@simplewebauthn/browser 10.0.0 → 11.0.0-alpha3

package/bundle/index.es5.umd.min.js

@@ -0,0 +1,2 @@
+/* [@simplewebauthn/browser@11.0.0-alpha3] */
+function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}!function(e,t){if("function"==typeof define&&define.amd)define("SimpleWebAuthnBrowser",["exports"],t);else if("undefined"!=typeof exports)t(exports);else{var r={exports:{}};t(r.exports),e.SimpleWebAuthnBrowser=r.exports}}("undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:this,(function(t){function r(){r=function(){return n};var t,n={},o=Object.prototype,i=o.hasOwnProperty,a=Object.defineProperty||function(e,t,r){e[t]=r.value},u="function"==typeof Symbol?Symbol:{},c=u.iterator||"@@iterator",s=u.asyncIterator||"@@asyncIterator",l=u.toStringTag||"@@toStringTag";function f(e,t,r){return Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}),e[t]}try{f({},"")}catch(t){f=function(e,t,r){return e[t]=r}}function p(e,t,r,n){var o=t&&t.prototype instanceof g?t:g,i=Object.create(o.prototype),u=new j(n||[]);return a(i,"_invoke",{value:T(e,r,u)}),i}function h(e,t,r){try{return{type:"normal",arg:e.call(t,r)}}catch(e){return{type:"throw",arg:e}}}n.wrap=p;var d="suspendedStart",y="suspendedYield",b="executing",v="completed",w={};function g(){}function m(){}function E(){}var R={};f(R,c,(function(){return this}));var A=Object.getPrototypeOf,O=A&&A(A(L([])));O&&O!==o&&i.call(O,c)&&(R=O);var _=E.prototype=g.prototype=Object.create(R);function S(e){["next","throw","return"].forEach((function(t){f(e,t,(function(e){return this._invoke(t,e)}))}))}function P(t,r){function n(o,a,u,c){var s=h(t[o],t,a);if("throw"!==s.type){var l=s.arg,f=l.value;return f&&"object"==e(f)&&i.call(f,"__await")?r.resolve(f.__await).then((function(e){n("next",e,u,c)}),(function(e){n("throw",e,u,c)})):r.resolve(f).then((function(e){l.value=e,u(l)}),(function(e){return n("throw",e,u,c)}))}c(s.arg)}var o;a(this,"_invoke",{value:function(e,t){function i(){return new r((function(r,o){n(e,t,r,o)}))}return o=o?o.then(i,i):i()}})}function T(e,r,n){var o=d;return function(i,a){if(o===b)throw Error("Generator is already running");if(o===v){if("throw"===i)throw a;return{value:t,done:!0}}for(n.method=i,n.arg=a;;){var u=n.delegate;if(u){var c=x(u,n);if(c){if(c===w)continue;return c}}if("next"===n.method)n.sent=n._sent=n.arg;else if("throw"===n.method){if(o===d)throw o=v,n.arg;n.dispatchException(n.arg)}else"return"===n.method&&n.abrupt("return",n.arg);o=b;var s=h(e,r,n);if("normal"===s.type){if(o=n.done?v:y,s.arg===w)continue;return{value:s.arg,done:n.done}}"throw"===s.type&&(o=v,n.method="throw",n.arg=s.arg)}}}function x(e,r){var n=r.method,o=e.iterator[n];if(o===t)return r.delegate=null,"throw"===n&&e.iterator.return&&(r.method="return",r.arg=t,x(e,r),"throw"===r.method)||"return"!==n&&(r.method="throw",r.arg=new TypeError("The iterator does not provide a '"+n+"' method")),w;var i=h(o,e.iterator,r.arg);if("throw"===i.type)return r.method="throw",r.arg=i.arg,r.delegate=null,w;var a=i.arg;return a?a.done?(r[e.resultName]=a.value,r.next=e.nextLoc,"return"!==r.method&&(r.method="next",r.arg=t),r.delegate=null,w):a:(r.method="throw",r.arg=new TypeError("iterator result is not an object"),r.delegate=null,w)}function I(e){var t={tryLoc:e[0]};1 in e&&(t.catchLoc=e[1]),2 in e&&(t.finallyLoc=e[2],t.afterLoc=e[3]),this.tryEntries.push(t)}function N(e){var t=e.completion||{};t.type="normal",delete t.arg,e.completion=t}function j(e){this.tryEntries=[{tryLoc:"root"}],e.forEach(I,this),this.reset(!0)}function L(r){if(r||""===r){var n=r[c];if(n)return n.call(r);if("function"==typeof r.next)return r;if(!isNaN(r.length)){var o=-1,a=function e(){for(;++o<r.length;)if(i.call(r,o))return e.value=r[o],e.done=!1,e;return e.value=t,e.done=!0,e};return a.next=a}}throw new TypeError(e(r)+" is not iterable")}return m.prototype=E,a(_,"constructor",{value:E,configurable:!0}),a(E,"constructor",{value:m,configurable:!0}),m.displayName=f(E,l,"GeneratorFunction"),n.isGeneratorFunction=function(e){var t="function"==typeof e&&e.constructor;return!!t&&(t===m||"GeneratorFunction"===(t.displayName||t.name))},n.mark=function(e){return Object.setPrototypeOf?Object.setPrototypeOf(e,E):(e.__proto__=E,f(e,l,"GeneratorFunction")),e.prototype=Object.create(_),e},n.awrap=function(e){return{__await:e}},S(P.prototype),f(P.prototype,s,(function(){return this})),n.AsyncIterator=P,n.async=function(e,t,r,o,i){void 0===i&&(i=Promise);var a=new P(p(e,t,r,o),i);return n.isGeneratorFunction(t)?a:a.next().then((function(e){return e.done?e.value:a.next()}))},S(_),f(_,l,"Generator"),f(_,c,(function(){return this})),f(_,"toString",(function(){return"[object Generator]"})),n.keys=function(e){var t=Object(e),r=[];for(var n in t)r.push(n);return r.reverse(),function e(){for(;r.length;){var n=r.pop();if(n in t)return e.value=n,e.done=!1,e}return e.done=!0,e}},n.values=L,j.prototype={constructor:j,reset:function(e){if(this.prev=0,this.next=0,this.sent=this._sent=t,this.done=!1,this.delegate=null,this.method="next",this.arg=t,this.tryEntries.forEach(N),!e)for(var r in this)"t"===r.charAt(0)&&i.call(this,r)&&!isNaN(+r.slice(1))&&(this[r]=t)},stop:function(){this.done=!0;var e=this.tryEntries[0].completion;if("throw"===e.type)throw e.arg;return this.rval},dispatchException:function(e){if(this.done)throw e;var r=this;function n(n,o){return u.type="throw",u.arg=e,r.next=n,o&&(r.method="next",r.arg=t),!!o}for(var o=this.tryEntries.length-1;o>=0;--o){var a=this.tryEntries[o],u=a.completion;if("root"===a.tryLoc)return n("end");if(a.tryLoc<=this.prev){var c=i.call(a,"catchLoc"),s=i.call(a,"finallyLoc");if(c&&s){if(this.prev<a.catchLoc)return n(a.catchLoc,!0);if(this.prev<a.finallyLoc)return n(a.finallyLoc)}else if(c){if(this.prev<a.catchLoc)return n(a.catchLoc,!0)}else{if(!s)throw Error("try statement without catch or finally");if(this.prev<a.finallyLoc)return n(a.finallyLoc)}}}},abrupt:function(e,t){for(var r=this.tryEntries.length-1;r>=0;--r){var n=this.tryEntries[r];if(n.tryLoc<=this.prev&&i.call(n,"finallyLoc")&&this.prev<n.finallyLoc){var o=n;break}}o&&("break"===e||"continue"===e)&&o.tryLoc<=t&&t<=o.finallyLoc&&(o=null);var a=o?o.completion:{};return a.type=e,a.arg=t,o?(this.method="next",this.next=o.finallyLoc,w):this.complete(a)},complete:function(e,t){if("throw"===e.type)throw e.arg;return"break"===e.type||"continue"===e.type?this.next=e.arg:"return"===e.type?(this.rval=this.arg=e.arg,this.method="return",this.next="end"):"normal"===e.type&&t&&(this.next=t),w},finish:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.finallyLoc===e)return this.complete(r.completion,r.afterLoc),N(r),w}},catch:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.tryLoc===e){var n=r.completion;if("throw"===n.type){var o=n.arg;N(r)}return o}}throw Error("illegal catch attempt")},delegateYield:function(e,r,n){return this.delegate={iterator:L(e),resultName:r,nextLoc:n},"next"===this.method&&(this.arg=t),w}},n}function n(e,t,r,n,o,i,a){try{var u=e[i](a),c=u.value}catch(e){return void r(e)}u.done?t(c):Promise.resolve(c).then(n,o)}function o(e){return function(){var t=this,r=arguments;return new Promise((function(o,i){var a=e.apply(t,r);function u(e){n(a,o,i,u,c,"next",e)}function c(e){n(a,o,i,u,c,"throw",e)}u(void 0)}))}}function i(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,b(n.key),n)}}function a(e,t,r){return t&&i(e.prototype,t),r&&i(e,r),Object.defineProperty(e,"prototype",{writable:!1}),e}function u(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function c(t,r,n){return r=p(r),function(t,r){if(r&&("object"==e(r)||"function"==typeof r))return r;if(void 0!==r)throw new TypeError("Derived constructors may only return object or undefined");return function(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(t)}(t,l()?Reflect.construct(r,n||[],p(t).constructor):r.apply(t,n))}function s(e){var t="function"==typeof Map?new Map:void 0;return s=function(e){if(null===e||!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return function(e,t,r){if(l())return Reflect.construct.apply(null,arguments);var n=[null];n.push.apply(n,t);var o=new(e.bind.apply(e,n));return r&&f(o,r.prototype),o}(e,arguments,p(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),f(r,e)},s(e)}function l(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){})))}catch(e){}return(l=function(){return!!e})()}function f(e,t){return f=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},f(e,t)}function p(e){return p=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},p(e)}function h(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function d(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?h(Object(r),!0).forEach((function(t){y(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):h(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function y(e,t,r){return(t=b(t))in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function b(t){var r=function(t,r){if("object"!=e(t)||!t)return t;var n=t[Symbol.toPrimitive];if(void 0!==n){var o=n.call(t,r||"default");if("object"!=e(o))return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===r?String:Number)(t)}(t,"string");return"symbol"==e(r)?r:r+""}function v(e,t){var r="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(!r){if(Array.isArray(e)||(r=function(e,t){if(e){if("string"==typeof e)return w(e,t);var r={}.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r?Array.from(e):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?w(e,t):void 0}}(e))||t&&e&&"number"==typeof e.length){r&&(e=r);var n=0,o=function(){};return{s:o,n:function(){return n>=e.length?{done:!0}:{done:!1,value:e[n++]}},e:function(e){throw e},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,u=!1;return{s:function(){r=r.call(e)},n:function(){var e=r.next();return a=e.done,e},e:function(e){u=!0,i=e},f:function(){try{a||null==r.return||r.return()}finally{if(u)throw i}}}}function w(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}function g(e){var t,r="",n=v(new Uint8Array(e));try{for(n.s();!(t=n.n()).done;){var o=t.value;r+=String.fromCharCode(o)}}catch(e){n.e(e)}finally{n.f()}return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function m(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i),u=0;u<o.length;u++)a[u]=o.charCodeAt(u);return i}function E(){var e;return R.stubThis(void 0!==(null===(e=window)||void 0===e?void 0:e.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential)}Object.defineProperty(t,"__esModule",{value:!0}),t.WebAuthnError=t.WebAuthnAbortService=void 0,t.base64URLStringToBuffer=m,t.browserSupportsWebAuthn=E,t.browserSupportsWebAuthnAutofill=L,t.bufferToBase64URLString=g,t.platformAuthenticatorIsAvailable=function(){if(!E())return new Promise((function(e){return e(!1)}));return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()},t.startAuthentication=function(e){return U.apply(this,arguments)},t.startRegistration=function(e){return N.apply(this,arguments)};var R={stubThis:function(e){return e}};function A(e){var t=e.id;return d(d({},e),{},{id:m(t),transports:e.transports})}function O(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}var _=t.WebAuthnError=function(e){function t(e){var r,n=e.message,o=e.code,i=e.cause,a=e.name;return u(this,t),r=c(this,t,[n,{cause:i}]),Object.defineProperty(r,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),r.name=null!=a?a:i.name,r.code=o,r}return function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),Object.defineProperty(e,"prototype",{writable:!1}),t&&f(e,t)}(t,e),a(t)}(s(Error));function S(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new _({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){var o,i,a;if(!0===(null===(o=n.authenticatorSelection)||void 0===o?void 0:o.requireResidentKey))return new _({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("conditional"===r.mediation&&"required"===(null===(i=n.authenticatorSelection)||void 0===i?void 0:i.userVerification))return new _({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:t});if("required"===(null===(a=n.authenticatorSelection)||void 0===a?void 0:a.userVerification))return new _({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new _({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new _({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new _({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new _({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){var u=window.location.hostname;if(!O(u))return new _({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==u)return new _({message:'The RP ID "'.concat(n.rp.id,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new _({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new _({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}var P=function(){return a((function e(){u(this,e),Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}),[{key:"createNewAbortSignal",value:function(){if(this.controller){var e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}var t=new AbortController;return this.controller=t,t.signal}},{key:"cancelCeremony",value:function(){if(this.controller){var e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}}])}(),T=t.WebAuthnAbortService=new P,x=["cross-platform","platform"];function I(e){if(e&&!(x.indexOf(e)<0))return e}function N(){return(N=o(r().mark((function e(t){var n,o,i,a,u,c,s,l,f,p,h,y,b,v,w,R,O;return r().wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if(o=t.optionsJSON,i=t.useAutoRegister,a=void 0!==i&&i,E()){e.next=3;break}throw new Error("WebAuthn is not supported in this browser");case 3:return u=d(d({},o),{},{challenge:m(o.challenge),user:d(d({},o.user),{},{id:m(o.user.id)}),excludeCredentials:null===(n=o.excludeCredentials)||void 0===n?void 0:n.map(A)}),c={},a&&(c.mediation="conditional"),c.publicKey=u,c.signal=T.createNewAbortSignal(),e.prev=8,e.next=11,navigator.credentials.create(c);case 11:s=e.sent,e.next=17;break;case 14:throw e.prev=14,e.t0=e.catch(8),S({error:e.t0,options:c});case 17:if(s){e.next=19;break}throw new Error("Registration was not completed");case 19:if(f=(l=s).id,p=l.rawId,h=l.response,y=l.type,b=void 0,"function"==typeof h.getTransports&&(b=h.getTransports()),v=void 0,"function"==typeof h.getPublicKeyAlgorithm)try{v=h.getPublicKeyAlgorithm()}catch(e){j("getPublicKeyAlgorithm()",e)}if(w=void 0,"function"==typeof h.getPublicKey)try{null!==(R=h.getPublicKey())&&(w=g(R))}catch(e){j("getPublicKey()",e)}if("function"==typeof h.getAuthenticatorData)try{O=g(h.getAuthenticatorData())}catch(e){j("getAuthenticatorData()",e)}return e.abrupt("return",{id:f,rawId:g(p),response:{attestationObject:g(h.attestationObject),clientDataJSON:g(h.clientDataJSON),transports:b,publicKeyAlgorithm:v,publicKey:w,authenticatorData:O},type:y,clientExtensionResults:s.getClientExtensionResults(),authenticatorAttachment:I(s.authenticatorAttachment)});case 28:case"end":return e.stop()}}),e,null,[[8,14]])})))).apply(this,arguments)}function j(e,t){console.warn("The browser extension that intercepted this WebAuthn API call incorrectly implemented ".concat(e,". You should report this error to them.\n"),t)}function L(){if(!E())return C.stubThis(new Promise((function(e){return e(!1)})));var e=window.PublicKeyCredential;return void 0===(null==e?void 0:e.isConditionalMediationAvailable)?C.stubThis(new Promise((function(e){return e(!1)}))):C.stubThis(e.isConditionalMediationAvailable())}var C={stubThis:function(e){return e}};function D(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new _({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new _({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){var o=window.location.hostname;if(!O(o))return new _({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==o)return new _({message:'The RP ID "'.concat(n.rpId,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new _({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}function U(){return(U=o(r().mark((function e(t){var n,o,i,a,u,c,s,l,f,p,h,y,b,v,w,R,O;return r().wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if(o=t.optionsJSON,i=t.useBrowserAutofill,a=void 0!==i&&i,u=t.verifyBrowserAutofillInput,c=void 0===u||u,E()){e.next=3;break}throw new Error("WebAuthn is not supported in this browser");case 3:if(0!==(null===(n=o.allowCredentials)||void 0===n?void 0:n.length)&&(s=null===(l=o.allowCredentials)||void 0===l?void 0:l.map(A)),f=d(d({},o),{},{challenge:m(o.challenge),allowCredentials:s}),p={},!a){e.next=16;break}return e.next=9,L();case 9:if(e.sent){e.next=11;break}throw Error("Browser does not support WebAuthn autofill");case 11:if(!(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&c)){e.next=14;break}throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');case 14:p.mediation="conditional",f.allowCredentials=[];case 16:return p.publicKey=f,p.signal=T.createNewAbortSignal(),e.prev=18,e.next=21,navigator.credentials.get(p);case 21:h=e.sent,e.next=27;break;case 24:throw e.prev=24,e.t0=e.catch(18),D({error:e.t0,options:p});case 27:if(h){e.next=29;break}throw new Error("Authentication was not completed");case 29:return b=(y=h).id,v=y.rawId,w=y.response,R=y.type,O=void 0,w.userHandle&&(O=g(w.userHandle)),e.abrupt("return",{id:b,rawId:g(v),response:{authenticatorData:g(w.authenticatorData),clientDataJSON:g(w.clientDataJSON),signature:g(w.signature),userHandle:O},type:R,clientExtensionResults:h.getClientExtensionResults(),authenticatorAttachment:I(h.authenticatorAttachment)});case 33:case"end":return e.stop()}}),e,null,[[18,24]])})))).apply(this,arguments)}}));

package/esm/helpers/base64URLStringToBuffer.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;
+//# sourceMappingURL=base64URLStringToBuffer.d.ts.map

package/esm/helpers/base64URLStringToBuffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64URLStringToBuffer.d.ts","sourceRoot":"","sources":["../../src/helpers/base64URLStringToBuffer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,eAAe,EAAE,MAAM,GAAG,WAAW,CAyB5E"}

package/esm/helpers/base64URLStringToBuffer.js

@@ -0,0 +1,29 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export function base64URLStringToBuffer(base64URLString) {
+    // Convert from Base64URL to Base64
+    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
+    /**
+     * Pad with '=' until it's a multiple of four
+     * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding
+     * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding
+     * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding
+     * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding
+     */
+    const padLength = (4 - (base64.length % 4)) % 4;
+    const padded = base64.padEnd(base64.length + padLength, '=');
+    // Convert to a binary string
+    const binary = atob(padded);
+    // Convert binary string to buffer
+    const buffer = new ArrayBuffer(binary.length);
+    const bytes = new Uint8Array(buffer);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return buffer;
+}

package/esm/helpers/browserSupportsWebAuthn.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export declare function browserSupportsWebAuthn(): boolean;
+export declare const _browserSupportsWebAuthnInternals: {
+    stubThis: (value: boolean) => boolean;
+};
+//# sourceMappingURL=browserSupportsWebAuthn.d.ts.map

package/esm/helpers/browserSupportsWebAuthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthn.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthn.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAKjD;AAGD,eAAO,MAAM,iCAAiC;sBAC1B,OAAO;CAC1B,CAAC"}

package/esm/helpers/browserSupportsWebAuthn.js

@@ -0,0 +1,11 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export function browserSupportsWebAuthn() {
+    return _browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== undefined &&
+        typeof globalThis.PublicKeyCredential === 'function');
+}
+// Make it possible to stub the return value during testing
+export const _browserSupportsWebAuthnInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/browserSupportsWebAuthnAutofill.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+export declare function browserSupportsWebAuthnAutofill(): Promise<boolean>;
+export declare const _browserSupportsWebAuthnAutofillInternals: {
+    stubThis: (value: Promise<boolean>) => Promise<boolean>;
+};
+//# sourceMappingURL=browserSupportsWebAuthnAutofill.d.ts.map

package/esm/helpers/browserSupportsWebAuthnAutofill.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthnAutofill.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthnAutofill.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAgB,+BAA+B,IAAI,OAAO,CAAC,OAAO,CAAC,CAyBlE;AAGD,eAAO,MAAM,yCAAyC;sBAClC,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/esm/helpers/browserSupportsWebAuthnAutofill.js

@@ -0,0 +1,26 @@
+import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+export function browserSupportsWebAuthnAutofill() {
+    if (!browserSupportsWebAuthn()) {
+        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    /**
+     * I don't like the `as unknown` here but there's a `declare var PublicKeyCredential` in
+     * TS' DOM lib that's making it difficult for me to just go `as PublicKeyCredentialFuture` as I
+     * want. I think I'm fine with this for now since it's _supposed_ to be temporary, until TS types
+     * have a chance to catch up.
+     */
+    const globalPublicKeyCredential = globalThis
+        .PublicKeyCredential;
+    if (globalPublicKeyCredential?.isConditionalMediationAvailable === undefined) {
+        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    return _browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());
+}
+// Make it possible to stub the return value during testing
+export const _browserSupportsWebAuthnAutofillInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/bufferToBase64URLString.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+export declare function bufferToBase64URLString(buffer: ArrayBuffer): string;
+//# sourceMappingURL=bufferToBase64URLString.d.ts.map

package/esm/helpers/bufferToBase64URLString.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bufferToBase64URLString.d.ts","sourceRoot":"","sources":["../../src/helpers/bufferToBase64URLString.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAWnE"}

package/esm/helpers/bufferToBase64URLString.js

@@ -0,0 +1,15 @@
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+export function bufferToBase64URLString(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let str = '';
+    for (const charCode of bytes) {
+        str += String.fromCharCode(charCode);
+    }
+    const base64String = btoa(str);
+    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}

package/esm/helpers/identifyAuthenticationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+export declare function identifyAuthenticationError({ error, options, }: {
+    error: Error;
+    options: CredentialRequestOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyAuthenticationError.d.ts.map

package/esm/helpers/identifyAuthenticationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyAuthenticationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyAuthenticationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,wBAAwB,CAAC;CACnC,GAAG,aAAa,GAAG,KAAK,CAuDxB"}

package/esm/helpers/identifyAuthenticationError.js

@@ -0,0 +1,61 @@
+import { isValidDomain } from './isValidDomain.js';
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+export function identifyAuthenticationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new WebAuthnError({
+                message: 'Authentication ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5)
+            return new WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rpId !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6)
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12)
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/esm/helpers/identifyRegistrationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+export declare function identifyRegistrationError({ error, options, }: {
+    error: Error;
+    options: CredentialCreationOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyRegistrationError.d.ts.map

package/esm/helpers/identifyRegistrationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyRegistrationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyRegistrationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,EACxC,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,yBAAyB,CAAC;CACpC,GAAG,aAAa,GAAG,KAAK,CA4HxB"}

package/esm/helpers/identifyRegistrationError.js

@@ -0,0 +1,126 @@
+import { isValidDomain } from './isValidDomain.js';
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+export function identifyRegistrationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new WebAuthnError({
+                message: 'Registration ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'ConstraintError') {
+        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)
+            return new WebAuthnError({
+                message: 'Discoverable credentials were required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
+                cause: error,
+            });
+        }
+        else if (
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        options.mediation === 'conditional' &&
+            publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://w3c.github.io/webauthn/#sctn-createCredential (Step 22.4)
+            return new WebAuthnError({
+                message: 'User verification was required during automatic registration but it could not be performed',
+                code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',
+                cause: error,
+            });
+        }
+        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)
+            return new WebAuthnError({
+                message: 'User verification was required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'InvalidStateError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)
+        return new WebAuthnError({
+            message: 'The authenticator was previously registered',
+            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotSupportedError') {
+        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
+        if (validPubKeyCredParams.length === 0) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)
+            return new WebAuthnError({
+                message: 'No entry in pubKeyCredParams was of type "public-key"',
+                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
+                cause: error,
+            });
+        }
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)
+        return new WebAuthnError({
+            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
+            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)
+            return new WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rp.id !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'TypeError') {
+        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)
+            return new WebAuthnError({
+                message: 'User ID was not between 1 and 64 characters',
+                code: 'ERROR_INVALID_USER_ID_LENGTH',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/esm/helpers/isValidDomain.d.ts

@@ -0,0 +1,10 @@
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+export declare function isValidDomain(hostname: string): boolean;
+//# sourceMappingURL=isValidDomain.d.ts.map

package/esm/helpers/isValidDomain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isValidDomain.d.ts","sourceRoot":"","sources":["../../src/helpers/isValidDomain.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMvD"}

package/esm/helpers/isValidDomain.js

@@ -0,0 +1,14 @@
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+export function isValidDomain(hostname) {
+    return (
+    // Consider localhost valid as well since it's okay wrt Secure Contexts
+    hostname === 'localhost' ||
+        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
+}

package/esm/helpers/platformAuthenticatorIsAvailable.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+export declare function platformAuthenticatorIsAvailable(): Promise<boolean>;
+//# sourceMappingURL=platformAuthenticatorIsAvailable.d.ts.map

package/esm/helpers/platformAuthenticatorIsAvailable.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platformAuthenticatorIsAvailable.d.ts","sourceRoot":"","sources":["../../src/helpers/platformAuthenticatorIsAvailable.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAMnE"}

package/esm/helpers/platformAuthenticatorIsAvailable.js

@@ -0,0 +1,13 @@
+import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+export function platformAuthenticatorIsAvailable() {
+    if (!browserSupportsWebAuthn()) {
+        return new Promise((resolve) => resolve(false));
+    }
+    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+}

package/{dist/types → esm}/helpers/toAuthenticatorAttachment.d.ts

@@ -1,2 +1,6 @@
 import { AuthenticatorAttachment } from '@simplewebauthn/types';
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
 export declare function toAuthenticatorAttachment(attachment: string | null): AuthenticatorAttachment | undefined;
+//# sourceMappingURL=toAuthenticatorAttachment.d.ts.map

package/esm/helpers/toAuthenticatorAttachment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toAuthenticatorAttachment.d.ts","sourceRoot":"","sources":["../../src/helpers/toAuthenticatorAttachment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAIhE;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,uBAAuB,GAAG,SAAS,CAUrC"}

package/esm/helpers/toAuthenticatorAttachment.js

@@ -0,0 +1,13 @@
+const attachments = ['cross-platform', 'platform'];
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
+export function toAuthenticatorAttachment(attachment) {
+    if (!attachment) {
+        return;
+    }
+    if (attachments.indexOf(attachment) < 0) {
+        return;
+    }
+    return attachment;
+}

package/esm/helpers/toPublicKeyCredentialDescriptor.d.ts

@@ -0,0 +1,3 @@
+import type { PublicKeyCredentialDescriptor, PublicKeyCredentialDescriptorJSON } from '@simplewebauthn/types';
+export declare function toPublicKeyCredentialDescriptor(descriptor: PublicKeyCredentialDescriptorJSON): PublicKeyCredentialDescriptor;
+//# sourceMappingURL=toPublicKeyCredentialDescriptor.d.ts.map

package/esm/helpers/toPublicKeyCredentialDescriptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toPublicKeyCredentialDescriptor.d.ts","sourceRoot":"","sources":["../../src/helpers/toPublicKeyCredentialDescriptor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,6BAA6B,EAC7B,iCAAiC,EAClC,MAAM,uBAAuB,CAAC;AAI/B,wBAAgB,+BAA+B,CAC7C,UAAU,EAAE,iCAAiC,GAC5C,6BAA6B,CAa/B"}

package/esm/helpers/toPublicKeyCredentialDescriptor.js

@@ -0,0 +1,14 @@
+import { base64URLStringToBuffer } from './base64URLStringToBuffer.js';
+export function toPublicKeyCredentialDescriptor(descriptor) {
+    const { id } = descriptor;
+    return {
+        ...descriptor,
+        id: base64URLStringToBuffer(id),
+        /**
+         * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
+         * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
+         * are fine to pass to WebAuthn since browsers will recognize the new value.
+         */
+        transports: descriptor.transports,
+    };
+}

package/esm/helpers/webAuthnAbortService.d.ts

@@ -0,0 +1,14 @@
+interface WebAuthnAbortService {
+    createNewAbortSignal(): AbortSignal;
+    cancelCeremony(): void;
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+export declare const WebAuthnAbortService: WebAuthnAbortService;
+export {};
+//# sourceMappingURL=webAuthnAbortService.d.ts.map

package/esm/helpers/webAuthnAbortService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnAbortService.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnAbortService.ts"],"names":[],"mappings":"AAAA,UAAU,oBAAoB;IAC5B,oBAAoB,IAAI,WAAW,CAAC;IACpC,cAAc,IAAI,IAAI,CAAC;CACxB;AA0CD;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE,oBAAqD,CAAC"}

package/esm/helpers/webAuthnAbortService.js

@@ -0,0 +1,45 @@
+class BaseWebAuthnAbortService {
+    constructor() {
+        Object.defineProperty(this, "controller", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+    }
+    /**
+     * Prepare an abort signal that will help support multiple auth attempts without needing to
+     * reload the page. This is automatically called whenever `startRegistration()` and
+     * `startAuthentication()` are called.
+     */
+    createNewAbortSignal() {
+        // Abort any existing calls to navigator.credentials.create() or navigator.credentials.get()
+        if (this.controller) {
+            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+        }
+        const newController = new AbortController();
+        this.controller = newController;
+        return newController.signal;
+    }
+    /**
+     * Manually cancel any active WebAuthn registration or authentication attempt.
+     */
+    cancelCeremony() {
+        if (this.controller) {
+            const abortError = new Error('Manually cancelling existing WebAuthn API call');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+            this.controller = undefined;
+        }
+    }
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+export const WebAuthnAbortService = new BaseWebAuthnAbortService();

package/{dist/types → esm}/helpers/webAuthnError.d.ts

@@ -1,3 +1,20 @@
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
 export declare class WebAuthnError extends Error {
     code: WebAuthnErrorCode;
     constructor({ message, code, cause, name, }: {
@@ -7,4 +24,5 @@ export declare class WebAuthnError extends Error {
         name?: string;
     });
 }
-export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY';
+export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' | 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY';
+//# sourceMappingURL=webAuthnError.d.ts.map

package/esm/helpers/webAuthnError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnError.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnError.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,IAAI,EAAE,iBAAiB,CAAC;gBAEZ,EACV,OAAO,EACP,IAAI,EACJ,KAAK,EACL,IAAI,GACL,EAAE;QACD,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,iBAAiB,CAAC;QACxB,KAAK,EAAE,KAAK,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;CAMF;AAED,MAAM,MAAM,iBAAiB,GACzB,wBAAwB,GACxB,sBAAsB,GACtB,qBAAqB,GACrB,8BAA8B,GAC9B,kCAAkC,GAClC,mCAAmC,GACnC,6DAA6D,GAC7D,uDAAuD,GACvD,2CAA2C,GAC3C,uDAAuD,GACvD,+CAA+C,GAC/C,sCAAsC,CAAC"}