@prove-identity/prove-auth 2.15.2 → 3.1.0

package/README.md

@@ -25,7 +25,7 @@ This project provides several options for running unit tests. Follow these instr
 To run the standard test suite, run the following:
 
 ```
-npm test
+npm test-in-browser
 ```
 
 This command will execute all unit tests and display the results in your default web browser.
@@ -35,7 +35,7 @@ This command will execute all unit tests and display the results in your default
 If you need to run tests in a Node.js environment, run the following:
 
 ```
-npm run test-with-node
+npm run test
 ```
 
 This command will execute all unit tests and display the results in your terminal.

package/build/bundle/release/prove-auth.js

@@ -1 +1 @@
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,(()=>(()=>{var e={6616:(e,t,r)=>{"use strict";r.r(t),r.d(t,{ERROR_API_KEY_EXPIRED:()=>w,ERROR_API_KEY_INVALID:()=>R,ERROR_API_KEY_MISSING:()=>E,ERROR_BAD_REQUEST_FORMAT:()=>O,ERROR_BAD_RESPONSE_FORMAT:()=>u,ERROR_CLIENT_TIMEOUT:()=>o,ERROR_CSP_BLOCK:()=>l,ERROR_FORBIDDEN_ENDPOINT:()=>m,ERROR_FORBIDDEN_HEADER:()=>P,ERROR_FORBIDDEN_ORIGIN:()=>A,ERROR_GENERAL_SERVER_FAILURE:()=>S,ERROR_INSTALLATION_METHOD_RESTRICTED:()=>v,ERROR_INTEGRATION_FAILURE:()=>_,ERROR_INVALID_ENDPOINT:()=>d,ERROR_NETWORK_ABORT:()=>c,ERROR_NETWORK_CONNECTION:()=>a,ERROR_RATE_LIMIT:()=>b,ERROR_SCRIPT_LOAD_FAIL:()=>D,ERROR_SERVER_TIMEOUT:()=>y,ERROR_SUBSCRIPTION_NOT_ACTIVE:()=>f,ERROR_TOKEN_EXPIRED:()=>T,ERROR_TOKEN_INVALID:()=>N,ERROR_TOKEN_MISSING:()=>I,ERROR_UNSUPPORTED_VERSION:()=>g,ERROR_WRONG_REGION:()=>p,default:()=>j,defaultEndpoint:()=>n,defaultScriptUrlPattern:()=>F,defaultTlsEndpoint:()=>s,load:()=>x});var i=function(){return i=Object.assign||function(e){for(var t,r=1,i=arguments.length;r<i;r++)for(var n in t=arguments[r])Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n]);return e},i.apply(this,arguments)};Object.create,Object.create,"function"==typeof SuppressedError&&SuppressedError;var n={default:"endpoint"},s={default:"tlsEndpoint"},o="Client timeout",a="Network connection error",c="Network request aborted",u="Response cannot be parsed",l="Blocked by CSP",d="The endpoint parameter is not a valid URL";function h(e){for(var t="",r=0;r<e.length;++r)if(r>0){var i=e[r].toLowerCase();i!==e[r]?t+=" ".concat(i):t+=e[r]}else t+=e[r].toUpperCase();return t}var p=h("WrongRegion"),f=h("SubscriptionNotActive"),g=h("UnsupportedVersion"),v=h("InstallationMethodRestricted"),m=h("HostnameRestricted"),_=h("IntegrationFailed"),E="API key required",R="API key not found",w="API key expired",O="Request cannot be parsed",S="Request failed",y="Request failed to process",b="Too many requests, rate limit exceeded",A="Not available for this origin",P="Not available with restricted header",I=E,N=R,T=w,C="3.11.0",D="Failed to load the JS script of the agent",L="9319";function M(e,t){var r,i,n,s,o=[],a=(r=function(e){var t=function(e,t,r){if(r||2===arguments.length)for(var i,n=0,s=t.length;n<s;n++)!i&&n in t||(i||(i=Array.prototype.slice.call(t,0,n)),i[n]=t[n]);return e.concat(i||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),s=0,i=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,s++))},n=new Set,[r.current(),function(e,t){var s,o=t instanceof Error?t.message:"";if(o===l||o===d)r.exclude(),s=0;else if(o===L)r.exclude();else if(o===D){var a=Date.now()-e.getTime()<50,c=r.current();c&&a&&!n.has(c)&&(n.add(c),s=0),r.postpone()}else r.postpone();var u=r.current();return void 0===u?void 0:[u,null!=s?s:e.getTime()+i()-Date.now()]}]),c=a[0],u=a[1];if(void 0===c)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var h=function(e){var r=new Date,i=function(t){return o.push({url:e,startedAt:r,finishedAt:new Date,error:t})},n=t(e);return n.then((function(){return i()}),i),n.catch((function(e){if(o.length>=5)throw e;var t=u(r,e);if(!t)throw e;var i,n=t[0],s=t[1];return(i=s,new Promise((function(e){return setTimeout(e,i)}))).then((function(){return h(n)}))}))};return h(c).then((function(e){return[e,o]}))}var U="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",F=U;function x(e){var t;e.scriptUrlPattern;var r=e.token,n=e.apiKey,s=void 0===n?r:n,o=function(e,t){var r={};for(var i in e)Object.prototype.hasOwnProperty.call(e,i)&&t.indexOf(i)<0&&(r[i]=e[i]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var n=0;for(i=Object.getOwnPropertySymbols(e);n<i.length;n++)t.indexOf(i[n])<0&&Object.prototype.propertyIsEnumerable.call(e,i[n])&&(r[i[n]]=e[i[n]])}return r}(e,["scriptUrlPattern","token","apiKey"]),a=null!==(t=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(e,"scriptUrlPattern"))&&void 0!==t?t:U,c=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},r=function(e,t,r,i){return e.addEventListener(t,r,i),function(){return e.removeEventListener(t,r,i)}}(document,"visibilitychange",t);return t(),[e,r]}(),u=c[0],l=c[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error(E);return M(function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var r=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?r(t):"<loaderVersion>"===e?r(C):e}))}(String(e),t)}))}(a,s),k)})).catch((function(e){throw l(),function(e){return e instanceof Error&&e.message===L?new Error(D):e}(e)})).then((function(e){var t=e[0],r=e[1];return l(),t.load(i(i({},o),{ldi:{attempts:r,visibilityStates:u}}))}))}function k(e){return function(e,t,r,i){var n,s=document,o="securitypolicyviolation",a=function(t){var r=new URL(e,location.href),i=t.blockedURI;i!==r.href&&i!==r.protocol.slice(0,-1)&&i!==r.origin||(n=t,c())};s.addEventListener(o,a);var c=function(){return s.removeEventListener(o,a)};return Promise.resolve().then(t).then((function(e){return c(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(c(),n)return function(){throw new Error(l)}();throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,r){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(d);var i=document.createElement("script"),n=function(){var e;return null===(e=i.parentNode)||void 0===e?void 0:e.removeChild(i)},s=document.head||document.getElementsByTagName("head")[0];i.onload=function(){n(),t()},i.onerror=function(){n(),r(new Error(D))},i.async=!0,i.src=e,s.appendChild(i)}))}(e)})).then(B)}function B(){var e=window,t="__fpjs_p_l_b",r=e[t];if(function(e,t){var r,i=null===(r=Object.getOwnPropertyDescriptor)||void 0===r?void 0:r.call(Object,e,t);(null==i?void 0:i.configurable)?delete e[t]:i&&!i.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==r?void 0:r.load))throw new Error(L);return r}var j={load:x,defaultScriptUrlPattern:U,ERROR_SCRIPT_LOAD_FAIL:D,ERROR_API_KEY_EXPIRED:w,ERROR_API_KEY_INVALID:R,ERROR_API_KEY_MISSING:E,ERROR_BAD_REQUEST_FORMAT:O,ERROR_BAD_RESPONSE_FORMAT:u,ERROR_CLIENT_TIMEOUT:o,ERROR_CSP_BLOCK:l,ERROR_FORBIDDEN_ENDPOINT:m,ERROR_FORBIDDEN_HEADER:P,ERROR_FORBIDDEN_ORIGIN:A,ERROR_GENERAL_SERVER_FAILURE:S,ERROR_INSTALLATION_METHOD_RESTRICTED:v,ERROR_INTEGRATION_FAILURE:_,ERROR_INVALID_ENDPOINT:d,ERROR_NETWORK_ABORT:c,ERROR_NETWORK_CONNECTION:a,ERROR_RATE_LIMIT:b,ERROR_SERVER_TIMEOUT:y,ERROR_SUBSCRIPTION_NOT_ACTIVE:f,ERROR_TOKEN_EXPIRED:w,ERROR_TOKEN_INVALID:R,ERROR_TOKEN_MISSING:E,ERROR_UNSUPPORTED_VERSION:g,ERROR_WRONG_REGION:p,defaultEndpoint:n,defaultTlsEndpoint:s}},2715:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},8266:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(9843);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const s=i(r(7460));t.AuthenticatorBuilder=s.default;const o=r(6639);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return o.ErrorCode}});const a=r(2400);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(79));t.DeviceDescriptor=c.default;const u=r(2715);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}})},7460:function(e,t,r){"use strict";var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),s=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},o=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=o(r(3060)),c=o(r(7834)),u=o(r(7747)),l=o(r(5386)),d=o(r(689)),h=o(r(4670)),p=s(r(9134));function f(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=f(e),this}withIpDiscoveryUrl(e){return this._ipDiscoveryUrl=e,this}withFinishStep(e){return this._finishStep=f(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new u.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new p.default,r=new p.PixelFinishStep);const i=this._deviceIpDetection?new l.default(this._ipDiscoveryUrl):new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},6639:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},6902:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},7747:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(8498)),o=n(r(5112)),a=n(r(6625)),c=n(r(5030)),u=r(2715),l=r(6458);t.default=class{constructor(){this.logger=u.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return this.logger.info(t),t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=c.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=o.default.create(t)):"3"===t.searchParams.get("pfflow")?(this.logger.info("flow v3 detected"),r=a.default.create((0,l.toURL)(e.authUrl.replace("&pfflow=3","")))):t.toString().toLowerCase().includes("authentication/validate/flowcontrol",0)?(this.logger.info("flow v3 detected"),r=a.default.create(t)):(this.logger.info("flow v1 detected"),r=s.default.create(t)),{vfp:yield r.handle()}}))}}},8616:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r{constructor(e){this.requestId=e.request_id,this.mnoToken=e.mno_token,this.mno=e.mno,this.expires=e.expires,this.firstUri=e.first_uri,this.uriStack=e.uri_stack,this.headers={},e.headers.forEach((e=>{this.headers[e.key]=e.value})),this.requestBody=e.request_body,this.command=e.command,this.vfpPath=e.vfp_path,this.redirectStatusMinimum=e.redirect_status_minimum,this.redirectStatusMaximum=e.redirect_status_maximum,this.enableCookies=e.enable_cookies,this.enableDynamicHeaders=e.enable_dynamic_headers,this.maximumRedirects=e.maximum_redirects}static serialize(e){return JSON.stringify(e)}static deserialize(e){return new r(JSON.parse(e))}}t.default=r},5030:function(e,t){"use strict";var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const s=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,o=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(o,s)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,(function*(){return new Promise((e=>{setTimeout((()=>e(this.testVfp)),this.delay)}))}))}}t.default=i},6458:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const s=r(2715),o=r(6639),a=r(9843),c=n(r(6902));t.toURL=function(e){try{return new u(e)}catch(t){throw new c.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,(function*(){const t=e.status;switch(t){case 404:throw new c.default(o.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(o.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(o.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}}))},t.fetchAuth=function(e,t){var r;const i=s.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},u=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${u} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(o.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const l={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(l["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:u,mode:"cors",headers:l,body:d}).then((e=>(i.debug(`${e.status} ${e.statusText}`),e)))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,s=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),s.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,s.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,s.push(String.fromCharCode(r>>16))}return s.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class u{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex((t=>t.key===e));-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find((t=>t.key===e)))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=u},8498:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2715),o=n(r(6902)),a=r(6639),c=r(6458);class u{static create(e){return e.searchParams.set("r","f"),new u(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,(function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new o.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const s=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${s}`);const o=null!==(t=s.searchParams.get("vfp"))&&void 0!==t?t:s.searchParams.get("token");if(o&&o!==i)return this.logger.debug(`vfp changed to ${o}`),o;n=s}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=u},5112:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2715),o=r(6639),a=n(r(6902)),c=r(6458);class u{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,s,l;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{s=i.vfp}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{l=i.data}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new u(n,s,l,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=s.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,(function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const s=c.Base64.encode(n);return`${this.vfp}___${s}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(o.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}}))}}t.default=u},6625:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2715),o=r(9843),a=n(r(6902)),c=r(6639),u=r(6458),l=n(r(8616));class d{static create(e){return e.searchParams.set("r","f"),new d(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v3"),this.cookies={}}handle(){var e,t;return i(this,void 0,void 0,(function*(){const r=yield this.getFlowControl(this.url);let i;this.logger.info("ControlFlow retrieved"),this.url=new u.RawURL(r.firstUri);const n=this.url.searchParams.get("vfp");let s=this.url;for(this.logger.debug(`current vfp ${n}`);;){try{i=s.toString().includes("auth-api.tmtanalysis.com")?yield this.fetchTmt(s,r):yield this.fetch(s,r)}catch(e){throw new a.default(c.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(i.url),i.status>=r.redirectStatusMinimum&&i.status<=r.redirectStatusMaximum){const r=new u.RawURL(null!==(e=i.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${r}`);const o=null!==(t=r.searchParams.get("vfp"))&&void 0!==t?t:r.searchParams.get("token");if(o&&o!==n)return this.logger.debug(`vfp changed to ${o}`),o;s=r}else{if(i.status>=200&&i.status<300){let e;try{e=yield i.json()}catch(e){throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,u.handleHttpError)(i)}}}))}getFlowControl(e){var t;return i(this,void 0,void 0,(function*(){const r=yield(0,u.fetchAuth)(e,{}),i=null===(t=r.body)||void 0===t?void 0:t.getReader();let n="";if(i){const{value:e,done:t}=yield i.read();e&&(n+=(new TextDecoder).decode(e))}return l.default.deserialize(n)}))}fetch(e,t){var r;const i=s.LoggerFactory.getLogger("http-client");if(i.info(`${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);var n="";this.addCookie(document.cookie);for(const[e,t]of Object.entries(this.cookies))n+=`${e}=${t}; `;let u;this.cookies.length>0&&(document.cookie=n),(null===(r=t.headers.Cookie)||void 0===r?void 0:r.length)>0&&(n+=t.headers.Cookie,document.cookie=n),e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(u=t.requestBody),i.debug("Headers:");for(let e in t.headers)i.debug(`${e}:${t.headers[e]}`);return i.debug(`Cookie:${document.cookie}`),u&&i.debug(`Request Body: ${u}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:t.headers,body:u}).then((e=>(i.debug("Response:\r\nStatus:"),i.debug(`${e.status} ${e.statusText}`),i.debug("Headers:"),e.headers.forEach(((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),i.debug(`${t}:${e}`)})),this.addCookie(document.cookie),i.debug("Body:"),i.debug(e.body),e)))}fetchTmt(e,t){const r=s.LoggerFactory.getLogger("http-client");if(r.info(`Fetch TMT ${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);let i;e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(i=t.requestBody);r.debug("Headers:");for(let e in t.headers)r.debug(`${e}:${t.headers[e]}`);return i&&r.debug(`Request Body: ${i}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}).then((e=>(r.debug("Response:\r\nStatus:"),r.debug(`${e.status} ${e.statusText}`),r.debug("Headers:"),e.headers.forEach(((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),r.debug(`${t}:${e}`)})),this.addCookie(document.cookie),r.debug("Body:"),r.debug(e.body),e)))}addCookie(e){const t=e.split(";");for(const e of t){const t=e.split("=");if(t.length>1){const e=t[0].trim(),r=t[1].trim();this.cookies[e]=r}}}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=d},4670:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(5030)),o=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}}))}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(s)return;o();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let s=!1;const o=()=>{this.logger.trace("cleanup global callback"),s=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout((()=>{s||(o(),t(new Error("script loaded, but not executed")))}),1e3)},n.onerror=()=>{this.logger.trace("script load error"),s||(o(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()}))}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},9134:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const s=n(r(5030)),o=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}}))}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()}))}))}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},7834:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2715),o=r(2400),a=n(r(4517)),c=r(6639);class u{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class l{constructor(){this.currentStep=o.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStepFunc=t,this.authenticationStep=r,this.finishStepFunc=i,this.timeout=n,this.logger=s.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var s;return i(this,void 0,void 0,(function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${o.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${o.StepCode[t]}`),i}catch(e){const r=null!==(s=e.errorCode)&&void 0!==s?s:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}}))}authenticate(e){return new Promise(((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeAuth(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}findMyIp(e){return new Promise(((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeFindMyIP(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}startStep(e){return new Promise(((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeStartStep(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}authenticateWithRedirect(e,t){return new Promise(((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout((()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeAuthWithRedirect(n,e,t).then((e=>{n.timedOut||(clearTimeout(s),r(e))}),(e=>{n.timedOut||(clearTimeout(s),i(e))}))}))}finishStep(e,t){return new Promise(((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout((()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeFinishStep(n,e,t).then((e=>{n.timedOut||(clearTimeout(s),r(e))}),(e=>{n.timedOut||(clearTimeout(s),i(e))}))}))}executeAuth(e,t){return i(this,void 0,void 0,(function*(){const r=new u(t);r._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,r);return this.logger.info("result",i),i}))}executeFindMyIP(e,t){var r;return i(this,void 0,void 0,(function*(){const i=new u(t);return i._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,i)).deviceDescriptor,this.logger.info(`deviceDescriptor=${i.deviceDescriptor}`),null!==(r=i._deviceDescriptor.ip)&&void 0!==r?r:"undefined"}))}executeStartStep(e,t){return i(this,void 0,void 0,(function*(){const r=new u(t);return r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._authUrl}))}executeAuthWithRedirect(e,t,r){return i(this,void 0,void 0,(function*(){const i=new u(t);return i._authUrl=r,i._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,i)).vfp,this.logger.info(`vfp=${i.vfp}`),i._vfp}))}executeFinishStep(e,t,r){return i(this,void 0,void 0,(function*(){const i=new u(t);i._vfp=r;const n=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,i);return this.logger.info("result",n),n}))}}},5386:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(6639),o=n(r(79)),a=n(r(6902));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://whatismyip.proveapis.com/whatismyip"}execute(e){return i(this,void 0,void 0,(function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://whatismyip.proveapis.com/whatismyip");if(t.ok)return{deviceDescriptor:new o.default(yield t.text())};throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)}))}}},689:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(79));t.default=class{execute(e){var t;return i(this,void 0,void 0,(function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new s.default}}))}}},3060:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},4517:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});const i=r(6639),n=r(2400);class s extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,s),this.name="AuthProcessError",this.stepCode=e}}t.default=s},79:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},2400:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},9843:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.1.0",t.VERSION_CODE=30100},3607:function(e,t,r){"use strict";var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),s=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},o=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=t.BuildConfig=t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.AuthenticatorBuilder=t.VERSION=void 0;const a=r(6462);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return a.VERSION}});const c=s(r(4817));t.AuthenticatorBuilder=c.default,Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return c.DeviceRole}}),Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return c.MobileAuthImplementation}});const u=r(5501);Object.defineProperty(t,"BuildConfig",{enumerable:!0,get:function(){return u.BuildConfig}});const l=r(6267);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return l.AuthResponseStatus}});const d=r(1727);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return d.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return d.LogLevel}});const h=o(r(4610));t.CancelablePromise=h.default;const p=r(3794);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return p.PhoneValidationError}});const f=r(8864);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return f.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return f.OtpFinishResultType}});const g=r(1041);Object.defineProperty(t,"InstantLinkResultType",{enumerable:!0,get:function(){return g.InstantLinkResultType}})},4817:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=t.DeviceRole=void 0;const n=r(1092),s=i(r(8370)),o=i(r(6736)),a=i(r(1840)),c=i(r(7625)),u=i(r(3075)),l=i(r(8907)),d=i(r(1703)),h=i(r(6185)),p=i(r(1044)),f=i(r(1474)),g=i(r(9790)),v=r(2207),m=i(r(9568)),_=r(1727),E=i(r(7370)),R=r(5501),w=r(2508);var O,S;!function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(O=t.DeviceRole||(t.DeviceRole={})),function(e){e.Pixel="pixel",e.Fetch="fetch"}(S=t.MobileAuthImplementation||(t.MobileAuthImplementation={})),t.default=class{constructor(){this.role=O.Primary,this.mobileAuthImplementation=S.Fetch,this.upkEnabled=!1,this.ppbEnabled=!1,this.log=_.LoggerFactory.getLogger("authenticator-builder"),"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withDeviceContext(e){return this.deviceContextOptions=e,this}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e,t){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this.instantLinkRetryStep="function"==typeof t?{execute:t}:t,this}withUPKEnabled(){return this.withUniversalProveKey()}withUniversalProveKey(e){return this.userConsentStep=e?"function"==typeof e?{execute:e}:e:{execute:()=>Promise.resolve({consentGranted:!0})},this.upkEnabled=null!=this.userConsentStep,this}withPrivacyPreservingBiometrics(e,t){return this.ppbEnabled=!0,this.ppbStartStep="function"==typeof e?{execute:e}:e,this.ppbFinishStep="function"==typeof t?{execute:t}:t,this}getUrlsByBuildConfig(e){switch(e){case R.BuildConfig.US_PROD:return[R.ProveAuthProxyScriptUrl.DEFAULT_US_PROD_SCRIPT_URL.toString(),R.ProveAuthProxyEndpoint.DEFAULT_US_PROD_ENDPOINT.toString()];case R.BuildConfig.US_UAT:return[R.ProveAuthProxyScriptUrl.DEFAULT_US_UAT_SCRIPT_URL.toString(),R.ProveAuthProxyEndpoint.DEFAULT_US_UAT_ENDPOINT.toString()];case R.BuildConfig.DEV:return this.log.debug("Recommended for Prove's internal testing only, BuildConfig.DEV might need custom endpoint URL and custom script URL values to bypass ad blockers"),[void 0,void 0];default:return this.log.warn("Unknown BuildConfig value: "+e),[void 0,void 0]}}getRegionByBuildConfig(e){var t;switch(e){case R.BuildConfig.DEV:case R.BuildConfig.US_PROD:case R.BuildConfig.US_UAT:t="us";break;default:this.log.warn("Unknown BuildConfig value, set Region to default value: us"),t="us"}return t}getFpPromiseInstanceFromOptions(e){try{const t=r(6616);if(t){if(e){let r=this.getRegionByBuildConfig(e.buildConfig),[i,n]=this.getUrlsByBuildConfig(e.buildConfig);e.customScriptUrl&&e.customEndpointUrl&&(i=e.customScriptUrl,n=e.customEndpointUrl);const s=i?[`${i}?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>`,t.defaultScriptUrlPattern]:[t.defaultScriptUrlPattern],o=n?[`${n}?region=${r}`,t.defaultEndpoint]:[t.defaultEndpoint],a=t.load({apiKey:e.publicApiKey,endpoint:o,scriptUrlPattern:s,region:r}),c=a?"successfully":"unsuccessfully with null instance";return this.log.trace(`Instantiating FingerprintJS ${c}`),a}this.log.warn("Prove Key Persistence feature is not enabled")}else this.log.debug("fingerprintjs package is not installed or failed to load")}catch(e){this.log.trace("FingerprintJS is not installed or failed to load",e)}}withPasskeyAlreadyExistCallback(e){return this.passkeyCreationHandler=e,this}build(){var e;if(!this.platform)throw new Error("Implementation of Platform is required");if(!this.storage)throw new Error("Implementation of Storage is required");const t=this.getFpPromiseInstanceFromOptions(this.deviceContextOptions);t&&(null===(e=this.platform)||void 0===e||e.setFpPromise(t));const r=new E.default(this.storage);return r.upkEnabled=this.upkEnabled,this.role===O.Primary?new m.default(this.platform,r,this.authFinishStep,[new g.default(this.upkEnabled),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new o.default(this.getDisplayName,this.passkeyCreationHandler,this.role),new f.default(this.getDisplayName,this.passkeyCreationHandler),new p.default(this.upkEnabled,this.userConsentStep),new s.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new l.default(this.otpStartStep,this.otpFinishStep),new d.default(this.authMessageHandler),new h.default,new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep)]):new m.default(this.platform,r,this.authFinishStep,[new o.default(this.getDisplayName,void 0,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep)])}}},8607:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){return Uint8Array.from(atob(r.stringToBase64(e)),(e=>e.charCodeAt(0)))}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},4610:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super(((r,i)=>e(r,i,(e=>t=e)))),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},1727:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},5501:(e,t)=>{"use strict";var r,i,n;Object.defineProperty(t,"__esModule",{value:!0}),t.BuildConfig=t.ProveAuthProxyEndpoint=t.ProveAuthProxyScriptUrl=void 0,(n=t.ProveAuthProxyScriptUrl||(t.ProveAuthProxyScriptUrl={})).DEFAULT_US_UAT_SCRIPT_URL="https://upk.uat.prove-auth.proveapis.com/vFqZceQyx8/uqLttozA7q",n.DEFAULT_US_PROD_SCRIPT_URL="https://upk.prove-auth.proveapis.com/vf82rhgDRK/r4VnwuwPUd",(i=t.ProveAuthProxyEndpoint||(t.ProveAuthProxyEndpoint={})).DEFAULT_US_UAT_ENDPOINT="https://upk.uat.prove-auth.proveapis.com/vFqZceQyx8/bt9xhGAgQw",i.DEFAULT_US_PROD_ENDPOINT="https://upk.prove-auth.proveapis.com/vf82rhgDRK/ePaZsNne4X",(r=t.BuildConfig||(t.BuildConfig={})).DEV="DEV",r.US_UAT="US_UAT",r.US_PROD="US_PROD"},1041:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=void 0,(r=t.InstantLinkResultType||(t.InstantLinkResultType={}))[r.OnResend=0]="OnResend",r[r.OnMobileNumberChange=1]="OnMobileNumberChange"},3350:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),t.startsWith("[object ")&&(t=JSON.stringify(e)))}return t}}t.default=r},6267:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,(r=t.AuthResponseStatus||(t.AuthResponseStatus={})).Accept="accept",r.Reject="reject",r.Cancel="cancel",r.Unexpected="unexpected",r.Timeout="timeout",r.Unknown="unknown"},1204:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=r(6462),o=i(r(3350)),a=r(2102),c=i(r(5186)),u=r(1786);class l{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendOrigin(){var e;return this.backendOriginOverride||(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,s;this.channels=new Set,this.log=n.LoggerFactory.getLogger("auth-session"),this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(s=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===s?void 0:s.uvlvl)||a.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",i="application/json",n=JSON.stringify(t),o=e.split("?"),a=o[0],u=o.length>1?o[1]:"",l=new Headers({Accept:i,"Content-Type":i,"PA-Version":s.USER_AGENT_VERSIONS});return this.authToken&&l.set("Authorization","Bearer "+this.authToken),new Promise(((t,s)=>{this.requestSigner.sign(r,a,u,i,n).then((i=>{i&&(l.set("PA-Sig-Version",i.version),l.set("PA-Challenge",i.challenge),l.set("PA-KID",i.keyId),l.set("PA-Signature",i.signature)),this.platform.fetch(this.backendOrigin+e,{mode:"cors",method:r,headers:l,body:n}).then((e=>e.json())).then((e=>{e.error&&e.error.code===c.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),this.lastData=e.data,t(e)})).catch(s)})).catch(s)}))}static parseCloseEvent(e){var t=u.WebSocketCloseReasons.UNKNOWN_REASON;switch(e.code){case 1e3:t=u.WebSocketCloseReasons.NORMAL_CLOSURE;break;case 1001:t=u.WebSocketCloseReasons.GOING_AWAY;break;case 1002:t=u.WebSocketCloseReasons.PROTOCOL_ERROR;break;case 1003:t=u.WebSocketCloseReasons.UNSUPPORTED_DATA;break;case 1005:t=u.WebSocketCloseReasons.NO_STATUS_RECEIVED;break;case 1006:t=u.WebSocketCloseReasons.ABNORMAL_CLOSURE;break;case 1007:t=u.WebSocketCloseReasons.INVALID_FRAME_PAYLOAD_DATA;break;case 1008:t=u.WebSocketCloseReasons.POLICY_VIOLATION;break;case 1009:t=u.WebSocketCloseReasons.MESSAGE_TOO_BIG;break;case 1010:t=u.WebSocketCloseReasons.MANDATORY_EXTENSION;break;case 1011:t=u.WebSocketCloseReasons.INTERNAL_ERROR;break;case 1015:t=u.WebSocketCloseReasons.TLS_HANDSHAKE}return[t,e.code]}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const n=this.backendOrigin.replace(/^http/,"ws"),s=this.platform.createMessageChannel(n+e);var o=!0;const a=setInterval((()=>{o?(this.log.trace("Sending ping message"),o=!1,s.send("ping")):(this.log.warn("Failed to receive ping response in time, closing the channel"),clearInterval(a),s.close(),r("Channel communication stalled"),this.channels.delete(s))}),3e4);return s.addEventListener("close",(e=>{var r=e.code?`with status code: ${e.code}`:"without status code";this.log.debug(`Message channel is closed ${r}`),clearInterval(a),this.channels.delete(s);const[i,n]=l.parseCloseEvent(e);t(i,n)})),s.addEventListener("error",(e=>{this.log.debug("Message channel encountered an error",e)})),s.addEventListener("message",(e=>{if(this.log.trace("Message channel received a message"),this.log.trace(e),"origin"in e&&e.origin!==n)r("Unexpected origin");else{const t=e.data;t&&"string"==typeof t?"pong"===t?o=!0:i(t):i(e.toString())}})),this.channels.add(s),s}closeAllMessageChannels(){this.log.trace("Closing all message channels, total "+this.channels.size+" registered channels");const e=new Set(this.channels);e.forEach((e=>e.close())),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise(((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then((t=>{t&&(this.backendOriginOverride?this.log.debug("Not overriding backend URL since it has been already set"):(this.backendOriginOverride=t.endpoint,this.log.debug("backend URL overridden with "+this.backendOriginOverride))),e(t)})).catch(t)}))}embedFpResultToDeviceRegistration(e){return new Promise((t=>{this.getFingerprintData().then((r=>{r&&e.setFpSignal(r),t(e)})).catch((t=>{const r=`Unexpected error happened during Fingerprint data collection: ${o.default.extractMessage(t)}`;this.log.warn(t),e.setFpSignal({error:r})}))}))}getCurrentTimestampInSeconds(){const e=Date.now();return Math.floor(e/1e3)}markNewFptts(e){this.settings.fingerPrintTimestamp=e||this.getCurrentTimestampInSeconds()}resetFptts(){this.settings.fingerPrintTimestamp=null}getFingerprintData(){return new Promise((e=>{var t=this.platform.getFpPromise();if(this.shouldCollectFP())if(t)this.shouldRefreshFpSignal(this.getCurrentTimestampInSeconds())?(this.log.trace("Collect new FP signal"),t.then((e=>e.get())).then((t=>{if(t.sealedResult)this.log.debug(`FP result: ${t.sealedResult}`),e({results:t.sealedResult});else{const t="Cannot found sealed result in Fingerprint returned payload";this.log.warn(t),e({error:t})}})).catch((t=>{const r=`Error in collecting Fingerprint data: ${o.default.extractMessage(t)}`;this.log.warn(t),e({error:r})}))):(this.log.trace("Existing FP signal is not yet expired, skip new collection"),e(void 0));else{const t="Found null instance of Fingerprint, check if your input API key is valid";this.log.warn(t),e({error:t})}else this.log.trace("Fingerprint is not enabled from AuthToken"),e(void 0)}))}shouldCollectFP(){var e,t,r;return!!(null===(r=null===(t=null===(e=this.claims)||void 0===e?void 0:e.auth.subs.dev)||void 0===t?void 0:t.sgnls)||void 0===r?void 0:r.fpt)}shouldRefreshFpSignal(e){var t,r,i,n;if(!this.settings.deviceId||!this.settings.fingerPrintTimestamp)return this.resetFptts(),!0;const s=null!==(n=null===(i=null===(r=null===(t=this.claims)||void 0===t?void 0:t.auth.subs.dev)||void 0===r?void 0:r.sgnls)||void 0===i?void 0:i.fptrr)&&void 0!==n?n:0;return e-this.settings.fingerPrintTimestamp>=s}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}t.default=l},3225:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(1727),s=i(r(3350));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise(((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),((e,r)=>{t||i(new s.default(`Failed to receive secondary authentication with status code ${r}. ${e}`))}),(e=>{t=!0,i(new s.default("Failed to receive secondary authentication status: "+e))}),(o=>{t=!0;try{this.log.debug("Secondary authentication status: "+o);const t=JSON.parse(o);t.error?i(new s.default(t.error.message,t.error.code,t.next,!1)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{this.log.trace("Closing channel"),n.close()}}))}))}}},2102:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,(r=t.UserVerificationLevel||(t.UserVerificationLevel={})).Discouraged="none",r.Preferred="pref",r.Required="req"},8370:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),s=r(1727),o=i(r(3350)),a=i(r(5186)),c=i(r(1840));class u{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-register-step"),this.name=u.NAME}execute(e){return new Promise(((t,r)=>{u.hasAssertionResponse(e)?c.default.runFidoVerify(this.log,e).then(t).catch(r):e.getDeviceRegistration().then((i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then((i=>{i.getAuthRegistration(e.challenge).then((t=>this.finishRegistration(e,[this.getFido2Registration(e),t]))).then((n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then((()=>t(n))).catch(r)})).catch(r)})).catch(r)})).catch(r)}))}static hasAssertionResponse(e){const t=e.credential.response;return t&&"authenticatorData"in t&&"signature"in t}finishRegistration(e,t){return new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then((t=>{if(t.error)i(new o.default(t.error.message,t.error.code,t.next,!1));else{const n=t.data;n?(n.deviceId&&(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0),n.scanMessage&&(e.authMessage=n.scanMessage),r(t.next)):i(new o.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}})).catch(i)}))}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}u.NAME="device/passive/register",t.default=u},1044:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=i(r(3350));class o{constructor(e,t){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.forUPK=e,this.userConsentStep=null!=t?t:{execute:()=>Promise.resolve({consentGranted:!0})}}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?e.embedFpResultToDeviceRegistration(i).then((i=>{this.verify(e,i).then(t).catch(r)})):this.userConsentStep.execute().then((i=>{i.consentGranted?e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then((t=>e.embedFpResultToDeviceRegistration(t))).then((t=>this.register(e,t))).then(t).catch(r):r(new Error("User denied the consent to register the device"))})).catch(r)})).catch(r)}))}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise(((r,i)=>{t.getAuthRegistration(e.challenge).then((n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n],signals:t.getSignals()}).then((n=>{var o;if(n.error)i(new s.default(n.error.message,n.error.code,n.next,!1));else{(null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=n.data,c=null==a?void 0:a.deviceId;c||i(new s.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=c,null!=a.passkey&&(e.settings.fidoPasskeyRegistered=a.passkey),t.deviceId=c,this.log.debug("Device ID: "+c),a.scanMessage&&(e.authMessage=a.scanMessage),e.platform.deviceAuth.storeRegistration(t).then((()=>r(n.next))).catch(i)}})).catch(i)}))}))}verify(e,t){return this.log.trace("Verifying"),new Promise(((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then((n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n,signals:t.getSignals()}).then((n=>{var o;n.error?i(new s.default(n.error.message,n.error.code,n.next,!1)):((null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts(),r(n.next))})).catch(i)}))}else i(new s.default("Failed to initiate verification, DeviceId is missing"))}))}}o.NAME="device/passive/silent",t.default=o},6736:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(1727),s=i(r(8607)),o=i(r(1044)),a=r(2102),c=i(r(3350)),u=r(4817),l=r(3225),d=r(9229),h=r(6267);class p extends l.AuthStatusActions{constructor(e,t){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null),this.handler=t}register(e,t){return this.log.trace("Registering Passkey"),new Promise(((r,i)=>{const n=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:n||void 0,signals:t}).then((s=>{var o;if(s.error)i(new c.default(s.error.message,s.error.code,s.next,!1));else{(null===(o=null==t?void 0:t.fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=s.data,u=null==a?void 0:a.credCreateOptions,l=null==a?void 0:a.credRequestOptions;if(u)this.createCredentials(e,n,u,s).then(r).catch(i);else if(l)this.getCredentials(e,l,s).then(r).catch(i);else{const e=new c.default(p.NO_CREDS_FOUND);i(e)}}})).catch(i)}))}verify(e){return this.log.trace("Verifying Passkey"),new Promise(((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then((i=>{if(i.error)r(new c.default(i.error.message,i.error.code,i.next,!1));else{const n=i.data,s=null==n?void 0:n.credRequestOptions;this.getCredentials(e,s,i).then(t).catch(r)}})).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))}))}createCredentials(e,t,r,i){return this.log.trace("Trying create new FIDO credentials"),new Promise(((n,o)=>{r.challenge=s.default.bufferDecode(r.challenge),r.user.id=s.default.bufferDecode(r.user.id),t&&(r.user.displayName=t),r.excludeCredentials&&r.excludeCredentials.forEach((e=>{e.id=s.default.bufferDecode(e.id)}));const a={publicKey:r};e.platform.webauthn.createCredentials(a).then((t=>{t?(e.credential=t,n(i.next)):o(new c.default("Failed to create FIDO2 credentials"))})).catch((t=>{const r=d.FidoOptionsError.identifyRegistrationError({error:t,options:a,platform:e.platform});r instanceof d.FidoOptionsError&&"InvalidStateError"===r.name?this.handler?(this.log.trace("Passkey handler callback has been defined"),this.handler().then((t=>{t===h.AuthResponseStatus.Accept?this.parseCredRequestOptions(i,e).then(n).catch(o):o(new c.default(`${p.USER_NOT_ACCEPTING_RESPONSE}: ${t}`))})).catch(o)):(this.log.trace("Passkey handler callback is null, go ahead with passkey discoverable as default behavior"),this.parseCredRequestOptions(i,e).then(n).catch(o)):o(r)}))}))}parseCredRequestOptions(e,t){return new Promise(((r,i)=>{const n=e.data;if(null==n?void 0:n.credRequestOptions){const s=n.credRequestOptions;this.getCredentials(t,s,e).then(r).catch(i)}else i(new c.default(p.NO_REQUEST_CREDS_FOUND))}))}getCredentials(e,t,r){return this.log.trace("Trying get existing FIDO credentials"),new Promise(((i,n)=>{var o,a;if(0==(null===(o=t.allowCredentials)||void 0===o?void 0:o.length))n(new c.default("AllowCredentials array should not be empty when call getCredentials()"));else{t.challenge=s.default.bufferDecode(t.challenge),t.allowCredentials&&(null===(a=t.allowCredentials)||void 0===a||a.forEach((e=>{e.id=s.default.bufferDecode(e.id)})));const o={publicKey:t};e.platform.webauthn.getCredentials(o).then((t=>{t?(e.credential=t,i(r.next)):n(new c.default("Failed to load FIDO2 credentials"))})).catch((t=>{const r=d.FidoOptionsError.identifyAuthenticationError({error:t,options:o,platform:e.platform});n(r)}))}}))}}p.NO_REQUEST_CREDS_FOUND="Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload",p.NO_CREDS_FOUND="Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload",p.USER_NOT_ACCEPTING_RESPONSE="User not accepting to continue by reusing the existing passkey with user response",t.DevicePassiveActions=p;class f extends p{constructor(e,t,r){super(e,t),this.name=f.NAME,this.role=null!=r?r:u.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==u.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(o.default.NAME):new Promise(((t,r)=>{e.getFingerprintData().then((i=>{const n={fingerprint:i};this.register(e,n).then(t).catch(r)})).catch((i=>{const n=`Unexpected error happened during Fingerprint data collection: ${i.message}`;this.log.warn(n),this.log.warn(i);const s={fingerprint:{error:n}};this.register(e,s).then(t).catch(r)}))})):Promise.resolve(o.default.NAME)}}f.NAME="device/passive",t.default=f},1474:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(6736);class s extends n.DevicePassiveActions{constructor(e,t){super(e,t),this.name=s.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):new Promise(((t,r)=>{this.register(e).then(t).catch(r)})):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}s.NAME="device/passive/stepup",t.default=s},1840:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),s=r(1727),o=i(r(3350));class a{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise(((t,r)=>{a.runFidoVerify(this.log,e).then(t).catch(r)}))}static runFidoVerify(e,t){return new Promise(((r,i)=>{a.makeFidoVerifyFinishRequest(e,t).then(r).catch(i)}))}static makeFidoVerifyFinishRequest(e,t){return new Promise(((r,i)=>{const s=t.credential,a=s.response;t.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==s?void 0:s.type,id:null==s?void 0:s.id,rawId:n.default.bufferEncode(null==s?void 0:s.rawId),response:{authenticatorData:n.default.bufferEncode(a.authenticatorData),clientDataJSON:n.default.bufferEncode(a.clientDataJSON),signature:n.default.bufferEncode(a.signature),userHandle:a.userHandle?n.default.bufferEncode(a.userHandle):void 0}}}).then((n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const i=n.data;i?(i.deviceId&&(t.settings.deviceId=i.deviceId),i.passkey&&(t.settings.fidoPasskeyRegistered=!0),i.scanMessage&&(t.authMessage=i.scanMessage)):e.warn("No data was received in the response"),t.settings.fidoPasskeyRegistered=!0,r(n.next)}})).catch(i)}))}}a.NAME="device/passive/verify",t.default=a},2207:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(3350));class s{constructor(){this.name=""}execute(e){return new Promise(((t,r)=>{var i,s,o,a,c,u;let l=null===(u=null===(c=null===(a=null===(o=null===(s=null===(i=e.claims)||void 0===i?void 0:i.auth)||void 0===s?void 0:s.subs)||void 0===o?void 0:o.dev)||void 0===a?void 0:a.auths)||void 0===c?void 0:c.unvsl)||void 0===u?void 0:u.ftu;if(void 0!==l&&l){l+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}l+=`&next=${i}`,e.platform.urlRedirect(l),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))}))}}t.DeviceUniversalRedirectBaseStep=s;class o extends s{constructor(){super(...arguments),this.name=o.NAME}}o.NAME="redirect/finish",t.DeviceUniversalRedirectFinishStep=o;class a extends s{constructor(){super(...arguments),this.name=a.NAME}}a.NAME="redirect/exchange",t.DeviceUniversalRedirectExchangeStep=a},9790:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=i(r(3350)),o=i(r(1044));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,a;if(this.forUPK)t(o.default.NAME);else{let o=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==o&&o?(o+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(o),t("")):r(new s.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}}))}}a.NAME="device/universal",t.default=a},5186:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},9229:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.FidoOptionsError=void 0;class r extends Error{constructor({message:e,cause:t,name:r}){super(e,{cause:t}),this.name=null!=r?r:t.name}static identifyAuthenticationError({error:e,options:t,platform:i}){const{publicKey:n}=t;if(!n)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:r.ABORT_SIGNAL,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return n.rpId!==t?new r({message:`${r.INVALID_RP_ID}: ${n.rpId}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}static identifyRegistrationError({error:e,options:t,platform:i}){var n,s,o;const{publicKey:a}=t;if(!a)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("InvalidStateError"===e.name)return new r({message:r.INVALID_STATE_ERROR,cause:e});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:this.ABORT_SIGNAL,cause:e})}else if("ConstraintError"===e.name){if(!0===(null===(n=a.authenticatorSelection)||void 0===n?void 0:n.requireResidentKey))return new r({message:this.CONSTRAINT_ERROR,cause:e});if("conditional"===t.mediation&&"required"===(null===(s=a.authenticatorSelection)||void 0===s?void 0:s.userVerification))return new r({message:this.USER_VERIFICATION_NOT_POSSILE,cause:e});if("required"===(null===(o=a.authenticatorSelection)||void 0===o?void 0:o.userVerification))return new r({message:this.NO_MATCHING_AUTHENTICATOR,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("NotSupportedError"===e.name)return 0===a.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new r({message:this.INVALID_CRED_PARAMS,cause:e}):new r({message:r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return a.rp.id!==t?new r({message:`${r.INVALID_RP_ID}: ${a.rp.id}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("TypeError"===e.name){if(a.user.id.byteLength<1||a.user.id.byteLength>64)return new r({message:r.INVALID_USER_ID_LENGTH,cause:e})}else if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}}r.MISSING_PUBLIC_KEY_PROPERTY="options missing publicKey property",r.ABORT_SIGNAL="Authentication was sent an abort signal",r.INVALID_STATE_ERROR="The authenticator was already registered",r.UNKNOWN_ERROR="Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential",r.SECURITY_ERROR_FOUND="Security error found",r.INVALID_RP_ID="The rp.id is not valid for the current domain",r.CONSTRAINT_ERROR="Discoverable credentials is required but found no matching supported authenticator",r.USER_VERIFICATION_NOT_POSSILE="User verification is required during automatic registration but this could not be performed",r.NO_MATCHING_AUTHENTICATOR="User verification is required but found no matching supported authenticator",r.INVALID_CRED_PARAMS="No entry in pubKeyCredParams having the type of public-key",r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO="No available authenticator supported any of the specified pubKeyCredParams algorithms",r.INVALID_USER_ID_LENGTH="User ID has invalid length",t.FidoOptionsError=r},9568:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=i(r(4610)),o=i(r(1204)),a=i(r(3350)),c=i(r(6105)),u=i(r(5186));class l{constructor(e,t,r,i){if(this.steps=new Map,this.log=n.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=t,i)for(let e of i)this.steps.set(e.name,e)}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default(((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const n=new o.default(this.settings,this.platform,e),s=this.process(n);i((()=>s.cancel())),s.then((()=>{var e;if(n.lastStep!==l.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:n.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()})).then(t).catch(r)}catch(e){r(e)}}))}unregisterDevice(){return this.isDeviceRegistered()?new Promise(((e,t)=>{this.unregister("/v1/client/device/unregister").then((()=>{this.resetDeviceSettings(),e()})).catch(t)})):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise(((e,t)=>{this.unregister("/v1/client/stepup/unregister").then((()=>{this.settings.fidoPasskeyRegistered=!1,e()})).catch(t)})):Promise.resolve()}unregister(e){return new Promise(((t,r)=>{try{new o.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then((e=>{e.error?r(new a.default(e.error.message,e.error.code,e.next,!1)):t()})).catch(r)}catch(e){r(e)}}))}process(e){return new s.default(((t,r,i)=>{i((()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()})),this.nextStep(e,e.next,1).then(t).catch(r)}))}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise(((i,n)=>{[l.AUTH_DONE,l.AUTH_EMPTY].includes(t)?(!e.settings.deviceId&&e.settings.fingerPrintTimestamp&&e.resetFptts(),i()):r>l.MAX_ATTEMPTS?n(new a.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch((t=>new c.default(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch(n)))}))}getNextStep(e){return this.steps.get(e)||new c.default("Unknown authentication step: "+e)}}l.AUTH_DONE="done",l.AUTH_EMPTY="",l.MAX_ATTEMPTS=50,t.default=l},7625:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),s=r(1727),o=r(4817),a=i(r(5186));class c{constructor(e,t){this.name=c.NAME,this.log=s.LoggerFactory.getLogger("mobile-instant-step"),this.errorCodeBak=a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE,this.implementation=e,t?(this.getDeviceIp=t,this.deviceIpDetection=!1):(this.getDeviceIp=()=>null,this.deviceIpDetection=!0)}execute(e){return new Promise(((t,r)=>{let i=e.platform.getMobileAuthBuilder().withDeviceIpDetection(this.deviceIpDetection);switch(this.implementation){case o.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case o.MobileAuthImplementation.Fetch:i=i.withFetchImplementation().withFinishStep((t=>new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t.vfp}).then(r).catch(i)}))))}i=i.withStartStep((t=>new Promise(((r,i)=>{const s=this.deviceIpDetection?t.deviceDescriptor.ip:this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:s,implementation:this.implementation}).then((e=>{if(e.error)this.nextBak=e.next,this.errorCodeBak=e.error.code,i(new n.default(e.error.message,e.error.code,e.next,!1));else{const t=e.data;r({authUrl:t?t.redirectUrl:void 0})}})).catch(i)})))),i.build().authenticate().then((i=>{if(i){const e=i;e.error&&r(new n.default(i.error.message,i.error.code,i.next,!1)),t(e.next)}else e.fetchFromBackend("/v1/client/mobile/instant/finish",{}).then((e=>t(e.next))).catch((e=>{r(new n.default(i.error.message,i.error.code,i.next,!1))}))})).catch((e=>{r(new n.default(e,this.errorCodeBak,this.nextBak,!1))}))}))}}c.NAME="mobile/instant",t.default=c},3075:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=r(1041),o=r(3794),a=i(r(3350)),c=r(3225),u=i(r(8907));class l extends c.AuthStatusActions{constructor(e,t,r){super(),this.name=l.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.retryStep=t,this.getDeviceIp=null!=r?r:()=>null}execute(e){return this.log.debug("Executing"),new Promise(((t,r)=>{var i,n,s,o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===s?void 0:s.mnp)&&(o=!1),this.runStartStep(e,o).catch(r),this.waitForStatus(e).then(t).catch(r)}))}runStartStep(e,t,r){return new Promise(((i,n)=>{this.startStep?this.startStep.execute(t,r).then((r=>{const s=u.default.validatePhoneNumberInput(r);s?n(s):e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then((r=>{const s=r;if(s.error)n(new a.default(s.error.message,s.error.code,r.next,!1));else if(s.data){const r=s.data,a=r.code;var c="";a&&(c+=`Error Code: ${a}, `),r.message?c+=`${r.message}`:c+="Error validating phone number.";let u=new o.PhoneValidationError(c,r.code);this.runStartStep(e,t,u).then(i).catch(n)}else this.retryStep?this.runRetryStep(e).then(i).catch(n):i(s.next)})).catch(n)})).catch(n):n(new Error("InstantLink start step must be specified"))}))}runRetryStep(e){return new Promise(((t,r)=>{this.retryStep?this.retryStep.execute().then((i=>{i===s.InstantLinkResultType.OnResend?e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:""}).then((t=>{const i=t;i.error?r(new a.default(i.error.message,i.error.code,t.next,!1)):this.runRetryStep(e)})).catch(r):i===s.InstantLinkResultType.OnMobileNumberChange?this.runStartStep(e,!0).then(t).catch(r):this.log.warn("Unknown enum of ",i)})).catch(r):(this.log.debug("Retry step doesn't exist, skip."),t(""))}))}}l.NAME="mobile/instantlink",t.default=l},8907:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=i(r(3350)),o=r(8864),a=r(3794);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise(((t,r)=>{var i,n,s;if(this.otpStartStep)if(this.otpFinishStep){var o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===s?void 0:s.mnp)&&(o=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,o).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))}))}static validatePhoneNumberInput(e){if(null!=e)return"object"!=typeof e?new s.default("Input must be an object"):"phoneNumber"in e?"string"!=typeof e.phoneNumber?new s.default("phoneNumber field in the input must be a string"):void 0:new s.default("phoneNumber field in the input is missing")}runOtpStartStep(e,t,r,i,n){return new Promise(((o,u)=>{t.execute(i,n).then((n=>{const l=c.validatePhoneNumberInput(n);l?u(l):e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then((n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating phone number";let s=new a.PhoneValidationError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${l}`),this.runOtpStartStep(e,t,r,i,s).then(o).catch(u)}else this.runOtpFinishStep(e,t,r,i).then(o).catch(u)})).catch(u)})).catch((e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to start OTP flow: ${t}`))}))}))}static validateFinishResult(e){if(null==e||"object"!=typeof e)return new s.default("result should be a valid object");if(!("resultType"in e))return new s.default("resultType field in the result is missing");if(e.resultType===o.OtpFinishResultType.OnSuccess){const t=e.input;if(null==t||"object"!=typeof t)return new s.default("input should be a valid object when resultType field is set with OnSuccess value");if(!("otp"in t))return new s.default("otp field in the input is missing");if("string"!=typeof t.otp)return new s.default("otp field in the input must be a string")}}resendOtp(e,t,r,i){return new Promise(((n,o)=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{}).then((a=>{const c=a;c.error?o(new s.default(c.error.message,c.error.code,a.next,!1)):this.runOtpFinishStep(e,t,r,i).then(n).catch(o)})).catch(o)}))}runOtpFinishStep(e,t,r,i,n){return new Promise(((a,u)=>{r.execute(n).then((n=>{var l;let d=n;const h=c.validateFinishResult(d);if(h)u(h);else switch(d.resultType){case o.OtpFinishResultType.OnResendOtp:this.resendOtp(e,t,r,i).then(a).catch(u);break;case o.OtpFinishResultType.OnSuccess:let n=d.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then((n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating OTP";const s=new o.OtpError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${l}`),this.runOtpFinishStep(e,t,r,i,s).then(a).catch(u)}else a(n.next)})).catch(u);break;case o.OtpFinishResultType.OnMobileNumberChange:this.runOtpStartStep(e,t,r,!0).then(a).catch(u)}})).catch((e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to obtain OTP for verification: ${t}}`))}))}))}}c.NAME="mobile/otp",t.default=c},3794:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(3350));class s extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=s},8566:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.getUnixTime=t.arrayBufferToHexString=t.arrayBufferToString=t.stringToArrayBuffer=t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.DEVICE_CAPABILITY_WEBAUTHN="webauthn",t.stringToArrayBuffer=function(e){return(new TextEncoder).encode(e)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),(e=>("00"+e.toString(16)).slice(-2))).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)}},6105:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),s=i(r(3350)),o=i(r(9568)),a=i(r(8370)),c=i(r(1044)),u=i(r(6736)),l=i(r(1840)),d=i(r(7625)),h=i(r(3075)),p=i(r(8907)),f=i(r(4704)),g=i(r(1474)),v=r(2207),m=r(2508);class _{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message="Unknown error",this.reportable=!0,this.name="error",e instanceof s.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=s.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){let t=`Authentication step ${e.lastStep} failed`;if(this._code&&(t=t+", code: "+this._code),this._message&&(t=t+", message: "+this._message),this.logger.error(t),this.nextStep===o.default.AUTH_DONE)return Promise.resolve(o.default.AUTH_DONE);const r=e.lastStep?_.endpointMap.get(e.lastStep):void 0;return!r||!this.reportable&&this.nextStep?this.nextStep?Promise.resolve(this.nextStep):Promise.reject(new s.default("Cannot determine the next auth step")):new Promise(((t,i)=>{e.fetchFromBackend(`/v1/client/${r}/error`,{code:this._code?this._code:void 0,message:this._message}).then((e=>t(e.next))).catch(i)}))}}_.endpointMap=new Map([[u.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[l.default.NAME,"device/fido2"],[g.default.NAME,"device/fido2"],[v.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[v.DeviceUniversalRedirectFinishStep.NAME,"device/universal"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[p.default.NAME,"mobile/otp"],[f.default.NAME,"user/mobileactive"],[m.UserPpbEnrollStep.NAME,"user/ppb"],[m.UserPpbVerifyStep.NAME,"user/ppb"]]),t.default=_},1770:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(8566),s=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise(((o,a)=>{this.session.getDeviceRegistration().then((c=>c&&c.deviceId?s.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then((n=>{const s=n[0],u=n[1],l=e+"\n"+t+"\n"+r+"\n"+i+"\n"+s+"\n"+u;c.sign(l).then((e=>o({version:"3",challenge:s,signature:e,keyId:c.keyId}))).catch(a)})).catch(a):(this.log.debug("No signing needed for "+t),void o(null)):(this.log.debug("Device not registered, cannot sign"),void o(null)))).catch(a)}))}getChallenge(e){return new Promise(((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then((e=>e)).then((e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))})).catch(r)}))}getHash(e){return new Promise(((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then((e=>t((0,n.arrayBufferToHexString)(e)))).catch(r)}))}}},1703:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),s=r(1727);class o{constructor(e){this.log=s.LoggerFactory.getLogger("scan-message-step"),this.name=o.NAME,this.authMessageHandler=e}execute(e){return new Promise(((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then((i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then((e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next,!1)):t(e.next)}))})).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))}))}}o.NAME="scan/message",t.default=o},7370:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.upkEnabled=!1,this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1,this.fingerPrintTimestamp=null}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fingerPrintTimestamp(e){const t=null!==e?e.toString():null;this.setOrRemove(n.FP_TIMESTAMPT,t)}get fingerPrintTimestamp(){const e=this.storage.getItem(this.getKey(n.FP_TIMESTAMPT));if(!e)return null;let t=parseInt(e);return isNaN(t)?null:t}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",n.FP_TIMESTAMPT="fingerPrintTimestamp",t.default=n},6185:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/mobileactive",t.default=s},2508:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserPpbVerifyStep=t.UserPpbEnrollStep=void 0;const n=r(1727),s=i(r(3350));class o{constructor(e,t,r,i){this.log=n.LoggerFactory.getLogger("user-ppb-base-step"),this.enabled=e,this.operation=t,this.startStep=r,this.finishStep=i}execute(e){if(!this.enabled)return Promise.reject(new s.default("PPB is not enabled"));const t=e.lastData;return t&&t.ppb?new Promise(((r,i)=>{const n=e=>{try{return this.finishStep?this.finishStep.execute(this.operation,e):Promise.resolve()}catch(e){return this.log.warn("PPB finish step has failed:",e),Promise.reject(e)}};(()=>{try{return this.startStep?this.startStep.execute(this.operation):Promise.resolve()}catch(e){return this.log.warn("PPB start step has failed:",e),Promise.reject(e)}})().then((()=>{var r,i,n,s,o;return e.platform.ppbAuthenticate({authIdOperation:this.operation,authIdEndpointUrl:null===(n=null===(i=null===(r=e.claims)||void 0===r?void 0:r.auth.subs.usr)||void 0===i?void 0:i.auths.ppb)||void 0===n?void 0:n.endp,authIdOperationId:null===(s=t.ppb)||void 0===s?void 0:s.operationId,authIdOneTimeSecret:null===(o=t.ppb)||void 0===o?void 0:o.oneTimeSecret})})).catch(i).then((r=>{var i;return this.log.info("PPB authentication result",r),e.fetchFromBackend("/v1/client/user/ppb/finish",{requestId:crypto.randomUUID(),operationId:null===(i=t.ppb)||void 0===i?void 0:i.operationId})})).then((e=>{var t,o;const a=e;if(a.error){const r=null!==(o=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==o?o:"PPB authentication failed";n(new Error(r)).then((()=>i(new s.default(e.error.message,e.error.code,e.next,!1))))}else n().then((()=>r(a.next)))})).catch(i)})):Promise.reject(new s.default("PPB session is not initialized"))}}class a extends o{constructor(e,t,r){super(e,"enroll",t,r),this.name=a.NAME}}a.NAME="user/ppb/register",t.UserPpbEnrollStep=a;class c extends o{constructor(e,t,r){super(e,"verify",t,r),this.name=c.NAME}}c.NAME="user/ppb/verify",t.UserPpbVerifyStep=c},4704:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/present",t.default=s},4781:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(1727),s=i(r(3350)),o=r(8566);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,o.getUnixTime)())}setFpSignal(e){this.fingerprint=e}sign(e){return new Promise(((t,r)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,o.stringToArrayBuffer)(e)).then((e=>t(btoa((0,o.arrayBufferToString)(this.p1363ToDer(e)))))).catch(r)})).catch(r)}))}getPublicKey(){return new Promise(((e,t)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then((t=>{const r=btoa((0,o.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")})).catch(t)})).catch(t)}))}getAuthRegistration(e){return new Promise(((t,r)=>{this.sign(e).then((e=>{this.getPublicKey().then((r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})})).catch(r)})).catch(r)}))}getSignals(){return{fingerprint:this.fingerprint}}initialize(){return new Promise(((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then((t=>{this.keys=t,e()})).catch(t)}))}p1363ToDer(e){const t=(0,o.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,s=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+s.length)/2).toString(16).padStart(2,"0")}${n}${s}`.match(/[\da-f]{2}/gi);return a?new Uint8Array(a.map((e=>parseInt(e,16)))):new Uint8Array}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),(e=>e.toString(16))).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise(((t,r)=>{t(new a(e))}))}getRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,s=n.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>n.close();const o=s.objectStore(c.DB_STORE).get(e);o.onerror=e=>{this.log.error(e),r(new Error("Failed to access registration"))},o.onsuccess=()=>{o.result?t(new a(o.result)):t(null)}}}))}storeRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,o=n.transaction([c.DB_STORE],"readwrite");o.oncomplete=()=>n.close();const a=o.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=a.put(e);u.onsuccess=()=>{this.log.trace("Registration saved"),t()},u.onerror=e=>{this.log.error(e),r(new s.default("Failed to store registration"))}}}))}deleteRegistration(e){return new Promise(((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{var n=i.target.result,s=n.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>n.close(),!n.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var o=s.objectStore(c.DB_STORE).delete(e);o.onsuccess=()=>{t()},o.onerror=e=>{this.log.error(e),r(new Error("Failed to delete registration"))}}}))}reset(){return new Promise(((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database"),this.log.warn(t),e()}}))}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=e=>{var t;const r=null===(t=e.target)||void 0===t?void 0:t.result;r?(this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}):this.log.error("Failed to initialize registration database: database is null")},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},1092:function(e,t,r){"use strict";var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(o,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const s=r(8266),o=r(8566),a=r(1727),c=n(r(1770)),u=n(r(4781));class l{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=l,t.WebPlatform=class{constructor(){this.log=a.LoggerFactory.getLogger("web-platform"),this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new u.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new l(e)}createRequestSigner(e){return new c.default(e)}ppbAuthenticate(e){return i(this,void 0,void 0,(function*(){const t=new Map([["enroll","i"],["verify","t"]]);if(!e.authIdEndpointUrl)return Promise.reject("AuthID API endpoint URL is missing");if(!e.authIdOperation)return Promise.reject("AuthID API operation is missing");if(!t.has(e.authIdOperation))return Promise.reject("AuthID API operation is not recognized");if(!e.authIdOperationId)return Promise.reject("AuthID operation ID is missing");if(!e.authIdOneTimeSecret)return Promise.reject("AuthID operation secret is missing");const n="authid-component";try{const e=r(9220);if(!e)return Promise.reject("Failed to load PPB Auth web component");window.customElements.get(n)||window.customElements.define(n,e.AuthIDComponent),yield window.customElements.whenDefined(n)}catch(e){return this.log.error(e),Promise.reject(new Error("Failed to initialize PPB Auth web component"))}return new Promise(((r,s)=>{const o=document.querySelector(n);o&&(this.log.trace("Removing existing component",n),o.remove());const a=document.createElement(n),c=`${e.authIdEndpointUrl}/?${t.get(e.authIdOperation)}=${e.authIdOperationId}&s=${e.authIdOneTimeSecret}`;a.setAttribute("data-url",c),document.body.appendChild(a);const u=e=>i(this,void 0,void 0,(function*(){window.removeEventListener("message",l),this.log.trace("On PPB auth done"),r({authIdSuccess:e})})),l=e=>{if(this.log.debug("PPB event",e.data),e.data.success){const e=document.querySelector(n);e&&e.remove(),u(!0)}else switch(e.data.pageName){case"documentFailedPage":case"documentFailedNonMobilePage":case"networkErrorPage":case"livenessErrorPage":case"docScanWasmTimeoutPage":case"requestTimeoutPage":case"transactionNotValidPage":case"transactionMaxAttemptsPage":case"QRCodePage":return;case"verifiedMatchFailPage":case"verifyDeclinedPage":a.remove();case"docScanResolutionTooLowPage":case"videoDeviceNotFoundPage":case"standardErrorPage":case"defaultFailedPage":u(!1)}};window.addEventListener("message",l)}))}))}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new s.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}getFpPromise(){return this.fpPromise}setFpPromise(e){this.fpPromise=e}getOrigin(){return window.location.origin}}},1786:(e,t)=>{"use strict";var r;Object.defineProperty(t,"__esModule",{value:!0}),t.WebSocketCloseReasons=void 0,(r=t.WebSocketCloseReasons||(t.WebSocketCloseReasons={})).NORMAL_CLOSURE="Normal closure",r.GOING_AWAY="The connection is closed because a server is going down or a browser has navigated away from the page.",r.PROTOCOL_ERROR="The connection is closed due to a protocol error",r.UNSUPPORTED_DATA="The connection is closed because it has received unsupported data",r.NO_STATUS_RECEIVED="No closed status code was actually present.",r.ABNORMAL_CLOSURE="The connection was closed unexpectedly without a close frame",r.INVALID_FRAME_PAYLOAD_DATA="The connection was closed because it received inconsistent data in a message.",r.POLICY_VIOLATION="The connection was closed due to policy violation",r.MESSAGE_TOO_BIG="The connection was closed because it has received a message that is too big for it to process.",r.MANDATORY_EXTENSION="The connection was closed because the client required a server extension that was not supported.",r.INTERNAL_ERROR="The connection was closed because the server encountered an unexpected error",r.TLS_HANDSHAKE="The connection was closed due to a failure to perform a TLS handshake",r.UNKNOWN_REASON="Unknown reason"},8864:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(3350));class s extends n.default{constructor(e,t){super(e,t)}}var o;t.OtpError=s,(o=t.OtpFinishResultType||(t.OtpFinishResultType={}))[o.OnSuccess=0]="OnSuccess",o[o.OnResendOtp=1]="OnResendOtp",o[o.OnMobileNumberChange=2]="OnMobileNumberChange"},6462:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="2.15.2",t.API_CONTRACT_VERSION="2.15.1",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`},9220:()=>{class e extends HTMLElement{connectedCallback(){const e=this.getAttribute("data-url");if(!e)throw new Error("Missing data-url configuration!");let t=this.getAttribute("data-target");t&&"auto"!==t||(t=/Mobi|Android/i.test(navigator.userAgent)?"mobile":"desktop");const r=document.createElement("iframe");r.setAttribute("allow","fullscreen *;camera *;encrypted-media *;"),r.setAttribute("src",e);const i=document.createElement("style");i.textContent="div, iframe {position: fixed;top: 0;left: 0;height: 100vh;width: 100vw;border: 0;padding: 0;margin: 0;}";const n=this.attachShadow({mode:"closed"});n.appendChild(i);const s=document.createElement("div");n.appendChild(s);const o=this.getAttribute("data-webauth");if(o&&"false"!==o&&"no"!==o){const t=document.createElement("script");t.setAttribute("src",e.replace("/?","/webauthhandler.js?")),n.appendChild(t)}const a=this.getAttribute("data-control");if(a&&"false"!==a&&"no"!==a){const t=document.createElement("script");t.setAttribute("src",e.replace("/?","/controlhandler.js?")),n.appendChild(t)}n.appendChild(r),r.addEventListener("load",(()=>{n.removeChild(s),n.dispatchEvent(new CustomEvent("load",{composed:!0,bubbles:!0}))}),{capture:!0,once:!0}),"auto"===window.getComputedStyle(this)["z-index"]&&(this.style["z-index"]=1e3)}}window.customElements.define("authid-component",e)}},t={};function r(i){var n=t[i];if(void 0!==n)return n.exports;var s=t[i]={exports:{}};return e[i].call(s.exports,s,s.exports,r),s.exports}return r.d=(e,t)=>{for(var i in t)r.o(t,i)&&!r.o(e,i)&&Object.defineProperty(e,i,{enumerable:!0,get:t[i]})},r.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r(3607)})()));
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,()=>(()=>{"use strict";var e={189:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(2473),s=i(r(9316)),o=r(9922);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,o.getUnixTime)())}setFpSignal(e){this.fingerprint=e}sign(e){return new Promise((t,r)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,o.stringToArrayBuffer)(e)).then(e=>t(btoa((0,o.arrayBufferToString)(this.p1363ToDer(e))))).catch(r)}).catch(r)})}getPublicKey(){return new Promise((e,t)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then(t=>{const r=btoa((0,o.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")}).catch(t)}).catch(t)})}getAuthRegistration(e){return new Promise((t,r)=>{this.sign(e).then(e=>{this.getPublicKey().then(r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})}).catch(r)}).catch(r)})}getSignals(){return{fingerprint:this.fingerprint}}initialize(){return new Promise((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then(t=>{this.keys=t,e()}).catch(t)})}p1363ToDer(e){const t=(0,o.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,s=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+s.length)/2).toString(16).padStart(2,"0")}${n}${s}`.match(/[\da-f]{2}/gi),c=a?new Uint8Array(a.map(e=>parseInt(e,16))):new Uint8Array;return c.buffer.slice(c.byteOffset,c.byteOffset+c.byteLength)}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),e=>e.toString(16)).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise((t,r)=>{t(new a(e))})}getRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,s=n.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>n.close();const o=s.objectStore(c.DB_STORE).get(e);o.onerror=e=>{this.log.error(e),r(new Error("Failed to access registration"))},o.onsuccess=()=>{o.result?t(new a(o.result)):t(null)}}})}storeRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,o=n.transaction([c.DB_STORE],"readwrite");o.oncomplete=()=>n.close();const a=o.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=a.put(e);u.onsuccess=()=>{this.log.trace("Registration saved"),t()},u.onerror=e=>{this.log.error(e),r(new s.default("Failed to store registration"))}}})}deleteRegistration(e){return new Promise((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{var n=i.target.result,s=n.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>n.close(),!n.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var o=s.objectStore(c.DB_STORE).delete(e);o.onsuccess=()=>{t()},o.onerror=e=>{this.log.error(e),r(new Error("Failed to delete registration"))}}})}reset(){return new Promise((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database"),this.log.warn(t),e()}})}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=e=>{var t;const r=null===(t=e.target)||void 0===t?void 0:t.result;r?(this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}):this.log.error("Failed to initialize registration database: database is null")},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},390:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=r(898),a=r(9306);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise((t,r)=>{var i,n,s;if(this.otpStartStep)if(this.otpFinishStep){var o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===s?void 0:s.mnp)&&(o=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,o).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))})}static validatePhoneNumberInput(e){if(null!=e)return"object"!=typeof e?new s.default("Input must be an object"):"phoneNumber"in e?"string"!=typeof e.phoneNumber?new s.default("phoneNumber field in the input must be a string"):void 0:new s.default("phoneNumber field in the input is missing")}runOtpStartStep(e,t,r,i,n){return new Promise((o,u)=>{t.execute(i,n).then(n=>{const l=c.validatePhoneNumberInput(n);l?u(l):e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating phone number";let s=new a.PhoneValidationError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${l}`),this.runOtpStartStep(e,t,r,i,s).then(o).catch(u)}else this.runOtpFinishStep(e,t,r,i).then(o).catch(u)}).catch(u)}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to start OTP flow: ${t}`))})})}static validateFinishResult(e){if(null==e||"object"!=typeof e)return new s.default("result should be a valid object");if(!("resultType"in e))return new s.default("resultType field in the result is missing");if(e.resultType===o.OtpFinishResultType.OnSuccess){const t=e.input;if(null==t||"object"!=typeof t)return new s.default("input should be a valid object when resultType field is set with OnSuccess value");if(!("otp"in t))return new s.default("otp field in the input is missing");if("string"!=typeof t.otp)return new s.default("otp field in the input must be a string")}}resendOtp(e,t,r,i){return new Promise((n,o)=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{}).then(a=>{const c=a;c.error?o(new s.default(c.error.message,c.error.code,a.next,!1)):this.runOtpFinishStep(e,t,r,i).then(n).catch(o)}).catch(o)})}runOtpFinishStep(e,t,r,i,n){return new Promise((a,u)=>{r.execute(n).then(n=>{var l;let d=n;const h=c.validateFinishResult(d);if(h)u(h);else switch(d.resultType){case o.OtpFinishResultType.OnResendOtp:this.resendOtp(e,t,r,i).then(a).catch(u);break;case o.OtpFinishResultType.OnSuccess:let n=d.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating OTP";const s=new o.OtpError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${l}`),this.runOtpFinishStep(e,t,r,i,s).then(a).catch(u)}else a(n.next)}).catch(u);break;case o.OtpFinishResultType.OnMobileNumberChange:this.runOtpStartStep(e,t,r,!0).then(a).catch(u)}}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to obtain OTP for verification: ${t}}`))})})}}c.NAME="mobile/otp",t.default=c},660:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.BuildConfig=void 0,function(e){e.DEV="DEV",e.US_UAT="US_UAT",e.US_PROD="US_PROD"}(r||(t.BuildConfig=r={}))},898:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}var o;t.OtpError=s,function(e){e[e.OnSuccess=0]="OnSuccess",e[e.OnResendOtp=1]="OnResendOtp",e[e.OnMobileNumberChange=2]="OnMobileNumberChange"}(o||(t.OtpFinishResultType=o={}))},931:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(2757)),o=n(r(3020)),a=n(r(8483)),c=n(r(1132)),u=r(5111),l=r(1027);t.default=class{constructor(){this.logger=u.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return this.logger.info(t),t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=c.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=o.default.create(t)):"3"===t.searchParams.get("pfflow")?(this.logger.info("flow v3 detected"),r=a.default.create((0,l.toURL)(e.authUrl.replace("&pfflow=3","")))):t.toString().toLowerCase().includes("authentication/validate/flowcontrol",0)?(this.logger.info("flow v3 detected"),r=a.default.create(t)):(this.logger.info("flow v1 detected"),r=s.default.create(t)),{vfp:yield r.handle()}})}}},1011:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/present",t.default=s},1027:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const s=r(5111),o=r(5166),a=r(7464),c=n(r(8525));t.toURL=function(e){try{return new u(e)}catch(t){throw new c.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,function*(){const t=e.status;switch(t){case 404:throw new c.default(o.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(o.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(o.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}})},t.fetchAuth=function(e,t){var r;const i=s.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},u=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${u} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(o.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const l={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(l["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:u,mode:"cors",headers:l,body:d}).then(e=>(i.debug(`${e.status} ${e.statusText}`),e))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,s=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),s.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,s.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,s.push(String.fromCharCode(r>>16))}return s.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class u{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex(t=>t.key===e);-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find(t=>t.key===e))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=u},1132:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const s=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,o=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(o,s)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,function*(){return new Promise(e=>{setTimeout(()=>e(this.testVfp),this.delay)})})}}t.default=i},1375:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const s=r(3743),o=r(9922),a=r(2473),c=n(r(8347)),u=n(r(189)),l=r(3040);class d{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=d,t.WebPlatform=class{constructor(){this.log=a.LoggerFactory.getLogger("web-platform"),this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new u.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new d(e)}createRequestSigner(e){return new c.default(e)}activatePpb(e){return i(this,void 0,void 0,function*(){return l.PpbIntegration.instance.activateWebComponent(e)})}initDeviceContext(e){l.DeviceContextIntegration.instance.init(e)}getDataCollector(){return i(this,void 0,void 0,function*(){return l.DeviceContextIntegration.instance.getDataCollector()})}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new s.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}getOrigin(){return window.location.origin}}},1554:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){const t=Uint8Array.from(atob(r.stringToBase64(e)),e=>e.charCodeAt(0));return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},2198:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceRole=void 0,function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(r||(t.DeviceRole=r={}))},2403:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super((r,i)=>e(r,i,e=>t=e)),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},2459:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{constructor(e){this.requestId=e.request_id,this.mnoToken=e.mno_token,this.mno=e.mno,this.expires=e.expires,this.firstUri=e.first_uri,this.uriStack=e.uri_stack,this.headers={},e.headers.forEach(e=>{this.headers[e.key]=e.value}),this.requestBody=e.request_body,this.command=e.command,this.vfpPath=e.vfp_path,this.redirectStatusMinimum=e.redirect_status_minimum,this.redirectStatusMaximum=e.redirect_status_maximum,this.enableCookies=e.enable_cookies,this.enableDynamicHeaders=e.enable_dynamic_headers,this.maximumRedirects=e.maximum_redirects}static serialize(e){return JSON.stringify(e)}static deserialize(e){return new r(JSON.parse(e))}}t.default=r},2473:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r||(t.LogLevel=r={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}t.LoggerFactory=i,i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info},2486:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(s)return;o();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let s=!1;const o=()=>{this.logger.trace("cleanup global callback"),s=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout(()=>{s||(o(),t(new Error("script loaded, but not executed")))},1e3)},n.onerror=()=>{this.logger.trace("script load error"),s||(o(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()})})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},2561:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},2681:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(5166),n=r(3796);class s extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,s),this.name="AuthProcessError",this.stepCode=e}}t.default=s},2713:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserDocVerifyStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("user-docv-verify-step"),this.enabled=e,this.startStep=t,this.finishStep=r}execute(e){if(!this.enabled)return Promise.reject(new s.default("Document Verification is not enabled"));if(!this.startStep)return Promise.reject(new s.default("Document Verification start step is required"));const t=()=>new Promise((t,r)=>{this.startStep.execute().then(i=>{e.fetchFromBackend("/v1/client/user/docv/start",{requestId:crypto.randomUUID(),documentType:i.documentType}).catch(r).then(e=>{var n,o;const a=e;a.error&&r(new s.default(a.error.message,a.error.code,a.next,!1));const c=a.data;t({documentType:i.documentType,operationId:null===(n=c.docv)||void 0===n?void 0:n.operationId,oneTimeSecret:null===(o=c.docv)||void 0===o?void 0:o.oneTimeSecret})})}).catch(r)}),r=e=>{try{return this.finishStep?this.finishStep.execute(e):Promise.resolve()}catch(e){return this.log.warn("Document Verification finish step has failed:",e),Promise.reject(e)}};return new Promise((i,n)=>{t().then(t=>{var o,a,c;this.log.debug("Activating PPB web component"),e.platform.activatePpb({endpointUrl:null===(c=null===(a=null===(o=e.claims)||void 0===o?void 0:o.auth.subs.usr)||void 0===a?void 0:a.auths.docv)||void 0===c?void 0:c.endp,operationId:t.operationId,oneTimeSecret:t.oneTimeSecret}).catch(e=>{this.log.error("PPB web component failed:",e),r(e).then(()=>n(e))}).then(r=>(this.log.info("DocV authentication result",r),e.fetchFromBackend("/v1/client/user/docv/finish",{requestId:crypto.randomUUID(),operationId:t.operationId}))).then(e=>{var t,o;const a=e;if(a.error){const i=null!==(o=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==o?o:"Document verification failed";r(new Error(i)).then(()=>n(new s.default(e.error.message,e.error.code,e.next,!1)))}else r().then(()=>i(a.next))}).catch(n)}).catch(n)})}}t.UserDocVerifyStep=o,o.NAME="user/docv"},2746:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(2473),s=i(r(1554)),o=i(r(8324)),a=r(7657),c=i(r(9316)),u=r(2198),l=r(7968),d=r(9549),h=r(9726);class f extends l.AuthStatusActions{constructor(e,t){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null),this.handler=t}register(e,t){return this.log.trace("Registering Passkey"),new Promise((r,i)=>{const n=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:n||void 0,signals:t}).then(s=>{var o;if(s.error)i(new c.default(s.error.message,s.error.code,s.next,!1));else{(null===(o=null==t?void 0:t.fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=s.data,u=null==a?void 0:a.credCreateOptions,l=null==a?void 0:a.credRequestOptions;if(u)this.createCredentials(e,n,u,s).then(r).catch(i);else if(l)this.getCredentials(e,l,s).then(r).catch(i);else{const e=new c.default(f.NO_CREDS_FOUND);i(e)}}}).catch(i)})}verify(e){return this.log.trace("Verifying Passkey"),new Promise((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then(i=>{if(i.error)r(new c.default(i.error.message,i.error.code,i.next,!1));else{const n=i.data,s=null==n?void 0:n.credRequestOptions;this.getCredentials(e,s,i).then(t).catch(r)}}).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))})}createCredentials(e,t,r,i){return this.log.trace("Trying create new FIDO credentials"),new Promise((n,o)=>{r.challenge=s.default.bufferDecode(r.challenge),r.user.id=s.default.bufferDecode(r.user.id),t&&(r.user.displayName=t),r.excludeCredentials&&r.excludeCredentials.forEach(e=>{e.id=s.default.bufferDecode(e.id)});const a={publicKey:r};e.platform.webauthn.createCredentials(a).then(t=>{t?(e.credential=t,n(i.next)):o(new c.default("Failed to create FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyRegistrationError({error:t,options:a,platform:e.platform});r instanceof d.FidoOptionsError&&"InvalidStateError"===r.name?this.handler?(this.log.trace("Passkey handler callback has been defined"),this.handler().then(t=>{t===h.AuthResponseStatus.Accept?this.parseCredRequestOptions(i,e).then(n).catch(o):o(new c.default(`${f.USER_NOT_ACCEPTING_RESPONSE}: ${t}`))}).catch(o)):(this.log.trace("Passkey handler callback is null, go ahead with passkey discoverable as default behavior"),this.parseCredRequestOptions(i,e).then(n).catch(o)):o(r)})})}parseCredRequestOptions(e,t){return new Promise((r,i)=>{const n=e.data;if(null==n?void 0:n.credRequestOptions){const s=n.credRequestOptions;this.getCredentials(t,s,e).then(r).catch(i)}else i(new c.default(f.NO_REQUEST_CREDS_FOUND))})}getCredentials(e,t,r){return this.log.trace("Trying get existing FIDO credentials"),new Promise((i,n)=>{var o,a;if(0==(null===(o=t.allowCredentials)||void 0===o?void 0:o.length))n(new c.default("AllowCredentials array should not be empty when call getCredentials()"));else{t.challenge=s.default.bufferDecode(t.challenge),t.allowCredentials&&(null===(a=t.allowCredentials)||void 0===a||a.forEach(e=>{e.id=s.default.bufferDecode(e.id)}));const o={publicKey:t};e.platform.webauthn.getCredentials(o).then(t=>{t?(e.credential=t,i(r.next)):n(new c.default("Failed to load FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyAuthenticationError({error:t,options:o,platform:e.platform});n(r)})}})}}t.DevicePassiveActions=f,f.NO_REQUEST_CREDS_FOUND="Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload",f.NO_CREDS_FOUND="Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload",f.USER_NOT_ACCEPTING_RESPONSE="User not accepting to continue by reusing the existing passkey with user response";class p extends f{constructor(e,t,r){super(e,t),this.name=p.NAME,this.role=null!=r?r:u.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==u.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(o.default.NAME):new Promise((t,r)=>{e.getDeviceContextData().then(i=>{const n={fingerprint:i};this.register(e,n).then(t).catch(r)}).catch(i=>{const n=`Unexpected error happened during Device Context data collection: ${i.message}`;this.log.warn(n),this.log.warn(i);const s={fingerprint:{error:n}};this.register(e,s).then(t).catch(r)})}):Promise.resolve(o.default.NAME)}}p.NAME="device/passive",t.default=p},2757:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=n(r(8525)),a=r(5166),c=r(1027);class u{static create(e){return e.searchParams.set("r","f"),new u(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new o.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const s=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${s}`);const o=null!==(t=s.searchParams.get("vfp"))&&void 0!==t?t:s.searchParams.get("token");if(o&&o!==i)return this.logger.debug(`vfp changed to ${o}`),o;n=s}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=u},2801:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473);class o{constructor(e){this.log=s.LoggerFactory.getLogger("scan-message-step"),this.name=o.NAME,this.authMessageHandler=e}execute(e){return new Promise((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then(i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then(e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next,!1)):t(e.next)})}).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))})}}o.NAME="scan/message",t.default=o},2958:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=void 0;const n=r(1375),s=i(r(9648)),o=i(r(2746)),a=i(r(7900)),c=i(r(9438)),u=i(r(4070)),l=i(r(390)),d=i(r(2801)),h=i(r(7466)),f=i(r(8324)),p=i(r(3922)),g=i(r(5462)),v=r(4934),m=i(r(4878)),_=r(2473),E=i(r(5620)),w=r(7651),b=r(2713),S=r(2198);var y;!function(e){e.Pixel="pixel",e.Fetch="fetch"}(y||(t.MobileAuthImplementation=y={})),t.default=class{constructor(){this.role=S.DeviceRole.Primary,this.mobileAuthImplementation=y.Fetch,this.upkEnabled=!1,this.ppbEnabled=!1,this.docvEnabled=!1,this.log=_.LoggerFactory.getLogger("authenticator-builder"),"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withDeviceContext(e){return this.deviceContextOptions=e,this}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e,t){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this.instantLinkRetryStep="function"==typeof t?{execute:t}:t,this}withUniversalProveKey(e){return this.userConsentStep=e?"function"==typeof e?{execute:e}:e:{execute:()=>Promise.resolve({consentGranted:!0})},this.upkEnabled=null!=this.userConsentStep,this}withPrivacyPreservingBiometrics(e,t){return this.ppbEnabled=!0,this.ppbStartStep="function"==typeof e?{execute:e}:e,this.ppbFinishStep="function"==typeof t?{execute:t}:t,this}withDocumentVerification(e,t){return this.docvEnabled=!0,this.docvStartStep="function"==typeof e?{execute:e}:e,this.docvFinishStep="function"==typeof t?{execute:t}:t,this}withPasskeyAlreadyExistCallback(e){return this.passkeyCreationHandler=e,this}build(){if(!this.platform)throw new Error("Implementation of Platform is required");if(!this.storage)throw new Error("Implementation of Storage is required");const e=new E.default(this.storage);e.upkEnabled=this.upkEnabled,this.deviceContextOptions&&this.platform.initDeviceContext(this.deviceContextOptions);const t=this.getAuthSteps(this.role);return new m.default(this.platform,e,this.authFinishStep,t)}getAuthSteps(e){switch(this.role){case S.DeviceRole.Primary:return[new g.default(this.upkEnabled),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new o.default(this.getDisplayName,this.passkeyCreationHandler,this.role),new p.default(this.getDisplayName,this.passkeyCreationHandler),new f.default(this.upkEnabled,this.userConsentStep),new s.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new l.default(this.otpStartStep,this.otpFinishStep),new d.default(this.authMessageHandler),new h.default,new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new b.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];case S.DeviceRole.Secondary:return[new o.default(this.getDisplayName,void 0,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new b.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];default:throw new Error(`Unknown role: ${this.role}`)}}}},3020:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(5166),a=n(r(8525)),c=r(1027);class u{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,s,l;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{s=i.vfp}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{l=i.data}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new u(n,s,l,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=s.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const s=c.Base64.encode(n);return`${this.vfp}___${s}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(o.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}})}}t.default=u},3040:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceContextIntegration=t.PpbIntegration=t.ExternalIntegration=void 0;const i=r(2473);class n{constructor(e){this.name=e,n.activate(this)}static getInstance(e){const t=n.instances;if(!t.has(e))throw new Error(`${e} integration is not available`);return t.get(e)}static activate(e){n.instances.has(e.name)?n.log.debug(`${e.name} integration already activated, ignoring`):(n.instances.set(e.name,e),n.log.info(`${e.name} integration activated`))}}t.ExternalIntegration=n,n.log=i.LoggerFactory.getLogger("external-integrations"),n.instances=new Map;class s extends n{static get instance(){return n.getInstance(s.NAME)}constructor(){super(s.NAME)}}t.PpbIntegration=s,s.NAME="PPB";class o extends n{static get instance(){return n.getInstance(o.NAME)}constructor(){super(o.NAME)}}t.DeviceContextIntegration=o,o.NAME="DeviceContext"},3743:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(7464);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const s=i(r(9205));t.AuthenticatorBuilder=s.default;const o=r(5166);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return o.ErrorCode}});const a=r(3796);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(8182));t.DeviceDescriptor=c.default;const u=r(5111);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}})},3796:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},3922:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(2746);class s extends n.DevicePassiveActions{constructor(e,t){super(e,t),this.name=s.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):new Promise((t,r)=>{this.register(e).then(t).catch(r)}):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}s.NAME="device/passive/stepup",t.default=s},4070:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=r(5014),o=r(9306),a=i(r(9316)),c=r(7968),u=i(r(390));class l extends c.AuthStatusActions{constructor(e,t,r){super(),this.name=l.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.retryStep=t,this.getDeviceIp=null!=r?r:()=>null}execute(e){return this.log.debug("Executing"),new Promise((t,r)=>{var i,n,s,o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===s?void 0:s.mnp)&&(o=!1),this.runStartStep(e,o).catch(r),this.waitForStatus(e).then(t).catch(r)})}runStartStep(e,t,r){return new Promise((i,n)=>{this.startStep?this.startStep.execute(t,r).then(r=>{const s=u.default.validatePhoneNumberInput(r);s?n(s):e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then(r=>{const s=r;if(s.error)n(new a.default(s.error.message,s.error.code,r.next,!1));else if(s.data){const r=s.data,a=r.code;var c="";a&&(c+=`Error Code: ${a}, `),r.message?c+=`${r.message}`:c+="Error validating phone number.";let u=new o.PhoneValidationError(c,r.code);this.runStartStep(e,t,u).then(i).catch(n)}else this.retryStep?this.runRetryStep(e).then(i).catch(n):i(s.next)}).catch(n)}).catch(n):n(new Error("InstantLink start step must be specified"))})}runRetryStep(e){return new Promise((t,r)=>{this.retryStep?this.retryStep.execute().then(i=>{i===s.InstantLinkResultType.OnResend?e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:""}).then(t=>{const i=t;i.error?r(new a.default(i.error.message,i.error.code,t.next,!1)):this.runRetryStep(e)}).catch(r):i===s.InstantLinkResultType.OnMobileNumberChange?this.runStartStep(e,!0).then(t).catch(r):this.log.warn("Unknown enum of ",i)}).catch(r):(this.log.debug("Retry step doesn't exist, skip."),t(""))})}}l.NAME="mobile/instantlink",t.default=l},4473:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},4831:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(4878)),a=i(r(9648)),c=i(r(8324)),u=i(r(2746)),l=i(r(7900)),d=i(r(9438)),h=i(r(4070)),f=i(r(390)),p=i(r(1011)),g=i(r(3922)),v=r(4934),m=r(7651),_=r(2713);class E{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message=E.DEFAULT_MESSAGE,this.reportable=!0,this.name="error",e instanceof s.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=s.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){var t;let r=`Authentication step ${e.lastStep} failed`;if(this._code&&(r=r+", code: "+this._code),this._message&&(r=r+", message: "+this._message),this.logger.error(r),this.nextStep===o.default.AUTH_DONE)return Promise.resolve(o.default.AUTH_DONE);const i=e.lastStep?E.endpointMap.get(e.lastStep):void 0;if(i&&this.reportable)return new Promise((t,r)=>{e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then(e=>t(e.next)).catch(r)});if(this.nextStep)return Promise.resolve(this.nextStep);{const e=null!==(t=this._message)&&void 0!==t?t:E.DEFAULT_MESSAGE;return Promise.reject(new s.default(e,this._code,void 0,!1))}}}E.endpointMap=new Map([[u.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[l.default.NAME,"device/fido2"],[g.default.NAME,"device/fido2"],[v.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[v.DeviceUniversalRedirectFinishStep.NAME,"device/universal"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[f.default.NAME,"mobile/otp"],[p.default.NAME,"user/mobileactive"],[m.UserPpbEnrollStep.NAME,"user/ppb"],[m.UserPpbVerifyStep.NAME,"user/ppb"],[_.UserDocVerifyStep.NAME,"user/docv"]]),E.DEFAULT_MESSAGE="Unexpected error, authentication cannot continue",t.default=E},4878:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(2403)),o=i(r(9173)),a=i(r(9316)),c=i(r(4831)),u=i(r(4473));class l{constructor(e,t,r,i){if(this.steps=new Map,this.log=n.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=t,i)for(let e of i){if(e.name in this.steps)throw new Error(`Step ${e.name} is already registered`);this.steps.set(e.name,e)}}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const n=new o.default(this.settings,this.platform,e),s=this.process(n);i(()=>s.cancel()),s.then(()=>{var e;if(n.lastStep!==l.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:n.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()}).then(t).catch(r)}catch(e){r(e)}})}unregisterDevice(){return this.isDeviceRegistered()?new Promise((e,t)=>{this.unregister("/v1/client/device/unregister").then(()=>{this.resetDeviceSettings(),e()}).catch(t)}):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise((e,t)=>{this.unregister("/v1/client/stepup/unregister").then(()=>{this.settings.fidoPasskeyRegistered=!1,e()}).catch(t)}):Promise.resolve()}unregister(e){return new Promise((t,r)=>{try{new o.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then(e=>{e.error?r(new a.default(e.error.message,e.error.code,e.next,!1)):t()}).catch(r)}catch(e){r(e)}})}process(e){return new s.default((t,r,i)=>{i(()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()}),this.nextStep(e,e.next,1).then(t).catch(r)})}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise((i,n)=>{[l.AUTH_DONE,l.AUTH_EMPTY].includes(t)?(!e.settings.deviceId&&e.settings.fingerPrintTimestamp&&e.resetFptts(),i()):r>l.MAX_ATTEMPTS?n(new a.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(t=>new c.default(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(n))})}getNextStep(e){return this.steps.get(e)||new c.default("Unknown authentication step: "+e)}}l.AUTH_DONE="done",l.AUTH_EMPTY="",l.MAX_ATTEMPTS=50,t.default=l},4934:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(9316));class s{constructor(){this.name=""}execute(e){return new Promise((t,r)=>{var i,s,o,a,c,u;let l=null===(u=null===(c=null===(a=null===(o=null===(s=null===(i=e.claims)||void 0===i?void 0:i.auth)||void 0===s?void 0:s.subs)||void 0===o?void 0:o.dev)||void 0===a?void 0:a.auths)||void 0===c?void 0:c.unvsl)||void 0===u?void 0:u.ftu;if(void 0!==l&&l){l+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}l+=`&next=${i}`,e.platform.urlRedirect(l),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))})}}t.DeviceUniversalRedirectBaseStep=s;class o extends s{constructor(){super(...arguments),this.name=o.NAME}}t.DeviceUniversalRedirectFinishStep=o,o.NAME="redirect/finish";class a extends s{constructor(){super(...arguments),this.name=a.NAME}}t.DeviceUniversalRedirectExchangeStep=a,a.NAME="redirect/exchange"},4963:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()})})}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},5014:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=void 0,function(e){e[e.OnResend=0]="OnResend",e[e.OnMobileNumberChange=1]="OnMobileNumberChange"}(r||(t.InstantLinkResultType=r={}))},5111:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},5166:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},5462:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(8324));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{var i,n,a;if(this.forUPK)t(o.default.NAME);else{let o=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==o&&o?(o+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(o),t("")):r(new s.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}})}}a.NAME="device/universal",t.default=a},5620:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.upkEnabled=!1,this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1,this.fingerPrintTimestamp=null}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fingerPrintTimestamp(e){const t=null!==e?e.toString():null;this.setOrRemove(n.FP_TIMESTAMPT,t)}get fingerPrintTimestamp(){const e=this.storage.getItem(this.getKey(n.FP_TIMESTAMPT));if(!e)return null;let t=parseInt(e);return isNaN(t)?null:t}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",n.FP_TIMESTAMPT="fingerPrintTimestamp",t.default=n},5667:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(8182));t.default=class{execute(e){var t;return i(this,void 0,void 0,function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new s.default}})}}},5683:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5166),o=n(r(8182)),a=n(r(8525));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://whatismyip.proveapis.com/whatismyip"}execute(e){return i(this,void 0,void 0,function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://whatismyip.proveapis.com/whatismyip");if(t.ok)return{deviceDescriptor:new o.default(yield t.text())};throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)})}}},7464:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.1.0",t.VERSION_CODE=30100},7466:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/mobileactive",t.default=s},7651:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserPpbVerifyStep=t.UserPpbEnrollStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r,i){this.log=n.LoggerFactory.getLogger("user-ppb-base-step"),this.enabled=e,this.operation=t,this.startStep=r,this.finishStep=i}execute(e){if(!this.enabled)return Promise.reject(new s.default("PPB is not enabled"));const t=e.lastData;if(!t||!t.ppb)return Promise.reject(new s.default("PPB session is not initialized"));const r=()=>{try{return this.startStep?this.startStep.execute(this.operation):Promise.resolve()}catch(e){return this.log.warn("PPB start step has failed:",e),Promise.reject(e)}},i=e=>{try{return this.finishStep?this.finishStep.execute(this.operation,e):Promise.resolve()}catch(e){return this.log.warn("PPB finish step has failed:",e),Promise.reject(e)}};return new Promise((n,o)=>{r().then(()=>{var r,i,n,s,o;return this.log.debug("Activating AuthID web component"),e.platform.activatePpb({ppbOperation:this.operation,endpointUrl:null===(n=null===(i=null===(r=e.claims)||void 0===r?void 0:r.auth.subs.usr)||void 0===i?void 0:i.auths.ppb)||void 0===n?void 0:n.endp,operationId:null===(s=t.ppb)||void 0===s?void 0:s.operationId,oneTimeSecret:null===(o=t.ppb)||void 0===o?void 0:o.oneTimeSecret})}).catch(e=>{this.log.error("AuthID web component failed:",e),i(e).then(()=>o(e))}).then(r=>{var i;return this.log.info("PPB authentication result",r),e.fetchFromBackend("/v1/client/user/ppb/finish",{requestId:crypto.randomUUID(),operationId:null===(i=t.ppb)||void 0===i?void 0:i.operationId})}).then(e=>{var t,r;const a=e;if(a.error){const n=null!==(r=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==r?r:"PPB authentication failed";i(new Error(n)).then(()=>o(new s.default(e.error.message,e.error.code,e.next,!1)))}else i().then(()=>n(a.next))}).catch(o)})}}class a extends o{constructor(e,t,r){super(e,"enroll",t,r),this.name=a.NAME}}t.UserPpbEnrollStep=a,a.NAME="user/ppb/register";class c extends o{constructor(e,t,r){super(e,"verify",t,r),this.name=c.NAME}}t.UserPpbVerifyStep=c,c.NAME="user/ppb/verify"},7657:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,function(e){e.Discouraged="none",e.Preferred="pref",e.Required="req"}(r||(t.UserVerificationLevel=r={}))},7844:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.WebSocketCloseReasons=void 0,function(e){e.NORMAL_CLOSURE="Normal closure",e.GOING_AWAY="The connection is closed because a server is going down or a browser has navigated away from the page.",e.PROTOCOL_ERROR="The connection is closed due to a protocol error",e.UNSUPPORTED_DATA="The connection is closed because it has received unsupported data",e.NO_STATUS_RECEIVED="No closed status code was actually present.",e.ABNORMAL_CLOSURE="The connection was closed unexpectedly without a close frame",e.INVALID_FRAME_PAYLOAD_DATA="The connection was closed because it received inconsistent data in a message.",e.POLICY_VIOLATION="The connection was closed due to policy violation",e.MESSAGE_TOO_BIG="The connection was closed because it has received a message that is too big for it to process.",e.MANDATORY_EXTENSION="The connection was closed because the client required a server extension that was not supported.",e.INTERNAL_ERROR="The connection was closed because the server encountered an unexpected error",e.TLS_HANDSHAKE="The connection was closed due to a failure to perform a TLS handshake",e.UNKNOWN_REASON="Unknown reason"}(r||(t.WebSocketCloseReasons=r={}))},7900:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316));class a{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise((t,r)=>{a.runFidoVerify(this.log,e).then(t).catch(r)})}static runFidoVerify(e,t){return new Promise((r,i)=>{a.makeFidoVerifyFinishRequest(e,t).then(r).catch(i)})}static makeFidoVerifyFinishRequest(e,t){return new Promise((r,i)=>{const s=t.credential,a=s.response;t.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==s?void 0:s.type,id:null==s?void 0:s.id,rawId:n.default.bufferEncode(null==s?void 0:s.rawId),response:{authenticatorData:n.default.bufferEncode(a.authenticatorData),clientDataJSON:n.default.bufferEncode(a.clientDataJSON),signature:n.default.bufferEncode(a.signature),userHandle:a.userHandle?n.default.bufferEncode(a.userHandle):void 0}}}).then(n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const i=n.data;i?(i.deviceId&&(t.settings.deviceId=i.deviceId),i.passkey&&(t.settings.fidoPasskeyRegistered=!0),i.scanMessage&&(t.authMessage=i.scanMessage)):e.warn("No data was received in the response"),t.settings.fidoPasskeyRegistered=!0,r(n.next)}}).catch(i)})}}a.NAME="device/passive/verify",t.default=a},7968:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(2473),s=i(r(9316));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(e,r)=>{t||i(new s.default(`Failed to receive secondary authentication with status code ${r}. ${e}`))},e=>{t=!0,i(new s.default("Failed to receive secondary authentication status: "+e))},o=>{t=!0;try{this.log.debug("Secondary authentication status: "+o);const t=JSON.parse(o);t.error?i(new s.default(t.error.message,t.error.code,t.next,!1)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{this.log.trace("Closing channel"),n.close()}})})}}},8156:function(e,t,r){var i,n=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),s=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||(i=function(e){return i=Object.getOwnPropertyNames||function(e){var t=[];for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[t.length]=r);return t},i(e)},function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r=i(e),o=0;o<r.length;o++)"default"!==r[o]&&n(t,e,r[o]);return s(t,e),t}),a=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=t.BuildConfig=t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.DeviceContextIntegration=t.PpbIntegration=t.AuthenticatorBuilder=t.VERSION=void 0;const c=r(9031);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return c.VERSION}});const u=o(r(2958));t.AuthenticatorBuilder=u.default,Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return u.MobileAuthImplementation}});const l=r(2198);Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return l.DeviceRole}});const d=r(660);Object.defineProperty(t,"BuildConfig",{enumerable:!0,get:function(){return d.BuildConfig}});const h=r(9726);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return h.AuthResponseStatus}});const f=r(2473);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return f.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return f.LogLevel}});const p=a(r(2403));t.CancelablePromise=p.default;const g=r(9306);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return g.PhoneValidationError}});const v=r(898);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return v.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return v.OtpFinishResultType}});const m=r(5014);Object.defineProperty(t,"InstantLinkResultType",{enumerable:!0,get:function(){return m.InstantLinkResultType}});const _=r(3040);Object.defineProperty(t,"PpbIntegration",{enumerable:!0,get:function(){return _.PpbIntegration}}),Object.defineProperty(t,"DeviceContextIntegration",{enumerable:!0,get:function(){return _.DeviceContextIntegration}})},8182:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},8324:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316));class o{constructor(e,t){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.forUPK=e,this.userConsentStep=null!=t?t:{execute:()=>Promise.resolve({consentGranted:!0})}}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{e.getDeviceRegistration().then(i=>{i?e.embedFpResultToDeviceRegistration(i).then(i=>{this.verify(e,i).then(t).catch(r)}):this.userConsentStep.execute().then(i=>{i.consentGranted?e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(t=>e.embedFpResultToDeviceRegistration(t)).then(t=>this.register(e,t)).then(t).catch(r):r(new Error("User denied the consent to register the device"))}).catch(r)}).catch(r)})}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise((r,i)=>{t.getAuthRegistration(e.challenge).then(n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n],signals:t.getSignals()}).then(n=>{var o;if(n.error)i(new s.default(n.error.message,n.error.code,n.next,!1));else{(null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=n.data,c=null==a?void 0:a.deviceId;c||i(new s.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=c,null!=a.passkey&&(e.settings.fidoPasskeyRegistered=a.passkey),t.deviceId=c,this.log.debug("Device ID: "+c),a.scanMessage&&(e.authMessage=a.scanMessage),e.platform.deviceAuth.storeRegistration(t).then(()=>r(n.next)).catch(i)}}).catch(i)})})}verify(e,t){return this.log.trace("Verifying"),new Promise((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then(n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n,signals:t.getSignals()}).then(n=>{var o;n.error?i(new s.default(n.error.message,n.error.code,n.next,!1)):((null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts(),r(n.next))}).catch(i)})}else i(new s.default("Failed to initiate verification, DeviceId is missing"))})}}o.NAME="device/passive/silent",t.default=o},8347:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(9922),s=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise((o,a)=>{this.session.getDeviceRegistration().then(c=>c&&c.deviceId?s.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then(n=>{const s=n[0],u=n[1],l=e+"\n"+t+"\n"+r+"\n"+i+"\n"+s+"\n"+u;c.sign(l).then(e=>o({version:"3",challenge:s,signature:e,keyId:c.keyId})).catch(a)}).catch(a):(this.log.debug("No signing needed for "+t),void o(null)):(this.log.debug("Device not registered, cannot sign"),void o(null))).catch(a)})}getChallenge(e){return new Promise((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then(e=>e).then(e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))}).catch(r)})}getHash(e){return new Promise((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then(e=>t((0,n.arrayBufferToHexString)(e))).catch(r)})}}},8367:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(3796),a=n(r(2681)),c=r(5166);class u{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class l{constructor(){this.currentStep=o.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStepFunc=t,this.authenticationStep=r,this.finishStepFunc=i,this.timeout=n,this.logger=s.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var s;return i(this,void 0,void 0,function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${o.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${o.StepCode[t]}`),i}catch(e){const r=null!==(s=e.errorCode)&&void 0!==s?s:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}})}authenticate(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuth(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}findMyIp(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFindMyIP(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}startStep(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeStartStep(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}authenticateWithRedirect(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuthWithRedirect(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}finishStep(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFinishStep(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}executeAuth(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);r._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,r);return this.logger.info("result",i),i})}executeFindMyIP(e,t){var r;return i(this,void 0,void 0,function*(){const i=new u(t);return i._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,i)).deviceDescriptor,this.logger.info(`deviceDescriptor=${i.deviceDescriptor}`),null!==(r=i._deviceDescriptor.ip)&&void 0!==r?r:"undefined"})}executeStartStep(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);return r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._authUrl})}executeAuthWithRedirect(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);return i._authUrl=r,i._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,i)).vfp,this.logger.info(`vfp=${i.vfp}`),i._vfp})}executeFinishStep(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);i._vfp=r;const n=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,i);return this.logger.info("result",n),n})}}},8483:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(7464),a=n(r(8525)),c=r(5166),u=r(1027),l=n(r(2459));class d{static create(e){return e.searchParams.set("r","f"),new d(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v3"),this.cookies={}}handle(){var e,t;return i(this,void 0,void 0,function*(){const r=yield this.getFlowControl(this.url);let i;this.logger.info("ControlFlow retrieved"),this.url=new u.RawURL(r.firstUri);const n=this.url.searchParams.get("vfp");let s=this.url;for(this.logger.debug(`current vfp ${n}`);;){try{i=s.toString().includes("auth-api.tmtanalysis.com")?yield this.fetchTmt(s,r):yield this.fetch(s,r)}catch(e){throw new a.default(c.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(i.url),i.status>=r.redirectStatusMinimum&&i.status<=r.redirectStatusMaximum){const r=new u.RawURL(null!==(e=i.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${r}`);const o=null!==(t=r.searchParams.get("vfp"))&&void 0!==t?t:r.searchParams.get("token");if(o&&o!==n)return this.logger.debug(`vfp changed to ${o}`),o;s=r}else{if(i.status>=200&&i.status<300){let e;try{e=yield i.json()}catch(e){throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,u.handleHttpError)(i)}}})}getFlowControl(e){var t;return i(this,void 0,void 0,function*(){const r=yield(0,u.fetchAuth)(e,{}),i=null===(t=r.body)||void 0===t?void 0:t.getReader();let n="";if(i){const{value:e,done:t}=yield i.read();e&&(n+=(new TextDecoder).decode(e))}return l.default.deserialize(n)})}fetch(e,t){var r;const i=s.LoggerFactory.getLogger("http-client");if(i.info(`${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);var n="";this.addCookie(document.cookie);for(const[e,t]of Object.entries(this.cookies))n+=`${e}=${t}; `;let u;this.cookies.length>0&&(document.cookie=n),(null===(r=t.headers.Cookie)||void 0===r?void 0:r.length)>0&&(n+=t.headers.Cookie,document.cookie=n),e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(u=t.requestBody),i.debug("Headers:");for(let e in t.headers)i.debug(`${e}:${t.headers[e]}`);return i.debug(`Cookie:${document.cookie}`),u&&i.debug(`Request Body: ${u}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:t.headers,body:u}).then(e=>(i.debug("Response:\r\nStatus:"),i.debug(`${e.status} ${e.statusText}`),i.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),i.debug(`${t}:${e}`)}),this.addCookie(document.cookie),i.debug("Body:"),i.debug(e.body),e))}fetchTmt(e,t){const r=s.LoggerFactory.getLogger("http-client");if(r.info(`Fetch TMT ${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);let i;e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(i=t.requestBody);r.debug("Headers:");for(let e in t.headers)r.debug(`${e}:${t.headers[e]}`);return i&&r.debug(`Request Body: ${i}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}).then(e=>(r.debug("Response:\r\nStatus:"),r.debug(`${e.status} ${e.statusText}`),r.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),r.debug(`${t}:${e}`)}),this.addCookie(document.cookie),r.debug("Body:"),r.debug(e.body),e))}addCookie(e){const t=e.split(";");for(const e of t){const t=e.split("=");if(t.length>1){const e=t[0].trim(),r=t[1].trim();this.cookies[e]=r}}}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=d},8525:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},9031:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="3.1.0",t.API_CONTRACT_VERSION="2.15.1",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`},9173:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2473),o=r(9031),a=n(r(9316)),c=r(7657),u=n(r(4473)),l=r(7844);class d{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendOrigin(){var e;return this.backendOriginOverride||(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.log=s.LoggerFactory.getLogger("auth-session"),this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||c.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",n="application/json",s=JSON.stringify(t),c=e.split("?"),l=c[0],d=c.length>1?c[1]:"",h=new Headers({Accept:n,"Content-Type":n,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&h.set("Authorization","Bearer "+this.authToken),new Promise((t,o)=>{this.requestSigner.sign(r,l,d,n,s).then(n=>{n&&(h.set("PA-Sig-Version",n.version),h.set("PA-Challenge",n.challenge),h.set("PA-KID",n.keyId),h.set("PA-Signature",n.signature)),this.platform.fetch(this.backendOrigin+e,{mode:"cors",method:r,headers:h,body:s}).then(e=>i(this,void 0,void 0,function*(){if(!e.ok){const t=e.statusText?` - ${e.statusText}`:"",r=`Got ${e.status} HTTP error${t}`;throw new a.default(r,void 0,void 0,!1)}const t=yield e.text();if(!t)throw new a.default("Empty response from server");try{return JSON.parse(t)}catch(e){throw new a.default(`Failed to parse JSON response: ${e.message}`)}})).then(e=>{e.error&&e.error.code===u.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),this.lastData=e.data,t(e)}).catch(o)}).catch(o)})}static parseCloseEvent(e){var t=l.WebSocketCloseReasons.UNKNOWN_REASON;switch(e.code){case 1e3:t=l.WebSocketCloseReasons.NORMAL_CLOSURE;break;case 1001:t=l.WebSocketCloseReasons.GOING_AWAY;break;case 1002:t=l.WebSocketCloseReasons.PROTOCOL_ERROR;break;case 1003:t=l.WebSocketCloseReasons.UNSUPPORTED_DATA;break;case 1005:t=l.WebSocketCloseReasons.NO_STATUS_RECEIVED;break;case 1006:t=l.WebSocketCloseReasons.ABNORMAL_CLOSURE;break;case 1007:t=l.WebSocketCloseReasons.INVALID_FRAME_PAYLOAD_DATA;break;case 1008:t=l.WebSocketCloseReasons.POLICY_VIOLATION;break;case 1009:t=l.WebSocketCloseReasons.MESSAGE_TOO_BIG;break;case 1010:t=l.WebSocketCloseReasons.MANDATORY_EXTENSION;break;case 1011:t=l.WebSocketCloseReasons.INTERNAL_ERROR;break;case 1015:t=l.WebSocketCloseReasons.TLS_HANDSHAKE}return[t,e.code]}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const n=this.backendOrigin.replace(/^http/,"ws"),s=this.platform.createMessageChannel(n+e);var o=!0;const a=setInterval(()=>{o?(this.log.trace("Sending ping message"),o=!1,s.send("ping")):(this.log.warn("Failed to receive ping response in time, closing the channel"),clearInterval(a),s.close(),r("Channel communication stalled"),this.channels.delete(s))},3e4);return s.addEventListener("close",e=>{var r=e.code?`with status code: ${e.code}`:"without status code";this.log.debug(`Message channel is closed ${r}`),clearInterval(a),this.channels.delete(s);const[i,n]=d.parseCloseEvent(e);t(i,n)}),s.addEventListener("error",e=>{this.log.debug("Message channel encountered an error",e)}),s.addEventListener("message",e=>{if(this.log.trace("Message channel received a message"),this.log.trace(e),"origin"in e&&e.origin!==n)r("Unexpected origin");else{const t=e.data;t&&"string"==typeof t?"pong"===t?o=!0:i(t):i(e.toString())}}),this.channels.add(s),s}closeAllMessageChannels(){this.log.trace("Closing all message channels, total "+this.channels.size+" registered channels");const e=new Set(this.channels);e.forEach(e=>e.close()),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then(t=>{t&&(this.backendOriginOverride?this.log.debug("Not overriding backend URL since it has been already set"):(this.backendOriginOverride=t.endpoint,this.log.debug("backend URL overridden with "+this.backendOriginOverride))),e(t)}).catch(t)})}embedFpResultToDeviceRegistration(e){return new Promise(t=>{this.getDeviceContextData().then(r=>{r&&e.setFpSignal(r),t(e)}).catch(t=>{const r=`Unexpected error happened during Device Context data collection: ${a.default.extractMessage(t)}`;this.log.warn(t),e.setFpSignal({error:r})})})}getCurrentTimestampInSeconds(){const e=Date.now();return Math.floor(e/1e3)}markNewFptts(e){this.settings.fingerPrintTimestamp=e||this.getCurrentTimestampInSeconds()}resetFptts(){this.settings.fingerPrintTimestamp=null}getDeviceContextData(){return new Promise(e=>{if(!this.shouldCollectFP())return this.log.trace("DeviceContext is not enabled in the AuthToken"),void e(void 0);this.platform.getDataCollector().then(t=>{if(!t){const t="Found null instance of data collector, check if your input API key is valid and prove-auth-device-context integration module is properly initialized";return this.log.warn(t),void e({error:t})}if(!this.shouldRefreshFpSignal(this.getCurrentTimestampInSeconds()))return this.log.trace("Existing Device Context signal has not yet expired, skipping new collection"),void e(void 0);this.log.trace("Collect new Device Context data"),t.getCollectedData().then(t=>{if(!t){const t="Data collector returned no result data";return this.log.warn(t),void e({error:t})}e({results:t})}).catch(t=>{const r=`Error in collecting Device Context data: ${a.default.extractMessage(t)}`;this.log.warn(t),e({error:r})})})})}shouldCollectFP(){var e,t,r;return null===(r=null===(t=null===(e=this.claims)||void 0===e?void 0:e.auth.subs.dev)||void 0===t?void 0:t.sgnls)||void 0===r?void 0:r.fpt}shouldRefreshFpSignal(e){var t,r,i,n;if(!this.settings.deviceId||!this.settings.fingerPrintTimestamp)return this.resetFptts(),!0;const s=null!==(n=null===(i=null===(r=null===(t=this.claims)||void 0===t?void 0:t.auth.subs.dev)||void 0===r?void 0:r.sgnls)||void 0===i?void 0:i.fptrr)&&void 0!==n?n:0;return this.log.debug(`Device Context refresh rate: ${s}`),e-this.settings.fingerPrintTimestamp>=s}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}t.default=d},9205:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),s=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},o=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=o(r(2561)),c=o(r(8367)),u=o(r(931)),l=o(r(5683)),d=o(r(5667)),h=o(r(2486)),f=s(r(4963));function p(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=p(e),this}withIpDiscoveryUrl(e){return this._ipDiscoveryUrl=e,this}withFinishStep(e){return this._finishStep=p(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new u.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new f.default,r=new f.PixelFinishStep);const i=this._deviceIpDetection?new l.default(this._ipDiscoveryUrl):new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},9306:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=s},9316:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),t.startsWith("[object ")&&(t=JSON.stringify(e)))}return t}}t.default=r},9438:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473),o=r(2958),a=i(r(4473)),c=i(r(8182));class u{executeStartStep(e){return new Promise((t,r)=>{const i=this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:i,implementation:this.implementation}).then(e=>{if(e.error)r(new n.default(e.error.message,e.error.code,e.next,!1));else{const i=e.data;(null==i?void 0:i.redirectUrl)?t(i.redirectUrl):r(new n.default("No redirect URL found in start response",void 0,e.next,!0))}}).catch(r)})}executeFinishStep(e,t){return new Promise((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t}).then(e=>{e.error?i(new n.default(e.error.message,e.error.code,e.next,!1)):r(e.next)}).catch(i)})}constructor(e,t){this.name=u.NAME,this.log=s.LoggerFactory.getLogger("mobile-instant-step"),this.implementation=e,this.getDeviceIp=null!=t?t:()=>null}execute(e){return new Promise((t,r)=>{let i=e.platform.getMobileAuthBuilder();switch(this.implementation){case o.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case o.MobileAuthImplementation.Fetch:i=i.withFetchImplementation()}i=i.withStartStep(()=>Promise.reject(new n.default("StartStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow"))).withFinishStep(()=>Promise.reject(new n.default("FinishStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")));const s=i.build(),u=new c.default(this.getDeviceIp());this.executeStartStep(e).then(i=>{s.authenticateWithRedirect(u,i).then(i=>{this.executeFinishStep(e,i).then(t).catch(r)}).catch(e=>{var t;const i=null!==(t=n.default.extractMessage(e))&&void 0!==t?t:"Mobile Auth Midlle Step failed at authenticateWithRedirect";r(new n.default(i,a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE))})}).catch(r)})}}u.NAME="mobile/instant",t.default=u},9549:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.FidoOptionsError=void 0;class r extends Error{constructor({message:e,cause:t,name:r}){super(e,{cause:t}),this.name=null!=r?r:t.name}static identifyAuthenticationError({error:e,options:t,platform:i}){const{publicKey:n}=t;if(!n)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:r.ABORT_SIGNAL,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return n.rpId!==t?new r({message:`${r.INVALID_RP_ID}: ${n.rpId}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}static identifyRegistrationError({error:e,options:t,platform:i}){var n,s,o;const{publicKey:a}=t;if(!a)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("InvalidStateError"===e.name)return new r({message:r.INVALID_STATE_ERROR,cause:e});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:this.ABORT_SIGNAL,cause:e})}else if("ConstraintError"===e.name){if(!0===(null===(n=a.authenticatorSelection)||void 0===n?void 0:n.requireResidentKey))return new r({message:this.CONSTRAINT_ERROR,cause:e});if("conditional"===t.mediation&&"required"===(null===(s=a.authenticatorSelection)||void 0===s?void 0:s.userVerification))return new r({message:this.USER_VERIFICATION_NOT_POSSILE,cause:e});if("required"===(null===(o=a.authenticatorSelection)||void 0===o?void 0:o.userVerification))return new r({message:this.NO_MATCHING_AUTHENTICATOR,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("NotSupportedError"===e.name)return 0===a.pubKeyCredParams.filter(e=>"public-key"===e.type).length?new r({message:this.INVALID_CRED_PARAMS,cause:e}):new r({message:r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return a.rp.id!==t?new r({message:`${r.INVALID_RP_ID}: ${a.rp.id}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("TypeError"===e.name){if(a.user.id.byteLength<1||a.user.id.byteLength>64)return new r({message:r.INVALID_USER_ID_LENGTH,cause:e})}else if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}}t.FidoOptionsError=r,r.MISSING_PUBLIC_KEY_PROPERTY="options missing publicKey property",r.ABORT_SIGNAL="Authentication was sent an abort signal",r.INVALID_STATE_ERROR="The authenticator was already registered",r.UNKNOWN_ERROR="Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential",r.SECURITY_ERROR_FOUND="Security error found",r.INVALID_RP_ID="The rp.id is not valid for the current domain",r.CONSTRAINT_ERROR="Discoverable credentials is required but found no matching supported authenticator",r.USER_VERIFICATION_NOT_POSSILE="User verification is required during automatic registration but this could not be performed",r.NO_MATCHING_AUTHENTICATOR="User verification is required but found no matching supported authenticator",r.INVALID_CRED_PARAMS="No entry in pubKeyCredParams having the type of public-key",r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO="No available authenticator supported any of the specified pubKeyCredParams algorithms",r.INVALID_USER_ID_LENGTH="User ID has invalid length"},9648:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316)),a=i(r(4473)),c=i(r(7900));class u{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-register-step"),this.name=u.NAME}execute(e){return new Promise((t,r)=>{u.hasAssertionResponse(e)?c.default.runFidoVerify(this.log,e).then(t).catch(r):e.getDeviceRegistration().then(i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(i=>{i.getAuthRegistration(e.challenge).then(t=>this.finishRegistration(e,[this.getFido2Registration(e),t])).then(n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then(()=>t(n)).catch(r)}).catch(r)}).catch(r)}).catch(r)})}static hasAssertionResponse(e){const t=e.credential.response;return t&&"authenticatorData"in t&&"signature"in t}finishRegistration(e,t){return new Promise((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then(t=>{if(t.error)i(new o.default(t.error.message,t.error.code,t.next,!1));else{const n=t.data;n?(n.deviceId&&(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0),n.scanMessage&&(e.authMessage=n.scanMessage),r(t.next)):i(new o.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}}).catch(i)})}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}u.NAME="device/passive/register",t.default=u},9726:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,function(e){e.Accept="accept",e.Reject="reject",e.Cancel="cancel",e.Unexpected="unexpected",e.Timeout="timeout",e.Unknown="unknown"}(r||(t.AuthResponseStatus=r={}))},9922:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.stringToArrayBuffer=function(e){const t=(new TextEncoder).encode(e);return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),e=>("00"+e.toString(16)).slice(-2)).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)},t.DEVICE_CAPABILITY_WEBAUTHN="webauthn"}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var s=t[i]={exports:{}};return e[i].call(s.exports,s,s.exports,r),s.exports}(8156)})());

package/build/lib/index.d.ts

@@ -1,6 +1,7 @@
 import { VERSION } from './proveauth/version';
-import AuthenticatorBuilder, { AuthMessageHandler, DeviceRole, MobileAuthImplementation, PasskeyAlreadyExistCallback } from './proveauth/authenticator-builder';
-import DeviceContextOptions, { BuildConfig } from './proveauth/device-context-options';
+import AuthenticatorBuilder, { AuthMessageHandler, MobileAuthImplementation, PasskeyAlreadyExistCallback } from './proveauth/authenticator-builder';
+import { DeviceRole } from './proveauth/device-role';
+import { BuildConfig } from './proveauth/device-context-options';
 import AuthMessage from './proveauth/internal/auth-message';
 import { AuthResponseStatus } from './proveauth/internal/auth-response-status';
 import { LoggerFactory, LogWriter, LogLevel, Logger } from './proveauth/common/logger';
@@ -12,4 +13,7 @@ import { OtpError, OtpStartStep, OtpStartInput, OtpStartStepFn, OtpFinishStep, O
 import { InstantLinkStartInput, InstantLinkStartStep, InstantLinkStartStepFn, InstantLinkRetryStep, InstantLinkRetryStepFn, InstantLinkResultType } from './proveauth/instantlink';
 import UserConsentStep, { UserConsentOutput, UserConsentStepFn } from './proveauth/user-consent-step';
 import { PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, PpbOperation } from './proveauth/ppb';
-export { VERSION, AuthFinishStep, AuthFinishStepFn, AuthFinishStepInput, Authenticator, AuthenticatorBuilder, AuthMessage, AuthMessageHandler, AuthResponseStatus, CancelablePromise, DeviceRole, InstantLinkStartStep, InstantLinkStartInput, InstantLinkStartStepFn, Logger, LoggerFactory, LogLevel, LogWriter, MobileAuthImplementation, OtpFinishStep, OtpFinishInput, OtpFinishResult, OtpFinishStepFn, OtpFinishResultType, OtpStartStep, OtpStartInput, OtpStartStepFn, OtpError, PasskeyAlreadyExistCallback, PhoneValidationError, BuildConfig, DeviceContextOptions, UserConsentStep, UserConsentStepFn, UserConsentOutput, InstantLinkRetryStep, InstantLinkRetryStepFn, InstantLinkResultType, PpbOperation, PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, };
+import { DocVStartStep, DocVStartStepFn, DocVFinishStep, DocVFinishStepFn } from './proveauth/docv';
+import { PpbIntegration, PpbOptions, PpbResult, DataCollector, DeviceContextIntegration } from './proveauth/internal/external-integrations';
+import DeviceContextOptions from './proveauth/device-context-options';
+export { VERSION, AuthFinishStep, AuthFinishStepFn, AuthFinishStepInput, Authenticator, AuthenticatorBuilder, PpbIntegration, PpbOptions, PpbResult, DeviceContextIntegration, AuthMessage, AuthMessageHandler, AuthResponseStatus, CancelablePromise, DataCollector, DeviceRole, InstantLinkStartStep, InstantLinkStartInput, InstantLinkStartStepFn, Logger, LoggerFactory, LogLevel, LogWriter, MobileAuthImplementation, OtpFinishStep, OtpFinishInput, OtpFinishResult, OtpFinishStepFn, OtpFinishResultType, OtpStartStep, OtpStartInput, OtpStartStepFn, OtpError, PasskeyAlreadyExistCallback, PhoneValidationError, BuildConfig, DeviceContextOptions, UserConsentStep, UserConsentStepFn, UserConsentOutput, InstantLinkRetryStep, InstantLinkRetryStepFn, InstantLinkResultType, PpbOperation, PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, DocVStartStep, DocVStartStepFn, DocVFinishStep, DocVFinishStepFn, };