npm - @prove-identity/prove-auth - Versions diffs - 2.15.2 → 3.1.0 - Mend

@prove-identity/prove-auth 2.15.2 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/build/lib/proveauth/internal/auth-token-claims.d.ts CHANGED Viewed

@@ -26,6 +26,9 @@ export interface UniversalAuthenticator {
 export interface PpbAuthenticator {
     endp: string;
 }
+export interface DocVAuthenticator {
+    endp: string;
+}
 export interface DeviceAuthenticators {
     pasv?: PassiveAuthenticator;
     unvsl?: UniversalAuthenticator;
@@ -41,6 +44,7 @@ export interface UserAuthenticators {
     pasv?: PassiveAuthenticator;
     prst?: PresentAuthenticator;
     ppb?: PpbAuthenticator;
+    docv?: DocVAuthenticator;
 }
 export interface Signals {
     fpt?: boolean;

package/build/lib/proveauth/internal/auth-token-claims.js CHANGED Viewed

@@ -6,4 +6,4 @@ var UserVerificationLevel;
     UserVerificationLevel["Discouraged"] = "none";
     UserVerificationLevel["Preferred"] = "pref";
     UserVerificationLevel["Required"] = "req";
-})(UserVerificationLevel = exports.UserVerificationLevel || (exports.UserVerificationLevel = {}));
+})(UserVerificationLevel || (exports.UserVerificationLevel = UserVerificationLevel = {}));

package/build/lib/proveauth/internal/device-passive-step.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
-import { DeviceRole, PasskeyAlreadyExistCallback } from '../authenticator-builder';
+import { PasskeyAlreadyExistCallback } from '../authenticator-builder';
+import { DeviceRole } from '../device-role';
 import { AuthStatusActions } from './auth-status-actions';
 import { Signals } from './auth-request';
 export declare class DevicePassiveActions extends AuthStatusActions {

package/build/lib/proveauth/internal/device-passive-step.js CHANGED Viewed

@@ -9,7 +9,7 @@ const base64_1 = __importDefault(require("../common/base64"));
 const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
 const auth_token_claims_1 = require("./auth-token-claims");
 const auth_error_1 = __importDefault(require("./auth-error"));
-const authenticator_builder_1 = require("../authenticator-builder");
+const device_role_1 = require("../device-role");
 const auth_status_actions_1 = require("./auth-status-actions");
 const fido_options_error_1 = require("./fido-options-error");
 const auth_response_status_1 = require("./auth-response-status");
@@ -195,19 +195,19 @@ class DevicePassiveActions extends auth_status_actions_1.AuthStatusActions {
         });
     }
 }
+exports.DevicePassiveActions = DevicePassiveActions;
 DevicePassiveActions.NO_REQUEST_CREDS_FOUND = 'Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload';
 DevicePassiveActions.NO_CREDS_FOUND = 'Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload';
 DevicePassiveActions.USER_NOT_ACCEPTING_RESPONSE = 'User not accepting to continue by reusing the existing passkey with user response';
-exports.DevicePassiveActions = DevicePassiveActions;
 class DevicePassiveStep extends DevicePassiveActions {
     constructor(getDisplayName, handler, role) {
         super(getDisplayName, handler);
         this.name = DevicePassiveStep.NAME;
-        this.role = role !== null && role !== void 0 ? role : authenticator_builder_1.DeviceRole.Primary;
+        this.role = role !== null && role !== void 0 ? role : device_role_1.DeviceRole.Primary;
         this.log = logger_1.LoggerFactory.getLogger('device-passive-step');
     }
     execute(session) {
-        if (this.role == authenticator_builder_1.DeviceRole.Secondary) {
+        if (this.role == device_role_1.DeviceRole.Secondary) {
             return this.waitForStatus(session);
         }
         if (!session.platform.isFidoSupported() ||
@@ -222,7 +222,7 @@ class DevicePassiveStep extends DevicePassiveActions {
         }
         return new Promise((resolve, reject) => {
             session
-                .getFingerprintData()
+                .getDeviceContextData()
                 .then((signal) => {
                 const signals = {
                     fingerprint: signal,
@@ -230,7 +230,7 @@ class DevicePassiveStep extends DevicePassiveActions {
                 this.register(session, signals).then(resolve).catch(reject);
             })
                 .catch((error) => {
-                const errorMsg = `Unexpected error happened during Fingerprint data collection: ${error.message}`;
+                const errorMsg = `Unexpected error happened during Device Context data collection: ${error.message}`;
                 this.log.warn(errorMsg);
                 this.log.warn(error);
                 const signals = {

package/build/lib/proveauth/internal/device-universal-redirect-steps.js CHANGED Viewed

@@ -43,13 +43,13 @@ class DeviceUniversalRedirectFinishStep extends DeviceUniversalRedirectBaseStep
         this.name = DeviceUniversalRedirectFinishStep.NAME;
     }
 }
-DeviceUniversalRedirectFinishStep.NAME = 'redirect/finish';
 exports.DeviceUniversalRedirectFinishStep = DeviceUniversalRedirectFinishStep;
+DeviceUniversalRedirectFinishStep.NAME = 'redirect/finish';
 class DeviceUniversalRedirectExchangeStep extends DeviceUniversalRedirectBaseStep {
     constructor() {
         super(...arguments);
         this.name = DeviceUniversalRedirectExchangeStep.NAME;
     }
 }
-DeviceUniversalRedirectExchangeStep.NAME = 'redirect/exchange';
 exports.DeviceUniversalRedirectExchangeStep = DeviceUniversalRedirectExchangeStep;
+DeviceUniversalRedirectExchangeStep.NAME = 'redirect/exchange';

package/build/lib/proveauth/internal/external-integrations.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import DeviceContextOptions from '../device-context-options';
+export declare abstract class ExternalIntegration {
+    protected static readonly log: import("../common/logger").Logger;
+    private static readonly instances;
+    private readonly name;
+    protected constructor(name: string);
+    protected static getInstance(name: string): ExternalIntegration;
+    protected static activate(instance: ExternalIntegration): void;
+}
+export interface PpbResult {
+    authIdSuccess?: boolean;
+}
+export interface PpbOptions {
+    endpointUrl?: string;
+    ppbOperation?: string;
+    operationId?: string;
+    oneTimeSecret?: string;
+}
+export declare abstract class PpbIntegration extends ExternalIntegration {
+    static readonly NAME = "PPB";
+    static get instance(): PpbIntegration;
+    constructor();
+    abstract activateWebComponent(options: PpbOptions): Promise<PpbResult>;
+}
+export interface DataCollector {
+    getCollectedData(): Promise<string | undefined>;
+}
+export declare abstract class DeviceContextIntegration extends ExternalIntegration {
+    static readonly NAME = "DeviceContext";
+    static get instance(): DeviceContextIntegration;
+    constructor();
+    abstract init(options: DeviceContextOptions): void;
+    abstract getDataCollector(): Promise<DataCollector | undefined>;
+}

package/build/lib/proveauth/internal/external-integrations.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeviceContextIntegration = exports.PpbIntegration = exports.ExternalIntegration = void 0;
+const logger_1 = require("../common/logger");
+class ExternalIntegration {
+    constructor(name) {
+        this.name = name;
+        ExternalIntegration.activate(this);
+    }
+    static getInstance(name) {
+        const instances = ExternalIntegration.instances;
+        if (!instances.has(name)) {
+            throw new Error(`${name} integration is not available`);
+        }
+        return instances.get(name);
+    }
+    static activate(instance) {
+        if (!ExternalIntegration.instances.has(instance.name)) {
+            ExternalIntegration.instances.set(instance.name, instance);
+            ExternalIntegration.log.info(`${instance.name} integration activated`);
+        }
+        else {
+            ExternalIntegration.log.debug(`${instance.name} integration already activated, ignoring`);
+        }
+    }
+}
+exports.ExternalIntegration = ExternalIntegration;
+ExternalIntegration.log = logger_1.LoggerFactory.getLogger('external-integrations');
+ExternalIntegration.instances = new Map();
+class PpbIntegration extends ExternalIntegration {
+    static get instance() {
+        return ExternalIntegration.getInstance(PpbIntegration.NAME);
+    }
+    constructor() {
+        super(PpbIntegration.NAME);
+    }
+}
+exports.PpbIntegration = PpbIntegration;
+PpbIntegration.NAME = 'PPB';
+class DeviceContextIntegration extends ExternalIntegration {
+    static get instance() {
+        return ExternalIntegration.getInstance(DeviceContextIntegration.NAME);
+    }
+    constructor() {
+        super(DeviceContextIntegration.NAME);
+    }
+}
+exports.DeviceContextIntegration = DeviceContextIntegration;
+DeviceContextIntegration.NAME = 'DeviceContext';

package/build/lib/proveauth/internal/fido-options-error.js CHANGED Viewed

@@ -146,6 +146,7 @@ class FidoOptionsError extends Error {
         return error;
     }
 }
+exports.FidoOptionsError = FidoOptionsError;
 FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY = 'options missing publicKey property';
 FidoOptionsError.ABORT_SIGNAL = 'Authentication was sent an abort signal';
 FidoOptionsError.INVALID_STATE_ERROR = 'The authenticator was already registered';
@@ -158,4 +159,3 @@ FidoOptionsError.NO_MATCHING_AUTHENTICATOR = 'User verification is required but
 FidoOptionsError.INVALID_CRED_PARAMS = 'No entry in pubKeyCredParams having the type of public-key';
 FidoOptionsError.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO = 'No available authenticator supported any of the specified pubKeyCredParams algorithms';
 FidoOptionsError.INVALID_USER_ID_LENGTH = 'User ID has invalid length';
-exports.FidoOptionsError = FidoOptionsError;

package/build/lib/proveauth/internal/main-authenticator.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import Platform from './platform';
 import CancelablePromise from '../common/cancelable-promise';
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
+import DeviceContextOptions from '../device-context-options';
 export default class MainAuthenticator implements Authenticator {
     static readonly AUTH_DONE = "done";
     static readonly AUTH_EMPTY = "";
@@ -14,6 +15,7 @@ export default class MainAuthenticator implements Authenticator {
     protected readonly platform: Platform;
     protected readonly settings: Settings;
     protected readonly authFinishStep?: AuthFinishStep;
+    protected readonly deviceContextOptions?: DeviceContextOptions;
     constructor(platform: Platform, settings: Settings, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
     isPasskeyRegistered(): boolean;
     isFidoSupported(): boolean;

package/build/lib/proveauth/internal/main-authenticator.js CHANGED Viewed

@@ -18,6 +18,9 @@ class MainAuthenticator {
         this.settings = settings;
         if (steps) {
             for (let step of steps) {
+                if (step.name in this.steps) {
+                    throw new Error(`Step ${step.name} is already registered`);
+                }
                 this.steps.set(step.name, step);
             }
         }

package/build/lib/proveauth/internal/mobile-instant-step.d.ts CHANGED Viewed

@@ -7,9 +7,8 @@ export default class MobileInstantStep implements AuthStep {
     protected log: import("../common/logger").Logger;
     private readonly implementation;
     private readonly getDeviceIp;
-    private readonly deviceIpDetection;
-    private errorCodeBak?;
-    private nextBak?;
+    private executeStartStep;
+    private executeFinishStep;
     constructor(implementation: MobileAuthImplementation, getDeviceIp?: () => string | null);
     execute(session: AuthSession): Promise<string>;
 }

package/build/lib/proveauth/internal/mobile-instant-step.js CHANGED Viewed

@@ -7,92 +7,86 @@ const auth_error_1 = __importDefault(require("./auth-error"));
 const logger_1 = require("../common/logger");
 const authenticator_builder_1 = require("../authenticator-builder");
 const error_code_1 = __importDefault(require("./error-code"));
+const device_descriptor_1 = __importDefault(require("@prove-identity/mobile-auth/build/lib/mobileauth/process/device-descriptor"));
 class MobileInstantStep {
+    executeStartStep(session) {
+        return new Promise((resolve, reject) => {
+            const ip = this.getDeviceIp();
+            session
+                .fetchFromBackend('/v1/client/mobile/instant/start', {
+                cellularIp: ip,
+                implementation: this.implementation,
+            })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
+                }
+                else {
+                    const data = response.data;
+                    if (data === null || data === void 0 ? void 0 : data.redirectUrl) {
+                        resolve(data.redirectUrl);
+                    }
+                    else {
+                        reject(new auth_error_1.default('No redirect URL found in start response', undefined, response.next, true));
+                    }
+                }
+            })
+                .catch(reject);
+        });
+    }
+    executeFinishStep(session, vfpValues) {
+        return new Promise((resolve, reject) => {
+            session
+                .fetchFromBackend('/v1/client/mobile/instant/finish', { vfp: vfpValues })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
+                }
+                else {
+                    resolve(response.next);
+                }
+            })
+                .catch(reject);
+        });
+    }
     constructor(implementation, getDeviceIp) {
         this.name = MobileInstantStep.NAME;
         this.log = logger_1.LoggerFactory.getLogger('mobile-instant-step');
-        this.errorCodeBak = error_code_1.default.ERROR_AUTHENTICATION_CLIENT_FAILURE;
         this.implementation = implementation;
-        if (getDeviceIp) {
-            this.getDeviceIp = getDeviceIp;
-            this.deviceIpDetection = false;
-        }
-        else {
-            this.getDeviceIp = () => null;
-            this.deviceIpDetection = true;
-        }
+        this.getDeviceIp = getDeviceIp !== null && getDeviceIp !== void 0 ? getDeviceIp : (() => null);
     }
     execute(session) {
         return new Promise((resolve, reject) => {
-            let builder = session.platform
-                .getMobileAuthBuilder()
-                .withDeviceIpDetection(this.deviceIpDetection);
+            let builder = session.platform.getMobileAuthBuilder();
             switch (this.implementation) {
                 case authenticator_builder_1.MobileAuthImplementation.Pixel: {
                     builder = builder.withPixelImplementation();
                     break;
                 }
                 case authenticator_builder_1.MobileAuthImplementation.Fetch: {
-                    builder = builder.withFetchImplementation().withFinishStep((input) => {
-                        return new Promise((resolve, reject) => {
-                            session
-                                .fetchFromBackend('/v1/client/mobile/instant/finish', {
-                                vfp: input.vfp,
-                            })
-                                .then(resolve)
-                                .catch(reject);
-                        });
-                    });
+                    builder = builder.withFetchImplementation();
                     break;
                 }
             }
-            builder = builder.withStartStep((input) => {
-                return new Promise((resolve, reject) => {
-                    const ip = this.deviceIpDetection ? input.deviceDescriptor.ip : this.getDeviceIp();
-                    session
-                        .fetchFromBackend('/v1/client/mobile/instant/start', {
-                        cellularIp: ip,
-                        implementation: this.implementation,
-                    })
-                        .then((response) => {
-                        if (response.error) {
-                            this.nextBak = response.next;
-                            this.errorCodeBak = response.error.code;
-                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                        }
-                        else {
-                            const data = response.data;
-                            resolve({
-                                authUrl: data ? data.redirectUrl : undefined,
-                            });
-                        }
-                    })
-                        .catch(reject);
-                });
-            });
+            builder = builder
+                .withStartStep(() => Promise.reject(new auth_error_1.default("StartStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")))
+                .withFinishStep(() => Promise.reject(new auth_error_1.default("FinishStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")));
             const authenticator = builder.build();
-            authenticator
-                .authenticate()
-                .then((response) => {
-                if (response) {
-                    const authResponse = response;
-                    if (authResponse.error) {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                    }
-                    resolve(authResponse.next);
-                }
-                else {
-                    session
-                        .fetchFromBackend('/v1/client/mobile/instant/finish', {})
-                        .then((response) => resolve(response.next))
-                        .catch((error) => {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                    });
-                }
+            const deviceDescriptor = new device_descriptor_1.default(this.getDeviceIp());
+            this.executeStartStep(session)
+                .then((authUrl) => {
+                authenticator
+                    .authenticateWithRedirect(deviceDescriptor, authUrl)
+                    .then((vfp) => {
+                    this.executeFinishStep(session, vfp).then(resolve).catch(reject);
+                })
+                    .catch((error) => {
+                    var _a;
+                    const message = (_a = auth_error_1.default.extractMessage(error)) !== null && _a !== void 0 ? _a : 'Mobile Auth Midlle Step failed at authenticateWithRedirect';
+                    reject(new auth_error_1.default(message, error_code_1.default.ERROR_AUTHENTICATION_CLIENT_FAILURE));
+                });
             })
-                .catch((error) => {
-                reject(new auth_error_1.default(error, this.errorCodeBak, this.nextBak, false));
-            });
+                .catch(reject);
         });
     }
 }

package/build/lib/proveauth/internal/platform.d.ts CHANGED Viewed

@@ -1,10 +1,9 @@
-/// <reference types="webappsec-credential-management" />
 import { AuthenticatorBuilder } from '@prove-identity/mobile-auth';
 import { AuthRequest } from './auth-request';
 import AuthResponse from './auth-response';
 import DeviceAuth, { DeviceRegistration } from './device-auth';
-import { Agent } from '@fingerprintjs/fingerprintjs-pro';
-import { PpbOperation } from '../ppb';
+import DeviceContextOptions from '../device-context-options';
+import { PpbOptions, PpbResult, DataCollector } from './external-integrations';
 export declare const DEVICE_CAPABILITY_WEBAUTHN = "webauthn";
 export interface MessageChannel {
     addEventListener: (type: string, listener: (event: any) => void) => void;
@@ -28,14 +27,11 @@ export interface AuthSessionIntegration {
     getDeviceRegistration: () => Promise<DeviceRegistration | null>;
     fetchFromBackend: (query: string, body: AuthRequest) => Promise<AuthResponse>;
 }
-export interface PpbAuthResult {
-    authIdSuccess?: boolean;
+export interface DocVOptions {
+    documentTypeId: string;
+    accountNumber: string;
 }
-export interface PpbAuthOptions {
-    authIdEndpointUrl?: string;
-    authIdOperation?: PpbOperation;
-    authIdOperationId?: string;
-    authIdOneTimeSecret?: string;
+export interface DocVResult {
 }
 export default interface Platform {
     readonly webauthn: WebAuthN;
@@ -50,10 +46,10 @@ export default interface Platform {
     getMobileAuthBuilder: () => AuthenticatorBuilder<any>;
     exit: (code?: number) => void;
     urlRedirect: (url: string) => void;
-    getFpPromise: () => Promise<Agent> | undefined;
-    setFpPromise: (fpPromise: Promise<Agent>) => void;
     getOrigin: () => string;
-    ppbAuthenticate: (options: PpbAuthOptions) => Promise<PpbAuthResult>;
+    activatePpb: (options: PpbOptions) => Promise<PpbResult>;
+    initDeviceContext: (options: DeviceContextOptions) => void;
+    getDataCollector: () => Promise<DataCollector | undefined>;
 }
 export declare function stringToArrayBuffer(input: string): ArrayBuffer;
 export declare function arrayBufferToString(input: ArrayBuffer): string;

package/build/lib/proveauth/internal/platform.js CHANGED Viewed

@@ -1,20 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getUnixTime = exports.arrayBufferToHexString = exports.arrayBufferToString = exports.stringToArrayBuffer = exports.DEVICE_CAPABILITY_WEBAUTHN = void 0;
+exports.DEVICE_CAPABILITY_WEBAUTHN = void 0;
+exports.stringToArrayBuffer = stringToArrayBuffer;
+exports.arrayBufferToString = arrayBufferToString;
+exports.arrayBufferToHexString = arrayBufferToHexString;
+exports.getUnixTime = getUnixTime;
 exports.DEVICE_CAPABILITY_WEBAUTHN = 'webauthn';
 function stringToArrayBuffer(input) {
-    return new TextEncoder().encode(input);
+    const uint8Array = new TextEncoder().encode(input);
+    return uint8Array.buffer.slice(uint8Array.byteOffset, uint8Array.byteOffset + uint8Array.byteLength);
 }
-exports.stringToArrayBuffer = stringToArrayBuffer;
 function arrayBufferToString(input) {
     return String.fromCharCode.apply(null, Array.from(new Uint8Array(input)));
 }
-exports.arrayBufferToString = arrayBufferToString;
 function arrayBufferToHexString(input) {
     return Array.from(new Uint8Array(input), (x) => ('00' + x.toString(16)).slice(-2)).join('');
 }
-exports.arrayBufferToHexString = arrayBufferToHexString;
 function getUnixTime() {
     return Math.floor(Date.now() / 1000);
 }
-exports.getUnixTime = getUnixTime;

package/build/lib/proveauth/internal/report-error-step.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import AuthSession from './auth-session';
 import AuthStep from './auth-step';
 export default class ReportErrorStep implements AuthStep {
     private static readonly endpointMap;
+    private static readonly DEFAULT_MESSAGE;
     private readonly logger;
     private _message;
     private _code?;

package/build/lib/proveauth/internal/report-error-step.js CHANGED Viewed

@@ -17,10 +17,11 @@ const user_present_step_1 = __importDefault(require("./user-present-step"));
 const device_passive_stepup_step_1 = __importDefault(require("./device-passive-stepup-step"));
 const device_universal_redirect_steps_1 = require("./device-universal-redirect-steps");
 const user_ppb_steps_1 = require("./user-ppb-steps");
+const user_docv_steps_1 = require("./user-docv-steps");
 class ReportErrorStep {
     constructor(error) {
         this.logger = logger_1.LoggerFactory.getLogger('report-error-step');
-        this._message = 'Unknown error';
+        this._message = ReportErrorStep.DEFAULT_MESSAGE;
         this.reportable = true;
         this.name = 'error';
         if (error instanceof auth_error_1.default) {
@@ -44,6 +45,7 @@ class ReportErrorStep {
         return this._message;
     }
     execute(session) {
+        var _a;
         let logMessage = `Authentication step ${session.lastStep} failed`;
         if (this._code) {
             logMessage = logMessage + ', code: ' + this._code;
@@ -58,7 +60,7 @@ class ReportErrorStep {
         const endpoint = session.lastStep
             ? ReportErrorStep.endpointMap.get(session.lastStep)
             : undefined;
-        if (endpoint && (this.reportable || !this.nextStep)) {
+        if (endpoint && this.reportable) {
             return new Promise((resolve, reject) => {
                 session
                     .fetchFromBackend(`/v1/client/${endpoint}/error`, {
@@ -73,7 +75,8 @@ class ReportErrorStep {
             return Promise.resolve(this.nextStep);
         }
         else {
-            return Promise.reject(new auth_error_1.default('Cannot determine the next auth step'));
+            const errorMessage = (_a = this._message) !== null && _a !== void 0 ? _a : ReportErrorStep.DEFAULT_MESSAGE;
+            return Promise.reject(new auth_error_1.default(errorMessage, this._code, undefined, false));
         }
     }
 }
@@ -91,5 +94,7 @@ ReportErrorStep.endpointMap = new Map([
     [user_present_step_1.default.NAME, 'user/mobileactive'],
     [user_ppb_steps_1.UserPpbEnrollStep.NAME, 'user/ppb'],
     [user_ppb_steps_1.UserPpbVerifyStep.NAME, 'user/ppb'],
+    [user_docv_steps_1.UserDocVerifyStep.NAME, 'user/docv'],
 ]);
+ReportErrorStep.DEFAULT_MESSAGE = 'Unexpected error, authentication cannot continue';
 exports.default = ReportErrorStep;

package/build/lib/proveauth/internal/user-docv-steps.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import AuthStep from './auth-step';
+import AuthSession from './auth-session';
+import { DocVFinishStep, DocVStartStep } from '../docv';
+export declare class UserDocVerifyStep implements AuthStep {
+    static readonly NAME = "user/docv";
+    readonly name = "user/docv";
+    private readonly log;
+    private readonly enabled;
+    private readonly startStep;
+    private readonly finishStep;
+    constructor(enabled: boolean, startStep?: DocVStartStep, finishStep?: DocVFinishStep);
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/user-docv-steps.js ADDED Viewed

@@ -0,0 +1,104 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDocVerifyStep = void 0;
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+class UserDocVerifyStep {
+    constructor(enabled, startStep, finishStep) {
+        this.name = UserDocVerifyStep.NAME;
+        this.log = logger_1.LoggerFactory.getLogger('user-docv-verify-step');
+        this.enabled = enabled;
+        this.startStep = startStep;
+        this.finishStep = finishStep;
+    }
+    execute(session) {
+        if (!this.enabled) {
+            return Promise.reject(new auth_error_1.default('Document Verification is not enabled'));
+        }
+        if (!this.startStep) {
+            return Promise.reject(new auth_error_1.default('Document Verification start step is required'));
+        }
+        const callStart = () => new Promise((resolve, reject) => {
+            this.startStep
+                .execute()
+                .then((output) => {
+                session
+                    .fetchFromBackend('/v1/client/user/docv/start', {
+                    requestId: crypto.randomUUID(),
+                    documentType: output.documentType,
+                })
+                    .catch(reject)
+                    .then((response) => {
+                    var _a, _b;
+                    const docvResponse = response;
+                    if (docvResponse.error) {
+                        reject(new auth_error_1.default(docvResponse.error.message, docvResponse.error.code, docvResponse.next, false));
+                    }
+                    const respData = docvResponse.data;
+                    resolve({
+                        documentType: output.documentType,
+                        operationId: (_a = respData.docv) === null || _a === void 0 ? void 0 : _a.operationId,
+                        oneTimeSecret: (_b = respData.docv) === null || _b === void 0 ? void 0 : _b.oneTimeSecret,
+                    });
+                });
+            })
+                .catch(reject);
+        });
+        const callFinish = (error) => {
+            try {
+                if (this.finishStep) {
+                    return this.finishStep.execute(error);
+                }
+                else {
+                    return Promise.resolve();
+                }
+            }
+            catch (e) {
+                this.log.warn('Document Verification finish step has failed:', e);
+                return Promise.reject(e);
+            }
+        };
+        return new Promise((resolve, reject) => {
+            callStart()
+                .then((startResult) => {
+                var _a, _b, _c;
+                this.log.debug('Activating PPB web component');
+                session.platform
+                    .activatePpb({
+                    endpointUrl: (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.usr) === null || _b === void 0 ? void 0 : _b.auths.docv) === null || _c === void 0 ? void 0 : _c.endp,
+                    operationId: startResult.operationId,
+                    oneTimeSecret: startResult.oneTimeSecret,
+                })
+                    .catch((e) => {
+                    this.log.error('PPB web component failed:', e);
+                    callFinish(e).then(() => reject(e));
+                })
+                    .then((result) => {
+                    this.log.info('DocV authentication result', result);
+                    return session.fetchFromBackend('/v1/client/user/docv/finish', {
+                        requestId: crypto.randomUUID(),
+                        operationId: startResult.operationId,
+                    });
+                })
+                    .then((response) => {
+                    var _a, _b;
+                    const docvResponse = response;
+                    if (docvResponse.error) {
+                        const message = (_b = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message) !== null && _b !== void 0 ? _b : 'Document verification failed';
+                        callFinish(new Error(message)).then(() => reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false)));
+                    }
+                    else {
+                        callFinish().then(() => resolve(docvResponse.next));
+                    }
+                })
+                    .catch(reject);
+            })
+                .catch(reject);
+        });
+    }
+}
+exports.UserDocVerifyStep = UserDocVerifyStep;
+UserDocVerifyStep.NAME = 'user/docv';