npm - @simplewebauthn/browser - Versions diffs - 9.0.1 → 11.0.0-alpha3 - Mend

@simplewebauthn/browser 9.0.1 → 11.0.0-alpha3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/script/methods/startRegistration.js ADDED Viewed

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startRegistration = startRegistration;
+const bufferToBase64URLString_js_1 = require("../helpers/bufferToBase64URLString.js");
+const base64URLStringToBuffer_js_1 = require("../helpers/base64URLStringToBuffer.js");
+const browserSupportsWebAuthn_js_1 = require("../helpers/browserSupportsWebAuthn.js");
+const toPublicKeyCredentialDescriptor_js_1 = require("../helpers/toPublicKeyCredentialDescriptor.js");
+const identifyRegistrationError_js_1 = require("../helpers/identifyRegistrationError.js");
+const webAuthnAbortService_js_1 = require("../helpers/webAuthnAbortService.js");
+const toAuthenticatorAttachment_js_1 = require("../helpers/toAuthenticatorAttachment.js");
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+async function startRegistration(options) {
+    const { optionsJSON, useAutoRegister = false } = options;
+    if (!(0, browserSupportsWebAuthn_js_1.browserSupportsWebAuthn)()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: (0, base64URLStringToBuffer_js_1.base64URLStringToBuffer)(optionsJSON.challenge),
+        user: {
+            ...optionsJSON.user,
+            id: (0, base64URLStringToBuffer_js_1.base64URLStringToBuffer)(optionsJSON.user.id),
+        },
+        excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor_js_1.toPublicKeyCredentialDescriptor),
+    };
+    // Prepare options for `.create()`
+    const createOptions = {};
+    /**
+     * Try to use conditional create to register a passkey for the user with the password manager
+     * the user just used to authenticate with. The user won't be shown any prominent UI by the
+     * browser.
+     */
+    if (useAutoRegister) {
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        createOptions.mediation = 'conditional';
+    }
+    // Finalize options
+    createOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    createOptions.signal = webAuthnAbortService_js_1.WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete attestation
+    let credential;
+    try {
+        credential = (await navigator.credentials.create(createOptions));
+    }
+    catch (err) {
+        throw (0, identifyRegistrationError_js_1.identifyRegistrationError)({ error: err, options: createOptions });
+    }
+    if (!credential) {
+        throw new Error('Registration was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    // Continue to play it safe with `getTransports()` for now, even when L3 types say it's required
+    let transports = undefined;
+    if (typeof response.getTransports === 'function') {
+        transports = response.getTransports();
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responsePublicKeyAlgorithm = undefined;
+    if (typeof response.getPublicKeyAlgorithm === 'function') {
+        try {
+            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
+        }
+    }
+    let responsePublicKey = undefined;
+    if (typeof response.getPublicKey === 'function') {
+        try {
+            const _publicKey = response.getPublicKey();
+            if (_publicKey !== null) {
+                responsePublicKey = (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(_publicKey);
+            }
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getPublicKey()', error);
+        }
+    }
+    // L3 says this is required, but browser and webview support are still not guaranteed.
+    let responseAuthenticatorData;
+    if (typeof response.getAuthenticatorData === 'function') {
+        try {
+            responseAuthenticatorData = (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.getAuthenticatorData());
+        }
+        catch (error) {
+            warnOnBrokenImplementation('getAuthenticatorData()', error);
+        }
+    }
+    return {
+        id,
+        rawId: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(rawId),
+        response: {
+            attestationObject: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.attestationObject),
+            clientDataJSON: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.clientDataJSON),
+            transports,
+            publicKeyAlgorithm: responsePublicKeyAlgorithm,
+            publicKey: responsePublicKey,
+            authenticatorData: responseAuthenticatorData,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: (0, toAuthenticatorAttachment_js_1.toAuthenticatorAttachment)(credential.authenticatorAttachment),
+    };
+}
+/**
+ * Visibly warn when we detect an issue related to a passkey provider intercepting WebAuthn API
+ * calls
+ */
+function warnOnBrokenImplementation(methodName, cause) {
+    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
+}

package/script/package.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}

package/dist/bundle/index.es5.umd.min.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- /* [@simplewebauthn/browser@9.0.1] */
2	- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";var t=function(e,r){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},t(e,r)};var r=function(){return r=Object.assign\|\|function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)};function n(e,t,r,n){return new(r\|\|(r=Promise))((function(o,i){function a(e){try{c(n.next(e))}catch(e){i(e)}}function s(e){try{c(n.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?o(e.value):(t=e.value,t instanceof r?t:new r((function(e){e(t)}))).then(a,s)}c((n=n.apply(e,t\|\|[])).next())}))}function o(e,t){var r,n,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),return:s(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function s(s){return function(c){return function(s){if(r)throw new TypeError("Generator is already executing.");for(;i&&(i=0,s[0]&&(a=0)),a;)try{if(r=1,n&&(o=2&s[0]?n.return:s[0]?n.throw\|\|((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,s[1])).done)return o;switch(n=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return a.label++,{value:s[1],done:!1};case 5:a.label++,n=s[1],s=[0];continue;case 7:s=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])\|\|6!==s[0]&&2!==s[0])){a=0;continue}if(3===s[0]&&(!o\|\|s[1]>o[0]&&s[1]<o[3])){a.label=s[1];break}if(6===s[0]&&a.label<o[1]){a.label=o[1],o=s;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(s);break}o[2]&&a.ops.pop(),a.trys.pop();continue}s=t.call(e,a)}catch(e){s=[6,e],n=0}finally{r=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,c])}}}function i(e){var t,r,n=new Uint8Array(e),o="";try{for(var i=function(e){var t="function"==typeof Symbol&&Symbol.iterator,r=t&&e[t],n=0;if(r)return r.call(e);if(e&&"number"==typeof e.length)return{next:function(){return e&&n>=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}(n),a=i.next();!a.done;a=i.next()){var s=a.value;o+=String.fromCharCode(s)}}catch(e){t={error:e}}finally{try{a&&!a.done&&(r=i.return)&&r.call(i)}finally{if(t)throw t.error}}return btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function a(e){for(var t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i),s=0;s<o.length;s++)a[s]=o.charCodeAt(s);return i}function s(){return void 0!==(null===window\|\|void 0===window?void 0:window.PublicKeyCredential)&&"function"==typeof window.PublicKeyCredential}function c(e){var t=e.id;return r(r({},e),{id:a(t),transports:e.transports})}function u(e){return"localhost"===e\|\|/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}"function"==typeof SuppressedError&&SuppressedError;var l=function(e){function r(t){var r=t.message,n=t.code,o=t.cause,i=t.name,a=e.call(this,r,{cause:o})\|\|this;return a.name=null!=i?i:o.name,a.code=n,a}return function(e,r){if("function"!=typeof r&&null!==r)throw new TypeError("Class extends value "+String(r)+" is not a constructor or null");function n(){this.constructor=e}t(e,r),e.prototype=null===r?Object.create(r):(n.prototype=r.prototype,new n)}(r,e),r}(Error);var d=new(function(){function e(){}return e.prototype.createNewAbortSignal=function(){if(this.controller){var e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}var t=new AbortController;return this.controller=t,t.signal},e.prototype.cancelCeremony=function(){if(this.controller){var e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}},e}()),f=["cross-platform","platform"];function p(e){if(e&&!(f.indexOf(e)<0))return e}function h(e,t){console.warn("The browser extension that intercepted this WebAuthn API call incorrectly implemented ".concat(e,". You should report this error to them.\n"),t)}function w(){var e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((function(e){return e(!1)})):e.isConditionalMediationAvailable()}e.WebAuthnAbortService=d,e.WebAuthnError=l,e.base64URLStringToBuffer=a,e.browserSupportsWebAuthn=s,e.browserSupportsWebAuthnAutofill=w,e.bufferToBase64URLString=i,e.platformAuthenticatorIsAvailable=function(){return s()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((function(e){return e(!1)}))},e.startAuthentication=function(e,t){var f,h;return void 0===t&&(t=!1),n(this,void 0,void 0,(function(){var n,b,y,R,g,E,A,m,v;return o(this,(function(o){switch(o.label){case 0:if(!s())throw new Error("WebAuthn is not supported in this browser");return 0!==(null===(f=e.allowCredentials)\|\|void 0===f?void 0:f.length)&&(n=null===(h=e.allowCredentials)\|\|void 0===h?void 0:h.map(c)),b=r(r({},e),{challenge:a(e.challenge),allowCredentials:n}),y={},t?[4,w()]:[3,2];case 1:if(!o.sent())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');y.mediation="conditional",b.allowCredentials=[],o.label=2;case 2:y.publicKey=b,y.signal=d.createNewAbortSignal(),o.label=3;case 3:return o.trys.push([3,5,,6]),[4,navigator.credentials.get(y)];case 4:return R=o.sent(),[3,6];case 5:throw function(e){var t=e.error,r=e.options,n=r.publicKey;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(r.signal instanceof AbortSignal)return new l({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if("NotAllowedError"===t.name)return new l({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("SecurityError"===t.name){var o=window.location.hostname;if(!u(o))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rpId!==o)return new l({message:'The RP ID "'.concat(n.rpId,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:t})}else if("UnknownError"===t.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}({error:o.sent(),options:y});case 6:if(!R)throw new Error("Authentication was not completed");return g=R.id,E=R.rawId,A=R.response,m=R.type,v=void 0,A.userHandle&&(_=A.userHandle,v=new TextDecoder("utf-8").decode(_)),[2,{id:g,rawId:i(E),response:{authenticatorData:i(A.authenticatorData),clientDataJSON:i(A.clientDataJSON),signature:i(A.signature),userHandle:v},type:m,clientExtensionResults:R.getClientExtensionResults(),authenticatorAttachment:p(R.authenticatorAttachment)}]}var _}))}))},e.startRegistration=function(e){var t;return n(this,void 0,void 0,(function(){var n,f,w,b,y,R,g,E,A,m,v,_;return o(this,(function(o){switch(o.label){case 0:if(!s())throw new Error("WebAuthn is not supported in this browser");n=r(r({},e),{challenge:a(e.challenge),user:r(r({},e.user),{id:(O=e.user.id,(new TextEncoder).encode(O))}),excludeCredentials:null===(t=e.excludeCredentials)\|\|void 0===t?void 0:t.map(c)}),(f={publicKey:n}).signal=d.createNewAbortSignal(),o.label=1;case 1:return o.trys.push([1,3,,4]),[4,navigator.credentials.create(f)];case 2:return w=o.sent(),[3,4];case 3:throw function(e){var t,r,n=e.error,o=e.options,i=o.publicKey;if(!i)throw Error("options was missing required publicKey property");if("AbortError"===n.name){if(o.signal instanceof AbortSignal)return new l({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else if("ConstraintError"===n.name){if(!0===(null===(t=i.authenticatorSelection)\|\|void 0===t?void 0:t.requireResidentKey))return new l({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:n});if("required"===(null===(r=i.authenticatorSelection)\|\|void 0===r?void 0:r.userVerification))return new l({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:n})}else{if("InvalidStateError"===n.name)return new l({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:n});if("NotAllowedError"===n.name)return new l({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if("NotSupportedError"===n.name)return 0===i.pubKeyCredParams.filter((function(e){return"public-key"===e.type})).length?new l({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:n}):new l({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:n});if("SecurityError"===n.name){var a=window.location.hostname;if(!u(a))return new l({message:"".concat(window.location.hostname," is an invalid domain"),code:"ERROR_INVALID_DOMAIN",cause:n});if(i.rp.id!==a)return new l({message:'The RP ID "'.concat(i.rp.id,'" is invalid for this domain'),code:"ERROR_INVALID_RP_ID",cause:n})}else if("TypeError"===n.name){if(i.user.id.byteLength<1\|\|i.user.id.byteLength>64)return new l({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:n})}else if("UnknownError"===n.name)return new l({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}({error:o.sent(),options:f});case 4:if(!w)throw new Error("Registration was not completed");if(b=w.id,y=w.rawId,R=w.response,g=w.type,E=void 0,"function"==typeof R.getTransports&&(E=R.getTransports()),A=void 0,"function"==typeof R.getPublicKeyAlgorithm)try{A=R.getPublicKeyAlgorithm()}catch(e){h("getPublicKeyAlgorithm()",e)}if(m=void 0,"function"==typeof R.getPublicKey)try{null!==(v=R.getPublicKey())&&(m=i(v))}catch(e){h("getPublicKey()",e)}if("function"==typeof R.getAuthenticatorData)try{_=i(R.getAuthenticatorData())}catch(e){h("getAuthenticatorData()",e)}return[2,{id:b,rawId:i(y),response:{attestationObject:i(R.attestationObject),clientDataJSON:i(R.clientDataJSON),transports:E,publicKeyAlgorithm:A,publicKey:m,authenticatorData:_},type:g,clientExtensionResults:w.getClientExtensionResults(),authenticatorAttachment:p(w.authenticatorAttachment)}]}var O}))}))},Object.defineProperty(e,"__esModule",{value:!0})}));

package/dist/bundle/index.js DELETED Viewed

@@ -1,389 +0,0 @@
-/* [@simplewebauthn/browser@9.0.1] */
-function utf8StringToBuffer(value) {
-    return new TextEncoder().encode(value);
-}
-function bufferToBase64URLString(buffer) {
-    const bytes = new Uint8Array(buffer);
-    let str = '';
-    for (const charCode of bytes) {
-        str += String.fromCharCode(charCode);
-    }
-    const base64String = btoa(str);
-    return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-function base64URLStringToBuffer(base64URLString) {
-    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');
-    const padLength = (4 - (base64.length % 4)) % 4;
-    const padded = base64.padEnd(base64.length + padLength, '=');
-    const binary = atob(padded);
-    const buffer = new ArrayBuffer(binary.length);
-    const bytes = new Uint8Array(buffer);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return buffer;
-}
-function browserSupportsWebAuthn() {
-    return (window?.PublicKeyCredential !== undefined &&
-        typeof window.PublicKeyCredential === 'function');
-}
-function toPublicKeyCredentialDescriptor(descriptor) {
-    const { id } = descriptor;
-    return {
-        ...descriptor,
-        id: base64URLStringToBuffer(id),
-        transports: descriptor.transports,
-    };
-}
-function isValidDomain(hostname) {
-    return (hostname === 'localhost' ||
-        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
-}
-class WebAuthnError extends Error {
-    constructor({ message, code, cause, name, }) {
-        super(message, { cause });
-        this.name = name ?? cause.name;
-        this.code = code;
-    }
-}
-function identifyRegistrationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Registration ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'ConstraintError') {
-        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
-            return new WebAuthnError({
-                message: 'Discoverable credentials were required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
-                cause: error,
-            });
-        }
-        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
-            return new WebAuthnError({
-                message: 'User verification was required but no available authenticator supported it',
-                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'InvalidStateError') {
-        return new WebAuthnError({
-            message: 'The authenticator was previously registered',
-            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
-        });
-    }
-    else if (error.name === 'NotSupportedError') {
-        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
-        if (validPubKeyCredParams.length === 0) {
-            return new WebAuthnError({
-                message: 'No entry in pubKeyCredParams was of type "public-key"',
-                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
-                cause: error,
-            });
-        }
-        return new WebAuthnError({
-            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
-            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
-            cause: error,
-        });
-    }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
-        }
-        else if (publicKey.rp.id !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'TypeError') {
-        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
-            return new WebAuthnError({
-                message: 'User ID was not between 1 and 64 characters',
-                code: 'ERROR_INVALID_USER_ID_LENGTH',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
-        });
-    }
-    return error;
-}
-class BaseWebAuthnAbortService {
-    createNewAbortSignal() {
-        if (this.controller) {
-            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
-            abortError.name = 'AbortError';
-            this.controller.abort(abortError);
-        }
-        const newController = new AbortController();
-        this.controller = newController;
-        return newController.signal;
-    }
-    cancelCeremony() {
-        if (this.controller) {
-            const abortError = new Error('Manually cancelling existing WebAuthn API call');
-            abortError.name = 'AbortError';
-            this.controller.abort(abortError);
-            this.controller = undefined;
-        }
-    }
-}
-const WebAuthnAbortService = new BaseWebAuthnAbortService();
-const attachments = ['cross-platform', 'platform'];
-function toAuthenticatorAttachment(attachment) {
-    if (!attachment) {
-        return;
-    }
-    if (attachments.indexOf(attachment) < 0) {
-        return;
-    }
-    return attachment;
-}
-async function startRegistration(creationOptionsJSON) {
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    const publicKey = {
-        ...creationOptionsJSON,
-        challenge: base64URLStringToBuffer(creationOptionsJSON.challenge),
-        user: {
-            ...creationOptionsJSON.user,
-            id: utf8StringToBuffer(creationOptionsJSON.user.id),
-        },
-        excludeCredentials: creationOptionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),
-    };
-    const options = { publicKey };
-    options.signal = WebAuthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.create(options));
-    }
-    catch (err) {
-        throw identifyRegistrationError({ error: err, options });
-    }
-    if (!credential) {
-        throw new Error('Registration was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let transports = undefined;
-    if (typeof response.getTransports === 'function') {
-        transports = response.getTransports();
-    }
-    let responsePublicKeyAlgorithm = undefined;
-    if (typeof response.getPublicKeyAlgorithm === 'function') {
-        try {
-            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);
-        }
-    }
-    let responsePublicKey = undefined;
-    if (typeof response.getPublicKey === 'function') {
-        try {
-            const _publicKey = response.getPublicKey();
-            if (_publicKey !== null) {
-                responsePublicKey = bufferToBase64URLString(_publicKey);
-            }
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getPublicKey()', error);
-        }
-    }
-    let responseAuthenticatorData;
-    if (typeof response.getAuthenticatorData === 'function') {
-        try {
-            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
-        }
-        catch (error) {
-            warnOnBrokenImplementation('getAuthenticatorData()', error);
-        }
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            attestationObject: bufferToBase64URLString(response.attestationObject),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            transports,
-            publicKeyAlgorithm: responsePublicKeyAlgorithm,
-            publicKey: responsePublicKey,
-            authenticatorData: responseAuthenticatorData,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-function warnOnBrokenImplementation(methodName, cause) {
-    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\n`, cause);
-}
-function bufferToUTF8String(value) {
-    return new TextDecoder('utf-8').decode(value);
-}
-function browserSupportsWebAuthnAutofill() {
-    const globalPublicKeyCredential = window
-        .PublicKeyCredential;
-    if (globalPublicKeyCredential.isConditionalMediationAvailable === undefined) {
-        return new Promise((resolve) => resolve(false));
-    }
-    return globalPublicKeyCredential.isConditionalMediationAvailable();
-}
-function identifyAuthenticationError({ error, options, }) {
-    const { publicKey } = options;
-    if (!publicKey) {
-        throw Error('options was missing required publicKey property');
-    }
-    if (error.name === 'AbortError') {
-        if (options.signal instanceof AbortSignal) {
-            return new WebAuthnError({
-                message: 'Authentication ceremony was sent an abort signal',
-                code: 'ERROR_CEREMONY_ABORTED',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'NotAllowedError') {
-        return new WebAuthnError({
-            message: error.message,
-            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
-            cause: error,
-        });
-    }
-    else if (error.name === 'SecurityError') {
-        const effectiveDomain = window.location.hostname;
-        if (!isValidDomain(effectiveDomain)) {
-            return new WebAuthnError({
-                message: `${window.location.hostname} is an invalid domain`,
-                code: 'ERROR_INVALID_DOMAIN',
-                cause: error,
-            });
-        }
-        else if (publicKey.rpId !== effectiveDomain) {
-            return new WebAuthnError({
-                message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
-                code: 'ERROR_INVALID_RP_ID',
-                cause: error,
-            });
-        }
-    }
-    else if (error.name === 'UnknownError') {
-        return new WebAuthnError({
-            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
-            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
-            cause: error,
-        });
-    }
-    return error;
-}
-async function startAuthentication(requestOptionsJSON, useBrowserAutofill = false) {
-    if (!browserSupportsWebAuthn()) {
-        throw new Error('WebAuthn is not supported in this browser');
-    }
-    let allowCredentials;
-    if (requestOptionsJSON.allowCredentials?.length !== 0) {
-        allowCredentials = requestOptionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
-    }
-    const publicKey = {
-        ...requestOptionsJSON,
-        challenge: base64URLStringToBuffer(requestOptionsJSON.challenge),
-        allowCredentials,
-    };
-    const options = {};
-    if (useBrowserAutofill) {
-        if (!(await browserSupportsWebAuthnAutofill())) {
-            throw Error('Browser does not support WebAuthn autofill');
-        }
-        const eligibleInputs = document.querySelectorAll('input[autocomplete$=\'webauthn\']');
-        if (eligibleInputs.length < 1) {
-            throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
-        }
-        options.mediation = 'conditional';
-        publicKey.allowCredentials = [];
-    }
-    options.publicKey = publicKey;
-    options.signal = WebAuthnAbortService.createNewAbortSignal();
-    let credential;
-    try {
-        credential = (await navigator.credentials.get(options));
-    }
-    catch (err) {
-        throw identifyAuthenticationError({ error: err, options });
-    }
-    if (!credential) {
-        throw new Error('Authentication was not completed');
-    }
-    const { id, rawId, response, type } = credential;
-    let userHandle = undefined;
-    if (response.userHandle) {
-        userHandle = bufferToUTF8String(response.userHandle);
-    }
-    return {
-        id,
-        rawId: bufferToBase64URLString(rawId),
-        response: {
-            authenticatorData: bufferToBase64URLString(response.authenticatorData),
-            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-            signature: bufferToBase64URLString(response.signature),
-            userHandle,
-        },
-        type,
-        clientExtensionResults: credential.getClientExtensionResults(),
-        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),
-    };
-}
-function platformAuthenticatorIsAvailable() {
-    if (!browserSupportsWebAuthn()) {
-        return new Promise((resolve) => resolve(false));
-    }
-    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
-}
-export { WebAuthnAbortService, WebAuthnError, base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration };

package/dist/bundle/index.umd.min.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- /* [@simplewebauthn/browser@9.0.1] */
2	- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let r="";for(const e of t)r+=String.fromCharCode(e);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function r(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),a=new ArrayBuffer(o.length),i=new Uint8Array(a);for(let e=0;e<o.length;e++)i[e]=o.charCodeAt(e);return a}function n(){return void 0!==window?.PublicKeyCredential&&"function"==typeof window.PublicKeyCredential}function o(e){const{id:t}=e;return{...e,id:r(t),transports:e.transports}}function a(e){return"localhost"===e\|\|/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e)}class i extends Error{constructor({message:e,code:t,cause:r,name:n}){super(e,{cause:r}),this.name=n??r.name,this.code=t}}const s=new class{createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},c=["cross-platform","platform"];function l(e){if(e&&!(c.indexOf(e)<0))return e}function u(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}function d(){const e=window.PublicKeyCredential;return void 0===e.isConditionalMediationAvailable?new Promise((e=>e(!1))):e.isConditionalMediationAvailable()}e.WebAuthnAbortService=s,e.WebAuthnError=i,e.base64URLStringToBuffer=r,e.browserSupportsWebAuthn=n,e.browserSupportsWebAuthnAutofill=d,e.bufferToBase64URLString=t,e.platformAuthenticatorIsAvailable=function(){return n()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((e=>e(!1)))},e.startAuthentication=async function(e,c=!1){if(!n())throw new Error("WebAuthn is not supported in this browser");let u;0!==e.allowCredentials?.length&&(u=e.allowCredentials?.map(o));const h={...e,challenge:r(e.challenge),allowCredentials:u},f={};if(c){if(!await d())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');f.mediation="conditional",h.allowCredentials=[]}let p;f.publicKey=h,f.signal=s.createNewAbortSignal();try{p=await navigator.credentials.get(f)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new i({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new i({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!a(t))return new i({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rpId!==t)return new i({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new i({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:f})}if(!p)throw new Error("Authentication was not completed");const{id:w,rawId:R,response:E,type:g}=p;let A;var b;return E.userHandle&&(b=E.userHandle,A=new TextDecoder("utf-8").decode(b)),{id:w,rawId:t(R),response:{authenticatorData:t(E.authenticatorData),clientDataJSON:t(E.clientDataJSON),signature:t(E.signature),userHandle:A},type:g,clientExtensionResults:p.getClientExtensionResults(),authenticatorAttachment:l(p.authenticatorAttachment)}},e.startRegistration=async function(e){if(!n())throw new Error("WebAuthn is not supported in this browser");var c;const d={publicKey:{...e,challenge:r(e.challenge),user:{...e.user,id:(c=e.user.id,(new TextEncoder).encode(c))},excludeCredentials:e.excludeCredentials?.map(o)}};let h;d.signal=s.createNewAbortSignal();try{h=await navigator.credentials.create(d)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new i({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===r.authenticatorSelection?.requireResidentKey)return new i({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("required"===r.authenticatorSelection?.userVerification)return new i({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new i({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new i({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===r.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new i({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new i({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=window.location.hostname;if(!a(t))return new i({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rp.id!==t)return new i({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(r.user.id.byteLength<1\|\|r.user.id.byteLength>64)return new i({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new i({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:d})}if(!h)throw new Error("Registration was not completed");const{id:f,rawId:p,response:w,type:R}=h;let E,g,A,b;if("function"==typeof w.getTransports&&(E=w.getTransports()),"function"==typeof w.getPublicKeyAlgorithm)try{g=w.getPublicKeyAlgorithm()}catch(e){u("getPublicKeyAlgorithm()",e)}if("function"==typeof w.getPublicKey)try{const e=w.getPublicKey();null!==e&&(A=t(e))}catch(e){u("getPublicKey()",e)}if("function"==typeof w.getAuthenticatorData)try{b=t(w.getAuthenticatorData())}catch(e){u("getAuthenticatorData()",e)}return{id:f,rawId:t(p),response:{attestationObject:t(w.attestationObject),clientDataJSON:t(w.clientDataJSON),transports:E,publicKeyAlgorithm:g,publicKey:A,authenticatorData:b},type:R,clientExtensionResults:h.getClientExtensionResults(),authenticatorAttachment:l(h.authenticatorAttachment)}},Object.defineProperty(e,"__esModule",{value:!0})}));

package/dist/types/helpers/base64URLStringToBuffer.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function base64URLStringToBuffer(base64URLString: string): ArrayBuffer;

package/dist/types/helpers/browserSupportsWebAuthn.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function browserSupportsWebAuthn(): boolean;

package/dist/types/helpers/browserSupportsWebAuthnAutofill.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function browserSupportsWebAuthnAutofill(): Promise<boolean>;

package/dist/types/helpers/bufferToBase64URLString.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function bufferToBase64URLString(buffer: ArrayBuffer): string;

package/dist/types/helpers/bufferToUTF8String.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function bufferToUTF8String(value: ArrayBuffer): string;

package/dist/types/helpers/identifyAuthenticationError.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { WebAuthnError } from './webAuthnError';
-export declare function identifyAuthenticationError({ error, options, }: {
-    error: Error;
-    options: CredentialRequestOptions;
-}): WebAuthnError | Error;

package/dist/types/helpers/identifyRegistrationError.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { WebAuthnError } from './webAuthnError';
-export declare function identifyRegistrationError({ error, options, }: {
-    error: Error;
-    options: CredentialCreationOptions;
-}): WebAuthnError | Error;

package/dist/types/helpers/isValidDomain.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function isValidDomain(hostname: string): boolean;

package/dist/types/helpers/platformAuthenticatorIsAvailable.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function platformAuthenticatorIsAvailable(): Promise<boolean>;

package/dist/types/helpers/toPublicKeyCredentialDescriptor.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PublicKeyCredentialDescriptorJSON } from '@simplewebauthn/types';
2	- export declare function toPublicKeyCredentialDescriptor(descriptor: PublicKeyCredentialDescriptorJSON): PublicKeyCredentialDescriptor;

package/dist/types/helpers/utf8StringToBuffer.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function utf8StringToBuffer(value: string): ArrayBuffer;

package/dist/types/helpers/webAuthnAbortService.d.ts DELETED Viewed

@@ -1,7 +0,0 @@
-declare class BaseWebAuthnAbortService {
-    private controller;
-    createNewAbortSignal(): AbortSignal;
-    cancelCeremony(): void;
-}
-export declare const WebAuthnAbortService: BaseWebAuthnAbortService;
-export {};

package/dist/types/methods/startAuthentication.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { AuthenticationResponseJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types';
2	- export declare function startAuthentication(requestOptionsJSON: PublicKeyCredentialRequestOptionsJSON, useBrowserAutofill?: boolean): Promise<AuthenticationResponseJSON>;

package/dist/types/methods/startRegistration.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/types';
2	- export declare function startRegistration(creationOptionsJSON: PublicKeyCredentialCreationOptionsJSON): Promise<RegistrationResponseJSON>;

package/jest-environment.js DELETED Viewed

@@ -1,29 +0,0 @@
-import { TestEnvironment } from 'jest-environment-jsdom';
-/**
- * Set up a custom JSDOM-based test environment for Jest so we can add things JSDOM doesn't support
- */
-class CustomTestEnvironment extends TestEnvironment {
-  async setup() {
-    await super.setup();
-    /**
-     * JSDOM doesn't implement TextEncoder so we need to fake it with Node's
-     *
-     * Solved thanks to https://stackoverflow.com/a/57713960/2133271
-     */
-    if (typeof this.global.TextEncoder === 'undefined') {
-      const { TextEncoder } = await import('util');
-      this.global.TextEncoder = TextEncoder;
-    }
-    /**
-     * Add support for TextDecoder to JSDOM
-     */
-    if (typeof this.global.TextDecoder === 'undefined') {
-      const { TextDecoder } = await import('util');
-      this.global.TextDecoder = TextDecoder;
-    }
-  }
-}
-export default CustomTestEnvironment;