@simplewebauthn/browser 11.0.0 → 12.0.0

package/esm/helpers/platformAuthenticatorIsAvailable.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+export declare function platformAuthenticatorIsAvailable(): Promise<boolean>;
+//# sourceMappingURL=platformAuthenticatorIsAvailable.d.ts.map

package/esm/helpers/platformAuthenticatorIsAvailable.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platformAuthenticatorIsAvailable.d.ts","sourceRoot":"","sources":["../../src/helpers/platformAuthenticatorIsAvailable.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAMnE"}

package/esm/helpers/platformAuthenticatorIsAvailable.js

@@ -0,0 +1,13 @@
+import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+export function platformAuthenticatorIsAvailable() {
+    if (!browserSupportsWebAuthn()) {
+        return new Promise((resolve) => resolve(false));
+    }
+    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+}

package/{dist/types → esm}/helpers/toAuthenticatorAttachment.d.ts

@@ -1,2 +1,6 @@
 import { AuthenticatorAttachment } from '@simplewebauthn/types';
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
 export declare function toAuthenticatorAttachment(attachment: string | null): AuthenticatorAttachment | undefined;
+//# sourceMappingURL=toAuthenticatorAttachment.d.ts.map

package/esm/helpers/toAuthenticatorAttachment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toAuthenticatorAttachment.d.ts","sourceRoot":"","sources":["../../src/helpers/toAuthenticatorAttachment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAIhE;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,uBAAuB,GAAG,SAAS,CAUrC"}

package/esm/helpers/toAuthenticatorAttachment.js

@@ -0,0 +1,13 @@
+const attachments = ['cross-platform', 'platform'];
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
+export function toAuthenticatorAttachment(attachment) {
+    if (!attachment) {
+        return;
+    }
+    if (attachments.indexOf(attachment) < 0) {
+        return;
+    }
+    return attachment;
+}

package/esm/helpers/toPublicKeyCredentialDescriptor.d.ts

@@ -0,0 +1,3 @@
+import type { PublicKeyCredentialDescriptor, PublicKeyCredentialDescriptorJSON } from '@simplewebauthn/types';
+export declare function toPublicKeyCredentialDescriptor(descriptor: PublicKeyCredentialDescriptorJSON): PublicKeyCredentialDescriptor;
+//# sourceMappingURL=toPublicKeyCredentialDescriptor.d.ts.map

package/esm/helpers/toPublicKeyCredentialDescriptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toPublicKeyCredentialDescriptor.d.ts","sourceRoot":"","sources":["../../src/helpers/toPublicKeyCredentialDescriptor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,6BAA6B,EAC7B,iCAAiC,EAClC,MAAM,uBAAuB,CAAC;AAI/B,wBAAgB,+BAA+B,CAC7C,UAAU,EAAE,iCAAiC,GAC5C,6BAA6B,CAa/B"}

package/esm/helpers/toPublicKeyCredentialDescriptor.js

@@ -0,0 +1,14 @@
+import { base64URLStringToBuffer } from './base64URLStringToBuffer.js';
+export function toPublicKeyCredentialDescriptor(descriptor) {
+    const { id } = descriptor;
+    return {
+        ...descriptor,
+        id: base64URLStringToBuffer(id),
+        /**
+         * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
+         * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
+         * are fine to pass to WebAuthn since browsers will recognize the new value.
+         */
+        transports: descriptor.transports,
+    };
+}

package/esm/helpers/webAuthnAbortService.d.ts

@@ -0,0 +1,14 @@
+interface WebAuthnAbortService {
+    createNewAbortSignal(): AbortSignal;
+    cancelCeremony(): void;
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+export declare const WebAuthnAbortService: WebAuthnAbortService;
+export {};
+//# sourceMappingURL=webAuthnAbortService.d.ts.map

package/esm/helpers/webAuthnAbortService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnAbortService.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnAbortService.ts"],"names":[],"mappings":"AAAA,UAAU,oBAAoB;IAC5B,oBAAoB,IAAI,WAAW,CAAC;IACpC,cAAc,IAAI,IAAI,CAAC;CACxB;AA0CD;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE,oBAAqD,CAAC"}

package/esm/helpers/webAuthnAbortService.js

@@ -0,0 +1,45 @@
+class BaseWebAuthnAbortService {
+    constructor() {
+        Object.defineProperty(this, "controller", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+    }
+    /**
+     * Prepare an abort signal that will help support multiple auth attempts without needing to
+     * reload the page. This is automatically called whenever `startRegistration()` and
+     * `startAuthentication()` are called.
+     */
+    createNewAbortSignal() {
+        // Abort any existing calls to navigator.credentials.create() or navigator.credentials.get()
+        if (this.controller) {
+            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+        }
+        const newController = new AbortController();
+        this.controller = newController;
+        return newController.signal;
+    }
+    /**
+     * Manually cancel any active WebAuthn registration or authentication attempt.
+     */
+    cancelCeremony() {
+        if (this.controller) {
+            const abortError = new Error('Manually cancelling existing WebAuthn API call');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+            this.controller = undefined;
+        }
+    }
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+export const WebAuthnAbortService = new BaseWebAuthnAbortService();

package/{dist/types → esm}/helpers/webAuthnError.d.ts

@@ -1,3 +1,20 @@
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
 export declare class WebAuthnError extends Error {
     code: WebAuthnErrorCode;
     constructor({ message, code, cause, name, }: {
@@ -8,3 +25,4 @@ export declare class WebAuthnError extends Error {
     });
 }
 export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' | 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY';
+//# sourceMappingURL=webAuthnError.d.ts.map

package/esm/helpers/webAuthnError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnError.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnError.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,IAAI,EAAE,iBAAiB,CAAC;gBAEZ,EACV,OAAO,EACP,IAAI,EACJ,KAAK,EACL,IAAI,GACL,EAAE;QACD,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,iBAAiB,CAAC;QACxB,KAAK,EAAE,KAAK,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;CAMF;AAED,MAAM,MAAM,iBAAiB,GACzB,wBAAwB,GACxB,sBAAsB,GACtB,qBAAqB,GACrB,8BAA8B,GAC9B,kCAAkC,GAClC,mCAAmC,GACnC,6DAA6D,GAC7D,uDAAuD,GACvD,2CAA2C,GAC3C,uDAAuD,GACvD,+CAA+C,GAC/C,sCAAsC,CAAC"}

package/esm/helpers/webAuthnError.js

@@ -0,0 +1,31 @@
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
+export class WebAuthnError extends Error {
+    constructor({ message, code, cause, name, }) {
+        // @ts-ignore: help Rollup understand that `cause` is okay to set
+        super(message, { cause });
+        Object.defineProperty(this, "code", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.name = name ?? cause.name;
+        this.code = code;
+    }
+}

package/esm/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+import { startRegistration } from './methods/startRegistration.js';
+import { startAuthentication } from './methods/startAuthentication.js';
+import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn.js';
+import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable.js';
+import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill.js';
+import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer.js';
+import { bufferToBase64URLString } from './helpers/bufferToBase64URLString.js';
+import { WebAuthnAbortService } from './helpers/webAuthnAbortService.js';
+import { WebAuthnError } from './helpers/webAuthnError.js';
+export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
+export type { WebAuthnErrorCode } from './helpers/webAuthnError.js';
+//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,+CAA+C,CAAC;AACjG,OAAO,EAAE,+BAA+B,EAAE,MAAM,8CAA8C,CAAC;AAC/F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,+BAA+B,EAC/B,uBAAuB,EACvB,gCAAgC,EAChC,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,GACd,CAAC;AAEF,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC"}

package/{dist/types/index.d.ts → esm/index.js}

@@ -1,11 +1,14 @@
-import { startRegistration } from './methods/startRegistration';
-import { startAuthentication } from './methods/startAuthentication';
-import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn';
-import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable';
-import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill';
-import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer';
-import { bufferToBase64URLString } from './helpers/bufferToBase64URLString';
-import { WebAuthnAbortService } from './helpers/webAuthnAbortService';
-import { WebAuthnError } from './helpers/webAuthnError';
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+import { startRegistration } from './methods/startRegistration.js';
+import { startAuthentication } from './methods/startAuthentication.js';
+import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn.js';
+import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable.js';
+import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill.js';
+import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer.js';
+import { bufferToBase64URLString } from './helpers/bufferToBase64URLString.js';
+import { WebAuthnAbortService } from './helpers/webAuthnAbortService.js';
+import { WebAuthnError } from './helpers/webAuthnError.js';
 export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
-export type { WebAuthnErrorCode } from './helpers/webAuthnError';

package/esm/methods/startAuthentication.d.ts

@@ -0,0 +1,15 @@
+import { AuthenticationResponseJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types';
+export type StartAuthenticationOpts = {
+    optionsJSON: PublicKeyCredentialRequestOptionsJSON;
+    useBrowserAutofill?: boolean;
+    verifyBrowserAutofillInput?: boolean;
+};
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+export declare function startAuthentication(options: StartAuthenticationOpts): Promise<AuthenticationResponseJSON>;
+//# sourceMappingURL=startAuthentication.d.ts.map

package/esm/methods/startAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startAuthentication.d.ts","sourceRoot":"","sources":["../../src/methods/startAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,0BAA0B,EAC1B,qCAAqC,EACtC,MAAM,uBAAuB,CAAC;AAW/B,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,qCAAqC,CAAC;IACnD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,0BAA0B,CAAC,CAkGrC"}

package/esm/methods/startAuthentication.js

@@ -0,0 +1,89 @@
+import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';
+import { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';
+import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';
+import { browserSupportsWebAuthnAutofill } from '../helpers/browserSupportsWebAuthnAutofill.js';
+import { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';
+import { identifyAuthenticationError } from '../helpers/identifyAuthenticationError.js';
+import { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';
+import { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+export async function startAuthentication(options) {
+    const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to avoid passing empty array to avoid blocking retrieval
+    // of public key
+    let allowCredentials;
+    if (optionsJSON.allowCredentials?.length !== 0) {
+        allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: base64URLStringToBuffer(optionsJSON.challenge),
+        allowCredentials,
+    };
+    // Prepare options for `.get()`
+    const getOptions = {};
+    /**
+     * Set up the page to prompt the user to select a credential for authentication via the browser's
+     * input autofill mechanism.
+     */
+    if (useBrowserAutofill) {
+        if (!(await browserSupportsWebAuthnAutofill())) {
+            throw Error('Browser does not support WebAuthn autofill');
+        }
+        // Check for an <input> with "webauthn" in its `autocomplete` attribute
+        const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
+        // WebAuthn autofill requires at least one valid input
+        if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
+            throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
+        }
+        // `CredentialMediationRequirement` doesn't know about "conditional" yet as of
+        // typescript@4.6.3
+        getOptions.mediation = 'conditional';
+        // Conditional UI requires an empty allow list
+        publicKey.allowCredentials = [];
+    }
+    // Finalize options
+    getOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    getOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete assertion
+    let credential;
+    try {
+        credential = (await navigator.credentials.get(getOptions));
+    }
+    catch (err) {
+        throw identifyAuthenticationError({ error: err, options: getOptions });
+    }
+    if (!credential) {
+        throw new Error('Authentication was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    let userHandle = undefined;
+    if (response.userHandle) {
+        userHandle = bufferToBase64URLString(response.userHandle);
+    }
+    // Convert values to base64 to make it easier to send back to the server
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            authenticatorData: bufferToBase64URLString(response.authenticatorData),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            signature: bufferToBase64URLString(response.signature),
+            userHandle,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}

package/esm/methods/startRegistration.d.ts

@@ -0,0 +1,13 @@
+import { PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/types';
+export type StartRegistrationOpts = {
+    optionsJSON: PublicKeyCredentialCreationOptionsJSON;
+    useAutoRegister?: boolean;
+};
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+export declare function startRegistration(options: StartRegistrationOpts): Promise<RegistrationResponseJSON>;
+//# sourceMappingURL=startRegistration.d.ts.map

package/esm/methods/startRegistration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startRegistration.d.ts","sourceRoot":"","sources":["../../src/methods/startRegistration.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,sCAAsC,EAEtC,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAU/B,MAAM,MAAM,qBAAqB,GAAG;IAClC,WAAW,EAAE,sCAAsC,CAAC;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,wBAAwB,CAAC,CA6GnC"}

package/esm/methods/startRegistration.js

@@ -0,0 +1,115 @@
+import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';
+import { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';
+import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';
+import { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';
+import { identifyRegistrationError } from '../helpers/identifyRegistrationError.js';
+import { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';
+import { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+export async function startRegistration(options) {
+    const { optionsJSON, useAutoRegister = false } = options;
+    if (!browserSupportsWebAuthn()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: base64URLStringToBuffer(optionsJSON.challenge),
+        user: {
+            ...optionsJSON.user,
+            id: base64URLStringToBuffer(optionsJSON.user.id),
+        },
+        excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
+    };
+    // Prepare options for `.create()`
+    const createOptions = {};
+    /**
+     * Try to use conditional create to register a passkey for the user with the password manager
+     * the user just used to authenticate with. The user won't be shown any prominent UI by the
+     * browser.
+     */
+    if (useAutoRegister) {
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        createOptions.mediation = 'conditional';
+    }
+    // Finalize options
+    createOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    createOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete attestation
+    let credential;
+    try {
+        credential = (await navigator.credentials.create(createOptions));
+    }
+    catch (err) {
+        throw identifyRegistrationError({ error: err, options: createOptions });
+    }
+    if (!credential) {
+        throw new Error('Registration was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    // Continue to play it safe with `getTransports()` for now, even when L3 types say it's required
+    let transports = undefined;
+    if (typeof response.getTransports === 'function') {
+        transports = response.getTransports();
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responsePublicKeyAlgorithm = undefined;
+    if (typeof response.getPublicKeyAlgorithm === 'function') {
+        try {
+            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
+        }
+    }
+    let responsePublicKey = undefined;
+    if (typeof response.getPublicKey === 'function') {
+        try {
+            const _publicKey = response.getPublicKey();
+            if (_publicKey !== null) {
+                responsePublicKey = bufferToBase64URLString(_publicKey);
+            }
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKey()', error);
+        }
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responseAuthenticatorData;
+    if (typeof response.getAuthenticatorData === 'function') {
+        try {
+            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getAuthenticatorData()', error);
+        }
+    }
+    return {
+        id,
+        rawId: bufferToBase64URLString(rawId),
+        response: {
+            attestationObject: bufferToBase64URLString(response.attestationObject),
+            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+            transports,
+            publicKeyAlgorithm: responsePublicKeyAlgorithm,
+            publicKey: responsePublicKey,
+            authenticatorData: responseAuthenticatorData,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
+    };
+}
+/**
+ * Visibly warn when we detect an issue related to a passkey provider intercepting WebAuthn API
+ * calls
+ */
+function warnOnBrokenImplementation(methodName, cause) {
+    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
+}

package/esm/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

package/package.json

@@ -1,46 +1,42 @@
 {
   "name": "@simplewebauthn/browser",
-  "version": "11.0.0",
+  "version": "12.0.0",
   "description": "SimpleWebAuthn for Browsers",
-  "main": "dist/bundle/index.js",
-  "unpkg": "dist/bundle/index.umd.min.js",
-  "types": "dist/types/index.d.ts",
+  "keywords": [
+    "typescript",
+    "webauthn",
+    "passkeys",
+    "fido",
+    "umd"
+  ],
   "author": "Matthew Miller <matthew@millerti.me>",
-  "license": "MIT",
+  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser#readme",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/MasterKale/SimpleWebAuthn.git",
     "directory": "packages/browser"
   },
-  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser#readme",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/MasterKale/SimpleWebAuthn/issues"
+  },
+  "main": "./script/index.js",
+  "module": "./esm/index.js",
+  "exports": {
+    ".": {
+      "import": "./esm/index.js",
+      "require": "./script/index.js"
+    }
+  },
   "publishConfig": {
     "access": "public"
   },
-  "keywords": [
-    "typescript",
-    "webauthn",
-    "passkeys",
-    "fido",
-    "umd"
-  ],
+  "unpkg": "dist/bundle/index.umd.min.js",
   "dependencies": {
-    "@simplewebauthn/types": "^11.0.0"
+    "@simplewebauthn/types": "^12.0.0"
   },
   "devDependencies": {
-    "@rollup/plugin-node-resolve": "^13.0.0",
-    "@rollup/plugin-terser": "^0.4.3",
-    "@rollup/plugin-typescript": "^8.2.1",
-    "rollup": "^2.52.1",
-    "rollup-plugin-version-injector": "^1.3.3",
-    "tslib": "^2.6.2"
+    "@types/node": "^20.9.0"
   },
-  "type": "module",
-  "gitHead": "ba039fdd5fdff87f78d3bd246e9bea5f7aa39ccb",
-  "scripts": {
-    "build": "rimraf dist && rollup -c",
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:coverage": "npm test -- --coverage",
-    "prepublish": "npm run build"
-  }
+  "_generatedBy": "dnt@dev"
 }

package/script/helpers/base64URLStringToBuffer.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;
+//# sourceMappingURL=base64URLStringToBuffer.d.ts.map

package/script/helpers/base64URLStringToBuffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64URLStringToBuffer.d.ts","sourceRoot":"","sources":["../../src/helpers/base64URLStringToBuffer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,eAAe,EAAE,MAAM,GAAG,WAAW,CAyB5E"}

package/script/helpers/base64URLStringToBuffer.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.base64URLStringToBuffer = base64URLStringToBuffer;
+/**
+ * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials
+ *
+ * Helper method to compliment `bufferToBase64URLString`
+ */
+function base64URLStringToBuffer(base64URLString) {
+    // Convert from Base64URL to Base64
+    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
+    /**
+     * Pad with '=' until it's a multiple of four
+     * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding
+     * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding
+     * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding
+     * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding
+     */
+    const padLength = (4 - (base64.length % 4)) % 4;
+    const padded = base64.padEnd(base64.length + padLength, '=');
+    // Convert to a binary string
+    const binary = atob(padded);
+    // Convert binary string to buffer
+    const buffer = new ArrayBuffer(binary.length);
+    const bytes = new Uint8Array(buffer);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return buffer;
+}

package/script/helpers/browserSupportsWebAuthn.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine if the browser is capable of Webauthn
+ */
+export declare function browserSupportsWebAuthn(): boolean;
+export declare const _browserSupportsWebAuthnInternals: {
+    stubThis: (value: boolean) => boolean;
+};
+//# sourceMappingURL=browserSupportsWebAuthn.d.ts.map

package/script/helpers/browserSupportsWebAuthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSupportsWebAuthn.d.ts","sourceRoot":"","sources":["../../src/helpers/browserSupportsWebAuthn.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAKjD;AAGD,eAAO,MAAM,iCAAiC;sBAC1B,OAAO;CAC1B,CAAC"}