@transmitsecurity/platform-web-sdk 1.16.2 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/CHANGELOG.md +10 -2
  2. package/README.md +69 -48
  3. package/dist/drs.cjs +1 -1
  4. package/dist/drs.d.ts +1 -14
  5. package/dist/drs.js +1 -1
  6. package/dist/ido.cjs +2 -2
  7. package/dist/ido.d.ts +889 -6
  8. package/dist/ido.js +1 -1
  9. package/dist/idv.cjs +1 -1
  10. package/dist/idv.d.ts +1 -7
  11. package/dist/idv.js +1 -1
  12. package/dist/index.cjs +2 -2
  13. package/dist/index.esm.js +2 -2
  14. package/dist/index.umd.js +2 -2
  15. package/dist/ts-platform-websdk.js +2 -2
  16. package/dist/web-sdk-drs+idv+webauthn+ido.js +2 -2
  17. package/dist/web-sdk.d.ts +1 -1
  18. package/dist/webauthn.cjs +1 -1
  19. package/dist/webauthn.d.ts +1 -9
  20. package/dist/webauthn.js +1 -1
  21. package/package.json +11 -12
  22. package/build/drs-entry.d.ts +0 -20
  23. package/build/drs-entry.js +0 -19
  24. package/build/drs-only.d.ts +0 -22
  25. package/build/drs-only.js +0 -25
  26. package/build/drs.d.ts +0 -28
  27. package/build/drs.js +0 -45
  28. package/build/ido/idoImpl.d.ts +0 -2
  29. package/build/ido/idoImpl.js +0 -4
  30. package/build/ido/index.d.ts +0 -7
  31. package/build/ido/index.js +0 -9
  32. package/build/ido-entry.d.ts +0 -17
  33. package/build/ido-entry.js +0 -19
  34. package/build/ido.d.ts +0 -18
  35. package/build/ido.js +0 -27
  36. package/build/idv-entry.d.ts +0 -17
  37. package/build/idv-entry.js +0 -19
  38. package/build/idv.d.ts +0 -18
  39. package/build/idv.js +0 -27
  40. package/build/initialize-only.d.ts +0 -7
  41. package/build/initialize-only.js +0 -40
  42. package/build/initialize.d.ts +0 -1
  43. package/build/initialize.js +0 -2
  44. package/build/mainExport.d.ts +0 -16
  45. package/build/mainExport.js +0 -43
  46. package/build/sdk-factory.d.ts +0 -109
  47. package/build/sdk-factory.js +0 -108
  48. package/build/shared-state.d.ts +0 -4
  49. package/build/shared-state.js +0 -32
  50. package/build/webauthn-entry.d.ts +0 -19
  51. package/build/webauthn-entry.js +0 -19
  52. package/build/webauthn.d.ts +0 -24
  53. package/build/webauthn.js +0 -44
  54. package/bundler-config.json +0 -14
  55. package/dist/docs/.nojekyll +0 -1
  56. package/dist/docs/README.md +0 -72
  57. package/dist/docs/enums/ErrorCode.md +0 -113
  58. package/dist/docs/interfaces/ActionEventOptions.md +0 -44
  59. package/dist/docs/interfaces/ActionResponse.md +0 -9
  60. package/dist/docs/interfaces/AuthenticationAutofillActivateHandlers.md +0 -61
  61. package/dist/docs/interfaces/AutofillHandlers.md +0 -50
  62. package/dist/docs/interfaces/CrossDeviceController.md +0 -27
  63. package/dist/docs/interfaces/SdkError.md +0 -28
  64. package/dist/docs/interfaces/WebauthnApis.md +0 -73
  65. package/dist/docs/interfaces/WebauthnAuthenticationFlows.md +0 -52
  66. package/dist/docs/interfaces/WebauthnCrossDeviceFlows.md +0 -107
  67. package/dist/docs/interfaces/WebauthnCrossDeviceRegistrationOptions.md +0 -23
  68. package/dist/docs/interfaces/WebauthnRegistrationOptions.md +0 -55
  69. package/dist/docs/interfaces/initConfigParams.md +0 -7
  70. package/dist/docs/modules/drs.md +0 -92
  71. package/dist/docs/modules/idv.md +0 -106
  72. package/dist/docs/modules/webauthn.md +0 -197
  73. package/dist/docs/modules.md +0 -146
  74. package/scripts/make-semver-aliases.sh +0 -11
  75. package/scripts/upload-dist.sh +0 -9
  76. package/src/mainExport.ts +0 -75
  77. package/src/tsconfig.json +0 -14
package/dist/web-sdk.d.ts CHANGED
@@ -1766,6 +1766,6 @@ declare class TSWebSDK {
1766
1766
  }
1767
1767
  declare const _default: TSWebSDK;
1768
1768
 
1769
- declare const PACKAGE_VERSION = "1.16.2";
1769
+ declare const PACKAGE_VERSION = "1.17.0";
1770
1770
 
1771
1771
  export { ActionEventOptions, ActionResponse, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceController, ErrorCode$1 as ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnAuthenticationFlows, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions, authenticate, crossDevice, _default as default, webSdkModule_d as drs, getDefaultPaths, instance as ido, index_d$1 as idv, initConfigParams, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, index_d as webauthn };
package/dist/webauthn.cjs CHANGED
@@ -1 +1 @@
1
- "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,s;null===(a=e.get(t))||void 0===a||a.forEach((s=t=>t(i),function(){try{return s(...arguments)}catch(t){console.log(t)}}))}let a=null;function s(t){a=t}var n=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:s});function r(e){s(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){d(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function d(t,e,i){return(e=u(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,s]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(s)?new s(t.slug):"function"==typeof s?s.bind(t):"object"==typeof s&&!Array.isArray(s)&&s?h(t,s):s})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const s=a.indexOf(i);-1!==s&&a.splice(s,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function f(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const w="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(w))}function S(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(w,JSON.stringify(a))}var A=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:w,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[s]=v(a,[this.slug.toString(),i]);return s[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return f(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);S(!!e.sessionOnly,(e=>{const[a,s]=v(e,[this.slug.toString(),i]);return delete a[t],s}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);S(!!i.sessionOnly,(i=>{const[s,n]=v(i,[this.slug.toString(),a]);return s[t]=e,n}))}});const C="RSA-PSS",_=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await _("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await _(C,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:C,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const s=a.result,n=s.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=n.objectStore(t);e(r),n.oncomplete=()=>{s.close()}}}put(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.put({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{s("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.add({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{const e=t.target.error;s(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.get(e);s.onsuccess=()=>{var t;s.result?i(null===(t=s.result)||void 0===t?void 0:t.value):i(void 0)},s.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.getAll(null,e);s.onsuccess=()=>{if(s.result){const t=s.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},s.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.delete(e);s.onsuccess=()=>{i()},s.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",x="RSA2048",j=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var s,n,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(s=this.options)||void 0===s?void 0:s.productScope);this.keysDatabaseName=c||!(null===(n=this.options)||void 0===n?void 0:n.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,s=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-s>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:x,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:x}),s=JSON.stringify(a);return{data:s,signature:await this.signPayload(s,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(j.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(C,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const s=(n=e||{},encodeURI(JSON.stringify(n)).split(/%..|./).length-1);var n;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(s)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function W(t,e,i,a,s){const n=z(t,a),r=J(e,i,s);return fetch(n,r)}async function L(t,e,i,a,s){let n;if(n=await W(t,e,i,a,s),!n.ok)throw new Error("Request failed");return n}var U=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await L(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await L(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const s=await L(t,"POST",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},httpPut:async function(t,e,i,a){const s=await L(t,"PUT",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},init:J}),V=y.create((()=>({events:g,moduleMetadata:n,mainEntry:o,utils:F,storage:A,crypto:N,indexedDB:E,logger:q,http:U})));class G{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class st extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class nt extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,ft,wt;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),exports.WebauthnCrossDeviceStatus=void 0,(vt=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",vt.Scanned="scanned",vt.Success="success",vt.Error="error",vt.Timeout="timeout",vt.Aborted="aborted",function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new nt:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new st:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(ft||(ft={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:G.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=G.base64ToArrayBuffer(t.challenge),a.user.id=G.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{authenticatorData:G.arrayBufferToBase64(i.authenticatorData),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON),signature:G.arrayBufferToBase64(i.signature),userHandle:G.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{attestationObject:G.arrayBufferToBase64(i.attestationObject),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(wt||(wt={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:s}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:s}).then((t=>{i(G.jsonToBase64(t))})).catch((t=>{const e=ft.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),s=a.credential_request_options,n=wt.processCredentialRequestOptions(s),r=this.getMediatedCredentialRequest(n,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function St(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class At{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;St(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const s=await pt.getCrossDeviceTicketStatus({ticketId:t}),n=s.status;if(n!==this.ticketStatus)switch(this.ticketStatus=n,n){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(s),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!s.session_id)throw new dt("Cross device session is complete without returning session_id",s);await e.onCredentialAuthenticate(s.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class Ct{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),s=wt.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),s.timeout);const n=await this.registerCredential(s),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:n,userAgent:navigator.userAgent};return G.jsonToBase64(r)}catch(t){throw ft.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw ft.toRegistrationError(t)}));return wt.encodeRegistrationResult(e)}}class _t{async modal(t){try{const e=await this.performApproval(t);return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&St(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=wt.processCredentialRequestOptions(i),s=await navigator.credentials.get({publicKey:a}).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(s),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new Ct,this._approvalHandler=new _t,this._crossDeviceHandler=new At(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new V("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:xt}=Rt,{isAutofillSupported:jt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:jt,isPlatformAuthenticatorSupported:xt,register:It})};exports.PACKAGE_VERSION="1.16.2",exports.approve=Tt,exports.authenticate=Pt,exports.crossDevice=Ot,exports.getDefaultPaths=Bt,exports.initialize=r,exports.isAutofillSupported=jt,exports.isPlatformAuthenticatorSupported=xt,exports.register=It,exports.webauthn=Nt;
1
+ "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,s;null===(a=e.get(t))||void 0===a||a.forEach((s=t=>t(i),function(){try{return s(...arguments)}catch(t){console.log(t)}}))}let a=null;function s(t){a=t}var n=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:s});function r(e){s(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){d(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function d(t,e,i){return(e=u(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,s]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(s)?new s(t.slug):"function"==typeof s?s.bind(t):"object"==typeof s&&!Array.isArray(s)&&s?h(t,s):s})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const s=a.indexOf(i);-1!==s&&a.splice(s,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function f(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const w="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(w))}function S(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(w,JSON.stringify(a))}var A=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:w,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[s]=v(a,[this.slug.toString(),i]);return s[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return f(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);S(!!e.sessionOnly,(e=>{const[a,s]=v(e,[this.slug.toString(),i]);return delete a[t],s}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);S(!!i.sessionOnly,(i=>{const[s,n]=v(i,[this.slug.toString(),a]);return s[t]=e,n}))}});const C="RSA-PSS",_=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await _("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await _(C,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:C,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const s=a.result,n=s.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=n.objectStore(t);e(r),n.oncomplete=()=>{s.close()}}}put(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.put({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{s("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.add({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{const e=t.target.error;s(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.get(e);s.onsuccess=()=>{var t;s.result?i(null===(t=s.result)||void 0===t?void 0:t.value):i(void 0)},s.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.getAll(null,e);s.onsuccess=()=>{if(s.result){const t=s.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},s.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.delete(e);s.onsuccess=()=>{i()},s.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",x="RSA2048",j=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var s,n,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(s=this.options)||void 0===s?void 0:s.productScope);this.keysDatabaseName=c||!(null===(n=this.options)||void 0===n?void 0:n.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,s=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-s>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:x,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:x}),s=JSON.stringify(a);return{data:s,signature:await this.signPayload(s,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(j.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(C,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const s=(n=e||{},encodeURI(JSON.stringify(n)).split(/%..|./).length-1);var n;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(s)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function W(t,e,i,a,s){const n=z(t,a),r=J(e,i,s);return fetch(n,r)}async function L(t,e,i,a,s){let n;if(n=await W(t,e,i,a,s),!n.ok)throw new Error("Request failed");return n}var U=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await L(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await L(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const s=await L(t,"POST",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},httpPut:async function(t,e,i,a){const s=await L(t,"PUT",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},init:J}),V=y.create((()=>({events:g,moduleMetadata:n,mainEntry:o,utils:F,storage:A,crypto:N,indexedDB:E,logger:q,http:U})));class G{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class st extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class nt extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,ft,wt;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),exports.WebauthnCrossDeviceStatus=void 0,(vt=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",vt.Scanned="scanned",vt.Success="success",vt.Error="error",vt.Timeout="timeout",vt.Aborted="aborted",function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new nt:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new st:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(ft||(ft={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:G.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=G.base64ToArrayBuffer(t.challenge),a.user.id=G.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{authenticatorData:G.arrayBufferToBase64(i.authenticatorData),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON),signature:G.arrayBufferToBase64(i.signature),userHandle:G.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{attestationObject:G.arrayBufferToBase64(i.attestationObject),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(wt||(wt={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:s}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:s}).then((t=>{i(G.jsonToBase64(t))})).catch((t=>{const e=ft.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),s=a.credential_request_options,n=wt.processCredentialRequestOptions(s),r=this.getMediatedCredentialRequest(n,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function St(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class At{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;St(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const s=await pt.getCrossDeviceTicketStatus({ticketId:t}),n=s.status;if(n!==this.ticketStatus)switch(this.ticketStatus=n,n){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(s),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!s.session_id)throw new dt("Cross device session is complete without returning session_id",s);await e.onCredentialAuthenticate(s.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class Ct{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),s=wt.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),s.timeout);const n=await this.registerCredential(s),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:n,userAgent:navigator.userAgent};return G.jsonToBase64(r)}catch(t){throw ft.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw ft.toRegistrationError(t)}));return wt.encodeRegistrationResult(e)}}class _t{async modal(t){try{const e=await this.performApproval(t);return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&St(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=wt.processCredentialRequestOptions(i),s=await navigator.credentials.get({publicKey:a}).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(s),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new Ct,this._approvalHandler=new _t,this._crossDeviceHandler=new At(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new V("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:xt}=Rt,{isAutofillSupported:jt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:jt,isPlatformAuthenticatorSupported:xt,register:It})};exports.PACKAGE_VERSION="1.17.0",exports.approve=Tt,exports.authenticate=Pt,exports.crossDevice=Ot,exports.getDefaultPaths=Bt,exports.initialize=r,exports.isAutofillSupported=jt,exports.isPlatformAuthenticatorSupported=xt,exports.register=It,exports.webauthn=Nt;
package/dist/webauthn.d.ts CHANGED
@@ -450,14 +450,6 @@ declare const isAutofillSupported: () => Promise<boolean>;
450
450
  declare const getDefaultPaths: () => WebauthnApis;
451
451
 
452
452
  declare const PACKAGE_VERSION: string;
453
- declare namespace webauthn {
454
- export function initialize(config: any): void;
455
- export * from "@transmit-security/authentication-sdk";
456
- export const authenticate: (...args: any[]) => any;
457
- export const register: (...args: any[]) => any;
458
- export const crossDevice: (...args: any[]) => any;
459
- }
460
-
461
453
  declare function initialize(config: any): void;
462
454
 
463
- export { ApiCrossDeviceStatusResponse, AttachDeviceResult, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceAuthenticationHandlers, CrossDeviceController, CrossDeviceRegistrationHandlers, ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnApprovalFlows, WebauthnAuthenticationFlows, WebauthnAuthenticationOptions, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnCrossDeviceStatus, WebauthnRegistrationOptions, approve, authenticate, crossDevice, getDefaultPaths, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, webauthn };
455
+ export { ApiCrossDeviceStatusResponse, AttachDeviceResult, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceAuthenticationHandlers, CrossDeviceController, CrossDeviceRegistrationHandlers, ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnApprovalFlows, WebauthnAuthenticationFlows, WebauthnAuthenticationOptions, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnCrossDeviceStatus, WebauthnRegistrationOptions, approve, authenticate, crossDevice, getDefaultPaths, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register };
package/dist/webauthn.js CHANGED
@@ -1 +1 @@
1
- "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,n;null===(a=e.get(t))||void 0===a||a.forEach((n=t=>t(i),function(){try{return n(...arguments)}catch(t){console.log(t)}}))}let a=null;function n(t){a=t}var s=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:n});function r(e){n(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){u(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function d(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function u(t,e,i){return(e=d(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,n]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(n)?new n(t.slug):"function"==typeof n?n.bind(t):"object"==typeof n&&!Array.isArray(n)&&n?h(t,n):n})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const n=a.indexOf(i);-1!==n&&a.splice(n,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function w(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const f="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(f))}function A(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(f,JSON.stringify(a))}var _=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:f,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[n]=v(a,[this.slug.toString(),i]);return n[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return w(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);A(!!e.sessionOnly,(e=>{const[a,n]=v(e,[this.slug.toString(),i]);return delete a[t],n}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);A(!!i.sessionOnly,(i=>{const[n,s]=v(i,[this.slug.toString(),a]);return n[t]=e,s}))}});const S="RSA-PSS",C=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await C("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await C(S,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:S,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const n=a.result,s=n.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=s.objectStore(t);e(r),s.oncomplete=()=>{n.close()}}}put(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.put({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.add({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{const e=t.target.error;n(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.get(e);n.onsuccess=()=>{var t;n.result?i(null===(t=n.result)||void 0===t?void 0:t.value):i(void 0)},n.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.getAll(null,e);n.onsuccess=()=>{if(n.result){const t=n.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},n.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.delete(e);n.onsuccess=()=>{i()},n.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",j="RSA2048",x=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var n,s,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(n=this.options)||void 0===n?void 0:n.productScope);this.keysDatabaseName=c||!(null===(s=this.options)||void 0===s?void 0:s.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,n=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-n>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:j,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:j}),n=JSON.stringify(a);return{data:n,signature:await this.signPayload(n,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(x.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(S,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const n=(s=e||{},encodeURI(JSON.stringify(s)).split(/%..|./).length-1);var s;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(n)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function L(t,e,i,a,n){const s=z(t,a),r=J(e,i,n);return fetch(s,r)}async function U(t,e,i,a,n){let s;if(s=await L(t,e,i,a,n),!s.ok)throw new Error("Request failed");return s}var V=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await U(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await U(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const n=await U(t,"POST",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},httpPut:async function(t,e,i,a){const n=await U(t,"PUT",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},init:J}),G=y.create((()=>({events:g,moduleMetadata:s,mainEntry:o,utils:F,storage:_,crypto:N,indexedDB:E,logger:q,http:V})));class W{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class nt extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class st extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,wt,ft;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),function(t){t.Pending="pending",t.Scanned="scanned",t.Success="success",t.Error="error",t.Timeout="timeout",t.Aborted="aborted"}(vt||(vt={})),function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new st:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new nt:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(wt||(wt={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:W.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=W.base64ToArrayBuffer(t.challenge),a.user.id=W.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{authenticatorData:W.arrayBufferToBase64(i.authenticatorData),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON),signature:W.arrayBufferToBase64(i.signature),userHandle:W.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{attestationObject:W.arrayBufferToBase64(i.attestationObject),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(ft||(ft={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:n}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:n}).then((t=>{i(W.jsonToBase64(t))})).catch((t=>{const e=wt.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),n=a.credential_request_options,s=ft.processCredentialRequestOptions(n),r=this.getMediatedCredentialRequest(s,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function At(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class _t{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;At(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const n=await pt.getCrossDeviceTicketStatus({ticketId:t}),s=n.status;if(s!==this.ticketStatus)switch(this.ticketStatus=s,s){case vt.Scanned:await e.onDeviceAttach();break;case vt.Error:case vt.Timeout:case vt.Aborted:await e.onFailure(n),null===(i=this.poller)||void 0===i||i.stop();break;case vt.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!n.session_id)throw new ut("Cross device session is complete without returning session_id",n);await e.onCredentialAuthenticate(n.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:vt.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class St{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),n=ft.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),n.timeout);const s=await this.registerCredential(n),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:s,userAgent:navigator.userAgent};return W.jsonToBase64(r)}catch(t){throw wt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw wt.toRegistrationError(t)}));return ft.encodeRegistrationResult(e)}}class Ct{async modal(t){try{const e=await this.performApproval(t);return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&At(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=ft.processCredentialRequestOptions(i),n=await navigator.credentials.get({publicKey:a}).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(n),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new St,this._approvalHandler=new Ct,this._crossDeviceHandler=new _t(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new G("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:jt}=Rt,{isAutofillSupported:xt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt="1.16.2",Et={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return vt},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:xt,isPlatformAuthenticatorSupported:jt,register:It})};export{Nt as PACKAGE_VERSION,vt as WebauthnCrossDeviceStatus,Tt as approve,Pt as authenticate,Ot as crossDevice,Bt as getDefaultPaths,r as initialize,xt as isAutofillSupported,jt as isPlatformAuthenticatorSupported,It as register,Et as webauthn};
1
+ "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,n;null===(a=e.get(t))||void 0===a||a.forEach((n=t=>t(i),function(){try{return n(...arguments)}catch(t){console.log(t)}}))}let a=null;function n(t){a=t}var s=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:n});function r(e){n(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){u(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function d(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function u(t,e,i){return(e=d(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,n]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(n)?new n(t.slug):"function"==typeof n?n.bind(t):"object"==typeof n&&!Array.isArray(n)&&n?h(t,n):n})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const n=a.indexOf(i);-1!==n&&a.splice(n,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function w(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const f="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(f))}function A(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(f,JSON.stringify(a))}var _=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:f,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[n]=v(a,[this.slug.toString(),i]);return n[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return w(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);A(!!e.sessionOnly,(e=>{const[a,n]=v(e,[this.slug.toString(),i]);return delete a[t],n}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);A(!!i.sessionOnly,(i=>{const[n,s]=v(i,[this.slug.toString(),a]);return n[t]=e,s}))}});const S="RSA-PSS",C=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await C("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await C(S,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:S,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const n=a.result,s=n.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=s.objectStore(t);e(r),s.oncomplete=()=>{n.close()}}}put(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.put({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.add({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{const e=t.target.error;n(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.get(e);n.onsuccess=()=>{var t;n.result?i(null===(t=n.result)||void 0===t?void 0:t.value):i(void 0)},n.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.getAll(null,e);n.onsuccess=()=>{if(n.result){const t=n.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},n.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.delete(e);n.onsuccess=()=>{i()},n.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",j="RSA2048",x=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var n,s,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(n=this.options)||void 0===n?void 0:n.productScope);this.keysDatabaseName=c||!(null===(s=this.options)||void 0===s?void 0:s.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,n=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-n>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:j,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:j}),n=JSON.stringify(a);return{data:n,signature:await this.signPayload(n,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(x.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(S,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const n=(s=e||{},encodeURI(JSON.stringify(s)).split(/%..|./).length-1);var s;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(n)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function L(t,e,i,a,n){const s=z(t,a),r=J(e,i,n);return fetch(s,r)}async function U(t,e,i,a,n){let s;if(s=await L(t,e,i,a,n),!s.ok)throw new Error("Request failed");return s}var V=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await U(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await U(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const n=await U(t,"POST",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},httpPut:async function(t,e,i,a){const n=await U(t,"PUT",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},init:J}),G=y.create((()=>({events:g,moduleMetadata:s,mainEntry:o,utils:F,storage:_,crypto:N,indexedDB:E,logger:q,http:V})));class W{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class nt extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class st extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,wt,ft;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),function(t){t.Pending="pending",t.Scanned="scanned",t.Success="success",t.Error="error",t.Timeout="timeout",t.Aborted="aborted"}(vt||(vt={})),function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new st:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new nt:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(wt||(wt={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:W.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=W.base64ToArrayBuffer(t.challenge),a.user.id=W.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{authenticatorData:W.arrayBufferToBase64(i.authenticatorData),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON),signature:W.arrayBufferToBase64(i.signature),userHandle:W.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{attestationObject:W.arrayBufferToBase64(i.attestationObject),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(ft||(ft={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:n}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:n}).then((t=>{i(W.jsonToBase64(t))})).catch((t=>{const e=wt.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),n=a.credential_request_options,s=ft.processCredentialRequestOptions(n),r=this.getMediatedCredentialRequest(s,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function At(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class _t{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;At(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const n=await pt.getCrossDeviceTicketStatus({ticketId:t}),s=n.status;if(s!==this.ticketStatus)switch(this.ticketStatus=s,s){case vt.Scanned:await e.onDeviceAttach();break;case vt.Error:case vt.Timeout:case vt.Aborted:await e.onFailure(n),null===(i=this.poller)||void 0===i||i.stop();break;case vt.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!n.session_id)throw new ut("Cross device session is complete without returning session_id",n);await e.onCredentialAuthenticate(n.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:vt.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class St{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),n=ft.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),n.timeout);const s=await this.registerCredential(n),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:s,userAgent:navigator.userAgent};return W.jsonToBase64(r)}catch(t){throw wt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw wt.toRegistrationError(t)}));return ft.encodeRegistrationResult(e)}}class Ct{async modal(t){try{const e=await this.performApproval(t);return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&At(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=ft.processCredentialRequestOptions(i),n=await navigator.credentials.get({publicKey:a}).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(n),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new St,this._approvalHandler=new Ct,this._crossDeviceHandler=new _t(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new G("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:jt}=Rt,{isAutofillSupported:xt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt="1.17.0",Et={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return vt},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:xt,isPlatformAuthenticatorSupported:jt,register:It})};export{Nt as PACKAGE_VERSION,vt as WebauthnCrossDeviceStatus,Tt as approve,Pt as authenticate,Ot as crossDevice,Bt as getDefaultPaths,r as initialize,xt as isAutofillSupported,jt as isPlatformAuthenticatorSupported,It as register,Et as webauthn};
package/package.json CHANGED
@@ -1,22 +1,20 @@
1
1
  {
2
2
  "name": "@transmitsecurity/platform-web-sdk",
3
- "version": "1.16.2",
3
+ "version": "1.17.0",
4
4
  "license": "SEE LICENSE IN LICENSE",
5
5
  "private": false,
6
+ "type": "module",
6
7
  "main": "dist/index.cjs",
7
8
  "module": "dist/index.esm.js",
8
9
  "browser": "dist/ts-platform-websdk.js",
9
10
  "types": "dist/web-sdk.d.ts",
10
11
  "sideEffects": false,
11
12
  "files": [
12
- "dist/**/*",
13
- "build/**/*",
14
- "src/**/*",
13
+ "dist/*.js",
14
+ "dist/*.cjs",
15
+ "dist/*.d.ts",
15
16
  "CHANGELOG.md",
16
- "bundler-config.json",
17
- "scripts/**/*",
18
- "README.md",
19
- "VITE_CONFIG.md"
17
+ "README.md"
20
18
  ],
21
19
  "repository": {
22
20
  "type": "git",
@@ -73,15 +71,16 @@
73
71
  "distribute:env": "./scripts/upload-dist.sh",
74
72
  "publish:npm": "npm publish --access public"
75
73
  },
74
+ "dependencies": {},
76
75
  "devDependencies": {
77
76
  "@rollup/plugin-json": "6.1.0",
78
- "@transmit-security/web-sdk-bundler": "0.1.14",
79
- "@types/node": "20.3.3",
80
77
  "@transmit-security/authentication-sdk": "4.12.0",
81
78
  "@transmit-security/ido-web-sdk": "0.0.73",
82
- "@transmit-security/riskid_sdk": "1.52.0",
79
+ "@transmit-security/riskid_sdk": "1.52.4",
83
80
  "@transmit-security/ts-identity-verification": "1.4.8",
84
- "@transmit-security/web-sdk-common": "1.2.0",
81
+ "@transmit-security/web-sdk-bundler": "0.1.14",
82
+ "@transmit-security/web-sdk-common": "1.2.1",
83
+ "@types/node": "20.3.3",
85
84
  "vite": "^5.0.0"
86
85
  },
87
86
  "engines": {
package/build/drs-entry.d.ts DELETED
@@ -1,20 +0,0 @@
1
- export interface DRSModule {
2
- triggerActionEvent: (action: string, options: any) => Promise<any>;
3
- setUser: (userId: string) => void;
4
- clearUser: () => void;
5
- }
6
- export interface SDKConfig {
7
- clientId: string;
8
- serverPath?: string;
9
- drs?: {
10
- serverPath?: string;
11
- verbose?: boolean;
12
- enableSessionToken?: boolean;
13
- };
14
- }
15
- /**
16
- * 🎯 **DRS (Device Risk & Security)** (~219KB bundle)
17
- * Perfect for fraud detection and risk assessment
18
- */
19
- export declare function createDRS(config: SDKConfig): Promise<any>;
20
- export { createDRS as drs };
package/build/drs-entry.js DELETED
@@ -1,19 +0,0 @@
1
- // 🎯 DRS-Only Entry Point for Perfect Tree-Shaking
2
- import { initialize } from './initialize-only';
3
- import * as drsModule from './drs';
4
- /**
5
- * 🎯 **DRS (Device Risk & Security)** (~219KB bundle)
6
- * Perfect for fraud detection and risk assessment
7
- */
8
- export async function createDRS(config) {
9
- // ✅ Validation
10
- if (!config.clientId) {
11
- throw new Error('❌ clientId is required');
12
- }
13
- // 🔧 Initialize core
14
- await initialize(config);
15
- // 🔄 Return DRS module
16
- return drsModule;
17
- }
18
- // Export for WebSDK class compatibility
19
- export { createDRS as drs };
package/build/drs-only.d.ts DELETED
@@ -1,22 +0,0 @@
1
- import * as drsModule from './drs';
2
- export interface SDKConfig {
3
- clientId: string;
4
- serverPath?: string;
5
- drs?: {
6
- serverPath?: string;
7
- verbose?: boolean;
8
- enableSessionToken?: boolean;
9
- };
10
- }
11
- /**
12
- * 🚀 **WebSDK** - DRS Only
13
- * Perfect tree-shaking with only DRS module (~219KB)
14
- */
15
- export declare class WebSDK {
16
- /**
17
- * 🎯 **DRS (Device Risk & Security)** (~219KB bundle)
18
- * Perfect for fraud detection and risk assessment
19
- */
20
- static drs(config: SDKConfig): Promise<typeof drsModule>;
21
- }
22
- export declare const PACKAGE_VERSION = "1.15.0";
package/build/drs-only.js DELETED
@@ -1,25 +0,0 @@
1
- // 🎯 DRS-Only Entry Point for Perfect Tree-Shaking
2
- import { initialize } from './initialize-only';
3
- import * as drsModule from './drs';
4
- /**
5
- * 🚀 **WebSDK** - DRS Only
6
- * Perfect tree-shaking with only DRS module (~219KB)
7
- */
8
- export class WebSDK {
9
- /**
10
- * 🎯 **DRS (Device Risk & Security)** (~219KB bundle)
11
- * Perfect for fraud detection and risk assessment
12
- */
13
- static async drs(config) {
14
- // ✅ Validation
15
- if (!config.clientId) {
16
- throw new Error('❌ clientId is required');
17
- }
18
- // 🔧 Initialize core
19
- await initialize(config);
20
- // 🔄 Return DRS module
21
- return drsModule;
22
- }
23
- }
24
- // Export version for compatibility
25
- export const PACKAGE_VERSION = '1.15.0';
package/build/drs.d.ts DELETED
@@ -1,28 +0,0 @@
1
- declare global {
2
- interface Window {
3
- __TS_WEB_SDK_INITIALIZED__?: boolean;
4
- __TS_WEB_SDK_CONFIG__?: any;
5
- }
6
- }
7
- export { initialize } from './initialize-only';
8
- export * from '@transmit-security/riskid_sdk';
9
- export declare const triggerActionEvent: (...args: any[]) => any;
10
- export declare const setUser: (...args: any[]) => any;
11
- export declare const setAuthenticatedUser: (...args: any[]) => any;
12
- export declare const clearUser: (...args: any[]) => any;
13
- export type { ActionEventOptions, ActionResponse } from "@transmit-security/riskid_sdk";
14
-
15
- // Default export for better TypeScript support
16
- declare const drs: {
17
- initialize: typeof initialize;
18
- triggerActionEvent: (...args: any[]) => any;
19
- setUser: (...args: any[]) => any;
20
- setAuthenticatedUser: (...args: any[]) => any;
21
- clearUser: (...args: any[]) => any;
22
- getSessionToken: (...args: any[]) => any;
23
- getActions: (...args: any[]) => any;
24
- identifyUser: (...args: any[]) => any;
25
- unidentifiedUser: (...args: any[]) => any;
26
- };
27
-
28
- export default drs;
package/build/drs.js DELETED
@@ -1,45 +0,0 @@
1
- // DRS module - clean entry point with global state awareness
2
- import { setInitConfig, getInitConfig } from '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata';
3
- import { emit } from '@transmit-security/web-sdk-common/dist/events';
4
- import { MODULE_INITIALIZED } from '@transmit-security/web-sdk-common/dist/events';
5
- // Function to sync global initialization state when needed
6
- function ensureInitialized() {
7
- if (typeof window !== 'undefined' && window.__TS_WEB_SDK_INITIALIZED__ && window.__TS_WEB_SDK_CONFIG__) {
8
- try {
9
- const currentConfig = getInitConfig();
10
- if (!currentConfig || !currentConfig.clientId) {
11
- console.log('🔄 Syncing global initialization state to DRS module');
12
- setInitConfig(window.__TS_WEB_SDK_CONFIG__);
13
- emit(MODULE_INITIALIZED, undefined);
14
- return true;
15
- }
16
- return true;
17
- }
18
- catch (error) {
19
- // If getInitConfig fails, it means common module is not initialized
20
- console.log('🔄 Initializing DRS module with global state');
21
- setInitConfig(window.__TS_WEB_SDK_CONFIG__);
22
- emit(MODULE_INITIALIZED, undefined);
23
- return true;
24
- }
25
- }
26
- return false;
27
- }
28
- // Import the original RiskID SDK
29
- import * as originalDRS from '@transmit-security/riskid_sdk';
30
- // Create wrapper functions for the main DRS methods
31
- function wrapDRSMethod(methodName, originalMethod) {
32
- return function (...args) {
33
- ensureInitialized();
34
- return originalMethod.apply(originalDRS, args);
35
- };
36
- }
37
- // Re-export initialize to ensure shared state
38
- export { initialize } from './initialize-only';
39
- // Export all DRS functionality (re-export everything)
40
- export * from '@transmit-security/riskid_sdk';
41
- // Override the main methods with wrapped versions
42
- export const triggerActionEvent = wrapDRSMethod('triggerActionEvent', originalDRS.triggerActionEvent);
43
- export const setUser = wrapDRSMethod('setUser', originalDRS.setUser);
44
- export const setAuthenticatedUser = wrapDRSMethod('setAuthenticatedUser', originalDRS.setAuthenticatedUser);
45
- export const clearUser = wrapDRSMethod('clearUser', originalDRS.clearUser);
package/build/ido/idoImpl.d.ts DELETED
@@ -1,2 +0,0 @@
1
- export * from '@transmit-security/ido-web-sdk';
2
- export { default as initializeIDO } from '@transmit-security/ido-web-sdk';
package/build/ido/idoImpl.js DELETED
@@ -1,4 +0,0 @@
1
- // Re-export everything from the actual IDO web SDK
2
- export * from '@transmit-security/ido-web-sdk';
3
- // Export specific functions that might be needed
4
- export { default as initializeIDO } from '@transmit-security/ido-web-sdk';