@simplewebauthn/server 9.0.3 → 10.0.0

package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts

@@ -1,11 +1,3 @@
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node/crypto.js" />
-/// <reference types="node/crypto.js" />
-/// <reference types="node/stream.js" />
-/// <reference types="node/stream.js" />
 import type { Crypto } from '../../../deps.js';
 /**
  * Try to get an instance of the Crypto API from the current runtime. Should support Node,
@@ -16,287 +8,6 @@ export declare class MissingWebCrypto extends Error {
     constructor();
 }
 export declare const _getWebCryptoInternals: {
-    stubThisImportNodeCrypto: () => Promise<{
-        default: typeof import("crypto");
-        createHash(algorithm: string, options?: import("crypto").HashOptions | undefined): import("crypto").Hash;
-        createHash(algorithm: string, options?: import("crypto").HashOptions | undefined): import("crypto").Hash;
-        createHmac(algorithm: string, key: import("crypto").KeyObject | import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Hmac;
-        createHmac(algorithm: string, key: import("crypto").KeyObject | import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Hmac;
-        createCipher(algorithm: import("crypto").CipherCCMTypes, password: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").CipherCCM;
-        createCipher(algorithm: import("crypto").CipherGCMTypes, password: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").CipherGCM;
-        createCipher(algorithm: string, password: import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Cipher;
-        createCipher(algorithm: import("crypto").CipherCCMTypes, password: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").CipherCCM;
-        createCipher(algorithm: import("crypto").CipherGCMTypes, password: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").CipherGCM;
-        createCipher(algorithm: string, password: import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Cipher;
-        createCipheriv(algorithm: import("crypto").CipherCCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").CipherCCM;
-        createCipheriv(algorithm: import("crypto").CipherOCBTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherOCBOptions): import("crypto").CipherOCB;
-        createCipheriv(algorithm: import("crypto").CipherGCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").CipherGCM;
-        createCipheriv(algorithm: string, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike | null, options?: import("stream").TransformOptions | undefined): import("crypto").Cipher;
-        createCipheriv(algorithm: import("crypto").CipherCCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").CipherCCM;
-        createCipheriv(algorithm: import("crypto").CipherOCBTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherOCBOptions): import("crypto").CipherOCB;
-        createCipheriv(algorithm: import("crypto").CipherGCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").CipherGCM;
-        createCipheriv(algorithm: string, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike | null, options?: import("stream").TransformOptions | undefined): import("crypto").Cipher;
-        createDecipher(algorithm: import("crypto").CipherCCMTypes, password: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").DecipherCCM;
-        createDecipher(algorithm: import("crypto").CipherGCMTypes, password: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").DecipherGCM;
-        createDecipher(algorithm: string, password: import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Decipher;
-        createDecipher(algorithm: import("crypto").CipherCCMTypes, password: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").DecipherCCM;
-        createDecipher(algorithm: import("crypto").CipherGCMTypes, password: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").DecipherGCM;
-        createDecipher(algorithm: string, password: import("crypto").BinaryLike, options?: import("stream").TransformOptions | undefined): import("crypto").Decipher;
-        createDecipheriv(algorithm: import("crypto").CipherCCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").DecipherCCM;
-        createDecipheriv(algorithm: import("crypto").CipherOCBTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherOCBOptions): import("crypto").DecipherOCB;
-        createDecipheriv(algorithm: import("crypto").CipherGCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").DecipherGCM;
-        createDecipheriv(algorithm: string, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike | null, options?: import("stream").TransformOptions | undefined): import("crypto").Decipher;
-        createDecipheriv(algorithm: import("crypto").CipherCCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherCCMOptions): import("crypto").DecipherCCM;
-        createDecipheriv(algorithm: import("crypto").CipherOCBTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options: import("crypto").CipherOCBOptions): import("crypto").DecipherOCB;
-        createDecipheriv(algorithm: import("crypto").CipherGCMTypes, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike, options?: import("crypto").CipherGCMOptions | undefined): import("crypto").DecipherGCM;
-        createDecipheriv(algorithm: string, key: import("crypto").CipherKey, iv: import("crypto").BinaryLike | null, options?: import("stream").TransformOptions | undefined): import("crypto").Decipher;
-        generateKey(type: "hmac" | "aes", options: {
-            length: number;
-        }, callback: (err: Error | null, key: import("crypto").KeyObject) => void): void;
-        generateKey(type: "hmac" | "aes", options: {
-            length: number;
-        }, callback: (err: Error | null, key: import("crypto").KeyObject) => void): void;
-        generateKeySync(type: "hmac" | "aes", options: {
-            length: number;
-        }): import("crypto").KeyObject;
-        generateKeySync(type: "hmac" | "aes", options: {
-            length: number;
-        }): import("crypto").KeyObject;
-        createPrivateKey(key: string | import("crypto").PrivateKeyInput | Buffer | import("crypto").JsonWebKeyInput): import("crypto").KeyObject;
-        createPrivateKey(key: string | import("crypto").PrivateKeyInput | Buffer | import("crypto").JsonWebKeyInput): import("crypto").KeyObject;
-        createPublicKey(key: string | import("crypto").KeyObject | Buffer | import("crypto").JsonWebKeyInput | import("crypto").PublicKeyInput): import("crypto").KeyObject;
-        createPublicKey(key: string | import("crypto").KeyObject | Buffer | import("crypto").JsonWebKeyInput | import("crypto").PublicKeyInput): import("crypto").KeyObject;
-        createSecretKey(key: NodeJS.ArrayBufferView): import("crypto").KeyObject;
-        createSecretKey(key: string, encoding: BufferEncoding): import("crypto").KeyObject;
-        createSecretKey(key: NodeJS.ArrayBufferView): import("crypto").KeyObject;
-        createSecretKey(key: string, encoding: BufferEncoding): import("crypto").KeyObject;
-        createSign(algorithm: string, options?: import("stream").WritableOptions | undefined): import("crypto").Sign;
-        createSign(algorithm: string, options?: import("stream").WritableOptions | undefined): import("crypto").Sign;
-        createVerify(algorithm: string, options?: import("stream").WritableOptions | undefined): import("crypto").Verify;
-        createVerify(algorithm: string, options?: import("stream").WritableOptions | undefined): import("crypto").Verify;
-        createDiffieHellman(primeLength: number, generator?: number | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: ArrayBuffer | NodeJS.ArrayBufferView, generator?: number | ArrayBuffer | NodeJS.ArrayBufferView | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: ArrayBuffer | NodeJS.ArrayBufferView, generator: string, generatorEncoding: import("crypto").BinaryToTextEncoding): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: string, primeEncoding: import("crypto").BinaryToTextEncoding, generator?: number | ArrayBuffer | NodeJS.ArrayBufferView | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: string, primeEncoding: import("crypto").BinaryToTextEncoding, generator: string, generatorEncoding: import("crypto").BinaryToTextEncoding): import("crypto").DiffieHellman;
-        createDiffieHellman(primeLength: number, generator?: number | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: ArrayBuffer | NodeJS.ArrayBufferView, generator?: number | ArrayBuffer | NodeJS.ArrayBufferView | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: ArrayBuffer | NodeJS.ArrayBufferView, generator: string, generatorEncoding: import("crypto").BinaryToTextEncoding): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: string, primeEncoding: import("crypto").BinaryToTextEncoding, generator?: number | ArrayBuffer | NodeJS.ArrayBufferView | undefined): import("crypto").DiffieHellman;
-        createDiffieHellman(prime: string, primeEncoding: import("crypto").BinaryToTextEncoding, generator: string, generatorEncoding: import("crypto").BinaryToTextEncoding): import("crypto").DiffieHellman;
-        getDiffieHellman(groupName: string): import("crypto").DiffieHellmanGroup;
-        getDiffieHellman(groupName: string): import("crypto").DiffieHellmanGroup;
-        createDiffieHellmanGroup(name: string): import("crypto").DiffieHellmanGroup;
-        createDiffieHellmanGroup(name: string): import("crypto").DiffieHellmanGroup;
-        pbkdf2(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, iterations: number, keylen: number, digest: string, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        pbkdf2(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, iterations: number, keylen: number, digest: string, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        pbkdf2Sync(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, iterations: number, keylen: number, digest: string): Buffer;
-        pbkdf2Sync(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, iterations: number, keylen: number, digest: string): Buffer;
-        randomBytes(size: number): Buffer;
-        randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
-        randomBytes(size: number): Buffer;
-        randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
-        pseudoRandomBytes(size: number): Buffer;
-        pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
-        pseudoRandomBytes(size: number): Buffer;
-        pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
-        randomInt(max: number): number;
-        randomInt(min: number, max: number): number;
-        randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
-        randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
-        randomInt(max: number): number;
-        randomInt(min: number, max: number): number;
-        randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
-        randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
-        randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number | undefined, size?: number | undefined): T;
-        randomFillSync<T_1 extends NodeJS.ArrayBufferView>(buffer: T_1, offset?: number | undefined, size?: number | undefined): T_1;
-        randomFill<T_2 extends NodeJS.ArrayBufferView>(buffer: T_2, callback: (err: Error | null, buf: T_2) => void): void;
-        randomFill<T_3 extends NodeJS.ArrayBufferView>(buffer: T_3, offset: number, callback: (err: Error | null, buf: T_3) => void): void;
-        randomFill<T_4 extends NodeJS.ArrayBufferView>(buffer: T_4, offset: number, size: number, callback: (err: Error | null, buf: T_4) => void): void;
-        randomFill<T_5 extends NodeJS.ArrayBufferView>(buffer: T_5, callback: (err: Error | null, buf: T_5) => void): void;
-        randomFill<T_6 extends NodeJS.ArrayBufferView>(buffer: T_6, offset: number, callback: (err: Error | null, buf: T_6) => void): void;
-        randomFill<T_7 extends NodeJS.ArrayBufferView>(buffer: T_7, offset: number, size: number, callback: (err: Error | null, buf: T_7) => void): void;
-        scrypt(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        scrypt(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, options: import("crypto").ScryptOptions, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        scrypt(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        scrypt(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, options: import("crypto").ScryptOptions, callback: (err: Error | null, derivedKey: Buffer) => void): void;
-        scryptSync(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, options?: import("crypto").ScryptOptions | undefined): Buffer;
-        scryptSync(password: import("crypto").BinaryLike, salt: import("crypto").BinaryLike, keylen: number, options?: import("crypto").ScryptOptions | undefined): Buffer;
-        publicEncrypt(key: import("crypto").RsaPublicKey | import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        publicEncrypt(key: import("crypto").RsaPublicKey | import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        publicDecrypt(key: import("crypto").RsaPublicKey | import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        publicDecrypt(key: import("crypto").RsaPublicKey | import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        privateDecrypt(privateKey: import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        privateDecrypt(privateKey: import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        privateEncrypt(privateKey: import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        privateEncrypt(privateKey: import("crypto").RsaPrivateKey | import("crypto").KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
-        getCiphers(): string[];
-        getCiphers(): string[];
-        getCurves(): string[];
-        getCurves(): string[];
-        getFips(): 0 | 1;
-        getFips(): 0 | 1;
-        setFips(bool: boolean): void;
-        setFips(bool: boolean): void;
-        getHashes(): string[];
-        getHashes(): string[];
-        createECDH(curveName: string): import("crypto").ECDH;
-        createECDH(curveName: string): import("crypto").ECDH;
-        timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
-        timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ed25519", options?: import("crypto").ED25519KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ed448", options?: import("crypto").ED448KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "x25519", options?: import("crypto").X25519KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "x448", options?: import("crypto").X448KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "rsa", options: import("crypto").RSAKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "rsa-pss", options: import("crypto").RSAPSSKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "dsa", options: import("crypto").DSAKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ec", options: import("crypto").ECKeyPairKeyObjectOptions): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ed25519", options: import("crypto").ED25519KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ed25519", options?: import("crypto").ED25519KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "ed448", options: import("crypto").ED448KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "ed448", options?: import("crypto").ED448KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "x25519", options: import("crypto").X25519KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "x25519", options?: import("crypto").X25519KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"pem", "pem">): import("crypto").KeyPairSyncResult<string, string>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"pem", "der">): import("crypto").KeyPairSyncResult<string, Buffer>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"der", "pem">): import("crypto").KeyPairSyncResult<Buffer, string>;
-        generateKeyPairSync(type: "x448", options: import("crypto").X448KeyPairOptions<"der", "der">): import("crypto").KeyPairSyncResult<Buffer, Buffer>;
-        generateKeyPairSync(type: "x448", options?: import("crypto").X448KeyPairKeyObjectOptions | undefined): import("crypto").KeyPairKeyObjectResult;
-        generateKeyPair: typeof import("crypto").generateKeyPair;
-        sign(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").SignKeyObjectInput | import("crypto").SignPrivateKeyInput): Buffer;
-        sign(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").SignKeyObjectInput | import("crypto").SignPrivateKeyInput, callback: (error: Error | null, data: Buffer) => void): void;
-        sign(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").SignKeyObjectInput | import("crypto").SignPrivateKeyInput): Buffer;
-        sign(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").SignKeyObjectInput | import("crypto").SignPrivateKeyInput, callback: (error: Error | null, data: Buffer) => void): void;
-        verify(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").VerifyKeyObjectInput | import("crypto").VerifyPublicKeyInput | import("crypto").VerifyJsonWebKeyInput, signature: NodeJS.ArrayBufferView): boolean;
-        verify(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").VerifyKeyObjectInput | import("crypto").VerifyPublicKeyInput | import("crypto").VerifyJsonWebKeyInput, signature: NodeJS.ArrayBufferView, callback: (error: Error | null, result: boolean) => void): void;
-        verify(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").VerifyKeyObjectInput | import("crypto").VerifyPublicKeyInput | import("crypto").VerifyJsonWebKeyInput, signature: NodeJS.ArrayBufferView): boolean;
-        verify(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: import("crypto").KeyLike | import("crypto").VerifyKeyObjectInput | import("crypto").VerifyPublicKeyInput | import("crypto").VerifyJsonWebKeyInput, signature: NodeJS.ArrayBufferView, callback: (error: Error | null, result: boolean) => void): void;
-        diffieHellman(options: {
-            privateKey: import("crypto").KeyObject;
-            publicKey: import("crypto").KeyObject;
-        }): Buffer;
-        diffieHellman(options: {
-            privateKey: import("crypto").KeyObject;
-            publicKey: import("crypto").KeyObject;
-        }): Buffer;
-        getCipherInfo(nameOrNid: string | number, options?: import("crypto").CipherInfoOptions | undefined): import("crypto").CipherInfo | undefined;
-        getCipherInfo(nameOrNid: string | number, options?: import("crypto").CipherInfoOptions | undefined): import("crypto").CipherInfo | undefined;
-        hkdf(digest: string, irm: import("crypto").KeyObject | import("crypto").BinaryLike, salt: import("crypto").BinaryLike, info: import("crypto").BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => void): void;
-        hkdf(digest: string, irm: import("crypto").KeyObject | import("crypto").BinaryLike, salt: import("crypto").BinaryLike, info: import("crypto").BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => void): void;
-        hkdfSync(digest: string, ikm: import("crypto").KeyObject | import("crypto").BinaryLike, salt: import("crypto").BinaryLike, info: import("crypto").BinaryLike, keylen: number): ArrayBuffer;
-        hkdfSync(digest: string, ikm: import("crypto").KeyObject | import("crypto").BinaryLike, salt: import("crypto").BinaryLike, info: import("crypto").BinaryLike, keylen: number): ArrayBuffer;
-        secureHeapUsed(): import("crypto").SecureHeapUsage;
-        secureHeapUsed(): import("crypto").SecureHeapUsage;
-        randomUUID(options?: import("crypto").RandomUUIDOptions | undefined): `${string}-${string}-${string}-${string}-${string}`;
-        randomUUID(options?: import("crypto").RandomUUIDOptions | undefined): `${string}-${string}-${string}-${string}-${string}`;
-        generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptions, callback: (err: Error | null, prime: bigint | ArrayBuffer) => void): void;
-        generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
-        generatePrime(size: number, options: import("crypto").GeneratePrimeOptions, callback: (err: Error | null, prime: bigint | ArrayBuffer) => void): void;
-        generatePrimeSync(size: number): ArrayBuffer;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptionsBigInt): bigint;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptions): bigint | ArrayBuffer;
-        generatePrimeSync(size: number): ArrayBuffer;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptionsBigInt): bigint;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
-        generatePrimeSync(size: number, options: import("crypto").GeneratePrimeOptions): bigint | ArrayBuffer;
-        checkPrime(value: import("crypto").LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
-        checkPrime(value: import("crypto").LargeNumberLike, options: import("crypto").CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
-        checkPrime(value: import("crypto").LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
-        checkPrime(value: import("crypto").LargeNumberLike, options: import("crypto").CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
-        checkPrimeSync(candidate: import("crypto").LargeNumberLike, options?: import("crypto").CheckPrimeOptions | undefined): boolean;
-        checkPrimeSync(candidate: import("crypto").LargeNumberLike, options?: import("crypto").CheckPrimeOptions | undefined): boolean;
-        setEngine(engine: string, flags?: number | undefined): void;
-        setEngine(engine: string, flags?: number | undefined): void;
-        getRandomValues<T_8 extends import("crypto").webcrypto.BufferSource>(typedArray: T_8): T_8;
-        getRandomValues<T_9 extends import("crypto").webcrypto.BufferSource>(typedArray: T_9): T_9;
-        Certificate: typeof import("crypto").Certificate;
-        constants: typeof import("crypto").constants;
-        fips: boolean;
-        Hash: typeof import("crypto").Hash;
-        Hmac: typeof import("crypto").Hmac;
-        KeyObject: typeof import("crypto").KeyObject;
-        Cipher: typeof import("crypto").Cipher;
-        Decipher: typeof import("crypto").Decipher;
-        Sign: typeof import("crypto").Sign;
-        Verify: typeof import("crypto").Verify;
-        DiffieHellman: typeof import("crypto").DiffieHellman;
-        DiffieHellmanGroup: import("crypto").DiffieHellmanGroupConstructor;
-        ECDH: typeof import("crypto").ECDH;
-        DEFAULT_ENCODING: BufferEncoding;
-        X509Certificate: typeof import("crypto").X509Certificate;
-        subtle: import("crypto").webcrypto.SubtleCrypto;
-        webcrypto: import("crypto").webcrypto.Crypto;
-    } | {
-        webcrypto: undefined;
-    }>;
     stubThisGlobalThisCrypto: () => globalThis.Crypto;
     setCachedCrypto: (newCrypto: Crypto | undefined) => void;
 };

package/esm/helpers/iso/isoCrypto/getWebCrypto.js

@@ -3,29 +3,34 @@ let webCrypto = undefined;
  * Try to get an instance of the Crypto API from the current runtime. Should support Node,
  * as well as others, like Deno, that implement Web APIs.
  */
-export async function getWebCrypto() {
-    if (webCrypto) {
-        return webCrypto;
-    }
+export function getWebCrypto() {
     /**
-     * Naively attempt to access Crypto as a global object, which popular alternative run-times
-     * support.
+     * Hello there! If you came here wondering why this method is asynchronous when use of
+     * `globalThis.crypto` is not, it's to minimize a bunch of refactor related to making this
+     * synchronous. For example, `generateRegistrationOptions()` and `generateAuthenticationOptions()`
+     * become synchronous if we make this synchronous (since nothing else in that method is async)
+     * which represents a breaking API change in this library's core API.
+     *
+     * TODO: If it's after February 2025 when you read this then consider whether it still makes sense
+     * to keep this method asynchronous.
      */
-    const _globalThisCrypto = _getWebCryptoInternals.stubThisGlobalThisCrypto();
-    if (_globalThisCrypto) {
-        webCrypto = _globalThisCrypto;
-        return webCrypto;
-    }
-    /**
-     * `globalThis.crypto` isn't available, so attempt a Node import...
-     */
-    const _nodeCrypto = await _getWebCryptoInternals.stubThisImportNodeCrypto();
-    if (_nodeCrypto?.webcrypto) {
-        webCrypto = _nodeCrypto.webcrypto;
-        return webCrypto;
-    }
-    // We tried to access it both in Node and globally, so bail out
-    throw new MissingWebCrypto();
+    const toResolve = new Promise((resolve, reject) => {
+        if (webCrypto) {
+            return resolve(webCrypto);
+        }
+        /**
+         * Naively attempt to access Crypto as a global object, which popular ESM-centric run-times
+         * support (and Node v20+)
+         */
+        const _globalThisCrypto = _getWebCryptoInternals.stubThisGlobalThisCrypto();
+        if (_globalThisCrypto) {
+            webCrypto = _globalThisCrypto;
+            return resolve(webCrypto);
+        }
+        // We tried to access it both in Node and globally, so bail out
+        return reject(new MissingWebCrypto());
+    });
+    return toResolve;
 }
 export class MissingWebCrypto extends Error {
     constructor() {
@@ -36,26 +41,6 @@ export class MissingWebCrypto extends Error {
 }
 // Make it possible to stub return values during testing
 export const _getWebCryptoInternals = {
-    stubThisImportNodeCrypto: async () => {
-        try {
-            // dnt-shim-ignore
-            /**
-             * The `webpackIgnore` here is to help support Next.js' Edge runtime.
-             * See https://github.com/MasterKale/SimpleWebAuthn/issues/517 for more info.
-             */
-            const _nodeCrypto = await import(/* webpackIgnore: true */ 'crypto');
-            return _nodeCrypto;
-        }
-        catch (_err) {
-            /**
-             * Intentionally declaring webcrypto as undefined because we're assuming the Node import
-             * failed due to either:
-             * - `import()` isn't supported
-             * - `node:crypto` is unavailable.
-             */
-            return { webcrypto: undefined };
-        }
-    },
     stubThisGlobalThisCrypto: () => globalThis.crypto,
     // Make it possible to reset the `webCrypto` at the top of the file
     setCachedCrypto: (newCrypto) => {

package/esm/metadata/parseJWT.js

@@ -5,8 +5,8 @@ import { isoBase64URL } from '../helpers/iso/index.js';
 export function parseJWT(jwt) {
     const parts = jwt.split('.');
     return [
-        JSON.parse(isoBase64URL.toString(parts[0])),
-        JSON.parse(isoBase64URL.toString(parts[1])),
+        JSON.parse(isoBase64URL.toUTF8String(parts[0])),
+        JSON.parse(isoBase64URL.toUTF8String(parts[1])),
         parts[2],
     ];
 }

package/esm/registration/generateRegistrationOptions.d.ts

@@ -1,14 +1,17 @@
-import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialDescriptorFuture } from '../deps.js';
+import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../deps.js';
 export type GenerateRegistrationOptionsOpts = {
     rpName: string;
     rpID: string;
-    userID: string;
     userName: string;
+    userID?: Uint8Array;
     challenge?: string | Uint8Array;
     userDisplayName?: string;
     timeout?: number;
     attestationType?: AttestationConveyancePreference;
-    excludeCredentials?: PublicKeyCredentialDescriptorFuture[];
+    excludeCredentials?: {
+        id: Base64URLString;
+        transports?: AuthenticatorTransportFuture[];
+    }[];
     authenticatorSelection?: AuthenticatorSelectionCriteria;
     extensions?: AuthenticationExtensionsClientInputs;
     supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
@@ -20,24 +23,21 @@ export type GenerateRegistrationOptionsOpts = {
  */
 export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[];
 /**
- * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration"
+ * Prepare a value to pass into navigator.credentials.create(...) for authenticator registration
  *
  * **Options:**
  *
- * @param rpName User-visible, "friendly" website/service name
- * @param rpID Valid domain name (after `https://`)
- * @param userID User's website-specific unique ID
- * @param userName User's website-specific username (email, etc...)
- * @param challenge Random value the authenticator needs to sign and pass back
- * @param userDisplayName User's actual name
- * @param timeout How long (in ms) the user can take to complete attestation
- * @param attestationType Specific attestation statement
- * @param excludeCredentials Authenticators registered by the user so the user can't register the
- * same credential multiple times
- * @param authenticatorSelection Advanced criteria for restricting the types of authenticators that
- * may be used
- * @param extensions Additional plugins the authenticator or browser should use during attestation
- * @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
- * attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * @param rpName - User-visible, "friendly" website/service name
+ * @param rpID - Valid domain name (after `https://`)
+ * @param userName - User's website-specific username (email, etc...)
+ * @param userID **(Optional)** - User's website-specific unique ID. Defaults to generating a random identifier
+ * @param challenge **(Optional)** - Random value the authenticator needs to sign and pass back. Defaults to generating a random value
+ * @param userDisplayName **(Optional)** - User's actual name. Defaults to `""`
+ * @param timeout **(Optional)** - How long (in ms) the user can take to complete attestation. Defaults to `60000`
+ * @param attestationType **(Optional)** - Specific attestation statement. Defaults to `"none"`
+ * @param excludeCredentials **(Optional)** - Authenticators registered by the user so the user can't register the same credential multiple times. Defaults to `[]`
+ * @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
+ * @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
+ * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
  */
 export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): Promise<PublicKeyCredentialCreationOptionsJSON>;

package/esm/registration/generateRegistrationOptions.js

@@ -1,4 +1,5 @@
 import { generateChallenge } from '../helpers/generateChallenge.js';
+import { generateUserID } from '../helpers/generateUserID.js';
 import { isoBase64URL, isoUint8Array } from '../helpers/iso/index.js';
 /**
  * Supported crypto algo identifiers
@@ -46,28 +47,25 @@ const defaultAuthenticatorSelection = {
  */
 const defaultSupportedAlgorithmIDs = [-8, -7, -257];
 /**
- * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration"
+ * Prepare a value to pass into navigator.credentials.create(...) for authenticator registration
  *
  * **Options:**
  *
- * @param rpName User-visible, "friendly" website/service name
- * @param rpID Valid domain name (after `https://`)
- * @param userID User's website-specific unique ID
- * @param userName User's website-specific username (email, etc...)
- * @param challenge Random value the authenticator needs to sign and pass back
- * @param userDisplayName User's actual name
- * @param timeout How long (in ms) the user can take to complete attestation
- * @param attestationType Specific attestation statement
- * @param excludeCredentials Authenticators registered by the user so the user can't register the
- * same credential multiple times
- * @param authenticatorSelection Advanced criteria for restricting the types of authenticators that
- * may be used
- * @param extensions Additional plugins the authenticator or browser should use during attestation
- * @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
- * attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * @param rpName - User-visible, "friendly" website/service name
+ * @param rpID - Valid domain name (after `https://`)
+ * @param userName - User's website-specific username (email, etc...)
+ * @param userID **(Optional)** - User's website-specific unique ID. Defaults to generating a random identifier
+ * @param challenge **(Optional)** - Random value the authenticator needs to sign and pass back. Defaults to generating a random value
+ * @param userDisplayName **(Optional)** - User's actual name. Defaults to `""`
+ * @param timeout **(Optional)** - How long (in ms) the user can take to complete attestation. Defaults to `60000`
+ * @param attestationType **(Optional)** - Specific attestation statement. Defaults to `"none"`
+ * @param excludeCredentials **(Optional)** - Authenticators registered by the user so the user can't register the same credential multiple times. Defaults to `[]`
+ * @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
+ * @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
+ * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
  */
 export async function generateRegistrationOptions(options) {
-    const { rpName, rpID, userID, userName, challenge = await generateChallenge(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
+    const { rpName, rpID, userName, userID, challenge = await generateChallenge(), userDisplayName = '', timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
     /**
      * Prepare pubKeyCredParams from the array of algorithm ID's
      */
@@ -115,6 +113,20 @@ export async function generateRegistrationOptions(options) {
     if (typeof _challenge === 'string') {
         _challenge = isoUint8Array.fromUTF8String(_challenge);
     }
+    /**
+     * Explicitly disallow use of strings for userID anymore because `isoBase64URL.fromBuffer()` below
+     * will return an empty string if one gets through!
+     */
+    if (typeof userID === 'string') {
+        throw new Error(`String values for \`userID\` are no longer supported. See https://simplewebauthn.dev/docs/advanced/server/custom-user-ids`);
+    }
+    /**
+     * Generate a user ID if one is not provided
+     */
+    let _userID = userID;
+    if (!_userID) {
+        _userID = await generateUserID();
+    }
     return {
         challenge: isoBase64URL.fromBuffer(_challenge),
         rp: {
@@ -122,17 +134,23 @@ export async function generateRegistrationOptions(options) {
             id: rpID,
         },
         user: {
-            id: userID,
+            id: isoBase64URL.fromBuffer(_userID),
             name: userName,
             displayName: userDisplayName,
         },
         pubKeyCredParams,
         timeout,
         attestation: attestationType,
-        excludeCredentials: excludeCredentials.map((cred) => ({
-            ...cred,
-            id: isoBase64URL.fromBuffer(cred.id),
-        })),
+        excludeCredentials: excludeCredentials.map((cred) => {
+            if (!isoBase64URL.isBase64URL(cred.id)) {
+                throw new Error(`excludeCredential id "${cred.id}" is not a valid base64url string`);
+            }
+            return {
+                ...cred,
+                id: isoBase64URL.trimPadding(cred.id),
+                type: 'public-key',
+            };
+        }),
         authenticatorSelection,
         extensions: {
             ...extensions,

package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.js

@@ -23,8 +23,8 @@ export async function verifyAttestationAndroidSafetyNet(options) {
     // Prepare to verify a JWT
     const jwt = isoUint8Array.toUTF8String(response);
     const jwtParts = jwt.split('.');
-    const HEADER = JSON.parse(isoBase64URL.toString(jwtParts[0]));
-    const PAYLOAD = JSON.parse(isoBase64URL.toString(jwtParts[1]));
+    const HEADER = JSON.parse(isoBase64URL.toUTF8String(jwtParts[0]));
+    const PAYLOAD = JSON.parse(isoBase64URL.toUTF8String(jwtParts[1]));
     const SIGNATURE = jwtParts[2];
     /**
      * START Verify PAYLOAD