@simplewebauthn/browser 11.0.0 → 13.0.0-alpha1

package/script/types/index.d.ts

@@ -0,0 +1,205 @@
+/**
+ * DO NOT MODIFY THESE FILES!
+ *
+ * These files were copied from the **types** package. To update this file, make changes to those
+ * files instead and then run the following command from the monorepo root folder:
+ *
+ * deno task codegen:types
+ */
+import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs, AuthenticatorAssertionResponse, AuthenticatorAttachment, AuthenticatorAttestationResponse, AuthenticatorSelectionCriteria, COSEAlgorithmIdentifier, PublicKeyCredential, PublicKeyCredentialCreationOptions, PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, PublicKeyCredentialRequestOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialType, UserVerificationRequirement } from './dom.js';
+export type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs, AuthenticatorAssertionResponse, AuthenticatorAttachment, AuthenticatorAttestationResponse, AuthenticatorSelectionCriteria, AuthenticatorTransport, COSEAlgorithmIdentifier, Crypto, PublicKeyCredential, PublicKeyCredentialCreationOptions, PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, PublicKeyCredentialRequestOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialType, PublicKeyCredentialUserEntity, UserVerificationRequirement, } from './dom.js';
+/**
+ * A variant of PublicKeyCredentialCreationOptions suitable for JSON transmission to the browser to
+ * (eventually) get passed into navigator.credentials.create(...) in the browser.
+ *
+ * This should eventually get replaced with official TypeScript DOM types when WebAuthn L3 types
+ * eventually make it into the language:
+ *
+ * https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptionsjson
+ */
+export interface PublicKeyCredentialCreationOptionsJSON {
+    rp: PublicKeyCredentialRpEntity;
+    user: PublicKeyCredentialUserEntityJSON;
+    challenge: Base64URLString;
+    pubKeyCredParams: PublicKeyCredentialParameters[];
+    timeout?: number;
+    excludeCredentials?: PublicKeyCredentialDescriptorJSON[];
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    hints?: PublicKeyCredentialHint[];
+    attestation?: AttestationConveyancePreference;
+    attestationFormats?: AttestationFormat[];
+    extensions?: AuthenticationExtensionsClientInputs;
+}
+/**
+ * A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission to the browser to
+ * (eventually) get passed into navigator.credentials.get(...) in the browser.
+ */
+export interface PublicKeyCredentialRequestOptionsJSON {
+    challenge: Base64URLString;
+    timeout?: number;
+    rpId?: string;
+    allowCredentials?: PublicKeyCredentialDescriptorJSON[];
+    userVerification?: UserVerificationRequirement;
+    hints?: PublicKeyCredentialHint[];
+    extensions?: AuthenticationExtensionsClientInputs;
+}
+/**
+ * https://w3c.github.io/webauthn/#dictdef-publickeycredentialdescriptorjson
+ */
+export interface PublicKeyCredentialDescriptorJSON {
+    id: Base64URLString;
+    type: PublicKeyCredentialType;
+    transports?: AuthenticatorTransportFuture[];
+}
+/**
+ * https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentityjson
+ */
+export interface PublicKeyCredentialUserEntityJSON {
+    id: string;
+    name: string;
+    displayName: string;
+}
+/**
+ * The value returned from navigator.credentials.create()
+ */
+export interface RegistrationCredential extends PublicKeyCredentialFuture {
+    response: AuthenticatorAttestationResponseFuture;
+}
+/**
+ * A slightly-modified RegistrationCredential to simplify working with ArrayBuffers that
+ * are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
+ *
+ * https://w3c.github.io/webauthn/#dictdef-registrationresponsejson
+ */
+export interface RegistrationResponseJSON {
+    id: Base64URLString;
+    rawId: Base64URLString;
+    response: AuthenticatorAttestationResponseJSON;
+    authenticatorAttachment?: AuthenticatorAttachment;
+    clientExtensionResults: AuthenticationExtensionsClientOutputs;
+    type: PublicKeyCredentialType;
+}
+/**
+ * The value returned from navigator.credentials.get()
+ */
+export interface AuthenticationCredential extends PublicKeyCredentialFuture {
+    response: AuthenticatorAssertionResponse;
+}
+/**
+ * A slightly-modified AuthenticationCredential to simplify working with ArrayBuffers that
+ * are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
+ *
+ * https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson
+ */
+export interface AuthenticationResponseJSON {
+    id: Base64URLString;
+    rawId: Base64URLString;
+    response: AuthenticatorAssertionResponseJSON;
+    authenticatorAttachment?: AuthenticatorAttachment;
+    clientExtensionResults: AuthenticationExtensionsClientOutputs;
+    type: PublicKeyCredentialType;
+}
+/**
+ * A slightly-modified AuthenticatorAttestationResponse to simplify working with ArrayBuffers that
+ * are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
+ *
+ * https://w3c.github.io/webauthn/#dictdef-authenticatorattestationresponsejson
+ */
+export interface AuthenticatorAttestationResponseJSON {
+    clientDataJSON: Base64URLString;
+    attestationObject: Base64URLString;
+    authenticatorData?: Base64URLString;
+    transports?: AuthenticatorTransportFuture[];
+    publicKeyAlgorithm?: COSEAlgorithmIdentifier;
+    publicKey?: Base64URLString;
+}
+/**
+ * A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that
+ * are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
+ *
+ * https://w3c.github.io/webauthn/#dictdef-authenticatorassertionresponsejson
+ */
+export interface AuthenticatorAssertionResponseJSON {
+    clientDataJSON: Base64URLString;
+    authenticatorData: Base64URLString;
+    signature: Base64URLString;
+    userHandle?: Base64URLString;
+}
+/**
+ * Public key credential information needed to verify authentication responses
+ */
+export type WebAuthnCredential = {
+    id: Base64URLString;
+    publicKey: Uint8Array;
+    counter: number;
+    transports?: AuthenticatorTransportFuture[];
+};
+/**
+ * An attempt to communicate that this isn't just any string, but a Base64URL-encoded string
+ */
+export type Base64URLString = string;
+/**
+ * AuthenticatorAttestationResponse in TypeScript's DOM lib is outdated (up through v3.9.7).
+ * Maintain an augmented version here so we can implement additional properties as the WebAuthn
+ * spec evolves.
+ *
+ * See https://www.w3.org/TR/webauthn-2/#iface-authenticatorattestationresponse
+ *
+ * Properties marked optional are not supported in all browsers.
+ */
+export interface AuthenticatorAttestationResponseFuture extends AuthenticatorAttestationResponse {
+    getTransports(): AuthenticatorTransportFuture[];
+}
+/**
+ * A super class of TypeScript's `AuthenticatorTransport` that includes support for the latest
+ * transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
+ * know about it (sometime after 4.6.3)
+ */
+export type AuthenticatorTransportFuture = 'ble' | 'cable' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb';
+/**
+ * A super class of TypeScript's `PublicKeyCredentialDescriptor` that knows about the latest
+ * transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
+ * know about it (sometime after 4.6.3)
+ */
+export interface PublicKeyCredentialDescriptorFuture extends Omit<PublicKeyCredentialDescriptor, 'transports'> {
+    transports?: AuthenticatorTransportFuture[];
+}
+/** */
+export type PublicKeyCredentialJSON = RegistrationResponseJSON | AuthenticationResponseJSON;
+/**
+ * A super class of TypeScript's `PublicKeyCredential` that knows about upcoming WebAuthn features
+ */
+export interface PublicKeyCredentialFuture extends PublicKeyCredential {
+    type: PublicKeyCredentialType;
+    isConditionalMediationAvailable?(): Promise<boolean>;
+    parseCreationOptionsFromJSON?(options: PublicKeyCredentialCreationOptionsJSON): PublicKeyCredentialCreationOptions;
+    parseRequestOptionsFromJSON?(options: PublicKeyCredentialRequestOptionsJSON): PublicKeyCredentialRequestOptions;
+    toJSON?(): PublicKeyCredentialJSON;
+}
+/**
+ * The two types of credentials as defined by bit 3 ("Backup Eligibility") in authenticator data:
+ * - `"singleDevice"` credentials will never be backed up
+ * - `"multiDevice"` credentials can be backed up
+ */
+export type CredentialDeviceType = 'singleDevice' | 'multiDevice';
+/**
+ * Categories of authenticators that Relying Parties can pass along to browsers during
+ * registration. Browsers that understand these values can optimize their modal experience to
+ * start the user off in a particular registration flow:
+ *
+ * - `hybrid`: A platform authenticator on a mobile device
+ * - `security-key`: A portable FIDO2 authenticator capable of being used on multiple devices via a USB or NFC connection
+ * - `client-device`: The device that WebAuthn is being called on. Typically synonymous with platform authenticators
+ *
+ * See https://w3c.github.io/webauthn/#enumdef-publickeycredentialhint
+ *
+ * These values are less strict than `authenticatorAttachment`
+ */
+export type PublicKeyCredentialHint = 'hybrid' | 'security-key' | 'client-device';
+/**
+ * Values for an attestation object's `fmt`
+ *
+ * See https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-attestation-statement-format-ids
+ */
+export type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
+//# sourceMappingURL=index.d.ts.map

package/script/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,uBAAuB,EACvB,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,2BAA2B,EAC5B,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,EACN,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,6BAA6B,EAC7B,2BAA2B,GAC5B,MAAM,UAAU,CAAC;AAElB;;;;;;;;GAQG;AACH,MAAM,WAAW,sCAAsC;IACrD,EAAE,EAAE,2BAA2B,CAAC;IAChC,IAAI,EAAE,iCAAiC,CAAC;IACxC,SAAS,EAAE,eAAe,CAAC;IAC3B,gBAAgB,EAAE,6BAA6B,EAAE,CAAC;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACzD,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,+BAA+B,CAAC;IAC9C,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;;GAGG;AACH,MAAM,WAAW,qCAAqC;IACpD,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACvD,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;IAC/C,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,eAAe,CAAC;IACpB,IAAI,EAAE,uBAAuB,CAAC;IAC9B,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,yBAAyB;IACvE,QAAQ,EAAE,sCAAsC,CAAC;CAClD;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,oCAAoC,CAAC;IAC/C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,yBAAyB;IACzE,QAAQ,EAAE,8BAA8B,CAAC;CAC1C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,kCAAkC,CAAC;IAC7C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;;;;GAKG;AACH,MAAM,WAAW,oCAAoC;IACnD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IAEnC,iBAAiB,CAAC,EAAE,eAAe,CAAC;IAEpC,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;IAE5C,kBAAkB,CAAC,EAAE,uBAAuB,CAAC;IAC7C,SAAS,CAAC,EAAE,eAAe,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,kCAAkC;IACjD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IACnC,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,eAAe,CAAC;IACpB,SAAS,EAAE,UAAU,CAAC;IAEtB,OAAO,EAAE,MAAM,CAAC;IAEhB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,WAAW,sCAAuC,SAAQ,gCAAgC;IAC9F,aAAa,IAAI,4BAA4B,EAAE,CAAC;CACjD;AAED;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GACpC,KAAK,GACL,OAAO,GACP,QAAQ,GACR,UAAU,GACV,KAAK,GACL,YAAY,GACZ,KAAK,CAAC;AAEV;;;;GAIG;AACH,MAAM,WAAW,mCACf,SAAQ,IAAI,CAAC,6BAA6B,EAAE,YAAY,CAAC;IACzD,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C;AAED,MAAM;AACN,MAAM,MAAM,uBAAuB,GAC/B,wBAAwB,GACxB,0BAA0B,CAAC;AAE/B;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,mBAAmB;IACpE,IAAI,EAAE,uBAAuB,CAAC;IAE9B,+BAA+B,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAErD,4BAA4B,CAAC,CAC3B,OAAO,EAAE,sCAAsC,GAC9C,kCAAkC,CAAC;IAEtC,2BAA2B,CAAC,CAC1B,OAAO,EAAE,qCAAqC,GAC7C,iCAAiC,CAAC;IAErC,MAAM,CAAC,IAAI,uBAAuB,CAAC;CACpC;AAED;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAC;AAElE;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,cAAc,GAAG,eAAe,CAAC;AAElF;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GACzB,UAAU,GACV,QAAQ,GACR,mBAAmB,GACnB,aAAa,GACb,KAAK,GACL,OAAO,GACP,MAAM,CAAC"}

package/script/types/index.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/bundle/index.js

@@ -1,398 +0,0 @@
-/* [@simplewebauthn/browser@11.0.0] */
-function bufferToBase64URLString(buffer) {
-    const bytes = new Uint8Array(buffer);
-    let str = '';
-    for (const charCode of bytes) {
-        str += String.fromCharCode(charCode);
-    }
-    const base64String = btoa(str);
-    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-
-function base64URLStringToBuffer(base64URLString) {
-    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
-    const padLength = (4 - (base64.length % 4)) % 4;
-    const padded = base64.padEnd(base64.length + padLength, '=');
-    const binary = atob(padded);
-    const buffer = new ArrayBuffer(binary.length);
-    const bytes = new Uint8Array(buffer);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return buffer;
-}
-
-function browserSupportsWebAuthn() {
-    return (window?.PublicKeyCredential !== undefined &&
-        typeof window.PublicKeyCredential === 'function');
-}
-
-function toPublicKeyCredentialDescriptor(descriptor) {
-    const { id } = descriptor;
-    return {
-        ...descriptor,
-        id: base64URLStringToBuffer(id),
-        transports: descriptor.transports,
-    };
-}
-
-function isValidDomain(hostname) {
-    return (hostname === 'localhost' ||
-        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
-}
-
-class WebAuthnError extends Error {
-    constructor({ message, code, cause, name, }) {
-        super(message, { cause });
-        this.name = name ?? cause.name;
-        this.code = code;
-    }
-}
-
-function identifyRegistrationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Registration ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'ConstraintError') {
-        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
-            return new WebAuthnError({
-                message: 'Discoverable credentials were required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
-                cause: error,
-            });
-        }
-        else if (options.mediation === 'conditional' &&
-            publicKey.authenticatorSelection?.userVerification === 'required') {
-            return new WebAuthnError({
-                message: 'User verification was required during automatic registration but it could not be performed',
-                code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',
-                cause: error,
-            });
-        }
-        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
-            return new WebAuthnError({
-                message: 'User verification was required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'InvalidStateError') {
-        return new WebAuthnError({
-            message: 'The authenticator was previously registered',
-            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotSupportedError') {
-        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
-        if (validPubKeyCredParams.length === 0) {
-            return new WebAuthnError({
-                message: 'No entry in pubKeyCredParams was of type "public-key"',
-                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
-                cause: error,
-            });
-        }
-        return new WebAuthnError({
-            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
-            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
-            cause: error,
-        });
-    }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
-        }
-        else if (publicKey.rp.id !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'TypeError') {
-        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
-            return new WebAuthnError({
-                message: 'User ID was not between 1 and 64 characters',
-                code: 'ERROR_INVALID_USER_ID_LENGTH',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
-        });
-    }
-    return error;
-}
-
-class BaseWebAuthnAbortService {
-    createNewAbortSignal() {
-        if (this.controller) {
-            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
-            abortError.name = 'AbortError';
-            this.controller.abort(abortError);
-        }
-        const newController = new AbortController();
-        this.controller = newController;
-        return newController.signal;
-    }
-    cancelCeremony() {
-        if (this.controller) {
-            const abortError = new Error('Manually cancelling existing WebAuthn API call');
-            abortError.name = 'AbortError';
-            this.controller.abort(abortError);
-            this.controller = undefined;
-        }
-    }
-}
-const WebAuthnAbortService = new BaseWebAuthnAbortService();
-
-const attachments = ['cross-platform', 'platform'];
-function toAuthenticatorAttachment(attachment) {
-    if (!attachment) {
-        return;
-    }
-    if (attachments.indexOf(attachment) < 0) {
-        return;
-    }
-    return attachment;
-}
-
-async function startRegistration(options) {
-    const { optionsJSON, useAutoRegister = false } = options;
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    const publicKey = {
-        ...optionsJSON,
-        challenge: base64URLStringToBuffer(optionsJSON.challenge),
-        user: {
-            ...optionsJSON.user,
-            id: base64URLStringToBuffer(optionsJSON.user.id),
-        },
-        excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
-    };
-    const createOptions = {};
-    if (useAutoRegister) {
-        createOptions.mediation = 'conditional';
-    }
-    createOptions.publicKey = publicKey;
-    createOptions.signal = WebAuthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.create(createOptions));
-    }
-    catch (err) {
-        throw identifyRegistrationError({ error: err, options: createOptions });
-    }
-    if (!credential) {
-        throw new Error('Registration was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let transports = undefined;
-    if (typeof response.getTransports === 'function') {
-        transports = response.getTransports();
-    }
-    let responsePublicKeyAlgorithm = undefined;
-    if (typeof response.getPublicKeyAlgorithm === 'function') {
-        try {
-            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
-        }
-    }
-    let responsePublicKey = undefined;
-    if (typeof response.getPublicKey === 'function') {
-        try {
-            const _publicKey = response.getPublicKey();
-            if (_publicKey !== null) {
-                responsePublicKey = bufferToBase64URLString(_publicKey);
-            }
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKey()', error);
-        }
-    }
-    let responseAuthenticatorData;
-    if (typeof response.getAuthenticatorData === 'function') {
-        try {
-            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getAuthenticatorData()', error);
-        }
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            attestationObject: bufferToBase64URLString(response.attestationObject),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            transports,
-            publicKeyAlgorithm: responsePublicKeyAlgorithm,
-            publicKey: responsePublicKey,
-            authenticatorData: responseAuthenticatorData,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-function warnOnBrokenImplementation(methodName, cause) {
-    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
-}
-
-function browserSupportsWebAuthnAutofill() {
-    if (!browserSupportsWebAuthn()) {
-        return new Promise((resolve) => resolve(false));
-    }
-    const globalPublicKeyCredential = window
-        .PublicKeyCredential;
-    if (globalPublicKeyCredential.isConditionalMediationAvailable === undefined) {
-        return new Promise((resolve) => resolve(false));
-    }
-    return globalPublicKeyCredential.isConditionalMediationAvailable();
-}
-
-function identifyAuthenticationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Authentication ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
-        });
-    }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
-        }
-        else if (publicKey.rpId !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
-        });
-    }
-    return error;
-}
-
-async function startAuthentication(options) {
-    const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    let allowCredentials;
-    if (optionsJSON.allowCredentials?.length !== 0) {
-        allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
-    }
-    const publicKey = {
-        ...optionsJSON,
-        challenge: base64URLStringToBuffer(optionsJSON.challenge),
-        allowCredentials,
-    };
-    const getOptions = {};
-    if (useBrowserAutofill) {
-        if (!(await browserSupportsWebAuthnAutofill())) {
-            throw Error('Browser does not support WebAuthn autofill');
-        }
-        const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
-        if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
-            throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
-        }
-        getOptions.mediation = 'conditional';
-        publicKey.allowCredentials = [];
-    }
-    getOptions.publicKey = publicKey;
-    getOptions.signal = WebAuthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.get(getOptions));
-    }
-    catch (err) {
-        throw identifyAuthenticationError({ error: err, options: getOptions });
-    }
-    if (!credential) {
-        throw new Error('Authentication was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let userHandle = undefined;
-    if (response.userHandle) {
-        userHandle = bufferToBase64URLString(response.userHandle);
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            authenticatorData: bufferToBase64URLString(response.authenticatorData),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            signature: bufferToBase64URLString(response.signature),
-            userHandle,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-
-function platformAuthenticatorIsAvailable() {
-    if (!browserSupportsWebAuthn()) {
-        return new Promise((resolve) => resolve(false));
-    }
-    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
-}
-
-export { WebAuthnAbortService, WebAuthnError, base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration };

package/dist/types/helpers/base64URLStringToBuffer.d.ts

@@ -1 +0,0 @@
-export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;

package/dist/types/helpers/browserSupportsWebAuthn.d.ts

@@ -1 +0,0 @@
-export declare function browserSupportsWebAuthn(): boolean;

package/dist/types/helpers/browserSupportsWebAuthnAutofill.d.ts

@@ -1 +0,0 @@
-export declare function browserSupportsWebAuthnAutofill(): Promise<boolean>;

package/dist/types/helpers/bufferToBase64URLString.d.ts

@@ -1 +0,0 @@
-export declare function bufferToBase64URLString(buffer: ArrayBuffer): string;

package/dist/types/helpers/identifyAuthenticationError.d.ts

@@ -1,5 +0,0 @@
-import { WebAuthnError } from './webAuthnError';
-export declare function identifyAuthenticationError({ error, options, }: {
-    error: Error;
-    options: CredentialRequestOptions;
-}): WebAuthnError | Error;

package/dist/types/helpers/identifyRegistrationError.d.ts

@@ -1,5 +0,0 @@
-import { WebAuthnError } from './webAuthnError';
-export declare function identifyRegistrationError({ error, options, }: {
-    error: Error;
-    options: CredentialCreationOptions;
-}): WebAuthnError | Error;

package/dist/types/helpers/isValidDomain.d.ts

@@ -1 +0,0 @@
-export declare function isValidDomain(hostname: string): boolean;

package/dist/types/helpers/platformAuthenticatorIsAvailable.d.ts

@@ -1 +0,0 @@
-export declare function platformAuthenticatorIsAvailable(): Promise<boolean>;

package/dist/types/helpers/toAuthenticatorAttachment.d.ts

@@ -1,2 +0,0 @@
-import { AuthenticatorAttachment } from '@simplewebauthn/types';
-export declare function toAuthenticatorAttachment(attachment: string | null): AuthenticatorAttachment | undefined;

package/dist/types/helpers/toPublicKeyCredentialDescriptor.d.ts

@@ -1,2 +0,0 @@
-import type { PublicKeyCredentialDescriptorJSON } from '@simplewebauthn/types';
-export declare function toPublicKeyCredentialDescriptor(descriptor: PublicKeyCredentialDescriptorJSON): PublicKeyCredentialDescriptor;

package/dist/types/helpers/webAuthnAbortService.d.ts

@@ -1,7 +0,0 @@
-declare class BaseWebAuthnAbortService {
-    private controller;
-    createNewAbortSignal(): AbortSignal;
-    cancelCeremony(): void;
-}
-export declare const WebAuthnAbortService: BaseWebAuthnAbortService;
-export {};

package/dist/types/index.d.ts

@@ -1,11 +0,0 @@
-import { startRegistration } from './methods/startRegistration';
-import { startAuthentication } from './methods/startAuthentication';
-import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn';
-import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable';
-import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill';
-import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer';
-import { bufferToBase64URLString } from './helpers/bufferToBase64URLString';
-import { WebAuthnAbortService } from './helpers/webAuthnAbortService';
-import { WebAuthnError } from './helpers/webAuthnError';
-export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
-export type { WebAuthnErrorCode } from './helpers/webAuthnError';