@prove-identity/prove-auth 3.0.3 → 3.1.1

package/build/bundle/release/prove-auth.js

@@ -1 +1 @@
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,()=>(()=>{"use strict";var e={189:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(2473),s=i(r(9316)),o=r(9922);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,o.getUnixTime)())}setFpSignal(e){this.fingerprint=e}sign(e){return new Promise((t,r)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,o.stringToArrayBuffer)(e)).then(e=>t(btoa((0,o.arrayBufferToString)(this.p1363ToDer(e))))).catch(r)}).catch(r)})}getPublicKey(){return new Promise((e,t)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then(t=>{const r=btoa((0,o.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")}).catch(t)}).catch(t)})}getAuthRegistration(e){return new Promise((t,r)=>{this.sign(e).then(e=>{this.getPublicKey().then(r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})}).catch(r)}).catch(r)})}getSignals(){return{fingerprint:this.fingerprint}}initialize(){return new Promise((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then(t=>{this.keys=t,e()}).catch(t)})}p1363ToDer(e){const t=(0,o.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,s=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+s.length)/2).toString(16).padStart(2,"0")}${n}${s}`.match(/[\da-f]{2}/gi),c=a?new Uint8Array(a.map(e=>parseInt(e,16))):new Uint8Array;return c.buffer.slice(c.byteOffset,c.byteOffset+c.byteLength)}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),e=>e.toString(16)).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise((t,r)=>{t(new a(e))})}getRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,s=n.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>n.close();const o=s.objectStore(c.DB_STORE).get(e);o.onerror=e=>{this.log.error(e),r(new Error("Failed to access registration"))},o.onsuccess=()=>{o.result?t(new a(o.result)):t(null)}}})}storeRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,o=n.transaction([c.DB_STORE],"readwrite");o.oncomplete=()=>n.close();const a=o.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=a.put(e);u.onsuccess=()=>{this.log.trace("Registration saved"),t()},u.onerror=e=>{this.log.error(e),r(new s.default("Failed to store registration"))}}})}deleteRegistration(e){return new Promise((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{var n=i.target.result,s=n.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>n.close(),!n.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var o=s.objectStore(c.DB_STORE).delete(e);o.onsuccess=()=>{t()},o.onerror=e=>{this.log.error(e),r(new Error("Failed to delete registration"))}}})}reset(){return new Promise((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database"),this.log.warn(t),e()}})}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=e=>{var t;const r=null===(t=e.target)||void 0===t?void 0:t.result;r?(this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}):this.log.error("Failed to initialize registration database: database is null")},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},390:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=r(898),a=r(9306);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise((t,r)=>{var i,n,s;if(this.otpStartStep)if(this.otpFinishStep){var o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===s?void 0:s.mnp)&&(o=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,o).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))})}static validatePhoneNumberInput(e){if(null!=e)return"object"!=typeof e?new s.default("Input must be an object"):"phoneNumber"in e?"string"!=typeof e.phoneNumber?new s.default("phoneNumber field in the input must be a string"):void 0:new s.default("phoneNumber field in the input is missing")}runOtpStartStep(e,t,r,i,n){return new Promise((o,u)=>{t.execute(i,n).then(n=>{const l=c.validatePhoneNumberInput(n);l?u(l):e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating phone number";let s=new a.PhoneValidationError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${l}`),this.runOtpStartStep(e,t,r,i,s).then(o).catch(u)}else this.runOtpFinishStep(e,t,r,i).then(o).catch(u)}).catch(u)}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to start OTP flow: ${t}`))})})}static validateFinishResult(e){if(null==e||"object"!=typeof e)return new s.default("result should be a valid object");if(!("resultType"in e))return new s.default("resultType field in the result is missing");if(e.resultType===o.OtpFinishResultType.OnSuccess){const t=e.input;if(null==t||"object"!=typeof t)return new s.default("input should be a valid object when resultType field is set with OnSuccess value");if(!("otp"in t))return new s.default("otp field in the input is missing");if("string"!=typeof t.otp)return new s.default("otp field in the input must be a string")}}resendOtp(e,t,r,i){return new Promise((n,o)=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{}).then(a=>{const c=a;c.error?o(new s.default(c.error.message,c.error.code,a.next,!1)):this.runOtpFinishStep(e,t,r,i).then(n).catch(o)}).catch(o)})}runOtpFinishStep(e,t,r,i,n){return new Promise((a,u)=>{r.execute(n).then(n=>{var l;let d=n;const h=c.validateFinishResult(d);if(h)u(h);else switch(d.resultType){case o.OtpFinishResultType.OnResendOtp:this.resendOtp(e,t,r,i).then(a).catch(u);break;case o.OtpFinishResultType.OnSuccess:let n=d.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating OTP";const s=new o.OtpError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${l}`),this.runOtpFinishStep(e,t,r,i,s).then(a).catch(u)}else a(n.next)}).catch(u);break;case o.OtpFinishResultType.OnMobileNumberChange:this.runOtpStartStep(e,t,r,!0).then(a).catch(u)}}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to obtain OTP for verification: ${t}}`))})})}}c.NAME="mobile/otp",t.default=c},660:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.BuildConfig=void 0,function(e){e.DEV="DEV",e.US_UAT="US_UAT",e.US_PROD="US_PROD"}(r||(t.BuildConfig=r={}))},898:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}var o;t.OtpError=s,function(e){e[e.OnSuccess=0]="OnSuccess",e[e.OnResendOtp=1]="OnResendOtp",e[e.OnMobileNumberChange=2]="OnMobileNumberChange"}(o||(t.OtpFinishResultType=o={}))},931:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(2757)),o=n(r(3020)),a=n(r(8483)),c=n(r(1132)),u=r(5111),l=r(1027);t.default=class{constructor(){this.logger=u.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return this.logger.info(t),t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=c.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=o.default.create(t)):"3"===t.searchParams.get("pfflow")?(this.logger.info("flow v3 detected"),r=a.default.create((0,l.toURL)(e.authUrl.replace("&pfflow=3","")))):t.toString().toLowerCase().includes("authentication/validate/flowcontrol",0)?(this.logger.info("flow v3 detected"),r=a.default.create(t)):(this.logger.info("flow v1 detected"),r=s.default.create(t)),{vfp:yield r.handle()}})}}},1011:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/present",t.default=s},1027:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const s=r(5111),o=r(5166),a=r(7464),c=n(r(8525));t.toURL=function(e){try{return new u(e)}catch(t){throw new c.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,function*(){const t=e.status;switch(t){case 404:throw new c.default(o.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(o.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(o.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}})},t.fetchAuth=function(e,t){var r;const i=s.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},u=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${u} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(o.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const l={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(l["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:u,mode:"cors",headers:l,body:d}).then(e=>(i.debug(`${e.status} ${e.statusText}`),e))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,s=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),s.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,s.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,s.push(String.fromCharCode(r>>16))}return s.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class u{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex(t=>t.key===e);-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find(t=>t.key===e))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=u},1132:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const s=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,o=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(o,s)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,function*(){return new Promise(e=>{setTimeout(()=>e(this.testVfp),this.delay)})})}}t.default=i},1375:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const s=r(3743),o=r(9922),a=r(2473),c=n(r(8347)),u=n(r(189)),l=r(3040);class d{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=d,t.WebPlatform=class{constructor(){this.log=a.LoggerFactory.getLogger("web-platform"),this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new u.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new d(e)}createRequestSigner(e){return new c.default(e)}activateAuthID(e){return i(this,void 0,void 0,function*(){return l.AuthIDIntegration.instance.activateWebComponent(e)})}initFingerprintJS(e){l.FingerprintJSIntegration.instance.init(e)}getDataCollector(){return i(this,void 0,void 0,function*(){return l.FingerprintJSIntegration.instance.getDataCollector()})}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new s.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}getOrigin(){return window.location.origin}}},1554:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){const t=Uint8Array.from(atob(r.stringToBase64(e)),e=>e.charCodeAt(0));return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},2198:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceRole=void 0,function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(r||(t.DeviceRole=r={}))},2403:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super((r,i)=>e(r,i,e=>t=e)),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},2459:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{constructor(e){this.requestId=e.request_id,this.mnoToken=e.mno_token,this.mno=e.mno,this.expires=e.expires,this.firstUri=e.first_uri,this.uriStack=e.uri_stack,this.headers={},e.headers.forEach(e=>{this.headers[e.key]=e.value}),this.requestBody=e.request_body,this.command=e.command,this.vfpPath=e.vfp_path,this.redirectStatusMinimum=e.redirect_status_minimum,this.redirectStatusMaximum=e.redirect_status_maximum,this.enableCookies=e.enable_cookies,this.enableDynamicHeaders=e.enable_dynamic_headers,this.maximumRedirects=e.maximum_redirects}static serialize(e){return JSON.stringify(e)}static deserialize(e){return new r(JSON.parse(e))}}t.default=r},2473:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r||(t.LogLevel=r={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}t.LoggerFactory=i,i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info},2486:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(s)return;o();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let s=!1;const o=()=>{this.logger.trace("cleanup global callback"),s=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout(()=>{s||(o(),t(new Error("script loaded, but not executed")))},1e3)},n.onerror=()=>{this.logger.trace("script load error"),s||(o(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()})})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},2561:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},2681:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(5166),n=r(3796);class s extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,s),this.name="AuthProcessError",this.stepCode=e}}t.default=s},2713:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserDocVerifyStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("user-docv-verify-step"),this.enabled=e,this.startStep=t,this.finishStep=r}execute(e){if(!this.enabled)return Promise.reject(new s.default("Document Verification is not enabled"));if(!this.startStep)return Promise.reject(new s.default("Document Verification start step is required"));const t=()=>new Promise((t,r)=>{this.startStep.execute().then(i=>{e.fetchFromBackend("/v1/client/user/docv/start",{requestId:crypto.randomUUID(),documentType:i.documentType}).catch(r).then(e=>{var n,o;const a=e;a.error&&r(new s.default(a.error.message,a.error.code,a.next,!1));const c=a.data;t({documentType:i.documentType,operationId:null===(n=c.docv)||void 0===n?void 0:n.operationId,oneTimeSecret:null===(o=c.docv)||void 0===o?void 0:o.oneTimeSecret})})}).catch(r)}),r=e=>{try{return this.finishStep?this.finishStep.execute(e):Promise.resolve()}catch(e){return this.log.warn("Document Verification finish step has failed:",e),Promise.reject(e)}};return new Promise((i,n)=>{t().then(t=>{var o,a,c;this.log.debug("Activating AuthID web component"),e.platform.activateAuthID({endpointUrl:null===(c=null===(a=null===(o=e.claims)||void 0===o?void 0:o.auth.subs.usr)||void 0===a?void 0:a.auths.docv)||void 0===c?void 0:c.endp,ppbOperation:"enroll",operationId:t.operationId,oneTimeSecret:t.oneTimeSecret}).catch(e=>{this.log.error("AuthID web component failed:",e),r(e).then(()=>n(e))}).then(r=>(this.log.info("DocV authentication result",r),e.fetchFromBackend("/v1/client/user/docv/finish",{requestId:crypto.randomUUID(),operationId:t.operationId}))).then(e=>{var t,o;const a=e;if(a.error){const i=null!==(o=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==o?o:"Document verification failed";r(new Error(i)).then(()=>n(new s.default(e.error.message,e.error.code,e.next,!1)))}else r().then(()=>i(a.next))}).catch(n)}).catch(n)})}}t.UserDocVerifyStep=o,o.NAME="user/docv"},2746:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(2473),s=i(r(1554)),o=i(r(8324)),a=r(7657),c=i(r(9316)),u=r(2198),l=r(7968),d=r(9549),h=r(9726);class p extends l.AuthStatusActions{constructor(e,t){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null),this.handler=t}register(e,t){return this.log.trace("Registering Passkey"),new Promise((r,i)=>{const n=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:n||void 0,signals:t}).then(s=>{var o;if(s.error)i(new c.default(s.error.message,s.error.code,s.next,!1));else{(null===(o=null==t?void 0:t.fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=s.data,u=null==a?void 0:a.credCreateOptions,l=null==a?void 0:a.credRequestOptions;if(u)this.createCredentials(e,n,u,s).then(r).catch(i);else if(l)this.getCredentials(e,l,s).then(r).catch(i);else{const e=new c.default(p.NO_CREDS_FOUND);i(e)}}}).catch(i)})}verify(e){return this.log.trace("Verifying Passkey"),new Promise((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then(i=>{if(i.error)r(new c.default(i.error.message,i.error.code,i.next,!1));else{const n=i.data,s=null==n?void 0:n.credRequestOptions;this.getCredentials(e,s,i).then(t).catch(r)}}).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))})}createCredentials(e,t,r,i){return this.log.trace("Trying create new FIDO credentials"),new Promise((n,o)=>{r.challenge=s.default.bufferDecode(r.challenge),r.user.id=s.default.bufferDecode(r.user.id),t&&(r.user.displayName=t),r.excludeCredentials&&r.excludeCredentials.forEach(e=>{e.id=s.default.bufferDecode(e.id)});const a={publicKey:r};e.platform.webauthn.createCredentials(a).then(t=>{t?(e.credential=t,n(i.next)):o(new c.default("Failed to create FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyRegistrationError({error:t,options:a,platform:e.platform});r instanceof d.FidoOptionsError&&"InvalidStateError"===r.name?this.handler?(this.log.trace("Passkey handler callback has been defined"),this.handler().then(t=>{t===h.AuthResponseStatus.Accept?this.parseCredRequestOptions(i,e).then(n).catch(o):o(new c.default(`${p.USER_NOT_ACCEPTING_RESPONSE}: ${t}`))}).catch(o)):(this.log.trace("Passkey handler callback is null, go ahead with passkey discoverable as default behavior"),this.parseCredRequestOptions(i,e).then(n).catch(o)):o(r)})})}parseCredRequestOptions(e,t){return new Promise((r,i)=>{const n=e.data;if(null==n?void 0:n.credRequestOptions){const s=n.credRequestOptions;this.getCredentials(t,s,e).then(r).catch(i)}else i(new c.default(p.NO_REQUEST_CREDS_FOUND))})}getCredentials(e,t,r){return this.log.trace("Trying get existing FIDO credentials"),new Promise((i,n)=>{var o,a;if(0==(null===(o=t.allowCredentials)||void 0===o?void 0:o.length))n(new c.default("AllowCredentials array should not be empty when call getCredentials()"));else{t.challenge=s.default.bufferDecode(t.challenge),t.allowCredentials&&(null===(a=t.allowCredentials)||void 0===a||a.forEach(e=>{e.id=s.default.bufferDecode(e.id)}));const o={publicKey:t};e.platform.webauthn.getCredentials(o).then(t=>{t?(e.credential=t,i(r.next)):n(new c.default("Failed to load FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyAuthenticationError({error:t,options:o,platform:e.platform});n(r)})}})}}t.DevicePassiveActions=p,p.NO_REQUEST_CREDS_FOUND="Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload",p.NO_CREDS_FOUND="Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload",p.USER_NOT_ACCEPTING_RESPONSE="User not accepting to continue by reusing the existing passkey with user response";class f extends p{constructor(e,t,r){super(e,t),this.name=f.NAME,this.role=null!=r?r:u.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==u.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(o.default.NAME):new Promise((t,r)=>{e.getFingerprintData().then(i=>{const n={fingerprint:i};this.register(e,n).then(t).catch(r)}).catch(i=>{const n=`Unexpected error happened during Fingerprint data collection: ${i.message}`;this.log.warn(n),this.log.warn(i);const s={fingerprint:{error:n}};this.register(e,s).then(t).catch(r)})}):Promise.resolve(o.default.NAME)}}f.NAME="device/passive",t.default=f},2757:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=n(r(8525)),a=r(5166),c=r(1027);class u{static create(e){return e.searchParams.set("r","f"),new u(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new o.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const s=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${s}`);const o=null!==(t=s.searchParams.get("vfp"))&&void 0!==t?t:s.searchParams.get("token");if(o&&o!==i)return this.logger.debug(`vfp changed to ${o}`),o;n=s}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=u},2801:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473);class o{constructor(e){this.log=s.LoggerFactory.getLogger("scan-message-step"),this.name=o.NAME,this.authMessageHandler=e}execute(e){return new Promise((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then(i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then(e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next,!1)):t(e.next)})}).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))})}}o.NAME="scan/message",t.default=o},2958:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=void 0;const n=r(1375),s=i(r(9648)),o=i(r(2746)),a=i(r(7900)),c=i(r(9438)),u=i(r(4070)),l=i(r(390)),d=i(r(2801)),h=i(r(7466)),p=i(r(8324)),f=i(r(3922)),g=i(r(5462)),v=r(4934),m=i(r(4878)),_=r(2473),E=i(r(5620)),w=r(7651),S=r(2713),b=r(2198);var y;!function(e){e.Pixel="pixel",e.Fetch="fetch"}(y||(t.MobileAuthImplementation=y={})),t.default=class{constructor(){this.role=b.DeviceRole.Primary,this.mobileAuthImplementation=y.Fetch,this.upkEnabled=!1,this.ppbEnabled=!1,this.docvEnabled=!1,this.log=_.LoggerFactory.getLogger("authenticator-builder"),"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withDeviceContext(e){return this.deviceContextOptions=e,this}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e,t){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this.instantLinkRetryStep="function"==typeof t?{execute:t}:t,this}withUniversalProveKey(e){return this.userConsentStep=e?"function"==typeof e?{execute:e}:e:{execute:()=>Promise.resolve({consentGranted:!0})},this.upkEnabled=null!=this.userConsentStep,this}withPrivacyPreservingBiometrics(e,t){return this.ppbEnabled=!0,this.ppbStartStep="function"==typeof e?{execute:e}:e,this.ppbFinishStep="function"==typeof t?{execute:t}:t,this}withDocumentVerification(e,t){return this.docvEnabled=!0,this.docvStartStep="function"==typeof e?{execute:e}:e,this.docvFinishStep="function"==typeof t?{execute:t}:t,this}withPasskeyAlreadyExistCallback(e){return this.passkeyCreationHandler=e,this}build(){if(!this.platform)throw new Error("Implementation of Platform is required");if(!this.storage)throw new Error("Implementation of Storage is required");const e=new E.default(this.storage);e.upkEnabled=this.upkEnabled,this.deviceContextOptions&&this.platform.initFingerprintJS(this.deviceContextOptions);const t=this.getAuthSteps(this.role);return new m.default(this.platform,e,this.authFinishStep,t)}getAuthSteps(e){switch(this.role){case b.DeviceRole.Primary:return[new g.default(this.upkEnabled),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new o.default(this.getDisplayName,this.passkeyCreationHandler,this.role),new f.default(this.getDisplayName,this.passkeyCreationHandler),new p.default(this.upkEnabled,this.userConsentStep),new s.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new l.default(this.otpStartStep,this.otpFinishStep),new d.default(this.authMessageHandler),new h.default,new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new S.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];case b.DeviceRole.Secondary:return[new o.default(this.getDisplayName,void 0,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new S.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];default:throw new Error(`Unknown role: ${this.role}`)}}}},3020:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(5166),a=n(r(8525)),c=r(1027);class u{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,s,l;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{s=i.vfp}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{l=i.data}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new u(n,s,l,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=s.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const s=c.Base64.encode(n);return`${this.vfp}___${s}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(o.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}})}}t.default=u},3040:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.FingerprintJSIntegration=t.AuthIDIntegration=t.ExternalIntegration=void 0;const i=r(2473);class n{constructor(e){this.name=e,n.activate(this)}static getInstance(e){const t=n.instances;if(!t.has(e))throw new Error(`${e} integration is not available`);return t.get(e)}static activate(e){n.instances.has(e.name)?n.log.debug(`${e.name} integration already activated, ignoring`):(n.instances.set(e.name,e),n.log.info(`${e.name} integration activated`))}}t.ExternalIntegration=n,n.log=i.LoggerFactory.getLogger("external-integrations"),n.instances=new Map;class s extends n{static get instance(){return n.getInstance(s.NAME)}constructor(){super(s.NAME)}}t.AuthIDIntegration=s,s.NAME="AuthID";class o extends n{static get instance(){return n.getInstance(o.NAME)}constructor(){super(o.NAME)}}t.FingerprintJSIntegration=o,o.NAME="FingerprintJS"},3743:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(7464);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const s=i(r(9205));t.AuthenticatorBuilder=s.default;const o=r(5166);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return o.ErrorCode}});const a=r(3796);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(8182));t.DeviceDescriptor=c.default;const u=r(5111);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}})},3796:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},3922:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(2746);class s extends n.DevicePassiveActions{constructor(e,t){super(e,t),this.name=s.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):new Promise((t,r)=>{this.register(e).then(t).catch(r)}):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}s.NAME="device/passive/stepup",t.default=s},4070:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=r(5014),o=r(9306),a=i(r(9316)),c=r(7968),u=i(r(390));class l extends c.AuthStatusActions{constructor(e,t,r){super(),this.name=l.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.retryStep=t,this.getDeviceIp=null!=r?r:()=>null}execute(e){return this.log.debug("Executing"),new Promise((t,r)=>{var i,n,s,o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===s?void 0:s.mnp)&&(o=!1),this.runStartStep(e,o).catch(r),this.waitForStatus(e).then(t).catch(r)})}runStartStep(e,t,r){return new Promise((i,n)=>{this.startStep?this.startStep.execute(t,r).then(r=>{const s=u.default.validatePhoneNumberInput(r);s?n(s):e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then(r=>{const s=r;if(s.error)n(new a.default(s.error.message,s.error.code,r.next,!1));else if(s.data){const r=s.data,a=r.code;var c="";a&&(c+=`Error Code: ${a}, `),r.message?c+=`${r.message}`:c+="Error validating phone number.";let u=new o.PhoneValidationError(c,r.code);this.runStartStep(e,t,u).then(i).catch(n)}else this.retryStep?this.runRetryStep(e).then(i).catch(n):i(s.next)}).catch(n)}).catch(n):n(new Error("InstantLink start step must be specified"))})}runRetryStep(e){return new Promise((t,r)=>{this.retryStep?this.retryStep.execute().then(i=>{i===s.InstantLinkResultType.OnResend?e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:""}).then(t=>{const i=t;i.error?r(new a.default(i.error.message,i.error.code,t.next,!1)):this.runRetryStep(e)}).catch(r):i===s.InstantLinkResultType.OnMobileNumberChange?this.runStartStep(e,!0).then(t).catch(r):this.log.warn("Unknown enum of ",i)}).catch(r):(this.log.debug("Retry step doesn't exist, skip."),t(""))})}}l.NAME="mobile/instantlink",t.default=l},4473:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},4831:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(4878)),a=i(r(9648)),c=i(r(8324)),u=i(r(2746)),l=i(r(7900)),d=i(r(9438)),h=i(r(4070)),p=i(r(390)),f=i(r(1011)),g=i(r(3922)),v=r(4934),m=r(7651),_=r(2713);class E{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message=E.DEFAULT_MESSAGE,this.reportable=!0,this.name="error",e instanceof s.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=s.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){var t;let r=`Authentication step ${e.lastStep} failed`;if(this._code&&(r=r+", code: "+this._code),this._message&&(r=r+", message: "+this._message),this.logger.error(r),this.nextStep===o.default.AUTH_DONE)return Promise.resolve(o.default.AUTH_DONE);const i=e.lastStep?E.endpointMap.get(e.lastStep):void 0;if(i&&this.reportable)return new Promise((t,r)=>{e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then(e=>t(e.next)).catch(r)});if(this.nextStep)return Promise.resolve(this.nextStep);{const e=null!==(t=this._message)&&void 0!==t?t:E.DEFAULT_MESSAGE;return Promise.reject(new s.default(e,this._code,void 0,!1))}}}E.endpointMap=new Map([[u.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[l.default.NAME,"device/fido2"],[g.default.NAME,"device/fido2"],[v.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[v.DeviceUniversalRedirectFinishStep.NAME,"device/universal"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[p.default.NAME,"mobile/otp"],[f.default.NAME,"user/mobileactive"],[m.UserPpbEnrollStep.NAME,"user/ppb"],[m.UserPpbVerifyStep.NAME,"user/ppb"],[_.UserDocVerifyStep.NAME,"user/docv"]]),E.DEFAULT_MESSAGE="Unexpected error, authentication cannot continue",t.default=E},4878:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(2403)),o=i(r(9173)),a=i(r(9316)),c=i(r(4831)),u=i(r(4473));class l{constructor(e,t,r,i){if(this.steps=new Map,this.log=n.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=t,i)for(let e of i){if(e.name in this.steps)throw new Error(`Step ${e.name} is already registered`);this.steps.set(e.name,e)}}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const n=new o.default(this.settings,this.platform,e),s=this.process(n);i(()=>s.cancel()),s.then(()=>{var e;if(n.lastStep!==l.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:n.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()}).then(t).catch(r)}catch(e){r(e)}})}unregisterDevice(){return this.isDeviceRegistered()?new Promise((e,t)=>{this.unregister("/v1/client/device/unregister").then(()=>{this.resetDeviceSettings(),e()}).catch(t)}):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise((e,t)=>{this.unregister("/v1/client/stepup/unregister").then(()=>{this.settings.fidoPasskeyRegistered=!1,e()}).catch(t)}):Promise.resolve()}unregister(e){return new Promise((t,r)=>{try{new o.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then(e=>{e.error?r(new a.default(e.error.message,e.error.code,e.next,!1)):t()}).catch(r)}catch(e){r(e)}})}process(e){return new s.default((t,r,i)=>{i(()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()}),this.nextStep(e,e.next,1).then(t).catch(r)})}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise((i,n)=>{[l.AUTH_DONE,l.AUTH_EMPTY].includes(t)?(!e.settings.deviceId&&e.settings.fingerPrintTimestamp&&e.resetFptts(),i()):r>l.MAX_ATTEMPTS?n(new a.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(t=>new c.default(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(n))})}getNextStep(e){return this.steps.get(e)||new c.default("Unknown authentication step: "+e)}}l.AUTH_DONE="done",l.AUTH_EMPTY="",l.MAX_ATTEMPTS=50,t.default=l},4934:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(9316));class s{constructor(){this.name=""}execute(e){return new Promise((t,r)=>{var i,s,o,a,c,u;let l=null===(u=null===(c=null===(a=null===(o=null===(s=null===(i=e.claims)||void 0===i?void 0:i.auth)||void 0===s?void 0:s.subs)||void 0===o?void 0:o.dev)||void 0===a?void 0:a.auths)||void 0===c?void 0:c.unvsl)||void 0===u?void 0:u.ftu;if(void 0!==l&&l){l+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}l+=`&next=${i}`,e.platform.urlRedirect(l),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))})}}t.DeviceUniversalRedirectBaseStep=s;class o extends s{constructor(){super(...arguments),this.name=o.NAME}}t.DeviceUniversalRedirectFinishStep=o,o.NAME="redirect/finish";class a extends s{constructor(){super(...arguments),this.name=a.NAME}}t.DeviceUniversalRedirectExchangeStep=a,a.NAME="redirect/exchange"},4963:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()})})}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},5014:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=void 0,function(e){e[e.OnResend=0]="OnResend",e[e.OnMobileNumberChange=1]="OnMobileNumberChange"}(r||(t.InstantLinkResultType=r={}))},5111:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},5166:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},5462:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(8324));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{var i,n,a;if(this.forUPK)t(o.default.NAME);else{let o=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==o&&o?(o+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(o),t("")):r(new s.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}})}}a.NAME="device/universal",t.default=a},5620:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.upkEnabled=!1,this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1,this.fingerPrintTimestamp=null}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fingerPrintTimestamp(e){const t=null!==e?e.toString():null;this.setOrRemove(n.FP_TIMESTAMPT,t)}get fingerPrintTimestamp(){const e=this.storage.getItem(this.getKey(n.FP_TIMESTAMPT));if(!e)return null;let t=parseInt(e);return isNaN(t)?null:t}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",n.FP_TIMESTAMPT="fingerPrintTimestamp",t.default=n},5667:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(8182));t.default=class{execute(e){var t;return i(this,void 0,void 0,function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new s.default}})}}},5683:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5166),o=n(r(8182)),a=n(r(8525));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://whatismyip.proveapis.com/whatismyip"}execute(e){return i(this,void 0,void 0,function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://whatismyip.proveapis.com/whatismyip");if(t.ok)return{deviceDescriptor:new o.default(yield t.text())};throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)})}}},7464:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.1.0",t.VERSION_CODE=30100},7466:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/mobileactive",t.default=s},7651:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserPpbVerifyStep=t.UserPpbEnrollStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r,i){this.log=n.LoggerFactory.getLogger("user-ppb-base-step"),this.enabled=e,this.operation=t,this.startStep=r,this.finishStep=i}execute(e){if(!this.enabled)return Promise.reject(new s.default("PPB is not enabled"));const t=e.lastData;if(!t||!t.ppb)return Promise.reject(new s.default("PPB session is not initialized"));const r=()=>{try{return this.startStep?this.startStep.execute(this.operation):Promise.resolve()}catch(e){return this.log.warn("PPB start step has failed:",e),Promise.reject(e)}},i=e=>{try{return this.finishStep?this.finishStep.execute(this.operation,e):Promise.resolve()}catch(e){return this.log.warn("PPB finish step has failed:",e),Promise.reject(e)}};return new Promise((n,o)=>{r().then(()=>{var r,i,n,s,o;return this.log.debug("Activating AuthID web component"),e.platform.activateAuthID({ppbOperation:this.operation,endpointUrl:null===(n=null===(i=null===(r=e.claims)||void 0===r?void 0:r.auth.subs.usr)||void 0===i?void 0:i.auths.ppb)||void 0===n?void 0:n.endp,operationId:null===(s=t.ppb)||void 0===s?void 0:s.operationId,oneTimeSecret:null===(o=t.ppb)||void 0===o?void 0:o.oneTimeSecret})}).catch(e=>{this.log.error("AuthID web component failed:",e),i(e).then(()=>o(e))}).then(r=>{var i;return this.log.info("PPB authentication result",r),e.fetchFromBackend("/v1/client/user/ppb/finish",{requestId:crypto.randomUUID(),operationId:null===(i=t.ppb)||void 0===i?void 0:i.operationId})}).then(e=>{var t,r;const a=e;if(a.error){const n=null!==(r=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==r?r:"PPB authentication failed";i(new Error(n)).then(()=>o(new s.default(e.error.message,e.error.code,e.next,!1)))}else i().then(()=>n(a.next))}).catch(o)})}}class a extends o{constructor(e,t,r){super(e,"enroll",t,r),this.name=a.NAME}}t.UserPpbEnrollStep=a,a.NAME="user/ppb/register";class c extends o{constructor(e,t,r){super(e,"verify",t,r),this.name=c.NAME}}t.UserPpbVerifyStep=c,c.NAME="user/ppb/verify"},7657:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,function(e){e.Discouraged="none",e.Preferred="pref",e.Required="req"}(r||(t.UserVerificationLevel=r={}))},7844:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.WebSocketCloseReasons=void 0,function(e){e.NORMAL_CLOSURE="Normal closure",e.GOING_AWAY="The connection is closed because a server is going down or a browser has navigated away from the page.",e.PROTOCOL_ERROR="The connection is closed due to a protocol error",e.UNSUPPORTED_DATA="The connection is closed because it has received unsupported data",e.NO_STATUS_RECEIVED="No closed status code was actually present.",e.ABNORMAL_CLOSURE="The connection was closed unexpectedly without a close frame",e.INVALID_FRAME_PAYLOAD_DATA="The connection was closed because it received inconsistent data in a message.",e.POLICY_VIOLATION="The connection was closed due to policy violation",e.MESSAGE_TOO_BIG="The connection was closed because it has received a message that is too big for it to process.",e.MANDATORY_EXTENSION="The connection was closed because the client required a server extension that was not supported.",e.INTERNAL_ERROR="The connection was closed because the server encountered an unexpected error",e.TLS_HANDSHAKE="The connection was closed due to a failure to perform a TLS handshake",e.UNKNOWN_REASON="Unknown reason"}(r||(t.WebSocketCloseReasons=r={}))},7900:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316));class a{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise((t,r)=>{a.runFidoVerify(this.log,e).then(t).catch(r)})}static runFidoVerify(e,t){return new Promise((r,i)=>{a.makeFidoVerifyFinishRequest(e,t).then(r).catch(i)})}static makeFidoVerifyFinishRequest(e,t){return new Promise((r,i)=>{const s=t.credential,a=s.response;t.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==s?void 0:s.type,id:null==s?void 0:s.id,rawId:n.default.bufferEncode(null==s?void 0:s.rawId),response:{authenticatorData:n.default.bufferEncode(a.authenticatorData),clientDataJSON:n.default.bufferEncode(a.clientDataJSON),signature:n.default.bufferEncode(a.signature),userHandle:a.userHandle?n.default.bufferEncode(a.userHandle):void 0}}}).then(n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const i=n.data;i?(i.deviceId&&(t.settings.deviceId=i.deviceId),i.passkey&&(t.settings.fidoPasskeyRegistered=!0),i.scanMessage&&(t.authMessage=i.scanMessage)):e.warn("No data was received in the response"),t.settings.fidoPasskeyRegistered=!0,r(n.next)}}).catch(i)})}}a.NAME="device/passive/verify",t.default=a},7968:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(2473),s=i(r(9316));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(e,r)=>{t||i(new s.default(`Failed to receive secondary authentication with status code ${r}. ${e}`))},e=>{t=!0,i(new s.default("Failed to receive secondary authentication status: "+e))},o=>{t=!0;try{this.log.debug("Secondary authentication status: "+o);const t=JSON.parse(o);t.error?i(new s.default(t.error.message,t.error.code,t.next,!1)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{this.log.trace("Closing channel"),n.close()}})})}}},8156:function(e,t,r){var i,n=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),s=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||(i=function(e){return i=Object.getOwnPropertyNames||function(e){var t=[];for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[t.length]=r);return t},i(e)},function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r=i(e),o=0;o<r.length;o++)"default"!==r[o]&&n(t,e,r[o]);return s(t,e),t}),a=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=t.BuildConfig=t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.FingerprintJSIntegration=t.AuthIDIntegration=t.AuthenticatorBuilder=t.VERSION=void 0;const c=r(9031);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return c.VERSION}});const u=o(r(2958));t.AuthenticatorBuilder=u.default,Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return u.MobileAuthImplementation}});const l=r(2198);Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return l.DeviceRole}});const d=r(660);Object.defineProperty(t,"BuildConfig",{enumerable:!0,get:function(){return d.BuildConfig}});const h=r(9726);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return h.AuthResponseStatus}});const p=r(2473);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return p.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return p.LogLevel}});const f=a(r(2403));t.CancelablePromise=f.default;const g=r(9306);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return g.PhoneValidationError}});const v=r(898);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return v.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return v.OtpFinishResultType}});const m=r(5014);Object.defineProperty(t,"InstantLinkResultType",{enumerable:!0,get:function(){return m.InstantLinkResultType}});const _=r(3040);Object.defineProperty(t,"AuthIDIntegration",{enumerable:!0,get:function(){return _.AuthIDIntegration}}),Object.defineProperty(t,"FingerprintJSIntegration",{enumerable:!0,get:function(){return _.FingerprintJSIntegration}})},8182:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},8324:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316));class o{constructor(e,t){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.forUPK=e,this.userConsentStep=null!=t?t:{execute:()=>Promise.resolve({consentGranted:!0})}}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{e.getDeviceRegistration().then(i=>{i?e.embedFpResultToDeviceRegistration(i).then(i=>{this.verify(e,i).then(t).catch(r)}):this.userConsentStep.execute().then(i=>{i.consentGranted?e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(t=>e.embedFpResultToDeviceRegistration(t)).then(t=>this.register(e,t)).then(t).catch(r):r(new Error("User denied the consent to register the device"))}).catch(r)}).catch(r)})}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise((r,i)=>{t.getAuthRegistration(e.challenge).then(n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n],signals:t.getSignals()}).then(n=>{var o;if(n.error)i(new s.default(n.error.message,n.error.code,n.next,!1));else{(null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=n.data,c=null==a?void 0:a.deviceId;c||i(new s.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=c,null!=a.passkey&&(e.settings.fidoPasskeyRegistered=a.passkey),t.deviceId=c,this.log.debug("Device ID: "+c),a.scanMessage&&(e.authMessage=a.scanMessage),e.platform.deviceAuth.storeRegistration(t).then(()=>r(n.next)).catch(i)}}).catch(i)})})}verify(e,t){return this.log.trace("Verifying"),new Promise((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then(n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n,signals:t.getSignals()}).then(n=>{var o;n.error?i(new s.default(n.error.message,n.error.code,n.next,!1)):((null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts(),r(n.next))}).catch(i)})}else i(new s.default("Failed to initiate verification, DeviceId is missing"))})}}o.NAME="device/passive/silent",t.default=o},8347:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(9922),s=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise((o,a)=>{this.session.getDeviceRegistration().then(c=>c&&c.deviceId?s.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then(n=>{const s=n[0],u=n[1],l=e+"\n"+t+"\n"+r+"\n"+i+"\n"+s+"\n"+u;c.sign(l).then(e=>o({version:"3",challenge:s,signature:e,keyId:c.keyId})).catch(a)}).catch(a):(this.log.debug("No signing needed for "+t),void o(null)):(this.log.debug("Device not registered, cannot sign"),void o(null))).catch(a)})}getChallenge(e){return new Promise((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then(e=>e).then(e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))}).catch(r)})}getHash(e){return new Promise((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then(e=>t((0,n.arrayBufferToHexString)(e))).catch(r)})}}},8367:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(3796),a=n(r(2681)),c=r(5166);class u{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class l{constructor(){this.currentStep=o.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStepFunc=t,this.authenticationStep=r,this.finishStepFunc=i,this.timeout=n,this.logger=s.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var s;return i(this,void 0,void 0,function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${o.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${o.StepCode[t]}`),i}catch(e){const r=null!==(s=e.errorCode)&&void 0!==s?s:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}})}authenticate(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuth(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}findMyIp(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFindMyIP(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}startStep(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeStartStep(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}authenticateWithRedirect(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuthWithRedirect(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}finishStep(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFinishStep(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}executeAuth(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);r._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,r);return this.logger.info("result",i),i})}executeFindMyIP(e,t){var r;return i(this,void 0,void 0,function*(){const i=new u(t);return i._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,i)).deviceDescriptor,this.logger.info(`deviceDescriptor=${i.deviceDescriptor}`),null!==(r=i._deviceDescriptor.ip)&&void 0!==r?r:"undefined"})}executeStartStep(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);return r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._authUrl})}executeAuthWithRedirect(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);return i._authUrl=r,i._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,i)).vfp,this.logger.info(`vfp=${i.vfp}`),i._vfp})}executeFinishStep(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);i._vfp=r;const n=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,i);return this.logger.info("result",n),n})}}},8483:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(7464),a=n(r(8525)),c=r(5166),u=r(1027),l=n(r(2459));class d{static create(e){return e.searchParams.set("r","f"),new d(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v3"),this.cookies={}}handle(){var e,t;return i(this,void 0,void 0,function*(){const r=yield this.getFlowControl(this.url);let i;this.logger.info("ControlFlow retrieved"),this.url=new u.RawURL(r.firstUri);const n=this.url.searchParams.get("vfp");let s=this.url;for(this.logger.debug(`current vfp ${n}`);;){try{i=s.toString().includes("auth-api.tmtanalysis.com")?yield this.fetchTmt(s,r):yield this.fetch(s,r)}catch(e){throw new a.default(c.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(i.url),i.status>=r.redirectStatusMinimum&&i.status<=r.redirectStatusMaximum){const r=new u.RawURL(null!==(e=i.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${r}`);const o=null!==(t=r.searchParams.get("vfp"))&&void 0!==t?t:r.searchParams.get("token");if(o&&o!==n)return this.logger.debug(`vfp changed to ${o}`),o;s=r}else{if(i.status>=200&&i.status<300){let e;try{e=yield i.json()}catch(e){throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,u.handleHttpError)(i)}}})}getFlowControl(e){var t;return i(this,void 0,void 0,function*(){const r=yield(0,u.fetchAuth)(e,{}),i=null===(t=r.body)||void 0===t?void 0:t.getReader();let n="";if(i){const{value:e,done:t}=yield i.read();e&&(n+=(new TextDecoder).decode(e))}return l.default.deserialize(n)})}fetch(e,t){var r;const i=s.LoggerFactory.getLogger("http-client");if(i.info(`${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);var n="";this.addCookie(document.cookie);for(const[e,t]of Object.entries(this.cookies))n+=`${e}=${t}; `;let u;this.cookies.length>0&&(document.cookie=n),(null===(r=t.headers.Cookie)||void 0===r?void 0:r.length)>0&&(n+=t.headers.Cookie,document.cookie=n),e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(u=t.requestBody),i.debug("Headers:");for(let e in t.headers)i.debug(`${e}:${t.headers[e]}`);return i.debug(`Cookie:${document.cookie}`),u&&i.debug(`Request Body: ${u}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:t.headers,body:u}).then(e=>(i.debug("Response:\r\nStatus:"),i.debug(`${e.status} ${e.statusText}`),i.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),i.debug(`${t}:${e}`)}),this.addCookie(document.cookie),i.debug("Body:"),i.debug(e.body),e))}fetchTmt(e,t){const r=s.LoggerFactory.getLogger("http-client");if(r.info(`Fetch TMT ${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);let i;e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(i=t.requestBody);r.debug("Headers:");for(let e in t.headers)r.debug(`${e}:${t.headers[e]}`);return i&&r.debug(`Request Body: ${i}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}).then(e=>(r.debug("Response:\r\nStatus:"),r.debug(`${e.status} ${e.statusText}`),r.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),r.debug(`${t}:${e}`)}),this.addCookie(document.cookie),r.debug("Body:"),r.debug(e.body),e))}addCookie(e){const t=e.split(";");for(const e of t){const t=e.split("=");if(t.length>1){const e=t[0].trim(),r=t[1].trim();this.cookies[e]=r}}}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=d},8525:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},9031:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="3.0.3",t.API_CONTRACT_VERSION="2.15.1",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`},9173:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2473),o=r(9031),a=n(r(9316)),c=r(7657),u=n(r(4473)),l=r(7844);class d{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendOrigin(){var e;return this.backendOriginOverride||(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.log=s.LoggerFactory.getLogger("auth-session"),this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||c.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",n="application/json",s=JSON.stringify(t),c=e.split("?"),l=c[0],d=c.length>1?c[1]:"",h=new Headers({Accept:n,"Content-Type":n,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&h.set("Authorization","Bearer "+this.authToken),new Promise((t,o)=>{this.requestSigner.sign(r,l,d,n,s).then(n=>{n&&(h.set("PA-Sig-Version",n.version),h.set("PA-Challenge",n.challenge),h.set("PA-KID",n.keyId),h.set("PA-Signature",n.signature)),this.platform.fetch(this.backendOrigin+e,{mode:"cors",method:r,headers:h,body:s}).then(e=>i(this,void 0,void 0,function*(){if(!e.ok){const t=e.statusText?` - ${e.statusText}`:"",r=`Got ${e.status} HTTP error${t}`;throw new a.default(r,void 0,void 0,!1)}const t=yield e.text();if(!t)throw new a.default("Empty response from server");try{return JSON.parse(t)}catch(e){throw new a.default(`Failed to parse JSON response: ${e.message}`)}})).then(e=>{e.error&&e.error.code===u.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),this.lastData=e.data,t(e)}).catch(o)}).catch(o)})}static parseCloseEvent(e){var t=l.WebSocketCloseReasons.UNKNOWN_REASON;switch(e.code){case 1e3:t=l.WebSocketCloseReasons.NORMAL_CLOSURE;break;case 1001:t=l.WebSocketCloseReasons.GOING_AWAY;break;case 1002:t=l.WebSocketCloseReasons.PROTOCOL_ERROR;break;case 1003:t=l.WebSocketCloseReasons.UNSUPPORTED_DATA;break;case 1005:t=l.WebSocketCloseReasons.NO_STATUS_RECEIVED;break;case 1006:t=l.WebSocketCloseReasons.ABNORMAL_CLOSURE;break;case 1007:t=l.WebSocketCloseReasons.INVALID_FRAME_PAYLOAD_DATA;break;case 1008:t=l.WebSocketCloseReasons.POLICY_VIOLATION;break;case 1009:t=l.WebSocketCloseReasons.MESSAGE_TOO_BIG;break;case 1010:t=l.WebSocketCloseReasons.MANDATORY_EXTENSION;break;case 1011:t=l.WebSocketCloseReasons.INTERNAL_ERROR;break;case 1015:t=l.WebSocketCloseReasons.TLS_HANDSHAKE}return[t,e.code]}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const n=this.backendOrigin.replace(/^http/,"ws"),s=this.platform.createMessageChannel(n+e);var o=!0;const a=setInterval(()=>{o?(this.log.trace("Sending ping message"),o=!1,s.send("ping")):(this.log.warn("Failed to receive ping response in time, closing the channel"),clearInterval(a),s.close(),r("Channel communication stalled"),this.channels.delete(s))},3e4);return s.addEventListener("close",e=>{var r=e.code?`with status code: ${e.code}`:"without status code";this.log.debug(`Message channel is closed ${r}`),clearInterval(a),this.channels.delete(s);const[i,n]=d.parseCloseEvent(e);t(i,n)}),s.addEventListener("error",e=>{this.log.debug("Message channel encountered an error",e)}),s.addEventListener("message",e=>{if(this.log.trace("Message channel received a message"),this.log.trace(e),"origin"in e&&e.origin!==n)r("Unexpected origin");else{const t=e.data;t&&"string"==typeof t?"pong"===t?o=!0:i(t):i(e.toString())}}),this.channels.add(s),s}closeAllMessageChannels(){this.log.trace("Closing all message channels, total "+this.channels.size+" registered channels");const e=new Set(this.channels);e.forEach(e=>e.close()),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then(t=>{t&&(this.backendOriginOverride?this.log.debug("Not overriding backend URL since it has been already set"):(this.backendOriginOverride=t.endpoint,this.log.debug("backend URL overridden with "+this.backendOriginOverride))),e(t)}).catch(t)})}embedFpResultToDeviceRegistration(e){return new Promise(t=>{this.getFingerprintData().then(r=>{r&&e.setFpSignal(r),t(e)}).catch(t=>{const r=`Unexpected error happened during Fingerprint data collection: ${a.default.extractMessage(t)}`;this.log.warn(t),e.setFpSignal({error:r})})})}getCurrentTimestampInSeconds(){const e=Date.now();return Math.floor(e/1e3)}markNewFptts(e){this.settings.fingerPrintTimestamp=e||this.getCurrentTimestampInSeconds()}resetFptts(){this.settings.fingerPrintTimestamp=null}getFingerprintData(){return new Promise(e=>{if(!this.shouldCollectFP())return this.log.trace("FingerprintJS is not enabled in the AuthToken"),void e(void 0);this.platform.getDataCollector().then(t=>{if(!t){const t="Found null instance of FingerprintJS, check if your input API key is valid and FingerprintJS integration module is properly initialized";return this.log.warn(t),void e({error:t})}if(!this.shouldRefreshFpSignal(this.getCurrentTimestampInSeconds()))return this.log.trace("Existing FingerprintJS signal has not yet expired, skipping new collection"),void e(void 0);this.log.trace("Collect new FingerprintJS data"),t.getCollectedData().then(t=>{if(!t){const t="FingerprintJS returned no result data";return this.log.warn(t),void e({error:t})}e({results:t})}).catch(t=>{const r=`Error in collecting FingerprintJS data: ${a.default.extractMessage(t)}`;this.log.warn(t),e({error:r})})})})}shouldCollectFP(){var e,t,r;return null===(r=null===(t=null===(e=this.claims)||void 0===e?void 0:e.auth.subs.dev)||void 0===t?void 0:t.sgnls)||void 0===r?void 0:r.fpt}shouldRefreshFpSignal(e){var t,r,i,n;if(!this.settings.deviceId||!this.settings.fingerPrintTimestamp)return this.resetFptts(),!0;const s=null!==(n=null===(i=null===(r=null===(t=this.claims)||void 0===t?void 0:t.auth.subs.dev)||void 0===r?void 0:r.sgnls)||void 0===i?void 0:i.fptrr)&&void 0!==n?n:0;return this.log.debug(`Fingerprint refresh rate: ${s}`),e-this.settings.fingerPrintTimestamp>=s}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}t.default=d},9205:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),s=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},o=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=o(r(2561)),c=o(r(8367)),u=o(r(931)),l=o(r(5683)),d=o(r(5667)),h=o(r(2486)),p=s(r(4963));function f(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=f(e),this}withIpDiscoveryUrl(e){return this._ipDiscoveryUrl=e,this}withFinishStep(e){return this._finishStep=f(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new u.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new p.default,r=new p.PixelFinishStep);const i=this._deviceIpDetection?new l.default(this._ipDiscoveryUrl):new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},9306:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=s},9316:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),t.startsWith("[object ")&&(t=JSON.stringify(e)))}return t}}t.default=r},9438:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473),o=r(2958),a=i(r(4473));class c{constructor(e,t){this.name=c.NAME,this.log=s.LoggerFactory.getLogger("mobile-instant-step"),this.errorCodeBak=a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE,this.implementation=e,t?(this.getDeviceIp=t,this.deviceIpDetection=!1):(this.getDeviceIp=()=>null,this.deviceIpDetection=!0)}execute(e){return new Promise((t,r)=>{let i=e.platform.getMobileAuthBuilder().withDeviceIpDetection(this.deviceIpDetection);switch(this.implementation){case o.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case o.MobileAuthImplementation.Fetch:i=i.withFetchImplementation().withFinishStep(t=>new Promise((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t.vfp}).then(r).catch(i)}))}i=i.withStartStep(t=>new Promise((r,i)=>{const s=this.deviceIpDetection?t.deviceDescriptor.ip:this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:s,implementation:this.implementation}).then(e=>{if(e.error)this.nextBak=e.next,this.errorCodeBak=e.error.code,i(new n.default(e.error.message,e.error.code,e.next,!1));else{const t=e.data;r({authUrl:t?t.redirectUrl:void 0})}}).catch(i)})),i.build().authenticate().then(i=>{if(i){const e=i;e.error&&r(new n.default(i.error.message,i.error.code,i.next,!1)),t(e.next)}else e.fetchFromBackend("/v1/client/mobile/instant/finish",{}).then(e=>t(e.next)).catch(e=>{r(new n.default(i.error.message,i.error.code,i.next,!1))})}).catch(e=>{r(new n.default(e,this.errorCodeBak,this.nextBak,!1))})})}}c.NAME="mobile/instant",t.default=c},9549:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.FidoOptionsError=void 0;class r extends Error{constructor({message:e,cause:t,name:r}){super(e,{cause:t}),this.name=null!=r?r:t.name}static identifyAuthenticationError({error:e,options:t,platform:i}){const{publicKey:n}=t;if(!n)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:r.ABORT_SIGNAL,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return n.rpId!==t?new r({message:`${r.INVALID_RP_ID}: ${n.rpId}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}static identifyRegistrationError({error:e,options:t,platform:i}){var n,s,o;const{publicKey:a}=t;if(!a)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("InvalidStateError"===e.name)return new r({message:r.INVALID_STATE_ERROR,cause:e});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:this.ABORT_SIGNAL,cause:e})}else if("ConstraintError"===e.name){if(!0===(null===(n=a.authenticatorSelection)||void 0===n?void 0:n.requireResidentKey))return new r({message:this.CONSTRAINT_ERROR,cause:e});if("conditional"===t.mediation&&"required"===(null===(s=a.authenticatorSelection)||void 0===s?void 0:s.userVerification))return new r({message:this.USER_VERIFICATION_NOT_POSSILE,cause:e});if("required"===(null===(o=a.authenticatorSelection)||void 0===o?void 0:o.userVerification))return new r({message:this.NO_MATCHING_AUTHENTICATOR,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("NotSupportedError"===e.name)return 0===a.pubKeyCredParams.filter(e=>"public-key"===e.type).length?new r({message:this.INVALID_CRED_PARAMS,cause:e}):new r({message:r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return a.rp.id!==t?new r({message:`${r.INVALID_RP_ID}: ${a.rp.id}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("TypeError"===e.name){if(a.user.id.byteLength<1||a.user.id.byteLength>64)return new r({message:r.INVALID_USER_ID_LENGTH,cause:e})}else if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}}t.FidoOptionsError=r,r.MISSING_PUBLIC_KEY_PROPERTY="options missing publicKey property",r.ABORT_SIGNAL="Authentication was sent an abort signal",r.INVALID_STATE_ERROR="The authenticator was already registered",r.UNKNOWN_ERROR="Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential",r.SECURITY_ERROR_FOUND="Security error found",r.INVALID_RP_ID="The rp.id is not valid for the current domain",r.CONSTRAINT_ERROR="Discoverable credentials is required but found no matching supported authenticator",r.USER_VERIFICATION_NOT_POSSILE="User verification is required during automatic registration but this could not be performed",r.NO_MATCHING_AUTHENTICATOR="User verification is required but found no matching supported authenticator",r.INVALID_CRED_PARAMS="No entry in pubKeyCredParams having the type of public-key",r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO="No available authenticator supported any of the specified pubKeyCredParams algorithms",r.INVALID_USER_ID_LENGTH="User ID has invalid length"},9648:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316)),a=i(r(4473)),c=i(r(7900));class u{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-register-step"),this.name=u.NAME}execute(e){return new Promise((t,r)=>{u.hasAssertionResponse(e)?c.default.runFidoVerify(this.log,e).then(t).catch(r):e.getDeviceRegistration().then(i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(i=>{i.getAuthRegistration(e.challenge).then(t=>this.finishRegistration(e,[this.getFido2Registration(e),t])).then(n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then(()=>t(n)).catch(r)}).catch(r)}).catch(r)}).catch(r)})}static hasAssertionResponse(e){const t=e.credential.response;return t&&"authenticatorData"in t&&"signature"in t}finishRegistration(e,t){return new Promise((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then(t=>{if(t.error)i(new o.default(t.error.message,t.error.code,t.next,!1));else{const n=t.data;n?(n.deviceId&&(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0),n.scanMessage&&(e.authMessage=n.scanMessage),r(t.next)):i(new o.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}}).catch(i)})}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}u.NAME="device/passive/register",t.default=u},9726:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,function(e){e.Accept="accept",e.Reject="reject",e.Cancel="cancel",e.Unexpected="unexpected",e.Timeout="timeout",e.Unknown="unknown"}(r||(t.AuthResponseStatus=r={}))},9922:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.stringToArrayBuffer=function(e){const t=(new TextEncoder).encode(e);return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),e=>("00"+e.toString(16)).slice(-2)).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)},t.DEVICE_CAPABILITY_WEBAUTHN="webauthn"}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var s=t[i]={exports:{}};return e[i].call(s.exports,s,s.exports,r),s.exports}(8156)})());
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.proveAuth=t():e.proveAuth=t()}(self,()=>(()=>{"use strict";var e={189:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebDeviceRegistration=void 0;const n=r(2473),s=i(r(9316)),o=r(9922);class a{constructor(e){this.deviceId=null,this.namespace=e.namespace,this.endpoint=e.endpoint,e.createdAt?(this.createdAt=e.createdAt,this.keyId=e.keyId,this.deviceId=e.deviceId,this.algorithm=e.algorithm,this.keys=e.keys):(this.keyId=crypto.randomUUID(),this.algorithm="ES256",this.createdAt=(0,o.getUnixTime)())}setFpSignal(e){this.fingerprint=e}sign(e){return new Promise((t,r)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},this.keys.privateKey,(0,o.stringToArrayBuffer)(e)).then(e=>t(btoa((0,o.arrayBufferToString)(this.p1363ToDer(e))))).catch(r)}).catch(r)})}getPublicKey(){return new Promise((e,t)=>{this.initialize().then(()=>{this.keys&&crypto.subtle.exportKey("spki",this.keys.publicKey).then(t=>{const r=btoa((0,o.arrayBufferToString)(t));e("-----BEGIN PUBLIC KEY-----\n"+r+"\n-----END PUBLIC KEY-----")}).catch(t)}).catch(t)})}getAuthRegistration(e){return new Promise((t,r)=>{this.sign(e).then(e=>{this.getPublicKey().then(r=>{t({publicKey:{id:this.keyId,alg:this.algorithm,key:r,uvLevel:0},signature:e})}).catch(r)}).catch(r)})}getSignals(){return{fingerprint:this.fingerprint}}initialize(){return new Promise((e,t)=>{this.keys?e():crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"]).then(t=>{this.keys=t,e()}).catch(t)})}p1363ToDer(e){const t=(0,o.arrayBufferToHexString)(e);let r=t.substring(0,t.length/2),i=t.substring(t.length/2);r=r.replace(/^(00)+/,""),i=i.replace(/^(00)+/,""),parseInt(r.charAt(0),16)>=8&&(r=`00${r}`),parseInt(i.charAt(0),16)>=8&&(i=`00${i}`);const n=`02${(r.length/2).toString(16).padStart(2,"0")}${r}`,s=`02${(i.length/2).toString(16).padStart(2,"0")}${i}`,a=`30${((n.length+s.length)/2).toString(16).padStart(2,"0")}${n}${s}`.match(/[\da-f]{2}/gi),c=a?new Uint8Array(a.map(e=>parseInt(e,16))):new Uint8Array;return c.buffer.slice(c.byteOffset,c.byteOffset+c.byteLength)}lenVal(e){if("string"==typeof e||e instanceof String){const t=e;return`[${t.length}]: ${t}`}{const t=e;return`[${t.byteLength}]: ${Array.from(new Uint8Array(t),e=>e.toString(16)).join(",")}`}}}t.WebDeviceRegistration=a;class c{constructor(e){this.log=n.LoggerFactory.getLogger("web-device-auth"),this.dbFactory=e}createRegistration(e){return new Promise((t,r)=>{t(new a(e))})}getRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,s=n.transaction([c.DB_STORE],"readonly");s.oncomplete=()=>n.close();const o=s.objectStore(c.DB_STORE).get(e);o.onerror=e=>{this.log.error(e),r(new Error("Failed to access registration"))},o.onsuccess=()=>{o.result?t(new a(o.result)):t(null)}}})}storeRegistration(e){return new Promise((t,r)=>{const i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{const n=i.target.result,o=n.transaction([c.DB_STORE],"readwrite");o.oncomplete=()=>n.close();const a=o.objectStore(c.DB_STORE);this.log.trace("Saving registration");const u=a.put(e);u.onsuccess=()=>{this.log.trace("Registration saved"),t()},u.onerror=e=>{this.log.error(e),r(new s.default("Failed to store registration"))}}})}deleteRegistration(e){return new Promise((t,r)=>{var i=this.openDatabase();i.onerror=e=>{r("Failed to open registration database: "+e)},i.onsuccess=i=>{var n=i.target.result,s=n.transaction([c.DB_STORE],"readwrite");if(s.oncomplete=()=>n.close(),!n.objectStoreNames.contains(c.DB_STORE))return this.log.debug("Registration not found, store is missing"),void t();var o=s.objectStore(c.DB_STORE).delete(e);o.onsuccess=()=>{t()},o.onerror=e=>{this.log.error(e),r(new Error("Failed to delete registration"))}}})}reset(){return new Promise((e,t)=>{var r=this.dbFactory.deleteDatabase(c.DB_NAME);r.onsuccess=t=>{e()},r.onerror=t=>{this.log.warn("Failed to delete registration database"),this.log.warn(t),e()}})}openDatabase(){const e=this.dbFactory.open(c.DB_NAME,c.DB_VERSION);return e.onupgradeneeded=e=>{var t;const r=null===(t=e.target)||void 0===t?void 0:t.result;r?(this.log.debug("Registration not found, database is missing, initializing"),r.createObjectStore(c.DB_STORE,{keyPath:"namespace"}).transaction.oncomplete=e=>{this.log.trace("Store initialization completed")}):this.log.error("Failed to initialize registration database: database is null")},e}}c.DB_VERSION=1,c.DB_NAME="ProveAuth",c.DB_STORE="Registrations",t.default=c},390:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=r(898),a=r(9306);class c{constructor(e,t){this.name=c.NAME,this.log=n.LoggerFactory.getLogger("mobile-otp-step"),this.otpStartStep=e,this.otpFinishStep=t}execute(e){return new Promise((t,r)=>{var i,n,s;if(this.otpStartStep)if(this.otpFinishStep){var o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.otp)||void 0===s?void 0:s.mnp)&&(o=!1),this.runOtpStartStep(e,this.otpStartStep,this.otpFinishStep,o).then(t).catch(r)}else r(new Error("OtpFinishStep step must be specified"));else r(new Error("OtpStartStep step must be specified"))})}static validatePhoneNumberInput(e){if(null!=e)return"object"!=typeof e?new s.default("Input must be an object"):"phoneNumber"in e?"string"!=typeof e.phoneNumber?new s.default("phoneNumber field in the input must be a string"):void 0:new s.default("phoneNumber field in the input is missing")}runOtpStartStep(e,t,r,i,n){return new Promise((o,u)=>{t.execute(i,n).then(n=>{const l=c.validatePhoneNumberInput(n);l?u(l):e.fetchFromBackend("/v1/client/mobile/otp/start",{mobileNumber:null==n?void 0:n.phoneNumber}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating phone number";let s=new a.PhoneValidationError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid phone number: ${l}`),this.runOtpStartStep(e,t,r,i,s).then(o).catch(u)}else this.runOtpFinishStep(e,t,r,i).then(o).catch(u)}).catch(u)}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to start OTP flow: ${t}`))})})}static validateFinishResult(e){if(null==e||"object"!=typeof e)return new s.default("result should be a valid object");if(!("resultType"in e))return new s.default("resultType field in the result is missing");if(e.resultType===o.OtpFinishResultType.OnSuccess){const t=e.input;if(null==t||"object"!=typeof t)return new s.default("input should be a valid object when resultType field is set with OnSuccess value");if(!("otp"in t))return new s.default("otp field in the input is missing");if("string"!=typeof t.otp)return new s.default("otp field in the input must be a string")}}resendOtp(e,t,r,i){return new Promise((n,o)=>{e.fetchFromBackend("/v1/client/mobile/otp/start",{}).then(a=>{const c=a;c.error?o(new s.default(c.error.message,c.error.code,a.next,!1)):this.runOtpFinishStep(e,t,r,i).then(n).catch(o)}).catch(o)})}runOtpFinishStep(e,t,r,i,n){return new Promise((a,u)=>{r.execute(n).then(n=>{var l;let d=n;const h=c.validateFinishResult(d);if(h)u(h);else switch(d.resultType){case o.OtpFinishResultType.OnResendOtp:this.resendOtp(e,t,r,i).then(a).catch(u);break;case o.OtpFinishResultType.OnSuccess:let n=d.input;e.fetchFromBackend("/v1/client/mobile/otp/finish",{otp:null!==(l=null==n?void 0:n.otp)&&void 0!==l?l:""}).then(n=>{const c=n;if(c.error)u(new s.default(c.error.message,c.error.code,n.next,!1));else if(c.data){const n=c.data;var l="";(null==n?void 0:n.code)&&(l+=`Error Code: ${n.code}, `),(null==n?void 0:n.message)?l+=`${n.message}`:l+="Error validating OTP";const s=new o.OtpError(l,null==n?void 0:n.code);this.log.error(`Server reports invalid OTP: ${l}`),this.runOtpFinishStep(e,t,r,i,s).then(a).catch(u)}else a(n.next)}).catch(u);break;case o.OtpFinishResultType.OnMobileNumberChange:this.runOtpStartStep(e,t,r,!0).then(a).catch(u)}}).catch(e=>{const t=s.default.extractMessage(e);u(new Error(`Failed to obtain OTP for verification: ${t}}`))})})}}c.NAME="mobile/otp",t.default=c},660:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.BuildConfig=void 0,function(e){e.DEV="DEV",e.US_UAT="US_UAT",e.US_PROD="US_PROD"}(r||(t.BuildConfig=r={}))},898:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.OtpFinishResultType=t.OtpError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}var o;t.OtpError=s,function(e){e[e.OnSuccess=0]="OnSuccess",e[e.OnResendOtp=1]="OnResendOtp",e[e.OnMobileNumberChange=2]="OnMobileNumberChange"}(o||(t.OtpFinishResultType=o={}))},931:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(2757)),o=n(r(3020)),a=n(r(8483)),c=n(r(1132)),u=r(5111),l=r(1027);t.default=class{constructor(){this.logger=u.LoggerFactory.getLogger("fetch-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use fetch");const t=(0,l.toURL)(e.authUrl);let r;return this.logger.info(t),t.searchParams.get("testVfp")?(this.logger.info("test flow detected"),r=c.default.create(t)):"2"===t.searchParams.get("pfflow")?(this.logger.info("flow v2 detected"),r=o.default.create(t)):"3"===t.searchParams.get("pfflow")?(this.logger.info("flow v3 detected"),r=a.default.create((0,l.toURL)(e.authUrl.replace("&pfflow=3","")))):t.toString().toLowerCase().includes("authentication/validate/flowcontrol",0)?(this.logger.info("flow v3 detected"),r=a.default.create(t)):(this.logger.info("flow v1 detected"),r=s.default.create(t)),{vfp:yield r.handle()}})}}},1011:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/present",t.default=s},1027:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.RawURL=t.Base64=t.fetchAuth=t.handleHttpError=t.toURL=void 0;const s=r(5111),o=r(5166),a=r(7464),c=n(r(8525));t.toURL=function(e){try{return new u(e)}catch(t){throw new c.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Malformed url "+e)}},t.handleHttpError=function(e){return i(this,void 0,void 0,function*(){const t=e.status;switch(t){case 404:throw new c.default(o.ErrorCode.AUTH_BAD_CREDENTIALS);case 410:throw new c.default(o.ErrorCode.AUTH_VFP_KEY_EXPIRED);default:let r;try{r=(yield e.json()).error}catch(e){}throw new c.default(o.ErrorCode.AUTH_INVALID_RESPONSE,r||`http error (${e.statusText} , code = ${t})`)}})},t.fetchAuth=function(e,t){var r;const i=s.LoggerFactory.getLogger("http-client"),n=null!=t?t:{},u=null!==(r=n.method)&&void 0!==r?r:"GET";if(i.debug(`${u} ${e} ${e.protocol}`),"http:"===e.protocol)throw new c.default(o.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);const l={};let d;return e.searchParams.set("sdkVersion",a.VERSION_NAME),"object"==typeof n.body&&(l["Content-Type"]="application/json",d=JSON.stringify(n.body)),d&&i.debug(`request body: ${d}`),fetch(e.toString(),{method:u,mode:"cors",headers:l,body:d}).then(e=>(i.debug(`${e.status} ${e.statusText}`),e))},t.Base64=new class{constructor(){this.PADCHAR="=",this.ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}getByte(e,t){return e.charCodeAt(t)}getByte64(e,t){return this.ALPHA.indexOf(e.charAt(t))}_decode(e){let t,r,i=0,n=e.length,s=[];if(e=String(e),0===n)return e;for(e.charAt(n-1)===this.PADCHAR&&(i=1,e.charAt(n-2)===this.PADCHAR&&(i=2),n-=4),t=0;t<n;t+=4)r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6|this.getByte64(e,t+3),s.push(String.fromCharCode(r>>16,r>>8&255,255&r));switch(i){case 1:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12|this.getByte64(e,t+2)<<6,s.push(String.fromCharCode(r>>16,r>>8&255));break;case 2:r=this.getByte64(e,t)<<18|this.getByte64(e,t+1)<<12,s.push(String.fromCharCode(r>>16))}return s.join("")}_encode(e){let t,r,i=[],n=(e=String(e)).length-e.length%3;if(0===e.length)return e;for(t=0;t<n;t+=3)r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8|this.getByte(e,t+2),i.push(this.ALPHA.charAt(r>>18)),i.push(this.ALPHA.charAt(r>>12&63)),i.push(this.ALPHA.charAt(r>>6&63)),i.push(this.ALPHA.charAt(63&r));switch(e.length-n){case 1:r=this.getByte(e,t)<<16,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.PADCHAR+this.PADCHAR);break;case 2:r=this.getByte(e,t)<<16|this.getByte(e,t+1)<<8,i.push(this.ALPHA.charAt(r>>18)+this.ALPHA.charAt(r>>12&63)+this.ALPHA.charAt(r>>6&63)+this.PADCHAR)}return i.join("")}decode(e,t=!0){return e=t?e.replace(".","+").replace("_","/").replace("-","="):e,this._decode(e)}encode(e,t=!0){const r=this._encode(e);return t?r.replace("+",".").replace("/","_").replace("=","-"):r}};class u{constructor(e){this.url=e,this.params=[],this.searchParams={get:e=>this._get(e),getAll:e=>this._getAll(e),set:(e,t,r=!1)=>this._set(e,t,r)};const t=new URL(e);this.protocol=t.protocol;for(const e of t.searchParams.keys())this.params.push({key:e,values:t.searchParams.getAll(e),encode:!1})}_set(e,t,r=!1){const i=this.params.findIndex(t=>t.key===e);-1===i?this.params.push({key:e,values:[t],encode:r}):this.params.splice(i,1,{key:e,values:[t],encode:r})}_get(e){const t=this._getAll(e);return t?t[0]:void 0}_getAll(e){var t;return null===(t=this.params.find(t=>t.key===e))||void 0===t?void 0:t.values}toString(){function e(e,t){return t?encodeURIComponent(e):null==e?void 0:e.replace(/\?/g,"%3F").replace(/\&/g,"%26")}const t=this.url.indexOf("?");let r=-1==t?this.url:this.url.slice(0,t),i=[];for(const t of this.params)for(const r of t.values)i.push(`${e(t.key,t.encode)}=${e(r,t.encode)}`);return i.length&&(r+="?"+i.join("&")),r}}t.RawURL=u},1132:function(e,t){var r=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})};Object.defineProperty(t,"__esModule",{value:!0});class i{static create(e){var t,r,n;const s=null!==(r=parseInt(null!==(t=e.searchParams.get("delay"))&&void 0!==t?t:"0"))&&void 0!==r?r:0,o=null!==(n=e.searchParams.get("testVfp"))&&void 0!==n?n:"";return new i(o,s)}constructor(e,t){this.testVfp=e,this.delay=t}handle(){return r(this,void 0,void 0,function*(){return new Promise(e=>{setTimeout(()=>e(this.testVfp),this.delay)})})}}t.default=i},1375:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.WebPlatform=t.WebSocketMessageChannel=void 0;const s=r(3743),o=r(9922),a=r(2473),c=n(r(8347)),u=n(r(189)),l=r(3040);class d{constructor(e){this.webSocket=new WebSocket(e)}addEventListener(e,t){this.webSocket.addEventListener(e,t)}send(e){this.webSocket.send(e)}close(){this.webSocket.close()}}t.WebSocketMessageChannel=d,t.WebPlatform=class{constructor(){this.log=a.LoggerFactory.getLogger("web-platform"),this.webauthn={getCredentials:e=>navigator.credentials.get(e),createCredentials:e=>navigator.credentials.create(e)},this.deviceAuth=new u.default(window.indexedDB)}getPlatformName(){return`${this.getBrowserName()} ${this.getBrowserVersion()} on ${this.getOSName()}`}getUserAgent(){return navigator.userAgent}isFidoSupported(){return null!=window.PublicKeyCredential}fetch(e,t){return fetch(e,t)}createMessageChannel(e){return new d(e)}createRequestSigner(e){return new c.default(e)}activatePpb(e){return i(this,void 0,void 0,function*(){return l.PpbIntegration.instance.activateWebComponent(e)})}initDeviceContext(e){l.DeviceContextIntegration.instance.init(e)}getDataCollector(){return i(this,void 0,void 0,function*(){try{return yield l.DeviceContextIntegration.instance.getDataCollector()}catch(e){return void this.log.warn("Error accessing data collector",e)}})}getBrowserName(){const e=navigator.userAgent;let t;return t=e.indexOf("Firefox")>-1?"Firefox":e.indexOf("Opera")>-1||e.indexOf("OPR")>-1?"Opera":e.indexOf("DuckDuckGo")>-1?"DuckDuckGo":e.indexOf("SamsungBrowser")>-1?"Samsung Browser":e.indexOf("Trident")>-1?"Internet Explorer":e.indexOf("Edge")>-1?"Edge":e.indexOf("Chrome")>-1?"Chrome":e.indexOf("Safari")>-1?"Safari":"Unknown",t}getBrowserVersion(){const e=navigator.userAgent.match(/(?:Firefox|Opera|OPR|SamsungBrowser|DuckDuckGo|Internet Explorer|Edge|Chrome|Safari)[\/|\s](\d+(\.\d+)?)/i);return e?e[1]:"Unknown"}getOSName(){const e=navigator.platform,t=navigator.userAgent;let r;if(/Win/i.test(e)){r="Windows";const e=t.match(/Win(?:dows )?NT (\d+\.\d+)/i);if(e){const t=parseFloat(e[1]);r+=11===t?" 11":10===t?" 10":6.3===t?" 8.1":6.2===t?" 8":6.1===t?" 7":6===t?" Vista":5.1===t||5.2===t?" XP":" (Unknown Version)"}}else if(e.match(/Mac/i)){r="Mac OS";const e=t.match(/Mac OS X (\d+[_.]\d+([_.]\d+)?)/i);e&&(r+=" "+e[1].replace(/_/g,"."))}else r=t.match(/Android/i)?"Android":t.match(/iOS|iPhone|iPad|iPod/i)?"iOS":e.match(/Linux/i)?"Linux":"Unknown";return r}getDeviceCapabilities(){return this.isFidoSupported()?[o.DEVICE_CAPABILITY_WEBAUTHN]:[]}getMobileAuthBuilder(){return new s.AuthenticatorBuilder}exit(e){}urlRedirect(e){window.location.replace(e)}getOrigin(){return window.location.origin}}},1554:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static stringToBase64(e){return e.replace(/\-/g,"+").replace(/_/g,"/")+"=".repeat(e.length%4?4-e.length%4:0)}static bufferDecode(e){const t=Uint8Array.from(atob(r.stringToBase64(e)),e=>e.charCodeAt(0));return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)}static bufferEncode(e){const t=ArrayBuffer.isView(e)?e.buffer:e;return btoa(String.fromCharCode.apply(null,Array.from(new Uint8Array(t)))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}}t.default=r},2198:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceRole=void 0,function(e){e[e.Primary=0]="Primary",e[e.Secondary=1]="Secondary"}(r||(t.DeviceRole=r={}))},2403:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class extends Promise{constructor(e){let t=()=>{};super((r,i)=>e(r,i,e=>t=e)),this.onCancel=()=>{t()}}cancel(){this.onCancel()}}},2459:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{constructor(e){this.requestId=e.request_id,this.mnoToken=e.mno_token,this.mno=e.mno,this.expires=e.expires,this.firstUri=e.first_uri,this.uriStack=e.uri_stack,this.headers={},e.headers.forEach(e=>{this.headers[e.key]=e.value}),this.requestBody=e.request_body,this.command=e.command,this.vfpPath=e.vfp_path,this.redirectStatusMinimum=e.redirect_status_minimum,this.redirectStatusMaximum=e.redirect_status_maximum,this.enableCookies=e.enable_cookies,this.enableDynamicHeaders=e.enable_dynamic_headers,this.maximumRedirects=e.maximum_redirects}static serialize(e){return JSON.stringify(e)}static deserialize(e){return new r(JSON.parse(e))}}t.default=r},2473:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r||(t.LogLevel=r={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...t)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,e+": ",...t)},debug:(...t)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,e+": ",...t)},info:(...t)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,e+": ",...t)},warn:(...t)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,e+": ",...t)},error:(...t)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,e+": ",...t)}}}}t.LoggerFactory=i,i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info},2486:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("passive-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use passive");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by passive auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by passive auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("passive-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{const r="_proveAuthResponse";this.url.searchParams.set("jsonp","true"),this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const i=window;this.logger.trace("install global callback"),i[r]=r=>{if(s)return;o();const i=r?this.getVfpFromJson(r):void 0;i?e(i):t(new Error(r?"script loaded but vfp not defined":"script loaded but callback not trigerred"))};const n=document.createElement("script");let s=!1;const o=()=>{this.logger.trace("cleanup global callback"),s=!0,i[r]=void 0,document.body.removeChild(n)};n.onload=()=>{this.logger.trace("script loaded"),setTimeout(()=>{s||(o(),t(new Error("script loaded, but not executed")))},1e3)},n.onerror=()=>{this.logger.trace("script load error"),s||(o(),t(new Error("script load error")))},document.body.appendChild(n),n.src=this.url.toString()})})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}},2561:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=class{}},2681:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(5166),n=r(3796);class s extends Error{constructor(e,t,r){super(`${r} (stepCode=${n.StepCode[e]}, errorCode=${i.ErrorCode[t]})`),this.stepCode=e,this.errorCode=t,Error.captureStackTrace&&Error.captureStackTrace(this,s),this.name="AuthProcessError",this.stepCode=e}}t.default=s},2713:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserDocVerifyStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("user-docv-verify-step"),this.enabled=e,this.startStep=t,this.finishStep=r}execute(e){if(!this.enabled)return Promise.reject(new s.default("Document Verification is not enabled"));if(!this.startStep)return Promise.reject(new s.default("Document Verification start step is required"));const t=()=>new Promise((t,r)=>{this.startStep.execute().then(i=>{e.fetchFromBackend("/v1/client/user/docv/start",{requestId:crypto.randomUUID(),documentType:i.documentType}).catch(r).then(e=>{var n,o;const a=e;a.error&&r(new s.default(a.error.message,a.error.code,a.next,!1));const c=a.data;t({documentType:i.documentType,operationId:null===(n=c.docv)||void 0===n?void 0:n.operationId,oneTimeSecret:null===(o=c.docv)||void 0===o?void 0:o.oneTimeSecret})})}).catch(r)}),r=e=>{try{return this.finishStep?this.finishStep.execute(e):Promise.resolve()}catch(e){return this.log.warn("Document Verification finish step has failed:",e),Promise.reject(e)}};return new Promise((i,n)=>{t().then(t=>{var o,a,c;this.log.debug("Activating PPB web component"),e.platform.activatePpb({endpointUrl:null===(c=null===(a=null===(o=e.claims)||void 0===o?void 0:o.auth.subs.usr)||void 0===a?void 0:a.auths.docv)||void 0===c?void 0:c.endp,operationId:t.operationId,oneTimeSecret:t.oneTimeSecret}).catch(e=>{this.log.error("PPB web component failed:",e),r(e).then(()=>n(e))}).then(r=>(this.log.info("DocV authentication result",r),e.fetchFromBackend("/v1/client/user/docv/finish",{requestId:crypto.randomUUID(),operationId:t.operationId}))).then(e=>{var t,o;const a=e;if(a.error){const i=null!==(o=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==o?o:"Document verification failed";r(new Error(i)).then(()=>n(new s.default(e.error.message,e.error.code,e.next,!1)))}else r().then(()=>i(a.next))}).catch(n)}).catch(n)})}}t.UserDocVerifyStep=o,o.NAME="user/docv"},2746:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DevicePassiveActions=void 0;const n=r(2473),s=i(r(1554)),o=i(r(8324)),a=r(7657),c=i(r(9316)),u=r(2198),l=r(7968),d=r(9549),h=r(9726);class f extends l.AuthStatusActions{constructor(e,t){super(),this.log=n.LoggerFactory.getLogger("device-passive-actions"),this.getDisplayName=e||(()=>null),this.handler=t}register(e,t){return this.log.trace("Registering Passkey"),new Promise((r,i)=>{const n=this.getDisplayName();e.fetchFromBackend("/v1/client/device/fido2/register/start",{displayName:n||void 0,signals:t}).then(s=>{var o;if(s.error)i(new c.default(s.error.message,s.error.code,s.next,!1));else{(null===(o=null==t?void 0:t.fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=s.data,u=null==a?void 0:a.credCreateOptions,l=null==a?void 0:a.credRequestOptions;if(u)this.createCredentials(e,n,u,s).then(r).catch(i);else if(l)this.getCredentials(e,l,s).then(r).catch(i);else{const e=new c.default(f.NO_CREDS_FOUND);i(e)}}}).catch(i)})}verify(e){return this.log.trace("Verifying Passkey"),new Promise((t,r)=>{e.settings.deviceId?e.fetchFromBackend("/v1/client/device/fido2/verify/start",{deviceId:e.settings.deviceId}).then(i=>{if(i.error)r(new c.default(i.error.message,i.error.code,i.next,!1));else{const n=i.data,s=null==n?void 0:n.credRequestOptions;this.getCredentials(e,s,i).then(t).catch(r)}}).catch(r):r(new c.default("Failed to start verification, DeviceId is missing"))})}createCredentials(e,t,r,i){return this.log.trace("Trying create new FIDO credentials"),new Promise((n,o)=>{r.challenge=s.default.bufferDecode(r.challenge),r.user.id=s.default.bufferDecode(r.user.id),t&&(r.user.displayName=t),r.excludeCredentials&&r.excludeCredentials.forEach(e=>{e.id=s.default.bufferDecode(e.id)});const a={publicKey:r};e.platform.webauthn.createCredentials(a).then(t=>{t?(e.credential=t,n(i.next)):o(new c.default("Failed to create FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyRegistrationError({error:t,options:a,platform:e.platform});r instanceof d.FidoOptionsError&&"InvalidStateError"===r.name?this.handler?(this.log.trace("Passkey handler callback has been defined"),this.handler().then(t=>{t===h.AuthResponseStatus.Accept?this.parseCredRequestOptions(i,e).then(n).catch(o):o(new c.default(`${f.USER_NOT_ACCEPTING_RESPONSE}: ${t}`))}).catch(o)):(this.log.trace("Passkey handler callback is null, go ahead with passkey discoverable as default behavior"),this.parseCredRequestOptions(i,e).then(n).catch(o)):o(r)})})}parseCredRequestOptions(e,t){return new Promise((r,i)=>{const n=e.data;if(null==n?void 0:n.credRequestOptions){const s=n.credRequestOptions;this.getCredentials(t,s,e).then(r).catch(i)}else i(new c.default(f.NO_REQUEST_CREDS_FOUND))})}getCredentials(e,t,r){return this.log.trace("Trying get existing FIDO credentials"),new Promise((i,n)=>{var o,a;if(0==(null===(o=t.allowCredentials)||void 0===o?void 0:o.length))n(new c.default("AllowCredentials array should not be empty when call getCredentials()"));else{t.challenge=s.default.bufferDecode(t.challenge),t.allowCredentials&&(null===(a=t.allowCredentials)||void 0===a||a.forEach(e=>{e.id=s.default.bufferDecode(e.id)}));const o={publicKey:t};e.platform.webauthn.getCredentials(o).then(t=>{t?(e.credential=t,i(r.next)):n(new c.default("Failed to load FIDO2 credentials"))}).catch(t=>{const r=d.FidoOptionsError.identifyAuthenticationError({error:t,options:o,platform:e.platform});n(r)})}})}}t.DevicePassiveActions=f,f.NO_REQUEST_CREDS_FOUND="Passkey has already been registered but found no CredentialRequestOptions in the fido/register/start response payload",f.NO_CREDS_FOUND="Neither credCreateOptions nor credRequestOptions are found in the fido/register/start response payload",f.USER_NOT_ACCEPTING_RESPONSE="User not accepting to continue by reusing the existing passkey with user response";class p extends f{constructor(e,t,r){super(e,t),this.name=p.NAME,this.role=null!=r?r:u.DeviceRole.Primary,this.log=n.LoggerFactory.getLogger("device-passive-step")}execute(e){return this.role==u.DeviceRole.Secondary?this.waitForStatus(e):e.platform.isFidoSupported()&&e.uvLevel!==a.UserVerificationLevel.Discouraged?e.settings.deviceId?e.settings.fidoPasskeyRegistered?this.verify(e):Promise.resolve(o.default.NAME):new Promise((t,r)=>{e.getDeviceContextData().then(i=>{const n={fingerprint:i};this.register(e,n).then(t).catch(r)}).catch(i=>{const n=`Unexpected error happened during Device Context data collection: ${i.message}`;this.log.warn(n),this.log.warn(i);const s={fingerprint:{error:n}};this.register(e,s).then(t).catch(r)})}):Promise.resolve(o.default.NAME)}}p.NAME="device/passive",t.default=p},2757:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=n(r(8525)),a=r(5166),c=r(1027);class u{static create(e){return e.searchParams.set("r","f"),new u(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v1")}handle(){var e,t;return i(this,void 0,void 0,function*(){let r;const i=this.url.searchParams.get("vfp");let n=this.url;for(this.logger.debug(`current vfp ${i}`);;){try{r=yield(0,c.fetchAuth)(n,{})}catch(e){throw new o.default(a.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(r.url),r.status>=300&&r.status<400){const s=new c.RawURL(null!==(e=r.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${s}`);const o=null!==(t=s.searchParams.get("vfp"))&&void 0!==t?t:s.searchParams.get("token");if(o&&o!==i)return this.logger.debug(`vfp changed to ${o}`),o;n=s}else{if(r.status>=200&&r.status<300){let e;try{e=yield r.json()}catch(e){throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new o.default(a.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,c.handleHttpError)(r)}}})}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=u},2801:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473);class o{constructor(e){this.log=s.LoggerFactory.getLogger("scan-message-step"),this.name=o.NAME,this.authMessageHandler=e}execute(e){return new Promise((t,r)=>{this.authMessageHandler?(e.authMessage||(this.log.warn("Auth message is missing"),e.authMessage={}),this.authMessageHandler(e.authMessage).then(i=>{e.fetchFromBackend("/v1/client/user/response",{response:i}).then(e=>{e.error?r(new n.default(e.error.message,e.error.code,e.next,!1)):t(e.next)})}).catch(r)):r(new n.default("Failed to process auth message, the handler was not specified"))})}}o.NAME="scan/message",t.default=o},2958:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.MobileAuthImplementation=void 0;const n=r(1375),s=i(r(9648)),o=i(r(2746)),a=i(r(7900)),c=i(r(9438)),u=i(r(4070)),l=i(r(390)),d=i(r(2801)),h=i(r(7466)),f=i(r(8324)),p=i(r(3922)),g=i(r(5462)),v=r(4934),m=i(r(4878)),_=r(2473),E=i(r(5620)),w=r(7651),b=r(2713),S=r(2198);var y;!function(e){e.Pixel="pixel",e.Fetch="fetch"}(y||(t.MobileAuthImplementation=y={})),t.default=class{constructor(){this.role=S.DeviceRole.Primary,this.mobileAuthImplementation=y.Fetch,this.upkEnabled=!1,this.ppbEnabled=!1,this.docvEnabled=!1,this.log=_.LoggerFactory.getLogger("authenticator-builder"),"undefined"!=typeof window&&(this.storage=window.localStorage,this.platform=new n.WebPlatform)}withDeviceContext(e){return this.deviceContextOptions=e,this}withAuthFinishStep(e){return this.authFinishStep="function"==typeof e?{execute:t=>e(t)}:e,this}withDisplayName(e){return this.getDisplayName="function"==typeof e?e:()=>e,this}withAuthMessageHandler(e){return this.authMessageHandler=e,this}withStorage(e){return this.storage=e,this}withPlatform(e){return this.platform=e,this}withRole(e){return this.role=e,this}withMobileAuthImplementation(e){return this.mobileAuthImplementation=e,this}withDeviceIpAddress(e){return this.getDeviceIp="function"==typeof e?e:()=>e,this}withOtpFallback(e,t){return this.otpStartStep="function"==typeof e?{execute:e}:e,this.otpFinishStep="function"==typeof t?{execute:t}:t,this}withInstantLinkFallback(e,t){return this.instantLinkStartStep="function"==typeof e?{execute:e}:e,this.instantLinkRetryStep="function"==typeof t?{execute:t}:t,this}withUniversalProveKey(e){return this.userConsentStep=e?"function"==typeof e?{execute:e}:e:{execute:()=>Promise.resolve({consentGranted:!0})},this.upkEnabled=null!=this.userConsentStep,this}withPrivacyPreservingBiometrics(e,t){return this.ppbEnabled=!0,this.ppbStartStep="function"==typeof e?{execute:e}:e,this.ppbFinishStep="function"==typeof t?{execute:t}:t,this}withDocumentVerification(e,t){return this.docvEnabled=!0,this.docvStartStep="function"==typeof e?{execute:e}:e,this.docvFinishStep="function"==typeof t?{execute:t}:t,this}withPasskeyAlreadyExistCallback(e){return this.passkeyCreationHandler=e,this}build(){if(!this.platform)throw new Error("Implementation of Platform is required");if(!this.storage)throw new Error("Implementation of Storage is required");const e=new E.default(this.storage);e.upkEnabled=this.upkEnabled,this.deviceContextOptions&&this.platform.initDeviceContext(this.deviceContextOptions);const t=this.getAuthSteps(this.role);return new m.default(this.platform,e,this.authFinishStep,t)}getAuthSteps(e){switch(this.role){case S.DeviceRole.Primary:return[new g.default(this.upkEnabled),new v.DeviceUniversalRedirectExchangeStep,new v.DeviceUniversalRedirectFinishStep,new o.default(this.getDisplayName,this.passkeyCreationHandler,this.role),new p.default(this.getDisplayName,this.passkeyCreationHandler),new f.default(this.upkEnabled,this.userConsentStep),new s.default,new a.default,new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new l.default(this.otpStartStep,this.otpFinishStep),new d.default(this.authMessageHandler),new h.default,new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new b.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];case S.DeviceRole.Secondary:return[new o.default(this.getDisplayName,void 0,this.role),new c.default(this.mobileAuthImplementation,this.getDeviceIp),new u.default(this.instantLinkStartStep,this.instantLinkRetryStep,this.getDeviceIp),new w.UserPpbEnrollStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new w.UserPpbVerifyStep(this.ppbEnabled,this.ppbStartStep,this.ppbFinishStep),new b.UserDocVerifyStep(this.docvEnabled,this.docvStartStep,this.docvFinishStep)];default:throw new Error(`Unknown role: ${this.role}`)}}}},3020:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(5166),a=n(r(8525)),c=r(1027);class u{static create(e){var t;const r=e.searchParams.get("data");if(!r)throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing in url");let i,n,s,l;try{const e=c.Base64.decode(r);console.log("decoded",e),i=JSON.parse(e)}catch(e){throw console.error(e),new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - cannot parse as json")}try{n=new c.RawURL(null!==(t=i.url)&&void 0!==t?t:"")}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing/invalid url field")}try{s=i.vfp}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing vfp field")}try{l=i.data}catch(e){throw new a.default(o.ErrorCode.AUTH_MALFORMED_INPUT_DATA,"Invalid flow.v2 data - missing data field")}return new u(n,s,l,i["att-1004"])}constructor(e,t,r,i){this.url=e,this.vfp=t,this.data=r,this.att1004=i,this.logger=s.LoggerFactory.getLogger("flow-v2")}handle(){var e;return i(this,void 0,void 0,function*(){let t=!1,r=JSON.parse(JSON.stringify(this.data));for(;;){let i;try{i=yield(0,c.fetchAuth)(this.url,{method:"POST",body:r})}catch(e){throw new a.default(o.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(i.status>=200&&i.status<300){const n=yield i.text();if(this.logger.trace(`att response body: ${n}`),!t)try{if(1004===JSON.parse(n).status){const i=null!==(e=this.att1004)&&void 0!==e?e:["application-id"];if(i){t=!0,this.logger.debug(`flow v2.5 detected, use application-id: ${i}`),r.put("application-id",i);continue}this.logger.debug("missing att1004.application-id, continue flow v2")}}catch(e){}const s=c.Base64.encode(n);return`${this.vfp}___${s}${t?"___R2":""}`}if(i.status>=300&&i.status<400)throw new a.default(o.ErrorCode.AUTH_INVALID_RESPONSE,"Unexpected redirect in flow v2");yield(0,c.handleHttpError)(i)}})}}t.default=u},3040:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceContextIntegration=t.PpbIntegration=t.ExternalIntegration=void 0;const i=r(2473);class n{constructor(e){this.name=e,n.activate(this)}static getInstance(e){const t=n.instances;if(!t.has(e))throw new Error(`${e} integration is not available`);return t.get(e)}static activate(e){n.instances.has(e.name)?n.log.debug(`${e.name} integration already activated, ignoring`):(n.instances.set(e.name,e),n.log.info(`${e.name} integration activated`))}}t.ExternalIntegration=n,n.log=i.LoggerFactory.getLogger("external-integrations"),n.instances=new Map;class s extends n{static get instance(){return n.getInstance(s.NAME)}constructor(){super(s.NAME)}}t.PpbIntegration=s,s.NAME="PPB";class o extends n{static get instance(){return n.getInstance(o.NAME)}constructor(){super(o.NAME)}}t.DeviceContextIntegration=o,o.NAME="DeviceContext"},3743:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.LogLevel=t.LoggerFactory=t.DeviceDescriptor=t.StepCode=t.ErrorCode=t.AuthenticatorBuilder=t.VERSION_CODE=t.VERSION_NAME=void 0;const n=r(7464);Object.defineProperty(t,"VERSION_NAME",{enumerable:!0,get:function(){return n.VERSION_NAME}}),Object.defineProperty(t,"VERSION_CODE",{enumerable:!0,get:function(){return n.VERSION_CODE}});const s=i(r(9205));t.AuthenticatorBuilder=s.default;const o=r(5166);Object.defineProperty(t,"ErrorCode",{enumerable:!0,get:function(){return o.ErrorCode}});const a=r(3796);Object.defineProperty(t,"StepCode",{enumerable:!0,get:function(){return a.StepCode}});const c=i(r(8182));t.DeviceDescriptor=c.default;const u=r(5111);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return u.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return u.LogLevel}})},3796:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.StepCode=void 0,(r=t.StepCode||(t.StepCode={}))[r.PRE_CHECK=16]="PRE_CHECK",r[r.DEVICE_DESCRIPTOR=32]="DEVICE_DESCRIPTOR",r[r.START=48]="START",r[r.AUTHENTICATION=64]="AUTHENTICATION",r[r.FINISH=80]="FINISH"},3922:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(2746);class s extends n.DevicePassiveActions{constructor(e,t){super(e,t),this.name=s.NAME,this.log=i.LoggerFactory.getLogger("device-passive-stepup-step")}execute(e){return e.platform.isFidoSupported()?e.settings.deviceId?e.settings.fidoPasskeyRegistered?Promise.reject(new Error("FIDO2 Passkey is already registered")):new Promise((t,r)=>{this.register(e).then(t).catch(r)}):Promise.reject(new Error("Device is not registered")):Promise.reject(new Error("FIDO2 is not supported"))}}s.NAME="device/passive/stepup",t.default=s},4070:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=r(5014),o=r(9306),a=i(r(9316)),c=r(7968),u=i(r(390));class l extends c.AuthStatusActions{constructor(e,t,r){super(),this.name=l.NAME,this.log=n.LoggerFactory.getLogger("mobile-instantlink-step"),this.startStep=e,this.retryStep=t,this.getDeviceIp=null!=r?r:()=>null}execute(e){return this.log.debug("Executing"),new Promise((t,r)=>{var i,n,s,o=!0;(null===(s=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.mob)||void 0===n?void 0:n.auths.inln)||void 0===s?void 0:s.mnp)&&(o=!1),this.runStartStep(e,o).catch(r),this.waitForStatus(e).then(t).catch(r)})}runStartStep(e,t,r){return new Promise((i,n)=>{this.startStep?this.startStep.execute(t,r).then(r=>{const s=u.default.validatePhoneNumberInput(r);s?n(s):e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:null==r?void 0:r.phoneNumber}).then(r=>{const s=r;if(s.error)n(new a.default(s.error.message,s.error.code,r.next,!1));else if(s.data){const r=s.data,a=r.code;var c="";a&&(c+=`Error Code: ${a}, `),r.message?c+=`${r.message}`:c+="Error validating phone number.";let u=new o.PhoneValidationError(c,r.code);this.runStartStep(e,t,u).then(i).catch(n)}else this.retryStep?this.runRetryStep(e).then(i).catch(n):i(s.next)}).catch(n)}).catch(n):n(new Error("InstantLink start step must be specified"))})}runRetryStep(e){return new Promise((t,r)=>{this.retryStep?this.retryStep.execute().then(i=>{i===s.InstantLinkResultType.OnResend?e.fetchFromBackend("/v1/client/mobile/instantlink/start",{sourceIp:this.getDeviceIp(),mobileNumber:""}).then(t=>{const i=t;i.error?r(new a.default(i.error.message,i.error.code,t.next,!1)):this.runRetryStep(e)}).catch(r):i===s.InstantLinkResultType.OnMobileNumberChange?this.runStartStep(e,!0).then(t).catch(r):this.log.warn("Unknown enum of ",i)}).catch(r):(this.log.debug("Retry step doesn't exist, skip."),t(""))})}}l.NAME="mobile/instantlink",t.default=l},4473:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{}r.ERROR_AUTHENTICATION_FAILURE=1e4,r.ERROR_AUTHENTICATION_EXTERNAL_FAILURE=10001,r.ERROR_AUTHENTICATION_CLIENT_FAILURE=10002,r.ERROR_AUTHENTICATION_PROHIBITED_ACTION=10003,r.ERROR_MISSING_AUTHENTICATOR_COMPLETION=10004,r.ERROR_MAX_ATTEMPTS=10005,r.ERROR_NO_DEVICE_FOUND=10006,t.default=r},4831:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(4878)),a=i(r(9648)),c=i(r(8324)),u=i(r(2746)),l=i(r(7900)),d=i(r(9438)),h=i(r(4070)),f=i(r(390)),p=i(r(1011)),g=i(r(3922)),v=r(4934),m=r(7651),_=r(2713);class E{constructor(e){if(this.logger=n.LoggerFactory.getLogger("report-error-step"),this._message=E.DEFAULT_MESSAGE,this.reportable=!0,this.name="error",e instanceof s.default){const t=e;this._message=t.message,this._code=t.code,this.nextStep=t.nextStep,this.reportable=t.reportable}else e&&(this._message=s.default.extractMessage(e));this._message||this.logger.warn("Unexpected error: "+e)}get code(){return this._code}get message(){return this._message}execute(e){var t;let r=`Authentication step ${e.lastStep} failed`;if(this._code&&(r=r+", code: "+this._code),this._message&&(r=r+", message: "+this._message),this.logger.error(r),this.nextStep===o.default.AUTH_DONE)return Promise.resolve(o.default.AUTH_DONE);const i=e.lastStep?E.endpointMap.get(e.lastStep):void 0;if(i&&this.reportable)return new Promise((t,r)=>{e.fetchFromBackend(`/v1/client/${i}/error`,{code:this._code?this._code:void 0,message:this._message}).then(e=>t(e.next)).catch(r)});if(this.nextStep)return Promise.resolve(this.nextStep);{const e=null!==(t=this._message)&&void 0!==t?t:E.DEFAULT_MESSAGE;return Promise.reject(new s.default(e,this._code,void 0,!1))}}}E.endpointMap=new Map([[u.default.NAME,"device/passive"],[c.default.NAME,"device/passive"],[a.default.NAME,"device/fido2"],[l.default.NAME,"device/fido2"],[g.default.NAME,"device/fido2"],[v.DeviceUniversalRedirectExchangeStep.NAME,"device/universal"],[v.DeviceUniversalRedirectFinishStep.NAME,"device/universal"],[d.default.NAME,"mobile/instant"],[h.default.NAME,"mobile/instantlink"],[f.default.NAME,"mobile/otp"],[p.default.NAME,"user/mobileactive"],[m.UserPpbEnrollStep.NAME,"user/ppb"],[m.UserPpbVerifyStep.NAME,"user/ppb"],[_.UserDocVerifyStep.NAME,"user/docv"]]),E.DEFAULT_MESSAGE="Unexpected error, authentication cannot continue",t.default=E},4878:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(2403)),o=i(r(9173)),a=i(r(9316)),c=i(r(4831)),u=i(r(4473));class l{constructor(e,t,r,i){if(this.steps=new Map,this.log=n.LoggerFactory.getLogger("main-authenticator"),this.platform=e,this.authFinishStep=r,this.settings=t,i)for(let e of i){if(e.name in this.steps)throw new Error(`Step ${e.name} is already registered`);this.steps.set(e.name,e)}}isPasskeyRegistered(){return this.settings.fidoPasskeyRegistered}isFidoSupported(){return this.platform.isFidoSupported()}isDeviceRegistered(){return null!==this.settings.deviceId}isMobileWeb(){const e=this.platform.getUserAgent();return null!==e&&/Mobi|Android|webOS|iPhone|iPad|BlackBerry|Opera Mini/i.test(e)}getDeviceId(){return this.settings.deviceId}resetDeviceSettings(){this.settings.reset(),this.platform.deviceAuth.reset()}authenticate(e){return new s.default((t,r,i)=>{e||r(new Error("No authentication token provided")),this.authFinishStep||r(new Error("AuthFinish step must be specified"));try{const n=new o.default(this.settings,this.platform,e),s=this.process(n);i(()=>s.cancel()),s.then(()=>{var e;if(n.lastStep!==l.AUTH_EMPTY)return this.log.info("Authentication flow has been completed."),null===(e=this.authFinishStep)||void 0===e?void 0:e.execute({authId:n.authId});this.log.info("Next step is not provided, authentication flow is terminated without completion."),t()}).then(t).catch(r)}catch(e){r(e)}})}unregisterDevice(){return this.isDeviceRegistered()?new Promise((e,t)=>{this.unregister("/v1/client/device/unregister").then(()=>{this.resetDeviceSettings(),e()}).catch(t)}):Promise.resolve()}unregisterPasskey(){return this.settings.fidoPasskeyRegistered?new Promise((e,t)=>{this.unregister("/v1/client/stepup/unregister").then(()=>{this.settings.fidoPasskeyRegistered=!1,e()}).catch(t)}):Promise.resolve()}unregister(e){return new Promise((t,r)=>{try{new o.default(this.settings,this.platform).fetchFromBackend(e,{deviceId:this.getDeviceId()}).then(e=>{e.error?r(new a.default(e.error.message,e.error.code,e.next,!1)):t()}).catch(r)}catch(e){r(e)}})}process(e){return new s.default((t,r,i)=>{i(()=>{this.log.info("Canceled"),e.closeAllMessageChannels(),t()}),this.nextStep(e,e.next,1).then(t).catch(r)})}nextStep(e,t,r){return this.log.debug(`Authentication attempt ${r}, next step: ${t}`),e.lastStep=t,new Promise((i,n)=>{[l.AUTH_DONE,l.AUTH_EMPTY].includes(t)?(!e.settings.deviceId&&e.settings.fingerPrintTimestamp&&e.resetFptts(),i()):r>l.MAX_ATTEMPTS?n(new a.default("Too many authentication steps",u.default.ERROR_MAX_ATTEMPTS)):this.getNextStep(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(t=>new c.default(t).execute(e).then(t=>this.nextStep(e,t,r+1)).then(i).catch(n))})}getNextStep(e){return this.steps.get(e)||new c.default("Unknown authentication step: "+e)}}l.AUTH_DONE="done",l.AUTH_EMPTY="",l.MAX_ATTEMPTS=50,t.default=l},4934:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.DeviceUniversalRedirectExchangeStep=t.DeviceUniversalRedirectFinishStep=t.DeviceUniversalRedirectBaseStep=void 0;const n=i(r(9316));class s{constructor(){this.name=""}execute(e){return new Promise((t,r)=>{var i,s,o,a,c,u;let l=null===(u=null===(c=null===(a=null===(o=null===(s=null===(i=e.claims)||void 0===i?void 0:i.auth)||void 0===s?void 0:s.subs)||void 0===o?void 0:o.dev)||void 0===a?void 0:a.auths)||void 0===c?void 0:c.unvsl)||void 0===u?void 0:u.ftu;if(void 0!==l&&l){l+=`?authId=${e.authId}`;let i="";if("redirect/exchange"===this.name)i="authexchange";else{if("redirect/finish"!==this.name)return void r(new n.default(`Unknown UPK Step: ${this.name}`,0,e.next,!0));i="authfinish"}l+=`&next=${i}`,e.platform.urlRedirect(l),t("")}else r(new n.default("AuthToken claims do not contain final target URL",0,e.next,!0))})}}t.DeviceUniversalRedirectBaseStep=s;class o extends s{constructor(){super(...arguments),this.name=o.NAME}}t.DeviceUniversalRedirectFinishStep=o,o.NAME="redirect/finish";class a extends s{constructor(){super(...arguments),this.name=a.NAME}}t.DeviceUniversalRedirectExchangeStep=a,a.NAME="redirect/exchange"},4963:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PixelFinishStep=void 0;const s=n(r(1132)),o=r(5111),a=r(1027),c=r(7464);t.default=class{constructor(){this.logger=o.LoggerFactory.getLogger("pixel-authentication-step")}execute(e){return i(this,void 0,void 0,function*(){this.logger.info("use pixel");const t=(0,a.toURL)(e.authUrl);let r;if(t.searchParams.get("testVfp"))this.logger.info("test flow detected"),r=s.default.create(t);else{if("2"===t.searchParams.get("pfflow"))throw new Error("flow v2 detected but not supported by pixel auth implementation");if("3"===t.searchParams.get("pfflow"))throw new Error("flow v3 detected but not supported by pixel auth implementation");this.logger.info("flow v1 detected"),r=new u(t)}return{vfp:yield r.handle()}})}};class u{constructor(e){this.url=e,this.logger=o.LoggerFactory.getLogger("pixel-flow-v1")}handle(){return i(this,void 0,void 0,function*(){return new Promise((e,t)=>{this.url.searchParams.set("sdkVersion",c.VERSION_NAME);const r=document.createElement("img");r.onload=()=>{this.logger.trace("pixel loaded"),e("")},r.onerror=()=>{this.logger.trace("pixel load error"),t(new Error("pixel load error"))},r.src=this.url.toString()})})}}t.PixelFinishStep=class{execute(e){return Promise.resolve(void 0)}}},5014:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=void 0,function(e){e[e.OnResend=0]="OnResend",e[e.OnMobileNumberChange=1]="OnMobileNumberChange"}(r||(t.InstantLinkResultType=r={}))},5111:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.LoggerFactory=t.LogLevel=void 0,function(e){e[e.disabled=0]="disabled",e[e.error=1]="error",e[e.warn=2]="warn",e[e.info=3]="info",e[e.debug=4]="debug",e[e.trace=5]="trace"}(r=t.LogLevel||(t.LogLevel={}));class i{static setLogLevel(e){i.logLevel=e}static setLogWriter(e){i.logWriter=e}static getLogger(e){return{trace:(...e)=>{i.logLevel>=r.trace&&i.logWriter.write(r.trace,...e)},debug:(...e)=>{i.logLevel>=r.debug&&i.logWriter.write(r.debug,...e)},info:(...e)=>{i.logLevel>=r.info&&i.logWriter.write(r.info,...e)},warn:(...e)=>{i.logLevel>=r.warn&&i.logWriter.write(r.warn,...e)},error:(...e)=>{i.logLevel>=r.error&&i.logWriter.write(r.error,...e)}}}}i.logWriter=new class{write(e,...t){switch(e){case r.trace:case r.debug:console.debug(...t);break;case r.info:console.info(...t);break;case r.warn:console.warn(...t);break;case r.error:console.error(...t)}}},i.logLevel=r.info,t.LoggerFactory=i},5166:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.ErrorCode=void 0,(r=t.ErrorCode||(t.ErrorCode={}))[r.GENERIC_UNKNOWN_REASON=0]="GENERIC_UNKNOWN_REASON",r[r.GENERIC_TIMEOUT=1]="GENERIC_TIMEOUT",r[r.GENERIC_INVALID_STATE=2]="GENERIC_INVALID_STATE",r[r.GENERIC_COMMUNICATION_ERROR=3]="GENERIC_COMMUNICATION_ERROR",r[r.PRE_CHECK_AIRPLANE_MODE_ENABLED=17]="PRE_CHECK_AIRPLANE_MODE_ENABLED",r[r.PRE_CHECK_NO_CELLULAR_RADIO=18]="PRE_CHECK_NO_CELLULAR_RADIO",r[r.PRE_CHECK_NO_CELLULAR_CONNECTION=19]="PRE_CHECK_NO_CELLULAR_CONNECTION",r[r.PRE_CHECK_WIFI_CALLING_ENABLED=20]="PRE_CHECK_WIFI_CALLING_ENABLED",r[r.PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN=21]="PRE_CHECK_WIFI_CANNOT_BE_OVERRIDDEN",r[r.AUTH_MALFORMED_INPUT_DATA=65]="AUTH_MALFORMED_INPUT_DATA",r[r.AUTH_BAD_CREDENTIALS=66]="AUTH_BAD_CREDENTIALS",r[r.AUTH_VFP_KEY_EXPIRED=67]="AUTH_VFP_KEY_EXPIRED",r[r.AUTH_INVALID_RESPONSE=68]="AUTH_INVALID_RESPONSE"},5462:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316)),o=i(r(8324));class a{constructor(e){this.log=n.LoggerFactory.getLogger("device-universal-step"),this.name=a.NAME,this.forUPK=!1,this.forUPK=e}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{var i,n,a;if(this.forUPK)t(o.default.NAME);else{let o=null===(a=null===(n=null===(i=e.claims)||void 0===i?void 0:i.auth.subs.dev)||void 0===n?void 0:n.auths.unvsl)||void 0===a?void 0:a.endp;void 0!==o&&o?(o+=`?authId=${e.authId}&authtoken=${e.authToken}`,e.platform.urlRedirect(o),t("")):r(new s.default("AuthToken claims do not contain universal redirect URL",0,e.next,!0))}})}}a.NAME="device/universal",t.default=a},5620:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473);class n{constructor(e){this.log=i.LoggerFactory.getLogger("settings"),this.upkEnabled=!1,this.storage=e}reset(){this.log.trace("reset"),this.deviceId=null,this.namespace=null,this.fidoPasskeyRegistered=!1,this.fingerPrintTimestamp=null}get deviceId(){return this.storage.getItem(this.getKey(n.DEVICE_ID_KEY))}set deviceId(e){this.setOrRemove(n.DEVICE_ID_KEY,e)}get fidoPasskeyRegistered(){return"true"===this.storage.getItem(this.getKey(n.FIDO_PASSKEY_REGISTERED_KEY))}set fingerPrintTimestamp(e){const t=null!==e?e.toString():null;this.setOrRemove(n.FP_TIMESTAMPT,t)}get fingerPrintTimestamp(){const e=this.storage.getItem(this.getKey(n.FP_TIMESTAMPT));if(!e)return null;let t=parseInt(e);return isNaN(t)?null:t}set fidoPasskeyRegistered(e){this.setOrRemove(n.FIDO_PASSKEY_REGISTERED_KEY,e?"true":null)}get namespace(){return this.storage.getItem(this.getKey(n.NAMESPACE_KEY))}set namespace(e){this.log.trace("namespace set to "+e),this.setOrRemove(n.NAMESPACE_KEY,e)}getKey(e){return`${n.KEY_PREFIX}.${e}`}setOrRemove(e,t){t?this.storage.setItem(this.getKey(e),t):this.storage.removeItem(this.getKey(e))}}n.KEY_PREFIX="ProveAuth",n.DEVICE_ID_KEY="DeviceId",n.NAMESPACE_KEY="namespace",n.FIDO_PASSKEY_REGISTERED_KEY="fidoPasskeyRegistered",n.FP_TIMESTAMPT="fingerPrintTimestamp",t.default=n},5667:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=n(r(8182));t.default=class{execute(e){var t;return i(this,void 0,void 0,function*(){return{deviceDescriptor:null!==(t=e.providedDeviceDescriptor)&&void 0!==t?t:new s.default}})}}},5683:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5166),o=n(r(8182)),a=n(r(8525));t.default=class{constructor(e){this.ipQueryUrl=null!=e?e:"https://whatismyip.proveapis.com/whatismyip"}execute(e){return i(this,void 0,void 0,function*(){if(e.providedDeviceDescriptor)return{deviceDescriptor:e.providedDeviceDescriptor};const t=yield fetch("https://whatismyip.proveapis.com/whatismyip");if(t.ok)return{deviceDescriptor:new o.default(yield t.text())};throw new a.default(s.ErrorCode.GENERIC_COMMUNICATION_ERROR,`ip api response=${t.status}`)})}}},7464:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.VERSION_CODE=t.VERSION_NAME=void 0,t.VERSION_NAME="3.1.0",t.VERSION_CODE=30100},7466:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316));class s{constructor(){this.name=s.NAME}execute(e){return Promise.reject(new n.default(`Step ${this.name} is not supported`))}}s.NAME="user/mobileactive",t.default=s},7651:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.UserPpbVerifyStep=t.UserPpbEnrollStep=void 0;const n=r(2473),s=i(r(9316));class o{constructor(e,t,r,i){this.log=n.LoggerFactory.getLogger("user-ppb-base-step"),this.enabled=e,this.operation=t,this.startStep=r,this.finishStep=i}execute(e){if(!this.enabled)return Promise.reject(new s.default("PPB is not enabled"));const t=e.lastData;if(!t||!t.ppb)return Promise.reject(new s.default("PPB session is not initialized"));const r=()=>{try{return this.startStep?this.startStep.execute(this.operation):Promise.resolve()}catch(e){return this.log.warn("PPB start step has failed:",e),Promise.reject(e)}},i=e=>{try{return this.finishStep?this.finishStep.execute(this.operation,e):Promise.resolve()}catch(e){return this.log.warn("PPB finish step has failed:",e),Promise.reject(e)}};return new Promise((n,o)=>{r().then(()=>{var r,i,n,s,o;return this.log.debug("Activating AuthID web component"),e.platform.activatePpb({ppbOperation:this.operation,endpointUrl:null===(n=null===(i=null===(r=e.claims)||void 0===r?void 0:r.auth.subs.usr)||void 0===i?void 0:i.auths.ppb)||void 0===n?void 0:n.endp,operationId:null===(s=t.ppb)||void 0===s?void 0:s.operationId,oneTimeSecret:null===(o=t.ppb)||void 0===o?void 0:o.oneTimeSecret})}).catch(e=>{this.log.error("AuthID web component failed:",e),i(e).then(()=>o(e))}).then(r=>{var i;return this.log.info("PPB authentication result",r),e.fetchFromBackend("/v1/client/user/ppb/finish",{requestId:crypto.randomUUID(),operationId:null===(i=t.ppb)||void 0===i?void 0:i.operationId})}).then(e=>{var t,r;const a=e;if(a.error){const n=null!==(r=null===(t=e.error)||void 0===t?void 0:t.message)&&void 0!==r?r:"PPB authentication failed";i(new Error(n)).then(()=>o(new s.default(e.error.message,e.error.code,e.next,!1)))}else i().then(()=>n(a.next))}).catch(o)})}}class a extends o{constructor(e,t,r){super(e,"enroll",t,r),this.name=a.NAME}}t.UserPpbEnrollStep=a,a.NAME="user/ppb/register";class c extends o{constructor(e,t,r){super(e,"verify",t,r),this.name=c.NAME}}t.UserPpbVerifyStep=c,c.NAME="user/ppb/verify"},7657:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.UserVerificationLevel=void 0,function(e){e.Discouraged="none",e.Preferred="pref",e.Required="req"}(r||(t.UserVerificationLevel=r={}))},7844:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.WebSocketCloseReasons=void 0,function(e){e.NORMAL_CLOSURE="Normal closure",e.GOING_AWAY="The connection is closed because a server is going down or a browser has navigated away from the page.",e.PROTOCOL_ERROR="The connection is closed due to a protocol error",e.UNSUPPORTED_DATA="The connection is closed because it has received unsupported data",e.NO_STATUS_RECEIVED="No closed status code was actually present.",e.ABNORMAL_CLOSURE="The connection was closed unexpectedly without a close frame",e.INVALID_FRAME_PAYLOAD_DATA="The connection was closed because it received inconsistent data in a message.",e.POLICY_VIOLATION="The connection was closed due to policy violation",e.MESSAGE_TOO_BIG="The connection was closed because it has received a message that is too big for it to process.",e.MANDATORY_EXTENSION="The connection was closed because the client required a server extension that was not supported.",e.INTERNAL_ERROR="The connection was closed because the server encountered an unexpected error",e.TLS_HANDSHAKE="The connection was closed due to a failure to perform a TLS handshake",e.UNKNOWN_REASON="Unknown reason"}(r||(t.WebSocketCloseReasons=r={}))},7900:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316));class a{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-verify-step"),this.name=a.NAME}execute(e){return new Promise((t,r)=>{a.runFidoVerify(this.log,e).then(t).catch(r)})}static runFidoVerify(e,t){return new Promise((r,i)=>{a.makeFidoVerifyFinishRequest(e,t).then(r).catch(i)})}static makeFidoVerifyFinishRequest(e,t){return new Promise((r,i)=>{const s=t.credential,a=s.response;t.fetchFromBackend("/v1/client/device/fido2/verify/finish",{webAuthnAssertion:{type:null==s?void 0:s.type,id:null==s?void 0:s.id,rawId:n.default.bufferEncode(null==s?void 0:s.rawId),response:{authenticatorData:n.default.bufferEncode(a.authenticatorData),clientDataJSON:n.default.bufferEncode(a.clientDataJSON),signature:n.default.bufferEncode(a.signature),userHandle:a.userHandle?n.default.bufferEncode(a.userHandle):void 0}}}).then(n=>{if(n.error)i(new o.default(n.error.message,n.error.code,n.next,!1));else{const i=n.data;i?(i.deviceId&&(t.settings.deviceId=i.deviceId),i.passkey&&(t.settings.fidoPasskeyRegistered=!0),i.scanMessage&&(t.authMessage=i.scanMessage)):e.warn("No data was received in the response"),t.settings.fidoPasskeyRegistered=!0,r(n.next)}}).catch(i)})}}a.NAME="device/passive/verify",t.default=a},7968:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.AuthStatusActions=void 0;const n=r(2473),s=i(r(9316));t.AuthStatusActions=class{constructor(){this.log=n.LoggerFactory.getLogger("auth-status-actions")}waitForStatus(e){var t=!1;return this.log.trace("Waiting for auth status"),new Promise((r,i)=>{const n=e.createMessageChannel("/v1/client/status?token="+encodeURIComponent(e.authToken),(e,r)=>{t||i(new s.default(`Failed to receive secondary authentication with status code ${r}. ${e}`))},e=>{t=!0,i(new s.default("Failed to receive secondary authentication status: "+e))},o=>{t=!0;try{this.log.debug("Secondary authentication status: "+o);const t=JSON.parse(o);t.error?i(new s.default(t.error.message,t.error.code,t.next,!1)):(e.lastStep=t.next,r(t.next))}catch(e){i(e)}finally{this.log.trace("Closing channel"),n.close()}})})}}},8156:function(e,t,r){var i,n=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),s=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),o=this&&this.__importStar||(i=function(e){return i=Object.getOwnPropertyNames||function(e){var t=[];for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[t.length]=r);return t},i(e)},function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r=i(e),o=0;o<r.length;o++)"default"!==r[o]&&n(t,e,r[o]);return s(t,e),t}),a=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.InstantLinkResultType=t.BuildConfig=t.PhoneValidationError=t.OtpError=t.OtpFinishResultType=t.MobileAuthImplementation=t.LogLevel=t.LoggerFactory=t.DeviceRole=t.CancelablePromise=t.AuthResponseStatus=t.DeviceContextIntegration=t.PpbIntegration=t.AuthenticatorBuilder=t.VERSION=void 0;const c=r(9031);Object.defineProperty(t,"VERSION",{enumerable:!0,get:function(){return c.VERSION}});const u=o(r(2958));t.AuthenticatorBuilder=u.default,Object.defineProperty(t,"MobileAuthImplementation",{enumerable:!0,get:function(){return u.MobileAuthImplementation}});const l=r(2198);Object.defineProperty(t,"DeviceRole",{enumerable:!0,get:function(){return l.DeviceRole}});const d=r(660);Object.defineProperty(t,"BuildConfig",{enumerable:!0,get:function(){return d.BuildConfig}});const h=r(9726);Object.defineProperty(t,"AuthResponseStatus",{enumerable:!0,get:function(){return h.AuthResponseStatus}});const f=r(2473);Object.defineProperty(t,"LoggerFactory",{enumerable:!0,get:function(){return f.LoggerFactory}}),Object.defineProperty(t,"LogLevel",{enumerable:!0,get:function(){return f.LogLevel}});const p=a(r(2403));t.CancelablePromise=p.default;const g=r(9306);Object.defineProperty(t,"PhoneValidationError",{enumerable:!0,get:function(){return g.PhoneValidationError}});const v=r(898);Object.defineProperty(t,"OtpError",{enumerable:!0,get:function(){return v.OtpError}}),Object.defineProperty(t,"OtpFinishResultType",{enumerable:!0,get:function(){return v.OtpFinishResultType}});const m=r(5014);Object.defineProperty(t,"InstantLinkResultType",{enumerable:!0,get:function(){return m.InstantLinkResultType}});const _=r(3040);Object.defineProperty(t,"PpbIntegration",{enumerable:!0,get:function(){return _.PpbIntegration}}),Object.defineProperty(t,"DeviceContextIntegration",{enumerable:!0,get:function(){return _.DeviceContextIntegration}})},8182:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r{static ip(e){return new r(e)}constructor(e,t,r){this.ip=e,this.mno=t,this.phoneNumber=r}toString(){return`ip=[${this.ip}] mno=[${this.mno}] phoneNumber=[${this.phoneNumber}]`}}t.default=r},8324:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=r(2473),s=i(r(9316));class o{constructor(e,t){this.name=o.NAME,this.log=n.LoggerFactory.getLogger("device-passive-silent-step"),this.forUPK=e,this.userConsentStep=null!=t?t:{execute:()=>Promise.resolve({consentGranted:!0})}}execute(e){return this.log.trace("Executing"),new Promise((t,r)=>{e.getDeviceRegistration().then(i=>{i?e.embedFpResultToDeviceRegistration(i).then(i=>{this.verify(e,i).then(t).catch(r)}):this.userConsentStep.execute().then(i=>{i.consentGranted?e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(t=>e.embedFpResultToDeviceRegistration(t)).then(t=>this.register(e,t)).then(t).catch(r):r(new Error("User denied the consent to register the device"))}).catch(r)}).catch(r)})}getBackendRegisterEndpoint(){return this.forUPK?"/v1/client/device/universal/register":"/v1/client/device/passive/register"}getBackendVerifyEndpoint(){return this.forUPK?"/v1/client/device/universal/verify":"/v1/client/device/passive/verify"}register(e,t){return this.log.trace("Registering"),new Promise((r,i)=>{t.getAuthRegistration(e.challenge).then(n=>{e.fetchFromBackend(this.getBackendRegisterEndpoint(),{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:[n],signals:t.getSignals()}).then(n=>{var o;if(n.error)i(new s.default(n.error.message,n.error.code,n.next,!1));else{(null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts();const a=n.data,c=null==a?void 0:a.deviceId;c||i(new s.default("Failed to register device, returned deviceId is null or empty",0,n.next)),e.settings.deviceId=c,null!=a.passkey&&(e.settings.fidoPasskeyRegistered=a.passkey),t.deviceId=c,this.log.debug("Device ID: "+c),a.scanMessage&&(e.authMessage=a.scanMessage),e.platform.deviceAuth.storeRegistration(t).then(()=>r(n.next)).catch(i)}}).catch(i)})})}verify(e,t){return this.log.trace("Verifying"),new Promise((r,i)=>{if(t.deviceId){const n=t.deviceId+":"+e.challenge;t.sign(n).then(n=>{e.fetchFromBackend(this.getBackendVerifyEndpoint(),{deviceId:t.deviceId,keyId:t.keyId,signature:n,signals:t.getSignals()}).then(n=>{var o;n.error?i(new s.default(n.error.message,n.error.code,n.next,!1)):((null===(o=t.getSignals().fingerprint)||void 0===o?void 0:o.results)&&e.markNewFptts(),r(n.next))}).catch(i)})}else i(new s.default("Failed to initiate verification, DeviceId is missing"))})}}o.NAME="device/passive/silent",t.default=o},8347:(e,t,r)=>{Object.defineProperty(t,"__esModule",{value:!0});const i=r(2473),n=r(9922),s=["/v1/client/stepup/unregister","/v1/client/device/unregister","/v1/client/device/passive/error","/v1/client/mobile/instant/error","/v1/client/mobile/otp/error","/v1/client/user/mobileactive","/v1/client/user/mobileactive/error"];t.default=class{constructor(e){this.log=i.LoggerFactory.getLogger("request-signer"),this.session=e}sign(e,t,r,i,n){return new Promise((o,a)=>{this.session.getDeviceRegistration().then(c=>c&&c.deviceId?s.includes(t)?void Promise.all([this.getChallenge(c.deviceId),this.getHash(n)]).then(n=>{const s=n[0],u=n[1],l=e+"\n"+t+"\n"+r+"\n"+i+"\n"+s+"\n"+u;c.sign(l).then(e=>o({version:"3",challenge:s,signature:e,keyId:c.keyId})).catch(a)}).catch(a):(this.log.debug("No signing needed for "+t),void o(null)):(this.log.debug("Device not registered, cannot sign"),void o(null))).catch(a)})}getChallenge(e){return new Promise((t,r)=>{this.cachedChallenge&&this.cachedChallenge.receivedAt&&this.cachedChallenge.ttl&&this.cachedChallenge.deviceId===e&&this.cachedChallenge.receivedAt+this.cachedChallenge.ttl-60>(0,n.getUnixTime)()?t(this.cachedChallenge.challenge):this.session.fetchFromBackend("/v1/client/challenge",{deviceId:e}).then(e=>e).then(e=>{var i;e.error?r(null===(i=e.error)||void 0===i?void 0:i.message):(e.receivedAt=(0,n.getUnixTime)(),this.cachedChallenge=e,t(e.challenge))}).catch(r)})}getHash(e){return new Promise((t,r)=>{crypto.subtle.digest("SHA-256",(0,n.stringToArrayBuffer)(e)).then(e=>t((0,n.arrayBufferToHexString)(e))).catch(r)})}}},8367:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(3796),a=n(r(2681)),c=r(5166);class u{constructor(e){this._providedDeviceDescriptor=e}get providedDeviceDescriptor(){return this._providedDeviceDescriptor}get deviceDescriptor(){return this._deviceDescriptor}get authUrl(){return this._authUrl}get vfp(){return this._vfp}}class l{constructor(){this.currentStep=o.StepCode.PRE_CHECK,this.timedOut=!1}}t.default=class{constructor(e,t,r,i,n=0){this.deviceDescriptorStep=e,this.startStepFunc=t,this.authenticationStep=r,this.finishStepFunc=i,this.timeout=n,this.logger=s.LoggerFactory.getLogger("auth")}executeStep(e,t,r,n){var s;return i(this,void 0,void 0,function*(){if(e.timedOut)throw new Error("timeout");try{e.currentStep=t,this.logger.debug(`execute step ${o.StepCode[t]}`);let i=yield r.execute(n);return this.logger.debug(`executed step ${o.StepCode[t]}`),i}catch(e){const r=null!==(s=e.errorCode)&&void 0!==s?s:c.ErrorCode.GENERIC_UNKNOWN_REASON;throw new a.default(t,r,e.message)}})}authenticate(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuth(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}findMyIp(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFindMyIP(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}startStep(e){return new Promise((t,r)=>{const i=new l;let n;this.timeout>0&&(n=setTimeout(()=>{i.timedOut=!0,r(new a.default(i.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeStartStep(i,e).then(e=>{i.timedOut||(clearTimeout(n),t(e))},e=>{i.timedOut||(clearTimeout(n),r(e))})})}authenticateWithRedirect(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeAuthWithRedirect(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}finishStep(e,t){return new Promise((r,i)=>{const n=new l;let s;this.timeout>0&&(s=setTimeout(()=>{n.timedOut=!0,i(new a.default(n.currentStep,c.ErrorCode.GENERIC_TIMEOUT,`authenticator timeout after ${this.timeout}ms`))},this.timeout)),this.executeFinishStep(n,e,t).then(e=>{n.timedOut||(clearTimeout(s),r(e))},e=>{n.timedOut||(clearTimeout(s),i(e))})})}executeAuth(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);r._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,r)).deviceDescriptor,this.logger.info(`deviceDescriptor=${r.deviceDescriptor}`),r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,r)).vfp,this.logger.info(`vfp=${r.vfp}`);const i=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,r);return this.logger.info("result",i),i})}executeFindMyIP(e,t){var r;return i(this,void 0,void 0,function*(){const i=new u(t);return i._deviceDescriptor=(yield this.executeStep(e,o.StepCode.DEVICE_DESCRIPTOR,this.deviceDescriptorStep,i)).deviceDescriptor,this.logger.info(`deviceDescriptor=${i.deviceDescriptor}`),null!==(r=i._deviceDescriptor.ip)&&void 0!==r?r:"undefined"})}executeStartStep(e,t){return i(this,void 0,void 0,function*(){const r=new u(t);return r._authUrl=(yield this.executeStep(e,o.StepCode.START,this.startStepFunc,r)).authUrl,this.logger.info(`authUrl=${r.authUrl}`),r._authUrl})}executeAuthWithRedirect(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);return i._authUrl=r,i._vfp=(yield this.executeStep(e,o.StepCode.AUTHENTICATION,this.authenticationStep,i)).vfp,this.logger.info(`vfp=${i.vfp}`),i._vfp})}executeFinishStep(e,t,r){return i(this,void 0,void 0,function*(){const i=new u(t);i._vfp=r;const n=yield this.executeStep(e,o.StepCode.FINISH,this.finishStepFunc,i);return this.logger.info("result",n),n})}}},8483:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(5111),o=r(7464),a=n(r(8525)),c=r(5166),u=r(1027),l=n(r(2459));class d{static create(e){return e.searchParams.set("r","f"),new d(e)}constructor(e){this.url=e,this.logger=s.LoggerFactory.getLogger("flow-v3"),this.cookies={}}handle(){var e,t;return i(this,void 0,void 0,function*(){const r=yield this.getFlowControl(this.url);let i;this.logger.info("ControlFlow retrieved"),this.url=new u.RawURL(r.firstUri);const n=this.url.searchParams.get("vfp");let s=this.url;for(this.logger.debug(`current vfp ${n}`);;){try{i=s.toString().includes("auth-api.tmtanalysis.com")?yield this.fetchTmt(s,r):yield this.fetch(s,r)}catch(e){throw new a.default(c.ErrorCode.GENERIC_COMMUNICATION_ERROR,e.message)}if(console.log(i.url),i.status>=r.redirectStatusMinimum&&i.status<=r.redirectStatusMaximum){const r=new u.RawURL(null!==(e=i.headers.get("Location"))&&void 0!==e?e:"");this.logger.debug(`redirect to ${r}`);const o=null!==(t=r.searchParams.get("vfp"))&&void 0!==t?t:r.searchParams.get("token");if(o&&o!==n)return this.logger.debug(`vfp changed to ${o}`),o;s=r}else{if(i.status>=200&&i.status<300){let e;try{e=yield i.json()}catch(e){throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,e.message)}this.logger.debug("got json response",e);const t=this.getVfpFromJson(e);if(!t)throw new a.default(c.ErrorCode.AUTH_INVALID_RESPONSE,`Received unknown payload: ${JSON.stringify(e)}`);return t}yield(0,u.handleHttpError)(i)}}})}getFlowControl(e){var t;return i(this,void 0,void 0,function*(){const r=yield(0,u.fetchAuth)(e,{}),i=null===(t=r.body)||void 0===t?void 0:t.getReader();let n="";if(i){const{value:e,done:t}=yield i.read();e&&(n+=(new TextDecoder).decode(e))}return l.default.deserialize(n)})}fetch(e,t){var r;const i=s.LoggerFactory.getLogger("http-client");if(i.info(`${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);var n="";this.addCookie(document.cookie);for(const[e,t]of Object.entries(this.cookies))n+=`${e}=${t}; `;let u;this.cookies.length>0&&(document.cookie=n),(null===(r=t.headers.Cookie)||void 0===r?void 0:r.length)>0&&(n+=t.headers.Cookie,document.cookie=n),e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(u=t.requestBody),i.debug("Headers:");for(let e in t.headers)i.debug(`${e}:${t.headers[e]}`);return i.debug(`Cookie:${document.cookie}`),u&&i.debug(`Request Body: ${u}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:t.headers,body:u}).then(e=>(i.debug("Response:\r\nStatus:"),i.debug(`${e.status} ${e.statusText}`),i.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),i.debug(`${t}:${e}`)}),this.addCookie(document.cookie),i.debug("Body:"),i.debug(e.body),e))}fetchTmt(e,t){const r=s.LoggerFactory.getLogger("http-client");if(r.info(`Fetch TMT ${t.command} ${e} ${e.protocol}`),"http:"===e.protocol)throw new a.default(c.ErrorCode.GENERIC_INVALID_STATE,`Web SDK cannot make http request [${e}]`);let i;e.searchParams.set("sdkVersion",o.VERSION_NAME),"POST"===t.command&&(i=t.requestBody);r.debug("Headers:");for(let e in t.headers)r.debug(`${e}:${t.headers[e]}`);return i&&r.debug(`Request Body: ${i}`),fetch(e.toString(),{method:t.command,mode:"cors",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}).then(e=>(r.debug("Response:\r\nStatus:"),r.debug(`${e.status} ${e.statusText}`),r.debug("Headers:"),e.headers.forEach((e,t)=>{"Set-Cookie"===t&&this.addCookie(e),r.debug(`${t}:${e}`)}),this.addCookie(document.cookie),r.debug("Body:"),r.debug(e.body),e))}addCookie(e){const t=e.split(";");for(const e of t){const t=e.split("=");if(t.length>1){const e=t[0].trim(),r=t[1].trim();this.cookies[e]=r}}}getVfpFromJson(e){const t=e.vfp;if(t)return t;const r=e.token,i=e.correlation_id;if(r)return i?i+"..."+r:r;const n=e.reconcilation_token;return n?i?i+"..."+n:n:void 0}}t.default=d},8525:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,...t){super(...t),this.errorCode=e,Error.captureStackTrace&&Error.captureStackTrace(this,r),this.name="AuthLocalError",this.errorCode=e}}t.default=r},9031:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.USER_AGENT_VERSIONS=t.API_CONTRACT_VERSION=t.VERSION=void 0,t.VERSION="3.1.1",t.API_CONTRACT_VERSION="2.15.1",t.USER_AGENT_VERSIONS=`ProveAuth/${t.VERSION} Contract/${t.API_CONTRACT_VERSION} WEB/1`},9173:function(e,t,r){var i=this&&this.__awaiter||function(e,t,r,i){return new(r||(r=Promise))(function(n,s){function o(e){try{c(i.next(e))}catch(e){s(e)}}function a(e){try{c(i.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof r?t:new r(function(e){e(t)})).then(o,a)}c((i=i.apply(e,t||[])).next())})},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const s=r(2473),o=r(9031),a=n(r(9316)),c=r(7657),u=n(r(4473)),l=r(7844);class d{get namespace(){var e;return(null===(e=this.claims)||void 0===e?void 0:e.auth.ans)||this.settings.namespace}get backendOrigin(){var e;return this.backendOriginOverride||(null===(e=this.claims)||void 0===e?void 0:e.auth.endp)}get authId(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.id}get challenge(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.chlg}get next(){var e;return null===(e=this.claims)||void 0===e?void 0:e.auth.next}constructor(e,t,r){var i,n;this.channels=new Set,this.log=s.LoggerFactory.getLogger("auth-session"),this.platform=t,this.authToken=r,this.settings=e,r&&(this.claims=this.parseJwt(r),this.settings.namespace=this.claims.auth.ans,this.uvLevel=(null===(n=null===(i=this.claims.auth.subs.dev)||void 0===i?void 0:i.auths.pasv)||void 0===n?void 0:n.uvlvl)||c.UserVerificationLevel.Discouraged),this.requestSigner=t.createRequestSigner(this)}fetchFromBackend(e,t){const r="POST",n="application/json",s=JSON.stringify(t),c=e.split("?"),l=c[0],d=c.length>1?c[1]:"",h=new Headers({Accept:n,"Content-Type":n,"PA-Version":o.USER_AGENT_VERSIONS});return this.authToken&&h.set("Authorization","Bearer "+this.authToken),new Promise((t,o)=>{this.requestSigner.sign(r,l,d,n,s).then(n=>{n&&(h.set("PA-Sig-Version",n.version),h.set("PA-Challenge",n.challenge),h.set("PA-KID",n.keyId),h.set("PA-Signature",n.signature)),this.platform.fetch(this.backendOrigin+e,{mode:"cors",method:r,headers:h,body:s}).then(e=>i(this,void 0,void 0,function*(){if(!e.ok){const t=e.statusText?` - ${e.statusText}`:"",r=`Got ${e.status} HTTP error${t}`;throw new a.default(r,void 0,void 0,!1)}const t=yield e.text();if(!t)throw new a.default("Empty response from server");try{return JSON.parse(t)}catch(e){throw new a.default(`Failed to parse JSON response: ${e.message}`)}})).then(e=>{e.error&&e.error.code===u.default.ERROR_NO_DEVICE_FOUND&&(this.settings.reset(),this.platform.deviceAuth.reset()),this.lastData=e.data,t(e)}).catch(o)}).catch(o)})}static parseCloseEvent(e){var t=l.WebSocketCloseReasons.UNKNOWN_REASON;switch(e.code){case 1e3:t=l.WebSocketCloseReasons.NORMAL_CLOSURE;break;case 1001:t=l.WebSocketCloseReasons.GOING_AWAY;break;case 1002:t=l.WebSocketCloseReasons.PROTOCOL_ERROR;break;case 1003:t=l.WebSocketCloseReasons.UNSUPPORTED_DATA;break;case 1005:t=l.WebSocketCloseReasons.NO_STATUS_RECEIVED;break;case 1006:t=l.WebSocketCloseReasons.ABNORMAL_CLOSURE;break;case 1007:t=l.WebSocketCloseReasons.INVALID_FRAME_PAYLOAD_DATA;break;case 1008:t=l.WebSocketCloseReasons.POLICY_VIOLATION;break;case 1009:t=l.WebSocketCloseReasons.MESSAGE_TOO_BIG;break;case 1010:t=l.WebSocketCloseReasons.MANDATORY_EXTENSION;break;case 1011:t=l.WebSocketCloseReasons.INTERNAL_ERROR;break;case 1015:t=l.WebSocketCloseReasons.TLS_HANDSHAKE}return[t,e.code]}createMessageChannel(e,t,r,i){if(!this.authToken)throw new Error("Authentication token is not initialized, cannot create MessageChannel");const n=this.backendOrigin.replace(/^http/,"ws"),s=this.platform.createMessageChannel(n+e);var o=!0;const a=setInterval(()=>{o?(this.log.trace("Sending ping message"),o=!1,s.send("ping")):(this.log.warn("Failed to receive ping response in time, closing the channel"),clearInterval(a),s.close(),r("Channel communication stalled"),this.channels.delete(s))},3e4);return s.addEventListener("close",e=>{var r=e.code?`with status code: ${e.code}`:"without status code";this.log.debug(`Message channel is closed ${r}`),clearInterval(a),this.channels.delete(s);const[i,n]=d.parseCloseEvent(e);t(i,n)}),s.addEventListener("error",e=>{this.log.debug("Message channel encountered an error",e)}),s.addEventListener("message",e=>{if(this.log.trace("Message channel received a message"),this.log.trace(e),"origin"in e&&e.origin!==n)r("Unexpected origin");else{const t=e.data;t&&"string"==typeof t?"pong"===t?o=!0:i(t):i(e.toString())}}),this.channels.add(s),s}closeAllMessageChannels(){this.log.trace("Closing all message channels, total "+this.channels.size+" registered channels");const e=new Set(this.channels);e.forEach(e=>e.close()),e.clear(),this.channels.clear()}getDeviceRegistration(){return new Promise((e,t)=>{this.platform.deviceAuth.getRegistration(this.namespace).then(t=>{t&&(this.backendOriginOverride?this.log.debug("Not overriding backend URL since it has been already set"):(this.backendOriginOverride=t.endpoint,this.log.debug("backend URL overridden with "+this.backendOriginOverride))),e(t)}).catch(t)})}embedFpResultToDeviceRegistration(e){return new Promise(t=>{this.getDeviceContextData().then(r=>{r&&e.setFpSignal(r),t(e)}).catch(t=>{const r=`Unexpected error happened during Device Context data collection: ${a.default.extractMessage(t)}`;this.log.warn(t),e.setFpSignal({error:r})})})}getCurrentTimestampInSeconds(){const e=Date.now();return Math.floor(e/1e3)}markNewFptts(e){this.settings.fingerPrintTimestamp=e||this.getCurrentTimestampInSeconds()}resetFptts(){this.settings.fingerPrintTimestamp=null}getDeviceContextData(){return new Promise(e=>{if(!this.shouldCollectFP())return this.log.trace("DeviceContext is not enabled in the AuthToken"),void e(void 0);this.platform.getDataCollector().then(t=>{if(!t){const t="Found null instance of data collector, check if your input API key is valid and prove-auth-device-context integration module is properly initialized";return this.log.warn(t),void e({error:t})}if(!this.shouldRefreshFpSignal(this.getCurrentTimestampInSeconds()))return this.log.trace("Existing Device Context signal has not yet expired, skipping new collection"),void e(void 0);this.log.trace("Collect new Device Context data"),t.getCollectedData().then(t=>{if(!t){const t="Data collector returned no result data";return this.log.warn(t),void e({error:t})}e({results:t})}).catch(t=>{const r=`Error in collecting Device Context data: ${a.default.extractMessage(t)}`;this.log.warn(t),e({error:r})})})})}shouldCollectFP(){var e,t,r;return null===(r=null===(t=null===(e=this.claims)||void 0===e?void 0:e.auth.subs.dev)||void 0===t?void 0:t.sgnls)||void 0===r?void 0:r.fpt}shouldRefreshFpSignal(e){var t,r,i,n;if(!this.settings.deviceId||!this.settings.fingerPrintTimestamp)return this.resetFptts(),!0;const s=null!==(n=null===(i=null===(r=null===(t=this.claims)||void 0===t?void 0:t.auth.subs.dev)||void 0===r?void 0:r.sgnls)||void 0===i?void 0:i.fptrr)&&void 0!==n?n:0;return this.log.debug(`Device Context refresh rate: ${s}`),e-this.settings.fingerPrintTimestamp>=s}parseJwt(e){return JSON.parse(atob(e.split(".")[1]))}}t.default=d},9205:function(e,t,r){var i=this&&this.__createBinding||(Object.create?function(e,t,r,i){void 0===i&&(i=r);var n=Object.getOwnPropertyDescriptor(t,r);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,i,n)}:function(e,t,r,i){void 0===i&&(i=r),e[i]=t[r]}),n=this&&this.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),s=this&&this.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var r in e)"default"!==r&&Object.prototype.hasOwnProperty.call(e,r)&&i(t,e,r);return n(t,e),t},o=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const a=o(r(2561)),c=o(r(8367)),u=o(r(931)),l=o(r(5683)),d=o(r(5667)),h=o(r(2486)),f=s(r(4963));function p(e){return"function"==typeof e?{execute:t=>e(t)}:e}t.default=class{constructor(e){this._deviceIpDetection=!1,this._timeout=0,this._config=e||new a.default}withStartStep(e){return this._startStep=p(e),this}withIpDiscoveryUrl(e){return this._ipDiscoveryUrl=e,this}withFinishStep(e){return this._finishStep=p(e),this}withPixelImplementation(){return this._authStep=void 0,this}withFetchImplementation(){return this._authStep=new u.default,this}withPassiveImplementation(){return this._authStep=new h.default,this}withDeviceIpDetection(e=!0){return this._deviceIpDetection=e,this}withTimeout(e){return this._timeout=e,this}build(){let e=this._authStep;const t=this._startStep;let r=this._finishStep;e||(e=new f.default,r=new f.PixelFinishStep);const i=this._deviceIpDetection?new l.default(this._ipDiscoveryUrl):new d.default;if(!t)throw new Error("Start step is required");if(!r)throw new Error("Finish step is required");return new c.default(i,t,e,r,this._timeout)}}},9306:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.PhoneValidationError=void 0;const n=i(r(9316));class s extends n.default{constructor(e,t){super(e,t)}}t.PhoneValidationError=s},9316:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});class r extends Error{constructor(e,t,r,i){super(e),this.code=t,this.nextStep=r,this.reportable=void 0===i||i}static extractMessage(e){let t="";if(e){const r="message";e[r]?t=e[r]:(t=e.toString(),t.startsWith("[object ")&&(t=JSON.stringify(e)))}return t}}t.default=r},9438:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(9316)),s=r(2473),o=r(2958),a=i(r(4473)),c=i(r(8182));class u{executeStartStep(e){return new Promise((t,r)=>{const i=this.getDeviceIp();e.fetchFromBackend("/v1/client/mobile/instant/start",{cellularIp:i,implementation:this.implementation}).then(e=>{if(e.error)r(new n.default(e.error.message,e.error.code,e.next,!1));else{const i=e.data;(null==i?void 0:i.redirectUrl)?t(i.redirectUrl):r(new n.default("No redirect URL found in start response",void 0,e.next,!0))}}).catch(r)})}executeFinishStep(e,t){return new Promise((r,i)=>{e.fetchFromBackend("/v1/client/mobile/instant/finish",{vfp:t}).then(e=>{e.error?i(new n.default(e.error.message,e.error.code,e.next,!1)):r(e.next)}).catch(i)})}constructor(e,t){this.name=u.NAME,this.log=s.LoggerFactory.getLogger("mobile-instant-step"),this.implementation=e,this.getDeviceIp=null!=t?t:()=>null}execute(e){return new Promise((t,r)=>{let i=e.platform.getMobileAuthBuilder();switch(this.implementation){case o.MobileAuthImplementation.Pixel:i=i.withPixelImplementation();break;case o.MobileAuthImplementation.Fetch:i=i.withFetchImplementation()}i=i.withStartStep(()=>Promise.reject(new n.default("StartStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow"))).withFinishStep(()=>Promise.reject(new n.default("FinishStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")));const s=i.build(),u=new c.default(this.getDeviceIp());this.executeStartStep(e).then(i=>{s.authenticateWithRedirect(u,i).then(i=>{this.executeFinishStep(e,i).then(t).catch(r)}).catch(e=>{var t;const i=null!==(t=n.default.extractMessage(e))&&void 0!==t?t:"Mobile Auth Midlle Step failed at authenticateWithRedirect";r(new n.default(i,a.default.ERROR_AUTHENTICATION_CLIENT_FAILURE))})}).catch(r)})}}u.NAME="mobile/instant",t.default=u},9549:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.FidoOptionsError=void 0;class r extends Error{constructor({message:e,cause:t,name:r}){super(e,{cause:t}),this.name=null!=r?r:t.name}static identifyAuthenticationError({error:e,options:t,platform:i}){const{publicKey:n}=t;if(!n)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:r.ABORT_SIGNAL,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return n.rpId!==t?new r({message:`${r.INVALID_RP_ID}: ${n.rpId}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}static identifyRegistrationError({error:e,options:t,platform:i}){var n,s,o;const{publicKey:a}=t;if(!a)return new r({message:r.MISSING_PUBLIC_KEY_PROPERTY,cause:new Error(r.MISSING_PUBLIC_KEY_PROPERTY)});if("InvalidStateError"===e.name)return new r({message:r.INVALID_STATE_ERROR,cause:e});if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new r({message:this.ABORT_SIGNAL,cause:e})}else if("ConstraintError"===e.name){if(!0===(null===(n=a.authenticatorSelection)||void 0===n?void 0:n.requireResidentKey))return new r({message:this.CONSTRAINT_ERROR,cause:e});if("conditional"===t.mediation&&"required"===(null===(s=a.authenticatorSelection)||void 0===s?void 0:s.userVerification))return new r({message:this.USER_VERIFICATION_NOT_POSSILE,cause:e});if("required"===(null===(o=a.authenticatorSelection)||void 0===o?void 0:o.userVerification))return new r({message:this.NO_MATCHING_AUTHENTICATOR,cause:e})}else{if("NotAllowedError"===e.name)return new r({message:e.message,cause:e});if("NotSupportedError"===e.name)return 0===a.pubKeyCredParams.filter(e=>"public-key"===e.type).length?new r({message:this.INVALID_CRED_PARAMS,cause:e}):new r({message:r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO,cause:e});if("SecurityError"===e.name){const t=i.getOrigin();return a.rp.id!==t?new r({message:`${r.INVALID_RP_ID}: ${a.rp.id}`,cause:e}):new r({message:`${r.SECURITY_ERROR_FOUND}: ${e.message}`,cause:e})}if("TypeError"===e.name){if(a.user.id.byteLength<1||a.user.id.byteLength>64)return new r({message:r.INVALID_USER_ID_LENGTH,cause:e})}else if("UnknownError"===e.name)return new r({message:r.UNKNOWN_ERROR,cause:e})}return e}}t.FidoOptionsError=r,r.MISSING_PUBLIC_KEY_PROPERTY="options missing publicKey property",r.ABORT_SIGNAL="Authentication was sent an abort signal",r.INVALID_STATE_ERROR="The authenticator was already registered",r.UNKNOWN_ERROR="Unknown error: the authenticator was unable to process the predefined options, or unable to generate a new credential",r.SECURITY_ERROR_FOUND="Security error found",r.INVALID_RP_ID="The rp.id is not valid for the current domain",r.CONSTRAINT_ERROR="Discoverable credentials is required but found no matching supported authenticator",r.USER_VERIFICATION_NOT_POSSILE="User verification is required during automatic registration but this could not be performed",r.NO_MATCHING_AUTHENTICATOR="User verification is required but found no matching supported authenticator",r.INVALID_CRED_PARAMS="No entry in pubKeyCredParams having the type of public-key",r.NO_MATCHING_AUTHENTICATOR_FOR_PARAMS_ALGO="No available authenticator supported any of the specified pubKeyCredParams algorithms",r.INVALID_USER_ID_LENGTH="User ID has invalid length"},9648:function(e,t,r){var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0});const n=i(r(1554)),s=r(2473),o=i(r(9316)),a=i(r(4473)),c=i(r(7900));class u{constructor(){this.log=s.LoggerFactory.getLogger("device-passive-register-step"),this.name=u.NAME}execute(e){return new Promise((t,r)=>{u.hasAssertionResponse(e)?c.default.runFidoVerify(this.log,e).then(t).catch(r):e.getDeviceRegistration().then(i=>{i?this.finishRegistration(e,[this.getFido2Registration(e)]).then(t).catch(r):e.platform.deviceAuth.createRegistration({namespace:e.namespace,endpoint:e.backendOrigin}).then(i=>{i.getAuthRegistration(e.challenge).then(t=>this.finishRegistration(e,[this.getFido2Registration(e),t])).then(n=>{i.deviceId=e.settings.deviceId,e.platform.deviceAuth.storeRegistration(i).then(()=>t(n)).catch(r)}).catch(r)}).catch(r)}).catch(r)})}static hasAssertionResponse(e){const t=e.credential.response;return t&&"authenticatorData"in t&&"signature"in t}finishRegistration(e,t){return new Promise((r,i)=>{e.fetchFromBackend("/v1/client/device/fido2/register/finish",{deviceName:e.platform.getPlatformName(),deviceCapabilities:e.platform.getDeviceCapabilities(),registrations:t}).then(t=>{if(t.error)i(new o.default(t.error.message,t.error.code,t.next,!1));else{const n=t.data;n?(n.deviceId&&(e.settings.deviceId=n.deviceId,e.settings.fidoPasskeyRegistered=!0),n.scanMessage&&(e.authMessage=n.scanMessage),r(t.next)):i(new o.default("Failed to register device, returned deviceId is null or empty",a.default.ERROR_AUTHENTICATION_FAILURE,t.next,!1))}}).catch(i)})}getFido2Registration(e){const t=e.credential,r=t.response;return{webAuthnCredential:{type:null==t?void 0:t.type,id:null==t?void 0:t.id,rawId:n.default.bufferEncode(null==t?void 0:t.rawId),response:{attestationObject:n.default.bufferEncode(r.attestationObject),clientDataJSON:n.default.bufferEncode(r.clientDataJSON)}}}}}u.NAME="device/passive/register",t.default=u},9726:(e,t)=>{var r;Object.defineProperty(t,"__esModule",{value:!0}),t.AuthResponseStatus=void 0,function(e){e.Accept="accept",e.Reject="reject",e.Cancel="cancel",e.Unexpected="unexpected",e.Timeout="timeout",e.Unknown="unknown"}(r||(t.AuthResponseStatus=r={}))},9922:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.DEVICE_CAPABILITY_WEBAUTHN=void 0,t.stringToArrayBuffer=function(e){const t=(new TextEncoder).encode(e);return t.buffer.slice(t.byteOffset,t.byteOffset+t.byteLength)},t.arrayBufferToString=function(e){return String.fromCharCode.apply(null,Array.from(new Uint8Array(e)))},t.arrayBufferToHexString=function(e){return Array.from(new Uint8Array(e),e=>("00"+e.toString(16)).slice(-2)).join("")},t.getUnixTime=function(){return Math.floor(Date.now()/1e3)},t.DEVICE_CAPABILITY_WEBAUTHN="webauthn"}},t={};return function r(i){var n=t[i];if(void 0!==n)return n.exports;var s=t[i]={exports:{}};return e[i].call(s.exports,s,s.exports,r),s.exports}(8156)})());

package/build/lib/index.d.ts

@@ -14,6 +14,6 @@ import { InstantLinkStartInput, InstantLinkStartStep, InstantLinkStartStepFn, In
 import UserConsentStep, { UserConsentOutput, UserConsentStepFn } from './proveauth/user-consent-step';
 import { PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, PpbOperation } from './proveauth/ppb';
 import { DocVStartStep, DocVStartStepFn, DocVFinishStep, DocVFinishStepFn } from './proveauth/docv';
-import { AuthIDIntegration, AuthIDOptions, AuthIDResult, DataCollector, FingerprintJSIntegration } from './proveauth/internal/external-integrations';
+import { PpbIntegration, PpbOptions, PpbResult, DataCollector, DeviceContextIntegration } from './proveauth/internal/external-integrations';
 import DeviceContextOptions from './proveauth/device-context-options';
-export { VERSION, AuthFinishStep, AuthFinishStepFn, AuthFinishStepInput, Authenticator, AuthenticatorBuilder, AuthIDIntegration, AuthIDOptions, AuthIDResult, FingerprintJSIntegration, AuthMessage, AuthMessageHandler, AuthResponseStatus, CancelablePromise, DataCollector, DeviceRole, InstantLinkStartStep, InstantLinkStartInput, InstantLinkStartStepFn, Logger, LoggerFactory, LogLevel, LogWriter, MobileAuthImplementation, OtpFinishStep, OtpFinishInput, OtpFinishResult, OtpFinishStepFn, OtpFinishResultType, OtpStartStep, OtpStartInput, OtpStartStepFn, OtpError, PasskeyAlreadyExistCallback, PhoneValidationError, BuildConfig, DeviceContextOptions, UserConsentStep, UserConsentStepFn, UserConsentOutput, InstantLinkRetryStep, InstantLinkRetryStepFn, InstantLinkResultType, PpbOperation, PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, DocVStartStep, DocVStartStepFn, DocVFinishStep, DocVFinishStepFn, };
+export { VERSION, AuthFinishStep, AuthFinishStepFn, AuthFinishStepInput, Authenticator, AuthenticatorBuilder, PpbIntegration, PpbOptions, PpbResult, DeviceContextIntegration, AuthMessage, AuthMessageHandler, AuthResponseStatus, CancelablePromise, DataCollector, DeviceRole, InstantLinkStartStep, InstantLinkStartInput, InstantLinkStartStepFn, Logger, LoggerFactory, LogLevel, LogWriter, MobileAuthImplementation, OtpFinishStep, OtpFinishInput, OtpFinishResult, OtpFinishStepFn, OtpFinishResultType, OtpStartStep, OtpStartInput, OtpStartStepFn, OtpError, PasskeyAlreadyExistCallback, PhoneValidationError, BuildConfig, DeviceContextOptions, UserConsentStep, UserConsentStepFn, UserConsentOutput, InstantLinkRetryStep, InstantLinkRetryStepFn, InstantLinkResultType, PpbOperation, PpbStartStep, PpbStartStepFn, PpbFinishStep, PpbFinishStepFn, DocVStartStep, DocVStartStepFn, DocVFinishStep, DocVFinishStepFn, };

package/build/lib/index.js

@@ -36,7 +36,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InstantLinkResultType = exports.BuildConfig = exports.PhoneValidationError = exports.OtpError = exports.OtpFinishResultType = exports.MobileAuthImplementation = exports.LogLevel = exports.LoggerFactory = exports.DeviceRole = exports.CancelablePromise = exports.AuthResponseStatus = exports.FingerprintJSIntegration = exports.AuthIDIntegration = exports.AuthenticatorBuilder = exports.VERSION = void 0;
+exports.InstantLinkResultType = exports.BuildConfig = exports.PhoneValidationError = exports.OtpError = exports.OtpFinishResultType = exports.MobileAuthImplementation = exports.LogLevel = exports.LoggerFactory = exports.DeviceRole = exports.CancelablePromise = exports.AuthResponseStatus = exports.DeviceContextIntegration = exports.PpbIntegration = exports.AuthenticatorBuilder = exports.VERSION = void 0;
 const version_1 = require("./proveauth/version");
 Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return version_1.VERSION; } });
 const authenticator_builder_1 = __importStar(require("./proveauth/authenticator-builder"));
@@ -61,5 +61,5 @@ Object.defineProperty(exports, "OtpFinishResultType", { enumerable: true, get: f
 const instantlink_1 = require("./proveauth/instantlink");
 Object.defineProperty(exports, "InstantLinkResultType", { enumerable: true, get: function () { return instantlink_1.InstantLinkResultType; } });
 const external_integrations_1 = require("./proveauth/internal/external-integrations");
-Object.defineProperty(exports, "AuthIDIntegration", { enumerable: true, get: function () { return external_integrations_1.AuthIDIntegration; } });
-Object.defineProperty(exports, "FingerprintJSIntegration", { enumerable: true, get: function () { return external_integrations_1.FingerprintJSIntegration; } });
+Object.defineProperty(exports, "PpbIntegration", { enumerable: true, get: function () { return external_integrations_1.PpbIntegration; } });
+Object.defineProperty(exports, "DeviceContextIntegration", { enumerable: true, get: function () { return external_integrations_1.DeviceContextIntegration; } });

package/build/lib/proveauth/authenticator-builder.js

@@ -173,7 +173,7 @@ class AuthenticatorBuilder {
         const settings = new settings_1.default(this.storage);
         settings.upkEnabled = this.upkEnabled;
         if (this.deviceContextOptions) {
-            this.platform.initFingerprintJS(this.deviceContextOptions);
+            this.platform.initDeviceContext(this.deviceContextOptions);
         }
         const steps = this.getAuthSteps(this.role);
         return new main_authenticator_1.default(this.platform, settings, this.authFinishStep, steps);

package/build/lib/proveauth/internal/auth-session.d.ts

@@ -35,7 +35,7 @@ export default class AuthSession implements AuthSessionIntegration {
     private getCurrentTimestampInSeconds;
     markNewFptts(ts?: number): void;
     resetFptts(): void;
-    getFingerprintData(): Promise<Signal | undefined>;
+    getDeviceContextData(): Promise<Signal | undefined>;
     shouldCollectFP(): boolean;
     shouldRefreshFpSignal(currentTimestamp: number): boolean;
     private parseJwt;

package/build/lib/proveauth/internal/auth-session.js

@@ -245,7 +245,7 @@ class AuthSession {
     }
     embedFpResultToDeviceRegistration(registration) {
         return new Promise((resolve) => {
-            this.getFingerprintData()
+            this.getDeviceContextData()
                 .then((result) => {
                 if (result) {
                     registration.setFpSignal(result);
@@ -253,7 +253,7 @@ class AuthSession {
                 resolve(registration);
             })
                 .catch((error) => {
-                const errorMsg = `Unexpected error happened during Fingerprint data collection: ${auth_error_1.default.extractMessage(error)}`;
+                const errorMsg = `Unexpected error happened during Device Context data collection: ${auth_error_1.default.extractMessage(error)}`;
                 this.log.warn(error);
                 registration.setFpSignal({ error: errorMsg });
             });
@@ -270,32 +270,32 @@ class AuthSession {
     resetFptts() {
         this.settings.fingerPrintTimestamp = null;
     }
-    getFingerprintData() {
+    getDeviceContextData() {
         return new Promise((resolve) => {
             if (!this.shouldCollectFP()) {
-                this.log.trace('FingerprintJS is not enabled in the AuthToken');
+                this.log.trace('DeviceContext is not enabled in the AuthToken');
                 resolve(undefined);
                 return;
             }
             this.platform.getDataCollector().then((collector) => {
                 if (!collector) {
-                    const msg = 'Found null instance of FingerprintJS, check if your input API key is valid ' +
-                        'and FingerprintJS integration module is properly initialized';
+                    const msg = 'Found null instance of data collector, check if your input API key is valid ' +
+                        'and prove-auth-device-context integration module is properly initialized';
                     this.log.warn(msg);
                     resolve({ error: msg });
                     return;
                 }
                 if (!this.shouldRefreshFpSignal(this.getCurrentTimestampInSeconds())) {
-                    this.log.trace('Existing FingerprintJS signal has not yet expired, skipping new collection');
+                    this.log.trace('Existing Device Context signal has not yet expired, skipping new collection');
                     resolve(undefined);
                     return;
                 }
-                this.log.trace('Collect new FingerprintJS data');
+                this.log.trace('Collect new Device Context data');
                 collector
                     .getCollectedData()
                     .then((data) => {
                     if (!data) {
-                        const msg = 'FingerprintJS returned no result data';
+                        const msg = 'Data collector returned no result data';
                         this.log.warn(msg);
                         resolve({ error: msg });
                         return;
@@ -304,7 +304,7 @@ class AuthSession {
                     return;
                 })
                     .catch((error) => {
-                    const msg = `Error in collecting FingerprintJS data: ${auth_error_1.default.extractMessage(error)}`;
+                    const msg = `Error in collecting Device Context data: ${auth_error_1.default.extractMessage(error)}`;
                     this.log.warn(error);
                     resolve({ error: msg });
                 });
@@ -322,7 +322,7 @@ class AuthSession {
             return true;
         }
         const refreshRate = (_d = (_c = (_b = (_a = this.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.dev) === null || _b === void 0 ? void 0 : _b.sgnls) === null || _c === void 0 ? void 0 : _c.fptrr) !== null && _d !== void 0 ? _d : 0;
-        this.log.debug(`Fingerprint refresh rate: ${refreshRate}`);
+        this.log.debug(`Device Context refresh rate: ${refreshRate}`);
         const interval = currentTimestamp - this.settings.fingerPrintTimestamp;
         return interval >= refreshRate;
     }

package/build/lib/proveauth/internal/device-passive-step.js

@@ -222,7 +222,7 @@ class DevicePassiveStep extends DevicePassiveActions {
         }
         return new Promise((resolve, reject) => {
             session
-                .getFingerprintData()
+                .getDeviceContextData()
                 .then((signal) => {
                 const signals = {
                     fingerprint: signal,
@@ -230,7 +230,7 @@ class DevicePassiveStep extends DevicePassiveActions {
                 this.register(session, signals).then(resolve).catch(reject);
             })
                 .catch((error) => {
-                const errorMsg = `Unexpected error happened during Fingerprint data collection: ${error.message}`;
+                const errorMsg = `Unexpected error happened during Device Context data collection: ${error.message}`;
                 this.log.warn(errorMsg);
                 this.log.warn(error);
                 const signals = {

package/build/lib/proveauth/internal/external-integrations.d.ts

@@ -7,27 +7,27 @@ export declare abstract class ExternalIntegration {
     protected static getInstance(name: string): ExternalIntegration;
     protected static activate(instance: ExternalIntegration): void;
 }
-export interface AuthIDResult {
+export interface PpbResult {
     authIdSuccess?: boolean;
 }
-export interface AuthIDOptions {
+export interface PpbOptions {
     endpointUrl?: string;
     ppbOperation?: string;
     operationId?: string;
     oneTimeSecret?: string;
 }
-export declare abstract class AuthIDIntegration extends ExternalIntegration {
-    static readonly NAME = "AuthID";
-    static get instance(): AuthIDIntegration;
+export declare abstract class PpbIntegration extends ExternalIntegration {
+    static readonly NAME = "PPB";
+    static get instance(): PpbIntegration;
     constructor();
-    abstract activateWebComponent(options: AuthIDOptions): Promise<AuthIDResult>;
+    abstract activateWebComponent(options: PpbOptions): Promise<PpbResult>;
 }
 export interface DataCollector {
     getCollectedData(): Promise<string | undefined>;
 }
-export declare abstract class FingerprintJSIntegration extends ExternalIntegration {
-    static readonly NAME = "FingerprintJS";
-    static get instance(): FingerprintJSIntegration;
+export declare abstract class DeviceContextIntegration extends ExternalIntegration {
+    static readonly NAME = "DeviceContext";
+    static get instance(): DeviceContextIntegration;
     constructor();
     abstract init(options: DeviceContextOptions): void;
     abstract getDataCollector(): Promise<DataCollector | undefined>;

package/build/lib/proveauth/internal/external-integrations.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FingerprintJSIntegration = exports.AuthIDIntegration = exports.ExternalIntegration = void 0;
+exports.DeviceContextIntegration = exports.PpbIntegration = exports.ExternalIntegration = void 0;
 const logger_1 = require("../common/logger");
 class ExternalIntegration {
     constructor(name) {
@@ -27,23 +27,23 @@ class ExternalIntegration {
 exports.ExternalIntegration = ExternalIntegration;
 ExternalIntegration.log = logger_1.LoggerFactory.getLogger('external-integrations');
 ExternalIntegration.instances = new Map();
-class AuthIDIntegration extends ExternalIntegration {
+class PpbIntegration extends ExternalIntegration {
     static get instance() {
-        return ExternalIntegration.getInstance(AuthIDIntegration.NAME);
+        return ExternalIntegration.getInstance(PpbIntegration.NAME);
     }
     constructor() {
-        super(AuthIDIntegration.NAME);
+        super(PpbIntegration.NAME);
     }
 }
-exports.AuthIDIntegration = AuthIDIntegration;
-AuthIDIntegration.NAME = 'AuthID';
-class FingerprintJSIntegration extends ExternalIntegration {
+exports.PpbIntegration = PpbIntegration;
+PpbIntegration.NAME = 'PPB';
+class DeviceContextIntegration extends ExternalIntegration {
     static get instance() {
-        return ExternalIntegration.getInstance(FingerprintJSIntegration.NAME);
+        return ExternalIntegration.getInstance(DeviceContextIntegration.NAME);
     }
     constructor() {
-        super(FingerprintJSIntegration.NAME);
+        super(DeviceContextIntegration.NAME);
     }
 }
-exports.FingerprintJSIntegration = FingerprintJSIntegration;
-FingerprintJSIntegration.NAME = 'FingerprintJS';
+exports.DeviceContextIntegration = DeviceContextIntegration;
+DeviceContextIntegration.NAME = 'DeviceContext';

package/build/lib/proveauth/internal/mobile-instant-step.d.ts

@@ -7,9 +7,8 @@ export default class MobileInstantStep implements AuthStep {
     protected log: import("../common/logger").Logger;
     private readonly implementation;
     private readonly getDeviceIp;
-    private readonly deviceIpDetection;
-    private errorCodeBak?;
-    private nextBak?;
+    private executeStartStep;
+    private executeFinishStep;
     constructor(implementation: MobileAuthImplementation, getDeviceIp?: () => string | null);
     execute(session: AuthSession): Promise<string>;
 }

package/build/lib/proveauth/internal/mobile-instant-step.js

@@ -7,92 +7,86 @@ const auth_error_1 = __importDefault(require("./auth-error"));
 const logger_1 = require("../common/logger");
 const authenticator_builder_1 = require("../authenticator-builder");
 const error_code_1 = __importDefault(require("./error-code"));
+const device_descriptor_1 = __importDefault(require("@prove-identity/mobile-auth/build/lib/mobileauth/process/device-descriptor"));
 class MobileInstantStep {
+    executeStartStep(session) {
+        return new Promise((resolve, reject) => {
+            const ip = this.getDeviceIp();
+            session
+                .fetchFromBackend('/v1/client/mobile/instant/start', {
+                cellularIp: ip,
+                implementation: this.implementation,
+            })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
+                }
+                else {
+                    const data = response.data;
+                    if (data === null || data === void 0 ? void 0 : data.redirectUrl) {
+                        resolve(data.redirectUrl);
+                    }
+                    else {
+                        reject(new auth_error_1.default('No redirect URL found in start response', undefined, response.next, true));
+                    }
+                }
+            })
+                .catch(reject);
+        });
+    }
+    executeFinishStep(session, vfpValues) {
+        return new Promise((resolve, reject) => {
+            session
+                .fetchFromBackend('/v1/client/mobile/instant/finish', { vfp: vfpValues })
+                .then((response) => {
+                if (response.error) {
+                    reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
+                }
+                else {
+                    resolve(response.next);
+                }
+            })
+                .catch(reject);
+        });
+    }
     constructor(implementation, getDeviceIp) {
         this.name = MobileInstantStep.NAME;
         this.log = logger_1.LoggerFactory.getLogger('mobile-instant-step');
-        this.errorCodeBak = error_code_1.default.ERROR_AUTHENTICATION_CLIENT_FAILURE;
         this.implementation = implementation;
-        if (getDeviceIp) {
-            this.getDeviceIp = getDeviceIp;
-            this.deviceIpDetection = false;
-        }
-        else {
-            this.getDeviceIp = () => null;
-            this.deviceIpDetection = true;
-        }
+        this.getDeviceIp = getDeviceIp !== null && getDeviceIp !== void 0 ? getDeviceIp : (() => null);
     }
     execute(session) {
         return new Promise((resolve, reject) => {
-            let builder = session.platform
-                .getMobileAuthBuilder()
-                .withDeviceIpDetection(this.deviceIpDetection);
+            let builder = session.platform.getMobileAuthBuilder();
             switch (this.implementation) {
                 case authenticator_builder_1.MobileAuthImplementation.Pixel: {
                     builder = builder.withPixelImplementation();
                     break;
                 }
                 case authenticator_builder_1.MobileAuthImplementation.Fetch: {
-                    builder = builder.withFetchImplementation().withFinishStep((input) => {
-                        return new Promise((resolve, reject) => {
-                            session
-                                .fetchFromBackend('/v1/client/mobile/instant/finish', {
-                                vfp: input.vfp,
-                            })
-                                .then(resolve)
-                                .catch(reject);
-                        });
-                    });
+                    builder = builder.withFetchImplementation();
                     break;
                 }
             }
-            builder = builder.withStartStep((input) => {
-                return new Promise((resolve, reject) => {
-                    const ip = this.deviceIpDetection ? input.deviceDescriptor.ip : this.getDeviceIp();
-                    session
-                        .fetchFromBackend('/v1/client/mobile/instant/start', {
-                        cellularIp: ip,
-                        implementation: this.implementation,
-                    })
-                        .then((response) => {
-                        if (response.error) {
-                            this.nextBak = response.next;
-                            this.errorCodeBak = response.error.code;
-                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                        }
-                        else {
-                            const data = response.data;
-                            resolve({
-                                authUrl: data ? data.redirectUrl : undefined,
-                            });
-                        }
-                    })
-                        .catch(reject);
-                });
-            });
+            builder = builder
+                .withStartStep(() => Promise.reject(new auth_error_1.default("StartStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")))
+                .withFinishStep(() => Promise.reject(new auth_error_1.default("FinishStep shouldn't be executed in MobileAuth SDK layer for non-orchestrated flow")));
             const authenticator = builder.build();
-            authenticator
-                .authenticate()
-                .then((response) => {
-                if (response) {
-                    const authResponse = response;
-                    if (authResponse.error) {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                    }
-                    resolve(authResponse.next);
-                }
-                else {
-                    session
-                        .fetchFromBackend('/v1/client/mobile/instant/finish', {})
-                        .then((response) => resolve(response.next))
-                        .catch((error) => {
-                        reject(new auth_error_1.default(response.error.message, response.error.code, response.next, false));
-                    });
-                }
+            const deviceDescriptor = new device_descriptor_1.default(this.getDeviceIp());
+            this.executeStartStep(session)
+                .then((authUrl) => {
+                authenticator
+                    .authenticateWithRedirect(deviceDescriptor, authUrl)
+                    .then((vfp) => {
+                    this.executeFinishStep(session, vfp).then(resolve).catch(reject);
+                })
+                    .catch((error) => {
+                    var _a;
+                    const message = (_a = auth_error_1.default.extractMessage(error)) !== null && _a !== void 0 ? _a : 'Mobile Auth Midlle Step failed at authenticateWithRedirect';
+                    reject(new auth_error_1.default(message, error_code_1.default.ERROR_AUTHENTICATION_CLIENT_FAILURE));
+                });
             })
-                .catch((error) => {
-                reject(new auth_error_1.default(error, this.errorCodeBak, this.nextBak, false));
-            });
+                .catch(reject);
         });
     }
 }

package/build/lib/proveauth/internal/platform.d.ts

@@ -3,7 +3,7 @@ import { AuthRequest } from './auth-request';
 import AuthResponse from './auth-response';
 import DeviceAuth, { DeviceRegistration } from './device-auth';
 import DeviceContextOptions from '../device-context-options';
-import { AuthIDOptions, AuthIDResult, DataCollector as DataCollector } from './external-integrations';
+import { PpbOptions, PpbResult, DataCollector } from './external-integrations';
 export declare const DEVICE_CAPABILITY_WEBAUTHN = "webauthn";
 export interface MessageChannel {
     addEventListener: (type: string, listener: (event: any) => void) => void;
@@ -47,8 +47,8 @@ export default interface Platform {
     exit: (code?: number) => void;
     urlRedirect: (url: string) => void;
     getOrigin: () => string;
-    activateAuthID: (options: AuthIDOptions) => Promise<AuthIDResult>;
-    initFingerprintJS: (options: DeviceContextOptions) => void;
+    activatePpb: (options: PpbOptions) => Promise<PpbResult>;
+    initDeviceContext: (options: DeviceContextOptions) => void;
     getDataCollector: () => Promise<DataCollector | undefined>;
 }
 export declare function stringToArrayBuffer(input: string): ArrayBuffer;

package/build/lib/proveauth/internal/user-docv-steps.js

@@ -65,16 +65,15 @@ class UserDocVerifyStep {
             callStart()
                 .then((startResult) => {
                 var _a, _b, _c;
-                this.log.debug('Activating AuthID web component');
+                this.log.debug('Activating PPB web component');
                 session.platform
-                    .activateAuthID({
+                    .activatePpb({
                     endpointUrl: (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.usr) === null || _b === void 0 ? void 0 : _b.auths.docv) === null || _c === void 0 ? void 0 : _c.endp,
-                    ppbOperation: 'enroll',
                     operationId: startResult.operationId,
                     oneTimeSecret: startResult.oneTimeSecret,
                 })
                     .catch((e) => {
-                    this.log.error('AuthID web component failed:', e);
+                    this.log.error('PPB web component failed:', e);
                     callFinish(e).then(() => reject(e));
                 })
                     .then((result) => {

package/build/lib/proveauth/internal/user-ppb-steps.js

@@ -55,7 +55,7 @@ class UserPpbBaseStep {
                 .then(() => {
                 var _a, _b, _c, _d, _e;
                 this.log.debug('Activating AuthID web component');
-                return session.platform.activateAuthID({
+                return session.platform.activatePpb({
                     ppbOperation: this.operation,
                     endpointUrl: (_c = (_b = (_a = session.claims) === null || _a === void 0 ? void 0 : _a.auth.subs.usr) === null || _b === void 0 ? void 0 : _b.auths.ppb) === null || _c === void 0 ? void 0 : _c.endp,
                     operationId: (_d = data.ppb) === null || _d === void 0 ? void 0 : _d.operationId,

package/build/lib/proveauth/internal/web-platform.d.ts

@@ -1,7 +1,7 @@
 import { AuthenticatorBuilder } from '@prove-identity/mobile-auth';
 import Platform, { AuthSessionIntegration, MessageChannel, RequestSigner } from './platform';
 import WebDeviceAuth from './web-device-auth';
-import { AuthIDOptions, AuthIDResult, DataCollector } from './external-integrations';
+import { PpbOptions, PpbResult, DataCollector } from './external-integrations';
 import DeviceContextOptions from '../device-context-options';
 export declare class WebSocketMessageChannel implements MessageChannel {
     private readonly webSocket;
@@ -23,8 +23,8 @@ export declare class WebPlatform implements Platform {
     fetch(input: string, init?: RequestInit): Promise<Response>;
     createMessageChannel(input: string): MessageChannel;
     createRequestSigner(session: AuthSessionIntegration): RequestSigner;
-    activateAuthID(options: AuthIDOptions): Promise<AuthIDResult>;
-    initFingerprintJS(options: DeviceContextOptions): void;
+    activatePpb(options: PpbOptions): Promise<PpbResult>;
+    initDeviceContext(options: DeviceContextOptions): void;
     getDataCollector(): Promise<DataCollector | undefined>;
     private getBrowserName;
     private getBrowserVersion;

package/build/lib/proveauth/internal/web-platform.js

@@ -65,17 +65,23 @@ class WebPlatform {
     createRequestSigner(session) {
         return new request_signer_v3_1.default(session);
     }
-    activateAuthID(options) {
+    activatePpb(options) {
         return __awaiter(this, void 0, void 0, function* () {
-            return external_integrations_1.AuthIDIntegration.instance.activateWebComponent(options);
+            return external_integrations_1.PpbIntegration.instance.activateWebComponent(options);
         });
     }
-    initFingerprintJS(options) {
-        external_integrations_1.FingerprintJSIntegration.instance.init(options);
+    initDeviceContext(options) {
+        external_integrations_1.DeviceContextIntegration.instance.init(options);
     }
     getDataCollector() {
         return __awaiter(this, void 0, void 0, function* () {
-            return external_integrations_1.FingerprintJSIntegration.instance.getDataCollector();
+            try {
+                return yield external_integrations_1.DeviceContextIntegration.instance.getDataCollector();
+            }
+            catch (error) {
+                this.log.warn('Error accessing data collector', error);
+                return undefined;
+            }
         });
     }
     getBrowserName() {

package/build/lib/proveauth/version.d.ts

@@ -1,3 +1,3 @@
-export declare const VERSION = "3.0.3";
+export declare const VERSION = "3.1.1";
 export declare const API_CONTRACT_VERSION = "2.15.1";
-export declare const USER_AGENT_VERSIONS = "ProveAuth/3.0.3 Contract/2.15.1 WEB/1";
+export declare const USER_AGENT_VERSIONS = "ProveAuth/3.1.1 Contract/2.15.1 WEB/1";

package/build/lib/proveauth/version.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.USER_AGENT_VERSIONS = exports.API_CONTRACT_VERSION = exports.VERSION = void 0;
-exports.VERSION = '3.0.3';
+exports.VERSION = '3.1.1';
 exports.API_CONTRACT_VERSION = '2.15.1';
 exports.USER_AGENT_VERSIONS = `ProveAuth/${exports.VERSION} Contract/${exports.API_CONTRACT_VERSION} WEB/1`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prove-identity/prove-auth",
-  "version": "3.0.3",
+  "version": "3.1.1",
   "description": "Prove Auth SDK for Web",
   "main": "build/lib/index.js",
   "files": [
@@ -70,7 +70,7 @@
     "@prove-identity/mobile-auth": "^3.1.0"
   },
   "workspaces": [
-    "integrations/authid",
-    "integrations/fingerprintjs"
+    "integrations/ppb",
+    "integrations/device-context"
   ]
 }