@transmitsecurity/platform-web-sdk 2.3.2-beta-25104222190.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +35 -4
- package/dist/common.cjs +1 -1
- package/dist/common.js +1 -1
- package/dist/drs.cjs +1 -1
- package/dist/drs.d.ts +40 -2
- package/dist/drs.js +1 -1
- package/dist/ido.cjs +1 -1
- package/dist/ido.d.ts +96 -2
- package/dist/ido.js +1 -1
- package/dist/idv.cjs +1 -1
- package/dist/idv.d.ts +148 -4
- package/dist/idv.js +1 -1
- package/dist/index.cjs +1 -1
- package/dist/index.esm.js +1 -1
- package/dist/index.umd.js +1 -1
- package/dist/ts-platform-websdk.js +1 -1
- package/dist/web-sdk-drs+idv+webauthn+ido.js +1 -1
- package/dist/web-sdk.d.ts +315 -9
- package/dist/webauthn.cjs +1 -1
- package/dist/webauthn.js +1 -1
- package/package.json +2 -8
package/dist/web-sdk.d.ts
CHANGED
|
@@ -58,6 +58,7 @@ interface initConfigParams {
|
|
|
58
58
|
};
|
|
59
59
|
ido?: {
|
|
60
60
|
serverPath?: string;
|
|
61
|
+
collectRiskData?: boolean;
|
|
61
62
|
[key: string]: any;
|
|
62
63
|
};
|
|
63
64
|
[key: string]: any;
|
|
@@ -130,10 +131,12 @@ declare namespace storage {
|
|
|
130
131
|
|
|
131
132
|
declare const INIT_ROTATION_RESPONSE = "init";
|
|
132
133
|
declare const COMPLETED_ROTATION_RESPONSE = "completed";
|
|
134
|
+
type CryptoKeyInvalidReason = 'IDB_WRITE_TIMEOUT';
|
|
133
135
|
type CryptoBindingPublicData = {
|
|
134
136
|
publicKey: string;
|
|
135
137
|
keyIdentifier: string;
|
|
136
138
|
publicKeyId: string;
|
|
139
|
+
errors?: CryptoKeyInvalidReason[];
|
|
137
140
|
};
|
|
138
141
|
type CryptoBindingRotationPayload = {
|
|
139
142
|
data: string;
|
|
@@ -157,6 +160,9 @@ type CryptoBindingOptions = {
|
|
|
157
160
|
startedAt: number;
|
|
158
161
|
tenantId: string;
|
|
159
162
|
};
|
|
163
|
+
/** Timeout in milliseconds for IDB write transactions. If not set, no timeout is applied.
|
|
164
|
+
* Use to guard against browsers that silently freeze IDB (e.g. iOS 18.7 WKWebView ephemeral sessions). */
|
|
165
|
+
idbWriteTimeoutMs?: number;
|
|
160
166
|
/** @internal
|
|
161
167
|
* Warning! This flag shouldn't be used, it was added temporarily for multi-tenant support.
|
|
162
168
|
*
|
|
@@ -180,6 +186,7 @@ declare class CryptoBinding {
|
|
|
180
186
|
private keyIdentifier;
|
|
181
187
|
private publicKeyId;
|
|
182
188
|
private _extractingKeysPromise;
|
|
189
|
+
private cryptoBindingErrors;
|
|
183
190
|
constructor(agent: Agent, keysType?: 'encrypt' | 'sign', options?: CryptoBindingOptions);
|
|
184
191
|
private getClientConfiguration;
|
|
185
192
|
private getKeysRecordKey;
|
|
@@ -250,11 +257,17 @@ type TransactionOperation = {
|
|
|
250
257
|
type: 'delete';
|
|
251
258
|
key: string;
|
|
252
259
|
};
|
|
260
|
+
declare class IDBWriteTimeoutError extends Error {
|
|
261
|
+
constructor();
|
|
262
|
+
}
|
|
253
263
|
|
|
264
|
+
type indexedDB_IDBWriteTimeoutError = IDBWriteTimeoutError;
|
|
265
|
+
declare const indexedDB_IDBWriteTimeoutError: typeof IDBWriteTimeoutError;
|
|
254
266
|
type indexedDB_QueryObjectStoreOptions = QueryObjectStoreOptions;
|
|
255
267
|
type indexedDB_TransactionOperation = TransactionOperation;
|
|
256
268
|
declare namespace indexedDB {
|
|
257
269
|
export {
|
|
270
|
+
indexedDB_IDBWriteTimeoutError as IDBWriteTimeoutError,
|
|
258
271
|
indexedDB_QueryObjectStoreOptions as QueryObjectStoreOptions,
|
|
259
272
|
indexedDB_TransactionOperation as TransactionOperation,
|
|
260
273
|
};
|
|
@@ -428,6 +441,18 @@ type LightweightPayload = {
|
|
|
428
441
|
type TransactionType = 'purchase' | 'bill_payment' | 'mobile_recharge' | 'money_transfer' | 'credit_transfer' | 'credit_redemption' | 'top_up' | 'withdrawal' | 'investment' | 'loan' | 'refund' | 'other';
|
|
429
442
|
type TransactionMethod = 'bank_account' | 'wire' | 'card' | 'p2p' | 'wallet';
|
|
430
443
|
type AvsMatchLevel = 'none' | 'postal' | 'street' | 'full' | 'unknown';
|
|
444
|
+
/** The outcome of an action reported via {@link TSAccountProtection.reportActionResult} */
|
|
445
|
+
type ActionResult = "success" | "failure" | "incomplete";
|
|
446
|
+
/** Type of challenge presented to the user, when a challenge was recommended for the action */
|
|
447
|
+
type ChallengeType = "sms_otp" | "email_otp" | "totp" | "push_otp" | "voice_otp" | "idv" | "captcha" | "password" | "passkey";
|
|
448
|
+
interface ActionResultOptions {
|
|
449
|
+
/** Identifier containing sensitive user data. Mosaic will encrypt and securely store this data. */
|
|
450
|
+
privateUserIdentifier?: string;
|
|
451
|
+
/** Type of challenge used when a challenge was recommended for this action. */
|
|
452
|
+
challengeType?: ChallengeType;
|
|
453
|
+
/** Opaque identifier of the user in your system. */
|
|
454
|
+
userId?: string;
|
|
455
|
+
}
|
|
431
456
|
interface ActionResponse {
|
|
432
457
|
/** The token return by the SDK when the action was reported */
|
|
433
458
|
actionToken?: string;
|
|
@@ -620,11 +645,17 @@ declare class TSAccountProtection {
|
|
|
620
645
|
/** @ignore */
|
|
621
646
|
getActions(): Promise<string[]>;
|
|
622
647
|
getSessionToken(): Promise<any>;
|
|
648
|
+
/**
|
|
649
|
+
* Returns the lightweight (citadel) device payload to be forwarded to citadel via the caller's backend.
|
|
650
|
+
* The response from citadel includes a `deviceId` that must be passed back via {@link setDeviceId}
|
|
651
|
+
* — the server may issue a new one or rotate it, and the SDK only persists it when told to.
|
|
652
|
+
*/
|
|
623
653
|
getPayload(): Promise<LightweightPayload>;
|
|
624
654
|
clearQueue(): void;
|
|
625
655
|
/**
|
|
626
656
|
* Sets the deviceId for lightweight mode (citadel).
|
|
627
|
-
* Should be called after
|
|
657
|
+
* Should be called after every response from citadel — the server may rotate the deviceId
|
|
658
|
+
* (e.g. after schema validation), so always propagate the returned value back into the SDK.
|
|
628
659
|
* @param deviceId - The JWT deviceId returned from citadel backend
|
|
629
660
|
*/
|
|
630
661
|
setDeviceId(deviceId: string): void;
|
|
@@ -650,6 +681,16 @@ declare class TSAccountProtection {
|
|
|
650
681
|
* @returns Indicates if the call succeeded
|
|
651
682
|
*/
|
|
652
683
|
setAuthenticatedUser(userId: string, options?: {}): Promise<boolean>;
|
|
684
|
+
/**
|
|
685
|
+
* Reports the result of an action for which a recommendation was previously issued.
|
|
686
|
+
* This includes whether the user successfully completed the action and, when applicable,
|
|
687
|
+
* the type of challenge that was presented.
|
|
688
|
+
* @param actionToken The token returned when the action was triggered by {@link TSAccountProtection.triggerActionEvent}
|
|
689
|
+
* @param result The outcome of the action
|
|
690
|
+
* @param options Additional context associated with the action result
|
|
691
|
+
* @returns Indicates if the call succeeded
|
|
692
|
+
*/
|
|
693
|
+
reportActionResult(actionToken: string, result: ActionResult, options?: ActionResultOptions): Promise<boolean>;
|
|
653
694
|
/**
|
|
654
695
|
* Clears the user context for all subsequent events in the browser session
|
|
655
696
|
* @param options Reserved for future use
|
|
@@ -679,6 +720,16 @@ declare const triggerActionEvent: TSAccountProtection['triggerActionEvent'];
|
|
|
679
720
|
* @returns Indicates if the call succeeded
|
|
680
721
|
*/
|
|
681
722
|
declare const setAuthenticatedUser: TSAccountProtection['setAuthenticatedUser'];
|
|
723
|
+
/**
|
|
724
|
+
* Reports the result of an action for which a recommendation was previously issued.
|
|
725
|
+
* This includes whether the user successfully completed the action and, when applicable,
|
|
726
|
+
* the type of challenge that was presented.
|
|
727
|
+
* @param actionToken The token returned when the action was triggered by triggerActionEvent()
|
|
728
|
+
* @param result The outcome of the action ("success" | "failure" | "incomplete")
|
|
729
|
+
* @param options Additional context associated with the action result
|
|
730
|
+
* @returns Indicates if the call succeeded
|
|
731
|
+
*/
|
|
732
|
+
declare const reportActionResult: TSAccountProtection['reportActionResult'];
|
|
682
733
|
/**
|
|
683
734
|
* Clears the user context for all subsequent events in the browser session
|
|
684
735
|
* @param options Reserved for future use
|
|
@@ -713,6 +764,7 @@ declare const __internal: {
|
|
|
713
764
|
|
|
714
765
|
type webSdkModule_d_ActionEventOptions = ActionEventOptions;
|
|
715
766
|
type webSdkModule_d_ActionResponse = ActionResponse;
|
|
767
|
+
type webSdkModule_d_ActionResultOptions = ActionResultOptions;
|
|
716
768
|
type webSdkModule_d_LightweightPayload = LightweightPayload;
|
|
717
769
|
declare const webSdkModule_d___internal: typeof __internal;
|
|
718
770
|
declare const webSdkModule_d_clearUser: typeof clearUser;
|
|
@@ -720,6 +772,7 @@ declare const webSdkModule_d_getActions: typeof getActions;
|
|
|
720
772
|
declare const webSdkModule_d_getPayload: typeof getPayload;
|
|
721
773
|
declare const webSdkModule_d_getSecureSessionToken: typeof getSecureSessionToken;
|
|
722
774
|
declare const webSdkModule_d_getSessionToken: typeof getSessionToken;
|
|
775
|
+
declare const webSdkModule_d_reportActionResult: typeof reportActionResult;
|
|
723
776
|
declare const webSdkModule_d_setAuthenticatedUser: typeof setAuthenticatedUser;
|
|
724
777
|
declare const webSdkModule_d_setDeviceId: typeof setDeviceId;
|
|
725
778
|
declare const webSdkModule_d_triggerActionEvent: typeof triggerActionEvent;
|
|
@@ -727,6 +780,7 @@ declare namespace webSdkModule_d {
|
|
|
727
780
|
export {
|
|
728
781
|
webSdkModule_d_ActionEventOptions as ActionEventOptions,
|
|
729
782
|
webSdkModule_d_ActionResponse as ActionResponse,
|
|
783
|
+
webSdkModule_d_ActionResultOptions as ActionResultOptions,
|
|
730
784
|
webSdkModule_d_LightweightPayload as LightweightPayload,
|
|
731
785
|
webSdkModule_d___internal as __internal,
|
|
732
786
|
webSdkModule_d_clearUser as clearUser,
|
|
@@ -734,12 +788,87 @@ declare namespace webSdkModule_d {
|
|
|
734
788
|
webSdkModule_d_getPayload as getPayload,
|
|
735
789
|
webSdkModule_d_getSecureSessionToken as getSecureSessionToken,
|
|
736
790
|
webSdkModule_d_getSessionToken as getSessionToken,
|
|
791
|
+
webSdkModule_d_reportActionResult as reportActionResult,
|
|
737
792
|
webSdkModule_d_setAuthenticatedUser as setAuthenticatedUser,
|
|
738
793
|
webSdkModule_d_setDeviceId as setDeviceId,
|
|
739
794
|
webSdkModule_d_triggerActionEvent as triggerActionEvent,
|
|
740
795
|
};
|
|
741
796
|
}
|
|
742
797
|
|
|
798
|
+
type AddImagesResponse = {
|
|
799
|
+
/**
|
|
800
|
+
* Feedback for the submitted image
|
|
801
|
+
*/
|
|
802
|
+
feedback: AddImagesResponse.feedback;
|
|
803
|
+
/**
|
|
804
|
+
* Indicates whether all the images required for the verification check were received
|
|
805
|
+
*/
|
|
806
|
+
complete: boolean;
|
|
807
|
+
/**
|
|
808
|
+
* The additional image types that need to be added
|
|
809
|
+
*/
|
|
810
|
+
missing_images: Array<'document_front' | 'document_back' | 'selfie'>;
|
|
811
|
+
/**
|
|
812
|
+
* Custom feedback corresponding to the restricted criteria (as configured in the Admin Portal)
|
|
813
|
+
*/
|
|
814
|
+
custom_feedback?: string;
|
|
815
|
+
/**
|
|
816
|
+
* Indicates whether the document is expected to have a barcode
|
|
817
|
+
*/
|
|
818
|
+
has_barcode?: boolean;
|
|
819
|
+
supported_barcode_symbologies?: string[];
|
|
820
|
+
};
|
|
821
|
+
declare namespace AddImagesResponse {
|
|
822
|
+
/**
|
|
823
|
+
* Feedback for the submitted image
|
|
824
|
+
*/
|
|
825
|
+
enum feedback {
|
|
826
|
+
OK = "ok",
|
|
827
|
+
OTHER = "other",
|
|
828
|
+
DOCUMENT_NOT_FOUND = "document_not_found",
|
|
829
|
+
FACE_NOT_FOUND = "face_not_found",
|
|
830
|
+
DOCUMENT_FACE_NOT_FOUND = "document_face_not_found",
|
|
831
|
+
OBSTRUCTED = "obstructed",
|
|
832
|
+
BLUR = "blur",
|
|
833
|
+
GLARE = "glare",
|
|
834
|
+
DOCUMENT_NOT_SUPPORTED = "document_not_supported",
|
|
835
|
+
DOCUMENT_NOT_MATCHING = "document_not_matching",
|
|
836
|
+
WRONG_DOCUMENT_SIDE = "wrong_document_side",
|
|
837
|
+
MULTI_FACE = "multi_face",
|
|
838
|
+
FACE_ROTATED = "face_rotated",
|
|
839
|
+
FACE_TOO_SMALL = "face_too_small",
|
|
840
|
+
FACE_TOO_CLOSE = "face_too_close",
|
|
841
|
+
CLOSED_EYES = "closed_eyes",
|
|
842
|
+
FACE_ANGLE_TOO_LARGE = "face_angle_too_large",
|
|
843
|
+
FACE_CLOSE_TO_BORDER = "face_close_to_border",
|
|
844
|
+
FACE_OCCLUDED = "face_occluded",
|
|
845
|
+
FACE_CROPPED = "face_cropped",
|
|
846
|
+
BARCODE_NOT_FOUND = "barcode_not_found",
|
|
847
|
+
GLARE_SELFIE = "glare_selfie",
|
|
848
|
+
BLUR_SELFIE = "blur_selfie",
|
|
849
|
+
RESTRICTED_CRITERIA = "restricted_criteria",
|
|
850
|
+
UNCLASSIFIABLE = "unclassifiable"
|
|
851
|
+
}
|
|
852
|
+
}
|
|
853
|
+
|
|
854
|
+
type Step = 'loading_screen' | 'init' | 'document_front' | 'document_back' | 'selfie' | 'processing' | 'error' | 'complete' | 'recapture';
|
|
855
|
+
|
|
856
|
+
type Errors = 'other' | 'camera-error' | 'camera-permission-dismissed' | 'camera-permission-denied' | 'trying-to-initialize-active-session' | 'unable-to-parse-data-uri' | 'failed-to-submit-image' | 'request-error' | 'session-expired';
|
|
857
|
+
|
|
858
|
+
interface CaptureItem {
|
|
859
|
+
sessionId: string;
|
|
860
|
+
type: 'document_front' | 'document_back' | 'selfie';
|
|
861
|
+
feedback: AddImagesResponse.feedback;
|
|
862
|
+
}
|
|
863
|
+
interface CaptureResult {
|
|
864
|
+
captures: CaptureItem[];
|
|
865
|
+
}
|
|
866
|
+
declare class CaptureError extends Error {
|
|
867
|
+
errorCode: Errors;
|
|
868
|
+
step: Step;
|
|
869
|
+
constructor(errorCode: Errors, step: Step, message?: string);
|
|
870
|
+
}
|
|
871
|
+
|
|
743
872
|
/**
|
|
744
873
|
* The `idv` module allows you to integrate identity verification services into your application. This allows you to
|
|
745
874
|
* securely verify the identity of your customers using documents like their driver's license or passport.
|
|
@@ -752,6 +881,33 @@ declare namespace webSdkModule_d {
|
|
|
752
881
|
* @module tsPlatform.idv
|
|
753
882
|
*/
|
|
754
883
|
|
|
884
|
+
/**
|
|
885
|
+
* Options for {@link captureDocument}.
|
|
886
|
+
* @memberof module:tsPlatform.idv
|
|
887
|
+
*/
|
|
888
|
+
interface CaptureDocumentOptions {
|
|
889
|
+
/**
|
|
890
|
+
* Acquisition id obtained by calling the backend's
|
|
891
|
+
* `POST /verify/api/v1/verification/{sessionId}/document-acquisition` endpoint.
|
|
892
|
+
* The same id is used for both document_front and document_back uploads, including any retakes.
|
|
893
|
+
*/
|
|
894
|
+
acquisitionId: string;
|
|
895
|
+
/** Optional callback invoked for each successful image capture. */
|
|
896
|
+
onCapture?: (result: CaptureItem) => void;
|
|
897
|
+
}
|
|
898
|
+
/**
|
|
899
|
+
* Options for {@link captureSelfie}.
|
|
900
|
+
* @memberof module:tsPlatform.idv
|
|
901
|
+
*/
|
|
902
|
+
interface CaptureSelfieOptions {
|
|
903
|
+
/**
|
|
904
|
+
* Acquisition id obtained by calling the backend's
|
|
905
|
+
* `POST /verify/api/v1/verification/{sessionId}/selfie-acquisition` endpoint.
|
|
906
|
+
*/
|
|
907
|
+
acquisitionId: string;
|
|
908
|
+
/** Optional callback invoked when the selfie is successfully captured. */
|
|
909
|
+
onCapture?: (result: CaptureItem) => void;
|
|
910
|
+
}
|
|
755
911
|
/**
|
|
756
912
|
* Starts a verification session that was created in the backend (via the [Verification API](/openapi/verify/verifications/#operation/createSession)).
|
|
757
913
|
* This will start the verification process for the user and guides them through the entire identity verification flow
|
|
@@ -793,20 +949,76 @@ declare function start(startToken?: string): Promise<boolean>;
|
|
|
793
949
|
*/
|
|
794
950
|
declare function recapture(): Promise<boolean>;
|
|
795
951
|
/**
|
|
796
|
-
*
|
|
797
|
-
*
|
|
952
|
+
* Captures document images (front and back if needed). This method is only available when flowType is 'modular'.
|
|
953
|
+
* Returns a Promise that resolves when the document capture sequence completes successfully.
|
|
954
|
+
*
|
|
955
|
+
* Requires an `acquisitionId` minted via the backend's
|
|
956
|
+
* `POST /verify/api/v1/verification/{sessionId}/document-acquisition` endpoint. The same id is sent
|
|
957
|
+
* with every image upload performed during the capture (front, back, retakes).
|
|
958
|
+
* @function captureDocument
|
|
959
|
+
* @param {CaptureDocumentOptions} options - Capture options including the required `acquisitionId`
|
|
960
|
+
* and an optional `onCapture` callback called for each image submission attempt.
|
|
961
|
+
* @returns {Promise<CaptureResult>} Promise that resolves with complete capture information
|
|
962
|
+
* @throws {Error} If `acquisitionId` is missing, flowType is not 'modular', session is not active,
|
|
963
|
+
* or the document step is not available
|
|
964
|
+
* @memberof module:tsPlatform.idv
|
|
965
|
+
* @example
|
|
966
|
+
* // Mint an acquisition id from your backend, then pass it in:
|
|
967
|
+
* const { acquisition_id } = await myBackend.createDocumentAcquisition(sessionId);
|
|
968
|
+
* const result = await tsPlatform.idv.captureDocument({ acquisitionId: acquisition_id });
|
|
969
|
+
* console.log('Captured:', result.captures);
|
|
970
|
+
*
|
|
971
|
+
* // With callback for intermediate results (synchronous)
|
|
972
|
+
* const result = await tsPlatform.idv.captureDocument({
|
|
973
|
+
* acquisitionId: acquisition_id,
|
|
974
|
+
* onCapture: (capture) => {
|
|
975
|
+
* console.log(`Captured ${capture.type} with feedback: ${capture.feedback}`);
|
|
976
|
+
* },
|
|
977
|
+
* });
|
|
978
|
+
*/
|
|
979
|
+
declare function captureDocument(options: CaptureDocumentOptions): Promise<CaptureResult>;
|
|
980
|
+
/**
|
|
981
|
+
* Captures a selfie image. This method is only available when flowType is 'modular'.
|
|
982
|
+
* Returns a Promise that resolves when the selfie capture completes successfully.
|
|
983
|
+
*
|
|
984
|
+
* Requires an `acquisitionId` minted via the backend's
|
|
985
|
+
* `POST /verify/api/v1/verification/{sessionId}/selfie-acquisition` endpoint.
|
|
986
|
+
* @function captureSelfie
|
|
987
|
+
* @param {CaptureSelfieOptions} options - Capture options including the required `acquisitionId`
|
|
988
|
+
* and an optional `onCapture` callback.
|
|
989
|
+
* @returns {Promise<CaptureResult>} Promise that resolves with complete capture information
|
|
990
|
+
* @throws {Error} If `acquisitionId` is missing, flowType is not 'modular', session is not active,
|
|
991
|
+
* or the selfie step is not available
|
|
992
|
+
* @memberof module:tsPlatform.idv
|
|
993
|
+
* @example
|
|
994
|
+
* const { acquisition_id } = await myBackend.createSelfieAcquisition(sessionId);
|
|
995
|
+
* const result = await tsPlatform.idv.captureSelfie({ acquisitionId: acquisition_id });
|
|
996
|
+
* console.log('Captured:', result.captures);
|
|
798
997
|
*/
|
|
799
|
-
declare function
|
|
998
|
+
declare function captureSelfie(options: CaptureSelfieOptions): Promise<CaptureResult>;
|
|
800
999
|
declare const version: () => string;
|
|
801
1000
|
|
|
1001
|
+
type index_d$2_CaptureDocumentOptions = CaptureDocumentOptions;
|
|
1002
|
+
type index_d$2_CaptureError = CaptureError;
|
|
1003
|
+
declare const index_d$2_CaptureError: typeof CaptureError;
|
|
1004
|
+
type index_d$2_CaptureItem = CaptureItem;
|
|
1005
|
+
type index_d$2_CaptureResult = CaptureResult;
|
|
1006
|
+
type index_d$2_CaptureSelfieOptions = CaptureSelfieOptions;
|
|
1007
|
+
declare const index_d$2_captureDocument: typeof captureDocument;
|
|
1008
|
+
declare const index_d$2_captureSelfie: typeof captureSelfie;
|
|
802
1009
|
declare const index_d$2_recapture: typeof recapture;
|
|
803
|
-
declare const index_d$2_restart: typeof restart;
|
|
804
1010
|
declare const index_d$2_start: typeof start;
|
|
805
1011
|
declare const index_d$2_version: typeof version;
|
|
806
1012
|
declare namespace index_d$2 {
|
|
807
1013
|
export {
|
|
1014
|
+
index_d$2_CaptureDocumentOptions as CaptureDocumentOptions,
|
|
1015
|
+
index_d$2_CaptureError as CaptureError,
|
|
1016
|
+
index_d$2_CaptureItem as CaptureItem,
|
|
1017
|
+
index_d$2_CaptureResult as CaptureResult,
|
|
1018
|
+
index_d$2_CaptureSelfieOptions as CaptureSelfieOptions,
|
|
1019
|
+
index_d$2_captureDocument as captureDocument,
|
|
1020
|
+
index_d$2_captureSelfie as captureSelfie,
|
|
808
1021
|
index_d$2_recapture as recapture,
|
|
809
|
-
index_d$2_restart as restart,
|
|
810
1022
|
index_d$2_start as start,
|
|
811
1023
|
index_d$2_version as version,
|
|
812
1024
|
};
|
|
@@ -2143,7 +2355,98 @@ declare enum IdoJourneyActionType {
|
|
|
2143
2355
|
* On failure, the `IdoServiceResponse` {@link IdoServiceResponse.errorData} field will contain
|
|
2144
2356
|
* relevant error codes that can be used to handle various failure scenarios.
|
|
2145
2357
|
*/
|
|
2146
|
-
MobileApproveAuthentication = "transmit_platform_mobile_approve_authentication"
|
|
2358
|
+
MobileApproveAuthentication = "transmit_platform_mobile_approve_authentication",
|
|
2359
|
+
/**
|
|
2360
|
+
* @description `journeyStepId` for a selfie acquisition action.
|
|
2361
|
+
* This action instructs the client to acquire a selfie image from the user, typically as part of an identity verification or face authentication process.
|
|
2362
|
+
*
|
|
2363
|
+
* Data received in the {@link IdoServiceResponse} object:
|
|
2364
|
+
* ```json
|
|
2365
|
+
* {
|
|
2366
|
+
* "data": {
|
|
2367
|
+
* "start_token": "<START_TOKEN>", // Optional: used to start an identity verification session if required
|
|
2368
|
+
* "acquisition_id": "<ACQUISITION_ID>" // Required: ID needed to start selfie capture
|
|
2369
|
+
* }
|
|
2370
|
+
* }
|
|
2371
|
+
* ```
|
|
2372
|
+
*
|
|
2373
|
+
* To perform the selfie acquisition:
|
|
2374
|
+
* 1. If a `start_token` is present, initialize the IDV SDK session:
|
|
2375
|
+
* ```javascript
|
|
2376
|
+
* if (response.data.start_token !== undefined) {
|
|
2377
|
+
* await idv.start(response.data.start_token);
|
|
2378
|
+
* }
|
|
2379
|
+
* ```
|
|
2380
|
+
* 2. Run the selfie acquisition by calling the IDV SDK's `captureSelfie()` method:
|
|
2381
|
+
* ```javascript
|
|
2382
|
+
* await idv.captureSelfie({ acquisitionId: response.data.acquisition_id });
|
|
2383
|
+
* ```
|
|
2384
|
+
*
|
|
2385
|
+
* After acquiring the selfie, the client response does not need to include any data:
|
|
2386
|
+
* ```javascript
|
|
2387
|
+
* ido.submitClientResponse(ClientResponseOptionType.ClientInput);
|
|
2388
|
+
* ```
|
|
2389
|
+
*
|
|
2390
|
+
* If an error occurs while capturing the selfie, the client should handle error states and inform the user
|
|
2391
|
+
* and/or retry as appropriate according to application requirements.
|
|
2392
|
+
*
|
|
2393
|
+
* For deeper understanding and more implementation details, refer to the IDV SDK documentation:
|
|
2394
|
+
* {@link https://developer.transmitsecurity.com/sdk-ref/idvsdk/overview IDV SDK Reference}
|
|
2395
|
+
*/
|
|
2396
|
+
SelfieAcquisition = "transmit_platform_selfie_acquisition",
|
|
2397
|
+
/**
|
|
2398
|
+
* @description `journeyStepId` for a document acquisition action.
|
|
2399
|
+
* This action instructs the client to acquire a document image from the user, typically as part of an identity verification or face authentication process.
|
|
2400
|
+
*
|
|
2401
|
+
* Data received in the {@link IdoServiceResponse} object:
|
|
2402
|
+
* ```json
|
|
2403
|
+
* {
|
|
2404
|
+
* "data": {
|
|
2405
|
+
* "start_token": "<START_TOKEN>", // Optional: used to start an identity verification session if required
|
|
2406
|
+
* "acquisition_id": "<ACQUISITION_ID>" // Required: ID needed to start document capture
|
|
2407
|
+
* }
|
|
2408
|
+
* }
|
|
2409
|
+
* ```
|
|
2410
|
+
*
|
|
2411
|
+
* To perform the document acquisition:
|
|
2412
|
+
* 1. If a `start_token` is present, initialize the IDV SDK session:
|
|
2413
|
+
* ```javascript
|
|
2414
|
+
* if (response.data.start_token !== undefined) {
|
|
2415
|
+
* await idv.start(response.data.start_token);
|
|
2416
|
+
* }
|
|
2417
|
+
* ```
|
|
2418
|
+
* 2. Run the document acquisition by calling the IDV SDK's `captureDocument()` method:
|
|
2419
|
+
* ```javascript
|
|
2420
|
+
* await idv.captureDocument({ acquisitionId: response.data.acquisition_id });
|
|
2421
|
+
* ```
|
|
2422
|
+
*
|
|
2423
|
+
* After acquiring the document, the client response does not need to include any data:
|
|
2424
|
+
* ```javascript
|
|
2425
|
+
* ido.submitClientResponse(ClientResponseOptionType.ClientInput);
|
|
2426
|
+
* ```
|
|
2427
|
+
*
|
|
2428
|
+
* If an error occurs while capturing the document, the client should handle error states and inform the user
|
|
2429
|
+
* and/or retry as appropriate according to application requirements.
|
|
2430
|
+
*
|
|
2431
|
+
* For deeper understanding and more implementation details, refer to the IDV SDK documentation:
|
|
2432
|
+
* {@link https://developer.transmitsecurity.com/sdk-ref/idvsdk/overview IDV SDK Reference}
|
|
2433
|
+
*/
|
|
2434
|
+
DocumentAcquisition = "transmit_platform_document_acquisition",
|
|
2435
|
+
/**
|
|
2436
|
+
* @description `journeyStepId` for IDV recommendation action.
|
|
2437
|
+
*
|
|
2438
|
+
* When this action is received, it indicates that identity verification (IDV) processing is being performed asynchronously on the backend.
|
|
2439
|
+
* The client is responsible for implementing a polling mechanism: keep calling
|
|
2440
|
+
* `ido.submitClientResponse(ClientResponseOptionType.ClientInput)` in a loop until the server responds with a new action or returns an error.
|
|
2441
|
+
*
|
|
2442
|
+
* Note: No data is provided by the server in the {@link IdoServiceResponse} object for this action at any time.
|
|
2443
|
+
*
|
|
2444
|
+
* It is recommended to show a blocking UI element (such as a loader or progress indicator) while polling,
|
|
2445
|
+
* to inform the user that processing is ongoing.
|
|
2446
|
+
*
|
|
2447
|
+
* This process can take a couple of seconds. The recommended polling interval is every 1 second.
|
|
2448
|
+
*/
|
|
2449
|
+
WaitForIdvRecommendations = "transmit_platform_idv_recommendation"
|
|
2147
2450
|
}
|
|
2148
2451
|
/**
|
|
2149
2452
|
* @interface
|
|
@@ -2296,7 +2599,10 @@ interface IdoSdk {
|
|
|
2296
2599
|
|
|
2297
2600
|
declare module "@transmit-security/web-sdk-common/dist/module-metadata/module-metadata" {
|
|
2298
2601
|
interface initConfigParams {
|
|
2299
|
-
ido?:
|
|
2602
|
+
ido?: {
|
|
2603
|
+
serverPath?: string;
|
|
2604
|
+
[key: string]: any;
|
|
2605
|
+
};
|
|
2300
2606
|
}
|
|
2301
2607
|
}
|
|
2302
2608
|
|
|
@@ -2373,6 +2679,6 @@ declare class TSWebSDK {
|
|
|
2373
2679
|
}
|
|
2374
2680
|
declare const _default: TSWebSDK;
|
|
2375
2681
|
|
|
2376
|
-
declare const PACKAGE_VERSION = "2.
|
|
2682
|
+
declare const PACKAGE_VERSION = "2.4.0";
|
|
2377
2683
|
|
|
2378
2684
|
export { ActionEventOptions, ActionResponse, AuthenticationAutofillActivateHandlers, AutofillHandlers, CrossDeviceController, ErrorCode$1 as ErrorCode, PACKAGE_VERSION, SDK_VERSIONS, SdkError, WebauthnApis, WebauthnAuthenticationFlows, WebauthnCrossDeviceFlows, WebauthnCrossDeviceRegistrationOptions, WebauthnRegistrationOptions, authenticate, index_d$3 as common, crossDevice, _default as default, webSdkModule_d as drs, getDefaultPaths, index_d as ido, index_d$2 as idv, initConfigParams, initialize, isAutofillSupported, isPlatformAuthenticatorSupported, register, index_d$1 as webauthn };
|
package/dist/webauthn.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
"undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));var t=require("./common.cjs"),e=require("./common.cjs");function i(t,e,i){return(e=function(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:e+""}(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function a(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function r(t){for(var e=1;e<arguments.length;e++){var r=null!=arguments[e]?arguments[e]:{};e%2?a(Object(r),!0).forEach((function(e){i(t,e,r[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(r)):a(Object(r)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(r,e))}))}return t}class n{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const s={log:console.log,error:console.error};var o,c;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(o||(o={}));class l extends Error{constructor(t,e){super(t),this.errorCode=o.NotInitialized,this.data=e}}class u extends l{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=o.NotInitialized}}class d extends l{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=o.AuthenticationFailed}}class h extends l{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=o.AuthenticationCanceled}}class p extends l{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=o.RegistrationFailed}}class v extends l{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=o.RegistrationCanceled}}class g extends l{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=o.AutofillAuthenticationAborted}}class f extends l{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=o.AutofillAuthenticationAborted}}class w extends l{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=o.AlreadyRegistered}}class m extends l{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=o.AuthenticationProcessAlreadyActive}}class y extends l{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=o.InvalidApprovalData}}class b extends l{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=o.FailedToInitCrossDeviceSession}}class C extends l{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=o.FailedToGetCrossDeviceStatus}}function A(t){return t.errorCode&&Object.values(o).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(c||(c={}));class D{static get(t){return D.getStorageMedium(D.allowedKeys[t]).getItem(D.getStorageKey(t))||void 0}static set(t,e){return D.getStorageMedium(D.allowedKeys[t]).setItem(D.getStorageKey(t),e)}static remove(t){D.getStorageMedium(D.allowedKeys[t]).removeItem(D.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(D.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||D.getStorageMedium(i).removeItem(D.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===c.session?sessionStorage:localStorage}}D.allowedKeys={clientId:c.session},D.configurationKeys=["clientId"];class _{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,D.set("clientId",t)}catch(t){throw new u("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){s.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new d("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r(r(r(r({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.identifier&&{identifier:t.identifier}),t.identifierType&&{identifier_type:t.identifierType}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new d("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new b(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new C(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new d("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new p("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new p("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:D.get("clientId");if(!e)throw new u("Missing clientId");return e}}var S,T,k,I;_.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(S||(S={})),exports.WebauthnCrossDeviceStatus=void 0,(T=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",T.Scanned="scanned",T.Success="success",T.Error="error",T.Timeout="timeout",T.Aborted="aborted",function(t){t.toAuthenticationError=t=>A(t)?t:"NotAllowedError"===t.name?new h:"OperationError"===t.name?new m(t.message):"SecurityError"===t.name?new d(t.message):t===o.AuthenticationAbortedTimeout?new f:"AbortError"===t.name||t===o.AutofillAuthenticationAborted?new g:new d("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>A(t)?t:"NotAllowedError"===t.name?new v:"SecurityError"===t.name?new p(t.message):"InvalidStateError"===t.name?new w:t===o.RegistrationAbortedTimeout?new f:new p("Something went wrong during registration",{error:t})}(k||(k={})),function(t){t.processCredentialRequestOptions=t=>r(r({},t),{},{challenge:n.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>r(r({},t),{},{id:n.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=n.base64ToArrayBuffer(t.challenge),a.user.id=n.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>r(r({},t),{},{id:n.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:n.arrayBufferToBase64(t.rawId),response:{authenticatorData:n.arrayBufferToBase64(i.authenticatorData),clientDataJSON:n.arrayBufferToBase64(i.clientDataJSON),signature:n.arrayBufferToBase64(i.signature),userHandle:n.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:n.arrayBufferToBase64(t.rawId),response:{attestationObject:n.arrayBufferToBase64(i.attestationObject),clientDataJSON:n.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(I||(I={}));class P{async modal(t){try{const e=await this.performAuthentication(r(r({},t),{},{mediationType:S.Modal}));return n.jsonToBase64(e)}catch(t){throw k.toAuthenticationError(t)}}activateAutofill(t){const{handlers:e,username:i}=t,{onSuccess:a,onError:r,onReady:s}=e;this.performAuthentication({username:i,mediationType:S.InputAutofill,onReady:s}).then((t=>{a(n.jsonToBase64(t))})).catch((t=>{const e=k.toAuthenticationError(t);if(!r)throw e;r(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(o.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(o.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await _.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await _.startAuthentication({username:t.username,identifier:t.identifier,identifierType:t.identifierType,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),r=a.credential_request_options,n=I.processCredentialRequestOptions(r),s=this.getMediatedCredentialRequest(n,t.mediationType);t.mediationType===S.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(s).catch((t=>{throw k.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:I.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===S.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class O{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const R=/^[A-Za-z0-9\-_.: ]*$/;function j(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>R.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw s.error("Failed validating approval data"),new y("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class x{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await _.initCrossDeviceAuthentication(r({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;j(i);const a=(await _.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t){return this.registrationHandler.register(t)}async attachDevice(t){const e=await _.attachDeviceToCrossDeviceSession({ticketId:t});return r({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new O((async()=>{var i,a;const r=await _.getCrossDeviceTicketStatus({ticketId:t}),n=r.status;if(n!==this.ticketStatus)switch(this.ticketStatus=n,n){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(r),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!r.session_id)throw new C("Cross device session is complete without returning session_id",r);await e.onCredentialAuthenticate(r.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class K{async register(t){var e,i,a;this.abortController=new AbortController;const s=r({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},t.options);try{const r="crossDeviceTicketId"in t?await _.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await _.startRegistration({username:t.username,displayName:(null===(e=t.options)||void 0===e?void 0:e.displayName)||t.username,timeout:null===(i=t.options)||void 0===i?void 0:i.timeout,limitSingleCredentialToDevice:null===(a=t.options)||void 0===a?void 0:a.limitSingleCredentialToDevice}),o=I.processCredentialCreationOptions(r.credential_creation_options,s);setTimeout((()=>{this.abortRegistration()}),o.timeout);const c=await this.registerCredential(o),l={webauthnSessionId:r.webauthn_session_id,publicKeyCredential:c,userAgent:navigator.userAgent};return n.jsonToBase64(l)}catch(t){throw k.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(o.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw k.toRegistrationError(t)}));return I.encodeRegistrationResult(e)}}class B{async modal(t){try{const e=await this.performApproval(t);return n.jsonToBase64(e)}catch(t){throw k.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&j(t.approvalData);const e="crossDeviceTicketId"in t?await _.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await _.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=I.processCredentialRequestOptions(i),r=await navigator.credentials.get({publicKey:a}).catch((t=>{throw k.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:I.encodeAuthenticationResult(r),userAgent:navigator.userAgent}}}class E{constructor(){this._initialized=!1,this._authenticationHandler=new P,this._registrationHandler=new K,this._approvalHandler=new B,this._crossDeviceHandler=new x(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async t=>(this.initCheck(),this._authenticationHandler.modal(t)),autofill:{activate:t=>(this.initCheck(),this._authenticationHandler.activateAutofill(t)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async t=>(this.initCheck(),this._approvalHandler.modal(t))},this.register=async t=>(this.initCheck(),this._registrationHandler.register(t)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async t=>(this.initCheck(),this._crossDeviceHandler.register(t)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=E.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=E.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=E.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t){const{clientId:e,options:i}=t;try{if(!e)throw new u("Invalid clientId",{clientId:e});if(i.webauthnApiPaths){const t=_.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(i.webauthnApiPaths),Object.keys(t)).length)throw new u("Invalid custom paths",{customApiPaths:i.webauthnApiPaths})}_.init(e,i),this._initialized=!0}catch(t){throw A(t)?t:new u("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),_.getDefaultPaths()}getApiPaths(){return this.initCheck(),_.getApiPaths()}initCheck(){if(!this._initialized)throw new u}}E.StaticPublicKeyCredential=window.PublicKeyCredential;const N=new t("webauthn"),H=new E;N.events.on(N.events.MODULE_INITIALIZED,(()=>{var t;const e=N.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;H.init({clientId:i,options:r({},a)})}));const W={modal:async t=>(H.initCheck(),H.authenticate.modal(t)),autofill:{activate:t=>{H.initCheck(),H.authenticate.autofill.activate(t)},abort:()=>{H.initCheck(),H.authenticate.autofill.abort()}}},q={modal:async t=>(H.initCheck(),H.approve.modal(t))};async function F(t){return H.initCheck(),H.register(t)}const{crossDevice:M}=H,{isPlatformAuthenticatorSupported:z}=H,{isAutofillSupported:J}=H,{getDefaultPaths:$}=H;window.localWebAuthnSDK=H;var U=Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:q,authenticate:W,crossDevice:M,getDefaultPaths:$,isAutofillSupported:J,isPlatformAuthenticatorSupported:z,register:F});const V={initialize:e.initialize,...U};Object.defineProperty(exports,"initialize",{enumerable:!0,get:function(){return e.initialize}}),exports.PACKAGE_VERSION="2.3.2-beta-25104222190.0",exports.approve=q,exports.authenticate=W,exports.crossDevice=M,exports.getDefaultPaths=$,exports.isAutofillSupported=J,exports.isPlatformAuthenticatorSupported=z,exports.register=F,exports.webauthn=V;
|
|
1
|
+
"undefined"==typeof globalThis&&("undefined"!=typeof window?(window.globalThis=window,window.global=window):"undefined"!=typeof self&&(self.globalThis=self,self.global=self));var t=require("./common.cjs"),e=require("./common.cjs");function i(t,e,i){return(e=function(t){var e=function(t,e){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var a=i.call(t,e||"default");if("object"!=typeof a)return a;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===e?String:Number)(t)}(t,"string");return"symbol"==typeof e?e:e+""}(e))in t?Object.defineProperty(t,e,{value:i,enumerable:!0,configurable:!0,writable:!0}):t[e]=i,t}function a(t,e){var i=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),i.push.apply(i,a)}return i}function r(t){for(var e=1;e<arguments.length;e++){var r=null!=arguments[e]?arguments[e]:{};e%2?a(Object(r),!0).forEach((function(e){i(t,e,r[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(r)):a(Object(r)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(r,e))}))}return t}class n{static arrayBufferToBase64(t){return btoa(String.fromCharCode(...new Uint8Array(t)))}static base64ToArrayBuffer(t){return Uint8Array.from(atob(t),(t=>t.charCodeAt(0)))}static stringToBase64(t){return btoa(t)}static jsonToBase64(t){const e=JSON.stringify(t);return btoa(e)}static base64ToJson(t){const e=atob(t);return JSON.parse(e)}}const s={log:console.log,error:console.error};var o,c;!function(t){t.NotInitialized="not_initialized",t.AuthenticationFailed="authentication_failed",t.AuthenticationAbortedTimeout="authentication_aborted_timeout",t.AuthenticationCanceled="webauthn_authentication_canceled",t.RegistrationFailed="registration_failed",t.AlreadyRegistered="username_already_registered",t.RegistrationAbortedTimeout="registration_aborted_timeout",t.RegistrationCanceled="webauthn_registration_canceled",t.AutofillAuthenticationAborted="autofill_authentication_aborted",t.AuthenticationProcessAlreadyActive="authentication_process_already_active",t.InvalidApprovalData="invalid_approval_data",t.FailedToInitCrossDeviceSession="cross_device_init_failed",t.FailedToGetCrossDeviceStatus="cross_device_status_failed",t.Unknown="unknown"}(o||(o={}));class l extends Error{constructor(t,e){super(t),this.errorCode=o.NotInitialized,this.data=e}}class u extends l{constructor(t,e){super(null!=t?t:"WebAuthnSdk is not initialized",e),this.errorCode=o.NotInitialized}}class d extends l{constructor(t,e){super(null!=t?t:"Authentication failed with an error",e),this.errorCode=o.AuthenticationFailed}}class h extends l{constructor(t,e){super(null!=t?t:"Authentication was canceled by the user or got timeout",e),this.errorCode=o.AuthenticationCanceled}}class p extends l{constructor(t,e){super(null!=t?t:"Registration failed with an error",e),this.errorCode=o.RegistrationFailed}}class v extends l{constructor(t,e){super(null!=t?t:"Registration was canceled by the user or got timeout",e),this.errorCode=o.RegistrationCanceled}}class g extends l{constructor(t){super(null!=t?t:"Autofill flow was aborted"),this.errorCode=o.AutofillAuthenticationAborted}}class f extends l{constructor(t){super(null!=t?t:"Operation was aborted by timeout"),this.errorCode=o.AutofillAuthenticationAborted}}class m extends l{constructor(t){super(null!=t?t:"Passkey with this username is already registered with the relying party."),this.errorCode=o.AlreadyRegistered}}class w extends l{constructor(t,e){super(null!=t?t:"Authentication process is already active",e),this.errorCode=o.AuthenticationProcessAlreadyActive}}class y extends l{constructor(t,e){super(null!=t?t:"Invalid approval data",e),this.errorCode=o.InvalidApprovalData}}class b extends l{constructor(t,e){super(null!=t?t:"Failed to init cross device authentication",e),this.errorCode=o.FailedToInitCrossDeviceSession}}class C extends l{constructor(t,e){super(null!=t?t:"Failed to get cross device status",e),this.errorCode=o.FailedToGetCrossDeviceStatus}}function A(t){return t.errorCode&&Object.values(o).includes(t.errorCode)}!function(t){t[t.persistent=0]="persistent",t[t.session=1]="session"}(c||(c={}));class D{static get(t){return D.getStorageMedium(D.allowedKeys[t]).getItem(D.getStorageKey(t))||void 0}static set(t,e){return D.getStorageMedium(D.allowedKeys[t]).setItem(D.getStorageKey(t),e)}static remove(t){D.getStorageMedium(D.allowedKeys[t]).removeItem(D.getStorageKey(t))}static clear(t){for(const[e,i]of Object.entries(D.allowedKeys)){const a=e;t&&this.configurationKeys.includes(a)||D.getStorageMedium(i).removeItem(D.getStorageKey(a))}}static getStorageKey(t){return`WebAuthnSdk:${t}`}static getStorageMedium(t){return t===c.session?sessionStorage:localStorage}}D.allowedKeys={clientId:c.session},D.configurationKeys=["clientId"];class _{static isNewApiDomain(t){return t&&(this.newApiDomains.includes(t)||t.startsWith("api.")&&t.endsWith(".transmitsecurity.io")||t.startsWith("api.")&&t.endsWith(".idsec-dev.com"))}static dnsPrefetch(t){const e=document.createElement("link");e.rel="dns-prefetch",e.href=t,document.head.appendChild(e)}static preconnect(t,e){const i=document.createElement("link");i.rel="preconnect",i.href=t,e&&(i.crossOrigin="anonymous"),document.head.appendChild(i)}static warmupConnection(t){this.dnsPrefetch(t),this.preconnect(t,!1),this.preconnect(t,!0)}static init(t,e){var i,a;try{this._serverPath=new URL(e.serverPath),this.isNewApiDomain(null===(i=this._serverPath)||void 0===i?void 0:i.hostname)&&this.warmupConnection(this._serverPath.origin),this._apiPaths=null!==(a=e.webauthnApiPaths)&&void 0!==a?a:this.getDefaultPaths(),this._clientId=t,D.set("clientId",t)}catch(t){throw new u("Invalid options.serverPath",{error:t})}}static getDefaultPaths(){var t;const e=this.isNewApiDomain(null===(t=this._serverPath)||void 0===t?void 0:t.hostname)?"/cis":"";return{startAuthentication:`${e}/v1/auth/webauthn/authenticate/start`,startRegistration:`${e}/v1/auth/webauthn/register/start`,initCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/init`,startCrossDeviceAuthentication:`${e}/v1/auth/webauthn/cross-device/authenticate/start`,startCrossDeviceRegistration:`${e}/v1/auth/webauthn/cross-device/register/start`,getCrossDeviceTicketStatus:`${e}/v1/auth/webauthn/cross-device/status`,attachDeviceToCrossDeviceSession:`${e}/v1/auth/webauthn/cross-device/attach-device`}}static getApiPaths(){return this._apiPaths}static async sendRequest(t,e,i){s.log(`[WebAuthn SDK] Calling ${e.method} ${t}...`);const a=new URL(this._serverPath);return a.pathname=t,i&&(a.search=i),fetch(a.toString(),e)}static async startRegistration(t){const e=await this.sendRequest(this._apiPaths.startRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r({client_id:this.getValidatedClientId(),username:t.username,display_name:t.displayName},t.timeout&&{timeout:t.timeout}),t.limitSingleCredentialToDevice&&{limit_single_credential_to_device:t.limitSingleCredentialToDevice}))});if(!(null==e?void 0:e.ok))throw new d("Failed to start registration",null==e?void 0:e.body);return await e.json()}static async startAuthentication(t){const e=await this.sendRequest(this._apiPaths.startAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r(r(r(r({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.identifier&&{identifier:t.identifier}),t.identifierType&&{identifier_type:t.identifierType}),t.approvalData&&{approval_data:t.approvalData}),t.timeout&&{timeout:t.timeout}))});if(!(null==e?void 0:e.ok))throw new d("Failed to start authentication",null==e?void 0:e.body);return await e.json()}static async initCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.initCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r(r({client_id:this.getValidatedClientId()},t.username&&{username:t.username}),t.approvalData&&{approval_data:t.approvalData}))});if(!(null==e?void 0:e.ok))throw new b(void 0,null==e?void 0:e.body);return await e.json()}static async getCrossDeviceTicketStatus(t){const e=await this.sendRequest(this._apiPaths.getCrossDeviceTicketStatus,{method:"GET"},`cross_device_ticket_id=${t.ticketId}`);if(!(null==e?void 0:e.ok))throw new C(void 0,null==e?void 0:e.body);return await e.json()}static async startCrossDeviceAuthentication(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceAuthentication,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new d("Failed to start cross device authentication",null==e?void 0:e.body);return await e.json()}static async startCrossDeviceRegistration(t){const e=await this.sendRequest(this._apiPaths.startCrossDeviceRegistration,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new p("Failed to start cross device registration",null==e?void 0:e.body);return await e.json()}static async attachDeviceToCrossDeviceSession(t){const e=await this.sendRequest(this._apiPaths.attachDeviceToCrossDeviceSession,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({cross_device_ticket_id:t.ticketId})});if(!(null==e?void 0:e.ok))throw new p("Failed to attach device to cross device session",null==e?void 0:e.body);return await e.json()}static getValidatedClientId(){var t;const e=null!==(t=this._clientId)&&void 0!==t?t:D.get("clientId");if(!e)throw new u("Missing clientId");return e}}var S,T,k,I;_.newApiDomains=["api.idsec-dev.com","api.idsec-stg.com"],function(t){t.InputAutofill="input-autofill",t.Modal="modal"}(S||(S={})),exports.WebauthnCrossDeviceStatus=void 0,(T=exports.WebauthnCrossDeviceStatus||(exports.WebauthnCrossDeviceStatus={})).Pending="pending",T.Scanned="scanned",T.Success="success",T.Error="error",T.Timeout="timeout",T.Aborted="aborted",function(t){t.toAuthenticationError=t=>A(t)?t:"NotAllowedError"===t.name?new h:"OperationError"===t.name?new w(t.message):"SecurityError"===t.name?new d(t.message):t===o.AuthenticationAbortedTimeout?new f:"AbortError"===t.name||t===o.AutofillAuthenticationAborted?new g:new d("Something went wrong during authentication",{error:t}),t.toRegistrationError=t=>A(t)?t:"NotAllowedError"===t.name?new v:"SecurityError"===t.name?new p(t.message):"InvalidStateError"===t.name?new m:t===o.RegistrationAbortedTimeout?new f:new p("Something went wrong during registration",{error:t})}(k||(k={})),function(t){t.processCredentialRequestOptions=t=>r(r({},t),{},{challenge:n.base64ToArrayBuffer(t.challenge),allowCredentials:t.allowCredentials.map((t=>r(r({},t),{},{id:n.base64ToArrayBuffer(t.id)})))}),t.processCredentialCreationOptions=(t,e)=>{var i;const a=JSON.parse(JSON.stringify(t));return a.challenge=n.base64ToArrayBuffer(t.challenge),a.user.id=n.base64ToArrayBuffer(t.user.id),(null==e?void 0:e.limitSingleCredentialToDevice)&&(a.excludeCredentials=null===(i=t.excludeCredentials)||void 0===i?void 0:i.map((t=>r(r({},t),{},{id:n.base64ToArrayBuffer(t.id)})))),(null==e?void 0:e.registerAsDiscoverable)?(a.authenticatorSelection.residentKey="preferred",a.authenticatorSelection.requireResidentKey=!0):(a.authenticatorSelection.residentKey="discouraged",a.authenticatorSelection.requireResidentKey=!1),a.authenticatorSelection.authenticatorAttachment=(null==e?void 0:e.allowCrossPlatformAuthenticators)?void 0:"platform",a},t.encodeAuthenticationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:n.arrayBufferToBase64(t.rawId),response:{authenticatorData:n.arrayBufferToBase64(i.authenticatorData),clientDataJSON:n.arrayBufferToBase64(i.clientDataJSON),signature:n.arrayBufferToBase64(i.signature),userHandle:n.arrayBufferToBase64(i.userHandle)},authenticatorAttachment:e,type:t.type}},t.encodeRegistrationResult=t=>{const{authenticatorAttachment:e}=t,i=t.response;return{id:t.id,rawId:n.arrayBufferToBase64(t.rawId),response:{attestationObject:n.arrayBufferToBase64(i.attestationObject),clientDataJSON:n.arrayBufferToBase64(i.clientDataJSON)},authenticatorAttachment:e,type:t.type}}}(I||(I={}));class P{async modal(t){try{const e=await this.performAuthentication(r(r({},t),{},{mediationType:S.Modal}));return n.jsonToBase64(e)}catch(t){throw k.toAuthenticationError(t)}}activateAutofill(t){const{handlers:e,username:i}=t,{onSuccess:a,onError:r,onReady:s}=e;this.performAuthentication({username:i,mediationType:S.InputAutofill,onReady:s}).then((t=>{a(n.jsonToBase64(t))})).catch((t=>{const e=k.toAuthenticationError(t);if(!r)throw e;r(e)}))}abortAutofill(){this.abortController&&this.abortController.abort(o.AutofillAuthenticationAborted)}abortAuthentication(){this.abortController&&this.abortController.abort(o.AuthenticationAbortedTimeout)}async performAuthentication(t){var e,i;const a="crossDeviceTicketId"in t?await _.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await _.startAuthentication({username:t.username,identifier:t.identifier,identifierType:t.identifierType,timeout:null===(e=t.options)||void 0===e?void 0:e.timeout}),r=a.credential_request_options,n=I.processCredentialRequestOptions(r),s=this.getMediatedCredentialRequest(n,t.mediationType);t.mediationType===S.InputAutofill&&(null===(i=t.onReady)||void 0===i||i.call(t));const o=await navigator.credentials.get(s).catch((t=>{throw k.toAuthenticationError(t)}));return{webauthnSessionId:a.webauthn_session_id,publicKeyCredential:I.encodeAuthenticationResult(o),userAgent:navigator.userAgent}}getMediatedCredentialRequest(t,e){const i={publicKey:t};return this.abortController=new AbortController,i.signal=this.abortController&&this.abortController.signal,e===S.InputAutofill?i.mediation="conditional":t.timeout&&setTimeout((()=>{this.abortAuthentication()}),t.timeout),i}}class O{constructor(t,e){this.handler=t,this.intervalInMs=e}begin(){var t;this.intervalId=window.setInterval((t=this.handler,async function(){t.isRunning||(t.isRunning=!0,await t(...arguments),t.isRunning=!1)}),this.intervalInMs)}stop(){clearInterval(this.intervalId)}}const R=/^[A-Za-z0-9\-_.: ]*$/;function j(t){if(t&&(!function(t){return Object.keys(t).length<=10}(t)||!function(t){const e=t=>"string"==typeof t,i=t=>R.test(t);return Object.keys(t).every((a=>e(a)&&e(t[a])&&i(a)&&i(t[a])))}(t)))throw s.error("Failed validating approval data"),new y("Provided approval data should have 10 properties max. Also, it should contain only \n alphanumeric characters, numbers, and the special characters: '-', '_', '.'")}class x{constructor(t,e,i){this.authenticationHandler=t,this.registrationHandler=e,this.approvalHandler=i,this.init={registration:async t=>(this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(t.crossDeviceTicketId,t.handlers)),authentication:async t=>{const{username:e}=t,i=(await _.initCrossDeviceAuthentication(r({},e&&{username:e}))).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(i,t.handlers)},approval:async t=>{const{username:e,approvalData:i}=t;j(i);const a=(await _.initCrossDeviceAuthentication({username:e,approvalData:i})).cross_device_ticket_id;return this.ticketStatus=exports.WebauthnCrossDeviceStatus.Pending,this.pollCrossDeviceSession(a,t.handlers)}},this.authenticate={modal:async t=>this.authenticationHandler.modal({crossDeviceTicketId:t})},this.approve={modal:async t=>this.approvalHandler.modal({crossDeviceTicketId:t})}}async register(t){return this.registrationHandler.register(t)}async attachDevice(t){const e=await _.attachDeviceToCrossDeviceSession({ticketId:t});return r({status:e.status,startedAt:e.started_at},e.approval_data&&{approvalData:e.approval_data})}async pollCrossDeviceSession(t,e){return this.poller=new O((async()=>{var i,a;const r=await _.getCrossDeviceTicketStatus({ticketId:t}),n=r.status;if(n!==this.ticketStatus)switch(this.ticketStatus=n,n){case exports.WebauthnCrossDeviceStatus.Scanned:await e.onDeviceAttach();break;case exports.WebauthnCrossDeviceStatus.Error:case exports.WebauthnCrossDeviceStatus.Timeout:case exports.WebauthnCrossDeviceStatus.Aborted:await e.onFailure(r),null===(i=this.poller)||void 0===i||i.stop();break;case exports.WebauthnCrossDeviceStatus.Success:if("onCredentialRegister"in e)await e.onCredentialRegister();else{if(!r.session_id)throw new C("Cross device session is complete without returning session_id",r);await e.onCredentialAuthenticate(r.session_id)}null===(a=this.poller)||void 0===a||a.stop()}}),1e3),this.poller.begin(),setTimeout((()=>{var t;null===(t=this.poller)||void 0===t||t.stop(),e.onFailure({status:exports.WebauthnCrossDeviceStatus.Timeout})}),3e5),{crossDeviceTicketId:t,stop:()=>{var t;null===(t=this.poller)||void 0===t||t.stop()}}}}class K{async register(t){var e,i,a;this.abortController=new AbortController;const s=r({allowCrossPlatformAuthenticators:!("crossDeviceTicketId"in t),registerAsDiscoverable:!0},t.options);try{const r="crossDeviceTicketId"in t?await _.startCrossDeviceRegistration({ticketId:t.crossDeviceTicketId}):await _.startRegistration({username:t.username,displayName:(null===(e=t.options)||void 0===e?void 0:e.displayName)||t.username,timeout:null===(i=t.options)||void 0===i?void 0:i.timeout,limitSingleCredentialToDevice:null===(a=t.options)||void 0===a?void 0:a.limitSingleCredentialToDevice}),o=I.processCredentialCreationOptions(r.credential_creation_options,s);setTimeout((()=>{this.abortRegistration()}),o.timeout);const c=await this.registerCredential(o),l={webauthnSessionId:r.webauthn_session_id,publicKeyCredential:c,userAgent:navigator.userAgent};return n.jsonToBase64(l)}catch(t){throw k.toRegistrationError(t)}}abortRegistration(){this.abortController&&this.abortController.abort(o.RegistrationAbortedTimeout)}async registerCredential(t){const e=await navigator.credentials.create({publicKey:t,signal:this.abortController&&this.abortController.signal}).catch((t=>{throw k.toRegistrationError(t)}));return I.encodeRegistrationResult(e)}}class B{async modal(t){try{const e=await this.performApproval(t);return n.jsonToBase64(e)}catch(t){throw k.toAuthenticationError(t)}}async performApproval(t){"approvalData"in t&&j(t.approvalData);const e="crossDeviceTicketId"in t?await _.startCrossDeviceAuthentication({ticketId:t.crossDeviceTicketId}):await _.startAuthentication({username:t.username,approvalData:t.approvalData}),i=e.credential_request_options,a=I.processCredentialRequestOptions(i),r=await navigator.credentials.get({publicKey:a}).catch((t=>{throw k.toAuthenticationError(t)}));return{webauthnSessionId:e.webauthn_session_id,publicKeyCredential:I.encodeAuthenticationResult(r),userAgent:navigator.userAgent}}}class E{constructor(){this._initialized=!1,this._authenticationHandler=new P,this._registrationHandler=new K,this._approvalHandler=new B,this._crossDeviceHandler=new x(this._authenticationHandler,this._registrationHandler,this._approvalHandler),this.authenticate={modal:async t=>(this.initCheck(),this._authenticationHandler.modal(t)),autofill:{activate:t=>(this.initCheck(),this._authenticationHandler.activateAutofill(t)),abort:()=>this._authenticationHandler.abortAutofill()}},this.approve={modal:async t=>(this.initCheck(),this._approvalHandler.modal(t))},this.register=async t=>(this.initCheck(),this._registrationHandler.register(t)),this.crossDevice={init:{registration:async t=>(this.initCheck(),this._crossDeviceHandler.init.registration(t)),authentication:async t=>(this.initCheck(),this._crossDeviceHandler.init.authentication(t)),approval:async t=>(this.initCheck(),this._crossDeviceHandler.init.approval(t))},authenticate:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.authenticate.modal(t))},approve:{modal:async t=>(this.initCheck(),this._crossDeviceHandler.approve.modal(t))},register:async t=>(this.initCheck(),this._crossDeviceHandler.register(t)),attachDevice:async t=>(this.initCheck(),this._crossDeviceHandler.attachDevice(t))},this.isPlatformAuthenticatorSupported=async()=>{var t;try{return await(null===(t=E.StaticPublicKeyCredential)||void 0===t?void 0:t.isUserVerifyingPlatformAuthenticatorAvailable())}catch(t){return!1}},this.isAutofillSupported=async()=>{var t,e;return!(!(null===(t=E.StaticPublicKeyCredential)||void 0===t?void 0:t.isConditionalMediationAvailable)||!await(null===(e=E.StaticPublicKeyCredential)||void 0===e?void 0:e.isConditionalMediationAvailable()))}}async init(t){const{clientId:e,options:i}=t;try{if(!e)throw new u("Invalid clientId",{clientId:e});if(i.webauthnApiPaths){const t=_.getDefaultPaths();if(function(t,e){const i=new Set(t),a=new Set(e);return[...t.filter((t=>!a.has(t))),...e.filter((t=>!i.has(t)))]}(Object.keys(i.webauthnApiPaths),Object.keys(t)).length)throw new u("Invalid custom paths",{customApiPaths:i.webauthnApiPaths})}_.init(e,i),this._initialized=!0}catch(t){throw A(t)?t:new u("Failed to initialize SDK")}}getDefaultPaths(){return this.initCheck(),_.getDefaultPaths()}getApiPaths(){return this.initCheck(),_.getApiPaths()}initCheck(){if(!this._initialized)throw new u}}E.StaticPublicKeyCredential=window.PublicKeyCredential;const N=new t("webauthn"),H=new E;N.events.on(N.events.MODULE_INITIALIZED,(()=>{var t;const e=N.moduleMetadata.getInitConfig();if(!(null===(t=null==e?void 0:e.webauthn)||void 0===t?void 0:t.serverPath))return;const{clientId:i,webauthn:a}=e;H.init({clientId:i,options:r({},a)})}));const W={modal:async t=>(H.initCheck(),H.authenticate.modal(t)),autofill:{activate:t=>{H.initCheck(),H.authenticate.autofill.activate(t)},abort:()=>{H.initCheck(),H.authenticate.autofill.abort()}}},q={modal:async t=>(H.initCheck(),H.approve.modal(t))};async function F(t){return H.initCheck(),H.register(t)}const{crossDevice:M}=H,{isPlatformAuthenticatorSupported:z}=H,{isAutofillSupported:J}=H,{getDefaultPaths:$}=H;window.localWebAuthnSDK=H;var U=Object.freeze({__proto__:null,get WebauthnCrossDeviceStatus(){return exports.WebauthnCrossDeviceStatus},approve:q,authenticate:W,crossDevice:M,getDefaultPaths:$,isAutofillSupported:J,isPlatformAuthenticatorSupported:z,register:F});const V={initialize:e.initialize,...U};Object.defineProperty(exports,"initialize",{enumerable:!0,get:function(){return e.initialize}}),exports.PACKAGE_VERSION="2.4.0",exports.approve=q,exports.authenticate=W,exports.crossDevice=M,exports.getDefaultPaths=$,exports.isAutofillSupported=J,exports.isPlatformAuthenticatorSupported=z,exports.register=F,exports.webauthn=V;
|