@transmitsecurity/platform-web-sdk 1.15.0

package/build/webauthn-entry.js

@@ -0,0 +1,19 @@
+// 🔐 WebAuthn-Only Entry Point for Perfect Tree-Shaking
+import { initialize } from './initialize-only';
+import * as webauthnModule from './webauthn';
+/**
+ * 🔐 **WebAuthn (Passwordless Authentication)** (~75KB bundle)
+ * Perfect for passwordless authentication
+ */
+export async function createWebAuthn(config) {
+    // ✅ Validation
+    if (!config.clientId) {
+        throw new Error('❌ clientId is required');
+    }
+    // 🔧 Initialize core
+    await initialize(config);
+    // 🔄 Return WebAuthn module
+    return webauthnModule;
+}
+// Export for WebSDK class compatibility
+export { createWebAuthn as webauthn };

package/build/webauthn.d.ts

@@ -0,0 +1,12 @@
+declare global {
+    interface Window {
+        __TS_WEB_SDK_INITIALIZED__?: boolean;
+        __TS_WEB_SDK_CONFIG__?: any;
+    }
+}
+export { initialize } from './initialize-only';
+export * from '@transmit-security/authentication-sdk';
+export declare const authenticate: (...args: any[]) => any;
+export declare const register: (...args: any[]) => any;
+export declare const crossDevice: (...args: any[]) => any;
+export type { authenticate as authenticateType, WebauthnApis, WebauthnAuthenticationFlows, AutofillHandlers, AuthenticationAutofillActivateHandlers, WebauthnRegistrationOptions, isAutofillSupported, SdkError, ErrorCode, isPlatformAuthenticatorSupported, register as registerType, crossDevice as crossDeviceType, CrossDeviceController, WebauthnCrossDeviceRegistrationOptions, WebauthnCrossDeviceFlows, getDefaultPaths } from '@transmit-security/authentication-sdk';

package/build/webauthn.js

@@ -0,0 +1,44 @@
+// WebAuthn module - clean entry point with global state awareness
+import { setInitConfig, getInitConfig } from '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata';
+import { emit } from '@transmit-security/web-sdk-common/dist/events';
+import { MODULE_INITIALIZED } from '@transmit-security/web-sdk-common/dist/events';
+// Function to sync global initialization state when needed
+function ensureInitialized() {
+    if (typeof window !== 'undefined' && window.__TS_WEB_SDK_INITIALIZED__ && window.__TS_WEB_SDK_CONFIG__) {
+        try {
+            const currentConfig = getInitConfig();
+            if (!currentConfig || !currentConfig.clientId) {
+                console.log('🔄 Syncing global initialization state to WebAuthn module');
+                setInitConfig(window.__TS_WEB_SDK_CONFIG__);
+                emit(MODULE_INITIALIZED, undefined);
+                return true;
+            }
+            return true;
+        }
+        catch (error) {
+            // If getInitConfig fails, it means common module is not initialized
+            console.log('🔄 Initializing WebAuthn module with global state');
+            setInitConfig(window.__TS_WEB_SDK_CONFIG__);
+            emit(MODULE_INITIALIZED, undefined);
+            return true;
+        }
+    }
+    return false;
+}
+// Import the original WebAuthn SDK
+import * as originalWebAuthn from '@transmit-security/authentication-sdk';
+// Create wrapper functions for the main WebAuthn methods
+function wrapWebAuthnMethod(methodName, originalMethod) {
+    return function (...args) {
+        ensureInitialized();
+        return originalMethod.apply(originalWebAuthn, args);
+    };
+}
+// Re-export initialize to ensure shared state
+export { initialize } from './initialize-only';
+// Export all WebAuthn functionality (re-export everything)
+export * from '@transmit-security/authentication-sdk';
+// Override the main methods with wrapped versions (if they exist)
+export const authenticate = originalWebAuthn.authenticate ? wrapWebAuthnMethod('authenticate', originalWebAuthn.authenticate) : originalWebAuthn.authenticate;
+export const register = originalWebAuthn.register ? wrapWebAuthnMethod('register', originalWebAuthn.register) : originalWebAuthn.register;
+export const crossDevice = originalWebAuthn.crossDevice ? wrapWebAuthnMethod('crossDevice', originalWebAuthn.crossDevice) : originalWebAuthn.crossDevice;

package/bundler-config.json

@@ -0,0 +1,15 @@
+{
+  "exports": {
+    "drs": "@transmit-security/riskid_sdk",
+    "idv": "@transmit-security/ts-identity-verification",
+    "webauthn": "@transmit-security/authentication-sdk"
+  },
+  "exportsFromDefault": {
+    "ido": "@transmit-security/ido-web-sdk"
+  },
+  "mainExport": "./build/mainExport",
+  "declarations": true,
+  "docs": true,
+  "minify": true,
+  "legacyBrowsers": true
+}

package/dist/docs/.nojekyll

@@ -0,0 +1 @@
+TypeDoc added this file to prevent GitHub Pages from using Jekyll. You can turn off this behavior by setting the `githubPages` option to false.

package/dist/docs/README.md

@@ -0,0 +1,72 @@
+# Transmit Security Platform Web SDK
+
+A comprehensive browser-based identity and security solution with fraud prevention, WebAuthn authentication, identity verification, and orchestration capabilities.
+
+## Installation
+
+```bash
+npm install @transmitsecurity/platform-web-sdk
+```
+
+## Quick Start
+
+### Recommended Usage (Full SDK Import)
+
+```js
+import { drs, webauthn, idv, ido, initialize } from '@transmitsecurity/platform-web-sdk';
+
+// Single initialize call for all modules
+await initialize({
+  clientId: 'your-client-id',
+  drs: { serverPath: 'https://api.transmitsecurity.io/risk-collect/' },
+  webauthn: { serverPath: 'https://api.transmitsecurity.io' }
+});
+
+// Use the modules
+await drs.triggerActionEvent('login', { correlationId: 'example' });
+const isSupported = await webauthn.isPlatformAuthenticatorSupported();
+```
+
+### Individual Module Imports (Limited Support)
+
+⚠️ **Note**: Individual module imports have dependency resolution issues in some bundlers (like Vite). Use full SDK import for better compatibility.
+
+```js
+// May cause dependency resolution errors in some environments
+import { drs, initialize } from '@transmitsecurity/platform-web-sdk/drs';
+import { webauthn } from '@transmitsecurity/platform-web-sdk/webauthn';
+
+// Single initialize call
+await initialize({
+  clientId: 'your-client-id',
+  drs: { serverPath: 'https://api.transmitsecurity.io/risk-collect/' },
+  webauthn: { serverPath: 'https://api.transmitsecurity.io' }
+});
+```
+
+## Bundle Size
+
+The SDK is optimized for production use:
+- **Gzipped**: ~180KB
+- **Uncompressed**: ~565KB
+- **Tree-shaking**: Modern bundlers eliminate unused code automatically
+
+## Troubleshooting
+
+### Vite Dependency Resolution Errors
+
+If you encounter errors like "Could not resolve @transmit-security/web-sdk-common", see [VITE_CONFIG.md](./VITE_CONFIG.md) for detailed solutions.
+
+**Quick fix**: Use the full SDK import instead of individual module imports.
+
+### Other Bundlers
+
+For webpack, Rollup, or other bundlers, the full SDK import should work without additional configuration.
+
+## Documentation
+
+For complete documentation, visit: https://github.com/transmitsecurity-dev/ciam-web-sdk
+
+## License
+
+SEE LICENSE IN LICENSE

package/dist/docs/enums/ErrorCode.md

@@ -0,0 +1,113 @@
+# Enumeration: ErrorCode
+
+## Enumeration Members
+
+### NotInitialized
+
+• **NotInitialized** = ``"not_initialized"``
+
+Either the SDK init call failed or another function was called before initializing the SDK
+
+___
+
+### AuthenticationFailed
+
+• **AuthenticationFailed** = ``"authentication_failed"``
+
+When the call to [startAuthentication](../interfaces/WebauthnApis.md#startauthentication) failed
+
+___
+
+### AuthenticationAbortedTimeout
+
+• **AuthenticationAbortedTimeout** = ``"authentication_aborted_timeout"``
+
+When [authenticate.modal](../interfaces/WebauthnAuthenticationFlows.md#modal) or [authenticate.autofill.activate](../interfaces/AutofillHandlers.md#activate) is called and the modal is closed by the user
+
+___
+
+### AuthenticationCanceled
+
+• **AuthenticationCanceled** = ``"webauthn_authentication_canceled"``
+
+When [register](../modules.md#register) is called and the modal is closed when reaching the timeout
+
+___
+
+### RegistrationFailed
+
+• **RegistrationFailed** = ``"registration_failed"``
+
+When the call to [startRegistration](../interfaces/WebauthnApis.md#startregistration) failed
+
+___
+
+### AlreadyRegistered
+
+• **AlreadyRegistered** = ``"username_already_registered"``
+
+/ When The user attempted to register an authenticator that contains one of the credentials already registered with the relying party.
+
+___
+
+### RegistrationAbortedTimeout
+
+• **RegistrationAbortedTimeout** = ``"registration_aborted_timeout"``
+
+When [register](../modules.md#register) is called and the modal is closed by the user
+
+___
+
+### RegistrationCanceled
+
+• **RegistrationCanceled** = ``"webauthn_registration_canceled"``
+
+When [register](../modules.md#register) is called and the modal is closed when reaching the timeout
+
+___
+
+### AutofillAuthenticationAborted
+
+• **AutofillAuthenticationAborted** = ``"autofill_authentication_aborted"``
+
+Passkey autofill authentication was aborted by [abort](../interfaces/AutofillHandlers.md#abort)
+
+___
+
+### AuthenticationProcessAlreadyActive
+
+• **AuthenticationProcessAlreadyActive** = ``"authentication_process_already_active"``
+
+Passkey authentication is already active. To start a new authentication, abort the current one first by calling [abort](../interfaces/AutofillHandlers.md#abort)
+
+___
+
+### InvalidApprovalData
+
+• **InvalidApprovalData** = ``"invalid_approval_data"``
+
+The ApprovalData parameter was sent in the wrong format
+
+___
+
+### FailedToInitCrossDeviceSession
+
+• **FailedToInitCrossDeviceSession** = ``"cross_device_init_failed"``
+
+When the call to [initCrossDeviceAuthentication](../interfaces/WebauthnApis.md#initcrossdeviceauthentication)  failed
+
+___
+
+### FailedToGetCrossDeviceStatus
+
+• **FailedToGetCrossDeviceStatus** = ``"cross_device_status_failed"``
+
+When the call to [getCrossDeviceTicketStatus](../interfaces/WebauthnApis.md#getcrossdeviceticketstatus)  failed
+
+___
+
+### Unknown
+
+• **Unknown** = ``"unknown"``
+
+When the SDK operation fails on an unhandled error

package/dist/docs/interfaces/ActionEventOptions.md

@@ -0,0 +1,44 @@
+# Interface: ActionEventOptions
+
+## Properties
+
+### correlationId
+
+• `Optional` **correlationId**: `string`
+
+Any ID that could help relate the action with external context or session
+
+___
+
+### claimedUserId
+
+• `Optional` **claimedUserId**: `string`
+
+User ID of the not yet authenticated user, used to enhance risk and
+trust assessments. Once the user is authenticated,
+TSAccountProtection.setAuthenticatedUser should be called.
+
+___
+
+### claimedUserIdType
+
+• `Optional` **claimedUserIdType**: `string`
+
+The reported claimedUserId type (if provided), should not contain PII unless it is hashed.
+Supported values: email, phone_number, account_id, ssn, national_id, passport_number, drivers_license_number, other.
+
+___
+
+### transactionData
+
+• `Optional` **transactionData**: `TransactionData`
+
+A transaction data-points object for transaction-monitoring
+
+___
+
+### customAttributes
+
+• `Optional` **customAttributes**: `Record`<`string`, `string` \| `number` \| `boolean`\>
+
+Custom attributes matching the schema previously defined in the Admin Portal

package/dist/docs/interfaces/ActionResponse.md

@@ -0,0 +1,9 @@
+# Interface: ActionResponse
+
+## Properties
+
+### actionToken
+
+• `Optional` **actionToken**: `string`
+
+The token return by the SDK when the action was reported

package/dist/docs/interfaces/AuthenticationAutofillActivateHandlers.md

@@ -0,0 +1,61 @@
+# Interface: AuthenticationAutofillActivateHandlers
+
+## Properties
+
+### onSuccess
+
+• **onSuccess**: (`webauthn_encoded_result`: `string`) => `Promise`<`void`\>
+
+#### Type declaration
+
+▸ (`webauthn_encoded_result`): `Promise`<`void`\>
+
+A Callback function that will be triggered once biometrics signing is completed successfully.
+
+##### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `webauthn_encoded_result` | `string` |
+
+##### Returns
+
+`Promise`<`void`\>
+
+___
+
+### onError
+
+• `Optional` **onError**: (`err`: [`SdkError`](SdkError.md)) => `Promise`<`void`\>
+
+#### Type declaration
+
+▸ (`err`): `Promise`<`void`\>
+
+A Callback function that will be triggered if authentication fails with an SdkError.
+
+##### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `err` | [`SdkError`](SdkError.md) |
+
+##### Returns
+
+`Promise`<`void`\>
+
+___
+
+### onReady
+
+• `Optional` **onReady**: () => `void`
+
+#### Type declaration
+
+▸ (): `void`
+
+A Callback function that will be triggered when challenge excepted from the service and autofill is ready to use.
+
+##### Returns
+
+`void`

package/dist/docs/interfaces/AutofillHandlers.md

@@ -0,0 +1,50 @@
+# Interface: AutofillHandlers
+
+## Methods
+
+### activate
+
+▸ **activate**(`handlers`, `username?`): `void`
+
+Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials using autofill, and then prompting the user for biometrics. In order to prompt this credentials list, the autocomplete="username webauthn" attribute **must** be defined on the username input box of the authentication page.<br/>
+If authentication is completed successfully, the `onSuccess` callback will be triggered with the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+If it fails, the `onError` callback will be triggered with an SdkError.
+
+**`Throws`**
+
+[NotInitialized](../enums/ErrorCode.md#notinitialized)
+
+**`Throws`**
+
+[AuthenticationFailed](../enums/ErrorCode.md#authenticationfailed)
+
+**`Throws`**
+
+[AuthenticationCanceled](../enums/ErrorCode.md#authenticationcanceled)
+
+**`Throws`**
+
+[AutofillAuthenticationAborted](../enums/ErrorCode.md#autofillauthenticationaborted)
+
+#### Parameters
+
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `handlers` | [`AuthenticationAutofillActivateHandlers`](AuthenticationAutofillActivateHandlers.md) | Handlers that will be invoked once the authentication is completed (success or failure) |
+| `username?` | `string` | Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey |
+
+#### Returns
+
+`void`
+
+___
+
+### abort
+
+▸ **abort**(): `void`
+
+Aborts a WebAuthn authentication. This method should be called after the passkey autofill is dismissed in order to be able to query existing passkeys once again. This will end the browser's  `navigator.credentials.get()` operation.
+
+#### Returns
+
+`void`

package/dist/docs/interfaces/CrossDeviceController.md

@@ -0,0 +1,27 @@
+# Interface: CrossDeviceController
+
+WebAuthn cross device handlers interfaces
+
+## Properties
+
+### crossDeviceTicketId
+
+• **crossDeviceTicketId**: `string`
+
+Ticket ID for this cross-device flow.
+
+___
+
+### stop
+
+• **stop**: () => `void`
+
+#### Type declaration
+
+▸ (): `void`
+
+Stops listening for events from devices in cross-device flows
+
+##### Returns
+
+`void`

package/dist/docs/interfaces/SdkError.md

@@ -0,0 +1,28 @@
+# Interface: SdkError
+
+Common interface for `Promise` rejections.
+Developers should handle according to the `errorCode`
+
+## Properties
+
+### errorCode
+
+• `Readonly` **errorCode**: [`ErrorCode`](../enums/ErrorCode.md)
+
+Error code from [ErrorCode](../enums/ErrorCode.md)
+
+___
+
+### message
+
+• `Readonly` **message**: `string`
+
+Error message
+
+___
+
+### data
+
+• `Optional` `Readonly` **data**: `any`
+
+Additional data

package/dist/docs/interfaces/WebauthnApis.md

@@ -0,0 +1,73 @@
+# Interface: WebauthnApis
+
+Alternate paths used by the SDK to route API calls to your proxy server.
+
+## Properties
+
+### startAuthentication
+
+• **startAuthentication**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/authenticate/start`
+
+___
+
+### startRegistration
+
+• **startRegistration**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/register/start`
+
+___
+
+### startCrossDeviceRegistration
+
+• **startCrossDeviceRegistration**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/cross-device/register/start`
+
+___
+
+### initCrossDeviceAuthentication
+
+• **initCrossDeviceAuthentication**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/cross-device/authenticate/init`
+
+___
+
+### startCrossDeviceAuthentication
+
+• **startCrossDeviceAuthentication**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/cross-device/authenticate/start`
+
+___
+
+### getCrossDeviceTicketStatus
+
+• **getCrossDeviceTicketStatus**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/cross-device/status`
+
+___
+
+### attachDeviceToCrossDeviceSession
+
+• **attachDeviceToCrossDeviceSession**: `string`
+
+**`Default Value`**
+
+`/v1/auth/webauthn/cross-device/attach-device`

package/dist/docs/interfaces/WebauthnAuthenticationFlows.md

@@ -0,0 +1,52 @@
+# Interface: WebauthnAuthenticationFlows
+
+## Methods
+
+### modal
+
+▸ **modal**(`username?`, `options?`): `Promise`<`string`\>
+
+Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
+If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
+If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
+
+**`Throws`**
+
+[NotInitialized](../enums/ErrorCode.md#notinitialized)
+
+**`Throws`**
+
+[AuthenticationFailed](../enums/ErrorCode.md#authenticationfailed)
+
+**`Throws`**
+
+[AuthenticationCanceled](../enums/ErrorCode.md#authenticationcanceled)
+
+**`Throws`**
+
+[InvalidApprovalData](../enums/ErrorCode.md#invalidapprovaldata)
+
+**`Throws`**
+
+[AuthenticationProcessAlreadyActive](../enums/ErrorCode.md#authenticationprocessalreadyactive)
+
+#### Parameters
+
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `username?` | `string` | Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey |
+| `options?` | `WebauthnAuthenticationOptions` | WebauthnAuthenticationOptions Options for the authentication process |
+
+#### Returns
+
+`Promise`<`string`\>
+
+Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
+
+## Properties
+
+### autofill
+
+• **autofill**: [`AutofillHandlers`](AutofillHandlers.md)
+
+Property used to implement credential selection via autofill UI.