npm - @prove-identity/prove-auth - Versions diffs - 2.4.4 → 2.4.5 - Mend

@prove-identity/prove-auth 2.4.4 → 2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/build/bundle/release/prove-auth.js ADDED Viewed

@@ -0,0 +1 @@

+ !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,(()=>(()=>{"use strict";var e={2715:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},8266:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(9843);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const o=i(r(7460));t.AuthenticatorBuilder=o.default;const s=r(6639);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return s.ErrorCode}});const a=r(2400);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(79));t.DeviceDescriptor=c.default;const l=r(2715);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return l.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return l.LogLevel}})},7460:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=s(r(3060)),c=s(r(7834)),l=s(r(7747)),u=s(r(5386)),d=s(r(689)),h=s(r(4670)),f=o(r(9134));function g(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=g(e),this}withFinishStep(e){return this._finishStep=g(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new l.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new f.default,r=new f.PixelFinishStep);const i=this._deviceIpDetection?new u.default:new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},6639:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},6902:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},7747:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(8498)),s=n(r(5112)),a=n(r(5030)),c=r(2715),l=r(6458);t.default=class{constructor(){this.logger=c.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=a.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=s.default.create(t)):(this.logger.info("flow v1 detected"),r=o.default.create(t)),{vfp:yield r.handle()}}))}}},5030:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const o=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,s=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(s,o)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,(function*(){return new Promise((e=>{setTimeout((()=>e(this.testVfp)),this.delay)}))}))}}t.default=i},6458:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const o=r(2715),s=r(6639),a=r(9843),c=n(r(6902));t.toURL=function(e){try{return new l(e)}catch(t){throw new c.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,(function*(){const t=e.status;switch(t){case 404:throw new c.default(s.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(s.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(s.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}}))},t.fetchAuth=function(e,t){var r;const i=o.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},l=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${l} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(s.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const u={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(u["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:l,mode:"cors",headers:u,body:d}).then((e=>(i.debug(`${e.status} ${e.statusText}`),e)))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,o=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),o.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,o.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,o.push(String.fromCharCode(r>>16))}return o.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class l{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex((t=>t.key===e));-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find((t=>t.key===e)))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=l},8498:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=n(r(6902)),a=r(6639),c=r(6458);class l{static create(e){return e.searchParams.set("r","f"),new l(e)}constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,(function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new s.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const o=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${o}`);const s=null!==(t=o.searchParams.get("vfp"))&&void 0!==t?t:o.searchParams.get("token");if(s&&s!==i)return this.logger.debug(`vfp changed to ${s}`),s;n=o}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=l},5112:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(6639),a=n(r(6902)),c=r(6458);class l{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,o,u;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{o=i.vfp}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{u=i.data}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new l(n,o,u,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=o.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,(function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const o=c.Base64.encode(n);return`${this.vfp}___${o}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(s.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}}))}}t.default=l},4670:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(o)return;s();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let o=!1;const s=()=>{this.logger.trace("cleanup global callback"),o=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout((()=>{o||(s(),t(new Error("script loaded, but not executed")))}),1e3)},n.onerror=()=>{this.logger.trace("script load error"),o||(s(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()}))}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},9134:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()}))}))}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},7834:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(2400),a=n(r(4517)),c=r(6639);class l{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class u{constructor(){this.currentStep=s.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStep=t,this.authenticationStep=r,this.finishStep=i,this.timeout=n,this.logger=o.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var o;return i(this,void 0,void 0,(function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${s.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${s.StepCode[t]}`),i}catch(e){const r=null!==(o=e.errorCode)&&void 0!==o?o:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}}))}authenticate(e){return new Promise(((t,r)=>{const i=new u;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeAuth(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}executeAuth(e,t){return i(this,void 0,void 0,(function*(){const r=new l(t);r._deviceDescriptor=(yield this.executeStep(e,s.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,s.StepCode.START,this.startStep,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,s.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,s.StepCode.FINISH,this.finishStep,r);return this.logger.info("result",i),i}))}}},5386:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(6639),s=n(r(79)),a=n(r(6902));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://device.payfone.com:4443/whatismyipaddress"}execute(e){return i(this,void 0,void 0,(function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://device.payfone.com:4443/whatismyipaddress");if(t.ok)return{deviceDescriptor:new s.default(yield t.text())};throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)}))}}},689:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(79));t.default=class{execute(e){var t;return i(this,void 0,void 0,(function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new o.default}}))}}},3060:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},4517:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(6639),n=r(2400);class o extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,o),this.name="AuthProcessError",this.stepCode=e}}t.default=o},79:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},2400:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},9843:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.0.0",t.VERSION_CODE=3e4},3607:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.AuthenticatorBuilder=t.VERSION=void 0;const a=r(6462);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return a.VERSION}});const c=o(r(4817));t.AuthenticatorBuilder=c.default,Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return c.DeviceRole}}),Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return c.MobileAuthImplementation}});const l=r(6267);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return l.AuthResponseStatus}});const u=r(1727);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}});const d=s(r(4610));t.CancelablePromise=d.default;const h=r(3794);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return h.PhoneValidationError}});const f=r(8864);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return f.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return f.OtpFinishResultType}})},4817:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=t.DeviceRole=void 0;const n=r(1092),o=i(r(8370)),s=i(r(6736)),a=i(r(1840)),c=i(r(7625)),l=i(r(3075)),u=i(r(8907)),d=i(r(1703)),h=i(r(6185)),f=i(r(1044)),g=i(r(1474)),p=i(r(9790)),v=r(2207),_=i(r(9568));var m,E;!function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(m=t.DeviceRole||(t.DeviceRole={})),function(e){e.Pixel="pixel",e.Fetch="fetch"}(E=t.MobileAuthImplementation||(t.MobileAuthImplementation={})),t.default=class{constructor(){this.role=m.Primary,this.mobileAuthImplementation=E.Fetch,this.forUPK=!1,this.instantLinkTestMode=!1,"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this}withUPKEnabled(){return this.forUPK=!0,this}build(){return this.role===m.Primary?new _.default(this.platform,this.storage,this.authFinishStep,[new p.default(this.forUPK),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new s.default(this.getDisplayName,this.role),new g.default(this.getDisplayName),new f.default(this.forUPK),new o.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp),new u.default(this.otpStartStep,this.otpFinishStep),new h.default,new d.default(this.authMessageHandler)]):new _.default(this.platform,this.storage,this.authFinishStep,[new s.default(this.getDisplayName,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp)])}}},8607:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){return Uint8Array.from(atob(r.stringToBase64(e)),(e=>e.charCodeAt(0)))}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},4610:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super(((r,i)=>e(r,i,(e=>t=e)))),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},1727:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},3350:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),"[object Object]"===t&&(t=JSON.stringify(e)))}return t}}t.default=r},6267:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,(r=t.AuthResponseStatus||(t.AuthResponseStatus={})).Accept="accept",r.Reject="reject",r.Cancel="cancel",r.Unexpected="unexpected",r.Timeout="timeout",r.Unknown="unknown"},1204:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(6462),s=r(2102),a=i(r(5186));t.default=class{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendUrl(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)||this.backendUrlOverride}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.lastStep=null,this.credential=null,this.authMessage=null,this.uvLevel=null,this.backendUrlOverride=null,this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||s.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",i="application/json",n=JSON.stringify(t),s=e.split("?"),c=s[0],l=s.length>1?s[1]:"",u=new Headers({Accept:i,"Content-Type":i,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&u.set("Authorization","Bearer "+this.authToken),new Promise(((t,o)=>{this.requestSigner.sign(r,c,l,i,n).then((i=>{i&&(u.set("PA-Sig-Version",i.version),u.set("PA-Challenge",i.challenge),u.set("PA-KID",i.keyId),u.set("PA-Signature",i.signature)),this.platform.fetch(this.backendUrl+e,{mode:"cors",method:r,headers:u,body:n}).then((e=>e.json())).then((e=>{e.error&&e.error.code===a.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),t(e)})).catch(o)})).catch(o)}))}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const o=this.backendUrl.replace(/^http/,"ws"),s=this.platform.createMessageChannel(o+e),a=n.LoggerFactory.getLogger("web-message-channel"),c=setInterval((()=>{a.trace("Sending keep-alive message"),s.send("")}),3e4);return s.addEventListener("close",(e=>{c&&clearInterval(c),t(),this.channels.delete(s)})),s.addEventListener("error",(e=>{r("message"in e?e.message:e.toString())})),s.addEventListener("message",(e=>{if("origin"in e&&e.origin!==o)r("Unexpected origin");else{var t=e.data;i(t&&"string"==typeof t?t:e.toString())}})),this.channels.add(s),s}closeAllMessageChannels(){const e=new Set(this.channels);e.forEach((e=>e.close())),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise(((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then((t=>{t&&(this.backendUrlOverride=null==t?void 0:t.endpoint),e(t)})).catch(t)}))}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}},3225:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(1727),o=i(r(3350));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise(((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(()=>{t||i(new o.default("Failed to receive secondary authentication status, no response"))}),(e=>{t=!0,this.log.error("Failed: "+e),i(new o.default("Failed to receive secondary authentication status: "+e))}),(s=>{t=!0;try{this.log.debug("Secondary authentication status: "+s);const t=JSON.parse(s);t.error?i(new o.default(t.error.message,t.error.code,t.next)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{n.close()}}))}))}}},2102:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,(r=t.UserVerificationLevel||(t.UserVerificationLevel={})).Discouraged="none",r.Preferred="pref",r.Required="req"},8370:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350)),a=i(r(5186));class c{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-register-step"),this.name=c.NAME}execute(e){return new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((i=>{i.getAuthRegistration(e.challenge).then((t=>this.finishRegistration(e,[this.getFido2Registration(e),t]))).then((n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then((()=>t(n))).catch(r)})).catch(r)})).catch(r)})).catch(r)}))}finishRegistration(e,t){return new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then((t=>{if(t.error)i(new s.default(t.error.message,t.error.code,t.next));else{const n=t.data;n&&n.deviceId?(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0,r(t.next)):i(new s.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}})).catch(i)}))}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}c.NAME="device/passive/register",t.default=c},1044:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350));class s{constructor(e){this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.name=s.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.verify(e,i).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((t=>this.register(e,t))).then(t).catch(r)})).catch(r)}))}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise(((r,i)=>{t.getAuthRegistration(e.challenge).then((n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n]}).then((n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const s=n.data.deviceId;s||i(new o.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=s,t.deviceId=s,this.log.debug("Device ID: "+s),e.platform.deviceAuth.storeRegistration(t).then((()=>r(n.next))).catch(i)}})).catch(i)}))}))}verify(e,t){return this.log.trace("Verifying"),new Promise(((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then((n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n}).then((e=>{e.error?i(new o.default(e.error.message,e.error.code,e.next,!1)):r(e.next)})).catch(i)}))}else i(new o.default("Failed to initiate verification, DeviceId is missing"))}))}}s.NAME="device/passive/silent",t.default=s},6736:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(1727),o=i(r(8607)),s=i(r(1044)),a=r(2102),c=i(r(3350)),l=r(4817),u=r(3225);class d extends u.AuthStatusActions{constructor(e){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null)}register(e){return this.log.trace("Registering"),new Promise(((t,r)=>{const i=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:i||void 0}).then((n=>{if(n.error)r(new c.default(n.error.message,n.error.code,n.next));else{let s=n.data.credCreateOptions;s.challenge=o.default.bufferDecode(s.challenge),s.user.id=o.default.bufferDecode(s.user.id),i&&(s.user.displayName=i),s.excludeCredentials&&s.excludeCredentials.forEach((e=>{e.id=o.default.bufferDecode(e.id)})),e.platform.webauthn.createCredentials({publicKey:s}).then((i=>{i?(e.credential=i,t(n.next)):r(new c.default("Failed to create FIDO2 credentials"))})).catch(r)}})).catch(r)}))}verify(e){return this.log.trace("Verifying"),new Promise(((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then((i=>{var n;if(i.error)r(new c.default(i.error.message,i.error.code,i.next));else{let s=i.data.credRequestOptions;s.challenge=o.default.bufferDecode(s.challenge),s.allowCredentials&&(null===(n=s.allowCredentials)||void 0===n||n.forEach((e=>{e.id=o.default.bufferDecode(e.id)}))),e.platform.webauthn.getCredentials({publicKey:s}).then((n=>{n?(e.credential=n,t(i.next)):r(new Error("Failed to load FIDO2 credentials"))})).catch(r)}})).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))}))}}t.DevicePassiveActions=d;class h extends d{constructor(e,t){super(e),this.name=h.NAME,this.role=null!=t?t:l.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==l.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(s.default.NAME):this.register(e):Promise.resolve(s.default.NAME)}}h.NAME="device/passive",t.default=h},1474:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(6736);class o extends n.DevicePassiveActions{constructor(e){super(e),this.name=o.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):this.register(e):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}o.NAME="device/passive/stepup",t.default=o},1840:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350));class a{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise(((t,r)=>{const i=e.credential,o=i.response;e.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==i?void 0:i.type,id:null==i?void 0:i.id,rawId:n.default.bufferEncode(null==i?void 0:i.rawId),response:{authenticatorData:n.default.bufferEncode(o.authenticatorData),clientDataJSON:n.default.bufferEncode(o.clientDataJSON),signature:n.default.bufferEncode(o.signature),userHandle:o.userHandle?n.default.bufferEncode(o.userHandle):void 0}}}).then((i=>{if(i.error)r(new s.default(i.error.message,i.error.code,i.next));else{const r=i.data;r&&r.scanMessage?e.authMessage=r.scanMessage:this.log.warn("No data was received in the response"),t(i.next)}})).catch(r)}))}}a.NAME="device/passive/verify",t.default=a},2207:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(3350));class o{constructor(){this.name=""}execute(e){return new Promise(((t,r)=>{var i,o,s;let a=null===(s=null===(o=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===o?void 0:o.auths.unvsl)||void 0===s?void 0:s.ftu;if(void 0!==a&&a){a+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}a+=`&next=${i}`,e.platform.urlRedirect(a),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))}))}}t.DeviceUniversalRedirectBaseStep=o;class s extends o{constructor(){super(...arguments),this.name=s.NAME}}s.NAME="redirect/finish",t.DeviceUniversalRedirectFinishStep=s;class a extends o{constructor(){super(...arguments),this.name=a.NAME}}a.NAME="redirect/exchange",t.DeviceUniversalRedirectExchangeStep=a},9790:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(1044));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,a;if(this.forUPK)t(s.default.NAME);else{let s=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==s&&s?(s+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(s),t("")):r(new o.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}}))}}a.NAME="device/universal",t.default=a},5186:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},9568:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(7370)),o=r(1727),s=i(r(4610)),a=i(r(1204)),c=i(r(3350)),l=i(r(6105)),u=i(r(5186));class d{constructor(e,t,r,i){if(this.steps=new Map,!e)throw new Error("Implementation of Platform is required");if(!t)throw new Error("Implementation of Storage is required");if(this.log=o.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=new n.default(t),i)for(let e of i)this.steps.set(e.name,e)}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default(((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const o=new a.default(this.settings,this.platform,e);var n=this.process(o);i((()=>n.cancel())),n.then((()=>{var e;if(o.lastStep!==d.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:o.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()})).then(t).catch(r)}catch(e){r(e)}}))}unregisterDevice(){return this.isDeviceRegistered()?new Promise(((e,t)=>{this.unregister("/v1/client/device/unregister").then((()=>{this.resetDeviceSettings(),e()})).catch(t)})):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise(((e,t)=>{this.unregister("/v1/client/stepup/unregister").then((()=>{this.settings.fidoPasskeyRegistered=!1,e()})).catch(t)})):Promise.resolve()}unregister(e){return new Promise(((t,r)=>{try{new a.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then((e=>{e.error?r(new c.default(e.error.message,e.error.code,e.next)):t()})).catch(r)}catch(e){r(e)}}))}process(e){return new s.default(((t,r,i)=>{i((()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()})),this.nextStep(e,e.next,1).then(t).catch(r)}))}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise(((i,n)=>{[d.AUTH_DONE,d.AUTH_EMPTY].includes(t)?i():r>d.MAX_ATTEMPTS?n(new c.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch((t=>new l.default(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch(n)))}))}getNextStep(e){return this.steps.get(e)||new l.default("Unknown authentication step: "+e)}}d.AUTH_DONE="done",d.AUTH_EMPTY="",d.MAX_ATTEMPTS=50,t.default=d},7625:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727),s=r(4817),a=i(r(5186));class c{constructor(e,t){this.name=c.NAME,this.log=o.LoggerFactory.getLogger("mobile-instant-step"),this.errorCodeBak=a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE,this.implementation=e,t?(this.getDeviceIp=t,this.deviceIpDetection=!1):(this.getDeviceIp=()=>null,this.deviceIpDetection=!0)}execute(e){return new Promise(((t,r)=>{let i=e.platform.getMobileAuthBuilder().withDeviceIpDetection(this.deviceIpDetection);switch(this.implementation){case s.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case s.MobileAuthImplementation.Fetch:i=i.withFetchImplementation().withFinishStep((t=>new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t.vfp}).then(r).catch(i)}))))}i=i.withStartStep((t=>new Promise(((r,i)=>{const o=this.deviceIpDetection?t.deviceDescriptor.ip:this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:o,implementation:this.implementation}).then((e=>{var t;e.error?(this.nextBak=e.next,this.errorCodeBak=e.error.code,i(new n.default(e.error.message,e.error.code,e.next,!1))):r({authUrl:null===(t=e.data)||void 0===t?void 0:t.redirectUrl})})).catch(i)})))),i.build().authenticate().then((i=>{if(i){const e=i;e.error&&r(new n.default(i.error.message,i.error.code,i.next,!1)),t(e.next)}else e.fetchFromBackend("/v1/client/mobile/instant/finish",{}).then((e=>t(e.next))).catch((e=>{r(new n.default(i.error.message,i.error.code,i.next,!1))}))})).catch((e=>{r(new n.default(e,this.errorCodeBak,this.nextBak,!1))}))}))}}c.NAME="mobile/instant",t.default=c},3075:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(3794),s=i(r(3350)),a=r(3225);class c extends a.AuthStatusActions{constructor(e,t){super(),this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.getDeviceIp=null!=t?t:()=>null}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,o,s,a,c,l=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===o?void 0:o.mnp)&&(l=!1);var u=!1;(null===(c=null===(a=null===(s=e.claims)||void 0===s?void 0:s.auth.subs.mob)||void 0===a?void 0:a.auths.inln)||void 0===c?void 0:c.tme)&&(u=!0),this.runStartStep(e,l).then((i=>{this.runFinishStep(e,u).then((()=>this.waitForStatus(e))).then((e=>t(e))).catch(r)})).catch(r)}))}runStartStep(e,t,r){return new Promise(((i,n)=>{this.startStep?this.startStep.execute(t,r).then((r=>{e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then((r=>{var a,c,l;const u=r;if(u.error)n(new s.default(u.error.message,u.error.code,r.next,!1));else if(u.data){var d="";(null===(a=u.data)||void 0===a?void 0:a.code)&&(d+=`Error Code: ${u.data.code}, `),(null===(c=u.data)||void 0===c?void 0:c.message)?d+=`${u.data.message}`:d+="Error validating phone number";let r=new o.PhoneValidationError(d,null===(l=u.data)||void 0===l?void 0:l.code);this.log.error(`Server reports invalid phone number: ${d}`),this.runStartStep(e,t,r).then(i).catch(n)}else i(u.next)})).catch(n)})).catch(n):n(new Error("InstantLink start step must be specified"))}))}runFinishStep(e,t){return new Promise(((r,i)=>{t?(this.log.info("Simulating user clicking the instant link"),setTimeout((()=>{e.platform.fetch(e.backendUrl+"/v1/client/mobile/instantlink/finish?token="+encodeURIComponent(e.authToken)+"&vfp=test-vfp",{mode:"cors",method:"GET"}).then((e=>r())).catch(i)}),100)):r()}))}}c.NAME="mobile/instantlink",t.default=c},8907:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=r(8864),a=r(3794);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise(((t,r)=>{var i,n,o;if(this.otpStartStep)if(this.otpFinishStep){var s=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===o?void 0:o.mnp)&&(s=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,s).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))}))}runOtpStartStep(e,t,r,i,n){return new Promise(((s,c)=>{t.execute(i,n).then((n=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating phone number";let o=new a.PhoneValidationError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${u}`),this.runOtpStartStep(e,t,r,i,o).then(s).catch(c)}else this.runOtpFinishStep(e,t,r,i).then(s).catch(c)})).catch(c)})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to start OTP flow: ${t}`))}))}))}runOtpFinishStep(e,t,r,i,n){return new Promise(((a,c)=>{r.execute(n).then((n=>{var l;let u=n;switch(u.resultType){case s.OtpFinishResultType.OnResendOtp:this.runOtpStartStep(e,t,r,i).then(a).catch(c);break;case s.OtpFinishResultType.OnSuccess:let n=u.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating OTP";let o=new s.OtpError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${u}`),this.runOtpFinishStep(e,t,r,i,o).then(a).catch(c)}else a(n.next)})).catch(c)}})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to obtain OTP for verification: ${t}}`))}))}))}}c.NAME="mobile/otp",t.default=c},3794:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=o},8566:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.getUnixTime=t.arrayBufferToHexString=t.arrayBufferToString=t.stringToArrayBuffer=t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.DEVICE_CAPABILITY_WEBAUTHN="webauthn",t.stringToArrayBuffer=function(e){return(new TextEncoder).encode(e)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),(e=>("00"+e.toString(16)).slice(-2))).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)}},6105:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(9568)),a=i(r(8370)),c=i(r(1044)),l=i(r(6736)),u=i(r(1840)),d=i(r(7625)),h=i(r(3075)),f=i(r(8907)),g=i(r(4704)),p=r(2207);class v{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message="Unknown error",this.reportable=!0,this.name="error",e instanceof o.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=o.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){let t=`Authentication step ${e.lastStep} failed`;return this._code&&(t=t+", code: "+this._code),this._message&&(t=t+", message: "+this._message),this.logger.error(t),this.nextStep===s.default.AUTH_DONE?Promise.resolve(s.default.AUTH_DONE):!this.nextStep||this.reportable?new Promise(((t,r)=>{const i=this.getKind(e.lastStep);e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then((e=>{t(e.next)})).catch(r)})):Promise.resolve(this.nextStep)}getKind(e){return e&&v.errorKinds.get(e)||"device/passive"}}v.errorKinds=new Map([[l.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[u.default.NAME,"device/fido2"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[f.default.NAME,"mobile/otp"],[g.default.NAME,"user/mobileactive"],[p.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[p.DeviceUniversalRedirectFinishStep.NAME,"device/universal"]]),t.default=v},1770:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(8566),o=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise(((s,a)=>{this.session.getDeviceRegistration().then((c=>c&&c.deviceId?o.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then((n=>{const o=n[0],l=n[1],u=e+"\n"+t+"\n"+r+"\n"+i+"\n"+o+"\n"+l;c.sign(u).then((e=>s({version:"3",challenge:o,signature:e,keyId:c.keyId}))).catch(a)})).catch(a):(this.log.debug("No signing needed for "+t),void s(null)):(this.log.debug("Device not registered, cannot sign"),void s(null)))).catch(a)}))}getChallenge(e){return new Promise(((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then((e=>e)).then((e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))})).catch(r)}))}getHash(e){return new Promise(((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then((e=>t((0,n.arrayBufferToHexString)(e)))).catch(r)}))}}},1703:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727);class s{constructor(e){this.log=o.LoggerFactory.getLogger("scan-message-step"),this.name=s.NAME,this.authMessageHandler=e}execute(e){return new Promise(((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then((i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then((e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next)):t(e.next)}))})).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))}))}}s.NAME="scan/message",t.default=s},7370:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",t.default=n},6185:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/mobileactive",t.default=o},4704:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/present",t.default=o},4781:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(1727),o=i(r(3350)),s=r(8566);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,s.getUnixTime)())}sign(e){return new Promise(((t,r)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,s.stringToArrayBuffer)(e)).then((e=>t(btoa((0,s.arrayBufferToString)(this.p1363ToDer(e)))))).catch(r)})).catch(r)}))}getPublicKey(){return new Promise(((e,t)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then((t=>{const r=btoa((0,s.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")})).catch(t)})).catch(t)}))}getAuthRegistration(e){return new Promise(((t,r)=>{this.sign(e).then((e=>{this.getPublicKey().then((r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})})).catch(r)})).catch(r)}))}initialize(){return new Promise(((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then((t=>{this.keys=t,e()})).catch(t)}))}p1363ToDer(e){const t=(0,s.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,o=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+o.length)/2).toString(16).padStart(2,"0")}${n}${o}`.match(/[\da-f]{2}/gi);return a?new Uint8Array(a.map((e=>parseInt(e,16)))):new Uint8Array}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),(e=>e.toString(16))).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise(((t,r)=>{t(new a(e))}))}getRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const o=i.result,s=o.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>o.close();const l=s.objectStore(c.DB_STORE).get(e);l.onsuccess=()=>{l.result?t(new a(l.result)):t(null)},l.onerror=e=>{r(new Error("Failed to access registration"))}}}))}storeRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const s=i.result,a=s.transaction([c.DB_STORE],"readwrite");a.oncomplete=()=>s.close();const l=a.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=l.put(e);u.onsuccess=()=>{this.log.trace("Registration saved")},u.onerror=e=>{r(new o.default("Failed to store registration"))},t()}}))}deleteRegistration(e){return new Promise(((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{var o=i.result,s=o.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>o.close(),!o.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var a=s.objectStore(c.DB_STORE).delete(e);a.onsuccess=()=>{t()},a.onerror=e=>{r(new Error("Failed to delete registration"))}}}))}reset(){return new Promise(((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database: "+t),e()}}))}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=t=>{const r=e.result;this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},1092:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const n=r(8266),o=r(8566),s=i(r(1770)),a=i(r(4781));class c{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=c,t.WebPlatform=class{constructor(){this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new a.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new c(e)}createRequestSigner(e){return new s.default(e)}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new n.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}}},8864:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}var s;t.OtpError=o,(s=t.OtpFinishResultType||(t.OtpFinishResultType={}))[s.OnSuccess=0]="OnSuccess",s[s.OnResendOtp=1]="OnResendOtp"},6462:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="2.4.5",t.API_CONTRACT_VERSION="2.7.0",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var o=t[i]={exports:{}};return e[i].call(o.exports,o,o.exports,r),o.exports}(3607)})()));

package/build/lib/proveauth/authenticator-builder.d.ts CHANGED Viewed

@@ -26,6 +26,7 @@ export default class AuthenticatorBuilder {
     private otpStartStep?;
     private otpFinishStep?;
     private instantLinkStartStep?;
+    private forUPK;
     private instantLinkTestMode;
     constructor();
     withAuthFinishStep(step: AuthFinishStep | AuthFinishStepFn): AuthenticatorBuilder;
@@ -38,5 +39,6 @@ export default class AuthenticatorBuilder {
     withDeviceIpAddress(deviceIp: string | (() => string | null) | null): AuthenticatorBuilder;
     withOtpFallback(startStep: OtpStartStep | OtpStartStepFn, finishStep: OtpFinishStep | OtpFinishStepFn): AuthenticatorBuilder;
     withInstantLinkFallback(startStep: InstantLinkStartStep | InstantLinkStartStepFn): AuthenticatorBuilder;
+    withUPKEnabled(): this;
     build(): Authenticator;
 }

package/build/lib/proveauth/authenticator-builder.js CHANGED Viewed

@@ -4,7 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MobileAuthImplementation = exports.DeviceRole = void 0;
-const primary_authenticator_1 = __importDefault(require("./internal/primary-authenticator"));
 const web_platform_1 = require("./internal/web-platform");
 const device_passive_register_step_1 = __importDefault(require("./internal/device-passive-register-step"));
 const device_passive_step_1 = __importDefault(require("./internal/device-passive-step"));
@@ -14,9 +13,11 @@ const mobile_instantlink_step_1 = __importDefault(require("./internal/mobile-ins
 const mobile_otp_step_1 = __importDefault(require("./internal/mobile-otp-step"));
 const scan_message_step_1 = __importDefault(require("./internal/scan-message-step"));
 const user_mobileactive_step_1 = __importDefault(require("./internal/user-mobileactive-step"));
-const secondary_authenticator_1 = __importDefault(require("./internal/secondary-authenticator"));
 const device_passive_silent_step_1 = __importDefault(require("./internal/device-passive-silent-step"));
 const device_passive_stepup_step_1 = __importDefault(require("./internal/device-passive-stepup-step"));
+const device_universal_step_1 = __importDefault(require("./internal/device-universal-step"));
+const device_universal_redirect_steps_1 = require("./internal/device-universal-redirect-steps");
+const main_authenticator_1 = __importDefault(require("./internal/main-authenticator"));
 var DeviceRole;
 (function (DeviceRole) {
     DeviceRole[DeviceRole["Primary"] = 0] = "Primary";
@@ -31,6 +32,7 @@ class AuthenticatorBuilder {
     constructor() {
         this.role = DeviceRole.Primary;
         this.mobileAuthImplementation = MobileAuthImplementation.Fetch;
+        this.forUPK = false;
         this.instantLinkTestMode = false;
         if (typeof window !== 'undefined') {
             this.storage = window.localStorage;
@@ -100,22 +102,30 @@ class AuthenticatorBuilder {
         }
         return this;
     }
+    withUPKEnabled() {
+        this.forUPK = true;
+        return this;
+    }
     build() {
         if (this.role === DeviceRole.Primary) {
-            return new primary_authenticator_1.default(this.platform, this.storage, this.authFinishStep, [
+            return new main_authenticator_1.default(this.platform, this.storage, this.authFinishStep, [
+                new device_universal_step_1.default(this.forUPK),
+                new device_universal_redirect_steps_1.DeviceUniversalRedirectExchangeStep(),
+                new device_universal_redirect_steps_1.DeviceUniversalRedirectFinishStep(),
                 new device_passive_step_1.default(this.getDisplayName, this.role),
                 new device_passive_stepup_step_1.default(this.getDisplayName),
-                new device_passive_silent_step_1.default(),
+                new device_passive_silent_step_1.default(this.forUPK),
                 new device_passive_register_step_1.default(),
                 new device_passive_verify_step_1.default(),
                 new mobile_instant_step_1.default(this.mobileAuthImplementation, this.getDeviceIp),
+                new mobile_instantlink_step_1.default(this.instantLinkStartStep, this.getDeviceIp),
                 new mobile_otp_step_1.default(this.otpStartStep, this.otpFinishStep),
                 new user_mobileactive_step_1.default(),
                 new scan_message_step_1.default(this.authMessageHandler),
             ]);
         }
         else {
-            return new secondary_authenticator_1.default(this.platform, this.storage, this.authFinishStep, [
+            return new main_authenticator_1.default(this.platform, this.storage, this.authFinishStep, [
                 new device_passive_step_1.default(this.getDisplayName, this.role),
                 new mobile_instant_step_1.default(this.mobileAuthImplementation, this.getDeviceIp),
                 new mobile_instantlink_step_1.default(this.instantLinkStartStep, this.getDeviceIp),

package/build/lib/proveauth/internal/auth-session.d.ts CHANGED Viewed

@@ -12,6 +12,7 @@ export default class AuthSession implements AuthSessionIntegration {
     readonly claims?: AuthTokenClaims;
     readonly settings: Settings;
     readonly requestSigner: RequestSigner;
+    readonly channels: Set<MessageChannel>;
     lastStep: string | null;
     credential: CredentialType | null;
     authMessage: AuthMessage | null;
@@ -25,6 +26,7 @@ export default class AuthSession implements AuthSessionIntegration {
     constructor(settings: Settings, platform: Platform, authToken?: string);
     fetchFromBackend(query: string, body: AuthRequest): Promise<AuthResponse>;
     createMessageChannel(endpointPath: string, onClose: () => void, onError: (message: string) => void, onMessage: (data: string) => void): MessageChannel;
+    closeAllMessageChannels(): void;
     getDeviceRegistration(): Promise<DeviceRegistration | null>;
     private parseJwt;
 }

package/build/lib/proveauth/internal/auth-session.js CHANGED Viewed

@@ -30,6 +30,7 @@ class AuthSession {
     }
     constructor(settings, platform, authToken) {
         var _a, _b;
+        this.channels = new Set();
         this.lastStep = null;
         this.credential = null;
         this.authMessage = null;
@@ -99,11 +100,10 @@ class AuthSession {
         }
         const KEEP_ALIVE_INTERVAL = 30000;
         const endpoint = this.backendUrl.replace(/^http/, 'ws');
-        const encodedAuthToken = encodeURIComponent(this.authToken);
-        const channel = this.platform.createMessageChannel(endpoint + endpointPath + '?token=' + encodedAuthToken);
+        const channel = this.platform.createMessageChannel(endpoint + endpointPath);
         const log = logger_1.LoggerFactory.getLogger('web-message-channel');
         const keepAlive = setInterval(() => {
-            log.debug('Sending keep-alive message');
+            log.trace('Sending keep-alive message');
             channel.send('');
         }, KEEP_ALIVE_INTERVAL);
         channel.addEventListener('close', (_) => {
@@ -111,6 +111,7 @@ class AuthSession {
                 clearInterval(keepAlive);
             }
             onClose();
+            this.channels.delete(channel);
         });
         channel.addEventListener('error', (event) => {
             if ('message' in event) {
@@ -134,8 +135,15 @@ class AuthSession {
                 }
             }
         });
+        this.channels.add(channel);
         return channel;
     }
+    closeAllMessageChannels() {
+        const channelsCopy = new Set(this.channels);
+        channelsCopy.forEach((channel) => channel.close());
+        channelsCopy.clear();
+        this.channels.clear();
+    }
     getDeviceRegistration() {
         return new Promise((resolve, reject) => {
             this.platform.deviceAuth

package/build/lib/proveauth/internal/auth-status-actions.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import AuthSession from './auth-session';
+export declare class AuthStatusActions {
+    protected log: import("../common/logger").Logger;
+    protected waitForStatus(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/auth-status-actions.js ADDED Viewed

@@ -0,0 +1,48 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthStatusActions = void 0;
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+class AuthStatusActions {
+    constructor() {
+        this.log = logger_1.LoggerFactory.getLogger('auth-status-actions');
+    }
+    waitForStatus(session) {
+        var gotResponse = false;
+        this.log.trace('Waiting for auth status');
+        return new Promise((resolve, reject) => {
+            const channel = session.createMessageChannel('/v1/client/status?token=' + encodeURIComponent(session.authToken), () => {
+                if (!gotResponse) {
+                    reject(new auth_error_1.default('Failed to receive secondary authentication status, no response'));
+                }
+            }, (errorMessage) => {
+                gotResponse = true;
+                this.log.error('Failed: ' + errorMessage);
+                reject(new auth_error_1.default('Failed to receive secondary authentication status: ' + errorMessage));
+            }, (data) => {
+                gotResponse = true;
+                try {
+                    this.log.debug(('Secondary authentication status: ' + data));
+                    const response = JSON.parse(data);
+                    if (response.error) {
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    }
+                    else {
+                        session.lastStep = response.next;
+                        resolve(response.next);
+                    }
+                }
+                catch (e) {
+                    reject(e);
+                }
+                finally {
+                    channel.close();
+                }
+            });
+        });
+    }
+}
+exports.AuthStatusActions = AuthStatusActions;

package/build/lib/proveauth/internal/auth-token-claims.d.ts CHANGED Viewed

@@ -16,11 +16,16 @@ export interface InstantLinkAuthenticator {
 export interface OtpAuthenticator {
     mnp: boolean;
 }
+export interface UniversalAuthenticator {
+    endp: string;
+    ftu: string;
+}
 export interface Authenticators {
     pasv?: PassiveAuthenticator;
     inst?: InstantAuthenticator;
     inln?: InstantLinkAuthenticator;
     otp?: OtpAuthenticator;
+    unvsl?: UniversalAuthenticator;
 }
 export interface DeviceAuthSubjectClaim {
     auths: Authenticators;

package/build/lib/proveauth/internal/device-passive-silent-step.d.ts CHANGED Viewed

@@ -4,7 +4,11 @@ export default class DevicePassiveSilentStep implements AuthStep {
     static readonly NAME = "device/passive/silent";
     private readonly log;
     readonly name = "device/passive/silent";
+    private forUPK;
+    constructor(forUPK: boolean);
     execute(session: AuthSession): Promise<string>;
+    private getBackendRegisterEndpoint;
+    private getBackendVerifyEndpoint;
     private register;
     private verify;
 }

package/build/lib/proveauth/internal/device-passive-silent-step.js CHANGED Viewed

@@ -6,9 +6,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = require("../common/logger");
 const auth_error_1 = __importDefault(require("./auth-error"));
 class DevicePassiveSilentStep {
-    constructor() {
+    constructor(forUPK) {
         this.log = logger_1.LoggerFactory.getLogger('device-passive-silent-step');
         this.name = DevicePassiveSilentStep.NAME;
+        this.forUPK = false;
+        this.forUPK = forUPK;
     }
     execute(session) {
         this.log.trace('Executing');
@@ -33,19 +35,27 @@ class DevicePassiveSilentStep {
                 .catch(reject);
         });
     }
+    getBackendRegisterEndpoint() {
+        return this.forUPK
+            ? '/v1/client/device/universal/register'
+            : '/v1/client/device/passive/register';
+    }
+    getBackendVerifyEndpoint() {
+        return this.forUPK ? '/v1/client/device/universal/verify' : '/v1/client/device/passive/verify';
+    }
     register(session, registration) {
         this.log.trace('Registering');
         return new Promise((resolve, reject) => {
             registration.getAuthRegistration(session.challenge).then((authRegistration) => {
                 session
-                    .fetchFromBackend('/v1/client/device/passive/register', {
+                    .fetchFromBackend(this.getBackendRegisterEndpoint(), {
                     deviceName: session.platform.getPlatformName(),
                     deviceCapabilities: session.platform.getDeviceCapabilities(),
                     registrations: [authRegistration],
                 })
                     .then((response) => {
                     if (response.error) {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                     }
                     else {
                         const deviceId = response.data.deviceId;
@@ -72,14 +82,14 @@ class DevicePassiveSilentStep {
                 const challenge = registration.deviceId + ':' + session.challenge;
                 registration.sign(challenge).then((signature) => {
                     session
-                        .fetchFromBackend('/v1/client/device/passive/verify', {
+                        .fetchFromBackend(this.getBackendVerifyEndpoint(), {
                         deviceId: registration.deviceId,
                         keyId: registration.keyId,
                         signature: signature,
                     })
                         .then((response) => {
                         if (response.error) {
-                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                         }
                         else {
                             resolve(response.next);

package/build/lib/proveauth/internal/device-passive-step.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
 import { DeviceRole } from '../authenticator-builder';
-export declare class DevicePassiveActions {
+import { AuthStatusActions } from './auth-status-actions';
+export declare class DevicePassiveActions extends AuthStatusActions {
     protected log: import("../common/logger").Logger;
     private readonly getDisplayName;
     protected constructor(getDisplayName?: () => string | null);

package/build/lib/proveauth/internal/device-passive-step.js CHANGED Viewed

@@ -10,9 +10,10 @@ const device_passive_silent_step_1 = __importDefault(require("./device-passive-s
 const auth_token_claims_1 = require("./auth-token-claims");
 const auth_error_1 = __importDefault(require("./auth-error"));
 const authenticator_builder_1 = require("../authenticator-builder");
-const base_authenticator_1 = __importDefault(require("./base-authenticator"));
-class DevicePassiveActions {
+const auth_status_actions_1 = require("./auth-status-actions");
+class DevicePassiveActions extends auth_status_actions_1.AuthStatusActions {
     constructor(getDisplayName) {
+        super();
         this.log = logger_1.LoggerFactory.getLogger('device-passive-actions');
         this.getDisplayName = getDisplayName ? getDisplayName : () => null;
     }
@@ -114,7 +115,7 @@ class DevicePassiveStep extends DevicePassiveActions {
     }
     execute(session) {
         if (this.role == authenticator_builder_1.DeviceRole.Secondary) {
-            return Promise.resolve(base_authenticator_1.default.AUTH_DONE);
+            return this.waitForStatus(session);
         }
         if (!session.platform.isFidoSupported() ||
             session.uvLevel === auth_token_claims_1.UserVerificationLevel.Discouraged) {

package/build/lib/proveauth/internal/device-universal-redirect-steps.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import AuthStep from './auth-step';
+import AuthSession from './auth-session';
+export declare class DeviceUniversalRedirectBaseStep implements AuthStep {
+    name: string;
+    execute(session: AuthSession): Promise<string>;
+}
+export declare class DeviceUniversalRedirectFinishStep extends DeviceUniversalRedirectBaseStep {
+    static readonly NAME = "redirect/finish";
+    readonly name = "redirect/finish";
+}
+export declare class DeviceUniversalRedirectExchangeStep extends DeviceUniversalRedirectBaseStep {
+    static readonly NAME = "redirect/exchange";
+    readonly name = "redirect/exchange";
+}

package/build/lib/proveauth/internal/device-universal-redirect-steps.js ADDED Viewed

@@ -0,0 +1,55 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeviceUniversalRedirectExchangeStep = exports.DeviceUniversalRedirectFinishStep = exports.DeviceUniversalRedirectBaseStep = void 0;
+const auth_error_1 = __importDefault(require("./auth-error"));
+class DeviceUniversalRedirectBaseStep {
+    constructor() {
+        this.name = '';
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            var _a, _b, _c;
+            let redirectUrl = (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.dev) === null || _b === void 0 ? void 0 : _b.auths.unvsl) === null || _c === void 0 ? void 0 : _c.ftu;
+            if (typeof redirectUrl != 'undefined' && redirectUrl) {
+                redirectUrl += `?authId=${session.authId}`;
+                let upkNext = '';
+                if (this.name === 'redirect/exchange') {
+                    upkNext = 'authexchange';
+                }
+                else if (this.name === 'redirect/finish') {
+                    upkNext = 'authfinish';
+                }
+                else {
+                    reject(new auth_error_1.default(`Unknown UPK Step: ${this.name}`, 0, session.next, true));
+                    return;
+                }
+                redirectUrl += `&next=${upkNext}`;
+                session.platform.urlRedirect(redirectUrl);
+                resolve('');
+            }
+            else {
+                reject(new auth_error_1.default('AuthToken claims do not contain final target URL', 0, session.next, true));
+            }
+        });
+    }
+}
+exports.DeviceUniversalRedirectBaseStep = DeviceUniversalRedirectBaseStep;
+class DeviceUniversalRedirectFinishStep extends DeviceUniversalRedirectBaseStep {
+    constructor() {
+        super(...arguments);
+        this.name = DeviceUniversalRedirectFinishStep.NAME;
+    }
+}
+DeviceUniversalRedirectFinishStep.NAME = 'redirect/finish';
+exports.DeviceUniversalRedirectFinishStep = DeviceUniversalRedirectFinishStep;
+class DeviceUniversalRedirectExchangeStep extends DeviceUniversalRedirectBaseStep {
+    constructor() {
+        super(...arguments);
+        this.name = DeviceUniversalRedirectExchangeStep.NAME;
+    }
+}
+DeviceUniversalRedirectExchangeStep.NAME = 'redirect/exchange';
+exports.DeviceUniversalRedirectExchangeStep = DeviceUniversalRedirectExchangeStep;

package/build/lib/proveauth/internal/device-universal-step.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import AuthStep from './auth-step';
+import AuthSession from './auth-session';
+export default class DeviceUniversalStep implements AuthStep {
+    static readonly NAME = "device/universal";
+    private readonly log;
+    readonly name = "device/universal";
+    private forUPK;
+    constructor(forUPK: boolean);
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/device-universal-step.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
+class DeviceUniversalStep {
+    constructor(forUPK) {
+        this.log = logger_1.LoggerFactory.getLogger('device-universal-step');
+        this.name = DeviceUniversalStep.NAME;
+        this.forUPK = false;
+        this.forUPK = forUPK;
+    }
+    execute(session) {
+        this.log.trace('Executing');
+        return new Promise((resolve, reject) => {
+            var _a, _b, _c;
+            if (this.forUPK) {
+                resolve(device_passive_silent_step_1.default.NAME);
+            }
+            else {
+                let redirectUrl = (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.dev) === null || _b === void 0 ? void 0 : _b.auths.unvsl) === null || _c === void 0 ? void 0 : _c.endp;
+                if (typeof redirectUrl != 'undefined' && redirectUrl) {
+                    redirectUrl += `?authId=${session.authId}&authtoken=${session.authToken}`;
+                    session.platform.urlRedirect(redirectUrl);
+                    resolve('');
+                }
+                else {
+                    reject(new auth_error_1.default('AuthToken claims do not contain universal redirect URL', 0, session.next, true));
+                }
+            }
+        });
+    }
+}
+DeviceUniversalStep.NAME = 'device/universal';
+exports.default = DeviceUniversalStep;

package/build/lib/proveauth/internal/{base-authenticator.d.ts → main-authenticator.d.ts} RENAMED Viewed

@@ -5,15 +5,17 @@ import { Logger } from '../common/logger';
 import Platform from './platform';
 import CancelablePromise from '../common/cancelable-promise';
 import AuthSession from './auth-session';
-export default abstract class BaseAuthenticator implements Authenticator {
+import AuthStep from './auth-step';
+export default class MainAuthenticator implements Authenticator {
     static readonly AUTH_DONE = "done";
     static readonly AUTH_EMPTY = "";
     static readonly MAX_ATTEMPTS = 50;
+    private readonly steps;
     protected log: Logger;
     protected readonly platform: Platform;
     protected readonly settings: Settings;
     protected readonly authFinishStep?: AuthFinishStep;
-    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep);
+    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
     isPasskeyRegistered(): boolean;
     isFidoSupported(): boolean;
     isDeviceRegistered(): boolean;
@@ -24,5 +26,7 @@ export default abstract class BaseAuthenticator implements Authenticator {
     unregisterDevice(): Promise<void>;
     unregisterPasskey(): Promise<void>;
     private unregister;
-    abstract process(session: AuthSession): CancelablePromise<void>;
+    process(session: AuthSession): CancelablePromise<void>;
+    private nextStep;
+    private getNextStep;
 }

package/build/lib/proveauth/internal/{base-authenticator.js → main-authenticator.js} RENAMED Viewed

@@ -8,18 +8,26 @@ const logger_1 = require("../common/logger");
 const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
 const auth_session_1 = __importDefault(require("./auth-session"));
 const auth_error_1 = __importDefault(require("./auth-error"));
-class BaseAuthenticator {
-    constructor(platform, storage, finishStep) {
+const report_error_step_1 = __importDefault(require("./report-error-step"));
+const error_code_1 = __importDefault(require("./error-code"));
+class MainAuthenticator {
+    constructor(platform, storage, finishStep, steps) {
+        this.steps = new Map();
         if (!platform) {
             throw new Error('Implementation of Platform is required');
         }
         if (!storage) {
             throw new Error('Implementation of Storage is required');
         }
-        this.log = logger_1.LoggerFactory.getLogger('base-authenticator');
+        this.log = logger_1.LoggerFactory.getLogger('main-authenticator');
         this.platform = platform;
         this.authFinishStep = finishStep;
         this.settings = new settings_1.default(storage);
+        if (steps) {
+            for (let step of steps) {
+                this.steps.set(step.name, step);
+            }
+        }
     }
     isPasskeyRegistered() {
         return this.settings.fidoPasskeyRegistered;
@@ -56,7 +64,7 @@ class BaseAuthenticator {
                 processing
                     .then(() => {
                     var _a;
-                    if (session.lastStep !== BaseAuthenticator.AUTH_EMPTY) {
+                    if (session.lastStep !== MainAuthenticator.AUTH_EMPTY) {
                         this.log.info('Authentication flow has been completed.');
                         return (_a = this.authFinishStep) === null || _a === void 0 ? void 0 : _a.execute({ authId: session.authId });
                     }
@@ -122,8 +130,48 @@ class BaseAuthenticator {
             }
         });
     }
+    process(session) {
+        return new cancelable_promise_1.default((resolve, reject, onCancel) => {
+            onCancel(() => {
+                this.log.info('Canceled');
+                session.closeAllMessageChannels();
+                resolve();
+            });
+            this.nextStep(session, session.next, 1).then(resolve).catch(reject);
+        });
+    }
+    nextStep(session, step, attempt) {
+        this.log.debug(`Authentication attempt ${attempt}, next step: ${step}`);
+        session.lastStep = step;
+        return new Promise((resolve, reject) => {
+            if ([MainAuthenticator.AUTH_DONE, MainAuthenticator.AUTH_EMPTY].includes(step)) {
+                resolve();
+            }
+            else if (attempt > MainAuthenticator.MAX_ATTEMPTS) {
+                reject(new auth_error_1.default('Too many authentication steps', error_code_1.default.ERROR_MAX_ATTEMPTS));
+            }
+            else {
+                this.getNextStep(step)
+                    .execute(session)
+                    .then((next) => this.nextStep(session, next, attempt + 1))
+                    .then(resolve)
+                    .catch((e) => new report_error_step_1.default(e)
+                    .execute(session)
+                    .then((next) => this.nextStep(session, next, attempt + 1))
+                    .then(resolve)
+                    .catch(reject));
+            }
+        });
+    }
+    getNextStep(step) {
+        var nextStep = this.steps.get(step);
+        if (nextStep) {
+            return nextStep;
+        }
+        return new report_error_step_1.default('Unknown authentication step: ' + step);
+    }
 }
-BaseAuthenticator.AUTH_DONE = 'done';
-BaseAuthenticator.AUTH_EMPTY = '';
-BaseAuthenticator.MAX_ATTEMPTS = 50;
-exports.default = BaseAuthenticator;
+MainAuthenticator.AUTH_DONE = 'done';
+MainAuthenticator.AUTH_EMPTY = '';
+MainAuthenticator.MAX_ATTEMPTS = 50;
+exports.default = MainAuthenticator;

package/build/lib/proveauth/internal/mobile-instantlink-step.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
 import { InstantLinkStartStep } from '../instantlink';
-export default class MobileInstantLinkStep implements AuthStep {
+import { AuthStatusActions } from './auth-status-actions';
+export default class MobileInstantLinkStep extends AuthStatusActions implements AuthStep {
     static readonly NAME = "mobile/instantlink";
     readonly name = "mobile/instantlink";
     protected log: import("../common/logger").Logger;

package/build/lib/proveauth/internal/mobile-instantlink-step.js CHANGED Viewed

@@ -6,15 +6,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = require("../common/logger");
 const phone_number_input_1 = require("./phone-number-input");
 const auth_error_1 = __importDefault(require("./auth-error"));
+const auth_status_actions_1 = require("./auth-status-actions");
 const SIMULATED_LINK_CLICK_DELAY = 100;
-class MobileInstantLinkStep {
+class MobileInstantLinkStep extends auth_status_actions_1.AuthStatusActions {
     constructor(startStep, getDeviceIp) {
+        super();
         this.name = MobileInstantLinkStep.NAME;
         this.log = logger_1.LoggerFactory.getLogger('mobile-instantlink-step');
         this.startStep = startStep;
         this.getDeviceIp = getDeviceIp !== null && getDeviceIp !== void 0 ? getDeviceIp : (() => null);
     }
     execute(session) {
+        this.log.trace('Executing');
         return new Promise((resolve, reject) => {
             var _a, _b, _c, _d, _e, _f;
             var phoneNumberNeeded = true;
@@ -26,9 +29,10 @@ class MobileInstantLinkStep {
                 testMode = true;
             }
             this.runStartStep(session, phoneNumberNeeded)
-                .then((next) => {
+                .then((_) => {
                 this.runFinishStep(session, testMode)
-                    .then(() => resolve(next))
+                    .then(() => this.waitForStatus(session))
+                    .then((next) => resolve(next))
                     .catch(reject);
             })
                 .catch(reject);
@@ -89,7 +93,7 @@ class MobileInstantLinkStep {
                     session.platform
                         .fetch(session.backendUrl +
                         '/v1/client/mobile/instantlink/finish?token=' +
-                        session.authToken +
+                        encodeURIComponent(session.authToken) +
                         '&vfp=test-vfp', {
                         mode: 'cors',
                         method: 'GET',

package/build/lib/proveauth/internal/platform.d.ts CHANGED Viewed

@@ -38,6 +38,7 @@ export default interface Platform {
     getDeviceCapabilities: () => string[];
     getMobileAuthBuilder: () => AuthenticatorBuilder<any>;
     exit: (code?: number) => void;
+    urlRedirect: (url: string) => void;
 }
 export declare function stringToArrayBuffer(input: string): ArrayBuffer;
 export declare function arrayBufferToString(input: ArrayBuffer): string;

package/build/lib/proveauth/internal/report-error-step.js CHANGED Viewed

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = require("../common/logger");
 const auth_error_1 = __importDefault(require("./auth-error"));
-const base_authenticator_1 = __importDefault(require("./base-authenticator"));
+const main_authenticator_1 = __importDefault(require("./main-authenticator"));
 const device_passive_register_step_1 = __importDefault(require("./device-passive-register-step"));
 const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
 const device_passive_step_1 = __importDefault(require("./device-passive-step"));
@@ -14,6 +14,7 @@ const mobile_instant_step_1 = __importDefault(require("./mobile-instant-step"));
 const mobile_instantlink_step_1 = __importDefault(require("./mobile-instantlink-step"));
 const mobile_otp_step_1 = __importDefault(require("./mobile-otp-step"));
 const user_present_step_1 = __importDefault(require("./user-present-step"));
+const device_universal_redirect_steps_1 = require("./device-universal-redirect-steps");
 class ReportErrorStep {
     constructor(error) {
         this.logger = logger_1.LoggerFactory.getLogger('report-error-step');
@@ -49,8 +50,8 @@ class ReportErrorStep {
             logMessage = logMessage + ', message: ' + this._message;
         }
         this.logger.error(logMessage);
-        if (this.nextStep === base_authenticator_1.default.AUTH_DONE) {
-            return Promise.resolve(base_authenticator_1.default.AUTH_DONE);
+        if (this.nextStep === main_authenticator_1.default.AUTH_DONE) {
+            return Promise.resolve(main_authenticator_1.default.AUTH_DONE);
         }
         else if (!this.nextStep || this.reportable) {
             return new Promise((resolve, reject) => {
@@ -84,5 +85,7 @@ ReportErrorStep.errorKinds = new Map([
     [mobile_instantlink_step_1.default.NAME, 'mobile/instantlink'],
     [mobile_otp_step_1.default.NAME, 'mobile/otp'],
     [user_present_step_1.default.NAME, 'user/mobileactive'],
+    [device_universal_redirect_steps_1.DeviceUniversalRedirectExchangeStep.NAME, 'device/universal'],
+    [device_universal_redirect_steps_1.DeviceUniversalRedirectFinishStep.NAME, 'device/universal'],
 ]);
 exports.default = ReportErrorStep;

package/build/lib/proveauth/internal/web-platform.d.ts CHANGED Viewed

@@ -26,4 +26,5 @@ export declare class WebPlatform implements Platform {
     getDeviceCapabilities(): string[];
     getMobileAuthBuilder(): AuthenticatorBuilder<any>;
     exit(code?: number): void;
+    urlRedirect(url: string): void;
 }

package/build/lib/proveauth/internal/web-platform.js CHANGED Viewed

@@ -156,5 +156,8 @@ class WebPlatform {
     }
     exit(code) {
     }
+    urlRedirect(url) {
+        window.location.replace(url);
+    }
 }
 exports.WebPlatform = WebPlatform;

package/build/lib/proveauth/version.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-export declare const VERSION = "2.3.2";
+export declare const VERSION = "2.4.5";
 export declare const API_CONTRACT_VERSION = "2.7.0";
 export declare const USER_AGENT_VERSIONS: string;

package/build/lib/proveauth/version.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.USER_AGENT_VERSIONS = exports.API_CONTRACT_VERSION = exports.VERSION = void 0;
-exports.VERSION = '2.3.2';
+exports.VERSION = '2.4.5';
 exports.API_CONTRACT_VERSION = '2.7.0';
 exports.USER_AGENT_VERSIONS = `ProveAuth/${exports.VERSION} Contract/${exports.API_CONTRACT_VERSION} WEB/1`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@prove-identity/prove-auth",
-  "version": "2.4.4",
+  "version": "2.4.5",
   "description": "Prove Auth SDK for Web",
   "main": "build/lib/index.js",
   "files": [
@@ -11,7 +11,8 @@
     "build/lib/index.d.ts",
     "build/lib/proveauth/**/*.js",
     "build/lib/proveauth/**/*.js.map",
-    "build/lib/proveauth/**/*.d.ts"
+    "build/lib/proveauth/**/*.d.ts",
+    "build/bundle/release/*.js"
   ],
   "types": "build/lib/index.d.ts",
   "scripts": {
@@ -68,4 +69,4 @@
   "dependencies": {
     "@prove-identity/mobile-auth": "^3.0.0"
   }
-}
+}

package/build/lib/proveauth/internal/primary-authenticator.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import AuthFinishStep from '../auth-finish-step';
-import AuthStep from './auth-step';
-import AuthSession from './auth-session';
-import Platform from './platform';
-import CancelablePromise from '../common/cancelable-promise';
-import BaseAuthenticator from './base-authenticator';
-export default class PrimaryAuthenticator extends BaseAuthenticator {
-    static readonly MAX_ATTEMPTS = 50;
-    private readonly steps;
-    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
-    process(session: AuthSession): CancelablePromise<void>;
-    private nextStep;
-    private getNextStep;
-}

package/build/lib/proveauth/internal/primary-authenticator.js DELETED Viewed

@@ -1,64 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const report_error_step_1 = __importDefault(require("./report-error-step"));
-const logger_1 = require("../common/logger");
-const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
-const base_authenticator_1 = __importDefault(require("./base-authenticator"));
-const auth_error_1 = __importDefault(require("./auth-error"));
-const error_code_1 = __importDefault(require("./error-code"));
-class PrimaryAuthenticator extends base_authenticator_1.default {
-    constructor(platform, storage, finishStep, steps) {
-        super(platform, storage, finishStep);
-        this.steps = new Map();
-        this.log = logger_1.LoggerFactory.getLogger('primary-authenticator');
-        if (steps) {
-            for (let step of steps) {
-                this.steps.set(step.name, step);
-            }
-        }
-    }
-    process(session) {
-        return new cancelable_promise_1.default((resolve, reject, onCancel) => {
-            onCancel(() => {
-                this.log.info('Canceled');
-                resolve();
-            });
-            this.nextStep(session, session.next, 1).then(resolve).catch(reject);
-        });
-    }
-    nextStep(session, step, attempt) {
-        this.log.debug(`Authentication attempt ${attempt}, next step: ${step}`);
-        session.lastStep = step;
-        return new Promise((resolve, reject) => {
-            if ([base_authenticator_1.default.AUTH_DONE, base_authenticator_1.default.AUTH_EMPTY].includes(step)) {
-                resolve();
-            }
-            else if (attempt > PrimaryAuthenticator.MAX_ATTEMPTS) {
-                reject(new auth_error_1.default('Too many authentication steps', error_code_1.default.ERROR_MAX_ATTEMPTS));
-            }
-            else {
-                this.getNextStep(step)
-                    .execute(session)
-                    .then((next) => this.nextStep(session, next, attempt + 1))
-                    .then(resolve)
-                    .catch((e) => new report_error_step_1.default(e)
-                    .execute(session)
-                    .then((next) => this.nextStep(session, next, attempt + 1))
-                    .then(resolve)
-                    .catch(reject));
-            }
-        });
-    }
-    getNextStep(step) {
-        var nextStep = this.steps.get(step);
-        if (nextStep) {
-            return nextStep;
-        }
-        return new report_error_step_1.default('Unknown authentication step: ' + step);
-    }
-}
-PrimaryAuthenticator.MAX_ATTEMPTS = 50;
-exports.default = PrimaryAuthenticator;

package/build/lib/proveauth/internal/secondary-authenticator.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import AuthFinishStep from '../auth-finish-step';
-import AuthSession from './auth-session';
-import Platform from './platform';
-import CancelablePromise from '../common/cancelable-promise';
-import AuthStep from './auth-step';
-import PrimaryAuthenticator from './primary-authenticator';
-export default class SecondaryAuthenticator extends PrimaryAuthenticator {
-    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
-    process(session: AuthSession): CancelablePromise<void>;
-}

package/build/lib/proveauth/internal/secondary-authenticator.js DELETED Viewed

@@ -1,65 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const logger_1 = require("../common/logger");
-const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
-const auth_error_1 = __importDefault(require("./auth-error"));
-const primary_authenticator_1 = __importDefault(require("./primary-authenticator"));
-class SecondaryAuthenticator extends primary_authenticator_1.default {
-    constructor(platform, storage, finishStep, steps) {
-        super(platform, storage, finishStep, steps);
-        this.log = logger_1.LoggerFactory.getLogger('secondary-authenticator');
-    }
-    process(session) {
-        return new cancelable_promise_1.default((resolve, reject, onCancel) => {
-            var gotResponse = false;
-            var channel;
-            var runSteps = super.process(session);
-            runSteps
-                .then(() => {
-                channel = session.createMessageChannel('/v1/client/status', () => {
-                    if (!gotResponse) {
-                        reject(new auth_error_1.default('Failed to receive secondary authentication status, no response'));
-                    }
-                }, (errorMessage) => {
-                    gotResponse = true;
-                    this.log.error('Failed: ' + errorMessage);
-                    reject(new auth_error_1.default('Failed to receive secondary authentication status: ' + errorMessage));
-                }, (data) => {
-                    gotResponse = true;
-                    try {
-                        this.log.debug(('Secondary authentication status: ' + data));
-                        const response = JSON.parse(data);
-                        if (response.error) {
-                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
-                        }
-                        else {
-                            session.lastStep = response.next;
-                            resolve();
-                        }
-                    }
-                    catch (e) {
-                        reject(e);
-                    }
-                    finally {
-                        channel.close();
-                    }
-                });
-            })
-                .catch(reject);
-            onCancel(() => {
-                gotResponse = true;
-                if (runSteps) {
-                    runSteps.cancel();
-                }
-                if (channel) {
-                    channel.close();
-                }
-                resolve();
-            });
-        });
-    }
-}
-exports.default = SecondaryAuthenticator;