@transmitsecurity/platform-web-sdk 1.15.0

package/dist/web-sdk.d.ts

@@ -0,0 +1,1737 @@
+declare enum RecommendationType {
+    ALLOW = "ALLOW",
+    CHALLENGE = "CHALLENGE",
+    DENY = "DENY",
+    TRUST = "TRUST"
+}
+type EventResponse = {
+    actionToken?: string;
+    deviceId?: string;
+    recommendation?: Recommendation;
+    userId?: string;
+};
+type Recommendation = {
+    type: RecommendationType;
+};
+
+interface ActionResponse {
+    /** The token return by the SDK when the action was reported */
+    actionToken?: string;
+}
+interface InitOptions {
+    /** Opaque identifier of the user in your system */
+    userId?: string;
+}
+/**
+ * Initial parameters for SDK
+ */
+interface ConstructorOptions {
+    /** Print logs to console */
+    verbose?: boolean;
+    /** Your server URL
+     *
+     * Default value is https://collect.riskid.security */
+    serverPath?: string;
+    /** Enable session token fetching
+     *
+     * Default value is false */
+    enableSessionToken?: boolean;
+    /** First party server url for the identifiers migration
+     *
+     * Default value is undefined */
+    firstPartyMigrationUrl?: string;
+}
+interface TransactionData {
+    amount: number;
+    currency: string;
+    reason?: string;
+    transactionDate?: number;
+    payer?: {
+        name?: string;
+        bankIdentifier?: string;
+        branchIdentifier?: string;
+        accountNumber?: string;
+    };
+    payee?: {
+        name?: string;
+        bankIdentifier?: string;
+        branchIdentifier?: string;
+        accountNumber?: string;
+    };
+}
+interface ActionEventOptions {
+    /** Any ID that could help relate the action with external context or session */
+    correlationId?: string;
+    /** User ID of the not yet authenticated user, used to enhance risk and
+     * trust assessments. Once the user is authenticated,
+     * {@link TSAccountProtection.setAuthenticatedUser} should be called. */
+    claimedUserId?: string;
+    /**
+     * The reported claimedUserId type (if provided), should not contain PII unless it is hashed.
+     * Supported values: email, phone_number, account_id, ssn, national_id, passport_number, drivers_license_number, other.
+     */
+    claimedUserIdType?: string;
+    /**
+     * A transaction data-points object for transaction-monitoring
+     */
+    transactionData?: TransactionData;
+    /**
+     * Custom attributes matching the schema previously defined in the Admin Portal
+     */
+    customAttributes?: Record<string, string | number | boolean>;
+    /**
+     * The fields below are supported for Enterprise-IAM sdk usage actions, added `ignore` for avoiding preseting this attribute in the docs
+     * @ignore
+     */
+    publicKey?: string;
+    /**
+     * @ignore
+     */
+    extensionMetadata?: string;
+    /**
+     * @ignore
+     */
+    extensionDeviceAttributes?: Record<string, string>;
+    /**
+     * @ignore
+     */
+    suspiciousSignals?: string[];
+    /**
+     * @ignore
+     */
+    suspiciousContext?: string;
+    /**
+     * @ignore
+     */
+    downloadFile?: Record<string, boolean | string | number>;
+    /**
+     * @ignore
+     */
+    uploadFile?: Record<string, boolean | string | number>;
+}
+declare class TSAccountProtection {
+    private static initializedInstance;
+    private initializationPromise;
+    private isSDKDisabled;
+    private enableSessionToken;
+    private identifiersMigrationEnabled;
+    private firstPartyMigrationUrl;
+    private validationManager;
+    private storageManager;
+    private eventsManager;
+    private deviceDataManager;
+    private configManager;
+    private requestsManager;
+    private identityManager;
+    private migrationsManager;
+    private cryptoBinding;
+    private logsReporter;
+    private options;
+    private clientId;
+    /**
+     *
+     Creates a new Account Protection SDK instance with your client context
+     @param clientId Your AccountProtection client identifier
+     @param options SDK configuration options
+     */
+    constructor(clientId: string, options?: ConstructorOptions);
+    /** @ignore */
+    constructor(serverPath: string, clientId: string);
+    /**
+     * @ignore
+     * @returns List of loaded actions that can be invoked
+     */
+    get actions(): string[];
+    /** @ignore */
+    getActions(): Promise<string[]>;
+    getSessionToken(): Promise<any>;
+    /**
+     * Initializes the AccountProtection SDK, which starts automatically tracking and submitting info of the user journey
+     * @param options Init options
+     * @returns Indicates if the call succeeded
+     */
+    init(options?: InitOptions | string): Promise<boolean>;
+    private isInitialized;
+    /**
+     * Reports a user action event to the SDK
+     * @param actionType Type of user action event that was predefined in the Transmit Security server
+     * @returns Indicates if the call succeeded
+     */
+    triggerActionEvent(actionType: string, options?: ActionEventOptions): Promise<ActionResponse>;
+    /**
+     * @ignore
+     */
+    identifyUser(userId: string): Promise<boolean>;
+    private updateUserId;
+    /**
+     * @ignore
+     */
+    unidentifiedUser(): Promise<boolean>;
+    /**
+     * Sets the user context for all subsequent events in the browser session (or until the user is explicitly cleared)
+     * It should be set only after you've fully authenticated the user (including, for example, any 2FA that was required)
+     * @param userId Opaque identifier of the user in your system
+     * @param options Reserved for future use
+     * @returns Indicates if the call succeeded
+     */
+    setAuthenticatedUser(userId: string, options?: {}): Promise<boolean>;
+    /** @ignore */
+    setUser(userId: string, _options?: {}): Promise<boolean>;
+    /**
+     * Clears the user context for all subsequent events in the browser session
+     * @param options Reserved for future use
+     * @returns Indicates if the call succeeded
+     */
+    clearUser(options?: {}): Promise<boolean>;
+}
+
+declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
+    interface initConfigParams {
+        drs?: InitOptions & ConstructorOptions & {
+            enabled: boolean;
+        };
+    }
+}
+/**
+ * Reports a user action event to the SDK
+ * @param actionType Type of user action event that was predefined in the Transmit Security server
+ * @returns Indicates if the call succeeded
+ */
+declare const triggerActionEvent: TSAccountProtection['triggerActionEvent'];
+/** @ignore */
+declare const setUser: TSAccountProtection['setUser'];
+/**
+ * Sets the user context for all subsequent events in the browser session (or until the user is explicitly cleared)
+ * It should be set only after you've fully authenticated the user (including, for example, any 2FA that was required)
+ * @param userId Opaque identifier of the user in your system
+ * @param options Reserved for future use
+ * @returns Indicates if the call succeeded
+ */
+declare const setAuthenticatedUser: TSAccountProtection['setAuthenticatedUser'];
+/**
+ * Clears the user context for all subsequent events in the browser session
+ * @param options Reserved for future use
+ * @returns Indicates if the call succeeded
+ */
+declare const clearUser: TSAccountProtection['clearUser'];
+/** @ignore */
+declare const identifyUser: TSAccountProtection['identifyUser'];
+/** @ignore */
+declare const unidentifiedUser: TSAccountProtection['unidentifiedUser'];
+/** @ignore */
+declare const getActions: TSAccountProtection['getActions'];
+/** @ignore */
+declare const getSessionToken: TSAccountProtection['getSessionToken'];
+/** @ignore */
+declare const __internal: {
+    getDeviceId(): string;
+    getClientId(): string;
+    flush(): Promise<EventResponse>;
+};
+
+type webSdkModule_d_ActionEventOptions = ActionEventOptions;
+type webSdkModule_d_ActionResponse = ActionResponse;
+declare const webSdkModule_d___internal: typeof __internal;
+declare const webSdkModule_d_clearUser: typeof clearUser;
+declare const webSdkModule_d_getActions: typeof getActions;
+declare const webSdkModule_d_getSessionToken: typeof getSessionToken;
+declare const webSdkModule_d_identifyUser: typeof identifyUser;
+declare const webSdkModule_d_setAuthenticatedUser: typeof setAuthenticatedUser;
+declare const webSdkModule_d_setUser: typeof setUser;
+declare const webSdkModule_d_triggerActionEvent: typeof triggerActionEvent;
+declare const webSdkModule_d_unidentifiedUser: typeof unidentifiedUser;
+declare namespace webSdkModule_d {
+  export { webSdkModule_d___internal as __internal, webSdkModule_d_clearUser as clearUser, webSdkModule_d_getActions as getActions, webSdkModule_d_getSessionToken as getSessionToken, webSdkModule_d_identifyUser as identifyUser, webSdkModule_d_setAuthenticatedUser as setAuthenticatedUser, webSdkModule_d_setUser as setUser, webSdkModule_d_triggerActionEvent as triggerActionEvent, webSdkModule_d_unidentifiedUser as unidentifiedUser };
+  export type { webSdkModule_d_ActionEventOptions as ActionEventOptions, webSdkModule_d_ActionResponse as ActionResponse };
+}
+
+/**
+ * The `idv` module allows you to integrate identity verification services into your application. This allows you to
+ * securely verify the identity of your customers using documents like their driver's license or passport.
+ *
+ * After the SDK is initialized, your app can start a verification flow by creating a session in the backend to establish
+ * a secure context and then start the verification session by calling {@link module:tsPlatform.idv.start|start}. The SDK executes
+ * the verification process with the user using the Transmit identity verification experience. Once all the required images are submitted,
+ * Transmit starts processing the verification while the SDK polls for its status. Once processing is completed, the SDK notifies the app
+ * so it can obtain the verification result (via the backend) and proceed accordingly.
+ * @module tsPlatform.idv
+ */
+
+/**
+ * Starts a verification session that was created in the backend (via the [Verification API](/openapi/verify/verifications/#operation/createSession)).
+ * This will start the verification process for the user and guides them through the entire identity verification flow
+ * using the Transmit identity verification experience, which includes capturing the required images and submitting them for processing.
+ * @function start
+ * @param {string} startToken - The start_token returned by the backend when the session was created, used to
+ * bind the session to the device
+ * @returns {Promise<boolean>} Indicates if the session was started successfully
+ * @memberof module:core
+ * @example
+ * const showLoader = true;
+ * const startToken = '123456'; // start_token returned by the backend upon session creation
+ * tsPlatform.idv.start(startToken).then((started) => {
+ *  showLoader = false;
+ *  if (started) {
+ *    console.log('Session started');
+ *  } else {
+ *    console.log('Session not started');
+ *  }
+ * });
+ */
+declare function start(startToken?: string): Promise<boolean>;
+/**
+ * Recaptures the required images in case the `recapture` status is returned. For example, this may occur in case some data
+ * couldn't be extracted due to poor image quality.
+ * @function recapture
+ * @returns {Promise<boolean>} Indicates if the session was started successfully
+ * @memberof module:core
+ * @example
+ * const showLoader = true;
+ * tsPlatform.idv.recapture().then((success) => {
+ *  showLoader = false;
+ *  if (success) {
+ *    console.log('Recapture started');
+ *  } else {
+ *    console.log('Recapture not started');
+ *  }
+ * });
+ */
+declare function recapture(): Promise<boolean>;
+/**
+ * deprecated use {@link module:tsPlatform.idv.recapture|recapture} instead
+ * TODO: [VER-3126](https://transmitsecurity.atlassian.net/browse/VER-3126)
+ */
+declare function restart(): Promise<boolean>;
+declare const version: () => string;
+
+declare const index_d$1_recapture: typeof recapture;
+declare const index_d$1_restart: typeof restart;
+declare const index_d$1_start: typeof start;
+declare const index_d$1_version: typeof version;
+declare namespace index_d$1 {
+  export {
+    index_d$1_recapture as recapture,
+    index_d$1_restart as restart,
+    index_d$1_start as start,
+    index_d$1_version as version,
+  };
+}
+
+/**
+ * Alternate paths used by the SDK to route API calls to your proxy server.
+ */
+interface WebauthnApis {
+    /**
+     * @defaultValue `/v1/auth/webauthn/authenticate/start`
+     */
+    startAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/register/start`
+     */
+    startRegistration: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/register/start`
+     */
+    startCrossDeviceRegistration: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/init`
+     */
+    initCrossDeviceAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/start`
+     */
+    startCrossDeviceAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/status`
+     */
+    getCrossDeviceTicketStatus: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/attach-device`
+     */
+    attachDeviceToCrossDeviceSession: string;
+}
+/**
+ * @private
+ */
+interface WebAuthnInitOptions {
+    /**
+     * Base path for sending API requests. This would be either a Transmit Security API deployment URL
+     * such as documented for sandbox, or if you are proxying API requests from your backend - then the base path to your proxy.
+     */
+    serverPath: string;
+    /**
+     * Override endpoints when using a proxy server in case the proxy server implements its own paths.
+     */
+    webauthnApiPaths?: WebauthnApis;
+}
+
+/**
+ * WebAuthn cross device interfaces
+ */
+declare enum WebauthnCrossDeviceStatus {
+    Pending = "pending",
+    Scanned = "scanned",
+    Success = "success",
+    Error = "error",
+    Timeout = "timeout",
+    Aborted = "aborted"
+}
+/**
+ * WebAuthn cross device handlers interfaces
+ */
+interface CrossDeviceController {
+    /**
+     * Ticket ID for this cross-device flow.
+     */
+    crossDeviceTicketId: string;
+    /**
+     * Stops listening for events from devices in cross-device flows
+     */
+    stop: () => void;
+}
+/**
+ * WebAuthn cross device status response interfaces
+ */
+interface ApiCrossDeviceStatusResponse {
+    /**
+     * cross device status
+     */
+    status: WebauthnCrossDeviceStatus;
+    /**
+     * authentication session id
+     */
+    session_id?: string;
+}
+/**
+ * WebAuthn cross device attach device result interfaces
+ */
+interface AttachDeviceResult {
+    /**
+     * cross device status
+     */
+    status: WebauthnCrossDeviceStatus;
+    /**
+     * ticket creation timestamp
+     */
+    startedAt: string;
+    /**
+     * session's approval data (if exists)
+     */
+    approvalData?: Record<string, string>;
+}
+
+interface BaseCrossDeviceHandlers {
+    /**
+     * Called when the user has successfully attached a device to the cross-device flow using the {@link WebauthnCrossDeviceFlows.attachDevice} method.
+     */
+    onDeviceAttach: () => Promise<void>;
+    /**
+     * Called when there was an error in the cross-device flow with status response {@link ApiCrossDeviceStatusResponse}.
+     */
+    onFailure: (error: ApiCrossDeviceStatusResponse) => Promise<void>;
+}
+interface CrossDeviceAuthenticationHandlers extends BaseCrossDeviceHandlers {
+    /**
+     * Called upon successful webauthn authentication.
+     * @param sessionId Session ID that will be exchanged for the user's access and ID tokens using the /v1/auth/session/authenticate API
+     */
+    onCredentialAuthenticate: (sessionId: string) => Promise<void>;
+}
+interface CrossDeviceRegistrationHandlers extends BaseCrossDeviceHandlers {
+    /**
+     * Called upon successful webauthn registration.
+     */
+    onCredentialRegister: () => Promise<void>;
+}
+
+interface WebauthnCrossDeviceRegistrationOptions {
+    /**
+     * Allow registration using cross-platform authenticators, such as a USB security key or a different device. If enabled, cross-device authentication flows can be performed using the native browser experience (via QR code). default: True
+     */
+    allowCrossPlatformAuthenticators?: boolean;
+    /**
+     * Must be set to true to register credentials as passkeys when supported (except for Apple devices, which always register credentials as passkeys). default: True
+     */
+    registerAsDiscoverable?: boolean;
+}
+interface WebauthnRegistrationOptions extends WebauthnCrossDeviceRegistrationOptions {
+    /**
+     * Human-palatable name for the user account, only for display (max 64 characters). If not set, the username parameter will also act as the display name
+     */
+    displayName?: string;
+    /**
+     * The timeout in seconds for the registration process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.RegistrationAbortedTimeout}.
+     */
+    timeout?: number;
+    /**
+     * Set to True in order to limit the creation of multiple credentials for the same account on a single authenticator. default: False
+     */
+    limitSingleCredentialToDevice?: boolean;
+}
+
+interface WebauthnCrossDeviceFlows {
+    /**
+     * Initializes a cross device flow, such as when users request to login to a desktop using their mobile device. Once invoked, the SDK will start listening for events occurring on the other device,
+     * and calls your handlers when a state change is detected.
+     * These methods return a promise that resolves to a {@link CrossDeviceController} object, which allows you to stop listening to events and includes the cross-device ticket ID which is used when attaching another device to the flow.
+     */
+    init: {
+        /**
+         * Start a cross device registration flow
+         * This call receives a cross-device ticket ID, and a {@link CrossDeviceRegistrationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        registration: (params: {
+            crossDeviceTicketId: string;
+            handlers: CrossDeviceRegistrationHandlers;
+        }) => Promise<CrossDeviceController>;
+        /**
+         * Start a cross device authentication flow
+         * This call receives an optional username (if already known), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the attached device. If username is provided, this call must be invoked for a registered username.
+         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        authentication: (params: {
+            username?: string;
+            handlers: CrossDeviceAuthenticationHandlers;
+        }) => Promise<CrossDeviceController>;
+        /**
+         * Start a cross device approval flow
+         * This call receives a optional username, approval data (data to be signed using a passkey), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * This call must be invoked for a registered username.
+         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.InvalidApprovalData}
+         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        approval: (params: {
+            username: string;
+            approvalData: Record<string, string>;
+            handlers: CrossDeviceAuthenticationHandlers;
+        }) => Promise<CrossDeviceController>;
+    };
+    authenticate: {
+        /**
+         * Invokes a WebAuthn authentication for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
+         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.AuthenticationFailed}
+         * @throws {@link ErrorCode.AuthenticationCanceled}
+         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+         */
+        modal: (crossDeviceTicketId: string) => Promise<string>;
+    };
+    approve: {
+        /**
+         * Invokes a WebAuthn approval for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
+         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.AuthenticationFailed}
+         * @throws {@link ErrorCode.AuthenticationCanceled}
+         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+         */
+        modal: (crossDeviceTicketId: string) => Promise<string>;
+    };
+    /**
+     * Invokes a WebAuthn credential registration for the user used in the cross device session init, including prompting the user for biometrics.
+     * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
+     * If registration fails, an SdkError will be thrown.
+     * If the backend registration call was successful, {@link CrossDeviceRegistrationHandlers.onCredentialRegister} will be called.
+     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+     * @param options Additional configuration for registration flow
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.RegistrationFailed}
+     * @throws {@link ErrorCode.RegistrationCanceled}
+     */
+    register: (crossDeviceTicketId: string, options?: WebauthnCrossDeviceRegistrationOptions) => Promise<string>;
+    /**
+     * Indicates when a session is accepted on another device in cross-device flows.
+     *
+     * If successful,{@link CrossDeviceRegistrationHandlers.onDeviceAttach} will be called in registration flow and {@link CrossDeviceAuthenticationHandlers.onDeviceAttach} for authentication.
+     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+     * @returns AttachDeviceResult {@link AttachDeviceResult}. Object containing the ticket status, creation timestamp, and approval data (if passed in the init.authentication() call)
+     */
+    attachDevice: (crossDeviceTicketId: string) => Promise<AttachDeviceResult>;
+}
+
+/**
+ * @enum
+ */
+declare enum ErrorCode$1 {
+    /**
+     * Either the SDK init call failed or another function was called before initializing the SDK
+     */
+    NotInitialized = "not_initialized",
+    /**
+     * When the call to {@link WebauthnApis.startAuthentication} failed
+     */
+    AuthenticationFailed = "authentication_failed",
+    /**
+     * When {@link  WebauthnAuthenticationFlows.modal authenticate.modal} or {@link  AutofillHandlers.activate authenticate.autofill.activate} is called and the modal is closed by the user
+     */
+    AuthenticationAbortedTimeout = "authentication_aborted_timeout",
+    /**
+     * When {@link register} is called and the modal is closed when reaching the timeout
+     */
+    AuthenticationCanceled = "webauthn_authentication_canceled",
+    /**
+     * When the call to {@link WebauthnApis.startRegistration} failed
+     */
+    RegistrationFailed = "registration_failed",
+    /**
+    / When The user attempted to register an authenticator that contains one of the credentials already registered with the relying party.
+     */
+    AlreadyRegistered = "username_already_registered",
+    /**
+     * When {@link register} is called and the modal is closed by the user
+     */
+    RegistrationAbortedTimeout = "registration_aborted_timeout",
+    /**
+     * When {@link register} is called and the modal is closed when reaching the timeout
+     */
+    RegistrationCanceled = "webauthn_registration_canceled",
+    /**
+     * Passkey autofill authentication was aborted by {@link AutofillHandlers.abort}
+     */
+    AutofillAuthenticationAborted = "autofill_authentication_aborted",
+    /**
+     * Passkey authentication is already active. To start a new authentication, abort the current one first by calling {@link AutofillHandlers.abort}
+     */
+    AuthenticationProcessAlreadyActive = "authentication_process_already_active",
+    /**
+     * The ApprovalData parameter was sent in the wrong format
+     */
+    InvalidApprovalData = "invalid_approval_data",
+    /**
+     * When the call to {@link WebauthnApis.initCrossDeviceAuthentication}  failed   */
+    FailedToInitCrossDeviceSession = "cross_device_init_failed",
+    /**
+     * When the call to {@link WebauthnApis.getCrossDeviceTicketStatus}  failed   */
+    FailedToGetCrossDeviceStatus = "cross_device_status_failed",
+    /**
+     * When the SDK operation fails on an unhandled error
+     */
+    Unknown = "unknown"
+}
+
+/**
+ * Common interface for `Promise` rejections.
+ * Developers should handle according to the `errorCode`
+ */
+interface SdkError {
+    /**
+     * Error code from {@link ErrorCode}
+     */
+    readonly errorCode: ErrorCode$1;
+    /**
+     * Error message
+     */
+    readonly message: string;
+    /**
+     * Additional data
+     */
+    readonly data?: any;
+}
+
+interface AuthenticationAutofillActivateHandlers {
+    /**
+     * A Callback function that will be triggered once biometrics signing is completed successfully.
+     * @param webauthn_encoded_result
+     */
+    onSuccess: (webauthn_encoded_result: string) => Promise<void>;
+    /**
+     * A Callback function that will be triggered if authentication fails with an SdkError.
+     * @param err
+     */
+    onError?: (err: SdkError) => Promise<void>;
+    /**
+     * A Callback function that will be triggered when challenge excepted from the service and autofill is ready to use.
+     */
+    onReady?: () => void;
+}
+
+interface AutofillHandlers {
+    /**
+     * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials using autofill, and then prompting the user for biometrics. In order to prompt this credentials list, the autocomplete="username webauthn" attribute **must** be defined on the username input box of the authentication page.<br/>
+     * If authentication is completed successfully, the `onSuccess` callback will be triggered with the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+     * If it fails, the `onError` callback will be triggered with an SdkError.
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.AuthenticationFailed}
+     * @throws {@link ErrorCode.AuthenticationCanceled}
+     * @throws {@link ErrorCode.AutofillAuthenticationAborted}
+     * @param handlers Handlers that will be invoked once the authentication is completed (success or failure)
+     * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
+     */
+    activate(handlers: AuthenticationAutofillActivateHandlers, username?: string): void;
+    /**
+     * Aborts a WebAuthn authentication. This method should be called after the passkey autofill is dismissed in order to be able to query existing passkeys once again. This will end the browser's  `navigator.credentials.get()` operation.
+     */
+    abort(): void;
+}
+
+interface WebauthnAuthenticationOptions {
+    /**
+     * The timeout in seconds for the authentication process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.AuthenticationAbortedTimeout}.
+     */
+    timeout?: number;
+}
+
+interface WebauthnAuthenticationFlows {
+    /**
+       * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+       * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+       * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+  
+       * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
+       * @param options {@link WebauthnAuthenticationOptions} Options for the authentication process
+       * @throws {@link ErrorCode.NotInitialized}
+       * @throws {@link ErrorCode.AuthenticationFailed}
+       * @throws {@link ErrorCode.AuthenticationCanceled}
+       * @throws {@link ErrorCode.InvalidApprovalData}
+       * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
+       * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+       */
+    modal(username?: string, options?: WebauthnAuthenticationOptions): Promise<string>;
+    /**
+     * Property used to implement credential selection via autofill UI.
+     */
+    autofill: AutofillHandlers;
+}
+
+interface WebauthnApprovalFlows {
+    /**
+     * Invokes a WebAuthn approval, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+     * This call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+     * If approval is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+     * @param username Name of user account, as used in the WebAuthn registration.
+     * @param approvalData Data that represents the approval to be signed with a passkey
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.InvalidApprovalData}
+     * @throws {@link ErrorCode.AuthenticationFailed}
+     * @throws {@link ErrorCode.AuthenticationCanceled}
+     * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
+     * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+     */
+    modal(username: string | undefined, approvalData: Record<string, string>): Promise<string>;
+}
+
+declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
+    interface initConfigParams {
+        webauthn?: WebAuthnInitOptions;
+    }
+}
+/**
+ * Returns the authentication flows for webauthn
+ */
+declare const authenticate: WebauthnAuthenticationFlows;
+declare const approve: WebauthnApprovalFlows;
+/**
+ * Invokes a WebAuthn credential registration for the specified user, including prompting the user for biometrics.
+ * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
+ *
+ * If registration fails, an SdkError will be thrown.
+ *
+ * @param username WebAuthn username to register
+ * @param options Additional configuration for registration flow
+ * @throws {@link ErrorCode.NotInitialized}
+ * @throws {@link ErrorCode.RegistrationFailed}
+ * @throws {@link ErrorCode.RegistrationCanceled}
+ */
+declare function register(username: string, options?: WebauthnRegistrationOptions): Promise<string>;
+/**
+ * Returns webauthn cross device flows
+ * @type WebauthnCrossDeviceFlows
+ */
+declare const crossDevice: WebauthnCrossDeviceFlows;
+/**
+ * Indicates whether this browser supports WebAuthn, and has a platform authenticator
+ */
+declare const isPlatformAuthenticatorSupported: () => Promise<boolean | undefined>;
+/**
+ * Indicates whether this browser supports Passkey Autofill
+ */
+declare const isAutofillSupported: () => Promise<boolean>;
+/**
+ * Returns the default API paths for webauthn
+ */
+declare const getDefaultPaths: () => WebauthnApis;
+
+type index_d_ApiCrossDeviceStatusResponse = ApiCrossDeviceStatusResponse;
+type index_d_AttachDeviceResult = AttachDeviceResult;
+type index_d_AuthenticationAutofillActivateHandlers = AuthenticationAutofillActivateHandlers;
+type index_d_AutofillHandlers = AutofillHandlers;
+type index_d_CrossDeviceAuthenticationHandlers = CrossDeviceAuthenticationHandlers;
+type index_d_CrossDeviceController = CrossDeviceController;
+type index_d_CrossDeviceRegistrationHandlers = CrossDeviceRegistrationHandlers;
+type index_d_SdkError = SdkError;
+type index_d_WebauthnApis = WebauthnApis;
+type index_d_WebauthnApprovalFlows = WebauthnApprovalFlows;
+type index_d_WebauthnAuthenticationFlows = WebauthnAuthenticationFlows;
+type index_d_WebauthnAuthenticationOptions = WebauthnAuthenticationOptions;
+type index_d_WebauthnCrossDeviceFlows = WebauthnCrossDeviceFlows;
+type index_d_WebauthnCrossDeviceRegistrationOptions = WebauthnCrossDeviceRegistrationOptions;
+type index_d_WebauthnCrossDeviceStatus = WebauthnCrossDeviceStatus;
+declare const index_d_WebauthnCrossDeviceStatus: typeof WebauthnCrossDeviceStatus;
+type index_d_WebauthnRegistrationOptions = WebauthnRegistrationOptions;
+declare const index_d_approve: typeof approve;
+declare const index_d_authenticate: typeof authenticate;
+declare const index_d_crossDevice: typeof crossDevice;
+declare const index_d_getDefaultPaths: typeof getDefaultPaths;
+declare const index_d_isAutofillSupported: typeof isAutofillSupported;
+declare const index_d_isPlatformAuthenticatorSupported: typeof isPlatformAuthenticatorSupported;
+declare const index_d_register: typeof register;
+declare namespace index_d {
+  export { ErrorCode$1 as ErrorCode, index_d_WebauthnCrossDeviceStatus as WebauthnCrossDeviceStatus, index_d_approve as approve, index_d_authenticate as authenticate, index_d_crossDevice as crossDevice, index_d_getDefaultPaths as getDefaultPaths, index_d_isAutofillSupported as isAutofillSupported, index_d_isPlatformAuthenticatorSupported as isPlatformAuthenticatorSupported, index_d_register as register };
+  export type { index_d_ApiCrossDeviceStatusResponse as ApiCrossDeviceStatusResponse, index_d_AttachDeviceResult as AttachDeviceResult, index_d_AuthenticationAutofillActivateHandlers as AuthenticationAutofillActivateHandlers, index_d_AutofillHandlers as AutofillHandlers, index_d_CrossDeviceAuthenticationHandlers as CrossDeviceAuthenticationHandlers, index_d_CrossDeviceController as CrossDeviceController, index_d_CrossDeviceRegistrationHandlers as CrossDeviceRegistrationHandlers, index_d_SdkError as SdkError, index_d_WebauthnApis as WebauthnApis, index_d_WebauthnApprovalFlows as WebauthnApprovalFlows, index_d_WebauthnAuthenticationFlows as WebauthnAuthenticationFlows, index_d_WebauthnAuthenticationOptions as WebauthnAuthenticationOptions, index_d_WebauthnCrossDeviceFlows as WebauthnCrossDeviceFlows, index_d_WebauthnCrossDeviceRegistrationOptions as WebauthnCrossDeviceRegistrationOptions, index_d_WebauthnRegistrationOptions as WebauthnRegistrationOptions };
+}
+
+/**
+ * @interface
+ * @description Parameters for SDK initialization
+ */
+interface IdoInitOptions {
+    /**
+     * Base path for sending API requests. This would be the base URL of the orchestration server.
+     */
+    serverPath: string;
+    /**
+     * An optional resource URI, if defined in the application settings in the admin portal
+     */
+    resource?: string;
+    /**
+     * The log level for the SDK. Default is LogLevel.Info
+     * @default LogLevel.Info
+     * @see {@link LogLevel}
+     */
+    logLevel?: LogLevel;
+    /**
+     * The timeout for polling requests to the server for the wait for another device action in seconds.
+     * @default 3
+     * @see {@link IdoJourneyActionType.WaitForAnotherDevice}
+     */
+    pollingTimeout?: number;
+    /**
+     * The expected locale format is the standard language tags as defined by the localization RFC 5646 (https://datatracker.ietf.org/doc/html/rfc5646).
+     */
+    locale?: string;
+}
+/**
+ * @interface
+ * @description Optional parameters for starting an SDK journey
+ */
+interface StartJourneyOptions {
+    /**
+     * Additional parameters to be passed to the Journey, Optional.
+     */
+    additionalParams?: any;
+    /**
+     * A unique identifier for the flow. Will be auto generated if not provided.
+     */
+    correlationId?: string;
+    /**
+     * Should client-server communication be double encrypted? Defaults to false.
+     */
+    encrypted?: boolean;
+}
+/**
+ * @interface
+ * @description Optional parameters for starting an SSO journey
+ */
+interface StartSsoJourneyOptions {
+    /**
+   * Should client-server communication be double encrypted? Defaults to false.
+   */
+    encrypted?: boolean;
+}
+/**
+ * @enum
+ * @description The enum for the log levels.
+ */
+declare enum LogLevel {
+    Debug = 0,
+    Info = 1,
+    Warning = 2,
+    Error = 3
+}
+/**
+ * @enum
+ * @description The enum for the sdk error codes.
+ */
+declare enum ErrorCode {
+    /**
+     * @description The init options object is invalid.
+     */
+    InvalidInitOptions = "invalid_initialization_options",
+    /**
+     * @description The sdk is not initialized.
+     */
+    NotInitialized = "not_initialized",
+    /**
+     * @description There is no active Journey.
+     */
+    NoActiveJourney = "no_active_journey",
+    /**
+     * @description Unable to receive response from the server.
+     */
+    NetworkError = "network_error",
+    /**
+     * @description The client response to the Journey is not valid.
+     */
+    ClientResponseNotValid = "client_response_not_valid",
+    /**
+     * @description The server returned an unexpected error.
+     */
+    ServerError = "server_error",
+    /**
+     * @description The provided state is not valid for SDK state recovery.
+     */
+    InvalidState = "invalid_state",
+    /**
+     * @description The provided credentials are invalid.
+     */
+    InvalidCredentials = "invalid_credentials",
+    /**
+     * @description The provided OTP passcode is expired.
+     */
+    ExpiredOTPPasscode = "expired_otp_passcode",
+    /**
+     * @description The provided validation passcode is expired.
+     */
+    ExpiredValidationPasscode = "expired_validation_passcode",
+    /**
+     * @description Max resend attempts reached
+     */
+    MaxResendReached = "expired_otp_passcode"
+}
+/**
+ * @interface
+ * @description Common interface for Promise rejections. Developers should handle according to the @errorCode
+ */
+interface IdoSdkError {
+    /**
+     * @description The error code.
+     */
+    readonly errorCode: ErrorCode;
+    /**
+     * @description The error description.
+     */
+    readonly description: string;
+    /**
+     * @description The error additional data. Optional.
+     */
+    readonly data?: any;
+}
+/**
+ * @enum
+ * @description The enum for the client response option types.
+ */
+declare enum ClientResponseOptionType {
+    /**
+     * @description Client response option type for client input. This is the standard response option for any step.
+     */
+    ClientInput = "client_input",
+    /**
+   * @description Client response option type for a cancelation branch in the Journey. Use this for canceling the current step.
+   */
+    Cancel = "cancel",
+    /**
+     * @description Client response option type for a failure branch in the Journey. Use this for reporting client side failure for the current step.
+     */
+    Fail = "failure",
+    /**
+     * @description Client response option type for custom branch in the Journey, used for custom branching.
+     */
+    Custom = "custom",
+    /**
+     * @description Client response option type for a resend of the OTP. Use this for restarting the current step (sms / email otp authentication).
+     */
+    Resend = "resend"
+}
+/**
+ * @interface
+ * @description The interface for client response option object. Use this object to submit client input to the Journey
+ * step to process, cancel the current step or choose a custom branch.
+ */
+interface ClientResponseOption {
+    /**
+     * @description The type of the client response option.
+     */
+    readonly type: ClientResponseOptionType;
+    /**
+     * @description The id of the client response option.
+     * Journey step unique id is provided for the {@link ClientResponseOptionType.Custom} response option type.
+     * {@link ClientResponseOptionType.ClientInput} and {@link ClientResponseOptionType.Cancel} have standard Ids _ClientInput_ and _Cancel_, respectively.
+     */
+    readonly id: string;
+    /**
+     * @description The label of the client response option.
+     */
+    readonly label: string;
+    /**
+     * @description Optional schema object that can be used for UI rendering.
+     */
+    schema?: Record<string, any>;
+}
+/**
+ * @deprecated
+ * @enum
+ * @description Deprecated enum. Use {@link IdoJourneyActionType} instead to detect completion, rejection, or a step that requires client input.
+ */
+declare enum IdoServiceResponseType {
+    /**
+     * @description The Journey ended successfully.
+     */
+    JourneySuccess = "journey_success",
+    /**
+     * @description The Journey reached a step that requires client input.
+     */
+    ClientInputRequired = "client_input_required",
+    /**
+     * @description The current Journey step updated the client data or provided an error message.
+     */
+    ClientInputUpdateRequired = "client_input_update_required",
+    /**
+     * @description The Journey ended with explicit rejection.
+     */
+    JourneyRejection = "journey_rejection"
+}
+/**
+ * @enum
+ * @description The enum for the Journey step ID, used when the journey step is a predefined typed action.
+ * The actions that do not use this are "Get Information from Client" and "Login Form" which allow the journey author to define a custom ID.
+ * See also {@link IdoServiceResponse.journeyStepId}.
+ */
+declare enum IdoJourneyActionType {
+    /**
+     * @description `journeyStepId` for a journey rejection.
+     */
+    Rejection = "action:rejection",
+    /**
+     * @description `journeyStepId` for a journey completion.
+     */
+    Success = "action:success",
+    /**
+     * @description `journeyStepId` for an Information action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     * These are the text values that are configured for the Information action step in the journey editor.
+     * This can be used to display the information to the user.
+     * ```json
+     * {
+     *  "data": {
+     *    "title": "<TITLE>",
+     *    "text": "<TEXT>",
+     *    "button_text": "<BUTTON TEXT>"
+     *  }
+     * }
+     * ```
+     * The client response does not need to include any data: `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.ClientInput);`
+     */
+    Information = "action:information",
+    /**
+     * @description `journeyStepId` for a server side debugger breakpoint.
+     * This response is sent to the client side when the journey debugger has reached a breakpoint, and will continue to return while
+     * the journey debugger is paused.
+     *
+     * The {@link IdoServiceResponse} object does not include any data.
+     *
+     * The client response does not need to include any data: `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.ClientInput);`
+     */
+    DebugBreak = "action:debug_break",
+    /**
+     * @description `journeyStepId` for a Wait for Cross Session Message action.
+     *
+     * The {@link IdoServiceResponse} object includes information that can be presented as a QR to scan by another device.
+     * The response will remain the same while the cross session message was not consumed by the journey executed by the other device.
+     *
+     * The client response does not need to include any data: `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.ClientInput);`
+     */
+    WaitForAnotherDevice = "action:wait_for_another_device",
+    /**
+     * @hidden
+     * @deprecated Use {@link IdoJourneyActionType.RegisterDeviceAction} instead.
+     */
+    CryptoBindingRegistration = "action:crypto_binding_registration",
+    /**
+     * @hidden
+     * @deprecated Use {@link IdoJourneyActionType.ValidateDeviceAction} instead.
+     */
+    CryptoBindingValidation = "action:crypto_binding_validation",
+    /**
+     * @hidden
+     * @description `journeyStepId` for Register Device action.
+     * This action is handled automatically by the SDK.
+     */
+    RegisterDeviceAction = "transmit_platform_device_registration",
+    /**
+     * @hidden
+     * @description `journeyStepId` for Validate Device action.
+     * This action is handled automatically by the SDK.
+     */
+    ValidateDeviceAction = "transmit_platform_device_validation",
+    /**
+     * @description `journeyStepId` for WebAuthn Registration action.
+     *
+     * Data received in the {@link IdoServiceResponse} object: the input parameters that you need to send to `tsPlatform.webauthn.register()`
+     * ```json
+     * {
+     *  "data": {
+     *    "username": "<USERNAME>",
+     *    "display_name": "<DISPLAY_NAME>",
+     *    "register_as_discoverable": <true|false>,
+     *    "allow_cross_platform_authenticators": <true|false>
+     *  }
+     * }
+     * ```
+     *
+     * Before responding, activate `tsPlatform.webauthn.register()` to obtain the `webauthn_encoded_result` value.
+     * This will present the user with the WebAuthn registration UI. Use the result to send the client response:
+     * ```json
+     * tsPlatform.ido.submitClientResponse(
+     *     ClientResponseOptionType.ClientInput,
+     *     {
+     *         "webauthn_encoded_result": "<WEBAUTHN_ENCODED_RESULT_FROM_SDK>"
+     *     })
+     * ```
+     */
+    WebAuthnRegistration = "action:webauthn_registration",
+    /**
+     * @description `journeyStepId` for instructing the use of DRS trigger action, as part of the Risk Recommendation journey step.
+     *
+     * Data received in the {@link IdoServiceResponse} object: the input parameters that you need to send to `tsPlatform.drs.triggerActionEvent()`
+     * ```json
+     * {
+     *  "data": {
+     *     "correlation_id": "a47ed80a-41f9-464a-a42f-fce775b6e446",
+     *     "user_id": "user",
+     *     "action_type": "login"
+     *  },
+     * }
+     * ```
+     * Before responding, activate `tsPlatform.drs.triggerActionEvent()` to obtain the `action_token` value. This is a silent action, and does not require user interaction.
+     * Use the result to send the client response:
+     * ```json
+     * tsPlatform.ido.submitClientResponse(
+     *     ClientResponseOptionType.ClientInput,
+     *     {
+     *         "action_token": "<DRS action token>"
+     *     })
+     * ```
+     */
+    DrsTriggerAction = "action:drs_trigger_action",
+    /**
+     * @description `journeyStepId` for Identity Verification action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     * ```json
+     * {
+     *  "data": {
+     *    "payload": {
+     *      "endpoint": "<endpoint to redirect>",
+     *      "base_endpoint": "<base endpoint>",
+     *      "start_token": "<start token>",
+     *      "state": "<state>",
+     *      "session": "<session>"
+     *      },
+     *    }
+     * }
+     * ```
+     * Use this data to redirect the user to the identity verification endpoint.
+     * Since this redirects to a different page, make sure you store the SDK state by calling `tsPlatform.ido.serializeState()`, and saving the response data in the session storage.
+     * After the user completes the identity verification, you can restore the SDK state and continue the journey, by calling `tsPlatform.ido.restoreFromSerializedState()` with the stored state.
+     *
+     * Once done, send the following client response:
+     * ```json
+     * tsPlatform.ido.submitClientResponse(
+     *     ClientResponseOptionType.ClientInput,
+     *     {
+     *         "payload": {
+     *             "sessionId": "<sessionId>",
+     *             "state": "<state>"
+     *         }
+     *     })
+     * ```
+     */
+    IdentityVerification = "action:id_verification",
+    /**
+     * @description `journeyStepId` for Email OTP authentication action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     *
+     * ```json
+     * {
+     *  "data": {
+     *    "code_length": <integer_code_length>
+     *   }
+     * }
+     * ```
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain either the error code {@link ErrorCode.InvalidCredentials} or the error code {@link ErrorCode.ExpiredOTPPasscode}.
+     *
+     * This can be used to indicate that the passcode is invalid, prompting the user to enter a new passcode.
+     * Also, a resend option (see below) can be provided to the user.
+     *
+     * Client responses:
+     *
+     * - For simple submit of OTP passcode:
+     * ```json
+     *      tsPlatform.ido.submitClientResponse(
+     *          ClientResponseOptionType.ClientInput,
+     *          {
+     *              "passcode": "<passcode>"
+     *          })
+     * ```
+     *
+     * - In Order to request resend of OTP (restart the action):
+     *     `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Resend)`
+     *
+     */
+    EmailOTPAuthentication = "transmit_platform_email_otp_authentication",
+    /**
+     * @description `journeyStepId` for SMS OTP authentication action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     *
+     * ```json
+     * {
+     *  "data": {
+     *    "code_length": <integer_code_length>
+     *   }
+     * }
+     * ```
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain either the error code {@link ErrorCode.InvalidCredentials}, or the error code {@link ErrorCode.ExpiredOTPPasscode}
+     *
+     * This can be used to indicate that the passcode is invalid, prompting the user to enter a new passcode.
+     * Also, a resend option (see below) can be provided to the user.
+     *
+     * Client responses:
+     *
+     * - For simple submit of OTP passcode:
+     * ```json
+     *      tsPlatform.ido.submitClientResponse(
+     *          ClientResponseOptionType.ClientInput,
+     *          {
+     *              "passcode": "<passcode>"
+     *          })
+     * ```
+     *
+     * - In Order to request resend of OTP (restart the action):
+     *     `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Resend)`
+     *
+     */
+    SmsOTPAuthentication = "transmit_platform_sms_otp_authentication",
+    /**
+     * @description `journeyStepId` for TOTP Registration action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     * ```json
+     * {
+     *  "data": {
+     *    "payload": {
+     *      "secret": "<secret>",
+     *      "uri": "<uri>"
+     *     },
+     *   }
+     * }
+     * ```
+     * Use this data to display the TOTP registration QR code / link  to the user.
+     * The user should use this to register the TOTP secret in their authenticator app.
+     * Once the user has completed the registration, send the following empty client response:
+     * ```json
+     * tsPlatform.ido.submitClientResponse(
+     *    ClientResponseOptionType.ClientInput
+     * )
+     * ```
+     * Please note that registration of the TOTP secret is a silent action, and does not require user interaction.
+     * An empty response is sent to the server in order to continue the journey.
+     *
+     */
+    /**
+     * @description `journeyStepId` for Email Validation action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     *
+     * ```json
+     * {
+     *  "data": {
+     *    "code_length": <integer_code_length>
+     *   }
+     * }
+     * ```
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain either the error code {@link ErrorCode.InvalidCredentials}
+     *
+     * Resend option also (see below) can be provided to the user.
+     *
+     * Client responses:
+     *
+     * - For simple submit of validation passcode:
+     * ```json
+     *      tsPlatform.ido.submitClientResponse(
+     *          ClientResponseOptionType.ClientInput,
+     *          {
+     *              "passcode": "<passcode>"
+     *          })
+     * ```
+     *
+     * - In Order to request resend of OTP (restart the action):
+     *     `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Resend)`
+     *
+     */
+    EmailValidation = "transmit_platform_email_validation",
+    /**
+     * @description `journeyStepId` for Sms Validation action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     *
+     * ```json
+     * {
+     *  "data": {
+     *    "code_length": <integer_code_length>
+     *   }
+     * }
+     * ```
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain either the error code {@link ErrorCode.InvalidCredentials}
+     *
+     * Resend option also (see below) can be provided to the user.
+     *
+     * Client responses:
+     *
+     * - For simple submit of validation passcode:
+     * ```json
+     *      tsPlatform.ido.submitClientResponse(
+     *          ClientResponseOptionType.ClientInput,
+     *          {
+     *              "passcode": "<passcode>"
+     *          })
+     * ```
+     *
+     * - In Order to request resend of OTP (restart the action):
+     *     `tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Resend)`
+     *
+     */
+    SmsValidation = "transmit_platform_sms_validation",
+    TotpRegistration = "transmit_platform_totp_registration",
+    /**
+   * @description `journeyStepId` for Transaction Signing with TOTP action.
+   *
+   * Data received in the {@link IdoServiceResponse} object:
+   * ```json
+   * {
+   *  "data": {
+   *    "transaction_challenge": "<6_DIGIT_CHALLENGE_CODE>",
+   *    "approval_data": {
+   *      // Note: This is just an example. The actual approval_data can vary.
+   *      "transactionId": "<TRANSACTION_ID>",
+   *      "amount": "<AMOUNT>",
+   *      "currency": "<CURRENCY>"
+   *    }
+   *  }
+   * }
+   * ```
+   * Use this data to display the transaction details and the challenge code to the user.
+   * The user should use this challenge code to generate a TOTP code using their authenticator app.
+   *
+   * Client responses:
+   *
+   * - For submitting the TOTP code:
+   * ```json
+   * tsPlatform.ido.submitClientResponse(
+   *    ClientResponseOptionType.ClientInput,
+   *    {
+   *      "totp_code": "<6_DIGIT_TOTP_CODE>"
+   *    }
+   * )
+   * ```
+   *
+   * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain the error code {@link ErrorCode.InvalidCredentials}.
+   * This can be used to indicate that the TOTP code is invalid, prompting the user to enter a new code.
+   *
+   * Note: The user has a limited number of attempts to enter the correct TOTP code before the journey is rejected.
+   */
+    TransactionSigningTOTP = "transmit_platform_transaction_signing_totp",
+    /**
+     * @description `journeyStepId` for Invoke IDP action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     * ```json
+     * {
+     *  "data": {
+     *    "authorization_url": "<URL_OF_THE_AUTHORIZATION_ENDPOINT>",
+     *    "authorization_request_method": "<GET_OR_POST>",
+     *    "invocation_method": "<PAGE_OR_POPUP>",
+     *    "idp_name": "<IDP_NAME>"
+     *  }
+     * }
+     * ```
+     * Use this data to redirect the user to the IDP authorization endpoint.
+     *
+     *
+     * Once done, send the following client response:
+     * ```json
+     * tsPlatform.ido.submitClientResponse(
+     *    ClientResponseOptionType.ClientInput,
+     *    {
+     *       "idp_response" : {
+     *          "code": "<code>",
+     *          "state": "<state>",
+     *       }
+     *     }
+     * )
+     *```
+     *
+     *
+     */
+    InvokeIDP = "invoke_idp",
+    /**
+     * @description `journeyStepId` for Transaction Signing with Passkeys action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     * ```json
+     * {
+     *  "data": {
+     *    "user_identifier": "<USERNAME>",
+     *    "approval_data": {
+     *      // Note: This is just an example. The actual approval_data can vary.
+     *      "transactionId": "<TRANSACTION_ID>",
+     *      "amount": "<AMOUNT>",
+     *      "currency": "<CURRENCY>"
+     *    }
+     *  }
+     * }
+     * ```
+     * Before responding, call `tsPlatform.webauthn.approve.modal()` to obtain the `webauthn_encoded_result` value.
+     * ```javascript
+     * const result = await tsPlatform.webauthn.approve.modal(
+     *   response.data.approval_data // Transaction details to be approved
+     * );
+     * ```
+     *
+     * Then submit the result:
+     * ```javascript
+     * tsPlatform.ido.submitClientResponse(
+     *    ClientResponseOptionType.ClientInput,
+     *    {
+     *      "webauthn_encoded_result": result
+     *    }
+     * )
+     * ```
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain
+     * relevant error codes that can be used to handle various failure scenarios.
+     *
+     * Note: The approval_data object can contain up to 10 key-value pairs using only alphanumeric
+     * characters, underscores, hyphens, and periods. The WebAuthn encoded result remains valid for 60 seconds.
+     */
+    WebAuthnTransactionSigning = "transmit_platform_transaction_signing_webauthn",
+    /**
+     * @description `journeyStepId` for Select Organization action.
+     *
+     * Data received in the {@link IdoServiceResponse} object:
+     *
+     * ```json
+     * {
+     *  "data": {
+     *    "organizations": [
+     *      {
+     *        "id": "aq5Doa_GMiDhL2GC-HdKo",
+     *        "name": "Organization 1"
+     *      },
+     *      {
+     *        "id": "mkiPd9tu0K2h9oCM9pRB7",
+     *        "name": "Organization 2"
+     *      },
+     *      {
+     *        "id": "fdlvZdof5GPvqJlBeAoFs",
+     *        "name": "Organization 3"
+     *      }
+     *    ]
+     *   }
+     * }
+     * ```
+     *
+     *
+     * For organization selection, send the following client response:
+     * ```javascript
+     * tsPlatform.ido.submitClientResponse(
+     *    ClientResponseOptionType.ClientInput,
+     *    {
+     *      "organization_id": "<ORGANIZATION_ID>"
+     *    }
+     * )
+     * ```
+     *
+     * Note: If a user is a member of a single organization, this step will pick it implicitly.
+     */
+    SelectOrganization = "transmit_platform_select_organization",
+    /**
+     * @description `journeyStepId` for Web to Mobile Authentication action.
+     * This action type is used for both simple authentication and transaction signing scenarios.
+     *
+     * Initial Data received in the {@link IdoServiceResponse} object when multiple devices are available:
+     * ```json
+     * {
+     *  "data": {
+     *    "devices": [
+     *      {
+     *        "name": "Device 1",
+     *        "code": "1"
+     *      },
+     *      {
+     *        "name": "Device 2",
+     *        "code": "2"
+     *      }
+     *    ]
+     *  }
+     * }
+     * ```
+     *
+     * For device selection, send the following client response:
+     * ```javascript
+     * tsPlatform.ido.submitClientResponse(
+     *    ClientResponseOptionType.ClientInput,
+     *    {
+     *      "selected_device_code": "<DEVICE_CODE>"
+     *    }
+     * )
+     * ```
+     *
+     * After device selection or when only one device is available, the action will wait for mobile approval.
+     * The response includes polling configuration and optional transaction details:
+     * ```json
+     * {
+     *  "data": {
+     *    "device_display_name": "Device 1",
+     *    "resend_attempts_left": 5,
+     *    "polling_interval": 3,
+     *    "approval_data": {
+     *      // Note: This is just an example. The actual approval_data can vary.
+     *      "transactionId": "<TRANSACTION_ID>",
+     *      "amount": "<AMOUNT>",
+     *      "currency": "<CURRENCY>"
+     *    }
+     *  }
+     * }
+     * ```
+     *
+     * The following options are available:
+     *
+     * - To check current authentication status (polling):
+     * ```javascript
+     * // The application should implement its own polling mechanism
+     * // and call this method periodically to check the status
+     * tsPlatform.ido.submitClientResponse(ClientResponseOptionType.ClientInput)
+     * ```
+     *
+     * - To cancel the authentication:
+     * ```javascript
+     * tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Cancel)
+     * ```
+     *
+     * - To resend the push notification:
+     * ```javascript
+     * tsPlatform.ido.submitClientResponse(ClientResponseOptionType.Resend)
+     * ```
+     *
+     * Note: The application is responsible for implementing the polling mechanism
+     * to check the authentication status. The SDK only provides the method to
+     * submit the status check request. Use the polling_interval from the response
+     * to determine the frequency of status checks.
+     *
+     * On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain
+     * relevant error codes that can be used to handle various failure scenarios.
+     */
+    MobileApproveAuthentication = "transmit_platform_mobile_approve_authentication"
+}
+/**
+ * @interface
+ * @description The interface for the Journey step response object. Including Journey end with either error, rejection and success.
+ */
+interface IdoServiceResponse {
+    /**
+     * @deprecated
+     * @description Deprecated attribute. Use {@link IdoJourneyActionType} instead.
+     */
+    readonly type: IdoServiceResponseType;
+    /**
+     * @description Optional data object returned from the server for any of the journey steps.
+     */
+    readonly data?: any;
+    /**
+     * @description Additional error data returned from the server for any of the journey steps.
+     */
+    readonly errorData?: IdoSdkError;
+    /**
+     * @description Contains the Journey step ID, allowing the client side to choose the correct handler and UI.
+     * This will be either a form ID for the "Get Information from Client" and "Login Form" journey steps,
+     * or one of {@link IdoJourneyActionType} for other actions.
+     */
+    readonly journeyStepId?: IdoJourneyActionType | string;
+    /**
+     * @description The Journey client response options if the response type is {@link IdoServiceResponseType.ClientInputRequired}
+     * or {@link IdoServiceResponseType.ClientInputUpdateRequired}.
+     */
+    readonly clientResponseOptions?: Record<ClientResponseOptionType | string, ClientResponseOption>;
+    /**
+     * @description A proof of journey completion is provided upon successful completion of the journey,
+     * indicated by the {@link IdoJourneyActionType.Success} step ID.
+     */
+    token?: string;
+    /**
+     * @description If a browser-redirection is required (for example at the end of an SSO journey) - the server will provide the redirect URL here.
+     * The client should redirect the browser to this URL, i.e. by issuing a `window.location.href = response.redirectUrl;`
+     */
+    redirectUrl?: string;
+}
+/**
+ * @interface
+ * @description The interface for the sdk object.
+ */
+interface IdoSdk {
+    /**
+     * @description Creates a new Identity Orchestration SDK instance with your client context.
+     * Do not call this function directly - see below how to initialize via the unified web SDK
+     * @param clientId - Client ID for this application.
+     * @param  options - Additional environment configuration for the SDK operation.
+     * @returns The promise that will be resolved when the SDK is initialized.
+     * @throws {@link ErrorCode.InvalidInitOptions} in case of invalid init options.
+     * @example
+     * // Initialize an instance of the Identity Orchestration SDK using the unified SDK
+     * await window.tsPlatform.initialize({
+     *   clientId: 'my-client-id',
+     *   ido: { serverPath: 'https://api.transmitsecurity.io/ido'}
+     * });
+     */
+    init(clientId: string, options?: IdoInitOptions): Promise<void>;
+    /**
+     * @description Starts a Journey with a given id.
+     * @param journeyId - Journey Identifier in the Mosaic Admin Console.
+     * @param options - Additional parameters to be passed to the journey.
+     * @returns The promise that will be resolved when the {@link IdoServiceResponse} is received.
+     * @throws {@link ErrorCode.NotInitialized} - Throws error if the SDK is not initialized.
+     * @throws {@link ErrorCode.NetworkError} - Throws error if could not connect to server, or server did not respond before timeout.
+     * @throws {@link ErrorCode.ServerError} - Throws error if the server returned an unexpected error.
+     * @example
+     * // Start a Journey with the id 'my-journey-id'
+     * try {
+     *   const idoResponse = await window.tsPlatform.ido.startJourney('my-journey-id', { additionalParams: 'additionalParams' });
+     *   // Handle Journey response
+     * } catch(error) {
+     *   switch(sdkError.errorCode) ...
+     * }
+     */
+    startJourney(journeyId: string, options?: StartJourneyOptions): Promise<IdoServiceResponse>;
+    /**
+     * @description Starts an SSO Journey with a given Interaction ID.
+     * @param interactionId - Interaction identifier given as part of the response to the initial /authorize request
+     * @returns The promise that will be resolved when the {@link IdoServiceResponse} is received.
+     * @throws {@link ErrorCode.NotInitialized} - Throws error if the SDK is not initialized.
+     * @throws {@link ErrorCode.NetworkError} - Throws error if could not connect to server, or server did not respond before timeout.
+     * @throws {@link ErrorCode.ServerError} - Throws error if the server returned an unexpected error.
+     * @example
+     * // Start a Journey with the Interaction ID '2456E855-05A0-4992-85C1-A2519CBB4AA7'
+     * try {
+     *   const idoResponse = await window.tsPlatform.ido.startSsoJourney('2456E855-05A0-4992-85C1-A2519CBB4AA7');
+     *   // Handle Journey response
+     * } catch(error) {
+     *   switch(sdkError.errorCode) ...
+     * }
+     */
+    startSsoJourney(interactionId: string, options?: StartSsoJourneyOptions): Promise<IdoServiceResponse>;
+    /**
+     *
+     * @description This method will submit client input to the Journey step to process.
+     * @param clientResponseOptionId - The response option ID is one of the IDs provided in the {@link IdoServiceResponse.clientResponseOptions}.
+     * This would either be {@link ClientResponseOptionType.ClientInput} for collected user input,
+     * or one of the others if another journey path was selected by the user.
+     * @param data - The client response data object.
+     * Mandatory in {@link ClientResponseOptionType.ClientInput} response option type, populate with data for the Journey step to process.
+     * Optional in {@link ClientResponseOptionType.Cancel} and {@link ClientResponseOptionType.Custom} as an additional parameters for the branch.
+     * @returns The promise that will be resolved when the {@link IdoServiceResponse} is received.
+     * @throws {@link ErrorCode.NotInitialized} - Throws error if the SDK is not initialized.
+     * @throws {@link ErrorCode.NoActiveJourney} - Throws error if the SDK state does not have an active Journey.
+     * @throws {@link ErrorCode.NetworkError} - Throws error if could not connect to server, or server did not respond before timeout.
+     * @throws {@link ErrorCode.ClientResponseNotValid} - Throws error if the client response to the Journey is not valid.
+     * @throws {@link ErrorCode.ServerError} - Throws error if the server returned an unexpected error.
+     * @example
+     * // The previous response may include multiple response options. The standard 'ClientInput' response option
+     * // signals we are sending collected user input to the journey step.
+     * const selectedInputOptionId = ClientResponseOptionType.ClientInput;
+     *
+     * // Submit the client input. The data inside the JSON correspond to the expected fields from the Journey step.
+     * try {
+     *   const idoResponse = await window.tsPlatform.ido.submitClientResponse(selectedInputOption, {
+     *     'userEmail': 'user@input.email',
+     *     'userPhone': '111-222-3333',
+     *   });
+     * } catch(sdkError) {
+     *   switch(sdkError.errorCode) ...
+     * }
+     */
+    submitClientResponse(clientResponseOptionId: ClientResponseOptionType | string, data?: any): Promise<IdoServiceResponse>;
+    /**
+     * @description Get the current serialized state of the SDK. Can be stored by the application code and used to
+     * restore the SDK state following page redirects or refresh
+     * @returns The current state of the SDK.
+     */
+    serializeState(): string;
+    /**
+     * @description Restores the SDK state from a serialized state, can be used to recover from page redirects or refresh.
+     * The application code also receives the latest communication from the orchestration server.
+     * @param state - The state to restore from.
+     * @returns The last {@link IdoServiceResponse} that was received before the state was saved.
+     * @throws {@link ErrorCode.InvalidState} - Throws error if the provided state string is invalid.
+     */
+    restoreFromSerializedState(state: string): IdoServiceResponse;
+    /**
+     * @description This method will generate a debug PIN
+     *  const debugPin = await sdk.generateDebugPin();
+     *  console.log(`Debug PIN: ${debugPin}`); // Output: Debug PIN: 1234
+     */
+    generateDebugPin(): Promise<string>;
+}
+
+declare module "@transmit-security/web-sdk-common/dist/module-metadata/module-metadata" {
+    interface initConfigParams {
+        ido?: IdoInitOptions;
+    }
+}
+declare const instance: IdoSdk;
+
+interface initConfigParams {
+    clientId: string;
+}
+
+declare function initialize(params: initConfigParams): void;
+
+/**
+ * Main SDK class for CDN usage (window.tsPlatform)
+ * Provides access to all modules and common functionality
+ */
+declare class TSWebSDK {
+    factories: {
+        drs: () => Record<string, any>;
+        idv: () => Record<string, any>;
+    };
+    constructor();
+}
+declare const _default: TSWebSDK;
+
+declare const PACKAGE_VERSION = "1.15.0";
+
+export { ErrorCode$1 as ErrorCode, PACKAGE_VERSION, authenticate, crossDevice, _default as default, webSdkModule_d as drs, getDefaultPaths, instance as ido, index_d$1 as idv, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, index_d as webauthn };
+export type { ActionEventOptions, ActionResponse, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceController, SdkError, WebauthnApis, WebauthnAuthenticationFlows, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions, initConfigParams };