electron-webauthn 0.0.15 → 0.0.17

package/dist/create/handler.d.ts

@@ -1,33 +1,41 @@
-import { type PRFInput } from "../helpers/prf.js";
-import { type PublicKeyCredentialParams } from "./authorization-controller.js";
-export interface CreateCredentialResult {
-    credentialId: Buffer;
-    clientDataJSON: Buffer;
-    attestationObject: Buffer;
-    authenticatorData: Buffer;
-    attachment: AuthenticatorAttachment;
-    transports: string[];
-    isResidentKey: boolean;
+export interface CreateCredentialSuccessData {
+    credentialId: string;
+    clientDataJSON: string;
+    attestationObject: string;
+    authData: string;
+    publicKey: string;
     publicKeyAlgorithm: number;
-    publicKey: Buffer;
-    isLargeBlobSupported: boolean | null;
-    isPRFSupported: boolean | null;
-    prfFirst: Buffer | null;
-    prfSecond: Buffer | null;
+    transports: string[];
+    extensions: {
+        credProps?: {
+            rk: boolean;
+        };
+        prf?: {
+            enabled?: boolean;
+            results: {
+                first?: string;
+                second?: string;
+            };
+        };
+        largeBlob?: {
+            supported?: boolean;
+        };
+    };
+}
+interface WebauthnCreateRequestOptions {
+    currentOrigin: string;
+    topFrameOrigin: string | undefined;
+    isPublicSuffix?: (domain: string) => boolean;
+    nativeWindowHandle: Buffer;
 }
-type CredentialUserVerificationPreference = "required" | "preferred" | "discouraged";
-type CredentialAttestationPreference = "direct" | "enterprise" | "indirect" | "none";
-declare const VALID_EXTENSIONS: readonly ["largeBlob", "prf"];
-export type CredentialCreationExtensions = (typeof VALID_EXTENSIONS)[number];
-interface CreateCredentialAdditionalOptions {
-    topFrameOrigin?: string;
-    userDisplayName?: string;
-    largeBlobSupport?: "required" | "preferred" | "unspecified";
-    prf?: PRFInput;
+interface CreateCredentialSuccessResult {
+    success: true;
+    data: CreateCredentialSuccessData;
 }
-export interface ExcludeCredential {
-    id: Buffer;
-    transports?: string[];
+interface CreateCredentialErrorResult {
+    success: false;
+    error: "TypeError" | "AbortError" | "NotAllowedError" | "SecurityError" | "InvalidStateError";
 }
-declare function createCredential(rpid: string, challenge: Buffer, username: string, userID: Buffer, nativeWindowHandle: Buffer, origin: string, enabledExtensions: CredentialCreationExtensions[], attestation: CredentialAttestationPreference, supportedAlgorithmIdentifiers: PublicKeyCredentialParams[], excludeCredentials: ExcludeCredential[], residentKeyRequired?: boolean, userVerification?: CredentialUserVerificationPreference, additionalOptions?: CreateCredentialAdditionalOptions): Promise<CreateCredentialResult>;
-export { createCredential };
+export type CreateCredentialResult = CreateCredentialSuccessResult | CreateCredentialErrorResult;
+export declare function createCredential(publicKeyOptions: PublicKeyCredentialCreationOptions | undefined, additionalOptions: WebauthnCreateRequestOptions): Promise<CreateCredentialResult>;
+export {};

package/dist/create/handler.js

@@ -1,154 +1,206 @@
-import { generateClientDataInfo } from "../helpers/client-data.js";
-import { generateWebauthnClientData } from "../helpers/client-data.js";
-import { PromiseWithResolvers } from "../helpers/index.js";
-import { encodeEC2PublicKeyToSPKI } from "../helpers/public-key.js";
-import { createPresentationContextProviderFromNativeWindowHandle } from "../helpers/presentation.js";
-import { createPRFInput } from "../helpers/prf.js";
-import { createAuthorizationControllerDelegate } from "../objc/authentication-services/as-authorization-controller-delegate.js";
-import { createPlatformPublicKeyCredentialProvider } from "../objc/authentication-services/as-authorization-platform-public-key-credential-provider.js";
-import { createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput } from "../objc/authentication-services/as-authorization-public-key-credential-large-blob-registration-input.js";
-import { ASAuthorizationPublicKeyCredentialPRFRegistrationInput, createASAuthorizationPublicKeyCredentialPRFRegistrationInput, } from "../objc/authentication-services/as-authorization-public-key-credential-prf-registration-input.js";
-import { ASAuthorizationPublicKeyCredentialAttestationKind } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attestation-kind.js";
-import { ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement } from "../objc/authentication-services/enums/as-authorization-public-key-credential-large-blob-support-requirement.js";
-import { ASAuthorizationPublicKeyCredentialUserVerificationPreference } from "../objc/authentication-services/enums/as-authorization-public-key-credential-user-verification-preference.js";
-import { NSArrayFromObjects } from "../objc/foundation/nsarray.js";
-import { bufferFromNSDataDirect, NSDataFromBuffer, } from "../objc/foundation/nsdata.js";
-import { NSStringFromString } from "../objc/foundation/nsstring.js";
-import { removeControllerState, setControllerState, WebauthnCreateController, } from "./authorization-controller.js";
-import { parseAttestationObject } from "@oslojs/webauthn";
-import { ASAuthorizationPublicKeyCredentialAttachment } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attachment.js";
-const VALID_EXTENSIONS = ["largeBlob", "prf"];
-function createCredential(rpid, challenge, username, userID, nativeWindowHandle, origin, enabledExtensions, attestation = "none", supportedAlgorithmIdentifiers, excludeCredentials, residentKeyRequired = false, userVerification = "preferred", additionalOptions = {}) {
-    const { promise, resolve, reject } = PromiseWithResolvers();
-    const NS_rpID = NSStringFromString(rpid);
-    const NS_challenge = NSDataFromBuffer(challenge);
-    const NS_username = NSStringFromString(username);
-    const NS_userID = NSDataFromBuffer(userID);
-    const platformProvider = createPlatformPublicKeyCredentialProvider(NS_rpID);
-    const platformKeyRequest = platformProvider.createCredentialRegistrationRequestWithChallenge$name$userID$(NS_challenge, NS_username, NS_userID);
-    if (enabledExtensions.includes("largeBlob")) {
-        let supportMode;
-        const largeBlobSupport = additionalOptions.largeBlobSupport;
-        if (largeBlobSupport === "required") {
-            supportMode =
-                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Required;
+import { bufferSourceToBuffer, bufferToBase64Url } from "../helpers/index.js";
+import { isRpIdAllowedForOrigin } from "../helpers/rpid.js";
+import { isNumber, isObject, isString } from "../helpers/validation.js";
+import { createCredentialInternal, } from "./internal-handler.js";
+function getExtensionsConfiguration(extensionsData) {
+    if (!(extensionsData && typeof extensionsData === "object")) {
+        return {
+            extensions: [],
+        };
+    }
+    const extensions = [];
+    let largeBlobSupport;
+    if (isObject(extensionsData.largeBlob)) {
+        extensions.push("largeBlob");
+        const largeBlobConfig = extensionsData.largeBlob;
+        if (largeBlobConfig.support === "required") {
+            largeBlobSupport = "required";
+        }
+        else if (largeBlobConfig.support === "preferred") {
+            largeBlobSupport = "preferred";
+        }
+    }
+    let prf;
+    if (isObject(extensionsData.prf)) {
+        const prfEval = extensionsData.prf.eval;
+        if (prfEval) {
+            const first = bufferSourceToBuffer(prfEval.first);
+            const second = bufferSourceToBuffer(prfEval.second);
+            if (first) {
+                prf = {
+                    first: first ? first : null,
+                    second: second ? second : undefined,
+                };
+            }
+            else {
+                console.warn("[electron-webauthn] prf is enabled but prf.first is not valid, skipping PRF evaluation");
+            }
         }
-        else if (largeBlobSupport === "preferred") {
-            supportMode =
-                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Preferred;
+    }
+    return {
+        extensions,
+        largeBlobSupport,
+        prf,
+    };
+}
+export async function createCredential(publicKeyOptions, additionalOptions) {
+    if (!publicKeyOptions) {
+        return null;
+    }
+    const rpInfo = publicKeyOptions.rp;
+    if (!isObject(rpInfo)) {
+        return { success: false, error: "TypeError" };
+    }
+    let rpId = rpInfo.id;
+    if (!rpId) {
+        try {
+            const url = new URL(additionalOptions.currentOrigin);
+            rpId = url.hostname;
+        }
+        catch { }
+    }
+    if (!isString(rpId)) {
+        return { success: false, error: "TypeError" };
+    }
+    let timeout = publicKeyOptions.timeout;
+    if (!isNumber(timeout) || timeout <= 0) {
+        timeout = 10 * 60 * 1000;
+    }
+    else if (timeout > 60 * 60 * 1000) {
+        timeout = 60 * 60 * 1000;
+    }
+    const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
+    if (!challenge) {
+        return { success: false, error: "TypeError" };
+    }
+    if (!isObject(publicKeyOptions.user)) {
+        return { success: false, error: "TypeError" };
+    }
+    const userName = publicKeyOptions.user.name;
+    const userDisplayName = publicKeyOptions.user.displayName;
+    if (!isString(userName) || !isString(userDisplayName)) {
+        return { success: false, error: "TypeError" };
+    }
+    const userID = bufferSourceToBuffer(publicKeyOptions.user.id);
+    if (!userID) {
+        return { success: false, error: "TypeError" };
+    }
+    const attestationPreference = publicKeyOptions.attestation;
+    if (attestationPreference && !isString(attestationPreference)) {
+        return { success: false, error: "TypeError" };
+    }
+    const pubKeyCredParams = publicKeyOptions.pubKeyCredParams;
+    const supportedAlgorithmIdentifiers = [];
+    if (pubKeyCredParams) {
+        if (Array.isArray(pubKeyCredParams)) {
+            for (const param of pubKeyCredParams) {
+                if (!isObject(param))
+                    continue;
+                if (!isNumber(param.alg))
+                    continue;
+                supportedAlgorithmIdentifiers.push({
+                    type: "public-key",
+                    algorithm: param.alg,
+                });
+            }
         }
         else {
-            console.warn("[electron-webauthn] largeBlobSupport is enabled but largeBlobSupport is not provided, skipping large blob support");
+            return { success: false, error: "TypeError" };
         }
-        if (supportMode) {
-            const largeBlobInput = createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput(supportMode);
-            platformKeyRequest.setLargeBlob$(largeBlobInput);
+    }
+    const excludeCredentials = [];
+    if (publicKeyOptions.excludeCredentials &&
+        Array.isArray(publicKeyOptions.excludeCredentials)) {
+        for (const excludeCredential of publicKeyOptions.excludeCredentials) {
+            if (!isObject(excludeCredential))
+                continue;
+            if (excludeCredential.type !== "public-key")
+                continue;
+            const idBuffer = bufferSourceToBuffer(excludeCredential.id);
+            if (!idBuffer)
+                continue;
+            excludeCredentials.push({
+                id: idBuffer,
+                transports: excludeCredential.transports,
+            });
         }
     }
-    let attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.None;
-    platformKeyRequest.setAttestationPreference$(NSStringFromString(attestationPreference));
-    let userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Preferred;
-    if (userVerification === "required") {
-        userVerificationPreference =
-            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Required;
-    }
-    else if (userVerification === "discouraged") {
-        userVerificationPreference =
-            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Discouraged;
-    }
-    platformKeyRequest.setUserVerificationPreference$(NSStringFromString(userVerificationPreference));
-    if (additionalOptions.userDisplayName) {
-        const userDisplayName = NSStringFromString(additionalOptions.userDisplayName);
-        platformKeyRequest.setDisplayName$(userDisplayName);
-    }
-    if (enabledExtensions.includes("prf")) {
-        if (additionalOptions.prf) {
-            const inputValues = createPRFInput(additionalOptions.prf);
-            const prfInput = createASAuthorizationPublicKeyCredentialPRFRegistrationInput(inputValues);
-            platformKeyRequest.setPrf$(prfInput);
+    const { extensions, largeBlobSupport, prf } = getExtensionsConfiguration(publicKeyOptions.extensions);
+    let residentKeyRequired = false;
+    let userVerificationPreference = "preferred";
+    if (publicKeyOptions.authenticatorSelection) {
+        if (publicKeyOptions.authenticatorSelection.residentKey === "required") {
+            residentKeyRequired = true;
+        }
+        else if (publicKeyOptions.authenticatorSelection.requireResidentKey) {
+            residentKeyRequired = true;
+        }
+        const userVerifyParam = publicKeyOptions.authenticatorSelection.userVerification;
+        if (userVerifyParam === "required") {
+            userVerificationPreference = "required";
+        }
+        else if (userVerifyParam === "discouraged") {
+            userVerificationPreference = "discouraged";
         }
         else {
-            platformKeyRequest.setPrf$(ASAuthorizationPublicKeyCredentialPRFRegistrationInput.checkForSupport());
+            userVerificationPreference = "preferred";
         }
     }
-    const requestsArray = NSArrayFromObjects([platformKeyRequest]);
-    const authController = WebauthnCreateController.alloc().initWithAuthorizationRequests$(requestsArray);
-    const clientData = generateWebauthnClientData("webauthn.create", origin, challenge, additionalOptions.topFrameOrigin);
-    const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
-    setControllerState(authController, clientDataHash, supportedAlgorithmIdentifiers, residentKeyRequired, excludeCredentials);
-    const finished = (_success) => {
-        removeControllerState(authController);
-    };
-    const delegate = createAuthorizationControllerDelegate({
-        didCompleteWithAuthorization: (_, authorization) => {
-            const credential = authorization.credential();
-            console.log("Authorization succeeded:", credential);
-            const credentialIdBuffer = bufferFromNSDataDirect(credential.credentialID());
-            const attestationObjectBuffer = bufferFromNSDataDirect(credential.rawAttestationObject());
-            const attestation = parseAttestationObject(attestationObjectBuffer);
-            const publicKey = attestation.authenticatorData.credential.publicKey;
-            const ec2Key = publicKey.ec2();
-            const publicKeySPKI = encodeEC2PublicKeyToSPKI(ec2Key.x, ec2Key.y);
-            const authenticatorData = Buffer.from(JSON.stringify(attestation.authenticatorData));
-            let authenticatorAttachment = "platform";
-            if (credential.attachment() ===
-                ASAuthorizationPublicKeyCredentialAttachment.ASAuthorizationPublicKeyCredentialAttachmentCrossPlatform) {
-                authenticatorAttachment = "cross-platform";
-            }
-            let isLargeBlobSupported = null;
-            if (enabledExtensions.includes("largeBlob")) {
-                const largeBlobOutput = credential.largeBlob();
-                if (largeBlobOutput) {
-                    isLargeBlobSupported = largeBlobOutput.isSupported();
-                }
-            }
-            let prfFirst = null;
-            let prfSecond = null;
-            let isPRFSupported = null;
-            if (enabledExtensions.includes("prf")) {
-                const prfOutput = credential.prf();
-                if (prfOutput) {
-                    const prfFirstData = prfOutput.first();
-                    const prfSecondData = prfOutput.second();
-                    if (prfFirstData) {
-                        prfFirst = bufferFromNSDataDirect(prfFirstData);
-                    }
-                    if (prfSecondData) {
-                        prfSecond = bufferFromNSDataDirect(prfSecondData);
-                    }
-                    isPRFSupported = prfOutput.isSupported();
-                }
-            }
-            const data = {
-                credentialId: credentialIdBuffer,
-                clientDataJSON: clientDataBuffer,
-                attestationObject: attestationObjectBuffer,
-                authenticatorData,
-                attachment: authenticatorAttachment,
-                transports: ["hybrid", "internal"],
-                isResidentKey: true,
-                publicKeyAlgorithm: publicKey.algorithm(),
-                publicKey: publicKeySPKI,
-                isLargeBlobSupported,
-                isPRFSupported,
-                prfFirst,
-                prfSecond,
-            };
-            resolve(data);
-            finished(true);
-        },
-        didCompleteWithError: (_, error) => {
-            const parsedError = error;
-            const errorMessage = parsedError.localizedDescription().UTF8String();
-            console.error("Authorization failed:", errorMessage);
-            reject(new Error(errorMessage));
-            finished(false);
-        },
+    const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
+    const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
+        isPublicSuffix,
     });
-    authController.setDelegate$(delegate);
-    const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
-    authController.setPresentationContextProvider$(presentationContextProvider);
-    authController.performRequests();
-    return promise;
+    if (!isRpIdAllowed.ok) {
+        return { success: false, error: "NotAllowedError" };
+    }
+    const result = await createCredentialInternal(rpId, challenge, userName, userID, nativeWindowHandle, currentOrigin, extensions, attestationPreference, supportedAlgorithmIdentifiers, excludeCredentials, residentKeyRequired, userVerificationPreference, {
+        topFrameOrigin,
+        largeBlobSupport,
+        prf,
+    }).catch((error) => {
+        console.error("Error creating credential", error);
+        console.log("error.message", error.message);
+        if (error.message.includes("(com.apple.AuthenticationServices.AuthorizationError error 1006.)")) {
+            return "InvalidStateError";
+        }
+        if (error.message.startsWith("The operation couldn’t be completed.")) {
+            return "NotAllowedError";
+        }
+        return null;
+    });
+    if (typeof result === "string") {
+        return { success: false, error: result };
+    }
+    const data = {
+        credentialId: bufferToBase64Url(result.credentialId),
+        clientDataJSON: bufferToBase64Url(result.clientDataJSON),
+        attestationObject: bufferToBase64Url(result.attestationObject),
+        authData: bufferToBase64Url(result.authenticatorData),
+        publicKey: bufferToBase64Url(result.publicKey),
+        publicKeyAlgorithm: result.publicKeyAlgorithm,
+        transports: result.transports,
+        extensions: {},
+    };
+    if (publicKeyOptions.extensions?.credProps) {
+        data.extensions.credProps = {
+            rk: result.isResidentKey,
+        };
+    }
+    if (result.isLargeBlobSupported !== null) {
+        data.extensions.largeBlob = {
+            supported: result.isLargeBlobSupported,
+        };
+    }
+    if (result.isPRFSupported !== null) {
+        const prfFirst = result.prfFirst;
+        const prfSecond = result.prfSecond;
+        data.extensions.prf = {
+            enabled: result.isPRFSupported,
+            results: {
+                first: prfFirst ? bufferToBase64Url(prfFirst) : undefined,
+                second: prfSecond ? bufferToBase64Url(prfSecond) : undefined,
+            },
+        };
+    }
+    return { success: true, data };
 }
-export { createCredential };

package/dist/create/internal-handler.d.ts

@@ -0,0 +1,34 @@
+import { type PRFInput } from "../helpers/prf.js";
+import { type PublicKeyCredentialParams } from "./authorization-controller.js";
+export interface CreateCredentialResult {
+    credentialId: Buffer;
+    clientDataJSON: Buffer;
+    attestationObject: Buffer;
+    authenticatorData: Buffer;
+    attachment: AuthenticatorAttachment;
+    transports: string[];
+    isResidentKey: boolean;
+    publicKeyAlgorithm: number;
+    publicKey: Buffer;
+    isLargeBlobSupported: boolean | null;
+    isPRFSupported: boolean | null;
+    prfFirst: Buffer | null;
+    prfSecond: Buffer | null;
+}
+type CredentialUserVerificationPreference = "required" | "preferred" | "discouraged";
+type CredentialAttestationPreference = "direct" | "enterprise" | "indirect" | "none";
+declare const VALID_EXTENSIONS: readonly ["largeBlob", "prf"];
+export type CredentialCreationExtensions = (typeof VALID_EXTENSIONS)[number];
+export type LargeBlobSupport = "required" | "preferred" | "unspecified";
+interface CreateCredentialAdditionalOptions {
+    topFrameOrigin?: string;
+    userDisplayName?: string;
+    largeBlobSupport?: LargeBlobSupport;
+    prf?: PRFInput;
+}
+export interface ExcludeCredential {
+    id: Buffer;
+    transports?: string[];
+}
+declare function createCredentialInternal(rpid: string, challenge: Buffer, username: string, userID: Buffer, nativeWindowHandle: Buffer, origin: string, enabledExtensions: CredentialCreationExtensions[], attestation: CredentialAttestationPreference, supportedAlgorithmIdentifiers: PublicKeyCredentialParams[], excludeCredentials: ExcludeCredential[], residentKeyRequired?: boolean, userVerification?: CredentialUserVerificationPreference, additionalOptions?: CreateCredentialAdditionalOptions): Promise<CreateCredentialResult>;
+export { createCredentialInternal };

package/dist/create/internal-handler.js

@@ -0,0 +1,154 @@
+import { generateClientDataInfo } from "../helpers/client-data.js";
+import { generateWebauthnClientData } from "../helpers/client-data.js";
+import { PromiseWithResolvers } from "../helpers/index.js";
+import { encodeEC2PublicKeyToSPKI } from "../helpers/public-key.js";
+import { createPresentationContextProviderFromNativeWindowHandle } from "../helpers/presentation.js";
+import { createPRFInput } from "../helpers/prf.js";
+import { createAuthorizationControllerDelegate } from "../objc/authentication-services/as-authorization-controller-delegate.js";
+import { createPlatformPublicKeyCredentialProvider } from "../objc/authentication-services/as-authorization-platform-public-key-credential-provider.js";
+import { createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput } from "../objc/authentication-services/as-authorization-public-key-credential-large-blob-registration-input.js";
+import { ASAuthorizationPublicKeyCredentialPRFRegistrationInput, createASAuthorizationPublicKeyCredentialPRFRegistrationInput, } from "../objc/authentication-services/as-authorization-public-key-credential-prf-registration-input.js";
+import { ASAuthorizationPublicKeyCredentialAttestationKind } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attestation-kind.js";
+import { ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement } from "../objc/authentication-services/enums/as-authorization-public-key-credential-large-blob-support-requirement.js";
+import { ASAuthorizationPublicKeyCredentialUserVerificationPreference } from "../objc/authentication-services/enums/as-authorization-public-key-credential-user-verification-preference.js";
+import { NSArrayFromObjects } from "../objc/foundation/nsarray.js";
+import { bufferFromNSDataDirect, NSDataFromBuffer, } from "../objc/foundation/nsdata.js";
+import { NSStringFromString } from "../objc/foundation/nsstring.js";
+import { removeControllerState, setControllerState, WebauthnCreateController, } from "./authorization-controller.js";
+import { parseAttestationObject } from "@oslojs/webauthn";
+import { ASAuthorizationPublicKeyCredentialAttachment } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attachment.js";
+const VALID_EXTENSIONS = ["largeBlob", "prf"];
+function createCredentialInternal(rpid, challenge, username, userID, nativeWindowHandle, origin, enabledExtensions, attestation = "none", supportedAlgorithmIdentifiers = [], excludeCredentials, residentKeyRequired = false, userVerification = "preferred", additionalOptions = {}) {
+    const { promise, resolve, reject } = PromiseWithResolvers();
+    const NS_rpID = NSStringFromString(rpid);
+    const NS_challenge = NSDataFromBuffer(challenge);
+    const NS_username = NSStringFromString(username);
+    const NS_userID = NSDataFromBuffer(userID);
+    const platformProvider = createPlatformPublicKeyCredentialProvider(NS_rpID);
+    const platformKeyRequest = platformProvider.createCredentialRegistrationRequestWithChallenge$name$userID$(NS_challenge, NS_username, NS_userID);
+    if (enabledExtensions.includes("largeBlob")) {
+        let supportMode;
+        const largeBlobSupport = additionalOptions.largeBlobSupport;
+        if (largeBlobSupport === "required") {
+            supportMode =
+                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Required;
+        }
+        else if (largeBlobSupport === "preferred") {
+            supportMode =
+                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Preferred;
+        }
+        else {
+            console.warn("[electron-webauthn] largeBlobSupport is enabled but largeBlobSupport is not provided, skipping large blob support");
+        }
+        if (supportMode) {
+            const largeBlobInput = createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput(supportMode);
+            platformKeyRequest.setLargeBlob$(largeBlobInput);
+        }
+    }
+    let attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.None;
+    platformKeyRequest.setAttestationPreference$(NSStringFromString(attestationPreference));
+    let userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Preferred;
+    if (userVerification === "required") {
+        userVerificationPreference =
+            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Required;
+    }
+    else if (userVerification === "discouraged") {
+        userVerificationPreference =
+            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Discouraged;
+    }
+    platformKeyRequest.setUserVerificationPreference$(NSStringFromString(userVerificationPreference));
+    if (additionalOptions.userDisplayName) {
+        const userDisplayName = NSStringFromString(additionalOptions.userDisplayName);
+        platformKeyRequest.setDisplayName$(userDisplayName);
+    }
+    if (enabledExtensions.includes("prf")) {
+        if (additionalOptions.prf) {
+            const inputValues = createPRFInput(additionalOptions.prf);
+            const prfInput = createASAuthorizationPublicKeyCredentialPRFRegistrationInput(inputValues);
+            platformKeyRequest.setPrf$(prfInput);
+        }
+        else {
+            platformKeyRequest.setPrf$(ASAuthorizationPublicKeyCredentialPRFRegistrationInput.checkForSupport());
+        }
+    }
+    const requestsArray = NSArrayFromObjects([platformKeyRequest]);
+    const authController = WebauthnCreateController.alloc().initWithAuthorizationRequests$(requestsArray);
+    const clientData = generateWebauthnClientData("webauthn.create", origin, challenge, additionalOptions.topFrameOrigin);
+    const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
+    setControllerState(authController, clientDataHash, supportedAlgorithmIdentifiers, residentKeyRequired, excludeCredentials);
+    const finished = (_success) => {
+        removeControllerState(authController);
+    };
+    const delegate = createAuthorizationControllerDelegate({
+        didCompleteWithAuthorization: (_, authorization) => {
+            const credential = authorization.credential();
+            console.log("Authorization succeeded:", credential);
+            const credentialIdBuffer = bufferFromNSDataDirect(credential.credentialID());
+            const attestationObjectBuffer = bufferFromNSDataDirect(credential.rawAttestationObject());
+            const attestation = parseAttestationObject(attestationObjectBuffer);
+            const publicKey = attestation.authenticatorData.credential.publicKey;
+            const ec2Key = publicKey.ec2();
+            const publicKeySPKI = encodeEC2PublicKeyToSPKI(ec2Key.x, ec2Key.y);
+            const authenticatorData = Buffer.from(JSON.stringify(attestation.authenticatorData));
+            let authenticatorAttachment = "platform";
+            if (credential.attachment() ===
+                ASAuthorizationPublicKeyCredentialAttachment.ASAuthorizationPublicKeyCredentialAttachmentCrossPlatform) {
+                authenticatorAttachment = "cross-platform";
+            }
+            let isLargeBlobSupported = null;
+            if (enabledExtensions.includes("largeBlob")) {
+                const largeBlobOutput = credential.largeBlob();
+                if (largeBlobOutput) {
+                    isLargeBlobSupported = largeBlobOutput.isSupported();
+                }
+            }
+            let prfFirst = null;
+            let prfSecond = null;
+            let isPRFSupported = null;
+            if (enabledExtensions.includes("prf")) {
+                const prfOutput = credential.prf();
+                if (prfOutput) {
+                    const prfFirstData = prfOutput.first();
+                    const prfSecondData = prfOutput.second();
+                    if (prfFirstData) {
+                        prfFirst = bufferFromNSDataDirect(prfFirstData);
+                    }
+                    if (prfSecondData) {
+                        prfSecond = bufferFromNSDataDirect(prfSecondData);
+                    }
+                    isPRFSupported = prfOutput.isSupported();
+                }
+            }
+            const data = {
+                credentialId: credentialIdBuffer,
+                clientDataJSON: clientDataBuffer,
+                attestationObject: attestationObjectBuffer,
+                authenticatorData,
+                attachment: authenticatorAttachment,
+                transports: ["hybrid", "internal"],
+                isResidentKey: true,
+                publicKeyAlgorithm: publicKey.algorithm(),
+                publicKey: publicKeySPKI,
+                isLargeBlobSupported,
+                isPRFSupported,
+                prfFirst,
+                prfSecond,
+            };
+            resolve(data);
+            finished(true);
+        },
+        didCompleteWithError: (_, error) => {
+            const parsedError = error;
+            const errorMessage = parsedError.localizedDescription().UTF8String();
+            console.error("Authorization failed:", errorMessage);
+            reject(new Error(errorMessage));
+            finished(false);
+        },
+    });
+    authController.setDelegate$(delegate);
+    const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
+    authController.setPresentationContextProvider$(presentationContextProvider);
+    authController.performRequests();
+    return promise;
+}
+export { createCredentialInternal };

package/dist/helpers/index.js

@@ -32,6 +32,8 @@ export function base64UrlToBuffer(b64url) {
     return Buffer.from(b64, "base64");
 }
 export function bufferSourceToBuffer(src) {
+    if (!src)
+        return null;
     if (Buffer.isBuffer(src))
         return src;
     if (src instanceof ArrayBuffer ||

package/dist/helpers/origin.js

@@ -101,6 +101,6 @@ function originString(x) {
     }
     const o = computeOrigin(url);
     if (o.type === "opaque")
-        return "null";
+        return null;
     return `${o.scheme}://${o.host}${o.port == null ? "" : `:${o.port}`}`;
 }

package/dist/helpers/validation.d.ts

@@ -1,3 +1,3 @@
 export declare function isString(value: unknown): value is string;
 export declare function isNumber(value: unknown): value is number;
-export declare function isObject(value: unknown): value is Record<string, unknown>;
+export declare function isObject(value: unknown): boolean;

package/dist/index.d.ts

@@ -1,3 +1,2 @@
 export * from "./get/handler.js";
 export * from "./create/handler.js";
-export type { PRFInput } from "./helpers/prf.js";

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "electron-webauthn",
-  "version": "0.0.15",
-  "repository": "https://github.com/iamEvanYT/electron-webauthn",
+  "version": "0.0.17",
+  "repository": "https://github.com/iamEvanYT/electron-webauthn.git",
   "description": "Add support for WebAuthn for Electron.",
   "main": "dist/index.js",
   "module": "dist/index.js",