@transmitsecurity/platform-web-sdk 1.18.0 → 1.18.2

package/dist/webauthn.js

@@ -1,1983 +1 @@
-
-// Global polyfills for browser compatibility
-(function() {
-  if (typeof globalThis !== 'undefined') return;
-  if (typeof window !== 'undefined') {
-    window.globalThis = window;
-    window.global = window;
-  } else if (typeof self !== 'undefined') {
-    self.globalThis = self;
-    self.global = self;
-  }
-})();
-const MODULE_INITIALIZED = Symbol('MODULE_INITIALIZED');
-
-const events$1 = new Map();
-function on(eventName, method) {
-    var _a;
-    if (events$1.has(eventName)) {
-        (_a = events$1.get(eventName)) === null || _a === void 0 ? void 0 : _a.push(method);
-    }
-    else {
-        events$1.set(eventName, [method]);
-    }
-}
-function off(eventName, method) {
-    const eventArray = events$1.get(eventName);
-    if (!eventArray) {
-        return;
-    }
-    const methodIndex = eventArray.indexOf(method);
-    if (methodIndex === -1) {
-        return;
-    }
-    eventArray.splice(methodIndex, 1);
-}
-function emit(eventName, eventData) {
-    var _a;
-    (_a = events$1.get(eventName)) === null || _a === void 0 ? void 0 : _a.forEach(safeCallback((callbackMethod) => callbackMethod(eventData)));
-}
-function safeCallback(callback) {
-    return (...args) => {
-        try {
-            return callback(...args);
-        }
-        catch (e) {
-            console.log(e);
-        }
-    };
-}
-
-let initConfig = null;
-function getInitConfig() {
-    return initConfig;
-}
-function setInitConfig(config) {
-    initConfig = config;
-}
-
-var moduleMetadata = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    getInitConfig: getInitConfig,
-    get initConfig () { return initConfig; },
-    setInitConfig: setInitConfig
-});
-
-function initialize(params) {
-    setInitConfig(params);
-    emit(MODULE_INITIALIZED, undefined);
-}
-
-var mainEntry = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    initialize: initialize
-});
-
-function bindMethods(agent, methods) {
-    return Object.entries(methods).reduce((result, [key, value]) => ({
-        ...result,
-        [key]: Agent.isPrototypeOf(value)
-            ? new value(agent.slug)
-            : typeof value === 'function'
-                ? value.bind(agent)
-                : typeof value === 'object' && !Array.isArray(value) && !!value
-                    ? bindMethods(agent, value)
-                    : value,
-    }), {});
-}
-class Agent {
-    constructor(slug) {
-        this.slug = slug;
-    }
-    static create(method) {
-        return class extends Agent {
-            constructor(slug) {
-                super(slug);
-                Object.assign(this, bindMethods(this, method(this)));
-            }
-        };
-    }
-}
-
-var agent$1 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    Agent: Agent
-});
-
-var events = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    MODULE_INITIALIZED: MODULE_INITIALIZED,
-    emit: emit,
-    off: off,
-    on: on
-});
-
-function safeParse(string) {
-    if (!string)
-        return {};
-    try {
-        return JSON.parse(string);
-    }
-    catch (e) {
-        return {};
-    }
-}
-/** @return tuple of `[value, newObject]`
- * `value` is `object.path[0].path[1]` etc. while every node in the way is guaranteed to be an object
- * `newObject` for given `object` will be itself while the full path to `value` added to it if wasn't already exists
- *
- * @note - the original `object` might be modified, but you should always use the returned `newObject` for
- *  case the original one was a premitive or an array.
- */
-function safeGetObject(object, path) {
-    const newObject = !object || typeof object !== 'object' || Array.isArray(object) ? {} : object;
-    return [
-        path.reduce((object, key) => {
-            if (key in object) {
-                const next = object[key];
-                if (next !== null && typeof next === 'object' && !Array.isArray(next)) {
-                    return next;
-                }
-            }
-            const newValue = {};
-            object[key] = newValue;
-            return newValue;
-        }, newObject),
-        newObject,
-    ];
-}
-function safeHas(object, path) {
-    let currentObject = object;
-    return path.every((key) => {
-        if (!currentObject ||
-            typeof currentObject !== 'object' ||
-            Array.isArray(currentObject) ||
-            !(key in currentObject)) {
-            return false;
-        }
-        currentObject = currentObject[key];
-        return true;
-    }, object);
-}
-
-const COMMON_STORAGE_KEY = 'tsec';
-const GENERAL_ID_KEY = 'general';
-function getClientKey(isGeneral) {
-    return isGeneral ? GENERAL_ID_KEY : initConfig.clientId;
-}
-function getStoredObject(sessionOnly) {
-    const storage = sessionOnly ? sessionStorage : localStorage;
-    return safeParse(storage.getItem(COMMON_STORAGE_KEY));
-}
-function setStoredObject(sessionOnly, callback) {
-    const storage = sessionOnly ? sessionStorage : localStorage;
-    const storedObject = getStoredObject(sessionOnly);
-    const newValue = callback(storedObject);
-    storage.setItem(COMMON_STORAGE_KEY, JSON.stringify(newValue));
-}
-/**
- * Storage module handles local storage and session storgae for multyple modules in
- * same storage key, with JSON serialization. It stores data in 'tsec' key, as an
- * object with that structure:
- * { [moduleSlug]: { [clientId | 'general']: { [key]: value } } }
- */
-function setValue(key, value, options = {}) {
-    const idKey = getClientKey(!!options.isGeneral);
-    setStoredObject(!!options.sessionOnly, (storedObject) => {
-        const [lastLevel, newObject] = safeGetObject(storedObject, [this.slug.toString(), idKey]);
-        lastLevel[key] = value;
-        return newObject;
-    });
-}
-function removeValue(key, options = {}) {
-    const idKey = getClientKey(!!options.isGeneral);
-    setStoredObject(!!options.sessionOnly, (storedObject) => {
-        const [lastLevel, newObject] = safeGetObject(storedObject, [this.slug.toString(), idKey]);
-        delete lastLevel[key];
-        return newObject;
-    });
-}
-function getValue(key, options = {}) {
-    const idKey = getClientKey(!!options.isGeneral);
-    const storedObject = getStoredObject(!!options.sessionOnly);
-    const [lastLevel] = safeGetObject(storedObject, [this.slug.toString(), idKey]);
-    return lastLevel[key];
-}
-function hasValue(key, options = {}) {
-    const idKey = getClientKey(!!options.isGeneral);
-    const storedObject = getStoredObject(!!options.sessionOnly);
-    return safeHas(storedObject, [this.slug.toString(), idKey, key]);
-}
-
-var storage = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    COMMON_STORAGE_KEY: COMMON_STORAGE_KEY,
-    GENERAL_ID_KEY: GENERAL_ID_KEY,
-    getValue: getValue,
-    hasValue: hasValue,
-    removeValue: removeValue,
-    setValue: setValue
-});
-
-const ASYMMETRIC_ENCRYPTION_ALGORITHM = 'RSA-OAEP';
-const ASYMMETRIC_SIGN_ALGORITHM = 'RSA-PSS';
-const generateKeyPair = async (algorithm, usages) => {
-    return await window.crypto.subtle.generateKey({
-        name: algorithm,
-        modulusLength: 2048,
-        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
-        hash: 'SHA-256',
-    }, false, // setting the private key non-extractable
-    usages);
-};
-const generateRSAKeyPair = async () => {
-    return await generateKeyPair(ASYMMETRIC_ENCRYPTION_ALGORITHM, ['encrypt', 'decrypt']);
-};
-const generateRSASignKeyPair = async () => {
-    return await generateKeyPair(ASYMMETRIC_SIGN_ALGORITHM, ['sign']);
-};
-const signAssymetric = async (privateKey, message) => {
-    const encoded = new TextEncoder().encode(message);
-    const signature = await window.crypto.subtle.sign({
-        name: ASYMMETRIC_SIGN_ALGORITHM,
-        saltLength: 32,
-    }, privateKey, encoded);
-    return signature;
-};
-const verifyAssymetric = async (publicKey, message, signature) => {
-    const encoded = new TextEncoder().encode(message);
-    const isValid = await window.crypto.subtle.verify(ASYMMETRIC_SIGN_ALGORITHM, publicKey, signature, encoded);
-    return isValid;
-};
-
-/**
- * @param slug - product name (like 'drs'/'idv' or 'platform' for a global platform shared storage)
- * @param dbName - database name, concatinated later after clientId
- * @param dbVersion - our own database versioning, note that for any table addition/deletion dbVersion must be bumped - DON'T CHANGE IT IF NOT REALLY NECESSARY.
- * @description The database different situations are covered here:
-    - database wasn't created yet on the user's browser
-    - database was created, but currently closed before we use it
-    - database is already opened by another module (extension / this sdk), and requested indexedDB.open with the same version
-    - database is already opened with different version by another module - pending (promise) until the previous transaction will be closed - then executing
- */
-class IndexedDBClient {
-    constructor(slug, dbName, dbVersion) {
-        this.slug = slug;
-        this.dbName = dbName;
-        this.dbVersion = dbVersion;
-    }
-    queryObjectStore(objectStoreName, queryStore, options = {}) {
-        const { attemptToRecoverDB = true } = options;
-        // One of those databases is supported in any device/browser
-        const indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB || window.shimIndexedDB;
-        const databaseName = `${this.slug}:${this.dbName}`;
-        // make it product scoped in case multiple sdks for different products could work in parallel
-        const openRequest = indexedDB.open(databaseName, this.dbVersion || 1); // Opening (or creating) the database
-        openRequest.onupgradeneeded = () => {
-            var _a;
-            const db = openRequest.result;
-            if (((_a = db === null || db === void 0 ? void 0 : db.objectStoreNames) === null || _a === void 0 ? void 0 : _a.contains) && !db.objectStoreNames.contains(objectStoreName)) { // if there's no `tableName` store
-                db.createObjectStore(objectStoreName, { keyPath: 'key' });
-            }
-        };
-        openRequest.onsuccess = () => {
-            const db = openRequest.result;
-            let transaction;
-            try {
-                transaction = db.transaction(objectStoreName, (options === null || options === void 0 ? void 0 : options.operation) || 'readwrite');
-            }
-            catch (error) {
-                // There is a Safari-specific race condition - the database is created, but the object store is missing.
-                // It happens when a user stops the script during store creation (e.g. by refreshing the page).
-                // We recover by deleting the broken database and recreating it with a proper schema.
-                // There is only one attempt to recover.
-                if (attemptToRecoverDB && error instanceof DOMException && error.name === 'NotFoundError') {
-                    db.close();
-                    const deleteRequest = indexedDB.deleteDatabase(databaseName);
-                    deleteRequest.onsuccess = () => {
-                        this.queryObjectStore(objectStoreName, queryStore, { ...options, attemptToRecoverDB: false });
-                    };
-                    return;
-                }
-                else {
-                    throw error;
-                }
-            }
-            const store = transaction.objectStore(objectStoreName);
-            queryStore(store);
-            // Closing the db when the transaction is done
-            transaction.oncomplete = () => {
-                db.close();
-            };
-        };
-    }
-    put(tableName, key, object) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.put({ key, value: object });
-                request.onsuccess = () => {
-                    res(request.result);
-                };
-                request.onerror = (err) => {
-                    rej('Failed adding item to objectStore, err: ' + err);
-                };
-            });
-        });
-    }
-    add(tableName, key, object) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.add({ key, value: object });
-                request.onsuccess = () => {
-                    res(request.result);
-                };
-                request.onerror = (err) => {
-                    const error = err.target.error;
-                    rej(error);
-                };
-            });
-        });
-    }
-    get(tableName, key) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.get(key);
-                request.onsuccess = () => {
-                    var _a;
-                    if (request.result) {
-                        // since it can trigger 'request.onsuccess' also when the objectStore exist but no such item found (`request.result` would be undefined)
-                        res((_a = request.result) === null || _a === void 0 ? void 0 : _a.value);
-                    }
-                    else {
-                        res(undefined);
-                    }
-                };
-                request.onerror = (err) => {
-                    rej('Failed adding item to objectStore, err: ' + err);
-                };
-            });
-        });
-    }
-    getAll(tableName, count) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.getAll(null, count);
-                request.onsuccess = () => {
-                    if (request.result) {
-                        const itemsList = request.result;
-                        if (itemsList === null || itemsList === void 0 ? void 0 : itemsList.length) {
-                            res(itemsList.map((item) => item === null || item === void 0 ? void 0 : item.value));
-                        }
-                        else {
-                            res(itemsList);
-                        }
-                    }
-                    else {
-                        res([]);
-                    }
-                };
-                request.onerror = (err) => {
-                    rej('Failed getting items, err: ' + err);
-                };
-            });
-        });
-    }
-    delete(tableName, key) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.delete(key);
-                request.onsuccess = () => {
-                    res();
-                };
-                request.onerror = (err) => {
-                    rej(`Failed deleting key: '${key}' from objectStore, err: ` + err);
-                };
-            });
-        });
-    }
-    clear(tableName) {
-        return new Promise((res, rej) => {
-            this.queryObjectStore(tableName, (objectStore) => {
-                const request = objectStore.clear();
-                request.onsuccess = () => {
-                    res();
-                };
-                request.onerror = (err) => {
-                    rej('Failed clearing objectStore, err: ' + err);
-                };
-            });
-        });
-    }
-}
-
-const PLATFORM_GLOBAL_SLUG = 'platform';
-const DEFAULT_KEYSTORE_NAME = 'identifiers_store';
-const DEFAULT_DATABASE_NAME = 'ts_crypto_binding';
-const DEFAULT_DB_VERSION = 1;
-const PLATFORM_GLOBAL_KEYS_DB_VERSION = 1; // Change this only when the platform db-version changes, it will effect all products
-const ROTATED_KEYS_SLOT = 'rotated';
-const ROTATED_KEYS_SLOT_PENDING = 'rotated_pending';
-const EXPIRY_DAYS_THRESHOLD = 30; // The number of days before the expiration of the current key to trigger the rotation
-const INIT_ROTATION_RESPONSE = 'init';
-const COMPLETED_ROTATION_RESPONSE = 'completed';
-const RSA_PUBLIC_KEY_TYPE = 'RSA2048';
-const VALID_ROTATION_RESPONSES = [INIT_ROTATION_RESPONSE, COMPLETED_ROTATION_RESPONSE];
-/**
- * @param keysType - the purpose of the keys, will use different key generator
- * @param options - typeof CryptoBindingOptions
- */
-class CryptoBinding {
-    constructor(agent, keysType = 'sign', options) {
-        var _a, _b, _c, _d;
-        this.agent = agent;
-        this.keysType = keysType;
-        this.options = options;
-        this._extractingKeysPromise = null;
-        const isGlobal = !((_a = this.options) === null || _a === void 0 ? void 0 : _a.productScope);
-        this.keysDatabaseName = isGlobal || !((_b = this.options) === null || _b === void 0 ? void 0 : _b.indexedDBName) ? DEFAULT_DATABASE_NAME : this.options.indexedDBName;
-        this.dbVersion = isGlobal ? PLATFORM_GLOBAL_KEYS_DB_VERSION : (((_c = this.options) === null || _c === void 0 ? void 0 : _c.dbVersion) || DEFAULT_DB_VERSION);
-        this.keysStoreName = isGlobal || !((_d = this.options) === null || _d === void 0 ? void 0 : _d.keysStoreName) ? DEFAULT_KEYSTORE_NAME : this.options.keysStoreName;
-        this.indexedDBClient = new IndexedDBClient(isGlobal ? PLATFORM_GLOBAL_SLUG : agent.slug, this.keysDatabaseName, this.dbVersion);
-        // created a fallback indexedDBClient for crypto-keys migration from old versions (clientId dependent on the dbName):
-        this.indexedDBClientFallback = new IndexedDBClient((isGlobal ? PLATFORM_GLOBAL_SLUG : agent.slug) + `:${initConfig.clientId}`, this.keysDatabaseName, this.dbVersion);
-    }
-    getKeysRecordKey() {
-        return `${this.keysType}_keys`;
-    }
-    getRotatedKeysRecordKey() {
-        return `${ROTATED_KEYS_SLOT}_${this.keysType}_keys`;
-    }
-    getRotatedKeysRecordKeyPending() {
-        return `${ROTATED_KEYS_SLOT_PENDING}_${this.keysType}_keys`;
-    }
-    arrayBufferToBase64(arrayBuffer) {
-        return window.btoa(String.fromCharCode(...new Uint8Array(arrayBuffer)));
-    }
-    async getPKRepresentations(publicKey) {
-        const exportedKey = await crypto.subtle.exportKey('spki', publicKey);
-        return { arrayBufferKey: exportedKey, base64Key: this.arrayBufferToBase64(exportedKey) };
-    }
-    async generateKeyPair() {
-        if (this.keysType == 'sign') {
-            return await generateRSASignKeyPair();
-        }
-        return await generateRSAKeyPair();
-    }
-    async calcKeyIdentifier(publicKeyExported) {
-        const hashBuffer = await crypto.subtle.digest("SHA-256", publicKeyExported);
-        const hashArray = Array.from(new Uint8Array(hashBuffer));
-        const hashHex = hashArray.map(byte => byte.toString(16).padStart(2, '0')).join('');
-        return hashHex;
-    }
-    async extractKeysData() {
-        // if an extraction is already in progress, return the existing promise
-        if (this._extractingKeysPromise) {
-            return this._extractingKeysPromise;
-        }
-        this._extractingKeysPromise = (async () => {
-            var _a, _b;
-            const keysData = ((_b = (_a = this.options) === null || _a === void 0 ? void 0 : _a.keyRotation) === null || _b === void 0 ? void 0 : _b.isEnabled)
-                ? await this.getRotatedKeysData()
-                : await this.getKeysData();
-            // update the cache to prevent stale data
-            const { base64Key } = await this.getPKRepresentations(keysData.publicKey);
-            this.publicKeyBase64 = base64Key;
-            this.keyIdentifier = keysData.keyIdentifier;
-            return keysData;
-        })();
-        try {
-            return await this._extractingKeysPromise;
-        }
-        finally {
-            // reset the promise once done to allow future extractions if needed
-            this._extractingKeysPromise = null;
-        }
-    }
-    async generateKeyPairData(keyIdentifier) {
-        const keys = await this.generateKeyPair();
-        const { arrayBufferKey } = await this.getPKRepresentations(keys.publicKey);
-        const keyPairIdentifier = keyIdentifier || (await this.calcKeyIdentifier(arrayBufferKey));
-        const keysData = {
-            ...keys,
-            keyIdentifier: keyPairIdentifier,
-            createdDate: Date.now(),
-        };
-        return keysData;
-    }
-    shouldKeyBeRotated(keysData) {
-        var _a;
-        const keyRotation = (_a = this.options) === null || _a === void 0 ? void 0 : _a.keyRotation;
-        if (!(keyRotation === null || keyRotation === void 0 ? void 0 : keyRotation.isEnabled) || !keyRotation.expiryDays || keyRotation.startedAt === undefined) {
-            return false;
-        }
-        const expiryDaysMilliseconds = keyRotation.expiryDays * 24 * 60 * 60 * 1000;
-        const expiryDaysThresholdMilliseconds = EXPIRY_DAYS_THRESHOLD * 24 * 60 * 60 * 1000;
-        // Count time from:
-        // - rotation start, if the key was created before rotation was enabled
-        // - key creation, if it was created after rotation was enabled
-        const referenceTimestamp = keysData.createdDate && keysData.createdDate >= keyRotation.startedAt
-            ? keysData.createdDate
-            : keyRotation.startedAt;
-        return Date.now() - referenceTimestamp > expiryDaysMilliseconds - expiryDaysThresholdMilliseconds;
-    }
-    async extractMainKeysData() {
-        return await this.indexedDBClient.get(this.keysStoreName, this.getKeysRecordKey());
-    }
-    async extractFallbackMainKeysData() {
-        return await this.indexedDBClientFallback.get(this.keysStoreName, this.getKeysRecordKey());
-    }
-    async extractRotatedKeysData() {
-        return await this.indexedDBClient.get(this.keysStoreName, this.getRotatedKeysRecordKey());
-    }
-    async extractPendingRotatedKeysData() {
-        return await this.indexedDBClient.get(this.keysStoreName, this.getRotatedKeysRecordKeyPending());
-    }
-    async saveKeyData(recordKey, keysDataToSave) {
-        try {
-            await this.indexedDBClient.add(this.keysStoreName, recordKey, keysDataToSave);
-            return keysDataToSave;
-        }
-        catch (error) {
-            if (error instanceof DOMException && error.name === 'ConstraintError') {
-                // duplicate key error, retrieve existing key data
-                const existingKey = (await this.indexedDBClient.get(this.keysStoreName, recordKey));
-                if (existingKey) {
-                    return existingKey;
-                }
-            }
-            throw error;
-        }
-    }
-    async getKeysData() {
-        const recordKey = this.getKeysRecordKey();
-        let keysData = await this.extractMainKeysData();
-        if (keysData) {
-            return keysData;
-        }
-        keysData = await this.extractFallbackMainKeysData();
-        if (keysData) {
-            return this.saveKeyData(recordKey, keysData);
-        }
-        const newKeysData = await this.generateKeyPairData();
-        return this.saveKeyData(recordKey, newKeysData);
-    }
-    async getOrCreateRotatedKeys() {
-        let currentRotatedKeys = await this.extractRotatedKeysData();
-        if (!currentRotatedKeys) {
-            const rotatedRecordKey = this.getRotatedKeysRecordKey();
-            const mainSlotKeys = await this.getKeysData();
-            const rotatedKey = {
-                ...mainSlotKeys,
-                createdDate: mainSlotKeys.createdDate || Date.now(),
-            };
-            currentRotatedKeys = await this.saveKeyData(rotatedRecordKey, rotatedKey);
-        }
-        return currentRotatedKeys;
-    }
-    async getRotatedKeysData() {
-        const currentRotatedKeys = await this.getOrCreateRotatedKeys();
-        if (this.shouldKeyBeRotated(currentRotatedKeys)) {
-            const pendingRotatedKeys = await this.extractPendingRotatedKeysData();
-            if (!pendingRotatedKeys) {
-                const pendingRecordKey = this.getRotatedKeysRecordKeyPending();
-                const newPendingKeys = await this.generateKeyPairData(currentRotatedKeys.keyIdentifier);
-                await this.saveKeyData(pendingRecordKey, newPendingKeys);
-            }
-        }
-        return currentRotatedKeys;
-    }
-    async getPublicData() {
-        if (!this.publicKeyBase64 || !this.keyIdentifier) {
-            await this.extractKeysData();
-        }
-        return { publicKey: this.publicKeyBase64, keyIdentifier: this.keyIdentifier };
-    }
-    async sign(message) {
-        if (this.keysType == 'sign') {
-            const { privateKey } = await this.extractKeysData();
-            const signatureBuffer = await signAssymetric(privateKey, message);
-            return this.arrayBufferToBase64(signatureBuffer);
-        }
-        throw new Error("keysType must be 'sign' in order to use sign keys");
-    }
-    async clearKeys() {
-        const recordKey = this.getKeysRecordKey();
-        await this.indexedDBClient.delete(this.keysStoreName, recordKey);
-    }
-    getBaseRotationPayload() {
-        return {
-            keyIdentifier: this.keyIdentifier,
-            slot: this.getRotatedKeysRecordKey(),
-            publicKey: this.publicKeyBase64,
-            publicKeyType: RSA_PUBLIC_KEY_TYPE,
-            tenantId: this.options.keyRotation.tenantId,
-        };
-    }
-    async getRotationData() {
-        var _a, _b;
-        if (!((_b = (_a = this.options) === null || _a === void 0 ? void 0 : _a.keyRotation) === null || _b === void 0 ? void 0 : _b.isEnabled)) {
-            return undefined;
-        }
-        // Ensure keys are loaded and cached
-        if (!this.publicKeyBase64 || !this.keyIdentifier) {
-            await this.extractKeysData();
-        }
-        // The new key is in the pending slot, creating the new key rotation payload
-        const pendingRotatedKeysData = await this.extractPendingRotatedKeysData();
-        if (pendingRotatedKeysData) {
-            const { base64Key: newPublicKey } = await this.getPKRepresentations(pendingRotatedKeysData.publicKey);
-            const { privateKey: currentActivePrivateKey } = await this.extractKeysData();
-            const initiateRotationPayload = {
-                ...this.getBaseRotationPayload(),
-                newPublicKey,
-                createdDate: pendingRotatedKeysData.createdDate,
-                newPublicKeyType: RSA_PUBLIC_KEY_TYPE,
-            };
-            const stringifiedPayload = JSON.stringify(initiateRotationPayload);
-            const signature = await this.signPayload(stringifiedPayload, currentActivePrivateKey); // Sign with the current active key
-            return { data: stringifiedPayload, signature };
-        }
-        // This is solution only for the phase 1, until we sign all the requests
-        // The first request after the rotation should be signed with the new key to confirm to the backend that the rotation is completed
-        // The payload doesn't contain the new key, just the current active one
-        const rotatedKeys = await this.extractRotatedKeysData();
-        if (rotatedKeys && rotatedKeys.confirmed === false) {
-            await this.extractKeysData(); // refresh the cache (in case other tab completed the rotation)
-            const stringifiedBasePayload = JSON.stringify(this.getBaseRotationPayload());
-            const signature = await this.signPayload(stringifiedBasePayload, rotatedKeys.privateKey); // Sign with the rotated key (currently active)
-            return { data: stringifiedBasePayload, signature };
-        }
-        return undefined;
-    }
-    async signPayload(payload, privateKey) {
-        const signatureBuffer = await signAssymetric(privateKey, payload);
-        return this.arrayBufferToBase64(signatureBuffer);
-    }
-    async handleRotateResponse(response) {
-        if (!VALID_ROTATION_RESPONSES.includes(response)) {
-            return;
-        }
-        if (response === INIT_ROTATION_RESPONSE) {
-            const pendingKey = await this.extractPendingRotatedKeysData();
-            if (pendingKey) {
-                // Remove the keys from the rotated slot
-                await this.indexedDBClient.delete(this.keysStoreName, this.getRotatedKeysRecordKey());
-                // Move the keys from the rotated pending slot to the rotated slot with confirmed: false
-                const pendingKeyToStore = { ...pendingKey, confirmed: false };
-                await this.indexedDBClient.put(this.keysStoreName, this.getRotatedKeysRecordKey(), pendingKeyToStore);
-                await this.indexedDBClient.delete(this.keysStoreName, this.getRotatedKeysRecordKeyPending());
-                // Refresh cache
-                const { base64Key } = await this.getPKRepresentations(pendingKey.publicKey);
-                this.publicKeyBase64 = base64Key;
-                this.keyIdentifier = pendingKey.keyIdentifier;
-            }
-        }
-        else if (response === COMPLETED_ROTATION_RESPONSE) {
-            const rotatedKey = await this.extractRotatedKeysData();
-            if (rotatedKey && rotatedKey.confirmed === false) {
-                await this.indexedDBClient.put(this.keysStoreName, this.getRotatedKeysRecordKey(), {
-                    ...rotatedKey,
-                    confirmed: true,
-                });
-            }
-        }
-    }
-}
-function createCryptoBinding(keysType = 'sign', options) {
-    return new CryptoBinding(this, keysType, options);
-}
-
-var crypto$1 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    createCryptoBinding: createCryptoBinding,
-    generateRSAKeyPair: generateRSAKeyPair,
-    generateRSASignKeyPair: generateRSASignKeyPair,
-    signAssymetric: signAssymetric,
-    verifyAssymetric: verifyAssymetric
-});
-
-var indexedDB = /*#__PURE__*/Object.freeze({
-    __proto__: null
-});
-
-const agent = Agent.create((agent) => {
-    class TsError extends Error {
-        constructor(errorCode, message) {
-            super(`${agent.slug}-${errorCode} ${message}`);
-        }
-    }
-    class TsInternalError extends TsError {
-        constructor(errorCode) {
-            super(errorCode, 'Internal error');
-        }
-    }
-    return { TsError, TsInternalError };
-});
-
-var utils = Agent.create(() => ({
-    exceptions: agent,
-    ...agent$1,
-}));
-
-class SdkLogger {
-    constructor(agent, middlewares = []) {
-        this.agent = agent;
-        this.middlewares = middlewares;
-        this.logs = [];
-    }
-    info(message, fields) {
-        this.pushLog(3, message, fields);
-    }
-    warn(message, fields) {
-        this.pushLog(4, message, fields);
-    }
-    error(message, fields) {
-        this.pushLog(5, message, fields);
-    }
-    pushLog(severity, message, fields = {}) {
-        this.logs.push({
-            timestamp: Date.now(),
-            module: this.agent.slug,
-            severity,
-            fields,
-            message,
-        });
-        const middlewareReturnValues = this.middlewares.map((middleware) => middleware(this));
-        Promise.all(middlewareReturnValues).catch(() => {
-            /* ignore */
-        });
-    }
-}
-function createSdkLogger(middlewares = []) {
-    return new SdkLogger(this, middlewares);
-}
-
-function consoleMiddleware(logger) {
-    const log = logger.logs[logger.logs.length - 1];
-    console.log(`${log.severity} ${log.message}`, log.fields);
-}
-
-var logger$1 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    consoleMiddleware: consoleMiddleware,
-    createSdkLogger: createSdkLogger
-});
-
-function calculateJsonSize(json) {
-    return encodeURI(JSON.stringify(json)).split(/%..|./).length - 1;
-}
-
-function isValidUrl(url) {
-    try {
-        new URL(url);
-        return true;
-    }
-    catch (e) {
-        return false;
-    }
-}
-/**
- * format URL fragments to ensure correct path, so when both `api/action/something` and  `/api/action/something` are valid inputs
- * @param path partial URL
- * @param search optional search params
- * @returns string
- */
-function urlFragmentFormat(path, search) {
-    if (!(path === null || path === void 0 ? void 0 : path.trim()))
-        return '';
-    if (isValidUrl(path))
-        return path;
-    const mockDom = 'http://mock.com';
-    const mockURL = new URL(mockDom);
-    mockURL.search = (search === null || search === void 0 ? void 0 : search.toString()) || '';
-    mockURL.pathname = path;
-    const res = mockURL.href.replace(mockDom, '');
-    return res;
-}
-
-const REQUEST_HEADERS = {
-    'Content-Type': 'application/json',
-    'X-TS-client-time': new Date().toUTCString(),
-    'X-TS-ua': navigator.userAgent,
-};
-function init(method, body, headers) {
-    var _a;
-    const size = calculateJsonSize(body || {});
-    const sizeHeader = {
-        'X-TS-body-size': String(size),
-    };
-    return {
-        method,
-        headers: {
-            ...sizeHeader,
-            ...REQUEST_HEADERS,
-            ...(headers || {}),
-        },
-        body: (_a = (body && JSON.stringify(body || {}))) !== null && _a !== void 0 ? _a : undefined,
-    };
-}
-// implementation of HTTP fetch API. supports POST/GET and returns a promise of a result/failure.
-// full structure for response/failure TBD.
-function httpFetchBuilder(path, httpMethod, body, params, headers) {
-    const reqUrl = urlFragmentFormat(path, params);
-    const requestInit = init(httpMethod, body, headers);
-    return fetch(reqUrl, requestInit);
-}
-async function fetchRequest(path, httpMethod, body, params, headers) {
-    let response;
-    if (httpMethod === 'GET' || httpMethod === 'DELETE') {
-        response = await httpFetchBuilder(path, httpMethod, body, params, headers);
-    }
-    else {
-        response = await httpFetchBuilder(path, httpMethod, body, params, headers);
-    }
-    // when debugging, check the response status code and response body
-    // console.log('response: ', response);
-    if (!response.ok) {
-        throw new Error('Request failed');
-    }
-    return response;
-}
-/**
- * constructs a `GET` request
- * @param path API path
- * @param params request parameters
- * @returns a promise of the response body if successful and throw an error if failed
- */
-async function httpGet(path, params, headers) {
-    const httpRequest = await fetchRequest(path, 'GET', undefined, params, headers);
-    return { data: await httpRequest.json(), ...httpRequest, headers: httpRequest.headers };
-}
-/**
- * constructs a `POST` request
- * @param path API path
- * @param data content of the request
- * @param params request parameters
- * @returns a promise of the response body if successful and throw an error if failed
- */
-async function httpPost(path, data, params, headers) {
-    const httpRequest = await fetchRequest(path, 'POST', data, params, headers);
-    return { data: await httpRequest.json(), ...httpRequest, headers: httpRequest.headers };
-}
-/**
- * constructs a `PUT` request
- * @param path API path
- * @param data content of the request
- * @param params request parameters
- * @returns a promise of the response body if successful and throw an error if failed
- */
-async function httpPut(path, data, params, headers) {
-    const httpRequest = await fetchRequest(path, 'PUT', data, params, headers);
-    return { data: await httpRequest.json(), ...httpRequest, headers: httpRequest.headers };
-}
-/**
- * constructs a `DELETE` request
- * @param path API path
- * @param body content of the request
- * @param params request parameters
- * @returns a promise of the response body if successful and throw an error if failed
- */
-async function httpDelete(path, headers) {
-    const httpRequest = await fetchRequest(path, 'DELETE', undefined, undefined, headers);
-    return { data: await httpRequest.json(), ...httpRequest, headers: httpRequest.headers };
-}
-
-var http = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    httpDelete: httpDelete,
-    httpGet: httpGet,
-    httpPost: httpPost,
-    httpPut: httpPut,
-    init: init
-});
-
-var Common = Agent.create(() => ({
-    events,
-    moduleMetadata,
-    mainEntry,
-    utils,
-    storage,
-    crypto: crypto$1,
-    indexedDB,
-    logger: logger$1,
-    http,
-}));
-
-class EncodingUtils {
-    static arrayBufferToBase64(buffer) {
-        return btoa(String.fromCharCode(...new Uint8Array(buffer)));
-    }
-    static base64ToArrayBuffer(base64) {
-        return Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
-    }
-    static stringToBase64(str) {
-        return btoa(str);
-    }
-    static jsonToBase64(json) {
-        const res = JSON.stringify(json);
-        return btoa(res);
-    }
-    static base64ToJson(str) {
-        const res = atob(str);
-        return JSON.parse(res);
-    }
-}
-
-const logger = {
-    log: console.log,
-    error: console.error,
-};
-
-/**
- * @enum
- */
-var ErrorCode;
-(function (ErrorCode) {
-    /**
-     * Either the SDK init call failed or another function was called before initializing the SDK
-     */
-    ErrorCode["NotInitialized"] = "not_initialized";
-    /**
-     * When the call to {@link WebauthnApis.startAuthentication} failed
-     */
-    ErrorCode["AuthenticationFailed"] = "authentication_failed";
-    /**
-     * When {@link  WebauthnAuthenticationFlows.modal authenticate.modal} or {@link  AutofillHandlers.activate authenticate.autofill.activate} is called and the modal is closed by the user
-     */
-    ErrorCode["AuthenticationAbortedTimeout"] = "authentication_aborted_timeout";
-    /**
-     * When {@link register} is called and the modal is closed when reaching the timeout
-     */
-    ErrorCode["AuthenticationCanceled"] = "webauthn_authentication_canceled";
-    /**
-     * When the call to {@link WebauthnApis.startRegistration} failed
-     */
-    ErrorCode["RegistrationFailed"] = "registration_failed";
-    /**
-    / When The user attempted to register an authenticator that contains one of the credentials already registered with the relying party.
-     */
-    ErrorCode["AlreadyRegistered"] = "username_already_registered";
-    /**
-     * When {@link register} is called and the modal is closed by the user
-     */
-    ErrorCode["RegistrationAbortedTimeout"] = "registration_aborted_timeout";
-    /**
-     * When {@link register} is called and the modal is closed when reaching the timeout
-     */
-    ErrorCode["RegistrationCanceled"] = "webauthn_registration_canceled";
-    /**
-     * Passkey autofill authentication was aborted by {@link AutofillHandlers.abort}
-     */
-    ErrorCode["AutofillAuthenticationAborted"] = "autofill_authentication_aborted";
-    /**
-     * Passkey authentication is already active. To start a new authentication, abort the current one first by calling {@link AutofillHandlers.abort}
-     */
-    ErrorCode["AuthenticationProcessAlreadyActive"] = "authentication_process_already_active";
-    /**
-     * The ApprovalData parameter was sent in the wrong format
-     */
-    ErrorCode["InvalidApprovalData"] = "invalid_approval_data";
-    /**
-     * When the call to {@link WebauthnApis.initCrossDeviceAuthentication}  failed   */
-    ErrorCode["FailedToInitCrossDeviceSession"] = "cross_device_init_failed";
-    /**
-     * When the call to {@link WebauthnApis.getCrossDeviceTicketStatus}  failed   */
-    ErrorCode["FailedToGetCrossDeviceStatus"] = "cross_device_status_failed";
-    /**
-     * When the SDK operation fails on an unhandled error
-     */
-    ErrorCode["Unknown"] = "unknown";
-})(ErrorCode || (ErrorCode = {}));
-
-class BaseSdkError extends Error {
-    constructor(message, additionalData) {
-        super(message);
-        this.errorCode = ErrorCode.NotInitialized;
-        this.data = additionalData;
-    }
-}
-class NotInitializedError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'WebAuthnSdk is not initialized', additionalData);
-        this.errorCode = ErrorCode.NotInitialized;
-    }
-}
-class AuthenticationFailedError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Authentication failed with an error', additionalData);
-        this.errorCode = ErrorCode.AuthenticationFailed;
-    }
-}
-class AuthenticationCanceledError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Authentication was canceled by the user or got timeout', additionalData);
-        this.errorCode = ErrorCode.AuthenticationCanceled;
-    }
-}
-class RegistrationFailedError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Registration failed with an error', additionalData);
-        this.errorCode = ErrorCode.RegistrationFailed;
-    }
-}
-class RegistrationCanceledError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Registration was canceled by the user or got timeout', additionalData);
-        this.errorCode = ErrorCode.RegistrationCanceled;
-    }
-}
-class AutofillAuthenticationAbortedError extends BaseSdkError {
-    constructor(message) {
-        super(message !== null && message !== void 0 ? message : 'Autofill flow was aborted');
-        this.errorCode = ErrorCode.AutofillAuthenticationAborted;
-    }
-}
-class OperationTimeoutAbortedError extends BaseSdkError {
-    constructor(message) {
-        super(message !== null && message !== void 0 ? message : 'Operation was aborted by timeout');
-        this.errorCode = ErrorCode.AutofillAuthenticationAborted;
-    }
-}
-class AlreadyRegisteredError extends BaseSdkError {
-    constructor(message) {
-        super(message !== null && message !== void 0 ? message : 'Passkey with this username is already registered with the relying party.');
-        this.errorCode = ErrorCode.AlreadyRegistered;
-    }
-}
-class AuthenticationProcessAlreadyActiveError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Authentication process is already active', additionalData);
-        this.errorCode = ErrorCode.AuthenticationProcessAlreadyActive;
-    }
-}
-class InvalidApprovalDataError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Invalid approval data', additionalData);
-        this.errorCode = ErrorCode.InvalidApprovalData;
-    }
-}
-class FailedToInitCrossDeviceAuthenticationError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Failed to init cross device authentication', additionalData);
-        this.errorCode = ErrorCode.FailedToInitCrossDeviceSession;
-    }
-}
-class FailedToGetCrossDeviceStatusError extends BaseSdkError {
-    constructor(message, additionalData) {
-        super(message !== null && message !== void 0 ? message : 'Failed to get cross device status', additionalData);
-        this.errorCode = ErrorCode.FailedToGetCrossDeviceStatus;
-    }
-}
-function isBaseSdkError(error) {
-    return error.errorCode && Object.values(ErrorCode).includes(error.errorCode);
-}
-
-/**
- * This is a typed (Storage)[https://developer.mozilla.org/en-US/docs/Web/API/Storage] wrapper.
- * Items are saved in either localstorage or sessionstorage depending on their key. when retrieving an
- *   item, it is automatically fetched from the correct storage solution.
- */
-var KeyPersistance;
-(function (KeyPersistance) {
-    KeyPersistance[KeyPersistance["persistent"] = 0] = "persistent";
-    KeyPersistance[KeyPersistance["session"] = 1] = "session";
-})(KeyPersistance || (KeyPersistance = {}));
-class SdkStorage {
-    static get(keyName) {
-        return (SdkStorage.getStorageMedium(SdkStorage.allowedKeys[keyName]).getItem(SdkStorage.getStorageKey(keyName)) ||
-            undefined);
-    }
-    static set(keyName, value) {
-        return SdkStorage.getStorageMedium(SdkStorage.allowedKeys[keyName]).setItem(SdkStorage.getStorageKey(keyName), value);
-    }
-    static remove(keyName) {
-        SdkStorage.getStorageMedium(SdkStorage.allowedKeys[keyName]).removeItem(SdkStorage.getStorageKey(keyName));
-    }
-    static clear(retainConfiguration) {
-        // We don't want to actually call Storage.clear, since that may clear some of the RP's data as well.
-        for (const [key, keyPersistence] of Object.entries(SdkStorage.allowedKeys)) {
-            const typedKey = key;
-            if (retainConfiguration && this.configurationKeys.includes(typedKey)) {
-                continue;
-            }
-            SdkStorage.getStorageMedium(keyPersistence).removeItem(SdkStorage.getStorageKey(typedKey));
-        }
-    }
-    static getStorageKey(keyName) {
-        return `WebAuthnSdk:${keyName}`;
-    }
-    static getStorageMedium(keyPersistance) {
-        switch (keyPersistance) {
-            case KeyPersistance.session:
-                return sessionStorage;
-            default:
-                return localStorage;
-        }
-    }
-}
-SdkStorage.allowedKeys = {
-    // please please please keep this in alphabetical order
-    clientId: KeyPersistance.session,
-};
-SdkStorage.configurationKeys = [
-    // please please please keep this in alphabetical order
-    'clientId',
-];
-
-const NEW_API_PATH_PREFIX = '/cis';
-class SdkApiClient {
-    static isNewApiDomain(hostname) {
-        return (hostname &&
-            (this.newApiDomains.includes(hostname) ||
-                (hostname.startsWith('api.') && hostname.endsWith('.transmitsecurity.io'))));
-    }
-    static dnsPrefetch(serverPath) {
-        const hint = document.createElement('link');
-        hint.rel = 'dns-prefetch';
-        hint.href = serverPath;
-        document.head.appendChild(hint);
-    }
-    static preconnect(serverPath, crossOrigin) {
-        const hint = document.createElement('link');
-        hint.rel = 'preconnect';
-        hint.href = serverPath;
-        if (crossOrigin) {
-            hint.crossOrigin = 'anonymous';
-        }
-        document.head.appendChild(hint);
-    }
-    static warmupConnection(serverPath) {
-        // following https://dev.to/crenshaw_dev/when-the-browser-can-t-take-a-preconnect-hint-6dn
-        this.dnsPrefetch(serverPath);
-        this.preconnect(serverPath, false);
-        this.preconnect(serverPath, true);
-    }
-    static init(clientId, options) {
-        var _a, _b;
-        try {
-            this._serverPath = new URL(options.serverPath);
-            if (this.isNewApiDomain((_a = this._serverPath) === null || _a === void 0 ? void 0 : _a.hostname)) {
-                this.warmupConnection(this._serverPath.origin);
-            }
-            this._apiPaths = (_b = options.webauthnApiPaths) !== null && _b !== void 0 ? _b : this.getDefaultPaths();
-            this._clientId = clientId;
-            SdkStorage.set('clientId', clientId);
-        }
-        catch (error) {
-            throw new NotInitializedError('Invalid options.serverPath', { error });
-        }
-    }
-    static getDefaultPaths() {
-        var _a;
-        // In case the user initializes the SDK with the new API gateway, we need to use the new API paths
-        const pathPrefix = this.isNewApiDomain((_a = this._serverPath) === null || _a === void 0 ? void 0 : _a.hostname) ? NEW_API_PATH_PREFIX : '';
-        return {
-            startAuthentication: `${pathPrefix}/v1/auth/webauthn/authenticate/start`,
-            startRegistration: `${pathPrefix}/v1/auth/webauthn/register/start`,
-            initCrossDeviceAuthentication: `${pathPrefix}/v1/auth/webauthn/cross-device/authenticate/init`,
-            startCrossDeviceAuthentication: `${pathPrefix}/v1/auth/webauthn/cross-device/authenticate/start`,
-            startCrossDeviceRegistration: `${pathPrefix}/v1/auth/webauthn/cross-device/register/start`,
-            getCrossDeviceTicketStatus: `${pathPrefix}/v1/auth/webauthn/cross-device/status`,
-            attachDeviceToCrossDeviceSession: `${pathPrefix}/v1/auth/webauthn/cross-device/attach-device`,
-        };
-    }
-    static getApiPaths() {
-        return this._apiPaths;
-    }
-    static async sendRequest(path, request, query) {
-        logger.log(`[WebAuthn SDK] Calling ${request.method} ${path}...`);
-        const requestUrl = new URL(this._serverPath);
-        requestUrl.pathname = path;
-        if (query) {
-            requestUrl.search = query;
-        }
-        return fetch(requestUrl.toString(), request);
-    }
-    static async startRegistration(params) {
-        const response = await this.sendRequest(this._apiPaths.startRegistration, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                client_id: this.getValidatedClientId(),
-                username: params.username,
-                display_name: params.displayName,
-                ...(params.timeout && { timeout: params.timeout }),
-                ...(params.limitSingleCredentialToDevice && {
-                    limit_single_credential_to_device: params.limitSingleCredentialToDevice,
-                }),
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new AuthenticationFailedError('Failed to start registration', response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async startAuthentication(params) {
-        const response = await this.sendRequest(this._apiPaths.startAuthentication, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                client_id: this.getValidatedClientId(),
-                ...(params.username && { username: params.username }),
-                ...(params.approvalData && { approval_data: params.approvalData }),
-                ...(params.timeout && { timeout: params.timeout }),
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new AuthenticationFailedError('Failed to start authentication', response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async initCrossDeviceAuthentication(params) {
-        const response = await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                client_id: this.getValidatedClientId(),
-                ...(params.username && { username: params.username }),
-                ...(params.approvalData && { approval_data: params.approvalData }),
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new FailedToInitCrossDeviceAuthenticationError(undefined, response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async getCrossDeviceTicketStatus(params) {
-        const response = await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus, {
-            method: 'GET',
-        }, `cross_device_ticket_id=${params.ticketId}`);
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new FailedToGetCrossDeviceStatusError(undefined, response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async startCrossDeviceAuthentication(params) {
-        const response = await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                cross_device_ticket_id: params.ticketId,
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new AuthenticationFailedError('Failed to start cross device authentication', response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async startCrossDeviceRegistration(params) {
-        const response = await this.sendRequest(this._apiPaths.startCrossDeviceRegistration, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                cross_device_ticket_id: params.ticketId,
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new RegistrationFailedError('Failed to start cross device registration', response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static async attachDeviceToCrossDeviceSession(params) {
-        const response = await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-                cross_device_ticket_id: params.ticketId,
-            }),
-        });
-        if (!(response === null || response === void 0 ? void 0 : response.ok)) {
-            throw new RegistrationFailedError('Failed to attach device to cross device session', response === null || response === void 0 ? void 0 : response.body);
-        }
-        return (await response.json());
-    }
-    static getValidatedClientId() {
-        var _a;
-        const clientId = (_a = this._clientId) !== null && _a !== void 0 ? _a : SdkStorage.get('clientId');
-        if (!clientId) {
-            throw new NotInitializedError('Missing clientId');
-        }
-        return clientId;
-    }
-}
-SdkApiClient.newApiDomains = ['api.idsec-dev.com', 'api.idsec-stg.com'];
-
-/**
- * WebAuthn registration response interfaces
- */
-/**
- * WebAuthn authentication mediation type
- */
-var AuthenticationMediationType;
-(function (AuthenticationMediationType) {
-    AuthenticationMediationType["InputAutofill"] = "input-autofill";
-    AuthenticationMediationType["Modal"] = "modal";
-})(AuthenticationMediationType || (AuthenticationMediationType = {}));
-/**
- * WebAuthn cross device interfaces
- */
-var WebauthnCrossDeviceStatus;
-(function (WebauthnCrossDeviceStatus) {
-    WebauthnCrossDeviceStatus["Pending"] = "pending";
-    WebauthnCrossDeviceStatus["Scanned"] = "scanned";
-    WebauthnCrossDeviceStatus["Success"] = "success";
-    WebauthnCrossDeviceStatus["Error"] = "error";
-    WebauthnCrossDeviceStatus["Timeout"] = "timeout";
-    WebauthnCrossDeviceStatus["Aborted"] = "aborted";
-})(WebauthnCrossDeviceStatus || (WebauthnCrossDeviceStatus = {}));
-
-var SdkErrorParser;
-(function (SdkErrorParser) {
-    SdkErrorParser.toAuthenticationError = (error) => {
-        if (isBaseSdkError(error)) {
-            return error;
-        }
-        if (error.name === 'NotAllowedError') {
-            return new AuthenticationCanceledError();
-        }
-        if (error.name === 'OperationError') {
-            return new AuthenticationProcessAlreadyActiveError(error.message);
-        }
-        if (error.name === 'SecurityError') {
-            return new AuthenticationFailedError(error.message);
-        }
-        if (error === ErrorCode.AuthenticationAbortedTimeout) {
-            return new OperationTimeoutAbortedError();
-        }
-        if (error.name === 'AbortError' || error === ErrorCode.AutofillAuthenticationAborted) {
-            return new AutofillAuthenticationAbortedError();
-        }
-        return new AuthenticationFailedError('Something went wrong during authentication', { error });
-    };
-    SdkErrorParser.toRegistrationError = (error) => {
-        if (isBaseSdkError(error)) {
-            return error;
-        }
-        if (error.name === 'NotAllowedError') {
-            return new RegistrationCanceledError();
-        }
-        if (error.name === 'SecurityError') {
-            return new RegistrationFailedError(error.message);
-        }
-        if (error.name === 'InvalidStateError') {
-            return new AlreadyRegisteredError();
-        }
-        if (error === ErrorCode.RegistrationAbortedTimeout) {
-            return new OperationTimeoutAbortedError();
-        }
-        return new RegistrationFailedError('Something went wrong during registration', { error });
-    };
-})(SdkErrorParser || (SdkErrorParser = {}));
-
-var WebauthnParser;
-(function (WebauthnParser) {
-    WebauthnParser.processCredentialRequestOptions = (credentialRequestOptions) => {
-        return {
-            ...credentialRequestOptions,
-            challenge: EncodingUtils.base64ToArrayBuffer(credentialRequestOptions.challenge),
-            allowCredentials: credentialRequestOptions.allowCredentials.map((ac) => ({
-                ...ac,
-                id: EncodingUtils.base64ToArrayBuffer(ac.id),
-            })),
-        };
-    };
-    WebauthnParser.processCredentialCreationOptions = (rawCredentialCreationOptions, options) => {
-        var _a;
-        const credentialCreationOptions = JSON.parse(JSON.stringify(rawCredentialCreationOptions));
-        credentialCreationOptions.challenge = EncodingUtils.base64ToArrayBuffer(rawCredentialCreationOptions.challenge);
-        credentialCreationOptions.user.id = EncodingUtils.base64ToArrayBuffer(rawCredentialCreationOptions.user.id);
-        if (options === null || options === void 0 ? void 0 : options.limitSingleCredentialToDevice) {
-            credentialCreationOptions.excludeCredentials = (_a = rawCredentialCreationOptions.excludeCredentials) === null || _a === void 0 ? void 0 : _a.map((ac) => ({
-                ...ac,
-                id: EncodingUtils.base64ToArrayBuffer(ac.id),
-            }));
-        }
-        if (options === null || options === void 0 ? void 0 : options.registerAsDiscoverable) {
-            credentialCreationOptions.authenticatorSelection.residentKey = 'preferred';
-            credentialCreationOptions.authenticatorSelection.requireResidentKey = true;
-        }
-        else {
-            credentialCreationOptions.authenticatorSelection.residentKey = 'discouraged';
-            credentialCreationOptions.authenticatorSelection.requireResidentKey = false;
-        }
-        credentialCreationOptions.authenticatorSelection.authenticatorAttachment = (options === null || options === void 0 ? void 0 : options.allowCrossPlatformAuthenticators)
-            ? undefined
-            : 'platform';
-        return credentialCreationOptions;
-    };
-    WebauthnParser.encodeAuthenticationResult = (credential) => {
-        const { authenticatorAttachment } = credential;
-        const credentialResponse = credential.response;
-        return {
-            id: credential.id,
-            rawId: EncodingUtils.arrayBufferToBase64(credential.rawId),
-            response: {
-                authenticatorData: EncodingUtils.arrayBufferToBase64(credentialResponse.authenticatorData),
-                clientDataJSON: EncodingUtils.arrayBufferToBase64(credentialResponse.clientDataJSON),
-                signature: EncodingUtils.arrayBufferToBase64(credentialResponse.signature),
-                userHandle: EncodingUtils.arrayBufferToBase64(credentialResponse.userHandle),
-            },
-            authenticatorAttachment,
-            type: credential.type,
-        };
-    };
-    WebauthnParser.encodeRegistrationResult = (credential) => {
-        const { authenticatorAttachment } = credential;
-        const credentialResponse = credential.response;
-        return {
-            id: credential.id,
-            rawId: EncodingUtils.arrayBufferToBase64(credential.rawId),
-            response: {
-                attestationObject: EncodingUtils.arrayBufferToBase64(credentialResponse.attestationObject),
-                clientDataJSON: EncodingUtils.arrayBufferToBase64(credentialResponse.clientDataJSON),
-            },
-            authenticatorAttachment,
-            type: credential.type,
-        };
-    };
-})(WebauthnParser || (WebauthnParser = {}));
-
-class AuthenticationHandler {
-    async modal(params) {
-        try {
-            const result = await this.performAuthentication({
-                ...params,
-                mediationType: AuthenticationMediationType.Modal,
-            });
-            return EncodingUtils.jsonToBase64(result);
-        }
-        catch (err) {
-            throw SdkErrorParser.toAuthenticationError(err);
-        }
-    }
-    activateAutofill(handlers, username) {
-        const { onSuccess, onError, onReady } = handlers;
-        this.performAuthentication({
-            username,
-            mediationType: AuthenticationMediationType.InputAutofill,
-            onReady,
-        })
-            .then((result) => {
-            onSuccess(EncodingUtils.jsonToBase64(result));
-        })
-            .catch((err) => {
-            const error = SdkErrorParser.toAuthenticationError(err);
-            if (!onError)
-                throw error;
-            onError(error);
-        });
-    }
-    abortAutofill() {
-        if (this.abortController)
-            this.abortController.abort(ErrorCode.AutofillAuthenticationAborted);
-    }
-    abortAuthentication() {
-        if (this.abortController)
-            this.abortController.abort(ErrorCode.AuthenticationAbortedTimeout);
-    }
-    async performAuthentication(params) {
-        var _a, _b;
-        const startAuthenticationResponse = 'crossDeviceTicketId' in params
-            ? await SdkApiClient.startCrossDeviceAuthentication({ ticketId: params.crossDeviceTicketId })
-            : await SdkApiClient.startAuthentication({ username: params.username, timeout: (_a = params.options) === null || _a === void 0 ? void 0 : _a.timeout });
-        const credentialRequestOptions = startAuthenticationResponse.credential_request_options;
-        const processedOptions = WebauthnParser.processCredentialRequestOptions(credentialRequestOptions);
-        const mediatedCredentialRequestOptions = this.getMediatedCredentialRequest(processedOptions, params.mediationType);
-        if (params.mediationType === AuthenticationMediationType.InputAutofill) {
-            (_b = params.onReady) === null || _b === void 0 ? void 0 : _b.call(params);
-        }
-        const credential = (await navigator.credentials.get(mediatedCredentialRequestOptions).catch((error) => {
-            throw SdkErrorParser.toAuthenticationError(error);
-        }));
-        return {
-            webauthnSessionId: startAuthenticationResponse.webauthn_session_id,
-            publicKeyCredential: WebauthnParser.encodeAuthenticationResult(credential),
-            userAgent: navigator.userAgent,
-        };
-    }
-    getMediatedCredentialRequest(credentialRequestOptions, passkeysMediationType) {
-        const mediatedCredentialRequestOptions = { publicKey: credentialRequestOptions };
-        this.abortController = new AbortController();
-        mediatedCredentialRequestOptions.signal = this.abortController && this.abortController.signal;
-        if (passkeysMediationType === AuthenticationMediationType.InputAutofill) {
-            mediatedCredentialRequestOptions.mediation = 'conditional';
-        }
-        else if (credentialRequestOptions.timeout) {
-            setTimeout(() => {
-                this.abortAuthentication();
-            }, credentialRequestOptions.timeout);
-        }
-        return mediatedCredentialRequestOptions;
-    }
-}
-
-function setIntervalWithPromise(target) {
-    return async (...args) => {
-        if (target.isRunning) {
-            return;
-        }
-        target.isRunning = true;
-        await target(...args);
-        target.isRunning = false;
-    };
-}
-class PollingHandler {
-    constructor(handler, intervalInMs) {
-        this.handler = handler;
-        this.intervalInMs = intervalInMs;
-    }
-    begin() {
-        this.intervalId = window.setInterval(setIntervalWithPromise(this.handler), this.intervalInMs);
-    }
-    stop() {
-        clearInterval(this.intervalId);
-    }
-}
-
-const approvalDataMaxLength = 10;
-const approvalDataAllowedChars = /^[A-Za-z0-9\-_.: ]*$/;
-function validateApprovalMaxLength(approvalData) {
-    return Object.keys(approvalData).length <= approvalDataMaxLength;
-}
-function validateApprovalAllowedContent(approvalData) {
-    const isString = (val) => typeof val === 'string';
-    const isContentAllowed = (val) => approvalDataAllowedChars.test(val);
-    return Object.keys(approvalData).every((key) => isString(key) && isString(approvalData[key]) && isContentAllowed(key) && isContentAllowed(approvalData[key]));
-}
-function validateApprovalData(approvalData) {
-    if (!approvalData) {
-        return;
-    }
-    if (!validateApprovalMaxLength(approvalData) || !validateApprovalAllowedContent(approvalData)) {
-        logger.error(`Failed validating approval data`);
-        throw new InvalidApprovalDataError(`Provided approval data should have ${approvalDataMaxLength} properties max. Also, it should contain only 
-      alphanumeric characters, numbers, and the special characters: '-', '_', '.'`);
-    }
-}
-
-class WebauthnCrossDeviceHandler {
-    constructor(authenticationHandler, registrationHandler, approvalHandler) {
-        this.authenticationHandler = authenticationHandler;
-        this.registrationHandler = registrationHandler;
-        this.approvalHandler = approvalHandler;
-        this.init = {
-            registration: async (params) => {
-                this.ticketStatus = WebauthnCrossDeviceStatus.Pending;
-                return this.pollCrossDeviceSession(params.crossDeviceTicketId, params.handlers);
-            },
-            authentication: async (params) => {
-                const { username } = params;
-                const initAuthenticationResponse = await SdkApiClient.initCrossDeviceAuthentication({
-                    ...(username && { username }),
-                });
-                const ticketId = initAuthenticationResponse.cross_device_ticket_id;
-                this.ticketStatus = WebauthnCrossDeviceStatus.Pending;
-                return this.pollCrossDeviceSession(ticketId, params.handlers);
-            },
-            approval: async (params) => {
-                const { username, approvalData } = params;
-                validateApprovalData(approvalData);
-                const initAuthenticationResponse = await SdkApiClient.initCrossDeviceAuthentication({
-                    username,
-                    approvalData,
-                });
-                const ticketId = initAuthenticationResponse.cross_device_ticket_id;
-                this.ticketStatus = WebauthnCrossDeviceStatus.Pending;
-                return this.pollCrossDeviceSession(ticketId, params.handlers);
-            },
-        };
-        this.authenticate = {
-            modal: async (crossDeviceTicketId) => this.authenticationHandler.modal({ crossDeviceTicketId }),
-        };
-        this.approve = {
-            modal: async (crossDeviceTicketId) => this.approvalHandler.modal({ crossDeviceTicketId }),
-        };
-    }
-    async register(crossDeviceTicketId, options) {
-        return this.registrationHandler.register({ crossDeviceTicketId }, options);
-    }
-    async attachDevice(crossDeviceTicketId) {
-        const response = await SdkApiClient.attachDeviceToCrossDeviceSession({
-            ticketId: crossDeviceTicketId,
-        });
-        return {
-            status: response.status,
-            startedAt: response.started_at,
-            ...(response.approval_data && { approvalData: response.approval_data }),
-        };
-    }
-    async pollCrossDeviceSession(ticketId, handlers) {
-        const pollFunction = async () => {
-            var _a, _b;
-            const statusResponse = await SdkApiClient.getCrossDeviceTicketStatus({
-                ticketId,
-            });
-            const newStatus = statusResponse.status;
-            if (newStatus === this.ticketStatus) {
-                return;
-            }
-            this.ticketStatus = newStatus;
-            switch (newStatus) {
-                case WebauthnCrossDeviceStatus.Scanned:
-                    await handlers.onDeviceAttach();
-                    break;
-                case WebauthnCrossDeviceStatus.Error:
-                case WebauthnCrossDeviceStatus.Timeout:
-                case WebauthnCrossDeviceStatus.Aborted:
-                    await handlers.onFailure(statusResponse);
-                    (_a = this.poller) === null || _a === void 0 ? void 0 : _a.stop();
-                    break;
-                case WebauthnCrossDeviceStatus.Success:
-                    if ('onCredentialRegister' in handlers) {
-                        await handlers.onCredentialRegister();
-                    }
-                    else {
-                        if (!statusResponse.session_id) {
-                            throw new FailedToGetCrossDeviceStatusError('Cross device session is complete without returning session_id', statusResponse);
-                        }
-                        await handlers.onCredentialAuthenticate(statusResponse.session_id);
-                    }
-                    (_b = this.poller) === null || _b === void 0 ? void 0 : _b.stop();
-                    break;
-            }
-        };
-        this.poller = new PollingHandler(pollFunction, 1000);
-        this.poller.begin();
-        setTimeout(() => {
-            var _a;
-            (_a = this.poller) === null || _a === void 0 ? void 0 : _a.stop();
-            handlers.onFailure({ status: WebauthnCrossDeviceStatus.Timeout });
-        }, 5 * 60 * 1000);
-        return {
-            crossDeviceTicketId: ticketId,
-            stop: () => {
-                var _a;
-                (_a = this.poller) === null || _a === void 0 ? void 0 : _a.stop();
-            },
-        };
-    }
-}
-
-class RegistrationHandler {
-    async register(params, options) {
-        this.abortController = new AbortController();
-        const isCrossDevice = 'crossDeviceTicketId' in params;
-        const registrationOptions = {
-            allowCrossPlatformAuthenticators: !isCrossDevice,
-            registerAsDiscoverable: true,
-            ...options,
-        };
-        try {
-            const startRegistrationResponse = 'crossDeviceTicketId' in params
-                ? await SdkApiClient.startCrossDeviceRegistration({ ticketId: params.crossDeviceTicketId })
-                : await SdkApiClient.startRegistration({
-                    username: params.username,
-                    displayName: (options === null || options === void 0 ? void 0 : options.displayName) || params.username,
-                    timeout: options === null || options === void 0 ? void 0 : options.timeout,
-                    limitSingleCredentialToDevice: options === null || options === void 0 ? void 0 : options.limitSingleCredentialToDevice,
-                });
-            const credentialCreationOptions = WebauthnParser.processCredentialCreationOptions(startRegistrationResponse.credential_creation_options, registrationOptions);
-            setTimeout(() => {
-                this.abortRegistration();
-            }, credentialCreationOptions.timeout);
-            const publicKeyCredential = await this.registerCredential(credentialCreationOptions);
-            const result = {
-                webauthnSessionId: startRegistrationResponse.webauthn_session_id,
-                publicKeyCredential,
-                userAgent: navigator.userAgent,
-            };
-            return EncodingUtils.jsonToBase64(result);
-        }
-        catch (error) {
-            throw SdkErrorParser.toRegistrationError(error);
-        }
-    }
-    abortRegistration() {
-        if (this.abortController)
-            this.abortController.abort(ErrorCode.RegistrationAbortedTimeout);
-    }
-    async registerCredential(credentialCreationOptions) {
-        const credential = (await navigator.credentials
-            .create({
-            publicKey: credentialCreationOptions,
-            signal: this.abortController && this.abortController.signal,
-        })
-            .catch((error) => {
-            throw SdkErrorParser.toRegistrationError(error);
-        }));
-        return WebauthnParser.encodeRegistrationResult(credential);
-    }
-}
-
-function symmetricDifference(arr1, arr2) {
-    const set1 = new Set(arr1);
-    const set2 = new Set(arr2);
-    return [...arr1.filter((x) => !set2.has(x)), ...arr2.filter((x) => !set1.has(x))];
-}
-
-class ApprovalHandler {
-    async modal(params) {
-        try {
-            const result = await this.performApproval(params);
-            return EncodingUtils.jsonToBase64(result);
-        }
-        catch (err) {
-            throw SdkErrorParser.toAuthenticationError(err);
-        }
-    }
-    async performApproval(params) {
-        if ('approvalData' in params) {
-            validateApprovalData(params.approvalData);
-        }
-        const startAuthenticationResponse = 'crossDeviceTicketId' in params
-            ? await SdkApiClient.startCrossDeviceAuthentication({ ticketId: params.crossDeviceTicketId })
-            : await SdkApiClient.startAuthentication({
-                username: params.username,
-                approvalData: params.approvalData,
-            });
-        const credentialRequestOptions = startAuthenticationResponse.credential_request_options;
-        const processedOptions = WebauthnParser.processCredentialRequestOptions(credentialRequestOptions);
-        const credential = (await navigator.credentials.get({ publicKey: processedOptions }).catch((error) => {
-            throw SdkErrorParser.toAuthenticationError(error);
-        }));
-        return {
-            webauthnSessionId: startAuthenticationResponse.webauthn_session_id,
-            publicKeyCredential: WebauthnParser.encodeAuthenticationResult(credential),
-            userAgent: navigator.userAgent,
-        };
-    }
-}
-
-/**
- * WebAuthn SDK implementation
- */
-class WebAuthnSdk {
-    constructor() {
-        this._initialized = false;
-        this._authenticationHandler = new AuthenticationHandler();
-        this._registrationHandler = new RegistrationHandler();
-        this._approvalHandler = new ApprovalHandler();
-        this._crossDeviceHandler = new WebauthnCrossDeviceHandler(this._authenticationHandler, this._registrationHandler, this._approvalHandler);
-        this.authenticate = {
-            modal: async (username, options) => {
-                this.initCheck();
-                return this._authenticationHandler.modal({ username, options });
-            },
-            autofill: {
-                activate: (handlers, username) => {
-                    this.initCheck();
-                    return this._authenticationHandler.activateAutofill(handlers, username);
-                },
-                abort: () => {
-                    return this._authenticationHandler.abortAutofill();
-                },
-            },
-        };
-        this.approve = {
-            modal: async (username, approvalData) => {
-                this.initCheck();
-                return this._approvalHandler.modal({ username, approvalData });
-            },
-        };
-        this.register = async (username, options) => {
-            this.initCheck();
-            return this._registrationHandler.register({ username }, options);
-        };
-        this.crossDevice = {
-            init: {
-                registration: async (params) => {
-                    this.initCheck();
-                    return this._crossDeviceHandler.init.registration(params);
-                },
-                authentication: async (params) => {
-                    this.initCheck();
-                    return this._crossDeviceHandler.init.authentication(params);
-                },
-                approval: async (params) => {
-                    this.initCheck();
-                    return this._crossDeviceHandler.init.approval(params);
-                },
-            },
-            authenticate: {
-                modal: async (crossDeviceTicketId) => {
-                    this.initCheck();
-                    return this._crossDeviceHandler.authenticate.modal(crossDeviceTicketId);
-                },
-            },
-            approve: {
-                modal: async (crossDeviceTicketId) => {
-                    this.initCheck();
-                    return this._crossDeviceHandler.approve.modal(crossDeviceTicketId);
-                },
-            },
-            register: async (crossDeviceTicketId, options) => {
-                this.initCheck();
-                return this._crossDeviceHandler.register(crossDeviceTicketId, options);
-            },
-            attachDevice: async (crossDeviceTicketId) => {
-                this.initCheck();
-                return this._crossDeviceHandler.attachDevice(crossDeviceTicketId);
-            },
-        };
-        this.isPlatformAuthenticatorSupported = async () => {
-            var _a;
-            try {
-                return await ((_a = WebAuthnSdk.StaticPublicKeyCredential) === null || _a === void 0 ? void 0 : _a.isUserVerifyingPlatformAuthenticatorAvailable());
-            }
-            catch (error) {
-                return false;
-            }
-        };
-        this.isAutofillSupported = async () => {
-            var _a, _b;
-            return !!(((_a = WebAuthnSdk.StaticPublicKeyCredential) === null || _a === void 0 ? void 0 : _a.isConditionalMediationAvailable) &&
-                (await ((_b = WebAuthnSdk.StaticPublicKeyCredential) === null || _b === void 0 ? void 0 : _b.isConditionalMediationAvailable())));
-        };
-    }
-    async init(clientId, options) {
-        try {
-            if (!clientId) {
-                throw new NotInitializedError('Invalid clientId', { clientId });
-            }
-            if (options.webauthnApiPaths) {
-                const defaultPaths = SdkApiClient.getDefaultPaths();
-                if (symmetricDifference(Object.keys(options.webauthnApiPaths), Object.keys(defaultPaths)).length) {
-                    throw new NotInitializedError('Invalid custom paths', {
-                        customApiPaths: options.webauthnApiPaths,
-                    });
-                }
-            }
-            SdkApiClient.init(clientId, options);
-            this._initialized = true;
-        }
-        catch (error) {
-            if (isBaseSdkError(error)) {
-                throw error;
-            }
-            else {
-                throw new NotInitializedError('Failed to initialize SDK');
-            }
-        }
-    }
-    getDefaultPaths() {
-        this.initCheck();
-        return SdkApiClient.getDefaultPaths();
-    }
-    getApiPaths() {
-        this.initCheck();
-        return SdkApiClient.getApiPaths();
-    }
-    initCheck() {
-        if (!this._initialized) {
-            throw new NotInitializedError();
-        }
-    }
-}
-// We are accessing the PublicKeyCredential from the global scope here in order to make it possibly undefined - for browsers which do not support WebAuthn
-WebAuthnSdk.StaticPublicKeyCredential = window.PublicKeyCredential;
-
-const common = new Common('webauthn');
-const webauthn$1 = new WebAuthnSdk();
-common.events.on(common.events.MODULE_INITIALIZED, () => {
-    var _a;
-    const config = common.moduleMetadata.getInitConfig();
-    if (!((_a = config === null || config === void 0 ? void 0 : config.webauthn) === null || _a === void 0 ? void 0 : _a.serverPath)) {
-        return;
-    }
-    const { clientId, webauthn: webauthnConfig } = config;
-    webauthn$1.init(clientId, { ...webauthnConfig });
-});
-/**
- * Returns the authentication flows for webauthn
- */
-const authenticate = {
-    modal: async (username, options) => {
-        webauthn$1.initCheck();
-        return webauthn$1.authenticate.modal(username, options);
-    },
-    autofill: {
-        activate: (handlers, username) => {
-            webauthn$1.initCheck();
-            webauthn$1.authenticate.autofill.activate(handlers, username);
-        },
-        abort: () => {
-            webauthn$1.initCheck();
-            webauthn$1.authenticate.autofill.abort();
-        },
-    },
-};
-const approve = {
-    modal: async (username, approvalData) => {
-        webauthn$1.initCheck();
-        return webauthn$1.approve.modal(username, approvalData);
-    },
-};
-/**
- * Invokes a WebAuthn credential registration for the specified user, including prompting the user for biometrics.
- * If registration is completed successfully, this call will return a promise that resolves to the credential result, which is an object encoded as a base64 string. This encoded result should then be passed to the relevant backend registration endpoint to complete the registration for either a [logged-in user](/openapi/user/backend-webauthn/#operation/webauthn-registration) or [logged-out user](/openapi/user/backend-webauthn/#operation/webauthn-registration-external).
- *
- * If registration fails, an SdkError will be thrown.
- *
- * @param username WebAuthn username to register
- * @param options Additional configuration for registration flow
- * @throws {@link ErrorCode.NotInitialized}
- * @throws {@link ErrorCode.RegistrationFailed}
- * @throws {@link ErrorCode.RegistrationCanceled}
- */
-async function register(username, options) {
-    webauthn$1.initCheck();
-    return webauthn$1.register(username, options);
-}
-/**
- * Returns webauthn cross device flows
- * @type WebauthnCrossDeviceFlows
- */
-const { crossDevice } = webauthn$1;
-/**
- * Indicates whether this browser supports WebAuthn, and has a platform authenticator
- */
-const { isPlatformAuthenticatorSupported } = webauthn$1;
-/**
- * Indicates whether this browser supports Passkey Autofill
- */
-const { isAutofillSupported } = webauthn$1;
-/**
- * Returns the default API paths for webauthn
- */
-const { getDefaultPaths } = webauthn$1;
-// @ts-ignore
-window.localWebAuthnSDK = webauthn$1;
-
-var moduleExports = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    get WebauthnCrossDeviceStatus () { return WebauthnCrossDeviceStatus; },
-    approve: approve,
-    authenticate: authenticate,
-    crossDevice: crossDevice,
-    getDefaultPaths: getDefaultPaths,
-    isAutofillSupported: isAutofillSupported,
-    isPlatformAuthenticatorSupported: isPlatformAuthenticatorSupported,
-    register: register
-});
-
-const PACKAGE_VERSION = "1.17.2";
-
-// Create namespace object for tree-shakable import
-const webauthn = {
-  initialize: initialize,
-  ...moduleExports
-};
-
-export { PACKAGE_VERSION, WebauthnCrossDeviceStatus, approve, authenticate, crossDevice, getDefaultPaths, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, webauthn };
+"undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));const t=Symbol("MODULE_INITIALIZED"),e=new Map;function i(t,i){var a,n;null===(a=e.get(t))||void 0===a||a.forEach((n=t=>t(i),function(){try{return n(...arguments)}catch(t){console.log(t)}}))}let a=null;function n(t){a=t}var r=Object.freeze({__proto__:null,getInitConfig:function(){return a},get initConfig(){return a},setInitConfig:n});function s(e){n(e),i(t,void 0)}var o=Object.freeze({__proto__:null,initialize:s});function c(t,e,i){return(e=function(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:e+""}(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function l(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function d(t){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?l(Object(i),!0).forEach((function(e){c(t,e,i[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(i)):l(Object(i)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(i,e))}))}return t}function u(t,e){return Object.entries(e).reduce(((e,i)=>{let[a,n]=i;return d(d({},e),{},{[a]:h.isPrototypeOf(n)?new n(t.slug):"function"==typeof n?n.bind(t):"object"==typeof n&&!Array.isArray(n)&&n?u(t,n):n})}),{})}class h{constructor(t){this.slug=t}static create(t){return class extends h{constructor(e){super(e),Object.assign(this,u(this,t(this)))}}}}var y=Object.freeze({__proto__:null,Agent:h}),p=Object.freeze({__proto__:null,MODULE_INITIALIZED:t,emit:i,off:function(t,i){const a=e.get(t);if(!a)return;const n=a.indexOf(i);-1!==n&&a.splice(n,1)},on:function(t,i){var a;e.has(t)?null===(a=e.get(t))||void 0===a||a.push(i):e.set(t,[i])}});function g(t,e){const i=!t||"object"!=typeof t||Array.isArray(t)?{}:t;return[e.reduce(((t,e)=>{if(e in t){const i=t[e];if(null!==i&&"object"==typeof i&&!Array.isArray(i))return i}const i={};return t[e]=i,i}),i),i]}const v="tsec",f="general";function w(t){return t?f:a.clientId}function m(t){return function(t){if(!t)return{};try{return JSON.parse(t)}catch(t){return{}}}((t?sessionStorage:localStorage).getItem(v))}function b(t,e){const i=t?sessionStorage:localStorage,a=e(m(t));i.setItem(v,JSON.stringify(a))}var D=Object.freeze({__proto__:null,COMMON_STORAGE_KEY:v,GENERAL_ID_KEY:f,getValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=w(!!e.isGeneral),a=m(!!e.sessionOnly),[n]=g(a,[this.slug.toString(),i]);return n[t]},hasValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=w(!!e.isGeneral);return function(t,e){let i=t;return e.every((t=>!(!i||"object"!=typeof i||Array.isArray(i)||!(t in i)||(i=i[t],0))),t)}(m(!!e.sessionOnly),[this.slug.toString(),i,t])},removeValue:function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};const i=w(!!e.isGeneral);b(!!e.sessionOnly,(e=>{const[a,n]=g(e,[this.slug.toString(),i]);return delete a[t],n}))},setValue:function(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const a=w(!!i.isGeneral);b(!!i.sessionOnly,(i=>{const[n,r]=g(i,[this.slug.toString(),a]);return n[t]=e,r}))}});const A="RSA-PSS",_=async(t,e)=>await window.crypto.subtle.generateKey({name:t,modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},!1,e),S=async()=>await _("RSA-OAEP",["encrypt","decrypt"]),C=async()=>await _(A,["sign"]),k=async(t,e)=>{const i=(new TextEncoder).encode(e);return await window.crypto.subtle.sign({name:A,saltLength:32},t,i)};class K{constructor(t,e,i){this.slug=t,this.dbName=e,this.dbVersion=i}queryObjectStore(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};const{attemptToRecoverDB:a=!0}=i,n=window.indexedDB||window.mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB||window.shimIndexedDB,r=`${this.slug}:${this.dbName}`,s=n.open(r,this.dbVersion||1);s.onupgradeneeded=()=>{var e;const i=s.result;(null===(e=null==i?void 0:i.objectStoreNames)||void 0===e?void 0:e.contains)&&!i.objectStoreNames.contains(t)&&i.createObjectStore(t,{keyPath:"key"})},s.onsuccess=()=>{const o=s.result;let c;try{c=o.transaction(t,(null==i?void 0:i.operation)||"readwrite")}catch(s){if(a&&s instanceof DOMException&&"NotFoundError"===s.name){o.close();return void(n.deleteDatabase(r).onsuccess=()=>{this.queryObjectStore(t,e,d(d({},i),{},{attemptToRecoverDB:!1}))})}throw s}const l=c.objectStore(t);e(l,o),c.oncomplete||(c.oncomplete=()=>{o.close()})}}put(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const r=t.put({key:e,value:i});r.onsuccess=()=>{a(r.result)},r.onerror=t=>{n("Failed adding item to objectStore, err: "+t)}}))}))}add(t,e,i){return new Promise(((a,n)=>{this.queryObjectStore(t,(t=>{const r=t.add({key:e,value:i});r.onsuccess=()=>{a(r.result)},r.onerror=t=>{const e=t.target.error;n(e)}}))}))}get(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.get(e);n.onsuccess=()=>{var t;n.result?i(null===(t=n.result)||void 0===t?void 0:t.value):i(void 0)},n.onerror=t=>{a("Failed adding item to objectStore, err: "+t)}}))}))}getAll(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.getAll(null,e);n.onsuccess=()=>{if(n.result){const t=n.result;(null==t?void 0:t.length)?i(t.map((t=>null==t?void 0:t.value))):i(t)}else i([])},n.onerror=t=>{a("Failed getting items, err: "+t)}}))}))}delete(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,(t=>{const n=t.delete(e);n.onsuccess=()=>{i()},n.onerror=t=>{a(`Failed deleting key: '${e}' from objectStore, err: `+t)}}))}))}clear(t){return new Promise(((e,i)=>{this.queryObjectStore(t,(t=>{const a=t.clear();a.onsuccess=()=>{e()},a.onerror=t=>{i("Failed clearing objectStore, err: "+t)}}))}))}executeTransaction(t,e){return new Promise(((i,a)=>{this.queryObjectStore(t,((t,n)=>{const r=t.transaction;r.onerror=()=>{a(`Transaction failed: ${r.error}`)},r.onabort=()=>{a("Transaction aborted")},r.oncomplete=()=>{n.close(),i()};for(const i of e){let e;if("delete"===i.type)e=t.delete(i.key);else{if("put"!==i.type)return r.abort(),void a("Unknown operation type");e=t.put({key:i.key,value:i.value})}e.onerror=()=>{r.abort(),a(`Operation failed: ${e.error}`)}}}))}))}}const R="init",P="completed",T="RSA2048",I=[R,P];class O{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"sign",i=arguments.length>2?arguments[2]:void 0;var a,n,r,s,o;this.agent=t,this.keysType=e,this.options=i,this._extractingKeysPromise=null;const c=!(null===(a=this.options)||void 0===a?void 0:a.productScope),l=null===(n=this.options)||void 0===n?void 0:n.fallbackClientId;this.keysDatabaseName=c||!(null===(r=this.options)||void 0===r?void 0:r.indexedDBName)?"ts_crypto_binding":this.options.indexedDBName,this.dbVersion=c?1:(null===(s=this.options)||void 0===s?void 0:s.dbVersion)||1,this.keysStoreName=c||!(null===(o=this.options)||void 0===o?void 0:o.keysStoreName)?"identifiers_store":this.options.keysStoreName;const d=c?"platform":t.slug,u=this.getClientConfiguration(l,d);this.indexedDBClient=new K(u.main,this.keysDatabaseName,this.dbVersion),this.indexedDBClientFallback=new K(u.fallback,this.keysDatabaseName,this.dbVersion)}getClientConfiguration(t,e){return t?{main:e,fallback:`${e}:${t}`}:{main:e,fallback:`${e}:${a.clientId}`}}getKeysRecordKey(){return`${this.keysType}_keys`}getRotatedKeysRecordKey(){return`rotated_${this.keysType}_keys`}getRotatedKeysRecordKeyPending(){return`rotated_pending_${this.keysType}_keys`}arrayBufferToBase64(t){return window.btoa(String.fromCharCode(...new Uint8Array(t)))}async getPKRepresentations(t){const e=await crypto.subtle.exportKey("spki",t);return{arrayBufferKey:e,base64Key:this.arrayBufferToBase64(e)}}async generateKeyPair(){return"sign"==this.keysType?await C():await S()}async calcKeyIdentifier(t){const e=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(e)).map((t=>t.toString(16).padStart(2,"0"))).join("")}async extractKeysData(){if(this._extractingKeysPromise)return this._extractingKeysPromise;this._extractingKeysPromise=(async()=>{var t,e;const i=(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled)?await this.getRotatedKeysData():await this.getKeysData(),{base64Key:a}=await this.getPKRepresentations(i.publicKey);return this.publicKeyBase64=a,this.keyIdentifier=i.keyIdentifier,i})();try{return await this._extractingKeysPromise}finally{this._extractingKeysPromise=null}}async generateKeyPairData(t){const e=await this.generateKeyPair(),{arrayBufferKey:i}=await this.getPKRepresentations(e.publicKey),a=t||await this.calcKeyIdentifier(i);return d(d({},e),{},{keyIdentifier:a,createdDate:Date.now()})}shouldKeyBeRotated(t){var e;const i=null===(e=this.options)||void 0===e?void 0:e.keyRotation;if(!(null==i?void 0:i.isEnabled)||!i.expiryDays||void 0===i.startedAt)return!1;const a=24*i.expiryDays*60*60*1e3,n=t.createdDate&&t.createdDate>=i.startedAt?t.createdDate:i.startedAt;return Date.now()-n>a-2592e6}async extractMainKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getKeysRecordKey())}async extractFallbackMainKeysData(){return await this.indexedDBClientFallback.get(this.keysStoreName,this.getKeysRecordKey())}async extractRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKey())}async extractPendingRotatedKeysData(){return await this.indexedDBClient.get(this.keysStoreName,this.getRotatedKeysRecordKeyPending())}async saveKeyData(t,e){try{return await this.indexedDBClient.add(this.keysStoreName,t,e),e}catch(e){if(e instanceof DOMException&&"ConstraintError"===e.name){const e=await this.indexedDBClient.get(this.keysStoreName,t);if(e)return e}throw e}}async getKeysData(){const t=this.getKeysRecordKey();let e=await this.extractMainKeysData();if(e)return e;if(e=await this.extractFallbackMainKeysData(),e)return this.saveKeyData(t,e);const i=await this.generateKeyPairData();return this.saveKeyData(t,i)}async getOrCreateRotatedKeys(){let t=await this.extractRotatedKeysData();if(!t){const e=this.getRotatedKeysRecordKey(),i=await this.getKeysData(),a=d(d({},i),{},{createdDate:i.createdDate||Date.now()});t=await this.saveKeyData(e,a)}return t}async getRotatedKeysData(){const t=await this.getOrCreateRotatedKeys();if(this.shouldKeyBeRotated(t)){if(!await this.extractPendingRotatedKeysData()){const e=this.getRotatedKeysRecordKeyPending(),i=await this.generateKeyPairData(t.keyIdentifier);await this.saveKeyData(e,i)}}return t}async getPublicData(){return this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData(),{publicKey:this.publicKeyBase64,keyIdentifier:this.keyIdentifier}}async sign(t){if("sign"==this.keysType){const{privateKey:e}=await this.extractKeysData(),i=await k(e,t);return this.arrayBufferToBase64(i)}throw new Error("keysType must be 'sign' in order to use sign keys")}async clearKeys(){const t=this.getKeysRecordKey();await this.indexedDBClient.delete(this.keysStoreName,t)}getBaseRotationPayload(){return{keyIdentifier:this.keyIdentifier,slot:this.getRotatedKeysRecordKey(),publicKey:this.publicKeyBase64,publicKeyType:T,tenantId:this.options.keyRotation.tenantId}}async getRotationData(){var t,e;if(!(null===(e=null===(t=this.options)||void 0===t?void 0:t.keyRotation)||void 0===e?void 0:e.isEnabled))return;this.publicKeyBase64&&this.keyIdentifier||await this.extractKeysData();const i=await this.extractPendingRotatedKeysData();if(i){const{base64Key:t}=await this.getPKRepresentations(i.publicKey),{privateKey:e}=await this.extractKeysData(),a=d(d({},this.getBaseRotationPayload()),{},{newPublicKey:t,createdDate:i.createdDate,newPublicKeyType:T}),n=JSON.stringify(a);return{data:n,signature:await this.signPayload(n,e)}}const a=await this.extractRotatedKeysData();if(a&&!1===a.confirmed){await this.extractKeysData();const t=JSON.stringify(this.getBaseRotationPayload());return{data:t,signature:await this.signPayload(t,a.privateKey)}}}async signPayload(t,e){const i=await k(e,t);return this.arrayBufferToBase64(i)}async handleRotateResponse(t){if(I.includes(t))if(t===R){const t=await this.extractPendingRotatedKeysData();if(t){const e=d(d({},t),{},{confirmed:!1});await this.indexedDBClient.executeTransaction(this.keysStoreName,[{type:"delete",key:this.getRotatedKeysRecordKey()},{type:"put",key:this.getRotatedKeysRecordKey(),value:e},{type:"delete",key:this.getRotatedKeysRecordKeyPending()}]);const{base64Key:i}=await this.getPKRepresentations(t.publicKey);this.publicKeyBase64=i,this.keyIdentifier=t.keyIdentifier}}else if(t===P){const t=await this.extractRotatedKeysData();t&&!1===t.confirmed&&await this.indexedDBClient.put(this.keysStoreName,this.getRotatedKeysRecordKey(),d(d({},t),{},{confirmed:!0}))}}}var j=Object.freeze({__proto__:null,createCryptoBinding:function(){return new O(this,arguments.length>0&&void 0!==arguments[0]?arguments[0]:"sign",arguments.length>1?arguments[1]:void 0)},generateRSAKeyPair:S,generateRSASignKeyPair:C,signAssymetric:k,verifyAssymetric:async(t,e,i)=>{const a=(new TextEncoder).encode(e);return await window.crypto.subtle.verify(A,t,i,a)}}),x=Object.freeze({__proto__:null});const B=h.create((t=>{class e extends Error{constructor(e,i){super(`${t.slug}-${e} ${i}`)}}return{TsError:e,TsInternalError:class extends e{constructor(t){super(t,"Internal error")}}}}));var E=h.create((()=>d({exceptions:B},y)));class N{constructor(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[];this.agent=t,this.middlewares=e,this.logs=[]}info(t,e){this.pushLog(3,t,e)}warn(t,e){this.pushLog(4,t,e)}error(t,e){this.pushLog(5,t,e)}pushLog(t,e){let i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};this.logs.push({timestamp:Date.now(),module:this.agent.slug,severity:t,fields:i,message:e});const a=this.middlewares.map((t=>t(this)));Promise.all(a).catch((()=>{}))}}var F=Object.freeze({__proto__:null,consoleMiddleware:function(t){const e=t.logs[t.logs.length-1];console.log(`${e.severity} ${e.message}`,e.fields)},createSdkLogger:function(){return new N(this,arguments.length>0&&void 0!==arguments[0]?arguments[0]:[])}});function H(t,e){if(!(null==t?void 0:t.trim()))return"";if(function(t){try{return new URL(t),!0}catch(t){return!1}}(t))return t;const i="http://mock.com",a=new URL(i);a.search=(null==e?void 0:e.toString())||"",a.pathname=t;return a.href.replace(i,"")}const M={"Content-Type":"application/json","X-TS-client-time":(new Date).toUTCString(),"X-TS-ua":navigator.userAgent};function $(t,e,i){var a;const n=(r=e||{},encodeURI(JSON.stringify(r)).split(/%..|./).length-1);var r;return{method:t,headers:d(d(d({},{"X-TS-body-size":String(n)}),M),i||{}),body:null!==(a=e&&JSON.stringify(e||{}))&&void 0!==a?a:void 0}}function q(t,e,i,a,n){const r=H(t,a),s=$(e,i,n);return fetch(r,s)}async function z(t,e,i,a,n){let r;if(r=await q(t,e,i,a,n),!r.ok)throw new Error("Request failed");return r}var J=Object.freeze({__proto__:null,httpDelete:async function(t,e){const i=await z(t,"DELETE",void 0,void 0,e);return d(d({data:await i.json()},i),{},{headers:i.headers})},httpGet:async function(t,e,i){const a=await z(t,"GET",void 0,e,i);return d(d({data:await a.json()},a),{},{headers:a.headers})},httpPost:async function(t,e,i,a){const n=await z(t,"POST",e,i,a);return d(d({data:await n.json()},n),{},{headers:n.headers})},httpPut:async function(t,e,i,a){const n=await z(t,"PUT",e,i,a);return d(d({data:await n.json()},n),{},{headers:n.headers})},init:$}),L=h.create((()=>({events:p,moduleMetadata:r,mainEntry:o,utils:E,storage:D,crypto:j,indexedDB:x,logger:F,http:J})));class U{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const V={log:console.log,error:console.error};var G,W;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(G||(G={}));class Z extends Error{constructor(t,e){super(t),this.errorCode=G.NotInitialized,this.data=e}}class X extends Z{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=G.NotInitialized}}class Y extends Z{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=G.AuthenticationFailed}}class Q extends Z{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=G.AuthenticationCanceled}}class tt extends Z{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=G.RegistrationFailed}}class et extends Z{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=G.RegistrationCanceled}}class it extends Z{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=G.AutofillAuthenticationAborted}}class at extends Z{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=G.AutofillAuthenticationAborted}}class nt extends Z{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=G.AlreadyRegistered}}class rt extends Z{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=G.AuthenticationProcessAlreadyActive}}class st extends Z{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=G.InvalidApprovalData}}class ot extends Z{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=G.FailedToInitCrossDeviceSession}}class ct extends Z{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=G.FailedToGetCrossDeviceStatus}}function lt(t){return t.errorCode&&Object.values(G).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(W||(W={}));class dt{static get(t){return dt.getStorageMedium(dt.allowedKeys[t]).getItem(dt.getStorageKey(t))||void 0}static set(t,e){return dt.getStorageMedium(dt.allowedKeys[t]).setItem(dt.getStorageKey(t),e)}static remove(t){dt.getStorageMedium(dt.allowedKeys[t]).removeItem(dt.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(dt.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||dt.getStorageMedium(i).removeItem(dt.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===W.session?sessionStorage:localStorage}}dt.allowedKeys={clientId:W.session},dt.configurationKeys=["clientId"];class ut{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,dt.set("clientId",t)}catch(t){throw new X("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){V.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(d(d({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new Y("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(d(d(d({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new Y("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(d(d({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new ot(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new ct(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new Y("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new tt("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new tt("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:dt.get("clientId");if(!e)throw new X("Missing clientId");return e}}var ht,yt,pt,gt;ut.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(ht||(ht={})),function(t){t.Pending="pending",t.Scanned="scanned",t.Success="success",t.Error="error",t.Timeout="timeout",t.Aborted="aborted"}(yt||(yt={})),function(t){t.toAuthenticationError=t=>lt(t)?t:"NotAllowedError"===t.name?new Q:"OperationError"===t.name?new rt(t.message):"SecurityError"===t.name?new Y(t.message):t===G.AuthenticationAbortedTimeout?new at:"AbortError"===t.name||t===G.AutofillAuthenticationAborted?new it:new Y("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>lt(t)?t:"NotAllowedError"===t.name?new et:"SecurityError"===t.name?new tt(t.message):"InvalidStateError"===t.name?new nt:t===G.RegistrationAbortedTimeout?new at:new tt("Something went wrong during registration",{error:t})}(pt||(pt={})),function(t){t.processCredentialRequestOptions=t=>d(d({},t),{},{challenge:U.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>d(d({},t),{},{id:U.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=U.base64ToArrayBuffer(t.challenge),a.user.id=U.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>d(d({},t),{},{id:U.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:U.arrayBufferToBase64(t.rawId),response:{authenticatorData:U.arrayBufferToBase64(i.authenticatorData),clientDataJSON:U.arrayBufferToBase64(i.clientDataJSON),signature:U.arrayBufferToBase64(i.signature),userHandle:U.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:U.arrayBufferToBase64(t.rawId),response:{attestationObject:U.arrayBufferToBase64(i.attestationObject),clientDataJSON:U.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(gt||(gt={}));class vt{async modal(t){try{const e=await this.performAuthentication(d(d({},t),{},{mediationType:ht.Modal}));return U.jsonToBase64(e)}catch(t){throw pt.toAuthenticationError(t)}}activateAutofill(t,e){const{onSuccess:i,onError:a,onReady:n}=t;this.performAuthentication({username:e,mediationType:ht.InputAutofill,onReady:n}).then((t=>{i(U.jsonToBase64(t))})).catch((t=>{const e=pt.toAuthenticationError(t);if(!a)throw e;a(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(G.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(G.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await ut.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ut.startAuthentication({username:t.username,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),n=a.credential_request_options,r=gt.processCredentialRequestOptions(n),s=this.getMediatedCredentialRequest(r,t.mediationType);t.mediationType===ht.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(s).catch((t=>{throw pt.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===ht.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class ft{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const wt=/^[A-Za-z0-9\-_.: ]*$/;function mt(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>wt.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw V.error("Failed validating approval data"),new st("Provided approval data should have 10 properties max. Also, it should contain only \n      alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class bt{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await ut.initCrossDeviceAuthentication(d({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;mt(i);const a=(await ut.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=yt.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t,e){return this.registrationHandler.register({crossDeviceTicketId:t},e)}async attachDevice(t){const e=await ut.attachDeviceToCrossDeviceSession({ticketId:t});return d({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new ft((async()=>{var i,a;const n=await ut.getCrossDeviceTicketStatus({ticketId:t}),r=n.status;if(r!==this.ticketStatus)switch(this.ticketStatus=r,r){case yt.Scanned:await e.onDeviceAttach();break;case yt.Error:case yt.Timeout:case yt.Aborted:await e.onFailure(n),null===(i=this.poller)||void 0===i||i.stop();break;case yt.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!n.session_id)throw new ct("Cross device session is complete without returning session_id",n);await e.onCredentialAuthenticate(n.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:yt.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class Dt{async register(t,e){this.abortController=new AbortController;const i=d({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},e);try{const a="crossDeviceTicketId"in t?await ut.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await ut.startRegistration({username:t.username,displayName:(null==e?void 0:e.displayName)||t.username,timeout:null==e?void 0:e.timeout,limitSingleCredentialToDevice:null==e?void 0:e.limitSingleCredentialToDevice}),n=gt.processCredentialCreationOptions(a.credential_creation_options,i);setTimeout((()=>{this.abortRegistration()}),n.timeout);const r=await this.registerCredential(n),s={webauthnSessionId:a.webauthn_session_id,publicKeyCredential:r,userAgent:navigator.userAgent};return U.jsonToBase64(s)}catch(t){throw pt.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(G.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw pt.toRegistrationError(t)}));return gt.encodeRegistrationResult(e)}}class At{async modal(t){try{const e=await this.performApproval(t);return U.jsonToBase64(e)}catch(t){throw pt.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&mt(t.approvalData);const e="crossDeviceTicketId"in t?await ut.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await ut.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=gt.processCredentialRequestOptions(i),n=await navigator.credentials.get({publicKey:a}).catch((t=>{throw pt.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:gt.encodeAuthenticationResult(n),userAgent:navigator.userAgent}}}class _t{constructor(){this._initialized=!1,this._authenticationHandler=new vt,this._registrationHandler=new Dt,this._approvalHandler=new At,this._crossDeviceHandler=new bt(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async(t,e)=>(this.initCheck(),this._authenticationHandler.modal({username:t,options:e})),autofill:{activate:(t,e)=>(this.initCheck(),this._authenticationHandler.activateAutofill(t,e)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async(t,e)=>(this.initCheck(),this._approvalHandler.modal({username:t,approvalData:e}))},this.register=async(t,e)=>(this.initCheck(),this._registrationHandler.register({username:t},e)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async(t,e)=>(this.initCheck(),this._crossDeviceHandler.register(t,e)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=_t.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=_t.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=_t.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t,e){try{if(!t)throw new X("Invalid clientId",{clientId:t});if(e.webauthnApiPaths){const t=ut.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(e.webauthnApiPaths),Object.keys(t)).length)throw new X("Invalid custom paths",{customApiPaths:e.webauthnApiPaths})}ut.init(t,e),this._initialized=!0}catch(t){throw lt(t)?t:new X("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),ut.getDefaultPaths()}getApiPaths(){return this.initCheck(),ut.getApiPaths()}initCheck(){if(!this._initialized)throw new X}}_t.StaticPublicKeyCredential=window.PublicKeyCredential;const St=new L("webauthn"),Ct=new _t;St.events.on(St.events.MODULE_INITIALIZED,(()=>{var t;const e=St.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;Ct.init(i,d({},a))}));const kt={modal:async(t,e)=>(Ct.initCheck(),Ct.authenticate.modal(t,e)),autofill:{activate:(t,e)=>{Ct.initCheck(),Ct.authenticate.autofill.activate(t,e)},abort:()=>{Ct.initCheck(),Ct.authenticate.autofill.abort()}}},Kt={modal:async(t,e)=>(Ct.initCheck(),Ct.approve.modal(t,e))};async function Rt(t,e){return Ct.initCheck(),Ct.register(t,e)}const{crossDevice:Pt}=Ct,{isPlatformAuthenticatorSupported:Tt}=Ct,{isAutofillSupported:It}=Ct,{getDefaultPaths:Ot}=Ct;window.localWebAuthnSDK=Ct;const jt="1.18.2",xt={initialize:s,...Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return yt},approve:Kt,authenticate:kt,crossDevice:Pt,getDefaultPaths:Ot,isAutofillSupported:It,isPlatformAuthenticatorSupported:Tt,register:Rt})};export{jt as PACKAGE_VERSION,yt as WebauthnCrossDeviceStatus,Kt as approve,kt as authenticate,Pt as crossDevice,Ot as getDefaultPaths,s as initialize,It as isAutofillSupported,Tt as isPlatformAuthenticatorSupported,Rt as register,xt as webauthn};