@simplewebauthn/browser 7.0.1 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bundle/index.es5.umd.min.js +2 -2
- package/dist/bundle/index.js +98 -36
- package/dist/bundle/index.umd.min.js +2 -2
- package/dist/types/helpers/identifyAuthenticationError.d.ts +1 -1
- package/dist/types/helpers/identifyRegistrationError.d.ts +1 -1
- package/dist/types/helpers/webAuthnError.d.ts +10 -0
- package/dist/types/index.d.ts +1 -0
- package/package.json +5 -3
- package/dist/types/helpers/structs.d.ts +0 -3
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
/* [@simplewebauthn/browser@7.0
|
|
2
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";var t=function(e,r){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},t(e,r)};var r=function(){return r=Object.assign||function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)};function n(e,t,r,n){return new(r||(r=Promise))((function(o,i){function a(e){try{u(n.next(e))}catch(e){i(e)}}function l(e){try{u(n.throw(e))}catch(e){i(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(a,l)}u((n=n.apply(e,t||[])).next())}))}function o(e,t){var r,n,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:l(0),throw:l(1),return:l(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function l(i){return function(l){return function(i){if(r)throw new TypeError("Generator is already executing.");for(;a;)try{if(r=1,n&&(o=2&i[0]?n.return:i[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,i[1])).done)return o;switch(n=0,o&&(i=[2&i[0],o.value]),i[0]){case 0:case 1:o=i;break;case 4:return a.label++,{value:i[1],done:!1};case 5:a.label++,n=i[1],i=[0];continue;case 7:i=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==i[0]&&2!==i[0])){a=0;continue}if(3===i[0]&&(!o||i[1]>o[0]&&i[1]<o[3])){a.label=i[1];break}if(6===i[0]&&a.label<o[1]){a.label=o[1],o=i;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(i);break}o[2]&&a.ops.pop(),a.trys.pop();continue}i=t.call(e,a)}catch(e){i=[6,e],n=0}finally{r=o=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,l])}}}function i(e){var t,r,n=new Uint8Array(e),o="";try{for(var i=function(e){var t="function"==typeof Symbol&&Symbol.iterator,r=t&&e[t],n=0;if(r)return r.call(e);if(e&&"number"==typeof e.length)return{next:function(){return e&&n>=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}(n),a=i.next();!a.done;a=i.next()){var l=a.value;o+=String.fromCharCode(l)}}catch(e){t={error:e}}finally{try{a&&!a.done&&(r=i.return)&&r.call(i)}finally{if(t)throw t.error}}return btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function a(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i),l=0;l<o.length;l++)a[l]=o.charCodeAt(l);return i}function l(){return void 0!==(null===window||void 0===window?void 0:window.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential}function u(e){var t=e.id;return r(r({},e),{id:a(t),transports:e.transports})}function s(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}var c=function(e){function r(t,r){void 0===r&&(r="WebAuthnError");var n=e.call(this,t)||this;return n.name=r,n}return function(e,r){if("function"!=typeof r&&null!==r)throw new TypeError("Class extends value "+String(r)+" is not a constructor or null");function n(){this.constructor=e}t(e,r),e.prototype=null===r?Object.create(r):(n.prototype=r.prototype,new n)}(r,e),r}(Error);var d=new(function(){function e(){}return e.prototype.createNewAbortSignal=function(){this.controller&&this.controller.abort("Cancelling existing WebAuthn API call for new one");var e=new AbortController;return this.controller=e,e.signal},e}()),f=["cross-platform","platform"];function p(e){if(e&&!(f.indexOf(e)<0))return e}function h(){return n(this,void 0,void 0,(function(){var e;return o(this,(function(t){return[2,void 0!==(e=window.PublicKeyCredential).isConditionalMediationAvailable&&e.isConditionalMediationAvailable()]}))}))}e.browserSupportsWebAuthn=l,e.browserSupportsWebAuthnAutofill=h,e.platformAuthenticatorIsAvailable=function(){return n(this,void 0,void 0,(function(){return o(this,(function(e){return l()?[2,PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()]:[2,!1]}))}))},e.startAuthentication=function(e,t){var f,w;return void 0===t&&(t=!1),n(this,void 0,void 0,(function(){var n,b,y,v,g,m,E,A,S;return o(this,(function(o){switch(o.label){case 0:if(!l())throw new Error("WebAuthn is not supported in this browser");return 0!==(null===(f=e.allowCredentials)||void 0===f?void 0:f.length)&&(n=null===(w=e.allowCredentials)||void 0===w?void 0:w.map(u)),b=r(r({},e),{challenge:a(e.challenge),allowCredentials:n}),y={},t?[4,h()]:[3,2];case 1:if(!o.sent())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete*='webauthn']").length<1)throw Error('No <input> with `"webauthn"` in its `autocomplete` attribute was detected');y.mediation="conditional",b.allowCredentials=[],o.label=2;case 2:y.publicKey=b,y.signal=d.createNewAbortSignal(),o.label=3;case 3:return o.trys.push([3,5,,6]),[4,navigator.credentials.get(y)];case 4:return v=o.sent(),[3,6];case 5:throw function(e){var t,r=e.error,n=e.options,o=n.publicKey;if(!o)throw Error("options was missing required publicKey property");if("AbortError"===r.name){if(n.signal===(new AbortController).signal)return new c("Authentication ceremony was sent an abort signal","AbortError")}else{if("NotAllowedError"===r.name)return(null===(t=o.allowCredentials)||void 0===t?void 0:t.length)?new c("No available authenticator recognized any of the allowed credentials","NotAllowedError"):new c("User clicked cancel, or the authentication ceremony timed out","NotAllowedError");if("SecurityError"===r.name){var i=window.location.hostname;if(!s(i))return new c("".concat(window.location.hostname," is an invalid domain"),"SecurityError");if(o.rpId!==i)return new c('The RP ID "'.concat(o.rpId,'" is invalid for this domain'),"SecurityError")}else if("UnknownError"===r.name)return new c("The authenticator was unable to process the specified options, or could not create a new assertion signature","UnknownError")}return r}({error:o.sent(),options:y});case 6:if(!v)throw new Error("Authentication was not completed");return g=v.id,m=v.rawId,E=v.response,A=v.type,S=void 0,E.userHandle&&(C=E.userHandle,S=new TextDecoder("utf-8").decode(C)),[2,{id:g,rawId:i(m),response:{authenticatorData:i(E.authenticatorData),clientDataJSON:i(E.clientDataJSON),signature:i(E.signature),userHandle:S},type:A,clientExtensionResults:v.getClientExtensionResults(),authenticatorAttachment:p(v.authenticatorAttachment)}]}var C}))}))},e.startRegistration=function(e){var t;return n(this,void 0,void 0,(function(){var n,f,h,w,b,y,v,g;return o(this,(function(o){switch(o.label){case 0:if(!l())throw new Error("WebAuthn is not supported in this browser");n=r(r({},e),{challenge:a(e.challenge),user:r(r({},e.user),{id:(m=e.user.id,(new TextEncoder).encode(m))}),excludeCredentials:null===(t=e.excludeCredentials)||void 0===t?void 0:t.map(u)}),(f={publicKey:n}).signal=d.createNewAbortSignal(),o.label=1;case 1:return o.trys.push([1,3,,4]),[4,navigator.credentials.create(f)];case 2:return h=o.sent(),[3,4];case 3:throw function(e){var t,r,n=e.error,o=e.options,i=o.publicKey;if(!i)throw Error("options was missing required publicKey property");if("AbortError"===n.name){if(o.signal===(new AbortController).signal)return new c("Registration ceremony was sent an abort signal","AbortError")}else if("ConstraintError"===n.name){if(!0===(null===(t=i.authenticatorSelection)||void 0===t?void 0:t.requireResidentKey))return new c("Discoverable credentials were required but no available authenticator supported it","ConstraintError");if("required"===(null===(r=i.authenticatorSelection)||void 0===r?void 0:r.userVerification))return new c("User verification was required but no available authenticator supported it","ConstraintError")}else{if("InvalidStateError"===n.name)return new c("The authenticator was previously registered","InvalidStateError");if("NotAllowedError"===n.name)return new c("User clicked cancel, or the registration ceremony timed out","NotAllowedError");if("NotSupportedError"===n.name)return 0===i.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new c('No entry in pubKeyCredParams was of type "public-key"',"NotSupportedError"):new c("No available authenticator supported any of the specified pubKeyCredParams algorithms","NotSupportedError");if("SecurityError"===n.name){var a=window.location.hostname;if(!s(a))return new c("".concat(window.location.hostname," is an invalid domain"),"SecurityError");if(i.rp.id!==a)return new c('The RP ID "'.concat(i.rp.id,'" is invalid for this domain'),"SecurityError")}else if("TypeError"===n.name){if(i.user.id.byteLength<1||i.user.id.byteLength>64)return new c("User ID was not between 1 and 64 characters","TypeError")}else if("UnknownError"===n.name)return new c("The authenticator was unable to process the specified options, or could not create a new credential","UnknownError")}return n}({error:o.sent(),options:f});case 4:if(!h)throw new Error("Registration was not completed");return w=h.id,b=h.rawId,y=h.response,v=h.type,g=void 0,"function"==typeof y.getTransports&&(g=y.getTransports()),[2,{id:w,rawId:i(b),response:{attestationObject:i(y.attestationObject),clientDataJSON:i(y.clientDataJSON),transports:g},type:v,clientExtensionResults:h.getClientExtensionResults(),authenticatorAttachment:p(h.authenticatorAttachment)}]}var m}))}))},Object.defineProperty(e,"__esModule",{value:!0})}));
|
|
1
|
+
/* [@simplewebauthn/browser@7.2.0] */
|
|
2
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";var t=function(e,n){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},t(e,n)};var n=function(){return n=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},n.apply(this,arguments)};function r(e,t,n,r){return new(n||(n=Promise))((function(o,i){function a(e){try{u(r.next(e))}catch(e){i(e)}}function s(e){try{u(r.throw(e))}catch(e){i(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}u((r=r.apply(e,t||[])).next())}))}function o(e,t){var n,r,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function s(i){return function(s){return function(i){if(n)throw new TypeError("Generator is already executing.");for(;a;)try{if(n=1,r&&(o=2&i[0]?r.return:i[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,i[1])).done)return o;switch(r=0,o&&(i=[2&i[0],o.value]),i[0]){case 0:case 1:o=i;break;case 4:return a.label++,{value:i[1],done:!1};case 5:a.label++,r=i[1],i=[0];continue;case 7:i=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==i[0]&&2!==i[0])){a=0;continue}if(3===i[0]&&(!o||i[1]>o[0]&&i[1]<o[3])){a.label=i[1];break}if(6===i[0]&&a.label<o[1]){a.label=o[1],o=i;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(i);break}o[2]&&a.ops.pop(),a.trys.pop();continue}i=t.call(e,a)}catch(e){i=[6,e],r=0}finally{n=o=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,s])}}}function i(e){var t,n,r=new Uint8Array(e),o="";try{for(var i=function(e){var t="function"==typeof Symbol&&Symbol.iterator,n=t&&e[t],r=0;if(n)return n.call(e);if(e&&"number"==typeof e.length)return{next:function(){return e&&r>=e.length&&(e=void 0),{value:e&&e[r++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}(r),a=i.next();!a.done;a=i.next()){var s=a.value;o+=String.fromCharCode(s)}}catch(e){t={error:e}}finally{try{a&&!a.done&&(n=i.return)&&n.call(i)}finally{if(t)throw t.error}}return btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function a(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,r=t.padEnd(t.length+n,"="),o=atob(r),i=new ArrayBuffer(o.length),a=new Uint8Array(i),s=0;s<o.length;s++)a[s]=o.charCodeAt(s);return i}function s(){return void 0!==(null===window||void 0===window?void 0:window.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential}function u(e){var t=e.id;return n(n({},e),{id:a(t),transports:e.transports})}function c(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}var l=function(e){function n(t){var n=t.message,r=t.code,o=t.cause,i=t.name,a=e.call(this,n,{cause:o})||this;return a.name=null!=i?i:o.name,a.code=r,a}return function(e,n){if("function"!=typeof n&&null!==n)throw new TypeError("Class extends value "+String(n)+" is not a constructor or null");function r(){this.constructor=e}t(e,n),e.prototype=null===n?Object.create(n):(r.prototype=n.prototype,new r)}(n,e),n}(Error);var d=new(function(){function e(){}return e.prototype.createNewAbortSignal=function(){if(this.controller){var e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}var t=new AbortController;return this.controller=t,t.signal},e}()),f=["cross-platform","platform"];function p(e){if(e&&!(f.indexOf(e)<0))return e}function h(){return r(this,void 0,void 0,(function(){var e;return o(this,(function(t){return[2,void 0!==(e=window.PublicKeyCredential).isConditionalMediationAvailable&&e.isConditionalMediationAvailable()]}))}))}e.browserSupportsWebAuthn=s,e.browserSupportsWebAuthnAutofill=h,e.platformAuthenticatorIsAvailable=function(){return r(this,void 0,void 0,(function(){return o(this,(function(e){return s()?[2,PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()]:[2,!1]}))}))},e.startAuthentication=function(e,t){var f,w;return void 0===t&&(t=!1),r(this,void 0,void 0,(function(){var r,R,b,E,y,v,g,m,A;return o(this,(function(o){switch(o.label){case 0:if(!s())throw new Error("WebAuthn is not supported in this browser");return 0!==(null===(f=e.allowCredentials)||void 0===f?void 0:f.length)&&(r=null===(w=e.allowCredentials)||void 0===w?void 0:w.map(u)),R=n(n({},e),{challenge:a(e.challenge),allowCredentials:r}),b={},t?[4,h()]:[3,2];case 1:if(!o.sent())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete*='webauthn']").length<1)throw Error('No <input> with `"webauthn"` in its `autocomplete` attribute was detected');b.mediation="conditional",R.allowCredentials=[],o.label=2;case 2:b.publicKey=R,b.signal=d.createNewAbortSignal(),o.label=3;case 3:return o.trys.push([3,5,,6]),[4,navigator.credentials.get(b)];case 4:return E=o.sent(),[3,6];case 5:throw function(e){var t=e.error,n=e.options,r=n.publicKey;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(n.signal instanceof AbortSignal)return new l({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new l({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){var o=window.location.hostname;if(!c(o))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(r.rpId!==o)return new l({message:'The RP ID "'.concat(r.rpId,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:o.sent(),options:b});case 6:if(!E)throw new Error("Authentication was not completed");return y=E.id,v=E.rawId,g=E.response,m=E.type,A=void 0,g.userHandle&&(_=g.userHandle,A=new TextDecoder("utf-8").decode(_)),[2,{id:y,rawId:i(v),response:{authenticatorData:i(g.authenticatorData),clientDataJSON:i(g.clientDataJSON),signature:i(g.signature),userHandle:A},type:m,clientExtensionResults:E.getClientExtensionResults(),authenticatorAttachment:p(E.authenticatorAttachment)}]}var _}))}))},e.startRegistration=function(e){var t;return r(this,void 0,void 0,(function(){var r,f,h,w,R,b,E,y;return o(this,(function(o){switch(o.label){case 0:if(!s())throw new Error("WebAuthn is not supported in this browser");r=n(n({},e),{challenge:a(e.challenge),user:n(n({},e.user),{id:(v=e.user.id,(new TextEncoder).encode(v))}),excludeCredentials:null===(t=e.excludeCredentials)||void 0===t?void 0:t.map(u)}),(f={publicKey:r}).signal=d.createNewAbortSignal(),o.label=1;case 1:return o.trys.push([1,3,,4]),[4,navigator.credentials.create(f)];case 2:return h=o.sent(),[3,4];case 3:throw function(e){var t,n,r=e.error,o=e.options,i=o.publicKey;if(!i)throw Error("options was missing required publicKey property");if("AbortError"===r.name){if(o.signal instanceof AbortSignal)return new l({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:r})}else if("ConstraintError"===r.name){if(!0===(null===(t=i.authenticatorSelection)||void 0===t?void 0:t.requireResidentKey))return new l({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:r});if("required"===(null===(n=i.authenticatorSelection)||void 0===n?void 0:n.userVerification))return new l({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:r})}else{if("InvalidStateError"===r.name)return new l({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:r});if("NotAllowedError"===r.name)return new l({message:r.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:r});if("NotSupportedError"===r.name)return 0===i.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new l({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:r}):new l({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:r});if("SecurityError"===r.name){var a=window.location.hostname;if(!c(a))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:r});if(i.rp.id!==a)return new l({message:'The RP ID "'.concat(i.rp.id,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:r})}else if("TypeError"===r.name){if(i.user.id.byteLength<1||i.user.id.byteLength>64)return new l({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:r})}else if("UnknownError"===r.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:r})}return r}({error:o.sent(),options:f});case 4:if(!h)throw new Error("Registration was not completed");return w=h.id,R=h.rawId,b=h.response,E=h.type,y=void 0,"function"==typeof b.getTransports&&(y=b.getTransports()),[2,{id:w,rawId:i(R),response:{attestationObject:i(b.attestationObject),clientDataJSON:i(b.clientDataJSON),transports:y},type:E,clientExtensionResults:h.getClientExtensionResults(),authenticatorAttachment:p(h.authenticatorAttachment)}]}var v}))}))},Object.defineProperty(e,"__esModule",{value:!0})}));
|
package/dist/bundle/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/* [@simplewebauthn/browser@7.0
|
|
1
|
+
/* [@simplewebauthn/browser@7.2.0] */
|
|
2
2
|
function utf8StringToBuffer(value) {
|
|
3
3
|
return new TextEncoder().encode(value);
|
|
4
4
|
}
|
|
@@ -27,7 +27,7 @@ function base64URLStringToBuffer(base64URLString) {
|
|
|
27
27
|
}
|
|
28
28
|
|
|
29
29
|
function browserSupportsWebAuthn() {
|
|
30
|
-
return (
|
|
30
|
+
return (window?.PublicKeyCredential !== undefined && typeof window.PublicKeyCredential === 'function');
|
|
31
31
|
}
|
|
32
32
|
|
|
33
33
|
function toPublicKeyCredentialDescriptor(descriptor) {
|
|
@@ -44,68 +44,116 @@ function isValidDomain(hostname) {
|
|
|
44
44
|
}
|
|
45
45
|
|
|
46
46
|
class WebAuthnError extends Error {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
47
|
+
code;
|
|
48
|
+
constructor({ message, code, cause, name, }) {
|
|
49
|
+
super(message, { cause });
|
|
50
|
+
this.name = name ?? cause.name;
|
|
51
|
+
this.code = code;
|
|
50
52
|
}
|
|
51
53
|
}
|
|
52
54
|
|
|
53
55
|
function identifyRegistrationError({ error, options, }) {
|
|
54
|
-
var _a, _b;
|
|
55
56
|
const { publicKey } = options;
|
|
56
57
|
if (!publicKey) {
|
|
57
58
|
throw Error('options was missing required publicKey property');
|
|
58
59
|
}
|
|
59
60
|
if (error.name === 'AbortError') {
|
|
60
|
-
if (options.signal
|
|
61
|
-
return new WebAuthnError(
|
|
61
|
+
if (options.signal instanceof AbortSignal) {
|
|
62
|
+
return new WebAuthnError({
|
|
63
|
+
message: 'Registration ceremony was sent an abort signal',
|
|
64
|
+
code: 'ERROR_CEREMONY_ABORTED',
|
|
65
|
+
cause: error,
|
|
66
|
+
});
|
|
62
67
|
}
|
|
63
68
|
}
|
|
64
69
|
else if (error.name === 'ConstraintError') {
|
|
65
|
-
if (
|
|
66
|
-
return new WebAuthnError(
|
|
70
|
+
if (publicKey.authenticatorSelection?.requireResidentKey === true) {
|
|
71
|
+
return new WebAuthnError({
|
|
72
|
+
message: 'Discoverable credentials were required but no available authenticator supported it',
|
|
73
|
+
code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
|
|
74
|
+
cause: error,
|
|
75
|
+
});
|
|
67
76
|
}
|
|
68
|
-
else if (
|
|
69
|
-
return new WebAuthnError(
|
|
77
|
+
else if (publicKey.authenticatorSelection?.userVerification === 'required') {
|
|
78
|
+
return new WebAuthnError({
|
|
79
|
+
message: 'User verification was required but no available authenticator supported it',
|
|
80
|
+
code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
|
|
81
|
+
cause: error,
|
|
82
|
+
});
|
|
70
83
|
}
|
|
71
84
|
}
|
|
72
85
|
else if (error.name === 'InvalidStateError') {
|
|
73
|
-
return new WebAuthnError(
|
|
86
|
+
return new WebAuthnError({
|
|
87
|
+
message: 'The authenticator was previously registered',
|
|
88
|
+
code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
|
|
89
|
+
cause: error
|
|
90
|
+
});
|
|
74
91
|
}
|
|
75
92
|
else if (error.name === 'NotAllowedError') {
|
|
76
|
-
return new WebAuthnError(
|
|
93
|
+
return new WebAuthnError({
|
|
94
|
+
message: error.message,
|
|
95
|
+
code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
|
|
96
|
+
cause: error,
|
|
97
|
+
});
|
|
77
98
|
}
|
|
78
99
|
else if (error.name === 'NotSupportedError') {
|
|
79
100
|
const validPubKeyCredParams = publicKey.pubKeyCredParams.filter(param => param.type === 'public-key');
|
|
80
101
|
if (validPubKeyCredParams.length === 0) {
|
|
81
|
-
return new WebAuthnError(
|
|
102
|
+
return new WebAuthnError({
|
|
103
|
+
message: 'No entry in pubKeyCredParams was of type "public-key"',
|
|
104
|
+
code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
|
|
105
|
+
cause: error,
|
|
106
|
+
});
|
|
82
107
|
}
|
|
83
|
-
return new WebAuthnError(
|
|
108
|
+
return new WebAuthnError({
|
|
109
|
+
message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
|
|
110
|
+
code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
|
|
111
|
+
cause: error,
|
|
112
|
+
});
|
|
84
113
|
}
|
|
85
114
|
else if (error.name === 'SecurityError') {
|
|
86
115
|
const effectiveDomain = window.location.hostname;
|
|
87
116
|
if (!isValidDomain(effectiveDomain)) {
|
|
88
|
-
return new WebAuthnError(
|
|
117
|
+
return new WebAuthnError({
|
|
118
|
+
message: `${window.location.hostname} is an invalid domain`,
|
|
119
|
+
code: 'ERROR_INVALID_DOMAIN',
|
|
120
|
+
cause: error
|
|
121
|
+
});
|
|
89
122
|
}
|
|
90
123
|
else if (publicKey.rp.id !== effectiveDomain) {
|
|
91
|
-
return new WebAuthnError(
|
|
124
|
+
return new WebAuthnError({
|
|
125
|
+
message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
|
|
126
|
+
code: 'ERROR_INVALID_RP_ID',
|
|
127
|
+
cause: error,
|
|
128
|
+
});
|
|
92
129
|
}
|
|
93
130
|
}
|
|
94
131
|
else if (error.name === 'TypeError') {
|
|
95
132
|
if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
|
|
96
|
-
return new WebAuthnError(
|
|
133
|
+
return new WebAuthnError({
|
|
134
|
+
message: 'User ID was not between 1 and 64 characters',
|
|
135
|
+
code: 'ERROR_INVALID_USER_ID_LENGTH',
|
|
136
|
+
cause: error,
|
|
137
|
+
});
|
|
97
138
|
}
|
|
98
139
|
}
|
|
99
140
|
else if (error.name === 'UnknownError') {
|
|
100
|
-
return new WebAuthnError(
|
|
141
|
+
return new WebAuthnError({
|
|
142
|
+
message: 'The authenticator was unable to process the specified options, or could not create a new credential',
|
|
143
|
+
code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
|
|
144
|
+
cause: error,
|
|
145
|
+
});
|
|
101
146
|
}
|
|
102
147
|
return error;
|
|
103
148
|
}
|
|
104
149
|
|
|
105
150
|
class WebAuthnAbortService {
|
|
151
|
+
controller;
|
|
106
152
|
createNewAbortSignal() {
|
|
107
153
|
if (this.controller) {
|
|
108
|
-
|
|
154
|
+
const abortError = new Error('Cancelling existing WebAuthn API call for new one');
|
|
155
|
+
abortError.name = 'AbortError';
|
|
156
|
+
this.controller.abort(abortError);
|
|
109
157
|
}
|
|
110
158
|
const newController = new AbortController();
|
|
111
159
|
this.controller = newController;
|
|
@@ -126,7 +174,6 @@ function toAuthenticatorAttachment(attachment) {
|
|
|
126
174
|
}
|
|
127
175
|
|
|
128
176
|
async function startRegistration(creationOptionsJSON) {
|
|
129
|
-
var _a;
|
|
130
177
|
if (!browserSupportsWebAuthn()) {
|
|
131
178
|
throw new Error('WebAuthn is not supported in this browser');
|
|
132
179
|
}
|
|
@@ -137,7 +184,7 @@ async function startRegistration(creationOptionsJSON) {
|
|
|
137
184
|
...creationOptionsJSON.user,
|
|
138
185
|
id: utf8StringToBuffer(creationOptionsJSON.user.id),
|
|
139
186
|
},
|
|
140
|
-
excludeCredentials:
|
|
187
|
+
excludeCredentials: creationOptionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
|
|
141
188
|
};
|
|
142
189
|
const options = { publicKey };
|
|
143
190
|
options.signal = webauthnAbortService.createNewAbortSignal();
|
|
@@ -181,45 +228,60 @@ async function browserSupportsWebAuthnAutofill() {
|
|
|
181
228
|
}
|
|
182
229
|
|
|
183
230
|
function identifyAuthenticationError({ error, options, }) {
|
|
184
|
-
var _a;
|
|
185
231
|
const { publicKey } = options;
|
|
186
232
|
if (!publicKey) {
|
|
187
233
|
throw Error('options was missing required publicKey property');
|
|
188
234
|
}
|
|
189
235
|
if (error.name === 'AbortError') {
|
|
190
|
-
if (options.signal
|
|
191
|
-
return new WebAuthnError(
|
|
236
|
+
if (options.signal instanceof AbortSignal) {
|
|
237
|
+
return new WebAuthnError({
|
|
238
|
+
message: 'Authentication ceremony was sent an abort signal',
|
|
239
|
+
code: 'ERROR_CEREMONY_ABORTED',
|
|
240
|
+
cause: error,
|
|
241
|
+
});
|
|
192
242
|
}
|
|
193
243
|
}
|
|
194
244
|
else if (error.name === 'NotAllowedError') {
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
245
|
+
return new WebAuthnError({
|
|
246
|
+
message: error.message,
|
|
247
|
+
code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
|
|
248
|
+
cause: error,
|
|
249
|
+
});
|
|
199
250
|
}
|
|
200
251
|
else if (error.name === 'SecurityError') {
|
|
201
252
|
const effectiveDomain = window.location.hostname;
|
|
202
253
|
if (!isValidDomain(effectiveDomain)) {
|
|
203
|
-
return new WebAuthnError(
|
|
254
|
+
return new WebAuthnError({
|
|
255
|
+
message: `${window.location.hostname} is an invalid domain`,
|
|
256
|
+
code: 'ERROR_INVALID_DOMAIN',
|
|
257
|
+
cause: error,
|
|
258
|
+
});
|
|
204
259
|
}
|
|
205
260
|
else if (publicKey.rpId !== effectiveDomain) {
|
|
206
|
-
return new WebAuthnError(
|
|
261
|
+
return new WebAuthnError({
|
|
262
|
+
message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
|
|
263
|
+
code: 'ERROR_INVALID_RP_ID',
|
|
264
|
+
cause: error,
|
|
265
|
+
});
|
|
207
266
|
}
|
|
208
267
|
}
|
|
209
268
|
else if (error.name === 'UnknownError') {
|
|
210
|
-
return new WebAuthnError(
|
|
269
|
+
return new WebAuthnError({
|
|
270
|
+
message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
|
|
271
|
+
code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
|
|
272
|
+
cause: error,
|
|
273
|
+
});
|
|
211
274
|
}
|
|
212
275
|
return error;
|
|
213
276
|
}
|
|
214
277
|
|
|
215
278
|
async function startAuthentication(requestOptionsJSON, useBrowserAutofill = false) {
|
|
216
|
-
var _a, _b;
|
|
217
279
|
if (!browserSupportsWebAuthn()) {
|
|
218
280
|
throw new Error('WebAuthn is not supported in this browser');
|
|
219
281
|
}
|
|
220
282
|
let allowCredentials;
|
|
221
|
-
if (
|
|
222
|
-
allowCredentials =
|
|
283
|
+
if (requestOptionsJSON.allowCredentials?.length !== 0) {
|
|
284
|
+
allowCredentials = requestOptionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
|
|
223
285
|
}
|
|
224
286
|
const publicKey = {
|
|
225
287
|
...requestOptionsJSON,
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
/* [@simplewebauthn/browser@7.0
|
|
2
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let
|
|
1
|
+
/* [@simplewebauthn/browser@7.2.0] */
|
|
2
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let n="";for(const e of t)n+=String.fromCharCode(e);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function n(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),n=(4-t.length%4)%4,r=t.padEnd(t.length+n,"="),o=atob(r),a=new ArrayBuffer(o.length),i=new Uint8Array(a);for(let e=0;e<o.length;e++)i[e]=o.charCodeAt(e);return a}function r(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function o(e){const{id:t}=e;return{...e,id:n(t),transports:e.transports}}function a(e){return"localhost"===e||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class i extends Error{code;constructor({message:e,code:t,cause:n,name:r}){super(e,{cause:n}),this.name=r??n.name,this.code=t}}const s=new class{controller;createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}},c=["cross-platform","platform"];function l(e){if(e&&!(c.indexOf(e)<0))return e}async function u(){const e=window.PublicKeyCredential;return void 0!==e.isConditionalMediationAvailable&&e.isConditionalMediationAvailable()}e.browserSupportsWebAuthn=r,e.browserSupportsWebAuthnAutofill=u,e.platformAuthenticatorIsAvailable=async function(){return!!r()&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()},e.startAuthentication=async function(e,c=!1){if(!r())throw new Error("WebAuthn is not supported in this browser");let d;0!==e.allowCredentials?.length&&(d=e.allowCredentials?.map(o));const R={...e,challenge:n(e.challenge),allowCredentials:d},w={};if(c){if(!await u())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete*='webauthn']").length<1)throw Error('No <input> with `"webauthn"` in its `autocomplete` attribute was detected');w.mediation="conditional",R.allowCredentials=[]}let p;w.publicKey=R,w.signal=s.createNewAbortSignal();try{p=await navigator.credentials.get(w)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new i({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new i({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!a(t))return new i({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rpId!==t)return new i({message:`The RP ID "${n.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new i({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:w})}if(!p)throw new Error("Authentication was not completed");const{id:f,rawId:E,response:h,type:A}=p;let g;var m;return h.userHandle&&(m=h.userHandle,g=new TextDecoder("utf-8").decode(m)),{id:f,rawId:t(E),response:{authenticatorData:t(h.authenticatorData),clientDataJSON:t(h.clientDataJSON),signature:t(h.signature),userHandle:g},type:A,clientExtensionResults:p.getClientExtensionResults(),authenticatorAttachment:l(p.authenticatorAttachment)}},e.startRegistration=async function(e){if(!r())throw new Error("WebAuthn is not supported in this browser");var c;const u={publicKey:{...e,challenge:n(e.challenge),user:{...e.user,id:(c=e.user.id,(new TextEncoder).encode(c))},excludeCredentials:e.excludeCredentials?.map(o)}};let d;u.signal=s.createNewAbortSignal();try{d=await navigator.credentials.create(u)}catch(e){throw function({error:e,options:t}){const{publicKey:n}=t;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new i({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new i({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===n.authenticatorSelection?.userVerification)return new i({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new i({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new i({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===n.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new i({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new i({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!a(t))return new i({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(n.rp.id!==t)return new i({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new i({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new i({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:u})}if(!d)throw new Error("Registration was not completed");const{id:R,rawId:w,response:p,type:f}=d;let E;return"function"==typeof p.getTransports&&(E=p.getTransports()),{id:R,rawId:t(w),response:{attestationObject:t(p.attestationObject),clientDataJSON:t(p.clientDataJSON),transports:E},type:f,clientExtensionResults:d.getClientExtensionResults(),authenticatorAttachment:l(d.authenticatorAttachment)}},Object.defineProperty(e,"__esModule",{value:!0})}));
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export declare class WebAuthnError extends Error {
|
|
2
|
+
code: WebAuthnErrorCode;
|
|
3
|
+
constructor({ message, code, cause, name, }: {
|
|
4
|
+
message: string;
|
|
5
|
+
code: WebAuthnErrorCode;
|
|
6
|
+
cause: Error;
|
|
7
|
+
name?: string;
|
|
8
|
+
});
|
|
9
|
+
}
|
|
10
|
+
export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY';
|
package/dist/types/index.d.ts
CHANGED
|
@@ -4,3 +4,4 @@ import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn';
|
|
|
4
4
|
import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable';
|
|
5
5
|
import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill';
|
|
6
6
|
export { startRegistration, startAuthentication, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, platformAuthenticatorIsAvailable, };
|
|
7
|
+
export type { WebAuthnErrorCode } from './helpers/webAuthnError';
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simplewebauthn/browser",
|
|
3
|
-
"version": "7.0
|
|
3
|
+
"version": "7.2.0",
|
|
4
4
|
"description": "SimpleWebAuthn for Browsers",
|
|
5
5
|
"main": "dist/bundle/index.js",
|
|
6
6
|
"unpkg": "dist/bundle/index.umd.min.js",
|
|
@@ -30,14 +30,16 @@
|
|
|
30
30
|
"fido",
|
|
31
31
|
"umd"
|
|
32
32
|
],
|
|
33
|
+
"dependencies": {
|
|
34
|
+
"@simplewebauthn/typescript-types": "*"
|
|
35
|
+
},
|
|
33
36
|
"devDependencies": {
|
|
34
37
|
"@rollup/plugin-node-resolve": "^13.0.0",
|
|
35
38
|
"@rollup/plugin-typescript": "^8.2.1",
|
|
36
|
-
"@simplewebauthn/typescript-types": "*",
|
|
37
39
|
"rollup": "^2.52.1",
|
|
38
40
|
"rollup-plugin-terser": "^7.0.2",
|
|
39
41
|
"rollup-plugin-version-injector": "^1.3.3"
|
|
40
42
|
},
|
|
41
43
|
"type": "module",
|
|
42
|
-
"gitHead": "
|
|
44
|
+
"gitHead": "73630d7431abde0f13cabc601c7821135d95b18c"
|
|
43
45
|
}
|