@simplewebauthn/browser 10.0.0 → 11.0.0-alpha3

package/esm/helpers/webAuthnError.js

@@ -0,0 +1,31 @@
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
+export class WebAuthnError extends Error {
+    constructor({ message, code, cause, name, }) {
+        // @ts-ignore: help Rollup understand that `cause` is okay to set
+        super(message, { cause });
+        Object.defineProperty(this, "code", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.name = name ?? cause.name;
+        this.code = code;
+    }
+}

package/esm/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+import { startRegistration } from './methods/startRegistration.js';
+import { startAuthentication } from './methods/startAuthentication.js';
+import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn.js';
+import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable.js';
+import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill.js';
+import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer.js';
+import { bufferToBase64URLString } from './helpers/bufferToBase64URLString.js';
+import { WebAuthnAbortService } from './helpers/webAuthnAbortService.js';
+import { WebAuthnError } from './helpers/webAuthnError.js';
+export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
+export type { WebAuthnErrorCode } from './helpers/webAuthnError.js';
+//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,+CAA+C,CAAC;AACjG,OAAO,EAAE,+BAA+B,EAAE,MAAM,8CAA8C,CAAC;AAC/F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,+BAA+B,EAC/B,uBAAuB,EACvB,gCAAgC,EAChC,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,GACd,CAAC;AAEF,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC"}

package/{dist/types/index.d.ts → esm/index.js}

@@ -1,11 +1,14 @@
-import { startRegistration } from './methods/startRegistration';
-import { startAuthentication } from './methods/startAuthentication';
-import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn';
-import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable';
-import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill';
-import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer';
-import { bufferToBase64URLString } from './helpers/bufferToBase64URLString';
-import { WebAuthnAbortService } from './helpers/webAuthnAbortService';
-import { WebAuthnError } from './helpers/webAuthnError';
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+import { startRegistration } from './methods/startRegistration.js';
+import { startAuthentication } from './methods/startAuthentication.js';
+import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn.js';
+import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable.js';
+import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill.js';
+import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer.js';
+import { bufferToBase64URLString } from './helpers/bufferToBase64URLString.js';
+import { WebAuthnAbortService } from './helpers/webAuthnAbortService.js';
+import { WebAuthnError } from './helpers/webAuthnError.js';
 export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
-export type { WebAuthnErrorCode } from './helpers/webAuthnError';

package/esm/methods/startAuthentication.d.ts

@@ -0,0 +1,15 @@
+import { AuthenticationResponseJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types';
+export type StartAuthenticationOpts = {
+    optionsJSON: PublicKeyCredentialRequestOptionsJSON;
+    useBrowserAutofill?: boolean;
+    verifyBrowserAutofillInput?: boolean;
+};
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+export declare function startAuthentication(options: StartAuthenticationOpts): Promise<AuthenticationResponseJSON>;
+//# sourceMappingURL=startAuthentication.d.ts.map

package/esm/methods/startAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startAuthentication.d.ts","sourceRoot":"","sources":["../../src/methods/startAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,0BAA0B,EAC1B,qCAAqC,EACtC,MAAM,uBAAuB,CAAC;AAW/B,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,qCAAqC,CAAC;IACnD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,0BAA0B,CAAC,CAkGrC"}

package/esm/methods/startAuthentication.js

@@ -0,0 +1,89 @@
+import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';
+import { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';
+import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';
+import { browserSupportsWebAuthnAutofill } from '../helpers/browserSupportsWebAuthnAutofill.js';
+import { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';
+import { identifyAuthenticationError } from '../helpers/identifyAuthenticationError.js';
+import { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';
+import { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+export async function startAuthentication(options) {
+    const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to avoid passing empty array to avoid blocking retrieval
+    // of public key
+    let allowCredentials;
+    if (optionsJSON.allowCredentials?.length !== 0) {
+        allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: base64URLStringToBuffer(optionsJSON.challenge),
+        allowCredentials,
+    };
+    // Prepare options for `.get()`
+    const getOptions = {};
+    /**
+     * Set up the page to prompt the user to select a credential for authentication via the browser's
+     * input autofill mechanism.
+     */
+    if (useBrowserAutofill) {
+        if (!(await browserSupportsWebAuthnAutofill())) {
+            throw Error('Browser does not support WebAuthn autofill');
+        }
+        // Check for an <input> with "webauthn" in its `autocomplete` attribute
+        const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
+        // WebAuthn autofill requires at least one valid input
+        if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
+            throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
+        }
+        // `CredentialMediationRequirement` doesn't know about "conditional" yet as of
+        // typescript@4.6.3
+        getOptions.mediation = 'conditional';
+        // Conditional UI requires an empty allow list
+        publicKey.allowCredentials = [];
+    }
+    // Finalize options
+    getOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    getOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete assertion
+    let credential;
+    try {
+        credential = (await navigator.credentials.get(getOptions));
+    }
+    catch (err) {
+        throw identifyAuthenticationError({ error: err, options: getOptions });
+    }
+    if (!credential) {
+        throw new Error('Authentication was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    let userHandle = undefined;
+    if (response.userHandle) {
+        userHandle = bufferToBase64URLString(response.userHandle);
+    }
+    // Convert values to base64 to make it easier to send back to the server
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            authenticatorData: bufferToBase64URLString(response.authenticatorData),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            signature: bufferToBase64URLString(response.signature),
+            userHandle,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}

package/esm/methods/startRegistration.d.ts

@@ -0,0 +1,13 @@
+import { PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/types';
+export type StartRegistrationOpts = {
+    optionsJSON: PublicKeyCredentialCreationOptionsJSON;
+    useAutoRegister?: boolean;
+};
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+export declare function startRegistration(options: StartRegistrationOpts): Promise<RegistrationResponseJSON>;
+//# sourceMappingURL=startRegistration.d.ts.map

package/esm/methods/startRegistration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startRegistration.d.ts","sourceRoot":"","sources":["../../src/methods/startRegistration.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,sCAAsC,EAEtC,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAU/B,MAAM,MAAM,qBAAqB,GAAG;IAClC,WAAW,EAAE,sCAAsC,CAAC;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,wBAAwB,CAAC,CA6GnC"}

package/esm/methods/startRegistration.js

@@ -0,0 +1,115 @@
+import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';
+import { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';
+import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';
+import { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';
+import { identifyRegistrationError } from '../helpers/identifyRegistrationError.js';
+import { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';
+import { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+export async function startRegistration(options) {
+    const { optionsJSON, useAutoRegister = false } = options;
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: base64URLStringToBuffer(optionsJSON.challenge),
+        user: {
+            ...optionsJSON.user,
+            id: base64URLStringToBuffer(optionsJSON.user.id),
+        },
+        excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
+    };
+    // Prepare options for `.create()`
+    const createOptions = {};
+    /**
+     * Try to use conditional create to register a passkey for the user with the password manager
+     * the user just used to authenticate with. The user won't be shown any prominent UI by the
+     * browser.
+     */
+    if (useAutoRegister) {
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        createOptions.mediation = 'conditional';
+    }
+    // Finalize options
+    createOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    createOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete attestation
+    let credential;
+    try {
+        credential = (await navigator.credentials.create(createOptions));
+    }
+    catch (err) {
+        throw identifyRegistrationError({ error: err, options: createOptions });
+    }
+    if (!credential) {
+        throw new Error('Registration was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    // Continue to play it safe with `getTransports()` for now, even when L3 types say it's required
+    let transports = undefined;
+    if (typeof response.getTransports === 'function') {
+        transports = response.getTransports();
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responsePublicKeyAlgorithm = undefined;
+    if (typeof response.getPublicKeyAlgorithm === 'function') {
+        try {
+            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
+        }
+    }
+    let responsePublicKey = undefined;
+    if (typeof response.getPublicKey === 'function') {
+        try {
+            const _publicKey = response.getPublicKey();
+            if (_publicKey !== null) {
+                responsePublicKey = bufferToBase64URLString(_publicKey);
+            }
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKey()', error);
+        }
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responseAuthenticatorData;
+    if (typeof response.getAuthenticatorData === 'function') {
+        try {
+            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getAuthenticatorData()', error);
+        }
+    }
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            attestationObject: bufferToBase64URLString(response.attestationObject),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            transports,
+            publicKeyAlgorithm: responsePublicKeyAlgorithm,
+            publicKey: responsePublicKey,
+            authenticatorData: responseAuthenticatorData,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}
+/**
+ * Visibly warn when we detect an issue related to a passkey provider intercepting WebAuthn API
+ * calls
+ */
+function warnOnBrokenImplementation(methodName, cause) {
+    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
+}

package/esm/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

package/package.json

@@ -1,46 +1,41 @@
 {
   "name": "@simplewebauthn/browser",
-  "version": "10.0.0",
+  "version": "11.0.0-alpha3",
   "description": "SimpleWebAuthn for Browsers",
-  "main": "dist/bundle/index.js",
-  "unpkg": "dist/bundle/index.umd.min.js",
-  "types": "dist/types/index.d.ts",
+  "keywords": [
+    "typescript",
+    "webauthn",
+    "passkeys",
+    "fido",
+    "umd"
+  ],
   "author": "Matthew Miller <matthew@millerti.me>",
-  "license": "MIT",
+  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser#readme",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/MasterKale/SimpleWebAuthn.git",
     "directory": "packages/browser"
   },
-  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser#readme",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/MasterKale/SimpleWebAuthn/issues"
+  },
+  "main": "./script/index.js",
+  "module": "./esm/index.js",
+  "exports": {
+    ".": {
+      "import": "./esm/index.js",
+      "require": "./script/index.js"
+    }
+  },
   "publishConfig": {
     "access": "public"
   },
-  "keywords": [
-    "typescript",
-    "webauthn",
-    "passkeys",
-    "fido",
-    "umd"
-  ],
   "dependencies": {
-    "@simplewebauthn/types": "^10.0.0"
+    "@simplewebauthn/types": "^11.0.0-alpha3"
   },
   "devDependencies": {
-    "@rollup/plugin-node-resolve": "^13.0.0",
-    "@rollup/plugin-terser": "^0.4.3",
-    "@rollup/plugin-typescript": "^8.2.1",
-    "rollup": "^2.52.1",
-    "rollup-plugin-version-injector": "^1.3.3",
-    "tslib": "^2.6.2"
+    "@types/node": "^20.9.0"
   },
-  "type": "module",
-  "gitHead": "ba039fdd5fdff87f78d3bd246e9bea5f7aa39ccb",
-  "scripts": {
-    "build": "rimraf dist && rollup -c",
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:coverage": "npm test -- --coverage",
-    "prepublish": "npm run build"
-  }
+  "_generatedBy": "dnt@dev"
 }

package/script/helpers/base64URLStringToBuffer.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;
+//# sourceMappingURL=base64URLStringToBuffer.d.ts.map

package/script/helpers/base64URLStringToBuffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64URLStringToBuffer.d.ts","sourceRoot":"","sources":["../../src/helpers/base64URLStringToBuffer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,eAAe,EAAE,MAAM,GAAG,WAAW,CAyB5E"}

package/script/helpers/base64URLStringToBuffer.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.base64URLStringToBuffer = base64URLStringToBuffer;
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+function base64URLStringToBuffer(base64URLString) {
+    // Convert from Base64URL to Base64
+    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
+    /**
+     * Pad with '=' until it's a multiple of four
+     * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding
+     * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding
+     * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding
+     * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding
+     */
+    const padLength = (4 - (base64.length % 4)) % 4;
+    const padded = base64.padEnd(base64.length + padLength, '=');
+    // Convert to a binary string
+    const binary = atob(padded);
+    // Convert binary string to buffer
+    const buffer = new ArrayBuffer(binary.length);
+    const bytes = new Uint8Array(buffer);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return buffer;
+}

package/script/helpers/browserSupportsWebAuthn.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export declare function browserSupportsWebAuthn(): boolean;
+export declare const _browserSupportsWebAuthnInternals: {
+    stubThis: (value: boolean) => boolean;
+};
+//# sourceMappingURL=browserSupportsWebAuthn.d.ts.map

package/script/helpers/browserSupportsWebAuthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthn.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthn.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAKjD;AAGD,eAAO,MAAM,iCAAiC;sBAC1B,OAAO;CAC1B,CAAC"}

package/script/helpers/browserSupportsWebAuthn.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._browserSupportsWebAuthnInternals = void 0;
+exports.browserSupportsWebAuthn = browserSupportsWebAuthn;
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+function browserSupportsWebAuthn() {
+    return exports._browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== undefined &&
+        typeof globalThis.PublicKeyCredential === 'function');
+}
+// Make it possible to stub the return value during testing
+exports._browserSupportsWebAuthnInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/browserSupportsWebAuthnAutofill.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+export declare function browserSupportsWebAuthnAutofill(): Promise<boolean>;
+export declare const _browserSupportsWebAuthnAutofillInternals: {
+    stubThis: (value: Promise<boolean>) => Promise<boolean>;
+};
+//# sourceMappingURL=browserSupportsWebAuthnAutofill.d.ts.map

package/script/helpers/browserSupportsWebAuthnAutofill.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthnAutofill.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthnAutofill.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAgB,+BAA+B,IAAI,OAAO,CAAC,OAAO,CAAC,CAyBlE;AAGD,eAAO,MAAM,yCAAyC;sBAClC,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/script/helpers/browserSupportsWebAuthnAutofill.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._browserSupportsWebAuthnAutofillInternals = void 0;
+exports.browserSupportsWebAuthnAutofill = browserSupportsWebAuthnAutofill;
+const browserSupportsWebAuthn_js_1 = require("./browserSupportsWebAuthn.js");
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+function browserSupportsWebAuthnAutofill() {
+    if (!(0, browserSupportsWebAuthn_js_1.browserSupportsWebAuthn)()) {
+        return exports._browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    /**
+     * I don't like the `as unknown` here but there's a `declare var PublicKeyCredential` in
+     * TS' DOM lib that's making it difficult for me to just go `as PublicKeyCredentialFuture` as I
+     * want. I think I'm fine with this for now since it's _supposed_ to be temporary, until TS types
+     * have a chance to catch up.
+     */
+    const globalPublicKeyCredential = globalThis
+        .PublicKeyCredential;
+    if (globalPublicKeyCredential?.isConditionalMediationAvailable === undefined) {
+        return exports._browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    return exports._browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());
+}
+// Make it possible to stub the return value during testing
+exports._browserSupportsWebAuthnAutofillInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/bufferToBase64URLString.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+export declare function bufferToBase64URLString(buffer: ArrayBuffer): string;
+//# sourceMappingURL=bufferToBase64URLString.d.ts.map

package/script/helpers/bufferToBase64URLString.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bufferToBase64URLString.d.ts","sourceRoot":"","sources":["../../src/helpers/bufferToBase64URLString.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAWnE"}

package/script/helpers/bufferToBase64URLString.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bufferToBase64URLString = bufferToBase64URLString;
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+function bufferToBase64URLString(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let str = '';
+    for (const charCode of bytes) {
+        str += String.fromCharCode(charCode);
+    }
+    const base64String = btoa(str);
+    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}

package/script/helpers/identifyAuthenticationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+export declare function identifyAuthenticationError({ error, options, }: {
+    error: Error;
+    options: CredentialRequestOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyAuthenticationError.d.ts.map

package/script/helpers/identifyAuthenticationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyAuthenticationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyAuthenticationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,wBAAwB,CAAC;CACnC,GAAG,aAAa,GAAG,KAAK,CAuDxB"}

package/script/helpers/identifyAuthenticationError.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.identifyAuthenticationError = identifyAuthenticationError;
+const isValidDomain_js_1 = require("./isValidDomain.js");
+const webAuthnError_js_1 = require("./webAuthnError.js");
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+function identifyAuthenticationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'Authentication ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new webAuthnError_js_1.WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!(0, isValidDomain_js_1.isValidDomain)(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rpId !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12)
+        return new webAuthnError_js_1.WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/script/helpers/identifyRegistrationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+export declare function identifyRegistrationError({ error, options, }: {
+    error: Error;
+    options: CredentialCreationOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyRegistrationError.d.ts.map