@prove-identity/prove-auth 2.3.2

package/build/lib/proveauth/internal/auth-token-claims.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserVerificationLevel = void 0;
+var UserVerificationLevel;
+(function (UserVerificationLevel) {
+    UserVerificationLevel["Discouraged"] = "none";
+    UserVerificationLevel["Preferred"] = "pref";
+    UserVerificationLevel["Required"] = "req";
+})(UserVerificationLevel = exports.UserVerificationLevel || (exports.UserVerificationLevel = {}));

package/build/lib/proveauth/internal/base-authenticator.d.ts

@@ -0,0 +1,28 @@
+import AuthFinishStep from '../auth-finish-step';
+import Authenticator from '../authenticator';
+import Settings from './settings';
+import { Logger } from '../common/logger';
+import Platform from './platform';
+import CancelablePromise from '../common/cancelable-promise';
+import AuthSession from './auth-session';
+export default abstract class BaseAuthenticator implements Authenticator {
+    static readonly AUTH_DONE = "done";
+    static readonly AUTH_EMPTY = "";
+    static readonly MAX_ATTEMPTS = 50;
+    protected log: Logger;
+    protected readonly platform: Platform;
+    protected readonly settings: Settings;
+    protected readonly authFinishStep?: AuthFinishStep;
+    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep);
+    isPasskeyRegistered(): boolean;
+    isFidoSupported(): boolean;
+    isDeviceRegistered(): boolean;
+    isMobileWeb(): boolean;
+    getDeviceId(): string | null;
+    resetDeviceSettings(): void;
+    authenticate(authToken: string): CancelablePromise<void>;
+    unregisterDevice(): Promise<void>;
+    unregisterPasskey(): Promise<void>;
+    private unregister;
+    abstract process(session: AuthSession): CancelablePromise<void>;
+}

package/build/lib/proveauth/internal/base-authenticator.js

@@ -0,0 +1,129 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const settings_1 = __importDefault(require("./settings"));
+const logger_1 = require("../common/logger");
+const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
+const auth_session_1 = __importDefault(require("./auth-session"));
+const auth_error_1 = __importDefault(require("./auth-error"));
+class BaseAuthenticator {
+    constructor(platform, storage, finishStep) {
+        if (!platform) {
+            throw new Error('Implementation of Platform is required');
+        }
+        if (!storage) {
+            throw new Error('Implementation of Storage is required');
+        }
+        this.log = logger_1.LoggerFactory.getLogger('base-authenticator');
+        this.platform = platform;
+        this.authFinishStep = finishStep;
+        this.settings = new settings_1.default(storage);
+    }
+    isPasskeyRegistered() {
+        return this.settings.fidoPasskeyRegistered;
+    }
+    isFidoSupported() {
+        return this.platform.isFidoSupported();
+    }
+    isDeviceRegistered() {
+        return this.settings.deviceId !== null;
+    }
+    isMobileWeb() {
+        const userAgent = this.platform.getUserAgent();
+        return (userAgent !== null && /Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(userAgent));
+    }
+    getDeviceId() {
+        return this.settings.deviceId;
+    }
+    resetDeviceSettings() {
+        this.settings.reset();
+        this.platform.deviceAuth.reset();
+    }
+    authenticate(authToken) {
+        return new cancelable_promise_1.default((resolve, reject, onCancel) => {
+            if (!authToken) {
+                reject(new Error('No authentication token provided'));
+            }
+            if (!this.authFinishStep) {
+                reject(new Error('AuthFinish step must be specified'));
+            }
+            try {
+                const session = new auth_session_1.default(this.settings, this.platform, authToken);
+                var processing = this.process(session);
+                onCancel(() => processing.cancel());
+                processing
+                    .then(() => {
+                    var _a;
+                    if (session.lastStep !== BaseAuthenticator.AUTH_EMPTY) {
+                        this.log.info('Authentication flow has been completed.');
+                        return (_a = this.authFinishStep) === null || _a === void 0 ? void 0 : _a.execute({ authId: session.authId });
+                    }
+                    else {
+                        this.log.info('Next step is not provided, authentication flow is terminated without completion.');
+                        resolve();
+                    }
+                })
+                    .then(resolve)
+                    .catch(reject);
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    }
+    unregisterDevice() {
+        if (!this.isDeviceRegistered()) {
+            return Promise.resolve();
+        }
+        return new Promise((resolve, reject) => {
+            this.unregister('/v1/client/device/unregister')
+                .then(() => {
+                this.resetDeviceSettings();
+                resolve();
+            })
+                .catch(reject);
+        });
+    }
+    unregisterPasskey() {
+        if (!this.settings.fidoPasskeyRegistered) {
+            return Promise.resolve();
+        }
+        return new Promise((resolve, reject) => {
+            this.unregister('/v1/client/stepup/unregister')
+                .then(() => {
+                this.settings.fidoPasskeyRegistered = false;
+                resolve();
+            })
+                .catch(reject);
+        });
+    }
+    unregister(endpointPath) {
+        return new Promise((resolve, reject) => {
+            try {
+                let session = new auth_session_1.default(this.settings, this.platform);
+                session
+                    .fetchFromBackend(endpointPath, {
+                    deviceId: this.getDeviceId(),
+                })
+                    .then((response) => {
+                    if (response.error) {
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    }
+                    else {
+                        resolve();
+                    }
+                })
+                    .catch(reject);
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    }
+}
+BaseAuthenticator.AUTH_DONE = 'done';
+BaseAuthenticator.AUTH_EMPTY = '';
+BaseAuthenticator.MAX_ATTEMPTS = 50;
+exports.default = BaseAuthenticator;

package/build/lib/proveauth/internal/device-auth.d.ts

@@ -0,0 +1,22 @@
+import { AuthRegistration } from './auth-request';
+export interface DeviceRegistrationOptions {
+    namespace: string;
+    endpoint: string;
+}
+export interface DeviceRegistration {
+    readonly namespace: string;
+    readonly keyId: string;
+    readonly algorithm: string;
+    readonly endpoint: string;
+    deviceId: string | null;
+    sign: (data: string) => Promise<string>;
+    getPublicKey: () => Promise<string>;
+    getAuthRegistration: (challenge: string) => Promise<AuthRegistration>;
+}
+export default interface DeviceAuth {
+    createRegistration: (options: DeviceRegistrationOptions) => Promise<DeviceRegistration>;
+    getRegistration: (namespace: string) => Promise<DeviceRegistration | null>;
+    storeRegistration: (registration: DeviceRegistration) => Promise<void>;
+    deleteRegistration: (namespace: string) => Promise<void>;
+    reset: () => Promise<void>;
+}

package/build/lib/proveauth/internal/device-auth.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/build/lib/proveauth/internal/device-passive-register-step.d.ts

@@ -0,0 +1,10 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class DevicePassiveRegisterStep implements AuthStep {
+    static readonly NAME = "device/passive/register";
+    private readonly log;
+    readonly name = "device/passive/register";
+    execute(session: AuthSession): Promise<string>;
+    private finishRegistration;
+    private getFido2Registration;
+}

package/build/lib/proveauth/internal/device-passive-register-step.js

@@ -0,0 +1,97 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const base64_1 = __importDefault(require("../common/base64"));
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+const error_code_1 = __importDefault(require("./error-code"));
+class DevicePassiveRegisterStep {
+    constructor() {
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-register-step');
+        this.name = DevicePassiveRegisterStep.NAME;
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            session
+                .getDeviceRegistration()
+                .then((devRegistration) => {
+                if (devRegistration) {
+                    this.finishRegistration(session, [this.getFido2Registration(session)])
+                        .then(resolve)
+                        .catch(reject);
+                }
+                else {
+                    session.platform.deviceAuth
+                        .createRegistration({
+                        namespace: session.namespace,
+                        endpoint: session.backendUrl,
+                    })
+                        .then((devRegistration) => {
+                        devRegistration
+                            .getAuthRegistration(session.challenge)
+                            .then((authRegistration) => this.finishRegistration(session, [
+                            this.getFido2Registration(session),
+                            authRegistration,
+                        ]))
+                            .then((next) => {
+                            devRegistration.deviceId = session.settings.deviceId;
+                            session.platform.deviceAuth
+                                .storeRegistration(devRegistration)
+                                .then(() => resolve(next))
+                                .catch(reject);
+                        })
+                            .catch(reject);
+                    })
+                        .catch(reject);
+                }
+            })
+                .catch(reject);
+        });
+    }
+    finishRegistration(session, registrations) {
+        return new Promise((resolve, reject) => {
+            session
+                .fetchFromBackend('/v1/client/device/fido2/register/finish', {
+                deviceName: session.platform.getPlatformName(),
+                deviceCapabilities: session.platform.getDeviceCapabilities(),
+                registrations: registrations,
+            })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                }
+                else {
+                    const data = response.data;
+                    if (data && data.deviceId) {
+                        session.settings.deviceId = data.deviceId;
+                        session.settings.fidoPasskeyRegistered = true;
+                        resolve(response.next);
+                    }
+                    else {
+                        reject(new auth_error_1.default('Failed to register device, returned deviceId is null or empty', error_code_1.default.ERROR_AUTHENTICATION_FAILURE, response.next, false));
+                    }
+                }
+            })
+                .catch(reject);
+        });
+    }
+    getFido2Registration(session) {
+        const credential = session.credential;
+        const attestation = credential.response;
+        return {
+            webAuthnCredential: {
+                type: credential === null || credential === void 0 ? void 0 : credential.type,
+                id: credential === null || credential === void 0 ? void 0 : credential.id,
+                rawId: base64_1.default.bufferEncode(credential === null || credential === void 0 ? void 0 : credential.rawId),
+                response: {
+                    attestationObject: base64_1.default.bufferEncode(attestation.attestationObject),
+                    clientDataJSON: base64_1.default.bufferEncode(attestation.clientDataJSON),
+                },
+            },
+        };
+    }
+}
+DevicePassiveRegisterStep.NAME = 'device/passive/register';
+exports.default = DevicePassiveRegisterStep;

package/build/lib/proveauth/internal/device-passive-silent-step.d.ts

@@ -0,0 +1,10 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class DevicePassiveSilentStep implements AuthStep {
+    static readonly NAME = "device/passive/silent";
+    private readonly log;
+    readonly name = "device/passive/silent";
+    execute(session: AuthSession): Promise<string>;
+    private register;
+    private verify;
+}

package/build/lib/proveauth/internal/device-passive-silent-step.js

@@ -0,0 +1,98 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+class DevicePassiveSilentStep {
+    constructor() {
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-silent-step');
+        this.name = DevicePassiveSilentStep.NAME;
+    }
+    execute(session) {
+        this.log.trace('Executing');
+        return new Promise((resolve, reject) => {
+            session
+                .getDeviceRegistration()
+                .then((registration) => {
+                if (registration) {
+                    this.verify(session, registration).then(resolve).catch(reject);
+                }
+                else {
+                    session.platform.deviceAuth
+                        .createRegistration({
+                        namespace: session.namespace,
+                        endpoint: session.backendUrl,
+                    })
+                        .then((registration) => this.register(session, registration))
+                        .then(resolve)
+                        .catch(reject);
+                }
+            })
+                .catch(reject);
+        });
+    }
+    register(session, registration) {
+        this.log.trace('Registering');
+        return new Promise((resolve, reject) => {
+            registration.getAuthRegistration(session.challenge).then((authRegistration) => {
+                session
+                    .fetchFromBackend('/v1/client/device/passive/register', {
+                    deviceName: session.platform.getPlatformName(),
+                    deviceCapabilities: session.platform.getDeviceCapabilities(),
+                    registrations: [authRegistration],
+                })
+                    .then((response) => {
+                    if (response.error) {
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    }
+                    else {
+                        const deviceId = response.data.deviceId;
+                        if (!deviceId) {
+                            reject(new auth_error_1.default('Failed to register device, returned deviceId is null or empty', 0, response.next));
+                        }
+                        session.settings.deviceId = deviceId;
+                        registration.deviceId = deviceId;
+                        this.log.debug('Device ID: ' + deviceId);
+                        session.platform.deviceAuth
+                            .storeRegistration(registration)
+                            .then(() => resolve(response.next))
+                            .catch(reject);
+                    }
+                })
+                    .catch(reject);
+            });
+        });
+    }
+    verify(session, registration) {
+        this.log.trace('Verifying');
+        return new Promise((resolve, reject) => {
+            if (registration.deviceId) {
+                const challenge = registration.deviceId + ':' + session.challenge;
+                registration.sign(challenge).then((signature) => {
+                    session
+                        .fetchFromBackend('/v1/client/device/passive/verify', {
+                        deviceId: registration.deviceId,
+                        keyId: registration.keyId,
+                        signature: signature,
+                    })
+                        .then((response) => {
+                        if (response.error) {
+                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        }
+                        else {
+                            resolve(response.next);
+                        }
+                    })
+                        .catch(reject);
+                });
+            }
+            else {
+                reject(new auth_error_1.default('Failed to initiate verification, DeviceId is missing'));
+            }
+        });
+    }
+}
+DevicePassiveSilentStep.NAME = 'device/passive/silent';
+exports.default = DevicePassiveSilentStep;

package/build/lib/proveauth/internal/device-passive-step.d.ts

@@ -0,0 +1,17 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+import { DeviceRole } from '../authenticator-builder';
+export declare class DevicePassiveActions {
+    protected log: import("../common/logger").Logger;
+    private readonly getDisplayName;
+    protected constructor(getDisplayName?: () => string | null);
+    protected register(session: AuthSession): Promise<string>;
+    protected verify(session: AuthSession): Promise<string>;
+}
+export default class DevicePassiveStep extends DevicePassiveActions implements AuthStep {
+    static readonly NAME = "device/passive";
+    readonly name = "device/passive";
+    private readonly role;
+    constructor(getDisplayName?: () => string | null, role?: DeviceRole);
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/device-passive-step.js

@@ -0,0 +1,133 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DevicePassiveActions = void 0;
+const logger_1 = require("../common/logger");
+const base64_1 = __importDefault(require("../common/base64"));
+const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
+const auth_token_claims_1 = require("./auth-token-claims");
+const auth_error_1 = __importDefault(require("./auth-error"));
+const authenticator_builder_1 = require("../authenticator-builder");
+const base_authenticator_1 = __importDefault(require("./base-authenticator"));
+class DevicePassiveActions {
+    constructor(getDisplayName) {
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-actions');
+        this.getDisplayName = getDisplayName ? getDisplayName : () => null;
+    }
+    register(session) {
+        this.log.trace('Registering');
+        return new Promise((resolve, reject) => {
+            const displayName = this.getDisplayName();
+            session
+                .fetchFromBackend('/v1/client/device/fido2/register/start', {
+                displayName: displayName ? displayName : undefined,
+            })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                }
+                else {
+                    let options = response.data.credCreateOptions;
+                    options.challenge = base64_1.default.bufferDecode(options.challenge);
+                    options.user.id = base64_1.default.bufferDecode(options.user.id);
+                    if (displayName) {
+                        options.user.displayName = displayName;
+                    }
+                    if (options.excludeCredentials) {
+                        options.excludeCredentials.forEach((i) => {
+                            i.id = base64_1.default.bufferDecode(i.id);
+                        });
+                    }
+                    session.platform.webauthn
+                        .createCredentials({
+                        publicKey: options,
+                    })
+                        .then((credential) => {
+                        if (!credential) {
+                            reject(new auth_error_1.default('Failed to create FIDO2 credentials'));
+                        }
+                        else {
+                            session.credential = credential;
+                            resolve(response.next);
+                        }
+                    })
+                        .catch(reject);
+                }
+            })
+                .catch(reject);
+        });
+    }
+    verify(session) {
+        this.log.trace('Verifying');
+        return new Promise((resolve, reject) => {
+            if (session.settings.deviceId) {
+                session
+                    .fetchFromBackend('/v1/client/device/fido2/verify/start', {
+                    deviceId: session.settings.deviceId,
+                })
+                    .then((response) => {
+                    var _a;
+                    if (response.error) {
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    }
+                    else {
+                        let options = response.data.credRequestOptions;
+                        options.challenge = base64_1.default.bufferDecode(options.challenge);
+                        if (options.allowCredentials) {
+                            (_a = options.allowCredentials) === null || _a === void 0 ? void 0 : _a.forEach((i) => {
+                                i.id = base64_1.default.bufferDecode(i.id);
+                            });
+                        }
+                        session.platform.webauthn
+                            .getCredentials({
+                            publicKey: options,
+                        })
+                            .then((credential) => {
+                            if (!credential) {
+                                reject(new Error('Failed to load FIDO2 credentials'));
+                            }
+                            else {
+                                session.credential = credential;
+                                resolve(response.next);
+                            }
+                        })
+                            .catch(reject);
+                    }
+                })
+                    .catch(reject);
+            }
+            else {
+                reject(new auth_error_1.default('Failed to start verification, DeviceId is missing'));
+            }
+        });
+    }
+}
+exports.DevicePassiveActions = DevicePassiveActions;
+class DevicePassiveStep extends DevicePassiveActions {
+    constructor(getDisplayName, role) {
+        super(getDisplayName);
+        this.name = DevicePassiveStep.NAME;
+        this.role = role !== null && role !== void 0 ? role : authenticator_builder_1.DeviceRole.Primary;
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-step');
+    }
+    execute(session) {
+        if (this.role == authenticator_builder_1.DeviceRole.Secondary) {
+            return Promise.resolve(base_authenticator_1.default.AUTH_DONE);
+        }
+        if (!session.platform.isFidoSupported() ||
+            session.uvLevel === auth_token_claims_1.UserVerificationLevel.Discouraged) {
+            return Promise.resolve(device_passive_silent_step_1.default.NAME);
+        }
+        if (session.settings.deviceId) {
+            if (session.settings.fidoPasskeyRegistered) {
+                return this.verify(session);
+            }
+            return Promise.resolve(device_passive_silent_step_1.default.NAME);
+        }
+        return this.register(session);
+    }
+}
+DevicePassiveStep.NAME = 'device/passive';
+exports.default = DevicePassiveStep;

package/build/lib/proveauth/internal/device-passive-stepup-step.d.ts

@@ -0,0 +1,9 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+import { DevicePassiveActions } from './device-passive-step';
+export default class DevicePassiveStepupStep extends DevicePassiveActions implements AuthStep {
+    static readonly NAME = "device/passive/stepup";
+    readonly name = "device/passive/stepup";
+    constructor(getDisplayName?: () => string | null);
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/device-passive-stepup-step.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const device_passive_step_1 = require("./device-passive-step");
+class DevicePassiveStepupStep extends device_passive_step_1.DevicePassiveActions {
+    constructor(getDisplayName) {
+        super(getDisplayName);
+        this.name = DevicePassiveStepupStep.NAME;
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-stepup-step');
+    }
+    execute(session) {
+        if (!session.platform.isFidoSupported()) {
+            return Promise.reject(new Error('FIDO2 is not supported'));
+        }
+        if (!session.settings.deviceId) {
+            return Promise.reject(new Error('Device is not registered'));
+        }
+        if (session.settings.fidoPasskeyRegistered) {
+            return Promise.reject(new Error('FIDO2 Passkey is already registered'));
+        }
+        return this.register(session);
+    }
+}
+DevicePassiveStepupStep.NAME = 'device/passive/stepup';
+exports.default = DevicePassiveStepupStep;

package/build/lib/proveauth/internal/device-passive-verify-step.d.ts

@@ -0,0 +1,8 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class DevicePassiveVerifyStep implements AuthStep {
+    static readonly NAME = "device/passive/verify";
+    private readonly log;
+    readonly name = "device/passive/verify";
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/device-passive-verify-step.js

@@ -0,0 +1,54 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const base64_1 = __importDefault(require("../common/base64"));
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+class DevicePassiveVerifyStep {
+    constructor() {
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-verify-step');
+        this.name = DevicePassiveVerifyStep.NAME;
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            const credential = session.credential;
+            const assertion = credential.response;
+            session
+                .fetchFromBackend('/v1/client/device/fido2/verify/finish', {
+                webAuthnAssertion: {
+                    type: credential === null || credential === void 0 ? void 0 : credential.type,
+                    id: credential === null || credential === void 0 ? void 0 : credential.id,
+                    rawId: base64_1.default.bufferEncode(credential === null || credential === void 0 ? void 0 : credential.rawId),
+                    response: {
+                        authenticatorData: base64_1.default.bufferEncode(assertion.authenticatorData),
+                        clientDataJSON: base64_1.default.bufferEncode(assertion.clientDataJSON),
+                        signature: base64_1.default.bufferEncode(assertion.signature),
+                        userHandle: assertion.userHandle
+                            ? base64_1.default.bufferEncode(assertion.userHandle)
+                            : undefined,
+                    },
+                },
+            })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                }
+                else {
+                    const data = response.data;
+                    if (data && data.scanMessage) {
+                        session.authMessage = data.scanMessage;
+                    }
+                    else {
+                        this.log.warn('No data was received in the response');
+                    }
+                    resolve(response.next);
+                }
+            })
+                .catch(reject);
+        });
+    }
+}
+DevicePassiveVerifyStep.NAME = 'device/passive/verify';
+exports.default = DevicePassiveVerifyStep;