@simplewebauthn/browser 11.0.0 → 12.0.0

package/README.md

@@ -1,24 +1,34 @@
-<!-- omit in toc -->
-
-# @simplewebauthn/browser
+# @simplewebauthn/browser <!-- omit in toc -->
 
 ![WebAuthn](https://img.shields.io/badge/WebAuthn-Simplified-blueviolet?style=for-the-badge&logo=WebAuthn)
 [![npm (scoped)](https://img.shields.io/npm/v/@simplewebauthn/browser?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/@simplewebauthn/browser)
-![Browser Support](https://img.shields.io/badge/Browser-ES5+-brightgreen?style=for-the-badge&logo=Mozilla+Firefox)
-
-- [@simplewebauthn/browser](#simplewebauthnbrowser)
-  - [Installation](#installation)
-    - [UMD](#umd)
-      - [ES5](#es5)
-      - [ES2018](#es2018)
-  - [Usage](#usage)
+[![JSR](https://jsr.io/badges/@simplewebauthn/browser?style=for-the-badge)](https://jsr.io/@simplewebauthn/browser)
+![Browser Support](https://img.shields.io/badge/Browser-ES2021+-brightgreen?style=for-the-badge&logo=Mozilla+Firefox)
+![Browser Support](https://img.shields.io/badge/Browser-ES5-brightgreen?style=for-the-badge&logo=Mozilla+Firefox)
+
+- [Installation](#installation)
+  - [Node LTS 20.x and higher](#node-lts-20x-and-higher)
+  - [Deno v1.43 and higher](#deno-v143-and-higher)
+  - [UMD](#umd)
+    - [ES2021](#es2021)
+    - [ES5](#es5)
+- [Documentation](#documentation)
 
 ## Installation
 
-This package is available on **npm**:
+This package can be installed from **[NPM](https://www.npmjs.com/package/@simplewebauthn/browser)**
+and **[JSR](https://jsr.io/@simplewebauthn/browser)**:
+
+### Node LTS 20.x and higher
+
+```sh
+npm install @simplewebauthn/browser @simplewebauthn/types
+```
+
+### Deno v1.43 and higher
 
 ```sh
-npm install @simplewebauthn/browser
+deno add jsr:@simplewebauthn/browser jsr:@simplewebauthn/types
 ```
 
 ### UMD
@@ -27,28 +37,28 @@ This package can also be installed via **unpkg** by including the following scri
 `<head>` element. The library's methods will be available on the global **`SimpleWebAuthnBrowser`**
 object.
 
-> NOTE: The only difference between the two packages below is that the ES5 bundle includes
-> TypeScript's `tslib` runtime code. This adds some bundle size overhead, but _does_ enable use of
-> `supportsWebAuthn()` in older browsers to show appropriate UI when WebAuthn is unavailable.
+> NOTE: The only difference between the two packages below is that the ES5 bundle includes some
+> polyfills for older browsers. This adds some bundle size overhead, but _does_ enable use of
+> `browserSupportsWebAuthn()` in older browsers to show appropriate UI when WebAuthn is unavailable.
 
-#### ES5
+#### ES2021
 
-If you need to support WebAuthn feature detection in deprecated browsers like IE11 and Edge Legacy,
-include the `ES5` version:
+If you only need to support modern browsers, include the `ES2021` version:
 
 ```html
-<script src="https://unpkg.com/@simplewebauthn/browser/dist/bundle/index.es5.umd.min.js"></script>
+<script src="https://unpkg.com/@simplewebauthn/browser/dist/bundle/index.umd.min.js"></script>
 ```
 
-#### ES2018
+#### ES5
 
-If you only need to support modern browsers, include the `ES2018` version:
+If you need to support WebAuthn feature detection in deprecated browsers like IE11 and Edge Legacy,
+include the `ES5` version:
 
 ```html
-<script src="https://unpkg.com/@simplewebauthn/browser"></script>
+<script src="https://unpkg.com/@simplewebauthn/browser/dist/bundle/index.es5.umd.min.js"></script>
 ```
 
-## Usage
+## Documentation
 
 You can find in-depth documentation on this package here:
 https://simplewebauthn.dev/docs/packages/browser

package/dist/bundle/index.es5.umd.min.js

@@ -1,2 +1,2 @@
-/* [@simplewebauthn/browser@11.0.0] */
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";var t=function(e,r){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},t(e,r)};var r=function(){return r=Object.assign||function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)};function n(e,t,r,n){return new(r||(r=Promise))((function(o,i){function a(e){try{u(n.next(e))}catch(e){i(e)}}function s(e){try{u(n.throw(e))}catch(e){i(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(a,s)}u((n=n.apply(e,t||[])).next())}))}function o(e,t){var r,n,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function s(s){return function(u){return function(s){if(r)throw new TypeError("Generator is already executing.");for(;i&&(i=0,s[0]&&(a=0)),a;)try{if(r=1,n&&(o=2&s[0]?n.return:s[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,s[1])).done)return o;switch(n=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return a.label++,{value:s[1],done:!1};case 5:a.label++,n=s[1],s=[0];continue;case 7:s=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){a=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){a.label=s[1];break}if(6===s[0]&&a.label<o[1]){a.label=o[1],o=s;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(s);break}o[2]&&a.ops.pop(),a.trys.pop();continue}s=t.call(e,a)}catch(e){s=[6,e],n=0}finally{r=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,u])}}}function i(e){var t,r,n=new Uint8Array(e),o="";try{for(var i=function(e){var t="function"==typeof Symbol&&Symbol.iterator,r=t&&e[t],n=0;if(r)return r.call(e);if(e&&"number"==typeof e.length)return{next:function(){return e&&n>=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}(n),a=i.next();!a.done;a=i.next()){var s=a.value;o+=String.fromCharCode(s)}}catch(e){t={error:e}}finally{try{a&&!a.done&&(r=i.return)&&r.call(i)}finally{if(t)throw t.error}}return btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function a(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i),s=0;s<o.length;s++)a[s]=o.charCodeAt(s);return i}function s(){return void 0!==(null===window||void 0===window?void 0:window.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential}function u(e){var t=e.id;return r(r({},e),{id:a(t),transports:e.transports})}function c(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}"function"==typeof SuppressedError&&SuppressedError;var l=function(e){function r(t){var r=t.message,n=t.code,o=t.cause,i=t.name,a=e.call(this,r,{cause:o})||this;return a.name=null!=i?i:o.name,a.code=n,a}return function(e,r){if("function"!=typeof r&&null!==r)throw new TypeError("Class extends value "+String(r)+" is not a constructor or null");function n(){this.constructor=e}t(e,r),e.prototype=null===r?Object.create(r):(n.prototype=r.prototype,new n)}(r,e),r}(Error);var d=new(function(){function e(){}return e.prototype.createNewAbortSignal=function(){if(this.controller){var e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}var t=new AbortController;return this.controller=t,t.signal},e.prototype.cancelCeremony=function(){if(this.controller){var e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}},e}()),f=["cross-platform","platform"];function p(e){if(e&&!(f.indexOf(e)<0))return e}function h(e,t){console.warn("The browser extension that intercepted this WebAuthn API call incorrectly implemented ".concat(e,". You should report this error to them.\n"),t)}function w(){if(!s())return new Promise((function(e){return e(!1)}));var e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((function(e){return e(!1)})):e.isConditionalMediationAvailable()}e.WebAuthnAbortService=d,e.WebAuthnError=l,e.base64URLStringToBuffer=a,e.browserSupportsWebAuthn=s,e.browserSupportsWebAuthnAutofill=w,e.bufferToBase64URLString=i,e.platformAuthenticatorIsAvailable=function(){return s()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((function(e){return e(!1)}))},e.startAuthentication=function(e){var t,f;return n(this,void 0,void 0,(function(){var n,h,b,R,y,E,g,A,m,v,_,O,S,I;return o(this,(function(o){switch(o.label){case 0:if(n=e.optionsJSON,h=e.useBrowserAutofill,b=void 0!==h&&h,R=e.verifyBrowserAutofillInput,y=void 0===R||R,!s())throw new Error("WebAuthn is not supported in this browser");return 0!==(null===(t=n.allowCredentials)||void 0===t?void 0:t.length)&&(E=null===(f=n.allowCredentials)||void 0===f?void 0:f.map(u)),g=r(r({},n),{challenge:a(n.challenge),allowCredentials:E}),A={},b?[4,w()]:[3,2];case 1:if(!o.sent())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&y)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');A.mediation="conditional",g.allowCredentials=[],o.label=2;case 2:A.publicKey=g,A.signal=d.createNewAbortSignal(),o.label=3;case 3:return o.trys.push([3,5,,6]),[4,navigator.credentials.get(A)];case 4:return m=o.sent(),[3,6];case 5:throw function(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new l({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new l({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){var o=window.location.hostname;if(!c(o))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==o)return new l({message:'The RP ID "'.concat(n.rpId,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:o.sent(),options:A});case 6:if(!m)throw new Error("Authentication was not completed");return v=m.id,_=m.rawId,O=m.response,S=m.type,I=void 0,O.userHandle&&(I=i(O.userHandle)),[2,{id:v,rawId:i(_),response:{authenticatorData:i(O.authenticatorData),clientDataJSON:i(O.clientDataJSON),signature:i(O.signature),userHandle:I},type:S,clientExtensionResults:m.getClientExtensionResults(),authenticatorAttachment:p(m.authenticatorAttachment)}]}}))}))},e.startRegistration=function(e){var t;return n(this,void 0,void 0,(function(){var n,f,w,b,R,y,E,g,A,m,v,_,O,S,I;return o(this,(function(o){switch(o.label){case 0:if(n=e.optionsJSON,f=e.useAutoRegister,w=void 0!==f&&f,!s())throw new Error("WebAuthn is not supported in this browser");b=r(r({},n),{challenge:a(n.challenge),user:r(r({},n.user),{id:a(n.user.id)}),excludeCredentials:null===(t=n.excludeCredentials)||void 0===t?void 0:t.map(u)}),R={},w&&(R.mediation="conditional"),R.publicKey=b,R.signal=d.createNewAbortSignal(),o.label=1;case 1:return o.trys.push([1,3,,4]),[4,navigator.credentials.create(R)];case 2:return y=o.sent(),[3,4];case 3:throw function(e){var t,r,n,o=e.error,i=e.options,a=i.publicKey;if(!a)throw Error("options was missing required publicKey property");if("AbortError"===o.name){if(i.signal instanceof AbortSignal)return new l({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:o})}else if("ConstraintError"===o.name){if(!0===(null===(t=a.authenticatorSelection)||void 0===t?void 0:t.requireResidentKey))return new l({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:o});if("conditional"===i.mediation&&"required"===(null===(r=a.authenticatorSelection)||void 0===r?void 0:r.userVerification))return new l({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:o});if("required"===(null===(n=a.authenticatorSelection)||void 0===n?void 0:n.userVerification))return new l({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:o})}else{if("InvalidStateError"===o.name)return new l({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:o});if("NotAllowedError"===o.name)return new l({message:o.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:o});if("NotSupportedError"===o.name)return 0===a.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new l({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:o}):new l({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:o});if("SecurityError"===o.name){var s=window.location.hostname;if(!c(s))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:o});if(a.rp.id!==s)return new l({message:'The RP ID "'.concat(a.rp.id,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:o})}else if("TypeError"===o.name){if(a.user.id.byteLength<1||a.user.id.byteLength>64)return new l({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:o})}else if("UnknownError"===o.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:o})}return o}({error:o.sent(),options:R});case 4:if(!y)throw new Error("Registration was not completed");if(E=y.id,g=y.rawId,A=y.response,m=y.type,v=void 0,"function"==typeof A.getTransports&&(v=A.getTransports()),_=void 0,"function"==typeof A.getPublicKeyAlgorithm)try{_=A.getPublicKeyAlgorithm()}catch(e){h("getPublicKeyAlgorithm()",e)}if(O=void 0,"function"==typeof A.getPublicKey)try{null!==(S=A.getPublicKey())&&(O=i(S))}catch(e){h("getPublicKey()",e)}if("function"==typeof A.getAuthenticatorData)try{I=i(A.getAuthenticatorData())}catch(e){h("getAuthenticatorData()",e)}return[2,{id:E,rawId:i(g),response:{attestationObject:i(A.attestationObject),clientDataJSON:i(A.clientDataJSON),transports:v,publicKeyAlgorithm:_,publicKey:O,authenticatorData:I},type:m,clientExtensionResults:y.getClientExtensionResults(),authenticatorAttachment:p(y.authenticatorAttachment)}]}}))}))},Object.defineProperty(e,"__esModule",{value:!0})}));
+/* [@simplewebauthn/browser@12.0.0] */
+function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}!function(e,t){if("function"==typeof define&&define.amd)define("SimpleWebAuthnBrowser",["exports"],t);else if("undefined"!=typeof exports)t(exports);else{var r={exports:{}};t(r.exports),e.SimpleWebAuthnBrowser=r.exports}}("undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:this,(function(t){function r(){r=function(){return n};var t,n={},o=Object.prototype,i=o.hasOwnProperty,a=Object.defineProperty||function(e,t,r){e[t]=r.value},u="function"==typeof Symbol?Symbol:{},c=u.iterator||"@@iterator",s=u.asyncIterator||"@@asyncIterator",l=u.toStringTag||"@@toStringTag";function f(e,t,r){return Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}),e[t]}try{f({},"")}catch(t){f=function(e,t,r){return e[t]=r}}function p(e,t,r,n){var o=t&&t.prototype instanceof g?t:g,i=Object.create(o.prototype),u=new j(n||[]);return a(i,"_invoke",{value:T(e,r,u)}),i}function h(e,t,r){try{return{type:"normal",arg:e.call(t,r)}}catch(e){return{type:"throw",arg:e}}}n.wrap=p;var d="suspendedStart",y="suspendedYield",b="executing",v="completed",w={};function g(){}function m(){}function E(){}var R={};f(R,c,(function(){return this}));var A=Object.getPrototypeOf,O=A&&A(A(L([])));O&&O!==o&&i.call(O,c)&&(R=O);var _=E.prototype=g.prototype=Object.create(R);function S(e){["next","throw","return"].forEach((function(t){f(e,t,(function(e){return this._invoke(t,e)}))}))}function P(t,r){function n(o,a,u,c){var s=h(t[o],t,a);if("throw"!==s.type){var l=s.arg,f=l.value;return f&&"object"==e(f)&&i.call(f,"__await")?r.resolve(f.__await).then((function(e){n("next",e,u,c)}),(function(e){n("throw",e,u,c)})):r.resolve(f).then((function(e){l.value=e,u(l)}),(function(e){return n("throw",e,u,c)}))}c(s.arg)}var o;a(this,"_invoke",{value:function(e,t){function i(){return new r((function(r,o){n(e,t,r,o)}))}return o=o?o.then(i,i):i()}})}function T(e,r,n){var o=d;return function(i,a){if(o===b)throw Error("Generator is already running");if(o===v){if("throw"===i)throw a;return{value:t,done:!0}}for(n.method=i,n.arg=a;;){var u=n.delegate;if(u){var c=x(u,n);if(c){if(c===w)continue;return c}}if("next"===n.method)n.sent=n._sent=n.arg;else if("throw"===n.method){if(o===d)throw o=v,n.arg;n.dispatchException(n.arg)}else"return"===n.method&&n.abrupt("return",n.arg);o=b;var s=h(e,r,n);if("normal"===s.type){if(o=n.done?v:y,s.arg===w)continue;return{value:s.arg,done:n.done}}"throw"===s.type&&(o=v,n.method="throw",n.arg=s.arg)}}}function x(e,r){var n=r.method,o=e.iterator[n];if(o===t)return r.delegate=null,"throw"===n&&e.iterator.return&&(r.method="return",r.arg=t,x(e,r),"throw"===r.method)||"return"!==n&&(r.method="throw",r.arg=new TypeError("The iterator does not provide a '"+n+"' method")),w;var i=h(o,e.iterator,r.arg);if("throw"===i.type)return r.method="throw",r.arg=i.arg,r.delegate=null,w;var a=i.arg;return a?a.done?(r[e.resultName]=a.value,r.next=e.nextLoc,"return"!==r.method&&(r.method="next",r.arg=t),r.delegate=null,w):a:(r.method="throw",r.arg=new TypeError("iterator result is not an object"),r.delegate=null,w)}function I(e){var t={tryLoc:e[0]};1 in e&&(t.catchLoc=e[1]),2 in e&&(t.finallyLoc=e[2],t.afterLoc=e[3]),this.tryEntries.push(t)}function N(e){var t=e.completion||{};t.type="normal",delete t.arg,e.completion=t}function j(e){this.tryEntries=[{tryLoc:"root"}],e.forEach(I,this),this.reset(!0)}function L(r){if(r||""===r){var n=r[c];if(n)return n.call(r);if("function"==typeof r.next)return r;if(!isNaN(r.length)){var o=-1,a=function e(){for(;++o<r.length;)if(i.call(r,o))return e.value=r[o],e.done=!1,e;return e.value=t,e.done=!0,e};return a.next=a}}throw new TypeError(e(r)+" is not iterable")}return m.prototype=E,a(_,"constructor",{value:E,configurable:!0}),a(E,"constructor",{value:m,configurable:!0}),m.displayName=f(E,l,"GeneratorFunction"),n.isGeneratorFunction=function(e){var t="function"==typeof e&&e.constructor;return!!t&&(t===m||"GeneratorFunction"===(t.displayName||t.name))},n.mark=function(e){return Object.setPrototypeOf?Object.setPrototypeOf(e,E):(e.__proto__=E,f(e,l,"GeneratorFunction")),e.prototype=Object.create(_),e},n.awrap=function(e){return{__await:e}},S(P.prototype),f(P.prototype,s,(function(){return this})),n.AsyncIterator=P,n.async=function(e,t,r,o,i){void 0===i&&(i=Promise);var a=new P(p(e,t,r,o),i);return n.isGeneratorFunction(t)?a:a.next().then((function(e){return e.done?e.value:a.next()}))},S(_),f(_,l,"Generator"),f(_,c,(function(){return this})),f(_,"toString",(function(){return"[object Generator]"})),n.keys=function(e){var t=Object(e),r=[];for(var n in t)r.push(n);return r.reverse(),function e(){for(;r.length;){var n=r.pop();if(n in t)return e.value=n,e.done=!1,e}return e.done=!0,e}},n.values=L,j.prototype={constructor:j,reset:function(e){if(this.prev=0,this.next=0,this.sent=this._sent=t,this.done=!1,this.delegate=null,this.method="next",this.arg=t,this.tryEntries.forEach(N),!e)for(var r in this)"t"===r.charAt(0)&&i.call(this,r)&&!isNaN(+r.slice(1))&&(this[r]=t)},stop:function(){this.done=!0;var e=this.tryEntries[0].completion;if("throw"===e.type)throw e.arg;return this.rval},dispatchException:function(e){if(this.done)throw e;var r=this;function n(n,o){return u.type="throw",u.arg=e,r.next=n,o&&(r.method="next",r.arg=t),!!o}for(var o=this.tryEntries.length-1;o>=0;--o){var a=this.tryEntries[o],u=a.completion;if("root"===a.tryLoc)return n("end");if(a.tryLoc<=this.prev){var c=i.call(a,"catchLoc"),s=i.call(a,"finallyLoc");if(c&&s){if(this.prev<a.catchLoc)return n(a.catchLoc,!0);if(this.prev<a.finallyLoc)return n(a.finallyLoc)}else if(c){if(this.prev<a.catchLoc)return n(a.catchLoc,!0)}else{if(!s)throw Error("try statement without catch or finally");if(this.prev<a.finallyLoc)return n(a.finallyLoc)}}}},abrupt:function(e,t){for(var r=this.tryEntries.length-1;r>=0;--r){var n=this.tryEntries[r];if(n.tryLoc<=this.prev&&i.call(n,"finallyLoc")&&this.prev<n.finallyLoc){var o=n;break}}o&&("break"===e||"continue"===e)&&o.tryLoc<=t&&t<=o.finallyLoc&&(o=null);var a=o?o.completion:{};return a.type=e,a.arg=t,o?(this.method="next",this.next=o.finallyLoc,w):this.complete(a)},complete:function(e,t){if("throw"===e.type)throw e.arg;return"break"===e.type||"continue"===e.type?this.next=e.arg:"return"===e.type?(this.rval=this.arg=e.arg,this.method="return",this.next="end"):"normal"===e.type&&t&&(this.next=t),w},finish:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.finallyLoc===e)return this.complete(r.completion,r.afterLoc),N(r),w}},catch:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.tryLoc===e){var n=r.completion;if("throw"===n.type){var o=n.arg;N(r)}return o}}throw Error("illegal catch attempt")},delegateYield:function(e,r,n){return this.delegate={iterator:L(e),resultName:r,nextLoc:n},"next"===this.method&&(this.arg=t),w}},n}function n(e,t,r,n,o,i,a){try{var u=e[i](a),c=u.value}catch(e){return void r(e)}u.done?t(c):Promise.resolve(c).then(n,o)}function o(e){return function(){var t=this,r=arguments;return new Promise((function(o,i){var a=e.apply(t,r);function u(e){n(a,o,i,u,c,"next",e)}function c(e){n(a,o,i,u,c,"throw",e)}u(void 0)}))}}function i(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,b(n.key),n)}}function a(e,t,r){return t&&i(e.prototype,t),r&&i(e,r),Object.defineProperty(e,"prototype",{writable:!1}),e}function u(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function c(t,r,n){return r=p(r),function(t,r){if(r&&("object"==e(r)||"function"==typeof r))return r;if(void 0!==r)throw new TypeError("Derived constructors may only return object or undefined");return function(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(t)}(t,l()?Reflect.construct(r,n||[],p(t).constructor):r.apply(t,n))}function s(e){var t="function"==typeof Map?new Map:void 0;return s=function(e){if(null===e||!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return function(e,t,r){if(l())return Reflect.construct.apply(null,arguments);var n=[null];n.push.apply(n,t);var o=new(e.bind.apply(e,n));return r&&f(o,r.prototype),o}(e,arguments,p(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),f(r,e)},s(e)}function l(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){})))}catch(e){}return(l=function(){return!!e})()}function f(e,t){return f=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},f(e,t)}function p(e){return p=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},p(e)}function h(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function d(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?h(Object(r),!0).forEach((function(t){y(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):h(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function y(e,t,r){return(t=b(t))in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function b(t){var r=function(t,r){if("object"!=e(t)||!t)return t;var n=t[Symbol.toPrimitive];if(void 0!==n){var o=n.call(t,r||"default");if("object"!=e(o))return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===r?String:Number)(t)}(t,"string");return"symbol"==e(r)?r:r+""}function v(e,t){var r="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(!r){if(Array.isArray(e)||(r=function(e,t){if(e){if("string"==typeof e)return w(e,t);var r={}.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r?Array.from(e):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?w(e,t):void 0}}(e))||t&&e&&"number"==typeof e.length){r&&(e=r);var n=0,o=function(){};return{s:o,n:function(){return n>=e.length?{done:!0}:{done:!1,value:e[n++]}},e:function(e){throw e},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,u=!1;return{s:function(){r=r.call(e)},n:function(){var e=r.next();return a=e.done,e},e:function(e){u=!0,i=e},f:function(){try{a||null==r.return||r.return()}finally{if(u)throw i}}}}function w(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}function g(e){var t,r="",n=v(new Uint8Array(e));try{for(n.s();!(t=n.n()).done;){var o=t.value;r+=String.fromCharCode(o)}}catch(e){n.e(e)}finally{n.f()}return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function m(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i),u=0;u<o.length;u++)a[u]=o.charCodeAt(u);return i}function E(){var e;return R.stubThis(void 0!==(null===(e=window)||void 0===e?void 0:e.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential)}Object.defineProperty(t,"__esModule",{value:!0}),t.WebAuthnError=t.WebAuthnAbortService=void 0,t.base64URLStringToBuffer=m,t.browserSupportsWebAuthn=E,t.browserSupportsWebAuthnAutofill=L,t.bufferToBase64URLString=g,t.platformAuthenticatorIsAvailable=function(){if(!E())return new Promise((function(e){return e(!1)}));return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()},t.startAuthentication=function(e){return U.apply(this,arguments)},t.startRegistration=function(e){return N.apply(this,arguments)};var R={stubThis:function(e){return e}};function A(e){var t=e.id;return d(d({},e),{},{id:m(t),transports:e.transports})}function O(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}var _=t.WebAuthnError=function(e){function t(e){var r,n=e.message,o=e.code,i=e.cause,a=e.name;return u(this,t),r=c(this,t,[n,{cause:i}]),Object.defineProperty(r,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),r.name=null!=a?a:i.name,r.code=o,r}return function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),Object.defineProperty(e,"prototype",{writable:!1}),t&&f(e,t)}(t,e),a(t)}(s(Error));function S(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new _({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){var o,i,a;if(!0===(null===(o=n.authenticatorSelection)||void 0===o?void 0:o.requireResidentKey))return new _({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("conditional"===r.mediation&&"required"===(null===(i=n.authenticatorSelection)||void 0===i?void 0:i.userVerification))return new _({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:t});if("required"===(null===(a=n.authenticatorSelection)||void 0===a?void 0:a.userVerification))return new _({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new _({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new _({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new _({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new _({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){var u=window.location.hostname;if(!O(u))return new _({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==u)return new _({message:'The RP ID "'.concat(n.rp.id,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new _({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new _({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}var P=function(){return a((function e(){u(this,e),Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}),[{key:"createNewAbortSignal",value:function(){if(this.controller){var e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}var t=new AbortController;return this.controller=t,t.signal}},{key:"cancelCeremony",value:function(){if(this.controller){var e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}}])}(),T=t.WebAuthnAbortService=new P,x=["cross-platform","platform"];function I(e){if(e&&!(x.indexOf(e)<0))return e}function N(){return(N=o(r().mark((function e(t){var n,o,i,a,u,c,s,l,f,p,h,y,b,v,w,R,O;return r().wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if(o=t.optionsJSON,i=t.useAutoRegister,a=void 0!==i&&i,E()){e.next=3;break}throw new Error("WebAuthn is not supported in this browser");case 3:return u=d(d({},o),{},{challenge:m(o.challenge),user:d(d({},o.user),{},{id:m(o.user.id)}),excludeCredentials:null===(n=o.excludeCredentials)||void 0===n?void 0:n.map(A)}),c={},a&&(c.mediation="conditional"),c.publicKey=u,c.signal=T.createNewAbortSignal(),e.prev=8,e.next=11,navigator.credentials.create(c);case 11:s=e.sent,e.next=17;break;case 14:throw e.prev=14,e.t0=e.catch(8),S({error:e.t0,options:c});case 17:if(s){e.next=19;break}throw new Error("Registration was not completed");case 19:if(f=(l=s).id,p=l.rawId,h=l.response,y=l.type,b=void 0,"function"==typeof h.getTransports&&(b=h.getTransports()),v=void 0,"function"==typeof h.getPublicKeyAlgorithm)try{v=h.getPublicKeyAlgorithm()}catch(e){j("getPublicKeyAlgorithm()",e)}if(w=void 0,"function"==typeof h.getPublicKey)try{null!==(R=h.getPublicKey())&&(w=g(R))}catch(e){j("getPublicKey()",e)}if("function"==typeof h.getAuthenticatorData)try{O=g(h.getAuthenticatorData())}catch(e){j("getAuthenticatorData()",e)}return e.abrupt("return",{id:f,rawId:g(p),response:{attestationObject:g(h.attestationObject),clientDataJSON:g(h.clientDataJSON),transports:b,publicKeyAlgorithm:v,publicKey:w,authenticatorData:O},type:y,clientExtensionResults:s.getClientExtensionResults(),authenticatorAttachment:I(s.authenticatorAttachment)});case 28:case"end":return e.stop()}}),e,null,[[8,14]])})))).apply(this,arguments)}function j(e,t){console.warn("The browser extension that intercepted this WebAuthn API call incorrectly implemented ".concat(e,". You should report this error to them.\n"),t)}function L(){if(!E())return C.stubThis(new Promise((function(e){return e(!1)})));var e=window.PublicKeyCredential;return void 0===(null==e?void 0:e.isConditionalMediationAvailable)?C.stubThis(new Promise((function(e){return e(!1)}))):C.stubThis(e.isConditionalMediationAvailable())}var C={stubThis:function(e){return e}};function D(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new _({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new _({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){var o=window.location.hostname;if(!O(o))return new _({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==o)return new _({message:'The RP ID "'.concat(n.rpId,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new _({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}function U(){return(U=o(r().mark((function e(t){var n,o,i,a,u,c,s,l,f,p,h,y,b,v,w,R,O;return r().wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if(o=t.optionsJSON,i=t.useBrowserAutofill,a=void 0!==i&&i,u=t.verifyBrowserAutofillInput,c=void 0===u||u,E()){e.next=3;break}throw new Error("WebAuthn is not supported in this browser");case 3:if(0!==(null===(n=o.allowCredentials)||void 0===n?void 0:n.length)&&(s=null===(l=o.allowCredentials)||void 0===l?void 0:l.map(A)),f=d(d({},o),{},{challenge:m(o.challenge),allowCredentials:s}),p={},!a){e.next=16;break}return e.next=9,L();case 9:if(e.sent){e.next=11;break}throw Error("Browser does not support WebAuthn autofill");case 11:if(!(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&c)){e.next=14;break}throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');case 14:p.mediation="conditional",f.allowCredentials=[];case 16:return p.publicKey=f,p.signal=T.createNewAbortSignal(),e.prev=18,e.next=21,navigator.credentials.get(p);case 21:h=e.sent,e.next=27;break;case 24:throw e.prev=24,e.t0=e.catch(18),D({error:e.t0,options:p});case 27:if(h){e.next=29;break}throw new Error("Authentication was not completed");case 29:return b=(y=h).id,v=y.rawId,w=y.response,R=y.type,O=void 0,w.userHandle&&(O=g(w.userHandle)),e.abrupt("return",{id:b,rawId:g(v),response:{authenticatorData:g(w.authenticatorData),clientDataJSON:g(w.clientDataJSON),signature:g(w.signature),userHandle:O},type:R,clientExtensionResults:h.getClientExtensionResults(),authenticatorAttachment:I(h.authenticatorAttachment)});case 33:case"end":return e.stop()}}),e,null,[[18,24]])})))).apply(this,arguments)}}));

package/dist/bundle/index.umd.min.js

@@ -1,2 +1,2 @@
-/* [@simplewebauthn/browser@11.0.0] */
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let r="";for(const e of t)r+=String.fromCharCode(e);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function r(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i);for(let e=0;e<o.length;e++)a[e]=o.charCodeAt(e);return i}function n(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function o(e){const{id:t}=e;return{...e,id:r(t),transports:e.transports}}function i(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class a extends Error{constructor({message:e,code:t,cause:r,name:n}){super(e,{cause:r}),this.name=n??r.name,this.code=t}}const s=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},c=["cross-platform","platform"];function l(e){if(e&&!(c.indexOf(e)<0))return e}function u(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}function d(){if(!n())return new Promise((e=>e(!1)));const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}e.WebAuthnAbortService=s,e.WebAuthnError=a,e.base64URLStringToBuffer=r,e.browserSupportsWebAuthn=n,e.browserSupportsWebAuthnAutofill=d,e.bufferToBase64URLString=t,e.platformAuthenticatorIsAvailable=function(){return n()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((e=>e(!1)))},e.startAuthentication=async function(e){const{optionsJSON:c,useBrowserAutofill:u=!1,verifyBrowserAutofillInput:h=!0}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");let f;0!==c.allowCredentials?.length&&(f=c.allowCredentials?.map(o));const R={...c,challenge:r(c.challenge),allowCredentials:f},p={};if(u){if(!await d())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&h)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');p.mediation="conditional",R.allowCredentials=[]}let w;p.publicKey=R,p.signal=s.createNewAbortSignal();try{w=await navigator.credentials.get(p)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new a({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new a({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!i(t))return new a({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rpId!==t)return new a({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new a({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:p})}if(!w)throw new Error("Authentication was not completed");const{id:E,rawId:A,response:g,type:m}=w;let b;return g.userHandle&&(b=t(g.userHandle)),{id:E,rawId:t(A),response:{authenticatorData:t(g.authenticatorData),clientDataJSON:t(g.clientDataJSON),signature:t(g.signature),userHandle:b},type:m,clientExtensionResults:w.getClientExtensionResults(),authenticatorAttachment:l(w.authenticatorAttachment)}},e.startRegistration=async function(e){const{optionsJSON:c,useAutoRegister:d=!1}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");const h={...c,challenge:r(c.challenge),user:{...c.user,id:r(c.user.id)},excludeCredentials:c.excludeCredentials?.map(o)},f={};let R;d&&(f.mediation="conditional"),f.publicKey=h,f.signal=s.createNewAbortSignal();try{R=await navigator.credentials.create(f)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new a({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===r.authenticatorSelection?.requireResidentKey)return new a({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("conditional"===t.mediation&&"required"===r.authenticatorSelection?.userVerification)return new a({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:e});if("required"===r.authenticatorSelection?.userVerification)return new a({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new a({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new a({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===r.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new a({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new a({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!i(t))return new a({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rp.id!==t)return new a({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new a({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new a({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:f})}if(!R)throw new Error("Registration was not completed");const{id:p,rawId:w,response:E,type:A}=R;let g,m,b,y;if("function"==typeof E.getTransports&&(g=E.getTransports()),"function"==typeof E.getPublicKeyAlgorithm)try{m=E.getPublicKeyAlgorithm()}catch(e){u("getPublicKeyAlgorithm()",e)}if("function"==typeof E.getPublicKey)try{const e=E.getPublicKey();null!==e&&(b=t(e))}catch(e){u("getPublicKey()",e)}if("function"==typeof E.getAuthenticatorData)try{y=t(E.getAuthenticatorData())}catch(e){u("getAuthenticatorData()",e)}return{id:p,rawId:t(w),response:{attestationObject:t(E.attestationObject),clientDataJSON:t(E.clientDataJSON),transports:g,publicKeyAlgorithm:m,publicKey:b,authenticatorData:y},type:A,clientExtensionResults:R.getClientExtensionResults(),authenticatorAttachment:l(R.authenticatorAttachment)}},Object.defineProperty(e,"__esModule",{value:!0})}));
+/* [@simplewebauthn/browser@12.0.0] */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let r="";for(const e of t)r+=String.fromCharCode(e);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function r(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i);for(let e=0;e<o.length;e++)a[e]=o.charCodeAt(e);return i}function n(){return o.stubThis(void 0!==globalThis?.PublicKeyCredential&&"function"==typeof globalThis.PublicKeyCredential)}const o={stubThis:e=>e};function i(e){const{id:t}=e;return{...e,id:r(t),transports:e.transports}}function a(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class s extends Error{constructor({message:e,code:t,cause:r,name:n}){super(e,{cause:r}),Object.defineProperty(this,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.name=n??r.name,this.code=t}}const c=new class{constructor(){Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},l=["cross-platform","platform"];function u(e){if(e&&!(l.indexOf(e)<0))return e}function d(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}function h(){if(!n())return f.stubThis(new Promise((e=>e(!1))));const e=globalThis.PublicKeyCredential;return void 0===e?.isConditionalMediationAvailable?f.stubThis(new Promise((e=>e(!1)))):f.stubThis(e.isConditionalMediationAvailable())}const f={stubThis:e=>e};e.WebAuthnAbortService=c,e.WebAuthnError=s,e.base64URLStringToBuffer=r,e.browserSupportsWebAuthn=n,e.browserSupportsWebAuthnAutofill=h,e.bufferToBase64URLString=t,e.platformAuthenticatorIsAvailable=function(){return n()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((e=>e(!1)))},e.startAuthentication=async function(e){const{optionsJSON:o,useBrowserAutofill:l=!1,verifyBrowserAutofillInput:d=!0}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");let f;0!==o.allowCredentials?.length&&(f=o.allowCredentials?.map(i));const R={...o,challenge:r(o.challenge),allowCredentials:f},p={};if(l){if(!await h())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&d)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');p.mediation="conditional",R.allowCredentials=[]}let b;p.publicKey=R,p.signal=c.createNewAbortSignal();try{b=await navigator.credentials.get(p)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new s({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new s({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!a(t))return new s({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rpId!==t)return new s({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new s({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:p})}if(!b)throw new Error("Authentication was not completed");const{id:g,rawId:E,response:A,type:w}=b;let m;return A.userHandle&&(m=t(A.userHandle)),{id:g,rawId:t(E),response:{authenticatorData:t(A.authenticatorData),clientDataJSON:t(A.clientDataJSON),signature:t(A.signature),userHandle:m},type:w,clientExtensionResults:b.getClientExtensionResults(),authenticatorAttachment:u(b.authenticatorAttachment)}},e.startRegistration=async function(e){const{optionsJSON:o,useAutoRegister:l=!1}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");const h={...o,challenge:r(o.challenge),user:{...o.user,id:r(o.user.id)},excludeCredentials:o.excludeCredentials?.map(i)},f={};let R;l&&(f.mediation="conditional"),f.publicKey=h,f.signal=c.createNewAbortSignal();try{R=await navigator.credentials.create(f)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new s({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===r.authenticatorSelection?.requireResidentKey)return new s({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("conditional"===t.mediation&&"required"===r.authenticatorSelection?.userVerification)return new s({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:e});if("required"===r.authenticatorSelection?.userVerification)return new s({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new s({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new s({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===r.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new s({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new s({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!a(t))return new s({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rp.id!==t)return new s({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new s({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new s({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:f})}if(!R)throw new Error("Registration was not completed");const{id:p,rawId:b,response:g,type:E}=R;let A,w,m,y;if("function"==typeof g.getTransports&&(A=g.getTransports()),"function"==typeof g.getPublicKeyAlgorithm)try{w=g.getPublicKeyAlgorithm()}catch(e){d("getPublicKeyAlgorithm()",e)}if("function"==typeof g.getPublicKey)try{const e=g.getPublicKey();null!==e&&(m=t(e))}catch(e){d("getPublicKey()",e)}if("function"==typeof g.getAuthenticatorData)try{y=t(g.getAuthenticatorData())}catch(e){d("getAuthenticatorData()",e)}return{id:p,rawId:t(b),response:{attestationObject:t(g.attestationObject),clientDataJSON:t(g.clientDataJSON),transports:A,publicKeyAlgorithm:w,publicKey:m,authenticatorData:y},type:E,clientExtensionResults:R.getClientExtensionResults(),authenticatorAttachment:u(R.authenticatorAttachment)}}}));

package/esm/helpers/base64URLStringToBuffer.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;
+//# sourceMappingURL=base64URLStringToBuffer.d.ts.map

package/esm/helpers/base64URLStringToBuffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64URLStringToBuffer.d.ts","sourceRoot":"","sources":["../../src/helpers/base64URLStringToBuffer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,eAAe,EAAE,MAAM,GAAG,WAAW,CAyB5E"}

package/esm/helpers/base64URLStringToBuffer.js

@@ -0,0 +1,29 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export function base64URLStringToBuffer(base64URLString) {
+    // Convert from Base64URL to Base64
+    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
+    /**
+     * Pad with '=' until it's a multiple of four
+     * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding
+     * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding
+     * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding
+     * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding
+     */
+    const padLength = (4 - (base64.length % 4)) % 4;
+    const padded = base64.padEnd(base64.length + padLength, '=');
+    // Convert to a binary string
+    const binary = atob(padded);
+    // Convert binary string to buffer
+    const buffer = new ArrayBuffer(binary.length);
+    const bytes = new Uint8Array(buffer);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return buffer;
+}

package/esm/helpers/browserSupportsWebAuthn.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export declare function browserSupportsWebAuthn(): boolean;
+export declare const _browserSupportsWebAuthnInternals: {
+    stubThis: (value: boolean) => boolean;
+};
+//# sourceMappingURL=browserSupportsWebAuthn.d.ts.map

package/esm/helpers/browserSupportsWebAuthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthn.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthn.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAKjD;AAGD,eAAO,MAAM,iCAAiC;sBAC1B,OAAO;CAC1B,CAAC"}

package/esm/helpers/browserSupportsWebAuthn.js

@@ -0,0 +1,11 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export function browserSupportsWebAuthn() {
+    return _browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== undefined &&
+        typeof globalThis.PublicKeyCredential === 'function');
+}
+// Make it possible to stub the return value during testing
+export const _browserSupportsWebAuthnInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/browserSupportsWebAuthnAutofill.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+export declare function browserSupportsWebAuthnAutofill(): Promise<boolean>;
+export declare const _browserSupportsWebAuthnAutofillInternals: {
+    stubThis: (value: Promise<boolean>) => Promise<boolean>;
+};
+//# sourceMappingURL=browserSupportsWebAuthnAutofill.d.ts.map

package/esm/helpers/browserSupportsWebAuthnAutofill.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthnAutofill.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthnAutofill.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAgB,+BAA+B,IAAI,OAAO,CAAC,OAAO,CAAC,CAyBlE;AAGD,eAAO,MAAM,yCAAyC;sBAClC,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/esm/helpers/browserSupportsWebAuthnAutofill.js

@@ -0,0 +1,26 @@
+import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';
+/**
+ * Determine if the browser supports conditional UI, so that WebAuthn credentials can
+ * be shown to the user in the browser's typical password autofill popup.
+ */
+export function browserSupportsWebAuthnAutofill() {
+    if (!browserSupportsWebAuthn()) {
+        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    /**
+     * I don't like the `as unknown` here but there's a `declare var PublicKeyCredential` in
+     * TS' DOM lib that's making it difficult for me to just go `as PublicKeyCredentialFuture` as I
+     * want. I think I'm fine with this for now since it's _supposed_ to be temporary, until TS types
+     * have a chance to catch up.
+     */
+    const globalPublicKeyCredential = globalThis
+        .PublicKeyCredential;
+    if (globalPublicKeyCredential?.isConditionalMediationAvailable === undefined) {
+        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+    }
+    return _browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());
+}
+// Make it possible to stub the return value during testing
+export const _browserSupportsWebAuthnAutofillInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/bufferToBase64URLString.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+export declare function bufferToBase64URLString(buffer: ArrayBuffer): string;
+//# sourceMappingURL=bufferToBase64URLString.d.ts.map

package/esm/helpers/bufferToBase64URLString.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bufferToBase64URLString.d.ts","sourceRoot":"","sources":["../../src/helpers/bufferToBase64URLString.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAWnE"}

package/esm/helpers/bufferToBase64URLString.js

@@ -0,0 +1,15 @@
+/**
+ * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * Helper method to compliment `base64URLStringToBuffer`
+ */
+export function bufferToBase64URLString(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let str = '';
+    for (const charCode of bytes) {
+        str += String.fromCharCode(charCode);
+    }
+    const base64String = btoa(str);
+    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}

package/esm/helpers/identifyAuthenticationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+export declare function identifyAuthenticationError({ error, options, }: {
+    error: Error;
+    options: CredentialRequestOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyAuthenticationError.d.ts.map

package/esm/helpers/identifyAuthenticationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyAuthenticationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyAuthenticationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,wBAAwB,CAAC;CACnC,GAAG,aAAa,GAAG,KAAK,CAuDxB"}

package/esm/helpers/identifyAuthenticationError.js

@@ -0,0 +1,61 @@
+import { isValidDomain } from './isValidDomain.js';
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
+ */
+export function identifyAuthenticationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new WebAuthnError({
+                message: 'Authentication ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5)
+            return new WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rpId !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6)
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12)
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/esm/helpers/identifyRegistrationError.d.ts

@@ -0,0 +1,9 @@
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+export declare function identifyRegistrationError({ error, options, }: {
+    error: Error;
+    options: CredentialCreationOptions;
+}): WebAuthnError | Error;
+//# sourceMappingURL=identifyRegistrationError.d.ts.map

package/esm/helpers/identifyRegistrationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyRegistrationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyRegistrationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,EACxC,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,yBAAyB,CAAC;CACpC,GAAG,aAAa,GAAG,KAAK,CA4HxB"}

package/esm/helpers/identifyRegistrationError.js

@@ -0,0 +1,126 @@
+import { isValidDomain } from './isValidDomain.js';
+import { WebAuthnError } from './webAuthnError.js';
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+export function identifyRegistrationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new WebAuthnError({
+                message: 'Registration ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'ConstraintError') {
+        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)
+            return new WebAuthnError({
+                message: 'Discoverable credentials were required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
+                cause: error,
+            });
+        }
+        else if (
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        options.mediation === 'conditional' &&
+            publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://w3c.github.io/webauthn/#sctn-createCredential (Step 22.4)
+            return new WebAuthnError({
+                message: 'User verification was required during automatic registration but it could not be performed',
+                code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',
+                cause: error,
+            });
+        }
+        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)
+            return new WebAuthnError({
+                message: 'User verification was required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'InvalidStateError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)
+        return new WebAuthnError({
+            message: 'The authenticator was previously registered',
+            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotSupportedError') {
+        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
+        if (validPubKeyCredParams.length === 0) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)
+            return new WebAuthnError({
+                message: 'No entry in pubKeyCredParams was of type "public-key"',
+                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
+                cause: error,
+            });
+        }
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)
+        return new WebAuthnError({
+            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
+            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!isValidDomain(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)
+            return new WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rp.id !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)
+            return new WebAuthnError({
+                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'TypeError') {
+        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)
+            return new WebAuthnError({
+                message: 'User ID was not between 1 and 64 characters',
+                code: 'ERROR_INVALID_USER_ID_LENGTH',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)
+        return new WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/esm/helpers/isValidDomain.d.ts

@@ -0,0 +1,10 @@
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+export declare function isValidDomain(hostname: string): boolean;
+//# sourceMappingURL=isValidDomain.d.ts.map

package/esm/helpers/isValidDomain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isValidDomain.d.ts","sourceRoot":"","sources":["../../src/helpers/isValidDomain.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMvD"}

package/esm/helpers/isValidDomain.js

@@ -0,0 +1,14 @@
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+export function isValidDomain(hostname) {
+    return (
+    // Consider localhost valid as well since it's okay wrt Secure Contexts
+    hostname === 'localhost' ||
+        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
+}