@prove-identity/prove-auth 2.3.5 → 2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/build/bundle/release/prove-auth.js +1 -0
  2. package/build/lib/proveauth/authenticator-builder.d.ts +2 -0
  3. package/build/lib/proveauth/authenticator-builder.js +11 -1
  4. package/build/lib/proveauth/internal/auth-token-claims.d.ts +5 -0
  5. package/build/lib/proveauth/internal/device-passive-silent-step.d.ts +4 -0
  6. package/build/lib/proveauth/internal/device-passive-silent-step.js +15 -5
  7. package/build/lib/proveauth/internal/device-universal-redirect-steps.d.ts +14 -0
  8. package/build/lib/proveauth/internal/device-universal-redirect-steps.js +55 -0
  9. package/build/lib/proveauth/internal/device-universal-step.d.ts +10 -0
  10. package/build/lib/proveauth/internal/device-universal-step.js +38 -0
  11. package/build/lib/proveauth/internal/platform.d.ts +1 -0
  12. package/build/lib/proveauth/internal/report-error-step.js +3 -0
  13. package/build/lib/proveauth/internal/web-platform.d.ts +1 -1
  14. package/build/lib/proveauth/internal/web-platform.js +3 -0
  15. package/build/lib/proveauth/version.d.ts +1 -1
  16. package/build/lib/proveauth/version.js +1 -1
  17. package/package.json +3 -6
package/build/bundle/release/prove-auth.js ADDED
@@ -0,0 +1 @@
1
+ !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,(()=>(()=>{"use strict";var e={2715:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},8266:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(9843);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const o=i(r(7460));t.AuthenticatorBuilder=o.default;const s=r(6639);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return s.ErrorCode}});const a=r(2400);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(79));t.DeviceDescriptor=c.default;const l=r(2715);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return l.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return l.LogLevel}})},7460:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=s(r(3060)),c=s(r(7834)),l=s(r(7747)),u=s(r(5386)),d=s(r(689)),h=s(r(4670)),f=o(r(9134));function g(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=g(e),this}withFinishStep(e){return this._finishStep=g(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new l.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new f.default,r=new f.PixelFinishStep);const i=this._deviceIpDetection?new u.default:new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},6639:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},6902:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},7747:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(8498)),s=n(r(5112)),a=n(r(5030)),c=r(2715),l=r(6458);t.default=class{constructor(){this.logger=c.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=a.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=s.default.create(t)):(this.logger.info("flow v1 detected"),r=o.default.create(t)),{vfp:yield r.handle()}}))}}},5030:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const o=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,s=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(s,o)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,(function*(){return new Promise((e=>{setTimeout((()=>e(this.testVfp)),this.delay)}))}))}}t.default=i},6458:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const o=r(2715),s=r(6639),a=r(9843),c=n(r(6902));t.toURL=function(e){try{return new l(e)}catch(t){throw new c.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,(function*(){const t=e.status;switch(t){case 404:throw new c.default(s.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(s.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(s.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}}))},t.fetchAuth=function(e,t){var r;const i=o.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},l=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${l} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(s.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const u={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(u["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:l,mode:"cors",headers:u,body:d}).then((e=>(i.debug(`${e.status} ${e.statusText}`),e)))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,o=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),o.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,o.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,o.push(String.fromCharCode(r>>16))}return o.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class l{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex((t=>t.key===e));-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find((t=>t.key===e)))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=l},8498:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=n(r(6902)),a=r(6639),c=r(6458);class l{static create(e){return e.searchParams.set("r","f"),new l(e)}constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,(function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new s.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const o=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${o}`);const s=null!==(t=o.searchParams.get("vfp"))&&void 0!==t?t:o.searchParams.get("token");if(s&&s!==i)return this.logger.debug(`vfp changed to ${s}`),s;n=o}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=l},5112:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(6639),a=n(r(6902)),c=r(6458);class l{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,o,u;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{o=i.vfp}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{u=i.data}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new l(n,o,u,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=o.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,(function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const o=c.Base64.encode(n);return`${this.vfp}___${o}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(s.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}}))}}t.default=l},4670:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(o)return;s();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let o=!1;const s=()=>{this.logger.trace("cleanup global callback"),o=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout((()=>{o||(s(),t(new Error("script loaded, but not executed")))}),1e3)},n.onerror=()=>{this.logger.trace("script load error"),o||(s(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()}))}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},9134:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()}))}))}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},7834:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(2400),a=n(r(4517)),c=r(6639);class l{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class u{constructor(){this.currentStep=s.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStep=t,this.authenticationStep=r,this.finishStep=i,this.timeout=n,this.logger=o.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var o;return i(this,void 0,void 0,(function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${s.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${s.StepCode[t]}`),i}catch(e){const r=null!==(o=e.errorCode)&&void 0!==o?o:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}}))}authenticate(e){return new Promise(((t,r)=>{const i=new u;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeAuth(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}executeAuth(e,t){return i(this,void 0,void 0,(function*(){const r=new l(t);r._deviceDescriptor=(yield this.executeStep(e,s.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,s.StepCode.START,this.startStep,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,s.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,s.StepCode.FINISH,this.finishStep,r);return this.logger.info("result",i),i}))}}},5386:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(6639),s=n(r(79)),a=n(r(6902));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://device.payfone.com:4443/whatismyipaddress"}execute(e){return i(this,void 0,void 0,(function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://device.payfone.com:4443/whatismyipaddress");if(t.ok)return{deviceDescriptor:new s.default(yield t.text())};throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)}))}}},689:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(79));t.default=class{execute(e){var t;return i(this,void 0,void 0,(function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new o.default}}))}}},3060:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},4517:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(6639),n=r(2400);class o extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,o),this.name="AuthProcessError",this.stepCode=e}}t.default=o},79:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},2400:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},9843:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.0.0",t.VERSION_CODE=3e4},3607:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.AuthenticatorBuilder=t.VERSION=void 0;const a=r(6462);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return a.VERSION}});const c=o(r(4817));t.AuthenticatorBuilder=c.default,Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return c.DeviceRole}}),Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return c.MobileAuthImplementation}});const l=r(6267);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return l.AuthResponseStatus}});const u=r(1727);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}});const d=s(r(4610));t.CancelablePromise=d.default;const h=r(3794);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return h.PhoneValidationError}});const f=r(8864);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return f.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return f.OtpFinishResultType}})},4817:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=t.DeviceRole=void 0;const n=r(1092),o=i(r(8370)),s=i(r(6736)),a=i(r(1840)),c=i(r(7625)),l=i(r(3075)),u=i(r(8907)),d=i(r(1703)),h=i(r(6185)),f=i(r(1044)),g=i(r(1474)),p=i(r(9790)),v=r(2207),_=i(r(9568));var m,E;!function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(m=t.DeviceRole||(t.DeviceRole={})),function(e){e.Pixel="pixel",e.Fetch="fetch"}(E=t.MobileAuthImplementation||(t.MobileAuthImplementation={})),t.default=class{constructor(){this.role=m.Primary,this.mobileAuthImplementation=E.Fetch,this.forUPK=!1,this.instantLinkTestMode=!1,"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this}withUPKEnabled(){return this.forUPK=!0,this}build(){return this.role===m.Primary?new _.default(this.platform,this.storage,this.authFinishStep,[new p.default(this.forUPK),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new s.default(this.getDisplayName,this.role),new g.default(this.getDisplayName),new f.default(this.forUPK),new o.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp),new u.default(this.otpStartStep,this.otpFinishStep),new h.default,new d.default(this.authMessageHandler)]):new _.default(this.platform,this.storage,this.authFinishStep,[new s.default(this.getDisplayName,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp)])}}},8607:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){return Uint8Array.from(atob(r.stringToBase64(e)),(e=>e.charCodeAt(0)))}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},4610:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super(((r,i)=>e(r,i,(e=>t=e)))),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},1727:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},3350:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),"[object Object]"===t&&(t=JSON.stringify(e)))}return t}}t.default=r},6267:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,(r=t.AuthResponseStatus||(t.AuthResponseStatus={})).Accept="accept",r.Reject="reject",r.Cancel="cancel",r.Unexpected="unexpected",r.Timeout="timeout",r.Unknown="unknown"},1204:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(6462),s=r(2102),a=i(r(5186));t.default=class{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendUrl(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)||this.backendUrlOverride}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.lastStep=null,this.credential=null,this.authMessage=null,this.uvLevel=null,this.backendUrlOverride=null,this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||s.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",i="application/json",n=JSON.stringify(t),s=e.split("?"),c=s[0],l=s.length>1?s[1]:"",u=new Headers({Accept:i,"Content-Type":i,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&u.set("Authorization","Bearer "+this.authToken),new Promise(((t,o)=>{this.requestSigner.sign(r,c,l,i,n).then((i=>{i&&(u.set("PA-Sig-Version",i.version),u.set("PA-Challenge",i.challenge),u.set("PA-KID",i.keyId),u.set("PA-Signature",i.signature)),this.platform.fetch(this.backendUrl+e,{mode:"cors",method:r,headers:u,body:n}).then((e=>e.json())).then((e=>{e.error&&e.error.code===a.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),t(e)})).catch(o)})).catch(o)}))}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const o=this.backendUrl.replace(/^http/,"ws"),s=this.platform.createMessageChannel(o+e),a=n.LoggerFactory.getLogger("web-message-channel"),c=setInterval((()=>{a.trace("Sending keep-alive message"),s.send("")}),3e4);return s.addEventListener("close",(e=>{c&&clearInterval(c),t(),this.channels.delete(s)})),s.addEventListener("error",(e=>{r("message"in e?e.message:e.toString())})),s.addEventListener("message",(e=>{if("origin"in e&&e.origin!==o)r("Unexpected origin");else{var t=e.data;i(t&&"string"==typeof t?t:e.toString())}})),this.channels.add(s),s}closeAllMessageChannels(){const e=new Set(this.channels);e.forEach((e=>e.close())),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise(((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then((t=>{t&&(this.backendUrlOverride=null==t?void 0:t.endpoint),e(t)})).catch(t)}))}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}},3225:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(1727),o=i(r(3350));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise(((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(()=>{t||i(new o.default("Failed to receive secondary authentication status, no response"))}),(e=>{t=!0,this.log.error("Failed: "+e),i(new o.default("Failed to receive secondary authentication status: "+e))}),(s=>{t=!0;try{this.log.debug("Secondary authentication status: "+s);const t=JSON.parse(s);t.error?i(new o.default(t.error.message,t.error.code,t.next)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{n.close()}}))}))}}},2102:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,(r=t.UserVerificationLevel||(t.UserVerificationLevel={})).Discouraged="none",r.Preferred="pref",r.Required="req"},8370:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350)),a=i(r(5186));class c{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-register-step"),this.name=c.NAME}execute(e){return new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((i=>{i.getAuthRegistration(e.challenge).then((t=>this.finishRegistration(e,[this.getFido2Registration(e),t]))).then((n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then((()=>t(n))).catch(r)})).catch(r)})).catch(r)})).catch(r)}))}finishRegistration(e,t){return new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then((t=>{if(t.error)i(new s.default(t.error.message,t.error.code,t.next));else{const n=t.data;n&&n.deviceId?(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0,r(t.next)):i(new s.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}})).catch(i)}))}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}c.NAME="device/passive/register",t.default=c},1044:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350));class s{constructor(e){this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.name=s.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.verify(e,i).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((t=>this.register(e,t))).then(t).catch(r)})).catch(r)}))}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise(((r,i)=>{t.getAuthRegistration(e.challenge).then((n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n]}).then((n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const s=n.data.deviceId;s||i(new o.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=s,t.deviceId=s,this.log.debug("Device ID: "+s),e.platform.deviceAuth.storeRegistration(t).then((()=>r(n.next))).catch(i)}})).catch(i)}))}))}verify(e,t){return this.log.trace("Verifying"),new Promise(((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then((n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n}).then((e=>{e.error?i(new o.default(e.error.message,e.error.code,e.next,!1)):r(e.next)})).catch(i)}))}else i(new o.default("Failed to initiate verification, DeviceId is missing"))}))}}s.NAME="device/passive/silent",t.default=s},6736:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(1727),o=i(r(8607)),s=i(r(1044)),a=r(2102),c=i(r(3350)),l=r(4817),u=r(3225);class d extends u.AuthStatusActions{constructor(e){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null)}register(e){return this.log.trace("Registering"),new Promise(((t,r)=>{const i=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:i||void 0}).then((n=>{if(n.error)r(new c.default(n.error.message,n.error.code,n.next));else{let s=n.data.credCreateOptions;s.challenge=o.default.bufferDecode(s.challenge),s.user.id=o.default.bufferDecode(s.user.id),i&&(s.user.displayName=i),s.excludeCredentials&&s.excludeCredentials.forEach((e=>{e.id=o.default.bufferDecode(e.id)})),e.platform.webauthn.createCredentials({publicKey:s}).then((i=>{i?(e.credential=i,t(n.next)):r(new c.default("Failed to create FIDO2 credentials"))})).catch(r)}})).catch(r)}))}verify(e){return this.log.trace("Verifying"),new Promise(((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then((i=>{var n;if(i.error)r(new c.default(i.error.message,i.error.code,i.next));else{let s=i.data.credRequestOptions;s.challenge=o.default.bufferDecode(s.challenge),s.allowCredentials&&(null===(n=s.allowCredentials)||void 0===n||n.forEach((e=>{e.id=o.default.bufferDecode(e.id)}))),e.platform.webauthn.getCredentials({publicKey:s}).then((n=>{n?(e.credential=n,t(i.next)):r(new Error("Failed to load FIDO2 credentials"))})).catch(r)}})).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))}))}}t.DevicePassiveActions=d;class h extends d{constructor(e,t){super(e),this.name=h.NAME,this.role=null!=t?t:l.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==l.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(s.default.NAME):this.register(e):Promise.resolve(s.default.NAME)}}h.NAME="device/passive",t.default=h},1474:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(6736);class o extends n.DevicePassiveActions{constructor(e){super(e),this.name=o.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):this.register(e):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}o.NAME="device/passive/stepup",t.default=o},1840:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350));class a{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise(((t,r)=>{const i=e.credential,o=i.response;e.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==i?void 0:i.type,id:null==i?void 0:i.id,rawId:n.default.bufferEncode(null==i?void 0:i.rawId),response:{authenticatorData:n.default.bufferEncode(o.authenticatorData),clientDataJSON:n.default.bufferEncode(o.clientDataJSON),signature:n.default.bufferEncode(o.signature),userHandle:o.userHandle?n.default.bufferEncode(o.userHandle):void 0}}}).then((i=>{if(i.error)r(new s.default(i.error.message,i.error.code,i.next));else{const r=i.data;r&&r.scanMessage?e.authMessage=r.scanMessage:this.log.warn("No data was received in the response"),t(i.next)}})).catch(r)}))}}a.NAME="device/passive/verify",t.default=a},2207:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(3350));class o{constructor(){this.name=""}execute(e){return new Promise(((t,r)=>{var i,o,s;let a=null===(s=null===(o=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===o?void 0:o.auths.unvsl)||void 0===s?void 0:s.ftu;if(void 0!==a&&a){a+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}a+=`&next=${i}`,e.platform.urlRedirect(a),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))}))}}t.DeviceUniversalRedirectBaseStep=o;class s extends o{constructor(){super(...arguments),this.name=s.NAME}}s.NAME="redirect/finish",t.DeviceUniversalRedirectFinishStep=s;class a extends o{constructor(){super(...arguments),this.name=a.NAME}}a.NAME="redirect/exchange",t.DeviceUniversalRedirectExchangeStep=a},9790:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(1044));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,a;if(this.forUPK)t(s.default.NAME);else{let s=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==s&&s?(s+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(s),t("")):r(new o.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}}))}}a.NAME="device/universal",t.default=a},5186:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},9568:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(7370)),o=r(1727),s=i(r(4610)),a=i(r(1204)),c=i(r(3350)),l=i(r(6105)),u=i(r(5186));class d{constructor(e,t,r,i){if(this.steps=new Map,!e)throw new Error("Implementation of Platform is required");if(!t)throw new Error("Implementation of Storage is required");if(this.log=o.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=new n.default(t),i)for(let e of i)this.steps.set(e.name,e)}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default(((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const o=new a.default(this.settings,this.platform,e);var n=this.process(o);i((()=>n.cancel())),n.then((()=>{var e;if(o.lastStep!==d.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:o.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()})).then(t).catch(r)}catch(e){r(e)}}))}unregisterDevice(){return this.isDeviceRegistered()?new Promise(((e,t)=>{this.unregister("/v1/client/device/unregister").then((()=>{this.resetDeviceSettings(),e()})).catch(t)})):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise(((e,t)=>{this.unregister("/v1/client/stepup/unregister").then((()=>{this.settings.fidoPasskeyRegistered=!1,e()})).catch(t)})):Promise.resolve()}unregister(e){return new Promise(((t,r)=>{try{new a.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then((e=>{e.error?r(new c.default(e.error.message,e.error.code,e.next)):t()})).catch(r)}catch(e){r(e)}}))}process(e){return new s.default(((t,r,i)=>{i((()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()})),this.nextStep(e,e.next,1).then(t).catch(r)}))}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise(((i,n)=>{[d.AUTH_DONE,d.AUTH_EMPTY].includes(t)?i():r>d.MAX_ATTEMPTS?n(new c.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch((t=>new l.default(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch(n)))}))}getNextStep(e){return this.steps.get(e)||new l.default("Unknown authentication step: "+e)}}d.AUTH_DONE="done",d.AUTH_EMPTY="",d.MAX_ATTEMPTS=50,t.default=d},7625:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727),s=r(4817),a=i(r(5186));class c{constructor(e,t){this.name=c.NAME,this.log=o.LoggerFactory.getLogger("mobile-instant-step"),this.errorCodeBak=a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE,this.implementation=e,t?(this.getDeviceIp=t,this.deviceIpDetection=!1):(this.getDeviceIp=()=>null,this.deviceIpDetection=!0)}execute(e){return new Promise(((t,r)=>{let i=e.platform.getMobileAuthBuilder().withDeviceIpDetection(this.deviceIpDetection);switch(this.implementation){case s.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case s.MobileAuthImplementation.Fetch:i=i.withFetchImplementation().withFinishStep((t=>new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t.vfp}).then(r).catch(i)}))))}i=i.withStartStep((t=>new Promise(((r,i)=>{const o=this.deviceIpDetection?t.deviceDescriptor.ip:this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:o,implementation:this.implementation}).then((e=>{var t;e.error?(this.nextBak=e.next,this.errorCodeBak=e.error.code,i(new n.default(e.error.message,e.error.code,e.next,!1))):r({authUrl:null===(t=e.data)||void 0===t?void 0:t.redirectUrl})})).catch(i)})))),i.build().authenticate().then((i=>{if(i){const e=i;e.error&&r(new n.default(i.error.message,i.error.code,i.next,!1)),t(e.next)}else e.fetchFromBackend("/v1/client/mobile/instant/finish",{}).then((e=>t(e.next))).catch((e=>{r(new n.default(i.error.message,i.error.code,i.next,!1))}))})).catch((e=>{r(new n.default(e,this.errorCodeBak,this.nextBak,!1))}))}))}}c.NAME="mobile/instant",t.default=c},3075:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(3794),s=i(r(3350)),a=r(3225);class c extends a.AuthStatusActions{constructor(e,t){super(),this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.getDeviceIp=null!=t?t:()=>null}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,o,s,a,c,l=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===o?void 0:o.mnp)&&(l=!1);var u=!1;(null===(c=null===(a=null===(s=e.claims)||void 0===s?void 0:s.auth.subs.mob)||void 0===a?void 0:a.auths.inln)||void 0===c?void 0:c.tme)&&(u=!0),this.runStartStep(e,l).then((i=>{this.runFinishStep(e,u).then((()=>this.waitForStatus(e))).then((e=>t(e))).catch(r)})).catch(r)}))}runStartStep(e,t,r){return new Promise(((i,n)=>{this.startStep?this.startStep.execute(t,r).then((r=>{e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then((r=>{var a,c,l;const u=r;if(u.error)n(new s.default(u.error.message,u.error.code,r.next,!1));else if(u.data){var d="";(null===(a=u.data)||void 0===a?void 0:a.code)&&(d+=`Error Code: ${u.data.code}, `),(null===(c=u.data)||void 0===c?void 0:c.message)?d+=`${u.data.message}`:d+="Error validating phone number";let r=new o.PhoneValidationError(d,null===(l=u.data)||void 0===l?void 0:l.code);this.log.error(`Server reports invalid phone number: ${d}`),this.runStartStep(e,t,r).then(i).catch(n)}else i(u.next)})).catch(n)})).catch(n):n(new Error("InstantLink start step must be specified"))}))}runFinishStep(e,t){return new Promise(((r,i)=>{t?(this.log.info("Simulating user clicking the instant link"),setTimeout((()=>{e.platform.fetch(e.backendUrl+"/v1/client/mobile/instantlink/finish?token="+encodeURIComponent(e.authToken)+"&vfp=test-vfp",{mode:"cors",method:"GET"}).then((e=>r())).catch(i)}),100)):r()}))}}c.NAME="mobile/instantlink",t.default=c},8907:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=r(8864),a=r(3794);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise(((t,r)=>{var i,n,o;if(this.otpStartStep)if(this.otpFinishStep){var s=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===o?void 0:o.mnp)&&(s=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,s).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))}))}runOtpStartStep(e,t,r,i,n){return new Promise(((s,c)=>{t.execute(i,n).then((n=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating phone number";let o=new a.PhoneValidationError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${u}`),this.runOtpStartStep(e,t,r,i,o).then(s).catch(c)}else this.runOtpFinishStep(e,t,r,i).then(s).catch(c)})).catch(c)})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to start OTP flow: ${t}`))}))}))}runOtpFinishStep(e,t,r,i,n){return new Promise(((a,c)=>{r.execute(n).then((n=>{var l;let u=n;switch(u.resultType){case s.OtpFinishResultType.OnResendOtp:this.runOtpStartStep(e,t,r,i).then(a).catch(c);break;case s.OtpFinishResultType.OnSuccess:let n=u.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating OTP";let o=new s.OtpError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${u}`),this.runOtpFinishStep(e,t,r,i,o).then(a).catch(c)}else a(n.next)})).catch(c)}})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to obtain OTP for verification: ${t}}`))}))}))}}c.NAME="mobile/otp",t.default=c},3794:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=o},8566:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.getUnixTime=t.arrayBufferToHexString=t.arrayBufferToString=t.stringToArrayBuffer=t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.DEVICE_CAPABILITY_WEBAUTHN="webauthn",t.stringToArrayBuffer=function(e){return(new TextEncoder).encode(e)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),(e=>("00"+e.toString(16)).slice(-2))).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)}},6105:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(9568)),a=i(r(8370)),c=i(r(1044)),l=i(r(6736)),u=i(r(1840)),d=i(r(7625)),h=i(r(3075)),f=i(r(8907)),g=i(r(4704)),p=r(2207);class v{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message="Unknown error",this.reportable=!0,this.name="error",e instanceof o.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=o.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){let t=`Authentication step ${e.lastStep} failed`;return this._code&&(t=t+", code: "+this._code),this._message&&(t=t+", message: "+this._message),this.logger.error(t),this.nextStep===s.default.AUTH_DONE?Promise.resolve(s.default.AUTH_DONE):!this.nextStep||this.reportable?new Promise(((t,r)=>{const i=this.getKind(e.lastStep);e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then((e=>{t(e.next)})).catch(r)})):Promise.resolve(this.nextStep)}getKind(e){return e&&v.errorKinds.get(e)||"device/passive"}}v.errorKinds=new Map([[l.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[u.default.NAME,"device/fido2"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[f.default.NAME,"mobile/otp"],[g.default.NAME,"user/mobileactive"],[p.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[p.DeviceUniversalRedirectFinishStep.NAME,"device/universal"]]),t.default=v},1770:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(8566),o=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise(((s,a)=>{this.session.getDeviceRegistration().then((c=>c&&c.deviceId?o.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then((n=>{const o=n[0],l=n[1],u=e+"\n"+t+"\n"+r+"\n"+i+"\n"+o+"\n"+l;c.sign(u).then((e=>s({version:"3",challenge:o,signature:e,keyId:c.keyId}))).catch(a)})).catch(a):(this.log.debug("No signing needed for "+t),void s(null)):(this.log.debug("Device not registered, cannot sign"),void s(null)))).catch(a)}))}getChallenge(e){return new Promise(((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then((e=>e)).then((e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))})).catch(r)}))}getHash(e){return new Promise(((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then((e=>t((0,n.arrayBufferToHexString)(e)))).catch(r)}))}}},1703:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727);class s{constructor(e){this.log=o.LoggerFactory.getLogger("scan-message-step"),this.name=s.NAME,this.authMessageHandler=e}execute(e){return new Promise(((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then((i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then((e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next)):t(e.next)}))})).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))}))}}s.NAME="scan/message",t.default=s},7370:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",t.default=n},6185:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/mobileactive",t.default=o},4704:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/present",t.default=o},4781:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(1727),o=i(r(3350)),s=r(8566);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,s.getUnixTime)())}sign(e){return new Promise(((t,r)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,s.stringToArrayBuffer)(e)).then((e=>t(btoa((0,s.arrayBufferToString)(this.p1363ToDer(e)))))).catch(r)})).catch(r)}))}getPublicKey(){return new Promise(((e,t)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then((t=>{const r=btoa((0,s.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")})).catch(t)})).catch(t)}))}getAuthRegistration(e){return new Promise(((t,r)=>{this.sign(e).then((e=>{this.getPublicKey().then((r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})})).catch(r)})).catch(r)}))}initialize(){return new Promise(((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then((t=>{this.keys=t,e()})).catch(t)}))}p1363ToDer(e){const t=(0,s.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,o=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+o.length)/2).toString(16).padStart(2,"0")}${n}${o}`.match(/[\da-f]{2}/gi);return a?new Uint8Array(a.map((e=>parseInt(e,16)))):new Uint8Array}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),(e=>e.toString(16))).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise(((t,r)=>{t(new a(e))}))}getRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const o=i.result,s=o.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>o.close();const l=s.objectStore(c.DB_STORE).get(e);l.onsuccess=()=>{l.result?t(new a(l.result)):t(null)},l.onerror=e=>{r(new Error("Failed to access registration"))}}}))}storeRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const s=i.result,a=s.transaction([c.DB_STORE],"readwrite");a.oncomplete=()=>s.close();const l=a.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=l.put(e);u.onsuccess=()=>{this.log.trace("Registration saved")},u.onerror=e=>{r(new o.default("Failed to store registration"))},t()}}))}deleteRegistration(e){return new Promise(((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{var o=i.result,s=o.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>o.close(),!o.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var a=s.objectStore(c.DB_STORE).delete(e);a.onsuccess=()=>{t()},a.onerror=e=>{r(new Error("Failed to delete registration"))}}}))}reset(){return new Promise(((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database: "+t),e()}}))}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=t=>{const r=e.result;this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},1092:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const n=r(8266),o=r(8566),s=i(r(1770)),a=i(r(4781));class c{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=c,t.WebPlatform=class{constructor(){this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new a.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new c(e)}createRequestSigner(e){return new s.default(e)}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new n.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}}},8864:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}var s;t.OtpError=o,(s=t.OtpFinishResultType||(t.OtpFinishResultType={}))[s.OnSuccess=0]="OnSuccess",s[s.OnResendOtp=1]="OnResendOtp"},6462:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="2.4.5",t.API_CONTRACT_VERSION="2.7.0",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var o=t[i]={exports:{}};return e[i].call(o.exports,o,o.exports,r),o.exports}(3607)})()));
package/build/lib/proveauth/authenticator-builder.d.ts CHANGED
@@ -26,6 +26,7 @@ export default class AuthenticatorBuilder {
26
26
  private otpStartStep?;
27
27
  private otpFinishStep?;
28
28
  private instantLinkStartStep?;
29
+ private forUPK;
29
30
  private instantLinkTestMode;
30
31
  constructor();
31
32
  withAuthFinishStep(step: AuthFinishStep | AuthFinishStepFn): AuthenticatorBuilder;
@@ -38,5 +39,6 @@ export default class AuthenticatorBuilder {
38
39
  withDeviceIpAddress(deviceIp: string | (() => string | null) | null): AuthenticatorBuilder;
39
40
  withOtpFallback(startStep: OtpStartStep | OtpStartStepFn, finishStep: OtpFinishStep | OtpFinishStepFn): AuthenticatorBuilder;
40
41
  withInstantLinkFallback(startStep: InstantLinkStartStep | InstantLinkStartStepFn): AuthenticatorBuilder;
42
+ withUPKEnabled(): this;
41
43
  build(): Authenticator;
42
44
  }
package/build/lib/proveauth/authenticator-builder.js CHANGED
@@ -15,6 +15,8 @@ const scan_message_step_1 = __importDefault(require("./internal/scan-message-ste
15
15
  const user_mobileactive_step_1 = __importDefault(require("./internal/user-mobileactive-step"));
16
16
  const device_passive_silent_step_1 = __importDefault(require("./internal/device-passive-silent-step"));
17
17
  const device_passive_stepup_step_1 = __importDefault(require("./internal/device-passive-stepup-step"));
18
+ const device_universal_step_1 = __importDefault(require("./internal/device-universal-step"));
19
+ const device_universal_redirect_steps_1 = require("./internal/device-universal-redirect-steps");
18
20
  const main_authenticator_1 = __importDefault(require("./internal/main-authenticator"));
19
21
  var DeviceRole;
20
22
  (function (DeviceRole) {
@@ -30,6 +32,7 @@ class AuthenticatorBuilder {
30
32
  constructor() {
31
33
  this.role = DeviceRole.Primary;
32
34
  this.mobileAuthImplementation = MobileAuthImplementation.Fetch;
35
+ this.forUPK = false;
33
36
  this.instantLinkTestMode = false;
34
37
  if (typeof window !== 'undefined') {
35
38
  this.storage = window.localStorage;
@@ -99,12 +102,19 @@ class AuthenticatorBuilder {
99
102
  }
100
103
  return this;
101
104
  }
105
+ withUPKEnabled() {
106
+ this.forUPK = true;
107
+ return this;
108
+ }
102
109
  build() {
103
110
  if (this.role === DeviceRole.Primary) {
104
111
  return new main_authenticator_1.default(this.platform, this.storage, this.authFinishStep, [
112
+ new device_universal_step_1.default(this.forUPK),
113
+ new device_universal_redirect_steps_1.DeviceUniversalRedirectExchangeStep(),
114
+ new device_universal_redirect_steps_1.DeviceUniversalRedirectFinishStep(),
105
115
  new device_passive_step_1.default(this.getDisplayName, this.role),
106
116
  new device_passive_stepup_step_1.default(this.getDisplayName),
107
- new device_passive_silent_step_1.default(),
117
+ new device_passive_silent_step_1.default(this.forUPK),
108
118
  new device_passive_register_step_1.default(),
109
119
  new device_passive_verify_step_1.default(),
110
120
  new mobile_instant_step_1.default(this.mobileAuthImplementation, this.getDeviceIp),
package/build/lib/proveauth/internal/auth-token-claims.d.ts CHANGED
@@ -16,11 +16,16 @@ export interface InstantLinkAuthenticator {
16
16
  export interface OtpAuthenticator {
17
17
  mnp: boolean;
18
18
  }
19
+ export interface UniversalAuthenticator {
20
+ endp: string;
21
+ ftu: string;
22
+ }
19
23
  export interface Authenticators {
20
24
  pasv?: PassiveAuthenticator;
21
25
  inst?: InstantAuthenticator;
22
26
  inln?: InstantLinkAuthenticator;
23
27
  otp?: OtpAuthenticator;
28
+ unvsl?: UniversalAuthenticator;
24
29
  }
25
30
  export interface DeviceAuthSubjectClaim {
26
31
  auths: Authenticators;
package/build/lib/proveauth/internal/device-passive-silent-step.d.ts CHANGED
@@ -4,7 +4,11 @@ export default class DevicePassiveSilentStep implements AuthStep {
4
4
  static readonly NAME = "device/passive/silent";
5
5
  private readonly log;
6
6
  readonly name = "device/passive/silent";
7
+ private forUPK;
8
+ constructor(forUPK: boolean);
7
9
  execute(session: AuthSession): Promise<string>;
10
+ private getBackendRegisterEndpoint;
11
+ private getBackendVerifyEndpoint;
8
12
  private register;
9
13
  private verify;
10
14
  }
package/build/lib/proveauth/internal/device-passive-silent-step.js CHANGED
@@ -6,9 +6,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
6
6
  const logger_1 = require("../common/logger");
7
7
  const auth_error_1 = __importDefault(require("./auth-error"));
8
8
  class DevicePassiveSilentStep {
9
- constructor() {
9
+ constructor(forUPK) {
10
10
  this.log = logger_1.LoggerFactory.getLogger('device-passive-silent-step');
11
11
  this.name = DevicePassiveSilentStep.NAME;
12
+ this.forUPK = false;
13
+ this.forUPK = forUPK;
12
14
  }
13
15
  execute(session) {
14
16
  this.log.trace('Executing');
@@ -33,19 +35,27 @@ class DevicePassiveSilentStep {
33
35
  .catch(reject);
34
36
  });
35
37
  }
38
+ getBackendRegisterEndpoint() {
39
+ return this.forUPK
40
+ ? '/v1/client/device/universal/register'
41
+ : '/v1/client/device/passive/register';
42
+ }
43
+ getBackendVerifyEndpoint() {
44
+ return this.forUPK ? '/v1/client/device/universal/verify' : '/v1/client/device/passive/verify';
45
+ }
36
46
  register(session, registration) {
37
47
  this.log.trace('Registering');
38
48
  return new Promise((resolve, reject) => {
39
49
  registration.getAuthRegistration(session.challenge).then((authRegistration) => {
40
50
  session
41
- .fetchFromBackend('/v1/client/device/passive/register', {
51
+ .fetchFromBackend(this.getBackendRegisterEndpoint(), {
42
52
  deviceName: session.platform.getPlatformName(),
43
53
  deviceCapabilities: session.platform.getDeviceCapabilities(),
44
54
  registrations: [authRegistration],
45
55
  })
46
56
  .then((response) => {
47
57
  if (response.error) {
48
- reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
58
+ reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
49
59
  }
50
60
  else {
51
61
  const deviceId = response.data.deviceId;
@@ -72,14 +82,14 @@ class DevicePassiveSilentStep {
72
82
  const challenge = registration.deviceId + ':' + session.challenge;
73
83
  registration.sign(challenge).then((signature) => {
74
84
  session
75
- .fetchFromBackend('/v1/client/device/passive/verify', {
85
+ .fetchFromBackend(this.getBackendVerifyEndpoint(), {
76
86
  deviceId: registration.deviceId,
77
87
  keyId: registration.keyId,
78
88
  signature: signature,
79
89
  })
80
90
  .then((response) => {
81
91
  if (response.error) {
82
- reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
92
+ reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
83
93
  }
84
94
  else {
85
95
  resolve(response.next);
package/build/lib/proveauth/internal/device-universal-redirect-steps.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ import AuthStep from './auth-step';
2
+ import AuthSession from './auth-session';
3
+ export declare class DeviceUniversalRedirectBaseStep implements AuthStep {
4
+ name: string;
5
+ execute(session: AuthSession): Promise<string>;
6
+ }
7
+ export declare class DeviceUniversalRedirectFinishStep extends DeviceUniversalRedirectBaseStep {
8
+ static readonly NAME = "redirect/finish";
9
+ readonly name = "redirect/finish";
10
+ }
11
+ export declare class DeviceUniversalRedirectExchangeStep extends DeviceUniversalRedirectBaseStep {
12
+ static readonly NAME = "redirect/exchange";
13
+ readonly name = "redirect/exchange";
14
+ }
package/build/lib/proveauth/internal/device-universal-redirect-steps.js ADDED
@@ -0,0 +1,55 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.DeviceUniversalRedirectExchangeStep = exports.DeviceUniversalRedirectFinishStep = exports.DeviceUniversalRedirectBaseStep = void 0;
7
+ const auth_error_1 = __importDefault(require("./auth-error"));
8
+ class DeviceUniversalRedirectBaseStep {
9
+ constructor() {
10
+ this.name = '';
11
+ }
12
+ execute(session) {
13
+ return new Promise((resolve, reject) => {
14
+ var _a, _b, _c;
15
+ let redirectUrl = (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.dev) === null || _b === void 0 ? void 0 : _b.auths.unvsl) === null || _c === void 0 ? void 0 : _c.ftu;
16
+ if (typeof redirectUrl != 'undefined' && redirectUrl) {
17
+ redirectUrl += `?authId=${session.authId}`;
18
+ let upkNext = '';
19
+ if (this.name === 'redirect/exchange') {
20
+ upkNext = 'authexchange';
21
+ }
22
+ else if (this.name === 'redirect/finish') {
23
+ upkNext = 'authfinish';
24
+ }
25
+ else {
26
+ reject(new auth_error_1.default(`Unknown UPK Step: ${this.name}`, 0, session.next, true));
27
+ return;
28
+ }
29
+ redirectUrl += `&next=${upkNext}`;
30
+ session.platform.urlRedirect(redirectUrl);
31
+ resolve('');
32
+ }
33
+ else {
34
+ reject(new auth_error_1.default('AuthToken claims do not contain final target URL', 0, session.next, true));
35
+ }
36
+ });
37
+ }
38
+ }
39
+ exports.DeviceUniversalRedirectBaseStep = DeviceUniversalRedirectBaseStep;
40
+ class DeviceUniversalRedirectFinishStep extends DeviceUniversalRedirectBaseStep {
41
+ constructor() {
42
+ super(...arguments);
43
+ this.name = DeviceUniversalRedirectFinishStep.NAME;
44
+ }
45
+ }
46
+ DeviceUniversalRedirectFinishStep.NAME = 'redirect/finish';
47
+ exports.DeviceUniversalRedirectFinishStep = DeviceUniversalRedirectFinishStep;
48
+ class DeviceUniversalRedirectExchangeStep extends DeviceUniversalRedirectBaseStep {
49
+ constructor() {
50
+ super(...arguments);
51
+ this.name = DeviceUniversalRedirectExchangeStep.NAME;
52
+ }
53
+ }
54
+ DeviceUniversalRedirectExchangeStep.NAME = 'redirect/exchange';
55
+ exports.DeviceUniversalRedirectExchangeStep = DeviceUniversalRedirectExchangeStep;
package/build/lib/proveauth/internal/device-universal-step.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import AuthStep from './auth-step';
2
+ import AuthSession from './auth-session';
3
+ export default class DeviceUniversalStep implements AuthStep {
4
+ static readonly NAME = "device/universal";
5
+ private readonly log;
6
+ readonly name = "device/universal";
7
+ private forUPK;
8
+ constructor(forUPK: boolean);
9
+ execute(session: AuthSession): Promise<string>;
10
+ }
package/build/lib/proveauth/internal/device-universal-step.js ADDED
@@ -0,0 +1,38 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ const logger_1 = require("../common/logger");
7
+ const auth_error_1 = __importDefault(require("./auth-error"));
8
+ const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
9
+ class DeviceUniversalStep {
10
+ constructor(forUPK) {
11
+ this.log = logger_1.LoggerFactory.getLogger('device-universal-step');
12
+ this.name = DeviceUniversalStep.NAME;
13
+ this.forUPK = false;
14
+ this.forUPK = forUPK;
15
+ }
16
+ execute(session) {
17
+ this.log.trace('Executing');
18
+ return new Promise((resolve, reject) => {
19
+ var _a, _b, _c;
20
+ if (this.forUPK) {
21
+ resolve(device_passive_silent_step_1.default.NAME);
22
+ }
23
+ else {
24
+ let redirectUrl = (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.dev) === null || _b === void 0 ? void 0 : _b.auths.unvsl) === null || _c === void 0 ? void 0 : _c.endp;
25
+ if (typeof redirectUrl != 'undefined' && redirectUrl) {
26
+ redirectUrl += `?authId=${session.authId}&authtoken=${session.authToken}`;
27
+ session.platform.urlRedirect(redirectUrl);
28
+ resolve('');
29
+ }
30
+ else {
31
+ reject(new auth_error_1.default('AuthToken claims do not contain universal redirect URL', 0, session.next, true));
32
+ }
33
+ }
34
+ });
35
+ }
36
+ }
37
+ DeviceUniversalStep.NAME = 'device/universal';
38
+ exports.default = DeviceUniversalStep;
package/build/lib/proveauth/internal/platform.d.ts CHANGED
@@ -38,6 +38,7 @@ export default interface Platform {
38
38
  getDeviceCapabilities: () => string[];
39
39
  getMobileAuthBuilder: () => AuthenticatorBuilder<any>;
40
40
  exit: (code?: number) => void;
41
+ urlRedirect: (url: string) => void;
41
42
  }
42
43
  export declare function stringToArrayBuffer(input: string): ArrayBuffer;
43
44
  export declare function arrayBufferToString(input: ArrayBuffer): string;
package/build/lib/proveauth/internal/report-error-step.js CHANGED
@@ -14,6 +14,7 @@ const mobile_instant_step_1 = __importDefault(require("./mobile-instant-step"));
14
14
  const mobile_instantlink_step_1 = __importDefault(require("./mobile-instantlink-step"));
15
15
  const mobile_otp_step_1 = __importDefault(require("./mobile-otp-step"));
16
16
  const user_present_step_1 = __importDefault(require("./user-present-step"));
17
+ const device_universal_redirect_steps_1 = require("./device-universal-redirect-steps");
17
18
  class ReportErrorStep {
18
19
  constructor(error) {
19
20
  this.logger = logger_1.LoggerFactory.getLogger('report-error-step');
@@ -84,5 +85,7 @@ ReportErrorStep.errorKinds = new Map([
84
85
  [mobile_instantlink_step_1.default.NAME, 'mobile/instantlink'],
85
86
  [mobile_otp_step_1.default.NAME, 'mobile/otp'],
86
87
  [user_present_step_1.default.NAME, 'user/mobileactive'],
88
+ [device_universal_redirect_steps_1.DeviceUniversalRedirectExchangeStep.NAME, 'device/universal'],
89
+ [device_universal_redirect_steps_1.DeviceUniversalRedirectFinishStep.NAME, 'device/universal'],
87
90
  ]);
88
91
  exports.default = ReportErrorStep;
package/build/lib/proveauth/internal/web-platform.d.ts CHANGED
@@ -1,4 +1,3 @@
1
- /// <reference types="webappsec-credential-management" />
2
1
  import { AuthenticatorBuilder } from '@prove-identity/mobile-auth';
3
2
  import Platform, { AuthSessionIntegration, MessageChannel, RequestSigner } from './platform';
4
3
  import WebDeviceAuth from './web-device-auth';
@@ -27,4 +26,5 @@ export declare class WebPlatform implements Platform {
27
26
  getDeviceCapabilities(): string[];
28
27
  getMobileAuthBuilder(): AuthenticatorBuilder<any>;
29
28
  exit(code?: number): void;
29
+ urlRedirect(url: string): void;
30
30
  }
package/build/lib/proveauth/internal/web-platform.js CHANGED
@@ -156,5 +156,8 @@ class WebPlatform {
156
156
  }
157
157
  exit(code) {
158
158
  }
159
+ urlRedirect(url) {
160
+ window.location.replace(url);
161
+ }
159
162
  }
160
163
  exports.WebPlatform = WebPlatform;
package/build/lib/proveauth/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- export declare const VERSION = "2.3.5";
1
+ export declare const VERSION = "2.4.5";
2
2
  export declare const API_CONTRACT_VERSION = "2.7.0";
3
3
  export declare const USER_AGENT_VERSIONS: string;
package/build/lib/proveauth/version.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.USER_AGENT_VERSIONS = exports.API_CONTRACT_VERSION = exports.VERSION = void 0;
4
- exports.VERSION = '2.3.5';
4
+ exports.VERSION = '2.4.5';
5
5
  exports.API_CONTRACT_VERSION = '2.7.0';
6
6
  exports.USER_AGENT_VERSIONS = `ProveAuth/${exports.VERSION} Contract/${exports.API_CONTRACT_VERSION} WEB/1`;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@prove-identity/prove-auth",
3
- "version": "2.3.5",
3
+ "version": "2.4.5",
4
4
  "description": "Prove Auth SDK for Web",
5
5
  "main": "build/lib/index.js",
6
6
  "files": [
@@ -11,7 +11,8 @@
11
11
  "build/lib/index.d.ts",
12
12
  "build/lib/proveauth/**/*.js",
13
13
  "build/lib/proveauth/**/*.js.map",
14
- "build/lib/proveauth/**/*.d.ts"
14
+ "build/lib/proveauth/**/*.d.ts",
15
+ "build/bundle/release/*.js"
15
16
  ],
16
17
  "types": "build/lib/index.d.ts",
17
18
  "scripts": {
@@ -32,10 +33,6 @@
32
33
  "lint-staged": {
33
34
  "**/*": "prettier --check --ignore-unknown"
34
35
  },
35
- "repository": {
36
- "type": "git",
37
- "url": "https://github.com/prove-identity/prove-auth-client-web-sdk.git"
38
- },
39
36
  "author": "Prove Identity, Inc.",
40
37
  "license": "CC BY-NC-ND 4.0",
41
38
  "homepage": "https://www.prove.com/solutions/auth",