npm - @prove-identity/prove-auth - Versions diffs - 2.4.5 → 2.7.0 - Mend

@prove-identity/prove-auth 2.4.5 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/build/lib/proveauth/internal/device-passive-silent-step.js CHANGED Viewed

@@ -6,11 +6,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = require("../common/logger");
 const auth_error_1 = __importDefault(require("./auth-error"));
 class DevicePassiveSilentStep {
-    constructor(forUPK) {
-        this.log = logger_1.LoggerFactory.getLogger('device-passive-silent-step');
+    constructor(forUPK, userConsentStep) {
         this.name = DevicePassiveSilentStep.NAME;
-        this.forUPK = false;
+        this.log = logger_1.LoggerFactory.getLogger('device-passive-silent-step');
         this.forUPK = forUPK;
+        this.userConsentStep = userConsentStep !== null && userConsentStep !== void 0 ? userConsentStep : {
+            execute: () => Promise.resolve({ consentGranted: true }),
+        };
     }
     execute(session) {
         this.log.trace('Executing');
@@ -19,16 +21,29 @@ class DevicePassiveSilentStep {
                 .getDeviceRegistration()
                 .then((registration) => {
                 if (registration) {
-                    this.verify(session, registration).then(resolve).catch(reject);
+                    session.embedFpResultToDeviceRegistration(registration).then((registration) => {
+                        this.verify(session, registration).then(resolve).catch(reject);
+                    });
                 }
                 else {
-                    session.platform.deviceAuth
-                        .createRegistration({
-                        namespace: session.namespace,
-                        endpoint: session.backendUrl,
+                    this.userConsentStep
+                        .execute()
+                        .then((output) => {
+                        if (output.consentGranted) {
+                            session.platform.deviceAuth
+                                .createRegistration({
+                                namespace: session.namespace,
+                                endpoint: session.backendOrigin,
+                            })
+                                .then((registration) => session.embedFpResultToDeviceRegistration(registration))
+                                .then((registration) => this.register(session, registration))
+                                .then(resolve)
+                                .catch(reject);
+                        }
+                        else {
+                            reject(new Error('User denied the consent to register the device'));
+                        }
                     })
-                        .then((registration) => this.register(session, registration))
-                        .then(resolve)
                         .catch(reject);
                 }
             })
@@ -52,17 +67,20 @@ class DevicePassiveSilentStep {
                     deviceName: session.platform.getPlatformName(),
                     deviceCapabilities: session.platform.getDeviceCapabilities(),
                     registrations: [authRegistration],
+                    signals: registration.getSignals(),
                 })
                     .then((response) => {
                     if (response.error) {
                         reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                     }
                     else {
-                        const deviceId = response.data.deviceId;
+                        const deviceRegisterAuthResp = response;
+                        const deviceId = deviceRegisterAuthResp.data.deviceId;
                         if (!deviceId) {
                             reject(new auth_error_1.default('Failed to register device, returned deviceId is null or empty', 0, response.next));
                         }
                         session.settings.deviceId = deviceId;
+                        session.settings.fidoPasskeyRegistered = deviceRegisterAuthResp.data.passkey;
                         registration.deviceId = deviceId;
                         this.log.debug('Device ID: ' + deviceId);
                         session.platform.deviceAuth
@@ -86,6 +104,7 @@ class DevicePassiveSilentStep {
                         deviceId: registration.deviceId,
                         keyId: registration.keyId,
                         signature: signature,
+                        signals: registration.getSignals(),
                     })
                         .then((response) => {
                         if (response.error) {

package/build/lib/proveauth/internal/device-passive-verify-step.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
+import { Signals } from './auth-request';
 export default class DevicePassiveVerifyStep implements AuthStep {
     static readonly NAME = "device/passive/verify";
     private readonly log;
     readonly name = "device/passive/verify";
     execute(session: AuthSession): Promise<string>;
+    runFidoVerifyFinish(session: AuthSession, signals?: Signals): Promise<string>;
 }

package/build/lib/proveauth/internal/device-passive-verify-step.js CHANGED Viewed

@@ -12,6 +12,23 @@ class DevicePassiveVerifyStep {
         this.name = DevicePassiveVerifyStep.NAME;
     }
     execute(session) {
+        return new Promise((resolve, reject) => {
+            session
+                .getFingerprintData()
+                .then((signal) => {
+                const signals = signal ? { fingerprint: signal } : undefined;
+                this.runFidoVerifyFinish(session, signals).then(resolve).catch(reject);
+            })
+                .catch((error) => {
+                var errorMsg = `Unexpected error happened during Fingerprint data collection ${error.toString}`;
+                this.log.warn(errorMsg);
+                this.runFidoVerifyFinish(session, { fingerprint: { error: errorMsg } })
+                    .then(resolve)
+                    .catch(reject);
+            });
+        });
+    }
+    runFidoVerifyFinish(session, signals) {
         return new Promise((resolve, reject) => {
             const credential = session.credential;
             const assertion = credential.response;
@@ -30,6 +47,7 @@ class DevicePassiveVerifyStep {
                             : undefined,
                     },
                 },
+                signals: signals,
             })
                 .then((response) => {
                 if (response.error) {

package/build/lib/proveauth/internal/main-authenticator.d.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import AuthFinishStep from '../auth-finish-step';
 import Authenticator from '../authenticator';
 import Settings from './settings';
-import { Logger } from '../common/logger';
 import Platform from './platform';
 import CancelablePromise from '../common/cancelable-promise';
 import AuthSession from './auth-session';
@@ -11,11 +10,11 @@ export default class MainAuthenticator implements Authenticator {
     static readonly AUTH_EMPTY = "";
     static readonly MAX_ATTEMPTS = 50;
     private readonly steps;
-    protected log: Logger;
+    protected log: import("../common/logger").Logger;
     protected readonly platform: Platform;
     protected readonly settings: Settings;
     protected readonly authFinishStep?: AuthFinishStep;
-    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
+    constructor(platform: Platform, settings: Settings, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
     isPasskeyRegistered(): boolean;
     isFidoSupported(): boolean;
     isDeviceRegistered(): boolean;

package/build/lib/proveauth/internal/main-authenticator.js CHANGED Viewed

@@ -3,7 +3,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const settings_1 = __importDefault(require("./settings"));
 const logger_1 = require("../common/logger");
 const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
 const auth_session_1 = __importDefault(require("./auth-session"));
@@ -11,18 +10,12 @@ const auth_error_1 = __importDefault(require("./auth-error"));
 const report_error_step_1 = __importDefault(require("./report-error-step"));
 const error_code_1 = __importDefault(require("./error-code"));
 class MainAuthenticator {
-    constructor(platform, storage, finishStep, steps) {
+    constructor(platform, settings, finishStep, steps) {
         this.steps = new Map();
-        if (!platform) {
-            throw new Error('Implementation of Platform is required');
-        }
-        if (!storage) {
-            throw new Error('Implementation of Storage is required');
-        }
         this.log = logger_1.LoggerFactory.getLogger('main-authenticator');
         this.platform = platform;
         this.authFinishStep = finishStep;
-        this.settings = new settings_1.default(storage);
+        this.settings = settings;
         if (steps) {
             for (let step of steps) {
                 this.steps.set(step.name, step);
@@ -59,7 +52,10 @@ class MainAuthenticator {
             }
             try {
                 const session = new auth_session_1.default(this.settings, this.platform, authToken);
-                var processing = this.process(session);
+                if (this.settings.upkEnabled) {
+                    session.backendOriginOverride = this.platform.getOrigin();
+                }
+                const processing = this.process(session);
                 onCancel(() => processing.cancel());
                 processing
                     .then(() => {

package/build/lib/proveauth/internal/mobile-instantlink-step.js CHANGED Viewed

@@ -91,7 +91,7 @@ class MobileInstantLinkStep extends auth_status_actions_1.AuthStatusActions {
                 this.log.info('Simulating user clicking the instant link');
                 setTimeout(() => {
                     session.platform
-                        .fetch(session.backendUrl +
+                        .fetch(session.backendOrigin +
                         '/v1/client/mobile/instantlink/finish?token=' +
                         encodeURIComponent(session.authToken) +
                         '&vfp=test-vfp', {

package/build/lib/proveauth/internal/platform.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { AuthenticatorBuilder } from '@prove-identity/mobile-auth';
 import { AuthRequest } from './auth-request';
 import AuthResponse from './auth-response';
 import DeviceAuth, { DeviceRegistration } from './device-auth';
+import { Agent } from '@fingerprintjs/fingerprintjs-pro';
 export declare const DEVICE_CAPABILITY_WEBAUTHN = "webauthn";
 export interface MessageChannel {
     addEventListener: (type: string, listener: (event: any) => void) => void;
@@ -33,12 +34,15 @@ export default interface Platform {
     getUserAgent: () => string | null;
     isFidoSupported: () => boolean;
     fetch: (input: string, init?: RequestInit) => Promise<Response>;
-    createMessageChannel: (endpointUrl: string) => MessageChannel;
+    createMessageChannel: (input: string) => MessageChannel;
     createRequestSigner: (session: AuthSessionIntegration) => RequestSigner;
     getDeviceCapabilities: () => string[];
     getMobileAuthBuilder: () => AuthenticatorBuilder<any>;
     exit: (code?: number) => void;
     urlRedirect: (url: string) => void;
+    getFpPromise: () => Promise<Agent> | undefined;
+    setFpPromise: (fpPromise: Promise<Agent>) => void;
+    getOrigin: () => string;
 }
 export declare function stringToArrayBuffer(input: string): ArrayBuffer;
 export declare function arrayBufferToString(input: ArrayBuffer): string;

package/build/lib/proveauth/internal/report-error-step.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
 export default class ReportErrorStep implements AuthStep {
-    private static readonly errorKinds;
+    private static readonly errorMap;
     private readonly logger;
     private _message;
     private _code?;
@@ -12,5 +12,5 @@ export default class ReportErrorStep implements AuthStep {
     get code(): number | undefined;
     get message(): string;
     execute(session: AuthSession): Promise<string>;
-    private getKind;
+    private lookupError;
 }

package/build/lib/proveauth/internal/report-error-step.js CHANGED Viewed

@@ -55,9 +55,9 @@ class ReportErrorStep {
         }
         else if (!this.nextStep || this.reportable) {
             return new Promise((resolve, reject) => {
-                const errorKind = this.getKind(session.lastStep);
+                const error = this.lookupError(session.lastStep);
                 session
-                    .fetchFromBackend(`/v1/client/${errorKind}/error`, {
+                    .fetchFromBackend(`/v1/client/${error}/error`, {
                     code: this._code ? this._code : undefined,
                     message: this._message,
                 })
@@ -71,12 +71,12 @@ class ReportErrorStep {
             return Promise.resolve(this.nextStep);
         }
     }
-    getKind(last) {
+    lookupError(last) {
         const defaultKind = 'device/passive';
-        return last ? ReportErrorStep.errorKinds.get(last) || defaultKind : defaultKind;
+        return last ? ReportErrorStep.errorMap.get(last) || defaultKind : defaultKind;
     }
 }
-ReportErrorStep.errorKinds = new Map([
+ReportErrorStep.errorMap = new Map([
     [device_passive_step_1.default.NAME, 'device/passive'],
     [device_passive_silent_step_1.default.NAME, 'device/passive'],
     [device_passive_register_step_1.default.NAME, 'device/fido2'],

package/build/lib/proveauth/internal/settings.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export default class Settings {
     static readonly FIDO_PASSKEY_REGISTERED_KEY = "fidoPasskeyRegistered";
     private readonly log;
     private storage;
+    upkEnabled: boolean;
     constructor(storage: Storage);
     reset(): void;
     get deviceId(): string | null;

package/build/lib/proveauth/internal/settings.js CHANGED Viewed

@@ -4,6 +4,7 @@ const logger_1 = require("../common/logger");
 class Settings {
     constructor(storage) {
         this.log = logger_1.LoggerFactory.getLogger('settings');
+        this.upkEnabled = false;
         this.storage = storage;
     }
     reset() {

package/build/lib/proveauth/internal/web-device-auth.d.ts CHANGED Viewed

@@ -1,17 +1,20 @@
-import { AuthRegistration } from './auth-request';
+import { AuthRegistration, Signal, Signals } from './auth-request';
 import DeviceAuth, { DeviceRegistration, DeviceRegistrationOptions } from './device-auth';
 export declare class WebDeviceRegistration implements DeviceRegistration {
     private keys?;
     deviceId: string | null;
+    fingerprint?: Signal;
     readonly namespace: string;
     readonly keyId: string;
     readonly algorithm: string;
     readonly endpoint: string;
     readonly createdAt: number;
     constructor(options: DeviceRegistrationOptions | any);
+    setFpSignal(fingerprintSignal: Signal): void;
     sign(data: string): Promise<string>;
     getPublicKey(): Promise<string>;
     getAuthRegistration(challenge: string): Promise<AuthRegistration>;
+    getSignals(): Signals | undefined;
     private initialize;
     private p1363ToDer;
     private lenVal;

package/build/lib/proveauth/internal/web-device-auth.js CHANGED Viewed

@@ -25,6 +25,9 @@ class WebDeviceRegistration {
             this.createdAt = (0, platform_1.getUnixTime)();
         }
     }
+    setFpSignal(fingerprintSignal) {
+        this.fingerprint = fingerprintSignal;
+    }
     sign(data) {
         return new Promise((resolve, reject) => {
             this.initialize()
@@ -80,6 +83,9 @@ class WebDeviceRegistration {
                 .catch(reject);
         });
     }
+    getSignals() {
+        return this.fingerprint ? { fingerprint: this.fingerprint } : undefined;
+    }
     initialize() {
         return new Promise((resolve, reject) => {
             if (this.keys) {

package/build/lib/proveauth/internal/web-platform.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
+/// <reference types="webappsec-credential-management" />
 import { AuthenticatorBuilder } from '@prove-identity/mobile-auth';
 import Platform, { AuthSessionIntegration, MessageChannel, RequestSigner } from './platform';
 import WebDeviceAuth from './web-device-auth';
+import { Agent } from '@fingerprintjs/fingerprintjs-pro';
 export declare class WebSocketMessageChannel implements MessageChannel {
     private readonly webSocket;
     constructor(endpointUrl: string);
@@ -9,6 +11,7 @@ export declare class WebSocketMessageChannel implements MessageChannel {
     close(): void;
 }
 export declare class WebPlatform implements Platform {
+    private fpPromise;
     readonly webauthn: {
         getCredentials: (options?: CredentialRequestOptions) => Promise<CredentialType | null>;
         createCredentials: (options: CredentialCreationOptions) => Promise<CredentialType | null>;
@@ -18,7 +21,7 @@ export declare class WebPlatform implements Platform {
     getUserAgent(): string | null;
     isFidoSupported(): boolean;
     fetch(input: string, init?: RequestInit): Promise<Response>;
-    createMessageChannel(endpointUrl: string): MessageChannel;
+    createMessageChannel(input: string): MessageChannel;
     createRequestSigner(session: AuthSessionIntegration): RequestSigner;
     private getBrowserName;
     private getBrowserVersion;
@@ -27,4 +30,7 @@ export declare class WebPlatform implements Platform {
     getMobileAuthBuilder(): AuthenticatorBuilder<any>;
     exit(code?: number): void;
     urlRedirect(url: string): void;
+    getFpPromise(): Promise<Agent> | undefined;
+    setFpPromise(fpPromise: Promise<Agent>): void;
+    getOrigin(): string;
 }

package/build/lib/proveauth/internal/web-platform.js CHANGED Viewed

@@ -47,8 +47,8 @@ class WebPlatform {
     fetch(input, init) {
         return fetch(input, init);
     }
-    createMessageChannel(endpointUrl) {
-        return new WebSocketMessageChannel(endpointUrl);
+    createMessageChannel(input) {
+        return new WebSocketMessageChannel(input);
     }
     createRequestSigner(session) {
         return new request_signer_v3_1.default(session);
@@ -159,5 +159,14 @@ class WebPlatform {
     urlRedirect(url) {
         window.location.replace(url);
     }
+    getFpPromise() {
+        return this.fpPromise;
+    }
+    setFpPromise(fpPromise) {
+        this.fpPromise = fpPromise;
+    }
+    getOrigin() {
+        return window.location.origin;
+    }
 }
 exports.WebPlatform = WebPlatform;

package/build/lib/proveauth/user-consent-step.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export interface UserConsentOutput {
+    readonly consentGranted: boolean;
+}
+export default interface UserConsentStep {
+    execute: () => Promise<UserConsentOutput>;
+}
+export type UserConsentStepFn = () => Promise<UserConsentOutput>;

package/build/lib/proveauth/user-consent-step.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/build/lib/proveauth/version.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-export declare const VERSION = "2.4.5";
-export declare const API_CONTRACT_VERSION = "2.7.0";
+export declare const VERSION = "2.7.0";
+export declare const API_CONTRACT_VERSION = "2.8.0";
 export declare const USER_AGENT_VERSIONS: string;

package/build/lib/proveauth/version.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.USER_AGENT_VERSIONS = exports.API_CONTRACT_VERSION = exports.VERSION = void 0;
-exports.VERSION = '2.4.5';
-exports.API_CONTRACT_VERSION = '2.7.0';
+exports.VERSION = '2.7.0';
+exports.API_CONTRACT_VERSION = '2.8.0';
 exports.USER_AGENT_VERSIONS = `ProveAuth/${exports.VERSION} Contract/${exports.API_CONTRACT_VERSION} WEB/1`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@prove-identity/prove-auth",
-  "version": "2.4.5",
+  "version": "2.7.0",
   "description": "Prove Auth SDK for Web",
   "main": "build/lib/index.js",
   "files": [
@@ -68,5 +68,13 @@
   },
   "dependencies": {
     "@prove-identity/mobile-auth": "^3.0.0"
+  },
+  "peerDependencies": {
+    "@fingerprintjs/fingerprintjs-pro": "^3.11.0"
+  },
+  "peerDependenciesMeta": {
+    "@fingerprintjs/fingerprintjs-pro": {
+      "optional": true
+    }
   }
 }

package/build/bundle/release/prove-auth.js DELETED Viewed

@@ -1 +0,0 @@

- !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,(()=>(()=>{"use strict";var e={2715:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},8266:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(9843);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const o=i(r(7460));t.AuthenticatorBuilder=o.default;const s=r(6639);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return s.ErrorCode}});const a=r(2400);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(79));t.DeviceDescriptor=c.default;const l=r(2715);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return l.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return l.LogLevel}})},7460:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=s(r(3060)),c=s(r(7834)),l=s(r(7747)),u=s(r(5386)),d=s(r(689)),h=s(r(4670)),f=o(r(9134));function g(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=g(e),this}withFinishStep(e){return this._finishStep=g(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new l.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new f.default,r=new f.PixelFinishStep);const i=this._deviceIpDetection?new u.default:new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},6639:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},6902:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},7747:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(8498)),s=n(r(5112)),a=n(r(5030)),c=r(2715),l=r(6458);t.default=class{constructor(){this.logger=c.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=a.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=s.default.create(t)):(this.logger.info("flow v1 detected"),r=o.default.create(t)),{vfp:yield r.handle()}}))}}},5030:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const o=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,s=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(s,o)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,(function*(){return new Promise((e=>{setTimeout((()=>e(this.testVfp)),this.delay)}))}))}}t.default=i},6458:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const o=r(2715),s=r(6639),a=r(9843),c=n(r(6902));t.toURL=function(e){try{return new l(e)}catch(t){throw new c.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,(function*(){const t=e.status;switch(t){case 404:throw new c.default(s.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(s.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(s.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}}))},t.fetchAuth=function(e,t){var r;const i=o.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},l=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${l} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(s.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const u={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(u["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:l,mode:"cors",headers:u,body:d}).then((e=>(i.debug(`${e.status} ${e.statusText}`),e)))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,o=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),o.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,o.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,o.push(String.fromCharCode(r>>16))}return o.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class l{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex((t=>t.key===e));-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find((t=>t.key===e)))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=l},8498:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=n(r(6902)),a=r(6639),c=r(6458);class l{static create(e){return e.searchParams.set("r","f"),new l(e)}constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,(function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new s.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const o=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${o}`);const s=null!==(t=o.searchParams.get("vfp"))&&void 0!==t?t:o.searchParams.get("token");if(s&&s!==i)return this.logger.debug(`vfp changed to ${s}`),s;n=o}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new s.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=l},5112:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(6639),a=n(r(6902)),c=r(6458);class l{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,o,u;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{o=i.vfp}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{u=i.data}catch(e){throw new a.default(s.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new l(n,o,u,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=o.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,(function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const o=c.Base64.encode(n);return`${this.vfp}___${o}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(s.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}}))}}t.default=l},4670:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(o)return;s();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let o=!1;const s=()=>{this.logger.trace("cleanup global callback"),o=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout((()=>{o||(s(),t(new Error("script loaded, but not executed")))}),1e3)},n.onerror=()=>{this.logger.trace("script load error"),o||(s(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()}))}))}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},9134:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const o=n(r(5030)),s=r(2715),a=r(6458),c=r(9843);t.default=class{constructor(){this.logger=s.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,(function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=o.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new l(t)}return{vfp:yield r.handle()}}))}};class l{constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,(function*(){return new Promise(((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()}))}))}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},7834:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(2715),s=r(2400),a=n(r(4517)),c=r(6639);class l{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class u{constructor(){this.currentStep=s.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStep=t,this.authenticationStep=r,this.finishStep=i,this.timeout=n,this.logger=o.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var o;return i(this,void 0,void 0,(function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${s.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${s.StepCode[t]}`),i}catch(e){const r=null!==(o=e.errorCode)&&void 0!==o?o:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}}))}authenticate(e){return new Promise(((t,r)=>{const i=new u;let n;this.timeout>0&&(n=setTimeout((()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))}),this.timeout)),this.executeAuth(i,e).then((e=>{i.timedOut||(clearTimeout(n),t(e))}),(e=>{i.timedOut||(clearTimeout(n),r(e))}))}))}executeAuth(e,t){return i(this,void 0,void 0,(function*(){const r=new l(t);r._deviceDescriptor=(yield this.executeStep(e,s.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,s.StepCode.START,this.startStep,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,s.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,s.StepCode.FINISH,this.finishStep,r);return this.logger.info("result",i),i}))}}},5386:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=r(6639),s=n(r(79)),a=n(r(6902));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://device.payfone.com:4443/whatismyipaddress"}execute(e){return i(this,void 0,void 0,(function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://device.payfone.com:4443/whatismyipaddress");if(t.ok)return{deviceDescriptor:new s.default(yield t.text())};throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)}))}}},689:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))((function(n,o){function s(e){try{c(i.next(e))}catch(e){o(e)}}function a(e){try{c(i.throw(e))}catch(e){o(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(s,a)}c((i=i.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const o=n(r(79));t.default=class{execute(e){var t;return i(this,void 0,void 0,(function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new o.default}}))}}},3060:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},4517:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(6639),n=r(2400);class o extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,o),this.name="AuthProcessError",this.stepCode=e}}t.default=o},79:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},2400:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},9843:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.0.0",t.VERSION_CODE=3e4},3607:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},s=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.AuthenticatorBuilder=t.VERSION=void 0;const a=r(6462);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return a.VERSION}});const c=o(r(4817));t.AuthenticatorBuilder=c.default,Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return c.DeviceRole}}),Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return c.MobileAuthImplementation}});const l=r(6267);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return l.AuthResponseStatus}});const u=r(1727);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}});const d=s(r(4610));t.CancelablePromise=d.default;const h=r(3794);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return h.PhoneValidationError}});const f=r(8864);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return f.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return f.OtpFinishResultType}})},4817:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=t.DeviceRole=void 0;const n=r(1092),o=i(r(8370)),s=i(r(6736)),a=i(r(1840)),c=i(r(7625)),l=i(r(3075)),u=i(r(8907)),d=i(r(1703)),h=i(r(6185)),f=i(r(1044)),g=i(r(1474)),p=i(r(9790)),v=r(2207),_=i(r(9568));var m,E;!function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(m=t.DeviceRole||(t.DeviceRole={})),function(e){e.Pixel="pixel",e.Fetch="fetch"}(E=t.MobileAuthImplementation||(t.MobileAuthImplementation={})),t.default=class{constructor(){this.role=m.Primary,this.mobileAuthImplementation=E.Fetch,this.forUPK=!1,this.instantLinkTestMode=!1,"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this}withUPKEnabled(){return this.forUPK=!0,this}build(){return this.role===m.Primary?new _.default(this.platform,this.storage,this.authFinishStep,[new p.default(this.forUPK),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new s.default(this.getDisplayName,this.role),new g.default(this.getDisplayName),new f.default(this.forUPK),new o.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp),new u.default(this.otpStartStep,this.otpFinishStep),new h.default,new d.default(this.authMessageHandler)]):new _.default(this.platform,this.storage,this.authFinishStep,[new s.default(this.getDisplayName,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new l.default(this.instantLinkStartStep,this.getDeviceIp)])}}},8607:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){return Uint8Array.from(atob(r.stringToBase64(e)),(e=>e.charCodeAt(0)))}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},4610:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super(((r,i)=>e(r,i,(e=>t=e)))),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},1727:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},3350:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),"[object Object]"===t&&(t=JSON.stringify(e)))}return t}}t.default=r},6267:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,(r=t.AuthResponseStatus||(t.AuthResponseStatus={})).Accept="accept",r.Reject="reject",r.Cancel="cancel",r.Unexpected="unexpected",r.Timeout="timeout",r.Unknown="unknown"},1204:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(6462),s=r(2102),a=i(r(5186));t.default=class{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendUrl(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)||this.backendUrlOverride}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.lastStep=null,this.credential=null,this.authMessage=null,this.uvLevel=null,this.backendUrlOverride=null,this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||s.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",i="application/json",n=JSON.stringify(t),s=e.split("?"),c=s[0],l=s.length>1?s[1]:"",u=new Headers({Accept:i,"Content-Type":i,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&u.set("Authorization","Bearer "+this.authToken),new Promise(((t,o)=>{this.requestSigner.sign(r,c,l,i,n).then((i=>{i&&(u.set("PA-Sig-Version",i.version),u.set("PA-Challenge",i.challenge),u.set("PA-KID",i.keyId),u.set("PA-Signature",i.signature)),this.platform.fetch(this.backendUrl+e,{mode:"cors",method:r,headers:u,body:n}).then((e=>e.json())).then((e=>{e.error&&e.error.code===a.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),t(e)})).catch(o)})).catch(o)}))}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const o=this.backendUrl.replace(/^http/,"ws"),s=this.platform.createMessageChannel(o+e),a=n.LoggerFactory.getLogger("web-message-channel"),c=setInterval((()=>{a.trace("Sending keep-alive message"),s.send("")}),3e4);return s.addEventListener("close",(e=>{c&&clearInterval(c),t(),this.channels.delete(s)})),s.addEventListener("error",(e=>{r("message"in e?e.message:e.toString())})),s.addEventListener("message",(e=>{if("origin"in e&&e.origin!==o)r("Unexpected origin");else{var t=e.data;i(t&&"string"==typeof t?t:e.toString())}})),this.channels.add(s),s}closeAllMessageChannels(){const e=new Set(this.channels);e.forEach((e=>e.close())),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise(((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then((t=>{t&&(this.backendUrlOverride=null==t?void 0:t.endpoint),e(t)})).catch(t)}))}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}},3225:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(1727),o=i(r(3350));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise(((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(()=>{t||i(new o.default("Failed to receive secondary authentication status, no response"))}),(e=>{t=!0,this.log.error("Failed: "+e),i(new o.default("Failed to receive secondary authentication status: "+e))}),(s=>{t=!0;try{this.log.debug("Secondary authentication status: "+s);const t=JSON.parse(s);t.error?i(new o.default(t.error.message,t.error.code,t.next)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{n.close()}}))}))}}},2102:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,(r=t.UserVerificationLevel||(t.UserVerificationLevel={})).Discouraged="none",r.Preferred="pref",r.Required="req"},8370:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350)),a=i(r(5186));class c{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-register-step"),this.name=c.NAME}execute(e){return new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((i=>{i.getAuthRegistration(e.challenge).then((t=>this.finishRegistration(e,[this.getFido2Registration(e),t]))).then((n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then((()=>t(n))).catch(r)})).catch(r)})).catch(r)})).catch(r)}))}finishRegistration(e,t){return new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then((t=>{if(t.error)i(new s.default(t.error.message,t.error.code,t.next));else{const n=t.data;n&&n.deviceId?(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0,r(t.next)):i(new s.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}})).catch(i)}))}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}c.NAME="device/passive/register",t.default=c},1044:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350));class s{constructor(e){this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.name=s.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{e.getDeviceRegistration().then((i=>{i?this.verify(e,i).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendUrl}).then((t=>this.register(e,t))).then(t).catch(r)})).catch(r)}))}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise(((r,i)=>{t.getAuthRegistration(e.challenge).then((n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n]}).then((n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const s=n.data.deviceId;s||i(new o.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=s,t.deviceId=s,this.log.debug("Device ID: "+s),e.platform.deviceAuth.storeRegistration(t).then((()=>r(n.next))).catch(i)}})).catch(i)}))}))}verify(e,t){return this.log.trace("Verifying"),new Promise(((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then((n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n}).then((e=>{e.error?i(new o.default(e.error.message,e.error.code,e.next,!1)):r(e.next)})).catch(i)}))}else i(new o.default("Failed to initiate verification, DeviceId is missing"))}))}}s.NAME="device/passive/silent",t.default=s},6736:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(1727),o=i(r(8607)),s=i(r(1044)),a=r(2102),c=i(r(3350)),l=r(4817),u=r(3225);class d extends u.AuthStatusActions{constructor(e){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null)}register(e){return this.log.trace("Registering"),new Promise(((t,r)=>{const i=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:i||void 0}).then((n=>{if(n.error)r(new c.default(n.error.message,n.error.code,n.next));else{let s=n.data.credCreateOptions;s.challenge=o.default.bufferDecode(s.challenge),s.user.id=o.default.bufferDecode(s.user.id),i&&(s.user.displayName=i),s.excludeCredentials&&s.excludeCredentials.forEach((e=>{e.id=o.default.bufferDecode(e.id)})),e.platform.webauthn.createCredentials({publicKey:s}).then((i=>{i?(e.credential=i,t(n.next)):r(new c.default("Failed to create FIDO2 credentials"))})).catch(r)}})).catch(r)}))}verify(e){return this.log.trace("Verifying"),new Promise(((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then((i=>{var n;if(i.error)r(new c.default(i.error.message,i.error.code,i.next));else{let s=i.data.credRequestOptions;s.challenge=o.default.bufferDecode(s.challenge),s.allowCredentials&&(null===(n=s.allowCredentials)||void 0===n||n.forEach((e=>{e.id=o.default.bufferDecode(e.id)}))),e.platform.webauthn.getCredentials({publicKey:s}).then((n=>{n?(e.credential=n,t(i.next)):r(new Error("Failed to load FIDO2 credentials"))})).catch(r)}})).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))}))}}t.DevicePassiveActions=d;class h extends d{constructor(e,t){super(e),this.name=h.NAME,this.role=null!=t?t:l.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==l.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(s.default.NAME):this.register(e):Promise.resolve(s.default.NAME)}}h.NAME="device/passive",t.default=h},1474:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(6736);class o extends n.DevicePassiveActions{constructor(e){super(e),this.name=o.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):this.register(e):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}o.NAME="device/passive/stepup",t.default=o},1840:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(8607)),o=r(1727),s=i(r(3350));class a{constructor(){this.log=o.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise(((t,r)=>{const i=e.credential,o=i.response;e.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==i?void 0:i.type,id:null==i?void 0:i.id,rawId:n.default.bufferEncode(null==i?void 0:i.rawId),response:{authenticatorData:n.default.bufferEncode(o.authenticatorData),clientDataJSON:n.default.bufferEncode(o.clientDataJSON),signature:n.default.bufferEncode(o.signature),userHandle:o.userHandle?n.default.bufferEncode(o.userHandle):void 0}}}).then((i=>{if(i.error)r(new s.default(i.error.message,i.error.code,i.next));else{const r=i.data;r&&r.scanMessage?e.authMessage=r.scanMessage:this.log.warn("No data was received in the response"),t(i.next)}})).catch(r)}))}}a.NAME="device/passive/verify",t.default=a},2207:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(3350));class o{constructor(){this.name=""}execute(e){return new Promise(((t,r)=>{var i,o,s;let a=null===(s=null===(o=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===o?void 0:o.auths.unvsl)||void 0===s?void 0:s.ftu;if(void 0!==a&&a){a+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}a+=`&next=${i}`,e.platform.urlRedirect(a),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))}))}}t.DeviceUniversalRedirectBaseStep=o;class s extends o{constructor(){super(...arguments),this.name=s.NAME}}s.NAME="redirect/finish",t.DeviceUniversalRedirectFinishStep=s;class a extends o{constructor(){super(...arguments),this.name=a.NAME}}a.NAME="redirect/exchange",t.DeviceUniversalRedirectExchangeStep=a},9790:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(1044));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,a;if(this.forUPK)t(s.default.NAME);else{let s=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==s&&s?(s+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(s),t("")):r(new o.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}}))}}a.NAME="device/universal",t.default=a},5186:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},9568:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(7370)),o=r(1727),s=i(r(4610)),a=i(r(1204)),c=i(r(3350)),l=i(r(6105)),u=i(r(5186));class d{constructor(e,t,r,i){if(this.steps=new Map,!e)throw new Error("Implementation of Platform is required");if(!t)throw new Error("Implementation of Storage is required");if(this.log=o.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=new n.default(t),i)for(let e of i)this.steps.set(e.name,e)}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default(((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const o=new a.default(this.settings,this.platform,e);var n=this.process(o);i((()=>n.cancel())),n.then((()=>{var e;if(o.lastStep!==d.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:o.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()})).then(t).catch(r)}catch(e){r(e)}}))}unregisterDevice(){return this.isDeviceRegistered()?new Promise(((e,t)=>{this.unregister("/v1/client/device/unregister").then((()=>{this.resetDeviceSettings(),e()})).catch(t)})):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise(((e,t)=>{this.unregister("/v1/client/stepup/unregister").then((()=>{this.settings.fidoPasskeyRegistered=!1,e()})).catch(t)})):Promise.resolve()}unregister(e){return new Promise(((t,r)=>{try{new a.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then((e=>{e.error?r(new c.default(e.error.message,e.error.code,e.next)):t()})).catch(r)}catch(e){r(e)}}))}process(e){return new s.default(((t,r,i)=>{i((()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()})),this.nextStep(e,e.next,1).then(t).catch(r)}))}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise(((i,n)=>{[d.AUTH_DONE,d.AUTH_EMPTY].includes(t)?i():r>d.MAX_ATTEMPTS?n(new c.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch((t=>new l.default(t).execute(e).then((t=>this.nextStep(e,t,r+1))).then(i).catch(n)))}))}getNextStep(e){return this.steps.get(e)||new l.default("Unknown authentication step: "+e)}}d.AUTH_DONE="done",d.AUTH_EMPTY="",d.MAX_ATTEMPTS=50,t.default=d},7625:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727),s=r(4817),a=i(r(5186));class c{constructor(e,t){this.name=c.NAME,this.log=o.LoggerFactory.getLogger("mobile-instant-step"),this.errorCodeBak=a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE,this.implementation=e,t?(this.getDeviceIp=t,this.deviceIpDetection=!1):(this.getDeviceIp=()=>null,this.deviceIpDetection=!0)}execute(e){return new Promise(((t,r)=>{let i=e.platform.getMobileAuthBuilder().withDeviceIpDetection(this.deviceIpDetection);switch(this.implementation){case s.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case s.MobileAuthImplementation.Fetch:i=i.withFetchImplementation().withFinishStep((t=>new Promise(((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t.vfp}).then(r).catch(i)}))))}i=i.withStartStep((t=>new Promise(((r,i)=>{const o=this.deviceIpDetection?t.deviceDescriptor.ip:this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:o,implementation:this.implementation}).then((e=>{var t;e.error?(this.nextBak=e.next,this.errorCodeBak=e.error.code,i(new n.default(e.error.message,e.error.code,e.next,!1))):r({authUrl:null===(t=e.data)||void 0===t?void 0:t.redirectUrl})})).catch(i)})))),i.build().authenticate().then((i=>{if(i){const e=i;e.error&&r(new n.default(i.error.message,i.error.code,i.next,!1)),t(e.next)}else e.fetchFromBackend("/v1/client/mobile/instant/finish",{}).then((e=>t(e.next))).catch((e=>{r(new n.default(i.error.message,i.error.code,i.next,!1))}))})).catch((e=>{r(new n.default(e,this.errorCodeBak,this.nextBak,!1))}))}))}}c.NAME="mobile/instant",t.default=c},3075:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=r(3794),s=i(r(3350)),a=r(3225);class c extends a.AuthStatusActions{constructor(e,t){super(),this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.getDeviceIp=null!=t?t:()=>null}execute(e){return this.log.trace("Executing"),new Promise(((t,r)=>{var i,n,o,s,a,c,l=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===o?void 0:o.mnp)&&(l=!1);var u=!1;(null===(c=null===(a=null===(s=e.claims)||void 0===s?void 0:s.auth.subs.mob)||void 0===a?void 0:a.auths.inln)||void 0===c?void 0:c.tme)&&(u=!0),this.runStartStep(e,l).then((i=>{this.runFinishStep(e,u).then((()=>this.waitForStatus(e))).then((e=>t(e))).catch(r)})).catch(r)}))}runStartStep(e,t,r){return new Promise(((i,n)=>{this.startStep?this.startStep.execute(t,r).then((r=>{e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then((r=>{var a,c,l;const u=r;if(u.error)n(new s.default(u.error.message,u.error.code,r.next,!1));else if(u.data){var d="";(null===(a=u.data)||void 0===a?void 0:a.code)&&(d+=`Error Code: ${u.data.code}, `),(null===(c=u.data)||void 0===c?void 0:c.message)?d+=`${u.data.message}`:d+="Error validating phone number";let r=new o.PhoneValidationError(d,null===(l=u.data)||void 0===l?void 0:l.code);this.log.error(`Server reports invalid phone number: ${d}`),this.runStartStep(e,t,r).then(i).catch(n)}else i(u.next)})).catch(n)})).catch(n):n(new Error("InstantLink start step must be specified"))}))}runFinishStep(e,t){return new Promise(((r,i)=>{t?(this.log.info("Simulating user clicking the instant link"),setTimeout((()=>{e.platform.fetch(e.backendUrl+"/v1/client/mobile/instantlink/finish?token="+encodeURIComponent(e.authToken)+"&vfp=test-vfp",{mode:"cors",method:"GET"}).then((e=>r())).catch(i)}),100)):r()}))}}c.NAME="mobile/instantlink",t.default=c},8907:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=r(8864),a=r(3794);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise(((t,r)=>{var i,n,o;if(this.otpStartStep)if(this.otpFinishStep){var s=!0;(null===(o=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===o?void 0:o.mnp)&&(s=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,s).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))}))}runOtpStartStep(e,t,r,i,n){return new Promise(((s,c)=>{t.execute(i,n).then((n=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating phone number";let o=new a.PhoneValidationError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${u}`),this.runOtpStartStep(e,t,r,i,o).then(s).catch(c)}else this.runOtpFinishStep(e,t,r,i).then(s).catch(c)})).catch(c)})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to start OTP flow: ${t}`))}))}))}runOtpFinishStep(e,t,r,i,n){return new Promise(((a,c)=>{r.execute(n).then((n=>{var l;let u=n;switch(u.resultType){case s.OtpFinishResultType.OnResendOtp:this.runOtpStartStep(e,t,r,i).then(a).catch(c);break;case s.OtpFinishResultType.OnSuccess:let n=u.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then((n=>{const l=n;if(l.error)c(new o.default(l.error.message,l.error.code,n.next,!1));else if(l.data){let n=l.data;var u="";(null==n?void 0:n.code)&&(u+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?u+=`${n.message}`:u+="Error validating OTP";let o=new s.OtpError(u,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${u}`),this.runOtpFinishStep(e,t,r,i,o).then(a).catch(c)}else a(n.next)})).catch(c)}})).catch((e=>{const t=o.default.extractMessage(e);c(new Error(`Failed to obtain OTP for verification: ${t}}`))}))}))}}c.NAME="mobile/otp",t.default=c},3794:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=o},8566:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.getUnixTime=t.arrayBufferToHexString=t.arrayBufferToString=t.stringToArrayBuffer=t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.DEVICE_CAPABILITY_WEBAUTHN="webauthn",t.stringToArrayBuffer=function(e){return(new TextEncoder).encode(e)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),(e=>("00"+e.toString(16)).slice(-2))).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)}},6105:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(1727),o=i(r(3350)),s=i(r(9568)),a=i(r(8370)),c=i(r(1044)),l=i(r(6736)),u=i(r(1840)),d=i(r(7625)),h=i(r(3075)),f=i(r(8907)),g=i(r(4704)),p=r(2207);class v{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message="Unknown error",this.reportable=!0,this.name="error",e instanceof o.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=o.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){let t=`Authentication step ${e.lastStep} failed`;return this._code&&(t=t+", code: "+this._code),this._message&&(t=t+", message: "+this._message),this.logger.error(t),this.nextStep===s.default.AUTH_DONE?Promise.resolve(s.default.AUTH_DONE):!this.nextStep||this.reportable?new Promise(((t,r)=>{const i=this.getKind(e.lastStep);e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then((e=>{t(e.next)})).catch(r)})):Promise.resolve(this.nextStep)}getKind(e){return e&&v.errorKinds.get(e)||"device/passive"}}v.errorKinds=new Map([[l.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[u.default.NAME,"device/fido2"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[f.default.NAME,"mobile/otp"],[g.default.NAME,"user/mobileactive"],[p.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[p.DeviceUniversalRedirectFinishStep.NAME,"device/universal"]]),t.default=v},1770:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727),n=r(8566),o=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise(((s,a)=>{this.session.getDeviceRegistration().then((c=>c&&c.deviceId?o.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then((n=>{const o=n[0],l=n[1],u=e+"\n"+t+"\n"+r+"\n"+i+"\n"+o+"\n"+l;c.sign(u).then((e=>s({version:"3",challenge:o,signature:e,keyId:c.keyId}))).catch(a)})).catch(a):(this.log.debug("No signing needed for "+t),void s(null)):(this.log.debug("Device not registered, cannot sign"),void s(null)))).catch(a)}))}getChallenge(e){return new Promise(((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then((e=>e)).then((e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))})).catch(r)}))}getHash(e){return new Promise(((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then((e=>t((0,n.arrayBufferToHexString)(e)))).catch(r)}))}}},1703:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350)),o=r(1727);class s{constructor(e){this.log=o.LoggerFactory.getLogger("scan-message-step"),this.name=s.NAME,this.authMessageHandler=e}execute(e){return new Promise(((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then((i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then((e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next)):t(e.next)}))})).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))}))}}s.NAME="scan/message",t.default=s},7370:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(1727);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",t.default=n},6185:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/mobileactive",t.default=o},4704:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(3350));class o{constructor(){this.name=o.NAME}execute(e){return new Promise(((e,t)=>{t(new n.default(`Step ${this.name} is not supported yet`))}))}}o.NAME="user/present",t.default=o},4781:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(1727),o=i(r(3350)),s=r(8566);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,s.getUnixTime)())}sign(e){return new Promise(((t,r)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,s.stringToArrayBuffer)(e)).then((e=>t(btoa((0,s.arrayBufferToString)(this.p1363ToDer(e)))))).catch(r)})).catch(r)}))}getPublicKey(){return new Promise(((e,t)=>{this.initialize().then((()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then((t=>{const r=btoa((0,s.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")})).catch(t)})).catch(t)}))}getAuthRegistration(e){return new Promise(((t,r)=>{this.sign(e).then((e=>{this.getPublicKey().then((r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})})).catch(r)})).catch(r)}))}initialize(){return new Promise(((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then((t=>{this.keys=t,e()})).catch(t)}))}p1363ToDer(e){const t=(0,s.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,o=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+o.length)/2).toString(16).padStart(2,"0")}${n}${o}`.match(/[\da-f]{2}/gi);return a?new Uint8Array(a.map((e=>parseInt(e,16)))):new Uint8Array}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),(e=>e.toString(16))).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise(((t,r)=>{t(new a(e))}))}getRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const o=i.result,s=o.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>o.close();const l=s.objectStore(c.DB_STORE).get(e);l.onsuccess=()=>{l.result?t(new a(l.result)):t(null)},l.onerror=e=>{r(new Error("Failed to access registration"))}}}))}storeRegistration(e){return new Promise(((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{const s=i.result,a=s.transaction([c.DB_STORE],"readwrite");a.oncomplete=()=>s.close();const l=a.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=l.put(e);u.onsuccess=()=>{this.log.trace("Registration saved")},u.onerror=e=>{r(new o.default("Failed to store registration"))},t()}}))}deleteRegistration(e){return new Promise(((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=n=>{var o=i.result,s=o.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>o.close(),!o.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var a=s.objectStore(c.DB_STORE).delete(e);a.onsuccess=()=>{t()},a.onerror=e=>{r(new Error("Failed to delete registration"))}}}))}reset(){return new Promise(((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database: "+t),e()}}))}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=t=>{const r=e.result;this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},1092:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const n=r(8266),o=r(8566),s=i(r(1770)),a=i(r(4781));class c{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=c,t.WebPlatform=class{constructor(){this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new a.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new c(e)}createRequestSigner(e){return new s.default(e)}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new n.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}}},8864:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(3350));class o extends n.default{constructor(e,t){super(e,t)}}var s;t.OtpError=o,(s=t.OtpFinishResultType||(t.OtpFinishResultType={}))[s.OnSuccess=0]="OnSuccess",s[s.OnResendOtp=1]="OnResendOtp"},6462:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="2.4.5",t.API_CONTRACT_VERSION="2.7.0",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var o=t[i]={exports:{}};return e[i].call(o.exports,o,o.exports,r),o.exports}(3607)})()));