npm - @transmitsecurity/platform-web-sdk - Versions diffs - 1.15.0 - Mend

@transmitsecurity/platform-web-sdk 1.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/CHANGELOG.md +479 -0
package/README.md +72 -0
package/VITE_CONFIG.md +107 -0
package/build/drs-entry.d.ts +20 -0
package/build/drs-entry.js +19 -0
package/build/drs-only.d.ts +22 -0
package/build/drs-only.js +25 -0
package/build/drs.d.ts +13 -0
package/build/drs.js +45 -0
package/build/ido-entry.d.ts +17 -0
package/build/ido-entry.js +19 -0
package/build/ido.d.ts +8 -0
package/build/ido.js +27 -0
package/build/idv-entry.d.ts +17 -0
package/build/idv-entry.js +19 -0
package/build/idv.d.ts +8 -0
package/build/idv.js +27 -0
package/build/initialize-only.d.ts +7 -0
package/build/initialize-only.js +40 -0
package/build/initialize.d.ts +1 -0
package/build/initialize.js +2 -0
package/build/mainExport.d.ts +16 -0
package/build/mainExport.js +43 -0
package/build/sdk-factory.d.ts +109 -0
package/build/sdk-factory.js +108 -0
package/build/shared-state.d.ts +4 -0
package/build/shared-state.js +32 -0
package/build/webauthn-entry.d.ts +19 -0
package/build/webauthn-entry.js +19 -0
package/build/webauthn.d.ts +12 -0
package/build/webauthn.js +44 -0
package/bundler-config.json +15 -0
package/dist/docs/.nojekyll +1 -0
package/dist/docs/README.md +72 -0
package/dist/docs/enums/ErrorCode.md +113 -0
package/dist/docs/interfaces/ActionEventOptions.md +44 -0
package/dist/docs/interfaces/ActionResponse.md +9 -0
package/dist/docs/interfaces/AuthenticationAutofillActivateHandlers.md +61 -0
package/dist/docs/interfaces/AutofillHandlers.md +50 -0
package/dist/docs/interfaces/CrossDeviceController.md +27 -0
package/dist/docs/interfaces/SdkError.md +28 -0
package/dist/docs/interfaces/WebauthnApis.md +73 -0
package/dist/docs/interfaces/WebauthnAuthenticationFlows.md +52 -0
package/dist/docs/interfaces/WebauthnCrossDeviceFlows.md +107 -0
package/dist/docs/interfaces/WebauthnCrossDeviceRegistrationOptions.md +23 -0
package/dist/docs/interfaces/WebauthnRegistrationOptions.md +55 -0
package/dist/docs/interfaces/initConfigParams.md +7 -0
package/dist/docs/modules/drs.md +92 -0
package/dist/docs/modules/idv.md +106 -0
package/dist/docs/modules/webauthn.md +197 -0
package/dist/docs/modules.md +146 -0
package/dist/drs.cjs +1 -0
package/dist/drs.d.ts +241 -0
package/dist/drs.js +1 -0
package/dist/ido.cjs +1 -0
package/dist/ido.d.ts +8 -0
package/dist/ido.js +1 -0
package/dist/idv.cjs +1 -0
package/dist/idv.d.ts +68 -0
package/dist/idv.js +1 -0
package/dist/index.cjs +1 -0
package/dist/index.esm.js +1 -0
package/dist/index.umd.js +1 -0
package/dist/ts-platform-websdk.js +1 -0
package/dist/web-sdk-drs+idv+webauthn+ido.js +1 -0
package/dist/web-sdk.d.ts +1737 -0
package/dist/webauthn.cjs +1 -0
package/dist/webauthn.d.ts +461 -0
package/dist/webauthn.js +1 -0
package/package.json +98 -0
package/scripts/make-semver-aliases.sh +11 -0
package/scripts/upload-dist.sh +6 -0
package/src/mainExport.ts +75 -0
package/src/tsconfig.json +14 -0

package/dist/webauthn.cjs ADDED Viewed

@@ -0,0 +1 @@

+ "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var n,r;null===(n=e.get(t))||void 0===n||n.forEach((r=t=>t(i),function(){try{return r(...arguments)}catch(t){console.log(t)}}))}let n=null;function r(t){n=t}var s=Object.freeze({__proto__:null,getInitConfig:function(){return n},get initConfig(){return n},setInitConfig:r});function a(e){r(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:a});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,n)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){d(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var n=i.call(t,e||"default");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function d(t,e,i){return(e=u(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[n,r]=i;return l(l({},e),{},{[n]:p.isPrototypeOf(r)?new r(t.slug):"function"==typeof r?r.bind(t):"object"==typeof r&&!Array.isArray(r)&&r?h(t,r):r})}),{})}class p{constructor(t){this.slug=t}static create(t){return class extends p{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var y=Object.freeze({__proto__:null,Agent:p}),v=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const n=e.get(t);if(!n)return;const r=n.indexOf(i);-1!==r&&n.splice(r,1)},on:function(t,i){var n;e.has(t)?null===(n=e.get(t))||void 0===n||n.push(i):e.set(t,[i])}});function g(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function f(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const w="tsec",m="general";function b(t){return t?m:n.clientId}function A(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(w))}function S(t,e){const i=t?sessionStorage:localStorage,n=e(A(t));i.setItem(w,JSON.stringify(n))}var C=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:w,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),n=A(!!e.sessionOnly),[r]=g(n,[this.slug.toString(),i]);return r[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),n=A(!!e.sessionOnly);return f(n,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);S(!!e.sessionOnly,(e=>{const[n,r]=g(e,[this.slug.toString(),i]);return delete n[t],r}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const n=b(!!i.isGeneral);S(!!i.sessionOnly,(i=>{const[r,s]=g(i,[this.slug.toString(),n]);return r[t]=e,s}))}});const _="RSA-OAEP",D="RSA-PSS",k=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),T=async()=>await k(_,["encrypt","decrypt"]),I=async()=>await k(D,["sign"]),P=async(t,e)=>await window.crypto.subtle.encrypt({name:_},e,t),O=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:D,saltLength:32},t,i)};class j{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const n=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);n.onupgradeneeded=()=>{var e;const i=n.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},n.onsuccess=()=>{const r=n.result,s=r.transaction(t,(null==i?void 0:i.operation)||"readwrite"),a=s.objectStore(t);e(a),s.oncomplete=()=>{r.close()}}}put(t,e,i){return new Promise(((n,r)=>{this.queryObjectStore(t,(t=>{const s=t.put({key:e,value:i});s.onsuccess=()=>{n(s.result)},s.onerror=t=>{r("Failed adding item to objectStore, err: "+t)}}))}))}get(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.get(e);r.onsuccess=()=>{var t;r.result?i(null===(t=r.result)||void 0===t?void 0:t.value):i(void 0)},r.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.getAll(null,e);r.onsuccess=()=>{if(r.result){const t=r.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},r.onerror=t=>{n("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.delete(e);r.onsuccess=()=>{i()},r.onerror=t=>{n(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const n=t.clear();n.onsuccess=()=>{e()},n.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const R="platform";class K{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var r,s,a,o;this.agent=t,this.keysType=e,this.options=i;const c=!(null===(r=this.options)||void 0===r?void 0:r.productScope);this.keysDatabaseName=c||!(null===(s=this.options)||void 0===s?void 0:s.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(a=this.options)||void 0===a?void 0:a.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new j(c?R:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new j((c?R:t.slug)+`:${n.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await I():await T()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){const t=this.getKeysRecordKey();let e=await this.indexedDBClient.get(this.keysStoreName,t);if(!e){if(e=await this.indexedDBClientFallback.get(this.keysStoreName,t),!e){const t=await this.generateKeyPair(),{arrayBufferKey:i,base64Key:n}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=n,this.keyIdentifier=await this.calcKeyIdentifier(i),e=l(l({},t),{},{keyIdentifier:this.keyIdentifier})}await this.indexedDBClient.put(this.keysStoreName,t,e)}if(!this.publicKeyBase64){const{base64Key:t}=await this.getPKRepresentations(e.publicKey);this.publicKeyBase64=t,this.keyIdentifier=e.keyIdentifier}return e}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await O(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async encrypt(t){if("encrypt"==this.keysType){const{privateKey:e}=await this.extractKeysData();return await P(t,e)}throw new Error("keysType must be 'encrypt' in order to use encryption keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}}var x=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new K(this,t,e)},decryptAssymetric:async(t,e)=>new Uint8Array(await window.crypto.subtle.decrypt({name:_},e,t)),encryptAssymetric:P,generateRSAKeyPair:T,generateRSASignKeyPair:I,signAssymetric:O,verifyAssymetric:async(t,e,i)=>{const n=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(D,t,i,n)}}),B=Object.freeze({__proto__:null});const E=p.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var N=p.create((()=>l({exceptions:E},y)));class H{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const n=this.middlewares.map((t=>t(this)));Promise.all(n).catch((()=>{}))}}var F=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new H(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",n=new URL(i);n.search=(null==e?void 0:e.toString())||"",n.pathname=t;return n.href.replace(i,"")}const q={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function M(t,e,i){var n;const r=(s=e||{},encodeURI(JSON.stringify(s)).split(/%..|./).length-1);var s;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(r)}),q),i||{}),body:null!==(n=e&&JSON.stringify(e||{}))&&void 0!==n?n:void 0}}function $(t,e,i,n,r){const s=z(t,n),a=M(e,i,r);return fetch(s,a)}async function W(t,e,i,n,r){let s;if(s=await $(t,e,i,n,r),!s.ok)throw new Error("Request failed");return s}var J=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await W(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const n=await W(t,"GET",void 0,e,i);return l(l({data:await n.json()},n),{},{headers:n.headers})},httpPost:async function(t,e,i,n){const r=await W(t,"POST",e,i,n);return l(l({data:await r.json()},r),{},{headers:r.headers})},httpPut:async function(t,e,i,n){const r=await W(t,"PUT",e,i,n);return l(l({data:await r.json()},r),{},{headers:r.headers})},init:M}),L=p.create((()=>({events:v,moduleMetadata:s,mainEntry:o,utils:N,storage:C,crypto:x,indexedDB:B,logger:F,http:J})));class U{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const V={log:console.log,error:console.error};var G,Z;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(G||(G={}));class X extends Error{constructor(t,e){super(t),this.errorCode=G.NotInitialized,this.data=e}}class Y extends X{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=G.NotInitialized}}class Q extends X{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=G.AuthenticationFailed}}class tt extends X{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=G.AuthenticationCanceled}}class et extends X{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=G.RegistrationFailed}}class it extends X{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=G.RegistrationCanceled}}class nt extends X{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=G.AutofillAuthenticationAborted}}class rt extends X{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=G.AutofillAuthenticationAborted}}class st extends X{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=G.AlreadyRegistered}}class at extends X{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=G.AuthenticationProcessAlreadyActive}}class ot extends X{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=G.InvalidApprovalData}}class ct extends X{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=G.FailedToInitCrossDeviceSession}}class lt extends X{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=G.FailedToGetCrossDeviceStatus}}function ut(t){return t.errorCode&&Object.values(G).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Z||(Z={}));class dt{static get(t){return dt.getStorageMedium(dt.allowedKeys[t]).getItem(dt.getStorageKey(t))||void 0}static set(t,e){return dt.getStorageMedium(dt.allowedKeys[t]).setItem(dt.getStorageKey(t),e)}static remove(t){dt.getStorageMedium(dt.allowedKeys[t]).removeItem(dt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(dt.allowedKeys)){const n=e;t&&this.configurationKeys.includes(n)||dt.getStorageMedium(i).removeItem(dt.getStorageKey(n))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Z.session?sessionStorage:localStorage}}dt.allowedKeys={clientId:Z.session},dt.configurationKeys=["clientId"];class ht{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,n;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(n=e.webauthnApiPaths)&&void 0!==n?n:this.getDefaultPaths(),this._clientId=t,dt.set("clientId",t)}catch(t){throw new Y("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){V.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const n=new URL(this._serverPath);return n.pathname=t,i&&(n.search=i),fetch(n.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new Q("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new Q("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ct(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new lt(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new Q("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:dt.get("clientId");if(!e)throw new Y("Missing clientId");return e}}var pt,yt,vt,gt;ht.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(pt||(pt={})),exports.WebauthnCrossDeviceStatus=void 0,(yt=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",yt.Scanned="scanned",yt.Success="success",yt.Error="error",yt.Timeout="timeout",yt.Aborted="aborted",function(t){t.toAuthenticationError=t=>ut(t)?t:"NotAllowedError"===t.name?new tt:"OperationError"===t.name?new at(t.message):"SecurityError"===t.name?new Q(t.message):t===G.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===G.AutofillAuthenticationAborted?new nt:new Q("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ut(t)?t:"NotAllowedError"===t.name?new it:"SecurityError"===t.name?new et(t.message):"InvalidStateError"===t.name?new st:t===G.RegistrationAbortedTimeout?new rt:new et("Something went wrong during registration",{error:t})}(vt||(vt={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:U.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:U.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const n=JSON.parse(JSON.stringify(t));return n.challenge=U.base64ToArrayBuffer(t.challenge),n.user.id=U.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(n.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:U.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(n.authenticatorSelection.residentKey="preferred",n.authenticatorSelection.requireResidentKey=!0):(n.authenticatorSelection.residentKey="discouraged",n.authenticatorSelection.requireResidentKey=!1),n.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",n},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:U.arrayBufferToBase64(t.rawId),response:{authenticatorData:U.arrayBufferToBase64(i.authenticatorData),clientDataJSON:U.arrayBufferToBase64(i.clientDataJSON),signature:U.arrayBufferToBase64(i.signature),userHandle:U.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:U.arrayBufferToBase64(t.rawId),response:{attestationObject:U.arrayBufferToBase64(i.attestationObject),clientDataJSON:U.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(gt||(gt={}));class ft{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:pt.Modal}));return U.jsonToBase64(e)}catch(t){throw vt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:n,onReady:r}=t;this.performAuthentication({username:e,mediationType:pt.InputAutofill,onReady:r}).then((t=>{i(U.jsonToBase64(t))})).catch((t=>{const e=vt.toAuthenticationError(t);if(!n)throw e;n(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(G.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(G.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const n="crossDeviceTicketId"in t?await ht.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ht.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),r=n.credential_request_options,s=gt.processCredentialRequestOptions(r),a=this.getMediatedCredentialRequest(s,t.mediationType);t.mediationType===pt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(a).catch((t=>{throw vt.toAuthenticationError(t)}));return{webauthnSessionId:n.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===pt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class wt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const mt=/^[A-Za-z0-9\-_.: ]*$/;function bt(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>mt.test(t);return Object.keys(t).every((n=>e(n)&&e(t[n])&&i(n)&&i(t[n])))}(t)))throw V.error("Failed validating approval data"),new ot("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class At{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await ht.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;bt(i);const n=(await ht.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(n,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await ht.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new wt((async()=>{var i,n;const r=await ht.getCrossDeviceTicketStatus({ticketId:t}),s=r.status;if(s!==this.ticketStatus)switch(this.ticketStatus=s,s){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(r),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!r.session_id)throw new lt("Cross device session is complete without returning session_id",r);await e.onCredentialAuthenticate(r.session_id)}null===(n=this.poller)||void 0===n||n.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class St{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const n="crossDeviceTicketId"in t?await ht.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await ht.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),r=gt.processCredentialCreationOptions(n.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),r.timeout);const s=await this.registerCredential(r),a={webauthnSessionId:n.webauthn_session_id,publicKeyCredential:s,userAgent:navigator.userAgent};return U.jsonToBase64(a)}catch(t){throw vt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(G.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw vt.toRegistrationError(t)}));return gt.encodeRegistrationResult(e)}}class Ct{async modal(t){try{const e=await this.performApproval(t);return U.jsonToBase64(e)}catch(t){throw vt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&bt(t.approvalData);const e="crossDeviceTicketId"in t?await ht.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ht.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,n=gt.processCredentialRequestOptions(i),r=await navigator.credentials.get({publicKey:n}).catch((t=>{throw vt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(r),userAgent:navigator.userAgent}}}class _t{constructor(){this._initialized=!1,this._authenticationHandler=new ft,this._registrationHandler=new St,this._approvalHandler=new Ct,this._crossDeviceHandler=new At(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=_t.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=_t.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=_t.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new Y("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=ht.getDefaultPaths();if(function(t,e){const i=new Set(t),n=new Set(e);return[...t.filter((t=>!n.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new Y("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}ht.init(t,e),this._initialized=!0}catch(t){throw ut(t)?t:new Y("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),ht.getDefaultPaths()}getApiPaths(){return this.initCheck(),ht.getApiPaths()}initCheck(){if(!this._initialized)throw new Y}}_t.StaticPublicKeyCredential=window.PublicKeyCredential;const Dt=new L("webauthn"),kt=new _t;Dt.events.on(Dt.events.MODULE_INITIALIZED,(()=>{var t;const e=Dt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:n}=e;kt.init(i,l({},n))}));const Tt={modal:async(t,e)=>(kt.initCheck(),kt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{kt.initCheck(),kt.authenticate.autofill.activate(t,e)},abort:()=>{kt.initCheck(),kt.authenticate.autofill.abort()}}},It={modal:async(t,e)=>(kt.initCheck(),kt.approve.modal(t,e))};async function Pt(t,e){return kt.initCheck(),kt.register(t,e)}const{crossDevice:Ot}=kt,{isPlatformAuthenticatorSupported:jt}=kt,{isAutofillSupported:Rt}=kt,{getDefaultPaths:Kt}=kt;window.localWebAuthnSDK=kt;const xt={initialize:a,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:It,authenticate:Tt,crossDevice:Ot,getDefaultPaths:Kt,isAutofillSupported:Rt,isPlatformAuthenticatorSupported:jt,register:Pt})};exports.PACKAGE_VERSION="1.15.0",exports.approve=It,exports.authenticate=Tt,exports.crossDevice=Ot,exports.getDefaultPaths=Kt,exports.initialize=a,exports.isAutofillSupported=Rt,exports.isPlatformAuthenticatorSupported=jt,exports.register=Pt,exports.webauthn=xt;

package/dist/webauthn.d.ts ADDED Viewed

@@ -0,0 +1,461 @@
+/**
+ * Alternate paths used by the SDK to route API calls to your proxy server.
+ */
+interface WebauthnApis {
+    /**
+     * @defaultValue `/v1/auth/webauthn/authenticate/start`
+     */
+    startAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/register/start`
+     */
+    startRegistration: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/register/start`
+     */
+    startCrossDeviceRegistration: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/init`
+     */
+    initCrossDeviceAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/start`
+     */
+    startCrossDeviceAuthentication: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/status`
+     */
+    getCrossDeviceTicketStatus: string;
+    /**
+     * @defaultValue `/v1/auth/webauthn/cross-device/attach-device`
+     */
+    attachDeviceToCrossDeviceSession: string;
+}
+/**
+ * @private
+ */
+interface WebAuthnInitOptions {
+    /**
+     * Base path for sending API requests. This would be either a Transmit Security API deployment URL
+     * such as documented for sandbox, or if you are proxying API requests from your backend - then the base path to your proxy.
+     */
+    serverPath: string;
+    /**
+     * Override endpoints when using a proxy server in case the proxy server implements its own paths.
+     */
+    webauthnApiPaths?: WebauthnApis;
+}
+/**
+ * WebAuthn cross device interfaces
+ */
+declare enum WebauthnCrossDeviceStatus {
+    Pending = "pending",
+    Scanned = "scanned",
+    Success = "success",
+    Error = "error",
+    Timeout = "timeout",
+    Aborted = "aborted"
+}
+/**
+ * WebAuthn cross device handlers interfaces
+ */
+interface CrossDeviceController {
+    /**
+     * Ticket ID for this cross-device flow.
+     */
+    crossDeviceTicketId: string;
+    /**
+     * Stops listening for events from devices in cross-device flows
+     */
+    stop: () => void;
+}
+/**
+ * WebAuthn cross device status response interfaces
+ */
+interface ApiCrossDeviceStatusResponse {
+    /**
+     * cross device status
+     */
+    status: WebauthnCrossDeviceStatus;
+    /**
+     * authentication session id
+     */
+    session_id?: string;
+}
+/**
+ * WebAuthn cross device attach device result interfaces
+ */
+interface AttachDeviceResult {
+    /**
+     * cross device status
+     */
+    status: WebauthnCrossDeviceStatus;
+    /**
+     * ticket creation timestamp
+     */
+    startedAt: string;
+    /**
+     * session's approval data (if exists)
+     */
+    approvalData?: Record<string, string>;
+}
+interface BaseCrossDeviceHandlers {
+    /**
+     * Called when the user has successfully attached a device to the cross-device flow using the {@link WebauthnCrossDeviceFlows.attachDevice} method.
+     */
+    onDeviceAttach: () => Promise<void>;
+    /**
+     * Called when there was an error in the cross-device flow with status response {@link ApiCrossDeviceStatusResponse}.
+     */
+    onFailure: (error: ApiCrossDeviceStatusResponse) => Promise<void>;
+}
+interface CrossDeviceAuthenticationHandlers extends BaseCrossDeviceHandlers {
+    /**
+     * Called upon successful webauthn authentication.
+     * @param sessionId Session ID that will be exchanged for the user's access and ID tokens using the /v1/auth/session/authenticate API
+     */
+    onCredentialAuthenticate: (sessionId: string) => Promise<void>;
+}
+interface CrossDeviceRegistrationHandlers extends BaseCrossDeviceHandlers {
+    /**
+     * Called upon successful webauthn registration.
+     */
+    onCredentialRegister: () => Promise<void>;
+}
+interface WebauthnCrossDeviceRegistrationOptions {
+    /**
+     * Allow registration using cross-platform authenticators, such as a USB security key or a different device. If enabled, cross-device authentication flows can be performed using the native browser experience (via QR code). default: True
+     */
+    allowCrossPlatformAuthenticators?: boolean;
+    /**
+     * Must be set to true to register credentials as passkeys when supported (except for Apple devices, which always register credentials as passkeys). default: True
+     */
+    registerAsDiscoverable?: boolean;
+}
+interface WebauthnRegistrationOptions extends WebauthnCrossDeviceRegistrationOptions {
+    /**
+     * Human-palatable name for the user account, only for display (max 64 characters). If not set, the username parameter will also act as the display name
+     */
+    displayName?: string;
+    /**
+     * The timeout in seconds for the registration process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.RegistrationAbortedTimeout}.
+     */
+    timeout?: number;
+    /**
+     * Set to True in order to limit the creation of multiple credentials for the same account on a single authenticator. default: False
+     */
+    limitSingleCredentialToDevice?: boolean;
+}
+interface WebauthnCrossDeviceFlows {
+    /**
+     * Initializes a cross device flow, such as when users request to login to a desktop using their mobile device. Once invoked, the SDK will start listening for events occurring on the other device,
+     * and calls your handlers when a state change is detected.
+     * These methods return a promise that resolves to a {@link CrossDeviceController} object, which allows you to stop listening to events and includes the cross-device ticket ID which is used when attaching another device to the flow.
+     */
+    init: {
+        /**
+         * Start a cross device registration flow
+         * This call receives a cross-device ticket ID, and a {@link CrossDeviceRegistrationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        registration: (params: {
+            crossDeviceTicketId: string;
+            handlers: CrossDeviceRegistrationHandlers;
+        }) => Promise<CrossDeviceController>;
+        /**
+         * Start a cross device authentication flow
+         * This call receives an optional username (if already known), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the attached device. If username is provided, this call must be invoked for a registered username.
+         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        authentication: (params: {
+            username?: string;
+            handlers: CrossDeviceAuthenticationHandlers;
+        }) => Promise<CrossDeviceController>;
+        /**
+         * Start a cross device approval flow
+         * This call receives a optional username, approval data (data to be signed using a passkey), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
+         * For example, these handlers may update the UI or any other relevant application state.
+         * This call must be invoked for a registered username.
+         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.InvalidApprovalData}
+         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
+         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
+         */
+        approval: (params: {
+            username: string;
+            approvalData: Record<string, string>;
+            handlers: CrossDeviceAuthenticationHandlers;
+        }) => Promise<CrossDeviceController>;
+    };
+    authenticate: {
+        /**
+         * Invokes a WebAuthn authentication for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
+         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.AuthenticationFailed}
+         * @throws {@link ErrorCode.AuthenticationCanceled}
+         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+         */
+        modal: (crossDeviceTicketId: string) => Promise<string>;
+    };
+    approve: {
+        /**
+         * Invokes a WebAuthn approval for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
+         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+         * @throws {@link ErrorCode.NotInitialized}
+         * @throws {@link ErrorCode.AuthenticationFailed}
+         * @throws {@link ErrorCode.AuthenticationCanceled}
+         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+         */
+        modal: (crossDeviceTicketId: string) => Promise<string>;
+    };
+    /**
+     * Invokes a WebAuthn credential registration for the user used in the cross device session init, including prompting the user for biometrics.
+     * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
+     * If registration fails, an SdkError will be thrown.
+     * If the backend registration call was successful, {@link CrossDeviceRegistrationHandlers.onCredentialRegister} will be called.
+     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+     * @param options Additional configuration for registration flow
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.RegistrationFailed}
+     * @throws {@link ErrorCode.RegistrationCanceled}
+     */
+    register: (crossDeviceTicketId: string, options?: WebauthnCrossDeviceRegistrationOptions) => Promise<string>;
+    /**
+     * Indicates when a session is accepted on another device in cross-device flows.
+     *
+     * If successful,{@link CrossDeviceRegistrationHandlers.onDeviceAttach} will be called in registration flow and {@link CrossDeviceAuthenticationHandlers.onDeviceAttach} for authentication.
+     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
+     * @returns AttachDeviceResult {@link AttachDeviceResult}. Object containing the ticket status, creation timestamp, and approval data (if passed in the init.authentication() call)
+     */
+    attachDevice: (crossDeviceTicketId: string) => Promise<AttachDeviceResult>;
+}
+/**
+ * @enum
+ */
+declare enum ErrorCode {
+    /**
+     * Either the SDK init call failed or another function was called before initializing the SDK
+     */
+    NotInitialized = "not_initialized",
+    /**
+     * When the call to {@link WebauthnApis.startAuthentication} failed
+     */
+    AuthenticationFailed = "authentication_failed",
+    /**
+     * When {@link  WebauthnAuthenticationFlows.modal authenticate.modal} or {@link  AutofillHandlers.activate authenticate.autofill.activate} is called and the modal is closed by the user
+     */
+    AuthenticationAbortedTimeout = "authentication_aborted_timeout",
+    /**
+     * When {@link register} is called and the modal is closed when reaching the timeout
+     */
+    AuthenticationCanceled = "webauthn_authentication_canceled",
+    /**
+     * When the call to {@link WebauthnApis.startRegistration} failed
+     */
+    RegistrationFailed = "registration_failed",
+    /**
+    / When The user attempted to register an authenticator that contains one of the credentials already registered with the relying party.
+     */
+    AlreadyRegistered = "username_already_registered",
+    /**
+     * When {@link register} is called and the modal is closed by the user
+     */
+    RegistrationAbortedTimeout = "registration_aborted_timeout",
+    /**
+     * When {@link register} is called and the modal is closed when reaching the timeout
+     */
+    RegistrationCanceled = "webauthn_registration_canceled",
+    /**
+     * Passkey autofill authentication was aborted by {@link AutofillHandlers.abort}
+     */
+    AutofillAuthenticationAborted = "autofill_authentication_aborted",
+    /**
+     * Passkey authentication is already active. To start a new authentication, abort the current one first by calling {@link AutofillHandlers.abort}
+     */
+    AuthenticationProcessAlreadyActive = "authentication_process_already_active",
+    /**
+     * The ApprovalData parameter was sent in the wrong format
+     */
+    InvalidApprovalData = "invalid_approval_data",
+    /**
+     * When the call to {@link WebauthnApis.initCrossDeviceAuthentication}  failed   */
+    FailedToInitCrossDeviceSession = "cross_device_init_failed",
+    /**
+     * When the call to {@link WebauthnApis.getCrossDeviceTicketStatus}  failed   */
+    FailedToGetCrossDeviceStatus = "cross_device_status_failed",
+    /**
+     * When the SDK operation fails on an unhandled error
+     */
+    Unknown = "unknown"
+}
+/**
+ * Common interface for `Promise` rejections.
+ * Developers should handle according to the `errorCode`
+ */
+interface SdkError {
+    /**
+     * Error code from {@link ErrorCode}
+     */
+    readonly errorCode: ErrorCode;
+    /**
+     * Error message
+     */
+    readonly message: string;
+    /**
+     * Additional data
+     */
+    readonly data?: any;
+}
+interface AuthenticationAutofillActivateHandlers {
+    /**
+     * A Callback function that will be triggered once biometrics signing is completed successfully.
+     * @param webauthn_encoded_result
+     */
+    onSuccess: (webauthn_encoded_result: string) => Promise<void>;
+    /**
+     * A Callback function that will be triggered if authentication fails with an SdkError.
+     * @param err
+     */
+    onError?: (err: SdkError) => Promise<void>;
+    /**
+     * A Callback function that will be triggered when challenge excepted from the service and autofill is ready to use.
+     */
+    onReady?: () => void;
+}
+interface AutofillHandlers {
+    /**
+     * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials using autofill, and then prompting the user for biometrics. In order to prompt this credentials list, the autocomplete="username webauthn" attribute **must** be defined on the username input box of the authentication page.<br/>
+     * If authentication is completed successfully, the `onSuccess` callback will be triggered with the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+     * If it fails, the `onError` callback will be triggered with an SdkError.
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.AuthenticationFailed}
+     * @throws {@link ErrorCode.AuthenticationCanceled}
+     * @throws {@link ErrorCode.AutofillAuthenticationAborted}
+     * @param handlers Handlers that will be invoked once the authentication is completed (success or failure)
+     * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
+     */
+    activate(handlers: AuthenticationAutofillActivateHandlers, username?: string): void;
+    /**
+     * Aborts a WebAuthn authentication. This method should be called after the passkey autofill is dismissed in order to be able to query existing passkeys once again. This will end the browser's  `navigator.credentials.get()` operation.
+     */
+    abort(): void;
+}
+interface WebauthnAuthenticationOptions {
+    /**
+     * The timeout in seconds for the authentication process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.AuthenticationAbortedTimeout}.
+     */
+    timeout?: number;
+}
+interface WebauthnAuthenticationFlows {
+    /**
+       * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+       * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+       * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+       * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
+       * @param options {@link WebauthnAuthenticationOptions} Options for the authentication process
+       * @throws {@link ErrorCode.NotInitialized}
+       * @throws {@link ErrorCode.AuthenticationFailed}
+       * @throws {@link ErrorCode.AuthenticationCanceled}
+       * @throws {@link ErrorCode.InvalidApprovalData}
+       * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
+       * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+       */
+    modal(username?: string, options?: WebauthnAuthenticationOptions): Promise<string>;
+    /**
+     * Property used to implement credential selection via autofill UI.
+     */
+    autofill: AutofillHandlers;
+}
+interface WebauthnApprovalFlows {
+    /**
+     * Invokes a WebAuthn approval, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+     * This call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+     * If approval is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+     * @param username Name of user account, as used in the WebAuthn registration.
+     * @param approvalData Data that represents the approval to be signed with a passkey
+     * @throws {@link ErrorCode.NotInitialized}
+     * @throws {@link ErrorCode.InvalidApprovalData}
+     * @throws {@link ErrorCode.AuthenticationFailed}
+     * @throws {@link ErrorCode.AuthenticationCanceled}
+     * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
+     * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+     */
+    modal(username: string | undefined, approvalData: Record<string, string>): Promise<string>;
+}
+declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
+    interface initConfigParams {
+        webauthn?: WebAuthnInitOptions;
+    }
+}
+/**
+ * Returns the authentication flows for webauthn
+ */
+declare const authenticate: WebauthnAuthenticationFlows;
+declare const approve: WebauthnApprovalFlows;
+/**
+ * Invokes a WebAuthn credential registration for the specified user, including prompting the user for biometrics.
+ * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
+ *
+ * If registration fails, an SdkError will be thrown.
+ *
+ * @param username WebAuthn username to register
+ * @param options Additional configuration for registration flow
+ * @throws {@link ErrorCode.NotInitialized}
+ * @throws {@link ErrorCode.RegistrationFailed}
+ * @throws {@link ErrorCode.RegistrationCanceled}
+ */
+declare function register(username: string, options?: WebauthnRegistrationOptions): Promise<string>;
+/**
+ * Returns webauthn cross device flows
+ * @type WebauthnCrossDeviceFlows
+ */
+declare const crossDevice: WebauthnCrossDeviceFlows;
+/**
+ * Indicates whether this browser supports WebAuthn, and has a platform authenticator
+ */
+declare const isPlatformAuthenticatorSupported: () => Promise<boolean | undefined>;
+/**
+ * Indicates whether this browser supports Passkey Autofill
+ */
+declare const isAutofillSupported: () => Promise<boolean>;
+/**
+ * Returns the default API paths for webauthn
+ */
+declare const getDefaultPaths: () => WebauthnApis;
+declare const PACKAGE_VERSION: string;
+declare namespace webauthn {
+  export function initialize(config: any): void;
+  export * from "@transmit-security/authentication-sdk";
+}
+declare function initialize(config: any): void;
+export { ErrorCode, PACKAGE_VERSION, WebauthnCrossDeviceStatus, approve, authenticate, crossDevice, getDefaultPaths, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, webauthn };
+export type { ApiCrossDeviceStatusResponse, AttachDeviceResult, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceAuthenticationHandlers, CrossDeviceController, CrossDeviceRegistrationHandlers, SdkError, WebauthnApis, WebauthnApprovalFlows, WebauthnAuthenticationFlows, WebauthnAuthenticationOptions, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions };

package/dist/webauthn.js ADDED Viewed

@@ -0,0 +1 @@

+ "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var n,r;null===(n=e.get(t))||void 0===n||n.forEach((r=t=>t(i),function(){try{return r(...arguments)}catch(t){console.log(t)}}))}let n=null;function r(t){n=t}var a=Object.freeze({__proto__:null,getInitConfig:function(){return n},get initConfig(){return n},setInitConfig:r});function s(e){r(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:s});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,n)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){d(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var n=i.call(t,e||"default");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function d(t,e,i){return(e=u(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[n,r]=i;return l(l({},e),{},{[n]:p.isPrototypeOf(r)?new r(t.slug):"function"==typeof r?r.bind(t):"object"==typeof r&&!Array.isArray(r)&&r?h(t,r):r})}),{})}class p{constructor(t){this.slug=t}static create(t){return class extends p{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var y=Object.freeze({__proto__:null,Agent:p}),v=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const n=e.get(t);if(!n)return;const r=n.indexOf(i);-1!==r&&n.splice(r,1)},on:function(t,i){var n;e.has(t)?null===(n=e.get(t))||void 0===n||n.push(i):e.set(t,[i])}});function g(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function f(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const w="tsec",m="general";function b(t){return t?m:n.clientId}function A(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(w))}function _(t,e){const i=t?sessionStorage:localStorage,n=e(A(t));i.setItem(w,JSON.stringify(n))}var S=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:w,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),n=A(!!e.sessionOnly),[r]=g(n,[this.slug.toString(),i]);return r[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),n=A(!!e.sessionOnly);return f(n,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);_(!!e.sessionOnly,(e=>{const[n,r]=g(e,[this.slug.toString(),i]);return delete n[t],r}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const n=b(!!i.isGeneral);_(!!i.sessionOnly,(i=>{const[r,a]=g(i,[this.slug.toString(),n]);return r[t]=e,a}))}});const C="RSA-OAEP",D="RSA-PSS",k=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),T=async()=>await k(C,["encrypt","decrypt"]),I=async()=>await k(D,["sign"]),P=async(t,e)=>await window.crypto.subtle.encrypt({name:C},e,t),O=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:D,saltLength:32},t,i)};class j{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const n=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);n.onupgradeneeded=()=>{var e;const i=n.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},n.onsuccess=()=>{const r=n.result,a=r.transaction(t,(null==i?void 0:i.operation)||"readwrite"),s=a.objectStore(t);e(s),a.oncomplete=()=>{r.close()}}}put(t,e,i){return new Promise(((n,r)=>{this.queryObjectStore(t,(t=>{const a=t.put({key:e,value:i});a.onsuccess=()=>{n(a.result)},a.onerror=t=>{r("Failed adding item to objectStore, err: "+t)}}))}))}get(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.get(e);r.onsuccess=()=>{var t;r.result?i(null===(t=r.result)||void 0===t?void 0:t.value):i(void 0)},r.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.getAll(null,e);r.onsuccess=()=>{if(r.result){const t=r.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},r.onerror=t=>{n("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,n)=>{this.queryObjectStore(t,(t=>{const r=t.delete(e);r.onsuccess=()=>{i()},r.onerror=t=>{n(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const n=t.clear();n.onsuccess=()=>{e()},n.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const R="platform";class K{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var r,a,s,o;this.agent=t,this.keysType=e,this.options=i;const c=!(null===(r=this.options)||void 0===r?void 0:r.productScope);this.keysDatabaseName=c||!(null===(a=this.options)||void 0===a?void 0:a.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(s=this.options)||void 0===s?void 0:s.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new j(c?R:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new j((c?R:t.slug)+`:${n.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await I():await T()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){const t=this.getKeysRecordKey();let e=await this.indexedDBClient.get(this.keysStoreName,t);if(!e){if(e=await this.indexedDBClientFallback.get(this.keysStoreName,t),!e){const t=await this.generateKeyPair(),{arrayBufferKey:i,base64Key:n}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=n,this.keyIdentifier=await this.calcKeyIdentifier(i),e=l(l({},t),{},{keyIdentifier:this.keyIdentifier})}await this.indexedDBClient.put(this.keysStoreName,t,e)}if(!this.publicKeyBase64){const{base64Key:t}=await this.getPKRepresentations(e.publicKey);this.publicKeyBase64=t,this.keyIdentifier=e.keyIdentifier}return e}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await O(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async encrypt(t){if("encrypt"==this.keysType){const{privateKey:e}=await this.extractKeysData();return await P(t,e)}throw new Error("keysType must be 'encrypt' in order to use encryption keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}}var B=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new K(this,t,e)},decryptAssymetric:async(t,e)=>new Uint8Array(await window.crypto.subtle.decrypt({name:C},e,t)),encryptAssymetric:P,generateRSAKeyPair:T,generateRSASignKeyPair:I,signAssymetric:O,verifyAssymetric:async(t,e,i)=>{const n=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(D,t,i,n)}}),E=Object.freeze({__proto__:null});const N=p.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var x=p.create((()=>l({exceptions:N},y)));class H{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const n=this.middlewares.map((t=>t(this)));Promise.all(n).catch((()=>{}))}}var F=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new H(this,t)}});function q(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",n=new URL(i);n.search=(null==e?void 0:e.toString())||"",n.pathname=t;return n.href.replace(i,"")}const z={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function M(t,e,i){var n;const r=(a=e||{},encodeURI(JSON.stringify(a)).split(/%..|./).length-1);var a;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(r)}),z),i||{}),body:null!==(n=e&&JSON.stringify(e||{}))&&void 0!==n?n:void 0}}function $(t,e,i,n,r){const a=q(t,n),s=M(e,i,r);return fetch(a,s)}async function J(t,e,i,n,r){let a;if(a=await $(t,e,i,n,r),!a.ok)throw new Error("Request failed");return a}var L=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await J(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const n=await J(t,"GET",void 0,e,i);return l(l({data:await n.json()},n),{},{headers:n.headers})},httpPost:async function(t,e,i,n){const r=await J(t,"POST",e,i,n);return l(l({data:await r.json()},r),{},{headers:r.headers})},httpPut:async function(t,e,i,n){const r=await J(t,"PUT",e,i,n);return l(l({data:await r.json()},r),{},{headers:r.headers})},init:M}),U=p.create((()=>({events:v,moduleMetadata:a,mainEntry:o,utils:x,storage:S,crypto:B,indexedDB:E,logger:F,http:L})));class V{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const G={log:console.log,error:console.error};var W,Z;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(W||(W={}));class X extends Error{constructor(t,e){super(t),this.errorCode=W.NotInitialized,this.data=e}}class Y extends X{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=W.NotInitialized}}class Q extends X{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=W.AuthenticationFailed}}class tt extends X{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=W.AuthenticationCanceled}}class et extends X{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=W.RegistrationFailed}}class it extends X{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=W.RegistrationCanceled}}class nt extends X{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=W.AutofillAuthenticationAborted}}class rt extends X{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=W.AutofillAuthenticationAborted}}class at extends X{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=W.AlreadyRegistered}}class st extends X{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=W.AuthenticationProcessAlreadyActive}}class ot extends X{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=W.InvalidApprovalData}}class ct extends X{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=W.FailedToInitCrossDeviceSession}}class lt extends X{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=W.FailedToGetCrossDeviceStatus}}function ut(t){return t.errorCode&&Object.values(W).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Z||(Z={}));class dt{static get(t){return dt.getStorageMedium(dt.allowedKeys[t]).getItem(dt.getStorageKey(t))||void 0}static set(t,e){return dt.getStorageMedium(dt.allowedKeys[t]).setItem(dt.getStorageKey(t),e)}static remove(t){dt.getStorageMedium(dt.allowedKeys[t]).removeItem(dt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(dt.allowedKeys)){const n=e;t&&this.configurationKeys.includes(n)||dt.getStorageMedium(i).removeItem(dt.getStorageKey(n))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Z.session?sessionStorage:localStorage}}dt.allowedKeys={clientId:Z.session},dt.configurationKeys=["clientId"];class ht{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,n;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(n=e.webauthnApiPaths)&&void 0!==n?n:this.getDefaultPaths(),this._clientId=t,dt.set("clientId",t)}catch(t){throw new Y("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){G.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const n=new URL(this._serverPath);return n.pathname=t,i&&(n.search=i),fetch(n.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new Q("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new Q("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ct(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new lt(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new Q("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:dt.get("clientId");if(!e)throw new Y("Missing clientId");return e}}var pt,yt,vt,gt;ht.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(pt||(pt={})),function(t){t.Pending="pending",t.Scanned="scanned",t.Success="success",t.Error="error",t.Timeout="timeout",t.Aborted="aborted"}(yt||(yt={})),function(t){t.toAuthenticationError=t=>ut(t)?t:"NotAllowedError"===t.name?new tt:"OperationError"===t.name?new st(t.message):"SecurityError"===t.name?new Q(t.message):t===W.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===W.AutofillAuthenticationAborted?new nt:new Q("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ut(t)?t:"NotAllowedError"===t.name?new it:"SecurityError"===t.name?new et(t.message):"InvalidStateError"===t.name?new at:t===W.RegistrationAbortedTimeout?new rt:new et("Something went wrong during registration",{error:t})}(vt||(vt={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:V.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:V.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const n=JSON.parse(JSON.stringify(t));return n.challenge=V.base64ToArrayBuffer(t.challenge),n.user.id=V.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(n.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:V.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(n.authenticatorSelection.residentKey="preferred",n.authenticatorSelection.requireResidentKey=!0):(n.authenticatorSelection.residentKey="discouraged",n.authenticatorSelection.requireResidentKey=!1),n.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",n},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:V.arrayBufferToBase64(t.rawId),response:{authenticatorData:V.arrayBufferToBase64(i.authenticatorData),clientDataJSON:V.arrayBufferToBase64(i.clientDataJSON),signature:V.arrayBufferToBase64(i.signature),userHandle:V.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:V.arrayBufferToBase64(t.rawId),response:{attestationObject:V.arrayBufferToBase64(i.attestationObject),clientDataJSON:V.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(gt||(gt={}));class ft{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:pt.Modal}));return V.jsonToBase64(e)}catch(t){throw vt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:n,onReady:r}=t;this.performAuthentication({username:e,mediationType:pt.InputAutofill,onReady:r}).then((t=>{i(V.jsonToBase64(t))})).catch((t=>{const e=vt.toAuthenticationError(t);if(!n)throw e;n(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(W.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(W.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const n="crossDeviceTicketId"in t?await ht.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ht.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),r=n.credential_request_options,a=gt.processCredentialRequestOptions(r),s=this.getMediatedCredentialRequest(a,t.mediationType);t.mediationType===pt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(s).catch((t=>{throw vt.toAuthenticationError(t)}));return{webauthnSessionId:n.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===pt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class wt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const mt=/^[A-Za-z0-9\-_.: ]*$/;function bt(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>mt.test(t);return Object.keys(t).every((n=>e(n)&&e(t[n])&&i(n)&&i(t[n])))}(t)))throw G.error("Failed validating approval data"),new ot("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class At{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await ht.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;bt(i);const n=(await ht.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(n,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await ht.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new wt((async()=>{var i,n;const r=await ht.getCrossDeviceTicketStatus({ticketId:t}),a=r.status;if(a!==this.ticketStatus)switch(this.ticketStatus=a,a){case yt.Scanned:await e.onDeviceAttach();break;case yt.Error:case yt.Timeout:case yt.Aborted:await e.onFailure(r),null===(i=this.poller)||void 0===i||i.stop();break;case yt.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!r.session_id)throw new lt("Cross device session is complete without returning session_id",r);await e.onCredentialAuthenticate(r.session_id)}null===(n=this.poller)||void 0===n||n.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:yt.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class _t{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const n="crossDeviceTicketId"in t?await ht.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await ht.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),r=gt.processCredentialCreationOptions(n.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),r.timeout);const a=await this.registerCredential(r),s={webauthnSessionId:n.webauthn_session_id,publicKeyCredential:a,userAgent:navigator.userAgent};return V.jsonToBase64(s)}catch(t){throw vt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(W.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw vt.toRegistrationError(t)}));return gt.encodeRegistrationResult(e)}}class St{async modal(t){try{const e=await this.performApproval(t);return V.jsonToBase64(e)}catch(t){throw vt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&bt(t.approvalData);const e="crossDeviceTicketId"in t?await ht.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ht.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,n=gt.processCredentialRequestOptions(i),r=await navigator.credentials.get({publicKey:n}).catch((t=>{throw vt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(r),userAgent:navigator.userAgent}}}class Ct{constructor(){this._initialized=!1,this._authenticationHandler=new ft,this._registrationHandler=new _t,this._approvalHandler=new St,this._crossDeviceHandler=new At(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Ct.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Ct.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Ct.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new Y("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=ht.getDefaultPaths();if(function(t,e){const i=new Set(t),n=new Set(e);return[...t.filter((t=>!n.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new Y("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}ht.init(t,e),this._initialized=!0}catch(t){throw ut(t)?t:new Y("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),ht.getDefaultPaths()}getApiPaths(){return this.initCheck(),ht.getApiPaths()}initCheck(){if(!this._initialized)throw new Y}}Ct.StaticPublicKeyCredential=window.PublicKeyCredential;const Dt=new U("webauthn"),kt=new Ct;Dt.events.on(Dt.events.MODULE_INITIALIZED,(()=>{var t;const e=Dt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:n}=e;kt.init(i,l({},n))}));const Tt={modal:async(t,e)=>(kt.initCheck(),kt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{kt.initCheck(),kt.authenticate.autofill.activate(t,e)},abort:()=>{kt.initCheck(),kt.authenticate.autofill.abort()}}},It={modal:async(t,e)=>(kt.initCheck(),kt.approve.modal(t,e))};async function Pt(t,e){return kt.initCheck(),kt.register(t,e)}const{crossDevice:Ot}=kt,{isPlatformAuthenticatorSupported:jt}=kt,{isAutofillSupported:Rt}=kt,{getDefaultPaths:Kt}=kt;window.localWebAuthnSDK=kt;const Bt="1.15.0",Et={initialize:s,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return yt},approve:It,authenticate:Tt,crossDevice:Ot,getDefaultPaths:Kt,isAutofillSupported:Rt,isPlatformAuthenticatorSupported:jt,register:Pt})};export{Bt as PACKAGE_VERSION,yt as WebauthnCrossDeviceStatus,It as approve,Tt as authenticate,Ot as crossDevice,Kt as getDefaultPaths,s as initialize,Rt as isAutofillSupported,jt as isPlatformAuthenticatorSupported,Pt as register,Et as webauthn};