{params:{path:{methodId:e}},headers:o}));return r?this.errorCall(r,n):{ok:!0,value:void 0}}async startTotpEnrollment(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/enroll/totp/start",{headers:o}));return this.toCall(e,r,n)}async confirmTotpEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/totp/confirm",{body:e});return this.toCall(r,n,o)}async startEmailEnrollment(e){const{data:r,error:n,response:o}=await this.sendWithStepUp(l=>this.inner.POST("/enroll/email/start",{body:e,headers:l}));return this.toCall(r,n,o)}async confirmEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/confirm",{body:e});return this.toCall(r,n,o)}async resendEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/resend",{body:e});return this.toCall(r,n,o)}async startWebAuthnEnrollment(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/enroll/webauthn/start",{headers:o}));return this.toCall(e,r,n)}async confirmWebAuthnEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/webauthn/confirm",{body:e});return this.toCall(r,n,o)}async startChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/start",{body:e});return this.toCall(r,n,o)}async resendChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/resend",{body:e});return this.toCall(r,n,o)}async verifyChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/verify",{body:e});return this.toCall(r,n,o)}async verifyRecoveryCode(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/recovery-code",{body:e});return this.toCall(r,n,o)}async startStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/start",{body:e});return this.toCall(r,n,o)}async resendStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/resend",{body:e});return this.toCall(r,n,o)}async verifyStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/verify",{body:e});return this.toCall(r,n,o)}async regenerateRecoveryCodes(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/recovery-codes/regenerate",{headers:o}));return this.toCall(e,r,n)}toCall(e,r,n){return r!==void 0?this.errorCall(r,n):e===void 0?{ok:!1,code:i.NetworkError,message:I(i.NetworkError),httpStatus:n.status}:{ok:!0,value:e}}errorCall(e,r){const n=e.code||i.Unknown;return{ok:!1,code:n,message:e.message||I(n),httpStatus:r.status,details:e.details??null}}}class B{get(e){return globalThis.sessionStorage?.getItem(e)??null}set(e,r){globalThis.sessionStorage?.setItem(e,r)}remove(e){globalThis.sessionStorage?.removeItem(e)}}class G{get(e){return globalThis.localStorage?.getItem(e)??null}set(e,r){globalThis.localStorage?.setItem(e,r)}remove(e){globalThis.localStorage?.removeItem(e)}}class a extends Error{code;httpStatus;details;constructor(e,r,n,o=null){super(r),this.name="Omni2FaApiError",this.code=e,this.httpStatus=n,this.details=o}}const j={enrollmentId:null,otpAuthUri:null,secret:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function _(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startTotpEnrollment();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmTotpEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"totpEnrollment",initial:"idle",context:j,states:{idle:{on:{start:{target:"starting"}}},starting:{invoke:{src:"startEnrollment",onDone:{target:"awaitingCode",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.otpAuthUri=r.output.otpAuthUri,e.secret=r.output.secret,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>b(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},reset:{target:"idle",actions:p}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>b(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:p}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:p}}}}})}function p({context:t}){t.enrollmentId=null,t.otpAuthUri=null,t.secret=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function b(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const X={enrollmentId:null,email:null,expiresAt:null,resendAvailableAt:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function J(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async({input:e})=>{const r=await t.startEmailEnrollment(e.email!==void 0?{email:e.email}:{});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendEnrollment:s.fromPromise(async({input:e})=>{const r=await t.resendEmailEnrollment({enrollmentId:e.enrollmentId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmEmailEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"emailEnrollment",initial:"idle",context:X,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.email=r.email??null)},invoke:{src:"startEnrollment",input:({context:e})=>({email:e.email??void 0}),onDone:{target:"awaitingCode",actions:({context:e,event:r})=>M(e,r.output)},onError:{target:"failed",actions:({context:e,event:r})=>y(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},resend:{target:"resending"},reset:{target:"idle",actions:f}}},resending:{invoke:{src:"resendEnrollment",input:({context:e})=>{if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>M(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>y(e,r.error)}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>y(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:f}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:f}}}}})}function M(t,e){t.enrollmentId=e.enrollmentId,t.expiresAt=e.expiresAt,t.resendAvailableAt=e.resendAvailableAt,t.errorCode=null,t.errorMessage=null}function f({context:t}){t.enrollmentId=null,t.email=null,t.expiresAt=null,t.resendAvailableAt=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function y(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function c(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.padEnd(Math.ceil(e.length/4)*4,"="),n=atob(r),o=new Uint8Array(n.length);for(let l=0;l<n.length;l++)o[l]=n.charCodeAt(l);return o.buffer}function d(t){const e=new Uint8Array(t);let r="";for(const n of e)r+=String.fromCharCode(n);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function F(t){return(t??[]).map(e=>({...e,id:c(e.id)}))}async function W(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),user:{...e.user,id:c(e.user.id)},excludeCredentials:F(e.excludeCredentials)},n=await navigator.credentials.create({publicKey:r});if(n===null)throw new Error("WebAuthn registration produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{attestationObject:d(o.attestationObject),clientDataJSON:d(o.clientDataJSON)}})}async function A(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),allowCredentials:F(e.allowCredentials)},n=await navigator.credentials.get({publicKey:r});if(n===null)throw new Error("WebAuthn authentication produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{authenticatorData:d(o.authenticatorData),clientDataJSON:d(o.clientDataJSON),signature:d(o.signature),userHandle:o.userHandle?d(o.userHandle):null}})}const z={enrollmentId:null,optionsJson:null,name:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function L(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startWebAuthnEnrollment();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),registerAndConfirm:s.fromPromise(async({input:e})=>{const r=await W(e.optionsJson),n=await t.confirmWebAuthnEnrollment({enrollmentId:e.enrollmentId,attestationResponseJson:r,name:e.name});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"webauthnEnrollment",initial:"idle",context:z,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.name=r.name??null)},invoke:{src:"startEnrollment",onDone:{target:"registering",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.optionsJson=r.output.optionsJson,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>U(e,r.error)}}},registering:{invoke:{src:"registerAndConfirm",input:({context:e})=>{if(!e.enrollmentId||!e.optionsJson)throw new Error("no pending enrollment");return{enrollmentId:e.enrollmentId,optionsJson:e.optionsJson,name:e.name}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>U(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:k}}},failed:{on:{retry:{target:"starting"},reset:{target:"idle",actions:k}}}}})}function k({context:t}){t.enrollmentId=null,t.optionsJson=null,t.name=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function U(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const Q={methodId:null,methodType:null,userId:null,verifiedToken:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function K(t){return s.setup({types:{context:{},events:{}},actors:{startChallenge:s.fromPromise(async({input:e})=>{const r=await t.startChallenge({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendChallenge:s.fromPromise(async({input:e})=>{const r=await t.resendChallenge({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyChallenge:s.fromPromise(async({input:e})=>{const r=await t.verifyChallenge({methodId:e.methodId,code:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertChallenge:s.fromPromise(async({input:e})=>{const r=await A(e.optionsJson),n=await t.verifyChallenge({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value}),verifyRecoveryCode:s.fromPromise(async({input:e})=>{const r=await t.verifyRecoveryCode({recoveryCode:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"challenge",initial:"idle",context:Q,states:{idle:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>E(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>E(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},asserting:{invoke:{src:"assertChallenge",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:w}}},verifyingRecovery:{invoke:{src:"verifyRecoveryCode",input:({event:e})=>{if(e.type!=="useRecoveryCode")throw new Error("verifyingRecovery requires useRecoveryCode event");return{code:e.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},resending:{invoke:{src:"resendChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>E(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verifying:{invoke:{src:"verifyChallenge",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:w}}},failed:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:w}}}}})}function E(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function w({context:t}){t.methodId=null,t.methodType=null,t.userId=null,t.verifiedToken=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function u(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const Z={items:[],errorCode:null,errorMessage:null};function H(t){return s.setup({types:{context:{},events:{}},actors:{load:s.fromPromise(async()=>{const e=await t.listMethods();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),remove:s.fromPromise(async({input:e})=>{const r=await t.removeMethod(e.methodId);if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return e.methodId})}}).createMachine({id:"methods",initial:"idle",context:Z,states:{idle:{on:{load:{target:"loading"}}},loading:{invoke:{src:"load",onDone:{target:"ready",actions:({context:e,event:r})=>{e.items=r.output,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>O(e,r.error)}}},ready:{on:{load:{target:"loading"},remove:{target:"removing"}}},removing:{invoke:{src:"remove",input:({event:e})=>{if(e.type!=="remove")throw new Error("removing requires remove event");return{methodId:e.methodId}},onDone:{target:"ready",actions:({context:e,event:r})=>{const n=r.output;e.items=e.items.filter(o=>o.id!==n),e.errorCode=null,e.errorMessage=null}},onError:{target:"ready",actions:({context:e,event:r})=>O(e,r.error)}}},failed:{on:{load:{target:"loading"},reset:{target:"idle",actions:x}}}}})}function x({context:t}){t.items=[],t.errorCode=null,t.errorMessage=null}function O(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const ee={methodId:null,methodType:null,stepUpToken:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function $(t){return s.setup({types:{context:{},events:{}},actors:{startStepUp:s.fromPromise(async({input:e})=>{const r=await t.startStepUp({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendStepUp:s.fromPromise(async({input:e})=>{const r=await t.resendStepUp({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyStepUp:s.fromPromise(async({input:e})=>{const r=await t.verifyStepUp({methodId:e.methodId,code:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertStepUp:s.fromPromise(async({input:e})=>{const r=await A(e.optionsJson),n=await t.verifyStepUp({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"stepup",initial:"idle",context:ee,states:{idle:{on:{pick:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startStepUp",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>v(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>v(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>h(e,r.error)}}},asserting:{invoke:{src:"assertStepUp",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>P(e,r.output.stepUpToken)},onError:{target:"failed",actions:({context:e,event:r})=>h(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},reset:{target:"idle",actions:C}}},resending:{invoke:{src:"resendStepUp",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>v(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>h(e,r.error)}}},verifying:{invoke:{src:"verifyStepUp",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>P(e,r.output.stepUpToken)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>h(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:C}}},failed:{on:{pick:{target:"starting"},reset:{target:"idle",actions:C}}}}})}function v(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function P(t,e){t.stepUpToken=e,t.errorCode=null,t.errorMessage=null}function C({context:t}){t.methodId=null,t.methodType=null,t.stepUpToken=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function h(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function re(t){const e=new D(t),r=s.createActor(_(e)),n=s.createActor(J(e)),o=s.createActor(L(e)),l=s.createActor(K(e)),m=s.createActor($(e)),g=s.createActor(H(e));return r.start(),n.start(),o.start(),l.start(),m.start(),g.start(),{client:e,totpEnrollment:r,emailEnrollment:n,webauthnEnrollment:o,challenge:l,stepUp:m,methods:g,dispose(){r.stop(),n.stop(),o.stop(),l.stop(),m.stop(),g.stop()}}}exports.LocalStorageStorage=G;exports.MemoryStorage=N;exports.Omni2FaApiError=a;exports.Omni2FaClient=D;exports.Omni2FaErrorCodes=i;exports.STEP_UP_HEADER=R;exports.SessionStorageStorage=B;exports.createChallengeMachine=K;exports.createEmailEnrollmentMachine=J;exports.createMethodsMachine=H;exports.createOmni2Fa=re;exports.createStepUpMachine=$;exports.createTotpEnrollmentMachine=_;exports.createWebAuthnEnrollmentMachine=L;exports.getDefaultMessage=I;exports.startAuthentication=A;exports.startRegistration=W;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const V=require("openapi-fetch"),s=require("xstate");class N{map=new Map;get(e){return this.map.get(e)??null}set(e,r){this.map.set(e,r)}remove(e){this.map.delete(e)}}const i={InvalidCode:"INVALID_CODE",PreAuthExpired:"PREAUTH_EXPIRED",PreAuthInvalid:"PREAUTH_INVALID",ChallengeNotFound:"CHALLENGE_NOT_FOUND",ChallengeConsumed:"CHALLENGE_CONSUMED",TooManyAttempts:"TOO_MANY_ATTEMPTS",MethodNotFound:"METHOD_NOT_FOUND",TypeAlreadyEnrolled:"TYPE_ALREADY_ENROLLED",MaxMethodsReached:"MAX_METHODS_REACHED",LastMethodProtected:"LAST_METHOD_PROTECTED",RecoveryCodeInvalid:"RECOVERY_CODE_INVALID",RecoveryCodeUsed:"RECOVERY_CODE_USED",WebAuthnVerificationFailed:"WEBAUTHN_VERIFICATION_FAILED",ValidationFailed:"VALIDATION_FAILED",StepUpRequired:"STEP_UP_REQUIRED",NetworkError:"NETWORK_ERROR",Unknown:"UNKNOWN"},S={[i.InvalidCode]:"The code you entered is invalid.",[i.PreAuthExpired]:"Your session has expired. Please sign in again.",[i.PreAuthInvalid]:"Your session is invalid. Please sign in again.",[i.ChallengeNotFound]:"No active verification step. Please restart.",[i.ChallengeConsumed]:"This verification step was already used. Please sign in again.",[i.TooManyAttempts]:"Too many attempts. Please wait before trying again.",[i.MethodNotFound]:"The selected 2FA method was not found.",[i.TypeAlreadyEnrolled]:"You already have this type of 2FA enabled.",[i.MaxMethodsReached]:"You have reached the maximum number of 2FA methods.",[i.LastMethodProtected]:"You cannot remove your last 2FA method.",[i.RecoveryCodeInvalid]:"The recovery code is invalid.",[i.RecoveryCodeUsed]:"This recovery code has already been used.",[i.WebAuthnVerificationFailed]:"Security key verification failed.",[i.ValidationFailed]:"The request was malformed.",[i.StepUpRequired]:"Please confirm two-factor authentication to continue.",[i.NetworkError]:"Network error. Please check your connection.",[i.Unknown]:"An unexpected error occurred."};function I(t){return S[t]??S[i.Unknown]}const D="X-Omni2FA-StepUp",Y="omni2fa:preauth",q="omni2fa:session";function T(t){let e=t;const r=/^[a-zA-Z][a-zA-Z\d+\-.]*:\/\//.exec(e);if(r){e=e.slice(r[0].length);const l=e.indexOf("/");e=l===-1?"/":e.slice(l)}else if(e.startsWith("//")){e=e.slice(2);const l=e.indexOf("/");e=l===-1?"/":e.slice(l)}const n=e.indexOf("#");n!==-1&&(e=e.slice(0,n));const o=e.indexOf("?");return o!==-1&&(e=e.slice(0,o)),e.startsWith("/")?e:`/${e}`}class R{storage;preAuthKey;sessionKey;basePath;inner;stepUpHandler=null;constructor(e){this.storage=e.storage??new N,this.preAuthKey=e.preAuthStorageKey??Y,this.sessionKey=e.sessionStorageKey??q,this.basePath=T(e.baseUrl).replace(/\/$/,""),this.inner=V({baseUrl:e.baseUrl,fetch:e.fetch??globalThis.fetch.bind(globalThis),...e.credentials?{credentials:e.credentials}:{}}),this.inner.use({onRequest:({request:r})=>{if(r.headers.has("Authorization"))return r;const n=this.isPreAuthEndpoint(r.url)?this.getPreAuthToken():this.getSessionToken();return n&&r.headers.set("Authorization",`Bearer ${n}`),r}})}isPreAuthEndpoint(e){const r=T(e);return(r.startsWith(this.basePath)?r.slice(this.basePath.length):r).startsWith("/challenge/")}setPreAuthToken(e){this.setToken(this.preAuthKey,e)}getPreAuthToken(){return this.storage.get(this.preAuthKey)}setSessionToken(e){this.setToken(this.sessionKey,e)}getSessionToken(){return this.storage.get(this.sessionKey)}setStepUpHandler(e){this.stepUpHandler=e}async sendWithStepUp(e){const r=await e({});if(r.error!==void 0&&r.response.status===403&&r.error.code===i.StepUpRequired&&this.stepUpHandler!==null){const n=r.error.details?.availableMethods??[],o=await this.stepUpHandler(n);if(o)return e({[D]:o})}return r}setToken(e,r){r===null||r.length===0?this.storage.remove(e):this.storage.set(e,r)}async listMethods(){const{data:e,error:r,response:n}=await this.inner.GET("/methods");return this.toCall(e,r,n)}async removeMethod(e){const{error:r,response:n}=await this.sendWithStepUp(o=>this.inner.DELETE("/methods/{methodId}",{params:{path:{methodId:e}},headers:o}));return r?this.errorCall(r,n):{ok:!0,value:void 0}}async startTotpEnrollment(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/enroll/totp/start",{headers:o}));return this.toCall(e,r,n)}async confirmTotpEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/totp/confirm",{body:e});return this.toCall(r,n,o)}async startEmailEnrollment(e){const{data:r,error:n,response:o}=await this.sendWithStepUp(l=>this.inner.POST("/enroll/email/start",{body:e,headers:l}));return this.toCall(r,n,o)}async confirmEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/confirm",{body:e});return this.toCall(r,n,o)}async resendEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/resend",{body:e});return this.toCall(r,n,o)}async startWebAuthnEnrollment(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/enroll/webauthn/start",{headers:o}));return this.toCall(e,r,n)}async confirmWebAuthnEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/webauthn/confirm",{body:e});return this.toCall(r,n,o)}async startChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/start",{body:e});return this.toCall(r,n,o)}async resendChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/resend",{body:e});return this.toCall(r,n,o)}async verifyChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/verify",{body:e});return this.toCall(r,n,o)}async verifyRecoveryCode(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/recovery-code",{body:e});return this.toCall(r,n,o)}async startStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/start",{body:e});return this.toCall(r,n,o)}async resendStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/resend",{body:e});return this.toCall(r,n,o)}async verifyStepUp(e){const{data:r,error:n,response:o}=await this.inner.POST("/stepup/verify",{body:e});return this.toCall(r,n,o)}async regenerateRecoveryCodes(){const{data:e,error:r,response:n}=await this.sendWithStepUp(o=>this.inner.POST("/recovery-codes/regenerate",{headers:o}));return this.toCall(e,r,n)}toCall(e,r,n){return r!==void 0?this.errorCall(r,n):e===void 0?{ok:!1,code:i.NetworkError,message:I(i.NetworkError),httpStatus:n.status}:{ok:!0,value:e}}errorCall(e,r){const n=e.code||i.Unknown;return{ok:!1,code:n,message:e.message||I(n),httpStatus:r.status,details:e.details??null}}}class z{get(e){return globalThis.sessionStorage?.getItem(e)??null}set(e,r){globalThis.sessionStorage?.setItem(e,r)}remove(e){globalThis.sessionStorage?.removeItem(e)}}class B{get(e){return globalThis.localStorage?.getItem(e)??null}set(e,r){globalThis.localStorage?.setItem(e,r)}remove(e){globalThis.localStorage?.removeItem(e)}}class a extends Error{code;httpStatus;details;constructor(e,r,n,o=null){super(r),this.name="Omni2FaApiError",this.code=e,this.httpStatus=n,this.details=o}}const j={enrollmentId:null,otpAuthUri:null,secret:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function _(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startTotpEnrollment();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmTotpEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"totpEnrollment",initial:"idle",context:j,states:{idle:{on:{start:{target:"starting"}}},starting:{invoke:{src:"startEnrollment",onDone:{target:"awaitingCode",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.otpAuthUri=r.output.otpAuthUri,e.secret=r.output.secret,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>b(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},reset:{target:"idle",actions:p}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>b(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:p}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:p}}}}})}function p({context:t}){t.enrollmentId=null,t.otpAuthUri=null,t.secret=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function b(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const G={enrollmentId:null,email:null,expiresAt:null,resendAvailableAt:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function J(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async({input:e})=>{const r=await t.startEmailEnrollment(e.email!==void 0?{email:e.email}:{});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendEnrollment:s.fromPromise(async({input:e})=>{const r=await t.resendEmailEnrollment({enrollmentId:e.enrollmentId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmEmailEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"emailEnrollment",initial:"idle",context:G,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.email=r.email??null)},invoke:{src:"startEnrollment",input:({context:e})=>({email:e.email??void 0}),onDone:{target:"awaitingCode",actions:({context:e,event:r})=>M(e,r.output)},onError:{target:"failed",actions:({context:e,event:r})=>y(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},resend:{target:"resending"},reset:{target:"idle",actions:f}}},resending:{invoke:{src:"resendEnrollment",input:({context:e})=>{if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>M(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>y(e,r.error)}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>y(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:f}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:f}}}}})}function M(t,e){t.enrollmentId=e.enrollmentId,t.expiresAt=e.expiresAt,t.resendAvailableAt=e.resendAvailableAt,t.errorCode=null,t.errorMessage=null}function f({context:t}){t.enrollmentId=null,t.email=null,t.expiresAt=null,t.resendAvailableAt=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function y(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function h(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.padEnd(Math.ceil(e.length/4)*4,"="),n=atob(r),o=new Uint8Array(n.length);for(let l=0;l<n.length;l++)o[l]=n.charCodeAt(l);return o.buffer}function d(t){const e=new Uint8Array(t);let r="";for(const n of e)r+=String.fromCharCode(n);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function W(t){return(t??[]).map(e=>({...e,id:h(e.id)}))}async function F(t){const e=JSON.parse(t),r={...e,challenge:h(e.challenge),user:{...e.user,id:h(e.user.id)},excludeCredentials:W(e.excludeCredentials)},n=await navigator.credentials.create({publicKey:r});if(n===null)throw new Error("WebAuthn registration produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{attestationObject:d(o.attestationObject),clientDataJSON:d(o.clientDataJSON)}})}async function A(t){const e=JSON.parse(t),r={...e,challenge:h(e.challenge),allowCredentials:W(e.allowCredentials)},n=await navigator.credentials.get({publicKey:r});if(n===null)throw new Error("WebAuthn authentication produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{authenticatorData:d(o.authenticatorData),clientDataJSON:d(o.clientDataJSON),signature:d(o.signature),userHandle:o.userHandle?d(o.userHandle):null}})}const X={enrollmentId:null,optionsJson:null,name:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function K(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startWebAuthnEnrollment();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),registerAndConfirm:s.fromPromise(async({input:e})=>{const r=await F(e.optionsJson),n=await t.confirmWebAuthnEnrollment({enrollmentId:e.enrollmentId,attestationResponseJson:r,name:e.name});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"webauthnEnrollment",initial:"idle",context:X,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.name=r.name??null)},invoke:{src:"startEnrollment",onDone:{target:"registering",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.optionsJson=r.output.optionsJson,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>U(e,r.error)}}},registering:{invoke:{src:"registerAndConfirm",input:({context:e})=>{if(!e.enrollmentId||!e.optionsJson)throw new Error("no pending enrollment");return{enrollmentId:e.enrollmentId,optionsJson:e.optionsJson,name:e.name}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>U(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:k}}},failed:{on:{retry:{target:"starting"},reset:{target:"idle",actions:k}}}}})}function k({context:t}){t.enrollmentId=null,t.optionsJson=null,t.name=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function U(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const Z={methodId:null,methodType:null,userId:null,verifiedToken:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function L(t){return s.setup({types:{context:{},events:{}},actors:{startChallenge:s.fromPromise(async({input:e})=>{const r=await t.startChallenge({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendChallenge:s.fromPromise(async({input:e})=>{const r=await t.resendChallenge({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyChallenge:s.fromPromise(async({input:e})=>{const r=await t.verifyChallenge({methodId:e.methodId,code:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertChallenge:s.fromPromise(async({input:e})=>{const r=await A(e.optionsJson),n=await t.verifyChallenge({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value}),verifyRecoveryCode:s.fromPromise(async({input:e})=>{const r=await t.verifyRecoveryCode({recoveryCode:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"challenge",initial:"idle",context:Z,states:{idle:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>E(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>E(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},asserting:{invoke:{src:"assertChallenge",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:w}}},verifyingRecovery:{invoke:{src:"verifyRecoveryCode",input:({event:e})=>{if(e.type!=="useRecoveryCode")throw new Error("verifyingRecovery requires useRecoveryCode event");return{code:e.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},resending:{invoke:{src:"resendChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>E(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verifying:{invoke:{src:"verifyChallenge",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:w}}},failed:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:w}}}}})}function E(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function w({context:t}){t.methodId=null,t.methodType=null,t.userId=null,t.verifiedToken=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function u(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const Q={items:[],errorCode:null,errorMessage:null};function $(t){return s.setup({types:{context:{},events:{}},actors:{load:s.fromPromise(async()=>{const e=await t.listMethods();if(!e.ok)throw new a(e.code,e.message,e.httpStatus,e.details??null);return e.value}),remove:s.fromPromise(async({input:e})=>{const r=await t.removeMethod(e.methodId);if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return e.methodId})}}).createMachine({id:"methods",initial:"idle",context:Q,states:{idle:{on:{load:{target:"loading"}}},loading:{invoke:{src:"load",onDone:{target:"ready",actions:({context:e,event:r})=>{e.items=r.output,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>O(e,r.error)}}},ready:{on:{load:{target:"loading"},remove:{target:"removing"}}},removing:{invoke:{src:"remove",input:({event:e})=>{if(e.type!=="remove")throw new Error("removing requires remove event");return{methodId:e.methodId}},onDone:{target:"ready",actions:({context:e,event:r})=>{const n=r.output;e.items=e.items.filter(o=>o.id!==n),e.errorCode=null,e.errorMessage=null}},onError:{target:"ready",actions:({context:e,event:r})=>O(e,r.error)}}},failed:{on:{load:{target:"loading"},reset:{target:"idle",actions:x}}}}})}function x({context:t}){t.items=[],t.errorCode=null,t.errorMessage=null}function O(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const ee={methodId:null,methodType:null,stepUpToken:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function H(t){return s.setup({types:{context:{},events:{}},actors:{startStepUp:s.fromPromise(async({input:e})=>{const r=await t.startStepUp({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendStepUp:s.fromPromise(async({input:e})=>{const r=await t.resendStepUp({methodId:e.methodId});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyStepUp:s.fromPromise(async({input:e})=>{const r=await t.verifyStepUp({methodId:e.methodId,code:e.code});if(!r.ok)throw new a(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertStepUp:s.fromPromise(async({input:e})=>{const r=await A(e.optionsJson),n=await t.verifyStepUp({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new a(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"stepup",initial:"idle",context:ee,states:{idle:{on:{pick:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startStepUp",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>v(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>v(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>c(e,r.error)}}},asserting:{invoke:{src:"assertStepUp",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>P(e,r.output.stepUpToken)},onError:{target:"failed",actions:({context:e,event:r})=>c(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},reset:{target:"idle",actions:C}}},resending:{invoke:{src:"resendStepUp",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>v(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>c(e,r.error)}}},verifying:{invoke:{src:"verifyStepUp",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>P(e,r.output.stepUpToken)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>c(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:C}}},failed:{on:{pick:{target:"starting"},reset:{target:"idle",actions:C}}}}})}function v(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function P(t,e){t.stepUpToken=e,t.errorCode=null,t.errorMessage=null}function C({context:t}){t.methodId=null,t.methodType=null,t.stepUpToken=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function c(t,e){e instanceof a?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function re(t){const e=new R(t),r=s.createActor(_(e)),n=s.createActor(J(e)),o=s.createActor(K(e)),l=s.createActor(L(e)),m=s.createActor(H(e)),g=s.createActor($(e));return r.start(),n.start(),o.start(),l.start(),m.start(),g.start(),{client:e,totpEnrollment:r,emailEnrollment:n,webauthnEnrollment:o,challenge:l,stepUp:m,methods:g,dispose(){r.stop(),n.stop(),o.stop(),l.stop(),m.stop(),g.stop()}}}exports.LocalStorageStorage=B;exports.MemoryStorage=N;exports.Omni2FaApiError=a;exports.Omni2FaClient=R;exports.Omni2FaErrorCodes=i;exports.STEP_UP_HEADER=D;exports.SessionStorageStorage=z;exports.createChallengeMachine=L;exports.createEmailEnrollmentMachine=J;exports.createMethodsMachine=$;exports.createOmni2Fa=re;exports.createStepUpMachine=H;exports.createTotpEnrollmentMachine=_;exports.createWebAuthnEnrollmentMachine=K;exports.getDefaultMessage=I;exports.startAuthentication=A;exports.startRegistration=F;
 //# sourceMappingURL=index.cjs.map