@prove-identity/prove-auth 2.7.1 → 2.9.0

package/build/lib/proveauth/internal/device-passive-step.js

@@ -11,57 +11,51 @@ const auth_token_claims_1 = require("./auth-token-claims");
 const auth_error_1 = __importDefault(require("./auth-error"));
 const authenticator_builder_1 = require("../authenticator-builder");
 const auth_status_actions_1 = require("./auth-status-actions");
+const fido_options_error_1 = require("./fido-options-error");
+const auth_response_status_1 = require("./auth-response-status");
 class DevicePassiveActions extends auth_status_actions_1.AuthStatusActions {
-    constructor(getDisplayName) {
+    constructor(getDisplayName, handler) {
         super();
         this.log = logger_1.LoggerFactory.getLogger('device-passive-actions');
         this.getDisplayName = getDisplayName ? getDisplayName : () => null;
+        this.handler = handler;
     }
-    register(session) {
-        this.log.trace('Registering');
+    register(session, signals) {
+        this.log.trace('Registering Passkey');
         return new Promise((resolve, reject) => {
             const displayName = this.getDisplayName();
             session
                 .fetchFromBackend('/v1/client/device/fido2/register/start', {
                 displayName: displayName ? displayName : undefined,
+                signals: signals,
             })
                 .then((response) => {
+                var _a, _b;
                 if (response.error) {
-                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                 }
                 else {
-                    let options = response.data.credCreateOptions;
-                    options.challenge = base64_1.default.bufferDecode(options.challenge);
-                    options.user.id = base64_1.default.bufferDecode(options.user.id);
-                    if (displayName) {
-                        options.user.displayName = displayName;
+                    const creationOptions = (_a = response.data) === null || _a === void 0 ? void 0 : _a.credCreateOptions;
+                    const requestOptions = (_b = response.data) === null || _b === void 0 ? void 0 : _b.credRequestOptions;
+                    if (creationOptions) {
+                        this.createCredentials(session, displayName, creationOptions, response)
+                            .then(resolve)
+                            .catch(reject);
+                    }
+                    else if (requestOptions) {
+                        this.getCredentials(session, requestOptions, response).then(resolve).catch(reject);
                     }
-                    if (options.excludeCredentials) {
-                        options.excludeCredentials.forEach((i) => {
-                            i.id = base64_1.default.bufferDecode(i.id);
-                        });
+                    else {
+                        const error = new auth_error_1.default(DevicePassiveActions.NO_CREDS_FOUND);
+                        reject(error);
                     }
-                    session.platform.webauthn
-                        .createCredentials({
-                        publicKey: options,
-                    })
-                        .then((credential) => {
-                        if (!credential) {
-                            reject(new auth_error_1.default('Failed to create FIDO2 credentials'));
-                        }
-                        else {
-                            session.credential = credential;
-                            resolve(response.next);
-                        }
-                    })
-                        .catch(reject);
                 }
             })
                 .catch(reject);
         });
     }
     verify(session) {
-        this.log.trace('Verifying');
+        this.log.trace('Verifying Passkey');
         return new Promise((resolve, reject) => {
             if (session.settings.deviceId) {
                 session
@@ -69,46 +63,150 @@ class DevicePassiveActions extends auth_status_actions_1.AuthStatusActions {
                     deviceId: session.settings.deviceId,
                 })
                     .then((response) => {
-                    var _a;
                     if (response.error) {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                     }
                     else {
-                        let options = response.data.credRequestOptions;
-                        options.challenge = base64_1.default.bufferDecode(options.challenge);
-                        if (options.allowCredentials) {
-                            (_a = options.allowCredentials) === null || _a === void 0 ? void 0 : _a.forEach((i) => {
-                                i.id = base64_1.default.bufferDecode(i.id);
-                            });
-                        }
-                        session.platform.webauthn
-                            .getCredentials({
-                            publicKey: options,
-                        })
-                            .then((credential) => {
-                            if (!credential) {
-                                reject(new Error('Failed to load FIDO2 credentials'));
+                        const options = response.data.credRequestOptions;
+                        this.getCredentials(session, options, response).then(resolve).catch(reject);
+                    }
+                })
+                    .catch(reject);
+            }
+            else {
+                reject(new auth_error_1.default('Failed to start verification, DeviceId is missing'));
+            }
+        });
+    }
+    createCredentials(session, displayName, options, response) {
+        this.log.trace('Trying create new FIDO credentials');
+        return new Promise((resolve, reject) => {
+            options.challenge = base64_1.default.bufferDecode(options.challenge);
+            options.user.id = base64_1.default.bufferDecode(options.user.id);
+            if (displayName) {
+                options.user.displayName = displayName;
+            }
+            if (options.excludeCredentials) {
+                options.excludeCredentials.forEach((i) => {
+                    i.id = base64_1.default.bufferDecode(i.id);
+                });
+            }
+            if (options.authenticatorSelection) {
+                options.authenticatorSelection.residentKey = 'preferred';
+                options.authenticatorSelection.requireResidentKey = false;
+            }
+            else {
+                options.authenticatorSelection = {
+                    residentKey: 'preferred',
+                    requireResidentKey: false,
+                };
+            }
+            const fidoCreationOptions = {
+                publicKey: options,
+            };
+            session.platform.webauthn
+                .createCredentials(fidoCreationOptions)
+                .then((credential) => {
+                if (!credential) {
+                    reject(new auth_error_1.default('Failed to create FIDO2 credentials'));
+                }
+                else {
+                    session.credential = credential;
+                    resolve(response.next);
+                }
+            })
+                .catch((error) => {
+                const fidoCreationError = fido_options_error_1.FidoOptionsError.identifyRegistrationError({
+                    error: error,
+                    options: fidoCreationOptions,
+                    platform: session.platform,
+                });
+                if (fidoCreationError instanceof fido_options_error_1.FidoOptionsError &&
+                    fidoCreationError.name === 'InvalidStateError') {
+                    if (this.handler) {
+                        this.log.trace('Passkey handler callback has been defined');
+                        this.handler()
+                            .then((userResponse) => {
+                            if (userResponse === auth_response_status_1.AuthResponseStatus.Accept) {
+                                this.parseCredRequestOptions(response, session).then(resolve).catch(reject);
                             }
                             else {
-                                session.credential = credential;
-                                resolve(response.next);
+                                reject(new auth_error_1.default(`${DevicePassiveActions.USER_NOT_ACCEPTING_RESPONSE}: ${userResponse}`));
+                                return;
                             }
                         })
                             .catch(reject);
                     }
-                })
-                    .catch(reject);
+                    else {
+                        this.log.trace('Passkey handler callback is null, go ahead with passkey discoverable as default behavior');
+                        this.parseCredRequestOptions(response, session).then(resolve).catch(reject);
+                    }
+                }
+                else {
+                    reject(fidoCreationError);
+                }
+            });
+        });
+    }
+    parseCredRequestOptions(response, session) {
+        return new Promise((resolve, reject) => {
+            const data = response.data;
+            if (data.credRequestOptions) {
+                const requestOptions = data.credRequestOptions;
+                this.getCredentials(session, requestOptions, response).then(resolve).catch(reject);
             }
             else {
-                reject(new auth_error_1.default('Failed to start verification, DeviceId is missing'));
+                reject(new auth_error_1.default(DevicePassiveActions.NO_REQUEST_CREDS_FOUND));
+            }
+        });
+    }
+    getCredentials(session, options, response) {
+        this.log.trace('Trying get existing FIDO credentials');
+        return new Promise((resolve, reject) => {
+            var _a, _b;
+            if (((_a = options.allowCredentials) === null || _a === void 0 ? void 0 : _a.length) == 0) {
+                reject(new auth_error_1.default('AllowCredentials array should not be empty when call getCredentials()'));
+            }
+            else {
+                options.challenge = base64_1.default.bufferDecode(options.challenge);
+                if (options.allowCredentials) {
+                    (_b = options.allowCredentials) === null || _b === void 0 ? void 0 : _b.forEach((i) => {
+                        i.id = base64_1.default.bufferDecode(i.id);
+                    });
+                }
+                const fidoRequestOptions = {
+                    publicKey: options,
+                };
+                session.platform.webauthn
+                    .getCredentials(fidoRequestOptions)
+                    .then((credential) => {
+                    if (!credential) {
+                        reject(new auth_error_1.default('Failed to load FIDO2 credentials'));
+                    }
+                    else {
+                        session.credential = credential;
+                        resolve(response.next);
+                    }
+                })
+                    .catch((error) => {
+                    const fidoAuthenticationError = fido_options_error_1.FidoOptionsError.identifyAuthenticationError({
+                        error: error,
+                        options: fidoRequestOptions,
+                        platform: session.platform,
+                    });
+                    reject(fidoAuthenticationError);
+                });
             }
         });
     }
 }
+DevicePassiveActions.NO_REQUEST_CREDS_FOUND = 'Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload';
+DevicePassiveActions.NO_CREDS_FOUND = 'Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload';
+DevicePassiveActions.USER_NOT_ACCEPTING_RESPONSE = 'User not accepting to continue by reusing the existing passkey with user response';
 exports.DevicePassiveActions = DevicePassiveActions;
 class DevicePassiveStep extends DevicePassiveActions {
-    constructor(getDisplayName, role) {
-        super(getDisplayName);
+    constructor(getDisplayName, handler, role) {
+        super(getDisplayName, handler);
         this.name = DevicePassiveStep.NAME;
         this.role = role !== null && role !== void 0 ? role : authenticator_builder_1.DeviceRole.Primary;
         this.log = logger_1.LoggerFactory.getLogger('device-passive-step');
@@ -127,7 +225,29 @@ class DevicePassiveStep extends DevicePassiveActions {
             }
             return Promise.resolve(device_passive_silent_step_1.default.NAME);
         }
-        return this.register(session);
+        return new Promise((resolve, reject) => {
+            session
+                .getFingerprintData()
+                .then((signal) => {
+                const signals = {
+                    fingerprint: signal,
+                };
+                session.embedDarwiniumSignal(signals);
+                this.register(session, signals).then(resolve).catch(reject);
+            })
+                .catch((error) => {
+                const errorMsg = `Unexpected error happened during Fingerprint data collection: ${error.message}`;
+                this.log.warn(errorMsg);
+                this.log.warn(error);
+                const signals = {
+                    fingerprint: {
+                        error: errorMsg,
+                    },
+                };
+                session.embedDarwiniumSignal(signals);
+                this.register(session, signals).then(resolve).catch(reject);
+            });
+        });
     }
 }
 DevicePassiveStep.NAME = 'device/passive';

package/build/lib/proveauth/internal/device-passive-stepup-step.d.ts

@@ -1,9 +1,10 @@
+import { PasskeyAlreadyExistCallback } from '../authenticator-builder';
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
 import { DevicePassiveActions } from './device-passive-step';
 export default class DevicePassiveStepupStep extends DevicePassiveActions implements AuthStep {
     static readonly NAME = "device/passive/stepup";
     readonly name = "device/passive/stepup";
-    constructor(getDisplayName?: () => string | null);
+    constructor(getDisplayName?: () => string | null, handler?: PasskeyAlreadyExistCallback);
     execute(session: AuthSession): Promise<string>;
 }

package/build/lib/proveauth/internal/device-passive-stepup-step.js

@@ -3,8 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = require("../common/logger");
 const device_passive_step_1 = require("./device-passive-step");
 class DevicePassiveStepupStep extends device_passive_step_1.DevicePassiveActions {
-    constructor(getDisplayName) {
-        super(getDisplayName);
+    constructor(getDisplayName, handler) {
+        super(getDisplayName, handler);
         this.name = DevicePassiveStepupStep.NAME;
         this.log = logger_1.LoggerFactory.getLogger('device-passive-stepup-step');
     }
@@ -18,7 +18,29 @@ class DevicePassiveStepupStep extends device_passive_step_1.DevicePassiveActions
         if (session.settings.fidoPasskeyRegistered) {
             return Promise.reject(new Error('FIDO2 Passkey is already registered'));
         }
-        return this.register(session);
+        return new Promise((resolve, reject) => {
+            session
+                .getFingerprintData()
+                .then((signal) => {
+                const signals = {
+                    fingerprint: signal,
+                };
+                session.embedDarwiniumSignal(signals);
+                this.register(session, signals).then(resolve).catch(reject);
+            })
+                .catch((error) => {
+                const errorMsg = `Unexpected error happened during Fingerprint data collection: ${error.message}`;
+                this.log.warn(errorMsg);
+                this.log.warn(error);
+                const signals = {
+                    fingerprint: {
+                        error: errorMsg,
+                    },
+                };
+                session.embedDarwiniumSignal(signals);
+                this.register(session, signals).then(resolve).catch(reject);
+            });
+        });
     }
 }
 DevicePassiveStepupStep.NAME = 'device/passive/stepup';

package/build/lib/proveauth/internal/device-passive-verify-step.d.ts

@@ -1,10 +1,11 @@
 import AuthSession from './auth-session';
 import AuthStep from './auth-step';
-import { Signals } from './auth-request';
+import { Logger } from '../common/logger';
 export default class DevicePassiveVerifyStep implements AuthStep {
     static readonly NAME = "device/passive/verify";
     private readonly log;
     readonly name = "device/passive/verify";
     execute(session: AuthSession): Promise<string>;
-    runFidoVerifyFinish(session: AuthSession, signals?: Signals): Promise<string>;
+    static runFidoVerify(log: Logger, session: AuthSession): Promise<string>;
+    private static makeFidoVerifyFinishRequest;
 }

package/build/lib/proveauth/internal/device-passive-verify-step.js

@@ -12,23 +12,33 @@ class DevicePassiveVerifyStep {
         this.name = DevicePassiveVerifyStep.NAME;
     }
     execute(session) {
+        return new Promise((resolve, reject) => {
+            DevicePassiveVerifyStep.runFidoVerify(this.log, session).then(resolve).catch(reject);
+        });
+    }
+    static runFidoVerify(log, session) {
         return new Promise((resolve, reject) => {
             session
                 .getFingerprintData()
                 .then((signal) => {
-                const signals = signal ? { fingerprint: signal } : undefined;
-                this.runFidoVerifyFinish(session, signals).then(resolve).catch(reject);
+                const signals = { fingerprint: signal };
+                session.embedDarwiniumSignal(signals);
+                DevicePassiveVerifyStep.makeFidoVerifyFinishRequest(log, session, signals)
+                    .then(resolve)
+                    .catch(reject);
             })
                 .catch((error) => {
-                var errorMsg = `Unexpected error happened during Fingerprint data collection ${error.toString}`;
-                this.log.warn(errorMsg);
-                this.runFidoVerifyFinish(session, { fingerprint: { error: errorMsg } })
+                const errorMsg = `Unexpected error happened during Fingerprint data collection ${error.toString}`;
+                log.warn(errorMsg);
+                const signals = { fingerprint: { error: errorMsg } };
+                session.embedDarwiniumSignal(signals);
+                DevicePassiveVerifyStep.makeFidoVerifyFinishRequest(log, session, signals)
                     .then(resolve)
                     .catch(reject);
             });
         });
     }
-    runFidoVerifyFinish(session, signals) {
+    static makeFidoVerifyFinishRequest(log, session, signals) {
         return new Promise((resolve, reject) => {
             const credential = session.credential;
             const assertion = credential.response;
@@ -51,16 +61,25 @@ class DevicePassiveVerifyStep {
             })
                 .then((response) => {
                 if (response.error) {
-                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                 }
                 else {
                     const data = response.data;
-                    if (data && data.scanMessage) {
-                        session.authMessage = data.scanMessage;
+                    if (data) {
+                        if (data.deviceId) {
+                            session.settings.deviceId = data.deviceId;
+                        }
+                        if (data.passkey) {
+                            session.settings.fidoPasskeyRegistered = true;
+                        }
+                        if (data.scanMessage) {
+                            session.authMessage = data.scanMessage;
+                        }
                     }
                     else {
-                        this.log.warn('No data was received in the response');
+                        log.warn('No data was received in the response');
                     }
+                    session.settings.fidoPasskeyRegistered = true;
                     resolve(response.next);
                 }
             })

package/build/lib/proveauth/internal/fido-options-error.d.ts

@@ -0,0 +1,30 @@
+import Platform from './platform';
+export declare class FidoOptionsError extends Error {
+    static readonly MISSING_PUBLIC_KEY_PROPERTY = "options missing publicKey property";
+    static readonly ABORT_SIGNAL = "Authentication was sent an abort signal";
+    static readonly INVALID_STATE_ERROR = "The authenticator was already registered";
+    static readonly UNKNOWN_ERROR = "Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential";
+    static readonly SECURITY_ERROR_FOUND = "Security error found";
+    static readonly INVALID_RP_ID = "The rp.id is not valid for the current domain";
+    static readonly CONSTRAINT_ERROR = "Discoverable credentials is required but found no matching supported authenticator";
+    static readonly USER_VERIFICATION_NOT_POSSILE = "User verification is required during automatic registration but this could not be performed";
+    static readonly NO_MATCHING_AUTHENTICATOR = "User verification is required but found no matching supported authenticator";
+    static readonly INVALID_CRED_PARAMS = "No entry in pubKeyCredParams having the type of public-key";
+    static readonly NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO = "No available authenticator supported any of the specified pubKeyCredParams algorithms";
+    static readonly INVALID_USER_ID_LENGTH = "User ID has invalid length";
+    constructor({ message, cause, name }: {
+        message: string;
+        cause: Error;
+        name?: string;
+    });
+    static identifyAuthenticationError({ error, options, platform, }: {
+        error: Error;
+        options: CredentialRequestOptions;
+        platform: Platform;
+    }): FidoOptionsError | Error;
+    static identifyRegistrationError({ error, options, platform, }: {
+        error: Error;
+        options: CredentialCreationOptions;
+        platform: Platform;
+    }): FidoOptionsError | Error;
+}

package/build/lib/proveauth/internal/fido-options-error.js

@@ -0,0 +1,161 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FidoOptionsError = void 0;
+class FidoOptionsError extends Error {
+    constructor({ message, cause, name }) {
+        super(message, { cause });
+        this.name = name !== null && name !== void 0 ? name : cause.name;
+    }
+    static identifyAuthenticationError({ error, options, platform, }) {
+        const { publicKey } = options;
+        if (!publicKey) {
+            return new FidoOptionsError({
+                message: FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY,
+                cause: new Error(FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY),
+            });
+        }
+        if (error.name === 'AbortError') {
+            if (options.signal instanceof AbortSignal) {
+                return new FidoOptionsError({
+                    message: FidoOptionsError.ABORT_SIGNAL,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'NotAllowedError') {
+            return new FidoOptionsError({
+                message: error.message,
+                cause: error,
+            });
+        }
+        else if (error.name === 'SecurityError') {
+            const currentDomain = platform.getOrigin();
+            if (publicKey.rpId !== currentDomain) {
+                return new FidoOptionsError({
+                    message: `${FidoOptionsError.INVALID_RP_ID}: ${publicKey.rpId}`,
+                    cause: error,
+                });
+            }
+            else {
+                return new FidoOptionsError({
+                    message: `${FidoOptionsError.SECURITY_ERROR_FOUND}: ${error.message}`,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'UnknownError') {
+            return new FidoOptionsError({
+                message: FidoOptionsError.UNKNOWN_ERROR,
+                cause: error,
+            });
+        }
+        return error;
+    }
+    static identifyRegistrationError({ error, options, platform, }) {
+        var _a, _b, _c;
+        const { publicKey } = options;
+        if (!publicKey) {
+            return new FidoOptionsError({
+                message: FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY,
+                cause: new Error(FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY),
+            });
+        }
+        if (error.name === 'InvalidStateError') {
+            return new FidoOptionsError({
+                message: FidoOptionsError.INVALID_STATE_ERROR,
+                cause: error,
+            });
+        }
+        else if (error.name === 'AbortError') {
+            if (options.signal instanceof AbortSignal) {
+                return new FidoOptionsError({
+                    message: this.ABORT_SIGNAL,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'ConstraintError') {
+            if (((_a = publicKey.authenticatorSelection) === null || _a === void 0 ? void 0 : _a.requireResidentKey) === true) {
+                return new FidoOptionsError({
+                    message: this.CONSTRAINT_ERROR,
+                    cause: error,
+                });
+            }
+            else if (options.mediation === 'conditional' &&
+                ((_b = publicKey.authenticatorSelection) === null || _b === void 0 ? void 0 : _b.userVerification) === 'required') {
+                return new FidoOptionsError({
+                    message: this.USER_VERIFICATION_NOT_POSSILE,
+                    cause: error,
+                });
+            }
+            else if (((_c = publicKey.authenticatorSelection) === null || _c === void 0 ? void 0 : _c.userVerification) === 'required') {
+                return new FidoOptionsError({
+                    message: this.NO_MATCHING_AUTHENTICATOR,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'NotAllowedError') {
+            return new FidoOptionsError({
+                message: error.message,
+                cause: error,
+            });
+        }
+        else if (error.name === 'NotSupportedError') {
+            const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
+            if (validPubKeyCredParams.length === 0) {
+                return new FidoOptionsError({
+                    message: this.INVALID_CRED_PARAMS,
+                    cause: error,
+                });
+            }
+            return new FidoOptionsError({
+                message: FidoOptionsError.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO,
+                cause: error,
+            });
+        }
+        else if (error.name === 'SecurityError') {
+            const currentDomain = platform.getOrigin();
+            if (publicKey.rp.id !== currentDomain) {
+                return new FidoOptionsError({
+                    message: `${FidoOptionsError.INVALID_RP_ID}: ${publicKey.rp.id}`,
+                    cause: error,
+                });
+            }
+            else {
+                return new FidoOptionsError({
+                    message: `${FidoOptionsError.SECURITY_ERROR_FOUND}: ${error.message}`,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'TypeError') {
+            if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+                return new FidoOptionsError({
+                    message: FidoOptionsError.INVALID_USER_ID_LENGTH,
+                    cause: error,
+                });
+            }
+        }
+        else if (error.name === 'UnknownError') {
+            return new FidoOptionsError({
+                message: FidoOptionsError.UNKNOWN_ERROR,
+                cause: error,
+            });
+        }
+        return error;
+    }
+}
+FidoOptionsError.MISSING_PUBLIC_KEY_PROPERTY = 'options missing publicKey property';
+FidoOptionsError.ABORT_SIGNAL = 'Authentication was sent an abort signal';
+FidoOptionsError.INVALID_STATE_ERROR = 'The authenticator was already registered';
+FidoOptionsError.UNKNOWN_ERROR = 'Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential';
+FidoOptionsError.SECURITY_ERROR_FOUND = 'Security error found';
+FidoOptionsError.INVALID_RP_ID = 'The rp.id is not valid for the current domain';
+FidoOptionsError.CONSTRAINT_ERROR = 'Discoverable credentials is required but found no matching supported authenticator';
+FidoOptionsError.USER_VERIFICATION_NOT_POSSILE = 'User verification is required during automatic registration but this could not be performed';
+FidoOptionsError.NO_MATCHING_AUTHENTICATOR = 'User verification is required but found no matching supported authenticator';
+FidoOptionsError.INVALID_CRED_PARAMS = 'No entry in pubKeyCredParams having the type of public-key';
+FidoOptionsError.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO = 'No available authenticator supported any of the specified pubKeyCredParams algorithms';
+FidoOptionsError.INVALID_USER_ID_LENGTH = 'User ID has invalid length';
+exports.FidoOptionsError = FidoOptionsError;

package/build/lib/proveauth/internal/main-authenticator.js

@@ -110,7 +110,7 @@ class MainAuthenticator {
                 })
                     .then((response) => {
                     if (response.error) {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
                     }
                     else {
                         resolve();