npm - @transmitsecurity/platform-web-sdk - Versions diffs - 1.16.2 → 1.17.1 - Mend

@transmitsecurity/platform-web-sdk 1.16.2 → 1.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

package/CHANGELOG.md +23 -2
package/README.md +69 -48
package/dist/web-sdk-drs+idv+webauthn+ido.js +2 -2
package/dist/web-sdk.d.ts +4 -16
package/package.json +12 -13
package/build/drs-entry.d.ts +0 -20
package/build/drs-entry.js +0 -19
package/build/drs-only.d.ts +0 -22
package/build/drs-only.js +0 -25
package/build/drs.d.ts +0 -28
package/build/drs.js +0 -45
package/build/ido/idoImpl.d.ts +0 -2
package/build/ido/idoImpl.js +0 -4
package/build/ido/index.d.ts +0 -7
package/build/ido/index.js +0 -9
package/build/ido-entry.d.ts +0 -17
package/build/ido-entry.js +0 -19
package/build/ido.d.ts +0 -18
package/build/ido.js +0 -27
package/build/idv-entry.d.ts +0 -17
package/build/idv-entry.js +0 -19
package/build/idv.d.ts +0 -18
package/build/idv.js +0 -27
package/build/initialize-only.d.ts +0 -7
package/build/initialize-only.js +0 -40
package/build/initialize.d.ts +0 -1
package/build/initialize.js +0 -2
package/build/mainExport.d.ts +0 -16
package/build/mainExport.js +0 -43
package/build/sdk-factory.d.ts +0 -109
package/build/sdk-factory.js +0 -108
package/build/shared-state.d.ts +0 -4
package/build/shared-state.js +0 -32
package/build/webauthn-entry.d.ts +0 -19
package/build/webauthn-entry.js +0 -19
package/build/webauthn.d.ts +0 -24
package/build/webauthn.js +0 -44
package/bundler-config.json +0 -14
package/dist/docs/.nojekyll +0 -1
package/dist/docs/README.md +0 -72
package/dist/docs/enums/ErrorCode.md +0 -113
package/dist/docs/interfaces/ActionEventOptions.md +0 -44
package/dist/docs/interfaces/ActionResponse.md +0 -9
package/dist/docs/interfaces/AuthenticationAutofillActivateHandlers.md +0 -61
package/dist/docs/interfaces/AutofillHandlers.md +0 -50
package/dist/docs/interfaces/CrossDeviceController.md +0 -27
package/dist/docs/interfaces/SdkError.md +0 -28
package/dist/docs/interfaces/WebauthnApis.md +0 -73
package/dist/docs/interfaces/WebauthnAuthenticationFlows.md +0 -52
package/dist/docs/interfaces/WebauthnCrossDeviceFlows.md +0 -107
package/dist/docs/interfaces/WebauthnCrossDeviceRegistrationOptions.md +0 -23
package/dist/docs/interfaces/WebauthnRegistrationOptions.md +0 -55
package/dist/docs/interfaces/initConfigParams.md +0 -7
package/dist/docs/modules/drs.md +0 -92
package/dist/docs/modules/idv.md +0 -106
package/dist/docs/modules/webauthn.md +0 -197
package/dist/docs/modules.md +0 -146
package/dist/drs.cjs +0 -1
package/dist/drs.d.ts +0 -248
package/dist/drs.js +0 -1
package/dist/ido.cjs +0 -3
package/dist/ido.d.ts +0 -57
package/dist/ido.js +0 -3
package/dist/idv.cjs +0 -1
package/dist/idv.d.ts +0 -69
package/dist/idv.js +0 -1
package/dist/index.cjs +0 -3
package/dist/index.esm.js +0 -3
package/dist/index.umd.js +0 -3
package/dist/ts-platform-websdk.js +0 -3
package/dist/webauthn.cjs +0 -1
package/dist/webauthn.d.ts +0 -463
package/dist/webauthn.js +0 -1
package/scripts/make-semver-aliases.sh +0 -11
package/scripts/upload-dist.sh +0 -9
package/src/mainExport.ts +0 -75
package/src/tsconfig.json +0 -14

package/dist/webauthn.cjs DELETED Viewed

@@ -1 +0,0 @@

- "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,s;null===(a=e.get(t))||void 0===a||a.forEach((s=t=>t(i),function(){try{return s(...arguments)}catch(t){console.log(t)}}))}let a=null;function s(t){a=t}var n=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:s});function r(e){s(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){d(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function d(t,e,i){return(e=u(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,s]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(s)?new s(t.slug):"function"==typeof s?s.bind(t):"object"==typeof s&&!Array.isArray(s)&&s?h(t,s):s})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const s=a.indexOf(i);-1!==s&&a.splice(s,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function f(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const w="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(w))}function S(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(w,JSON.stringify(a))}var A=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:w,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[s]=v(a,[this.slug.toString(),i]);return s[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return f(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);S(!!e.sessionOnly,(e=>{const[a,s]=v(e,[this.slug.toString(),i]);return delete a[t],s}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);S(!!i.sessionOnly,(i=>{const[s,n]=v(i,[this.slug.toString(),a]);return s[t]=e,n}))}});const C="RSA-PSS",_=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await _("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await _(C,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:C,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const s=a.result,n=s.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=n.objectStore(t);e(r),n.oncomplete=()=>{s.close()}}}put(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.put({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{s("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,s)=>{this.queryObjectStore(t,(t=>{const n=t.add({key:e,value:i});n.onsuccess=()=>{a(n.result)},n.onerror=t=>{const e=t.target.error;s(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.get(e);s.onsuccess=()=>{var t;s.result?i(null===(t=s.result)||void 0===t?void 0:t.value):i(void 0)},s.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.getAll(null,e);s.onsuccess=()=>{if(s.result){const t=s.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},s.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const s=t.delete(e);s.onsuccess=()=>{i()},s.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",x="RSA2048",j=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var s,n,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(s=this.options)||void 0===s?void 0:s.productScope);this.keysDatabaseName=c||!(null===(n=this.options)||void 0===n?void 0:n.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,s=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-s>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:x,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:x}),s=JSON.stringify(a);return{data:s,signature:await this.signPayload(s,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(j.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(C,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const s=(n=e||{},encodeURI(JSON.stringify(n)).split(/%..|./).length-1);var n;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(s)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function W(t,e,i,a,s){const n=z(t,a),r=J(e,i,s);return fetch(n,r)}async function L(t,e,i,a,s){let n;if(n=await W(t,e,i,a,s),!n.ok)throw new Error("Request failed");return n}var U=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await L(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await L(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const s=await L(t,"POST",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},httpPut:async function(t,e,i,a){const s=await L(t,"PUT",e,i,a);return l(l({data:await s.json()},s),{},{headers:s.headers})},init:J}),V=y.create((()=>({events:g,moduleMetadata:n,mainEntry:o,utils:F,storage:A,crypto:N,indexedDB:E,logger:q,http:U})));class G{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class st extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class nt extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,ft,wt;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),exports.WebauthnCrossDeviceStatus=void 0,(vt=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",vt.Scanned="scanned",vt.Success="success",vt.Error="error",vt.Timeout="timeout",vt.Aborted="aborted",function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new nt:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new st:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(ft||(ft={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:G.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=G.base64ToArrayBuffer(t.challenge),a.user.id=G.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:G.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{authenticatorData:G.arrayBufferToBase64(i.authenticatorData),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON),signature:G.arrayBufferToBase64(i.signature),userHandle:G.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:G.arrayBufferToBase64(t.rawId),response:{attestationObject:G.arrayBufferToBase64(i.attestationObject),clientDataJSON:G.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(wt||(wt={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:s}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:s}).then((t=>{i(G.jsonToBase64(t))})).catch((t=>{const e=ft.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),s=a.credential_request_options,n=wt.processCredentialRequestOptions(s),r=this.getMediatedCredentialRequest(n,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function St(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class At{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;St(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const s=await pt.getCrossDeviceTicketStatus({ticketId:t}),n=s.status;if(n!==this.ticketStatus)switch(this.ticketStatus=n,n){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(s),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!s.session_id)throw new dt("Cross device session is complete without returning session_id",s);await e.onCredentialAuthenticate(s.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class Ct{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),s=wt.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),s.timeout);const n=await this.registerCredential(s),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:n,userAgent:navigator.userAgent};return G.jsonToBase64(r)}catch(t){throw ft.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw ft.toRegistrationError(t)}));return wt.encodeRegistrationResult(e)}}class _t{async modal(t){try{const e=await this.performApproval(t);return G.jsonToBase64(e)}catch(t){throw ft.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&St(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=wt.processCredentialRequestOptions(i),s=await navigator.credentials.get({publicKey:a}).catch((t=>{throw ft.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:wt.encodeAuthenticationResult(s),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new Ct,this._approvalHandler=new _t,this._crossDeviceHandler=new At(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new V("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:xt}=Rt,{isAutofillSupported:jt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:jt,isPlatformAuthenticatorSupported:xt,register:It})};exports.PACKAGE_VERSION="1.16.2",exports.approve=Tt,exports.authenticate=Pt,exports.crossDevice=Ot,exports.getDefaultPaths=Bt,exports.initialize=r,exports.isAutofillSupported=jt,exports.isPlatformAuthenticatorSupported=xt,exports.register=It,exports.webauthn=Nt;

package/dist/webauthn.d.ts DELETED Viewed

@@ -1,463 +0,0 @@
-/**
- * Alternate paths used by the SDK to route API calls to your proxy server.
- */
-interface WebauthnApis {
-    /**
-     * @defaultValue `/v1/auth/webauthn/authenticate/start`
-     */
-    startAuthentication: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/register/start`
-     */
-    startRegistration: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/cross-device/register/start`
-     */
-    startCrossDeviceRegistration: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/init`
-     */
-    initCrossDeviceAuthentication: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/cross-device/authenticate/start`
-     */
-    startCrossDeviceAuthentication: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/cross-device/status`
-     */
-    getCrossDeviceTicketStatus: string;
-    /**
-     * @defaultValue `/v1/auth/webauthn/cross-device/attach-device`
-     */
-    attachDeviceToCrossDeviceSession: string;
-}
-/**
- * @private
- */
-interface WebAuthnInitOptions {
-    /**
-     * Base path for sending API requests. This would be either a Transmit Security API deployment URL
-     * such as documented for sandbox, or if you are proxying API requests from your backend - then the base path to your proxy.
-     */
-    serverPath: string;
-    /**
-     * Override endpoints when using a proxy server in case the proxy server implements its own paths.
-     */
-    webauthnApiPaths?: WebauthnApis;
-}
-/**
- * WebAuthn cross device interfaces
- */
-declare enum WebauthnCrossDeviceStatus {
-    Pending = "pending",
-    Scanned = "scanned",
-    Success = "success",
-    Error = "error",
-    Timeout = "timeout",
-    Aborted = "aborted"
-}
-/**
- * WebAuthn cross device handlers interfaces
- */
-interface CrossDeviceController {
-    /**
-     * Ticket ID for this cross-device flow.
-     */
-    crossDeviceTicketId: string;
-    /**
-     * Stops listening for events from devices in cross-device flows
-     */
-    stop: () => void;
-}
-/**
- * WebAuthn cross device status response interfaces
- */
-interface ApiCrossDeviceStatusResponse {
-    /**
-     * cross device status
-     */
-    status: WebauthnCrossDeviceStatus;
-    /**
-     * authentication session id
-     */
-    session_id?: string;
-}
-/**
- * WebAuthn cross device attach device result interfaces
- */
-interface AttachDeviceResult {
-    /**
-     * cross device status
-     */
-    status: WebauthnCrossDeviceStatus;
-    /**
-     * ticket creation timestamp
-     */
-    startedAt: string;
-    /**
-     * session's approval data (if exists)
-     */
-    approvalData?: Record<string, string>;
-}
-interface BaseCrossDeviceHandlers {
-    /**
-     * Called when the user has successfully attached a device to the cross-device flow using the {@link WebauthnCrossDeviceFlows.attachDevice} method.
-     */
-    onDeviceAttach: () => Promise<void>;
-    /**
-     * Called when there was an error in the cross-device flow with status response {@link ApiCrossDeviceStatusResponse}.
-     */
-    onFailure: (error: ApiCrossDeviceStatusResponse) => Promise<void>;
-}
-interface CrossDeviceAuthenticationHandlers extends BaseCrossDeviceHandlers {
-    /**
-     * Called upon successful webauthn authentication.
-     * @param sessionId Session ID that will be exchanged for the user's access and ID tokens using the /v1/auth/session/authenticate API
-     */
-    onCredentialAuthenticate: (sessionId: string) => Promise<void>;
-}
-interface CrossDeviceRegistrationHandlers extends BaseCrossDeviceHandlers {
-    /**
-     * Called upon successful webauthn registration.
-     */
-    onCredentialRegister: () => Promise<void>;
-}
-interface WebauthnCrossDeviceRegistrationOptions {
-    /**
-     * Allow registration using cross-platform authenticators, such as a USB security key or a different device. If enabled, cross-device authentication flows can be performed using the native browser experience (via QR code). default: True
-     */
-    allowCrossPlatformAuthenticators?: boolean;
-    /**
-     * Must be set to true to register credentials as passkeys when supported (except for Apple devices, which always register credentials as passkeys). default: True
-     */
-    registerAsDiscoverable?: boolean;
-}
-interface WebauthnRegistrationOptions extends WebauthnCrossDeviceRegistrationOptions {
-    /**
-     * Human-palatable name for the user account, only for display (max 64 characters). If not set, the username parameter will also act as the display name
-     */
-    displayName?: string;
-    /**
-     * The timeout in seconds for the registration process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.RegistrationAbortedTimeout}.
-     */
-    timeout?: number;
-    /**
-     * Set to True in order to limit the creation of multiple credentials for the same account on a single authenticator. default: False
-     */
-    limitSingleCredentialToDevice?: boolean;
-}
-interface WebauthnCrossDeviceFlows {
-    /**
-     * Initializes a cross device flow, such as when users request to login to a desktop using their mobile device. Once invoked, the SDK will start listening for events occurring on the other device,
-     * and calls your handlers when a state change is detected.
-     * These methods return a promise that resolves to a {@link CrossDeviceController} object, which allows you to stop listening to events and includes the cross-device ticket ID which is used when attaching another device to the flow.
-     */
-    init: {
-        /**
-         * Start a cross device registration flow
-         * This call receives a cross-device ticket ID, and a {@link CrossDeviceRegistrationHandlers} instance that contains your handlers for cross device events.
-         * For example, these handlers may update the UI or any other relevant application state.
-         * @throws {@link ErrorCode.NotInitialized}
-         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
-         */
-        registration: (params: {
-            crossDeviceTicketId: string;
-            handlers: CrossDeviceRegistrationHandlers;
-        }) => Promise<CrossDeviceController>;
-        /**
-         * Start a cross device authentication flow
-         * This call receives an optional username (if already known), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
-         * For example, these handlers may update the UI or any other relevant application state.
-         * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the attached device. If username is provided, this call must be invoked for a registered username.
-         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
-         * @throws {@link ErrorCode.NotInitialized}
-         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
-         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
-         */
-        authentication: (params: {
-            username?: string;
-            handlers: CrossDeviceAuthenticationHandlers;
-        }) => Promise<CrossDeviceController>;
-        /**
-         * Start a cross device approval flow
-         * This call receives a optional username, approval data (data to be signed using a passkey), and a {@link CrossDeviceAuthenticationHandlers} instance that contains your handlers for cross device events.
-         * For example, these handlers may update the UI or any other relevant application state.
-         * This call must be invoked for a registered username.
-         * If the target username is not registered, an SdkError will be thrown when trying to authenticate in the attached device.<br/>
-         * @throws {@link ErrorCode.NotInitialized}
-         * @throws {@link ErrorCode.InvalidApprovalData}
-         * @throws {@link ErrorCode.FailedToInitCrossDeviceSession}
-         * @returns {@link CrossDeviceController} - Object that allows you to stop the event loop, and obtain the cross-device ticket ID.
-         */
-        approval: (params: {
-            username: string;
-            approvalData: Record<string, string>;
-            handlers: CrossDeviceAuthenticationHandlers;
-        }) => Promise<CrossDeviceController>;
-    };
-    authenticate: {
-        /**
-         * Invokes a WebAuthn authentication for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
-         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
-         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
-         * @throws {@link ErrorCode.NotInitialized}
-         * @throws {@link ErrorCode.AuthenticationFailed}
-         * @throws {@link ErrorCode.AuthenticationCanceled}
-         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
-         */
-        modal: (crossDeviceTicketId: string) => Promise<string>;
-    };
-    approve: {
-        /**
-         * Invokes a WebAuthn approval for the user used in the cross device session init, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
-         * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-         * Once tokens are retrieved, {@link CrossDeviceAuthenticationHandlers.onCredentialAuthenticate} will be called with a session ID that can also be used to retrieve tokens.
-         * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
-         * @throws {@link ErrorCode.NotInitialized}
-         * @throws {@link ErrorCode.AuthenticationFailed}
-         * @throws {@link ErrorCode.AuthenticationCanceled}
-         * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
-         */
-        modal: (crossDeviceTicketId: string) => Promise<string>;
-    };
-    /**
-     * Invokes a WebAuthn credential registration for the user used in the cross device session init, including prompting the user for biometrics.
-     * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
-     * If registration fails, an SdkError will be thrown.
-     * If the backend registration call was successful, {@link CrossDeviceRegistrationHandlers.onCredentialRegister} will be called.
-     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
-     * @param options Additional configuration for registration flow
-     * @throws {@link ErrorCode.NotInitialized}
-     * @throws {@link ErrorCode.RegistrationFailed}
-     * @throws {@link ErrorCode.RegistrationCanceled}
-     */
-    register: (crossDeviceTicketId: string, options?: WebauthnCrossDeviceRegistrationOptions) => Promise<string>;
-    /**
-     * Indicates when a session is accepted on another device in cross-device flows.
-     *
-     * If successful,{@link CrossDeviceRegistrationHandlers.onDeviceAttach} will be called in registration flow and {@link CrossDeviceAuthenticationHandlers.onDeviceAttach} for authentication.
-     * @param crossDeviceTicketId Ticket ID of the cross-device flow. retrieved from the {@link CrossDeviceController} object.
-     * @returns AttachDeviceResult {@link AttachDeviceResult}. Object containing the ticket status, creation timestamp, and approval data (if passed in the init.authentication() call)
-     */
-    attachDevice: (crossDeviceTicketId: string) => Promise<AttachDeviceResult>;
-}
-/**
- * @enum
- */
-declare enum ErrorCode {
-    /**
-     * Either the SDK init call failed or another function was called before initializing the SDK
-     */
-    NotInitialized = "not_initialized",
-    /**
-     * When the call to {@link WebauthnApis.startAuthentication} failed
-     */
-    AuthenticationFailed = "authentication_failed",
-    /**
-     * When {@link  WebauthnAuthenticationFlows.modal authenticate.modal} or {@link  AutofillHandlers.activate authenticate.autofill.activate} is called and the modal is closed by the user
-     */
-    AuthenticationAbortedTimeout = "authentication_aborted_timeout",
-    /**
-     * When {@link register} is called and the modal is closed when reaching the timeout
-     */
-    AuthenticationCanceled = "webauthn_authentication_canceled",
-    /**
-     * When the call to {@link WebauthnApis.startRegistration} failed
-     */
-    RegistrationFailed = "registration_failed",
-    /**
-    / When The user attempted to register an authenticator that contains one of the credentials already registered with the relying party.
-     */
-    AlreadyRegistered = "username_already_registered",
-    /**
-     * When {@link register} is called and the modal is closed by the user
-     */
-    RegistrationAbortedTimeout = "registration_aborted_timeout",
-    /**
-     * When {@link register} is called and the modal is closed when reaching the timeout
-     */
-    RegistrationCanceled = "webauthn_registration_canceled",
-    /**
-     * Passkey autofill authentication was aborted by {@link AutofillHandlers.abort}
-     */
-    AutofillAuthenticationAborted = "autofill_authentication_aborted",
-    /**
-     * Passkey authentication is already active. To start a new authentication, abort the current one first by calling {@link AutofillHandlers.abort}
-     */
-    AuthenticationProcessAlreadyActive = "authentication_process_already_active",
-    /**
-     * The ApprovalData parameter was sent in the wrong format
-     */
-    InvalidApprovalData = "invalid_approval_data",
-    /**
-     * When the call to {@link WebauthnApis.initCrossDeviceAuthentication}  failed   */
-    FailedToInitCrossDeviceSession = "cross_device_init_failed",
-    /**
-     * When the call to {@link WebauthnApis.getCrossDeviceTicketStatus}  failed   */
-    FailedToGetCrossDeviceStatus = "cross_device_status_failed",
-    /**
-     * When the SDK operation fails on an unhandled error
-     */
-    Unknown = "unknown"
-}
-/**
- * Common interface for `Promise` rejections.
- * Developers should handle according to the `errorCode`
- */
-interface SdkError {
-    /**
-     * Error code from {@link ErrorCode}
-     */
-    readonly errorCode: ErrorCode;
-    /**
-     * Error message
-     */
-    readonly message: string;
-    /**
-     * Additional data
-     */
-    readonly data?: any;
-}
-interface AuthenticationAutofillActivateHandlers {
-    /**
-     * A Callback function that will be triggered once biometrics signing is completed successfully.
-     * @param webauthn_encoded_result
-     */
-    onSuccess: (webauthn_encoded_result: string) => Promise<void>;
-    /**
-     * A Callback function that will be triggered if authentication fails with an SdkError.
-     * @param err
-     */
-    onError?: (err: SdkError) => Promise<void>;
-    /**
-     * A Callback function that will be triggered when challenge excepted from the service and autofill is ready to use.
-     */
-    onReady?: () => void;
-}
-interface AutofillHandlers {
-    /**
-     * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials using autofill, and then prompting the user for biometrics. In order to prompt this credentials list, the autocomplete="username webauthn" attribute **must** be defined on the username input box of the authentication page.<br/>
-     * If authentication is completed successfully, the `onSuccess` callback will be triggered with the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-     * If it fails, the `onError` callback will be triggered with an SdkError.
-     * @throws {@link ErrorCode.NotInitialized}
-     * @throws {@link ErrorCode.AuthenticationFailed}
-     * @throws {@link ErrorCode.AuthenticationCanceled}
-     * @throws {@link ErrorCode.AutofillAuthenticationAborted}
-     * @param handlers Handlers that will be invoked once the authentication is completed (success or failure)
-     * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
-     */
-    activate(handlers: AuthenticationAutofillActivateHandlers, username?: string): void;
-    /**
-     * Aborts a WebAuthn authentication. This method should be called after the passkey autofill is dismissed in order to be able to query existing passkeys once again. This will end the browser's  `navigator.credentials.get()` operation.
-     */
-    abort(): void;
-}
-interface WebauthnAuthenticationOptions {
-    /**
-     * The timeout in seconds for the authentication process. If the timeout is reached, the registration process will be aborted with error {@link ErrorCode.AuthenticationAbortedTimeout}.
-     */
-    timeout?: number;
-}
-interface WebauthnAuthenticationFlows {
-    /**
-       * Invokes a WebAuthn authentication, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
-       * If username isn't provided, it will promote a modal with a list of all discoverable credentials on the device. If username is provided, this call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
-       * If authentication is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-       * @param username Name of user account, as used in the WebAuthn registration. If not provided, the authentication will start without the context of a user and it will be inferred by the chosen passkey
-       * @param options {@link WebauthnAuthenticationOptions} Options for the authentication process
-       * @throws {@link ErrorCode.NotInitialized}
-       * @throws {@link ErrorCode.AuthenticationFailed}
-       * @throws {@link ErrorCode.AuthenticationCanceled}
-       * @throws {@link ErrorCode.InvalidApprovalData}
-       * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
-       * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
-       */
-    modal(username?: string, options?: WebauthnAuthenticationOptions): Promise<string>;
-    /**
-     * Property used to implement credential selection via autofill UI.
-     */
-    autofill: AutofillHandlers;
-}
-interface WebauthnApprovalFlows {
-    /**
-     * Invokes a WebAuthn approval, including prompting the user to select from a list of registered credentials, and then prompting the user for biometrics. The credentials list is displayed using the native browser modal.<br/>
-     * This call must be invoked for a registered username. If the target username is not registered or in case of any other failure, an SdkError will be thrown.<br/>
-     * If approval is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential) to retrieve user tokens.<br/>
-     * @param username Name of user account, as used in the WebAuthn registration.
-     * @param approvalData Data that represents the approval to be signed with a passkey
-     * @throws {@link ErrorCode.NotInitialized}
-     * @throws {@link ErrorCode.InvalidApprovalData}
-     * @throws {@link ErrorCode.AuthenticationFailed}
-     * @throws {@link ErrorCode.AuthenticationCanceled}
-     * @throws {@link ErrorCode.AuthenticationProcessAlreadyActive}
-     * @returns Base64-encoded object, which contains the credential result. This encoded result will be used to fetch user tokens via the [backend authentication endpoint](/openapi/user/backend-webauthn/#operation/authenticateWebauthnCredential).
-     */
-    modal(username: string | undefined, approvalData: Record<string, string>): Promise<string>;
-}
-declare module '@transmit-security/web-sdk-common/dist/module-metadata/module-metadata' {
-    interface initConfigParams {
-        webauthn?: WebAuthnInitOptions;
-    }
-}
-/**
- * Returns the authentication flows for webauthn
- */
-declare const authenticate: WebauthnAuthenticationFlows;
-declare const approve: WebauthnApprovalFlows;
-/**
- * Invokes a WebAuthn credential registration for the specified user, including prompting the user for biometrics.
- * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
- *
- * If registration fails, an SdkError will be thrown.
- *
- * @param username WebAuthn username to register
- * @param options Additional configuration for registration flow
- * @throws {@link ErrorCode.NotInitialized}
- * @throws {@link ErrorCode.RegistrationFailed}
- * @throws {@link ErrorCode.RegistrationCanceled}
- */
-declare function register(username: string, options?: WebauthnRegistrationOptions): Promise<string>;
-/**
- * Returns webauthn cross device flows
- * @type WebauthnCrossDeviceFlows
- */
-declare const crossDevice: WebauthnCrossDeviceFlows;
-/**
- * Indicates whether this browser supports WebAuthn, and has a platform authenticator
- */
-declare const isPlatformAuthenticatorSupported: () => Promise<boolean | undefined>;
-/**
- * Indicates whether this browser supports Passkey Autofill
- */
-declare const isAutofillSupported: () => Promise<boolean>;
-/**
- * Returns the default API paths for webauthn
- */
-declare const getDefaultPaths: () => WebauthnApis;
-declare const PACKAGE_VERSION: string;
-declare namespace webauthn {
-  export function initialize(config: any): void;
-  export * from "@transmit-security/authentication-sdk";
-  export const authenticate: (...args: any[]) => any;
-  export const register: (...args: any[]) => any;
-  export const crossDevice: (...args: any[]) => any;
-}
-declare function initialize(config: any): void;
-export { ApiCrossDeviceStatusResponse, AttachDeviceResult, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceAuthenticationHandlers, CrossDeviceController, CrossDeviceRegistrationHandlers, ErrorCode, PACKAGE_VERSION, SdkError, WebauthnApis, WebauthnApprovalFlows, WebauthnAuthenticationFlows, WebauthnAuthenticationOptions, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnCrossDeviceStatus, WebauthnRegistrationOptions, approve, authenticate, crossDevice, getDefaultPaths, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, webauthn };

package/dist/webauthn.js DELETED Viewed

@@ -1 +0,0 @@

- "undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,n;null===(a=e.get(t))||void 0===a||a.forEach((n=t=>t(i),function(){try{return n(...arguments)}catch(t){console.log(t)}}))}let a=null;function n(t){a=t}var s=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:n});function r(e){n(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:r});function c(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function l(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?c(Object(i),!0).forEach((function(e){u(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):c(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function d(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:String(e)}function u(t,e,i){return(e=d(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function h(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,n]=i;return l(l({},e),{},{[a]:y.isPrototypeOf(n)?new n(t.slug):"function"==typeof n?n.bind(t):"object"==typeof n&&!Array.isArray(n)&&n?h(t,n):n})}),{})}class y{constructor(t){this.slug=t}static create(t){return class extends y{constructor(e){super(e),Object.assign(this,h(this,t(this)))}}}}var p=Object.freeze({__proto__:null,Agent:y}),g=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const n=a.indexOf(i);-1!==n&&a.splice(n,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function v(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}function w(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i))&&(i=i[t],!0)),t)}const f="tsec",m="general";function b(t){return t?m:a.clientId}function D(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(f))}function A(t,e){const i=t?sessionStorage:localStorage,a=e(D(t));i.setItem(f,JSON.stringify(a))}var _=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:f,GENERAL_ID_KEY:m,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly),[n]=v(a,[this.slug.toString(),i]);return n[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral),a=D(!!e.sessionOnly);return w(a,[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=b(!!e.isGeneral);A(!!e.sessionOnly,(e=>{const[a,n]=v(e,[this.slug.toString(),i]);return delete a[t],n}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=b(!!i.isGeneral);A(!!i.sessionOnly,(i=>{const[n,s]=v(i,[this.slug.toString(),a]);return n[t]=e,s}))}});const S="RSA-PSS",C=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),K=async()=>await C("RSA-OAEP",["encrypt","decrypt"]),k=async()=>await C(S,["sign"]),R=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:S,saltLength:32},t,i)};class P{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=(window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB).open(`${this.slug}:${this.dbName}`,this.dbVersion||1);a.onupgradeneeded=()=>{var e;const i=a.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},a.onsuccess=()=>{const n=a.result,s=n.transaction(t,(null==i?void 0:i.operation)||"readwrite"),r=s.objectStore(t);e(r),s.oncomplete=()=>{n.close()}}}put(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.put({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const s=t.add({key:e,value:i});s.onsuccess=()=>{a(s.result)},s.onerror=t=>{const e=t.target.error;n(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.get(e);n.onsuccess=()=>{var t;n.result?i(null===(t=n.result)||void 0===t?void 0:t.value):i(void 0)},n.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.getAll(null,e);n.onsuccess=()=>{if(n.result){const t=n.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},n.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.delete(e);n.onsuccess=()=>{i()},n.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}}const T="platform",I="init",O="completed",j="RSA2048",x=[I,O];class B{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var n,s,r,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(n=this.options)||void 0===n?void 0:n.productScope);this.keysDatabaseName=c||!(null===(s=this.options)||void 0===s?void 0:s.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(r=this.options)||void 0===r?void 0:r.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName,this.indexedDBClient=new P(c?T:t.slug,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new P((c?T:t.slug)+`:${a.clientId}`,this.keysDatabaseName,this.dbVersion)}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await k():await K()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return l(l({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,n=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-n>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=l(l({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await R(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:j,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=l(l({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:j}),n=JSON.stringify(a);return{data:n,signature:await this.signPayload(n,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await R(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(x.includes(t))if(t===I){const t=await this.extractPendingRotatedKeysData();if(t){await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKey());const e=l(l({},t),{},{confirmed:!1});await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),e),await this.indexedDBClient.delete(this.keysStoreName,this.getRotatedKeysRecordKeyPending());const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===O){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),l(l({},t),{},{confirmed:!0}))}}}var N=Object.freeze({__proto__:null,createCryptoBinding:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",e=arguments.length>1?arguments[1]:void 0;return new B(this,t,e)},generateRSAKeyPair:K,generateRSASignKeyPair:k,signAssymetric:R,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(S,t,i,a)}}),E=Object.freeze({__proto__:null});const H=y.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var F=y.create((()=>l({exceptions:H},p)));class M{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var q=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];return new M(this,t)}});function z(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const $={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function J(t,e,i){var a;const n=(s=e||{},encodeURI(JSON.stringify(s)).split(/%..|./).length-1);var s;return{method:t,headers:l(l(l({},{"X-TS-body-size":String(n)}),$),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function L(t,e,i,a,n){const s=z(t,a),r=J(e,i,n);return fetch(s,r)}async function U(t,e,i,a,n){let s;if(s=await L(t,e,i,a,n),!s.ok)throw new Error("Request failed");return s}var V=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await U(t,"DELETE",void 0,void 0,e);return l(l({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await U(t,"GET",void 0,e,i);return l(l({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const n=await U(t,"POST",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},httpPut:async function(t,e,i,a){const n=await U(t,"PUT",e,i,a);return l(l({data:await n.json()},n),{},{headers:n.headers})},init:J}),G=y.create((()=>({events:g,moduleMetadata:s,mainEntry:o,utils:F,storage:_,crypto:N,indexedDB:E,logger:q,http:V})));class W{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const Z={log:console.log,error:console.error};var X,Y;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(X||(X={}));class Q extends Error{constructor(t,e){super(t),this.errorCode=X.NotInitialized,this.data=e}}class tt extends Q{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=X.NotInitialized}}class et extends Q{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=X.AuthenticationFailed}}class it extends Q{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=X.AuthenticationCanceled}}class at extends Q{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=X.RegistrationFailed}}class nt extends Q{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=X.RegistrationCanceled}}class st extends Q{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=X.AutofillAuthenticationAborted}}class rt extends Q{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=X.AutofillAuthenticationAborted}}class ot extends Q{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=X.AlreadyRegistered}}class ct extends Q{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=X.AuthenticationProcessAlreadyActive}}class lt extends Q{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=X.InvalidApprovalData}}class dt extends Q{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=X.FailedToInitCrossDeviceSession}}class ut extends Q{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=X.FailedToGetCrossDeviceStatus}}function ht(t){return t.errorCode&&Object.values(X).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(Y||(Y={}));class yt{static get(t){return yt.getStorageMedium(yt.allowedKeys[t]).getItem(yt.getStorageKey(t))||void 0}static set(t,e){return yt.getStorageMedium(yt.allowedKeys[t]).setItem(yt.getStorageKey(t),e)}static remove(t){yt.getStorageMedium(yt.allowedKeys[t]).removeItem(yt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(yt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||yt.getStorageMedium(i).removeItem(yt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===Y.session?sessionStorage:localStorage}}yt.allowedKeys={clientId:Y.session},yt.configurationKeys=["clientId"];class pt{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,yt.set("clientId",t)}catch(t){throw new tt("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){Z.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new et("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(l(l({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new dt(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new ut(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new et("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new at("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:yt.get("clientId");if(!e)throw new tt("Missing clientId");return e}}var gt,vt,wt,ft;pt.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(gt||(gt={})),function(t){t.Pending="pending",t.Scanned="scanned",t.Success="success",t.Error="error",t.Timeout="timeout",t.Aborted="aborted"}(vt||(vt={})),function(t){t.toAuthenticationError=t=>ht(t)?t:"NotAllowedError"===t.name?new it:"OperationError"===t.name?new ct(t.message):"SecurityError"===t.name?new et(t.message):t===X.AuthenticationAbortedTimeout?new rt:"AbortError"===t.name||t===X.AutofillAuthenticationAborted?new st:new et("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>ht(t)?t:"NotAllowedError"===t.name?new nt:"SecurityError"===t.name?new at(t.message):"InvalidStateError"===t.name?new ot:t===X.RegistrationAbortedTimeout?new rt:new at("Something went wrong during registration",{error:t})}(wt||(wt={})),function(t){t.processCredentialRequestOptions=t=>l(l({},t),{},{challenge:W.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=W.base64ToArrayBuffer(t.challenge),a.user.id=W.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>l(l({},t),{},{id:W.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{authenticatorData:W.arrayBufferToBase64(i.authenticatorData),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON),signature:W.arrayBufferToBase64(i.signature),userHandle:W.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:W.arrayBufferToBase64(t.rawId),response:{attestationObject:W.arrayBufferToBase64(i.attestationObject),clientDataJSON:W.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(ft||(ft={}));class mt{async modal(t){try{const e=await this.performAuthentication(l(l({},t),{},{mediationType:gt.Modal}));return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:n}=t;this.performAuthentication({username:e,mediationType:gt.InputAutofill,onReady:n}).then((t=>{i(W.jsonToBase64(t))})).catch((t=>{const e=wt.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(X.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(X.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),n=a.credential_request_options,s=ft.processCredentialRequestOptions(n),r=this.getMediatedCredentialRequest(s,t.mediationType);t.mediationType===gt.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(r).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===gt.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class bt{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const Dt=/^[A-Za-z0-9\-_.: ]*$/;function At(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>Dt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw Z.error("Failed validating approval data"),new lt("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class _t{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await pt.initCrossDeviceAuthentication(l({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;At(i);const a=(await pt.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=vt.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await pt.attachDeviceToCrossDeviceSession({ticketId:t});return l({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new bt((async()=>{var i,a;const n=await pt.getCrossDeviceTicketStatus({ticketId:t}),s=n.status;if(s!==this.ticketStatus)switch(this.ticketStatus=s,s){case vt.Scanned:await e.onDeviceAttach();break;case vt.Error:case vt.Timeout:case vt.Aborted:await e.onFailure(n),null===(i=this.poller)||void 0===i||i.stop();break;case vt.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!n.session_id)throw new ut("Cross device session is complete without returning session_id",n);await e.onCredentialAuthenticate(n.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:vt.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class St{async register(t,e){this.abortController=new AbortController;const i=l({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await pt.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await pt.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),n=ft.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),n.timeout);const s=await this.registerCredential(n),r={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:s,userAgent:navigator.userAgent};return W.jsonToBase64(r)}catch(t){throw wt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(X.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw wt.toRegistrationError(t)}));return ft.encodeRegistrationResult(e)}}class Ct{async modal(t){try{const e=await this.performApproval(t);return W.jsonToBase64(e)}catch(t){throw wt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&At(t.approvalData);const e="crossDeviceTicketId"in t?await pt.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await pt.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=ft.processCredentialRequestOptions(i),n=await navigator.credentials.get({publicKey:a}).catch((t=>{throw wt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:ft.encodeAuthenticationResult(n),userAgent:navigator.userAgent}}}class Kt{constructor(){this._initialized=!1,this._authenticationHandler=new mt,this._registrationHandler=new St,this._approvalHandler=new Ct,this._crossDeviceHandler=new _t(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=Kt.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=Kt.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new tt("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=pt.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new tt("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}pt.init(t,e),this._initialized=!0}catch(t){throw ht(t)?t:new tt("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),pt.getDefaultPaths()}getApiPaths(){return this.initCheck(),pt.getApiPaths()}initCheck(){if(!this._initialized)throw new tt}}Kt.StaticPublicKeyCredential=window.PublicKeyCredential;const kt=new G("webauthn"),Rt=new Kt;kt.events.on(kt.events.MODULE_INITIALIZED,(()=>{var t;const e=kt.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Rt.init(i,l({},a))}));const Pt={modal:async(t,e)=>(Rt.initCheck(),Rt.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Rt.initCheck(),Rt.authenticate.autofill.activate(t,e)},abort:()=>{Rt.initCheck(),Rt.authenticate.autofill.abort()}}},Tt={modal:async(t,e)=>(Rt.initCheck(),Rt.approve.modal(t,e))};async function It(t,e){return Rt.initCheck(),Rt.register(t,e)}const{crossDevice:Ot}=Rt,{isPlatformAuthenticatorSupported:jt}=Rt,{isAutofillSupported:xt}=Rt,{getDefaultPaths:Bt}=Rt;window.localWebAuthnSDK=Rt;const Nt="1.16.2",Et={initialize:r,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return vt},approve:Tt,authenticate:Pt,crossDevice:Ot,getDefaultPaths:Bt,isAutofillSupported:xt,isPlatformAuthenticatorSupported:jt,register:It})};export{Nt as PACKAGE_VERSION,vt as WebauthnCrossDeviceStatus,Tt as approve,Pt as authenticate,Ot as crossDevice,Bt as getDefaultPaths,r as initialize,xt as isAutofillSupported,jt as isPlatformAuthenticatorSupported,It as register,Et as webauthn};