electron-webauthn 1.1.0 → 1.2.0

package/README.md

@@ -8,6 +8,8 @@ Add native WebAuthn/FIDO2 support to Electron on macOS using its AuthenticationS
 
 This package provides JavaScript bindings to Apple's AuthenticationServices framework, allowing you to perform WebAuthn credential creation (registration) and assertions (authentication/signing) in your Electron applications using W3C WebAuthn-compliant APIs.
 
+The root `electron-webauthn` package is a cross-platform shim that lazy-loads `@electron-webauthn/macos` only on macOS. This keeps Linux/Windows packaging safe for apps that include but do not use WebAuthn outside macOS.
+
 > [!NOTE]
 > Although this library is called `electron-webauthn`, it can be used in Node.js and Bun projects as well, not just Electron.
 
@@ -21,6 +23,7 @@ This package provides JavaScript bindings to Apple's AuthenticationServices fram
 - Credential creation (registration) with attestation
 - Credential authentication (assertions) with existing credentials
 - Seamless integration with Electron's native window system
+- Passkey listing via `listPasskeys` (macOS 13.3+)
 - PRF (Pseudo-Random Function) extension support
 - Large Blob extension support for reading/writing credential-specific data
 - User verification preference configuration (preferred, required, discouraged)
@@ -33,6 +36,8 @@ This package provides JavaScript bindings to Apple's AuthenticationServices fram
 
 ### Prerequisites
 
+The following prerequisites apply when running on macOS:
+
 - Node.js / Bun
 - Xcode Command Line Tools (Run `xcode-select --install` to install)
 - `pkg-config` from Homebrew (Run `brew install pkgconf` to install)
@@ -83,7 +88,7 @@ This library implements the W3C WebAuthn standard using Apple's native Authentic
 
 ## Error Handling
 
-Both `createCredential` and `getCredential` functions return a result object with a `success` field. Always check this field:
+`createCredential`, `getCredential`, and `listPasskeys` all return a result object with a `success` field. Always check this field:
 
 ```typescript
 const result = await createCredential(publicKeyOptions, additionalOptions);
@@ -118,6 +123,19 @@ if (!result.success) {
 console.log("Credential ID:", result.data.credentialId);
 ```
 
+`listPasskeys` returns an `Error` object (not a string code) when unsuccessful:
+
+```typescript
+const result = await listPasskeys("example.com");
+
+if (!result.success) {
+  console.error("Failed to list passkeys:", result.error.message);
+  return;
+}
+
+console.log(`Found ${result.credentials.length} passkeys`);
+```
+
 ### Common Error Scenarios
 
 #### For Both Registration and Authentication
@@ -141,6 +159,7 @@ console.log("Credential ID:", result.data.credentialId);
 
 - ✅ WebAuthn credential creation (registration/attestation)
 - ✅ WebAuthn assertions (authentication with existing credentials)
+- ✅ Passkey listing with `listPasskeys` (macOS 13.3+, requires `com.apple.developer.web-browser.public-key-credential` entitlement)
 - ✅ Cross-platform authenticators (external security keys like YubiKey)
 - ✅ Platform authenticators (Touch ID, Face ID)
 - ✅ Discoverable credentials (resident keys)

package/dist/index.d.ts

@@ -1,3 +1,8 @@
-export * from "./get/handler.js";
-export * from "./create/handler.js";
-export * from "./list/handler.js";
+import type { CreateCredentialResult, GetCredentialResult, ListPasskeysError, ListPasskeysResult, WebauthnCreateRequestOptions, WebauthnGetRequestOptions, WebauthnModule } from "@electron-webauthn/types";
+export type { CreateCredentialErrorCodes, CreateCredentialResult, CreateCredentialSuccessData, CreateCredentialSuccessResult, CreateCredentialErrorResult, GetCredentialErrorCodes, GetCredentialResult, GetCredentialSuccessData, GetCredentialSuccessResult, GetCredentialErrorResult, ListPasskeysError, ListPasskeysResult, PasskeyCredential, WebauthnCreateRequestOptions, WebauthnGetRequestOptions, WebauthnModule, } from "@electron-webauthn/types";
+type MacosLoader = () => Promise<WebauthnModule>;
+export declare function createCredential(publicKeyOptions: PublicKeyCredentialCreationOptions | undefined, additionalOptions: WebauthnCreateRequestOptions): Promise<CreateCredentialResult>;
+export declare function getCredential(publicKeyOptions: PublicKeyCredentialRequestOptions | undefined, additionalOptions: WebauthnGetRequestOptions): Promise<GetCredentialResult>;
+export declare function listPasskeys(relyingPartyId: string): Promise<ListPasskeysResult | ListPasskeysError>;
+export declare function __setMacosLoaderForTesting(loader: MacosLoader | null): void;
+export declare function __setPlatformForTesting(platform: NodeJS.Platform | null): void;

package/dist/index.js

@@ -1,3 +1,78 @@
-export * from "./get/handler.js";
-export * from "./create/handler.js";
-export * from "./list/handler.js";
+const unsupportedGetResult = {
+    success: false,
+    error: "NotAllowedError",
+    errorObject: new Error("electron-webauthn is only available on macOS. Install @electron-webauthn/macos on Darwin hosts."),
+};
+const unsupportedCreateResult = {
+    success: false,
+    error: "NotAllowedError",
+    errorObject: new Error("electron-webauthn is only available on macOS. Install @electron-webauthn/macos on Darwin hosts."),
+};
+const unsupportedListResult = {
+    success: false,
+    error: new Error("electron-webauthn is only available on macOS. Install @electron-webauthn/macos on Darwin hosts."),
+};
+let moduleCache = null;
+let modulePromise = null;
+let platformOverride = null;
+const defaultLoader = () => import("@electron-webauthn/macos");
+let macosLoader = defaultLoader;
+function runtimePlatform() {
+    return platformOverride ?? process.platform;
+}
+async function getMacosModule() {
+    if (runtimePlatform() !== "darwin") {
+        return null;
+    }
+    if (moduleCache) {
+        return moduleCache;
+    }
+    if (modulePromise) {
+        return modulePromise;
+    }
+    modulePromise = (async () => {
+        try {
+            const module = await macosLoader();
+            moduleCache = module;
+            return module;
+        }
+        catch {
+            return null;
+        }
+        finally {
+            modulePromise = null;
+        }
+    })();
+    return modulePromise;
+}
+export async function createCredential(publicKeyOptions, additionalOptions) {
+    const module = await getMacosModule();
+    if (!module) {
+        return unsupportedCreateResult;
+    }
+    return module.createCredential(publicKeyOptions, additionalOptions);
+}
+export async function getCredential(publicKeyOptions, additionalOptions) {
+    const module = await getMacosModule();
+    if (!module) {
+        return unsupportedGetResult;
+    }
+    return module.getCredential(publicKeyOptions, additionalOptions);
+}
+export async function listPasskeys(relyingPartyId) {
+    const module = await getMacosModule();
+    if (!module) {
+        return unsupportedListResult;
+    }
+    return module.listPasskeys(relyingPartyId);
+}
+export function __setMacosLoaderForTesting(loader) {
+    macosLoader = loader ?? defaultLoader;
+    moduleCache = null;
+    modulePromise = null;
+}
+export function __setPlatformForTesting(platform) {
+    platformOverride = platform;
+    moduleCache = null;
+    modulePromise = null;
+}

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "electron-webauthn",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "repository": "https://github.com/iamEvanYT/electron-webauthn.git",
   "homepage": "https://github.com/iamEvanYT/electron-webauthn#readme",
-  "description": "Add support for WebAuthn for Electron.",
+  "description": "Cross-platform loader for native WebAuthn support on macOS.",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,12 +15,18 @@
     }
   },
   "files": [
-    "dist/"
+    "dist",
+    "dist/**"
   ],
   "type": "module",
+  "workspaces": [
+    "packages/*"
+  ],
   "scripts": {
-    "build": "rm -rf dist && tsc && rm -rf dist/test",
-    "test": "bun run src/test/index.ts"
+    "build": "rm -rf dist && tsc -p tsconfig.json",
+    "build:macos": "cd packages/macos && bun run build",
+    "build:all": "bun run build && bun run build:macos",
+    "test": "bun test"
   },
   "devDependencies": {
     "@types/bun": "latest"
@@ -29,11 +35,9 @@
     "typescript": "^5"
   },
   "dependencies": {
-    "@oslojs/webauthn": "^1.0.0",
-    "objc-js": "^1.3.0",
-    "objcjs-types": "^0.5.0"
+    "@electron-webauthn/types": "^1.2.0"
   },
-  "trustedDependencies": [
-    "objc-js"
-  ]
+  "optionalDependencies": {
+    "@electron-webauthn/macos": "^1.2.0"
+  }
 }

package/dist/additional-objc/ASCPublicKeyCredentialDescriptor.d.ts

@@ -1,12 +0,0 @@
-import type { _NSArray, _NSData, _NSObject, _NSSecureCoding } from "objcjs-types/Foundation";
-export declare class _ASCPublicKeyCredentialDescriptor extends _NSObject {
-    static alloc(): _ASCPublicKeyCredentialDescriptor;
-    static new(): _ASCPublicKeyCredentialDescriptor;
-    init(): _ASCPublicKeyCredentialDescriptor;
-    initWithCredentialID$transports$(credentialID: _NSData, allowedTransports: _NSArray | null): _ASCPublicKeyCredentialDescriptor;
-    credentialID(): _NSData;
-    transports(): _NSArray | null;
-}
-export interface _ASCPublicKeyCredentialDescriptor extends _NSSecureCoding {
-}
-export declare const ASCPublicKeyCredentialDescriptor: typeof _ASCPublicKeyCredentialDescriptor;

package/dist/additional-objc/ASCPublicKeyCredentialDescriptor.js

@@ -1,2 +0,0 @@
-import { AuthenticationServices } from "objcjs-types/AuthenticationServices";
-export const ASCPublicKeyCredentialDescriptor = AuthenticationServices.ASCPublicKeyCredentialDescriptor;

package/dist/create/authorization-controller.d.ts

@@ -1,10 +0,0 @@
-import { NobjcObject } from "objc-js";
-import type { ExcludeCredential } from "./internal-handler.js";
-import type { ASAuthorizationController } from "objcjs-types/AuthenticationServices";
-export interface PublicKeyCredentialParams {
-    type: "public-key";
-    algorithm: number;
-}
-export declare function setControllerState(self: NobjcObject, clientDataHash: Buffer, pubKeyCredParams: PublicKeyCredentialParams[], residentKeyRequired: boolean, excludeCredentialIds: ExcludeCredential[]): void;
-export declare function removeControllerState(self: NobjcObject): void;
-export declare const WebauthnCreateController: typeof ASAuthorizationController;

package/dist/create/authorization-controller.js

@@ -1,77 +0,0 @@
-import { NobjcClass, NobjcObject, getPointer } from "objc-js";
-import { NSDataFromBuffer } from "objcjs-types/nsdata";
-import { NSArrayFromObjects, NSStringFromString } from "objcjs-types/helpers";
-import { NSNumber } from "objcjs-types/Foundation";
-import { ASCPublicKeyCredentialDescriptor } from "../additional-objc/ASCPublicKeyCredentialDescriptor.js";
-const createControllerState = new Map();
-function getObjectPointerString(self) {
-    return getPointer(self).toString("base64");
-}
-export function setControllerState(self, clientDataHash, pubKeyCredParams, residentKeyRequired, excludeCredentialIds) {
-    const selfPointer = getObjectPointerString(self);
-    createControllerState.set(selfPointer, [
-        clientDataHash,
-        pubKeyCredParams,
-        residentKeyRequired,
-        excludeCredentialIds,
-    ]);
-}
-export function removeControllerState(self) {
-    const selfPointer = getObjectPointerString(self);
-    createControllerState.delete(selfPointer);
-}
-export const WebauthnCreateController = NobjcClass.define({
-    name: "WebauthnCreateController",
-    superclass: "ASAuthorizationController",
-    methods: {
-        _requestContextWithRequests$error$: {
-            types: "@@:@^@",
-            implementation: (self, requests, outError) => {
-                const context = NobjcClass.super(self, "_requestContextWithRequests$error$", requests, outError);
-                const selfPointer = getObjectPointerString(self);
-                if (context && createControllerState.has(selfPointer)) {
-                    let isSecurityKey = false;
-                    let registrationOptions = context.platformKeyCredentialCreationOptions();
-                    if (!registrationOptions) {
-                        registrationOptions =
-                            context.securityKeyCredentialCreationOptions();
-                        isSecurityKey = true;
-                    }
-                    const [clientDataHash, pubKeyCredParams, residentKeyRequired, excludeCredentials,] = createControllerState.get(selfPointer);
-                    registrationOptions.setClientDataHash$(NSDataFromBuffer(clientDataHash));
-                    registrationOptions.setChallenge$(null);
-                    const supportedAlgos = [];
-                    for (const param of pubKeyCredParams) {
-                        if (param.type === "public-key") {
-                            const nsNum = NSNumber.numberWithInteger$(param.algorithm);
-                            supportedAlgos.push(nsNum);
-                        }
-                    }
-                    if (supportedAlgos.length > 0) {
-                        registrationOptions.setSupportedAlgorithmIdentifiers$(NSArrayFromObjects(supportedAlgos));
-                    }
-                    if (!isSecurityKey) {
-                        registrationOptions.setShouldRequireResidentKey$(residentKeyRequired);
-                    }
-                    const excludeList = [];
-                    for (const cred of excludeCredentials) {
-                        const transports = [];
-                        if (cred.transports) {
-                            for (const transport of cred.transports) {
-                                transports.push(NSStringFromString(transport));
-                            }
-                        }
-                        const credentialID = NSDataFromBuffer(cred.id);
-                        const transportsArray = NSArrayFromObjects(transports);
-                        const initializedDescriptor = ASCPublicKeyCredentialDescriptor.alloc().initWithCredentialID$transports$(credentialID, transportsArray);
-                        excludeList.push(initializedDescriptor);
-                    }
-                    if (excludeList.length > 0) {
-                        registrationOptions.setExcludedCredentials$(NSArrayFromObjects(excludeList));
-                    }
-                }
-                return context;
-            },
-        },
-    },
-});

package/dist/create/handler.d.ts

@@ -1,43 +0,0 @@
-export type CreateCredentialErrorCodes = "TypeError" | "AbortError" | "NotAllowedError" | "SecurityError" | "InvalidStateError";
-export interface CreateCredentialSuccessData {
-    credentialId: string;
-    clientDataJSON: string;
-    attestationObject: string;
-    authData: string;
-    publicKey: string;
-    publicKeyAlgorithm: number;
-    transports: string[];
-    extensions: {
-        credProps?: {
-            rk: boolean;
-        };
-        prf?: {
-            enabled?: boolean;
-            results: {
-                first?: string;
-                second?: string;
-            };
-        };
-        largeBlob?: {
-            supported?: boolean;
-        };
-    };
-}
-interface WebauthnCreateRequestOptions {
-    currentOrigin: string;
-    topFrameOrigin: string | undefined;
-    isPublicSuffix?: (domain: string) => boolean;
-    nativeWindowHandle: Buffer;
-}
-interface CreateCredentialSuccessResult {
-    success: true;
-    data: CreateCredentialSuccessData;
-}
-interface CreateCredentialErrorResult {
-    success: false;
-    error: CreateCredentialErrorCodes;
-    errorObject?: Error;
-}
-export type CreateCredentialResult = CreateCredentialSuccessResult | CreateCredentialErrorResult;
-export declare function createCredential(publicKeyOptions: PublicKeyCredentialCreationOptions | undefined, additionalOptions: WebauthnCreateRequestOptions): Promise<CreateCredentialResult>;
-export {};

package/dist/create/handler.js

@@ -1,224 +0,0 @@
-import { bufferSourceToBuffer, bufferToBase64Url } from "../helpers/index.js";
-import { isRpIdAllowedForOrigin } from "../helpers/rpid.js";
-import { isNumber, isObject, isString } from "../helpers/validation.js";
-import { createCredentialInternal, } from "./internal-handler.js";
-function getExtensionsConfiguration(extensionsData) {
-    if (!(extensionsData && typeof extensionsData === "object")) {
-        return {
-            extensions: [],
-        };
-    }
-    const extensions = [];
-    let largeBlobSupport;
-    if (isObject(extensionsData.largeBlob)) {
-        extensions.push("largeBlob");
-        const largeBlobConfig = extensionsData.largeBlob;
-        if (largeBlobConfig.support === "required") {
-            largeBlobSupport = "required";
-        }
-        else if (largeBlobConfig.support === "preferred") {
-            largeBlobSupport = "preferred";
-        }
-    }
-    let prf;
-    if (isObject(extensionsData.prf)) {
-        const prfEval = extensionsData.prf.eval;
-        if (prfEval) {
-            const first = bufferSourceToBuffer(prfEval.first);
-            const second = bufferSourceToBuffer(prfEval.second);
-            if (first) {
-                prf = {
-                    first: first ? first : null,
-                    second: second ? second : undefined,
-                };
-            }
-            else {
-                console.warn("[electron-webauthn] prf is enabled but prf.first is not valid, skipping PRF evaluation");
-            }
-        }
-    }
-    return {
-        extensions,
-        largeBlobSupport,
-        prf,
-    };
-}
-export async function createCredential(publicKeyOptions, additionalOptions) {
-    if (!publicKeyOptions) {
-        return null;
-    }
-    const rpInfo = publicKeyOptions.rp;
-    if (!isObject(rpInfo)) {
-        return { success: false, error: "TypeError" };
-    }
-    let rpId = rpInfo.id;
-    if (!rpId) {
-        try {
-            const url = new URL(additionalOptions.currentOrigin);
-            rpId = url.hostname;
-        }
-        catch { }
-    }
-    if (!isString(rpId)) {
-        return { success: false, error: "TypeError" };
-    }
-    let timeout = publicKeyOptions.timeout;
-    if (!isNumber(timeout) || timeout <= 0) {
-        timeout = 10 * 60 * 1000;
-    }
-    else if (timeout > 60 * 60 * 1000) {
-        timeout = 60 * 60 * 1000;
-    }
-    const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
-    if (!challenge) {
-        return { success: false, error: "TypeError" };
-    }
-    if (!isObject(publicKeyOptions.user)) {
-        return { success: false, error: "TypeError" };
-    }
-    const userName = publicKeyOptions.user.name;
-    const userDisplayName = publicKeyOptions.user.displayName;
-    if (!isString(userName) || !isString(userDisplayName)) {
-        return { success: false, error: "TypeError" };
-    }
-    const userID = bufferSourceToBuffer(publicKeyOptions.user.id);
-    if (!userID) {
-        return { success: false, error: "TypeError" };
-    }
-    const attestationPreference = publicKeyOptions.attestation;
-    if (attestationPreference && !isString(attestationPreference)) {
-        return { success: false, error: "TypeError" };
-    }
-    const pubKeyCredParams = publicKeyOptions.pubKeyCredParams;
-    const supportedAlgorithmIdentifiers = [];
-    if (pubKeyCredParams) {
-        if (Array.isArray(pubKeyCredParams)) {
-            for (const param of pubKeyCredParams) {
-                if (!isObject(param))
-                    continue;
-                if (!isNumber(param.alg))
-                    continue;
-                supportedAlgorithmIdentifiers.push({
-                    type: "public-key",
-                    algorithm: param.alg,
-                });
-            }
-        }
-        else {
-            return { success: false, error: "TypeError" };
-        }
-    }
-    if (supportedAlgorithmIdentifiers.length === 0) {
-        supportedAlgorithmIdentifiers.push({
-            type: "public-key",
-            algorithm: -7,
-        });
-        supportedAlgorithmIdentifiers.push({
-            type: "public-key",
-            algorithm: -257,
-        });
-    }
-    const excludeCredentials = [];
-    if (publicKeyOptions.excludeCredentials &&
-        Array.isArray(publicKeyOptions.excludeCredentials)) {
-        for (const excludeCredential of publicKeyOptions.excludeCredentials) {
-            if (!isObject(excludeCredential))
-                continue;
-            if (excludeCredential.type !== "public-key")
-                continue;
-            const idBuffer = bufferSourceToBuffer(excludeCredential.id);
-            if (!idBuffer)
-                continue;
-            excludeCredentials.push({
-                id: idBuffer,
-                transports: excludeCredential.transports,
-            });
-        }
-    }
-    const { extensions, largeBlobSupport, prf } = getExtensionsConfiguration(publicKeyOptions.extensions);
-    let residentKeyRequired = false;
-    let userVerificationPreference = "preferred";
-    let preferredAuthenticatorAttachment = "all";
-    if (publicKeyOptions.authenticatorSelection) {
-        if (publicKeyOptions.authenticatorSelection.residentKey === "required") {
-            residentKeyRequired = true;
-        }
-        else if (publicKeyOptions.authenticatorSelection.requireResidentKey) {
-            residentKeyRequired = true;
-        }
-        const userVerifyParam = publicKeyOptions.authenticatorSelection.userVerification;
-        if (userVerifyParam === "required") {
-            userVerificationPreference = "required";
-        }
-        else if (userVerifyParam === "discouraged") {
-            userVerificationPreference = "discouraged";
-        }
-        else {
-            userVerificationPreference = "preferred";
-        }
-        const attachment = publicKeyOptions.authenticatorSelection.authenticatorAttachment;
-        if (attachment === "cross-platform") {
-            preferredAuthenticatorAttachment = "cross-platform";
-        }
-        else if (attachment === "platform") {
-            preferredAuthenticatorAttachment = "platform";
-        }
-    }
-    const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
-    const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
-        isPublicSuffix,
-    });
-    if (!isRpIdAllowed.ok) {
-        return { success: false, error: "NotAllowedError" };
-    }
-    let errorResult = null;
-    const result = await createCredentialInternal(rpId, challenge, userName, userID, nativeWindowHandle, currentOrigin, timeout, extensions, attestationPreference, supportedAlgorithmIdentifiers, excludeCredentials, residentKeyRequired, preferredAuthenticatorAttachment, userVerificationPreference, {
-        topFrameOrigin,
-        largeBlobSupport,
-        prf,
-    }).catch((error) => {
-        errorResult = error;
-        if (error.message.includes("(com.apple.AuthenticationServices.AuthorizationError error 1006.)")) {
-            return "InvalidStateError";
-        }
-        if (error.message.startsWith("The operation couldn’t be completed.")) {
-            return "NotAllowedError";
-        }
-        return null;
-    });
-    if (typeof result === "string") {
-        return { success: false, error: result, errorObject: errorResult };
-    }
-    const data = {
-        credentialId: bufferToBase64Url(result.credentialId),
-        clientDataJSON: bufferToBase64Url(result.clientDataJSON),
-        attestationObject: bufferToBase64Url(result.attestationObject),
-        authData: bufferToBase64Url(result.authenticatorData),
-        publicKey: bufferToBase64Url(result.publicKey),
-        publicKeyAlgorithm: result.publicKeyAlgorithm,
-        transports: result.transports,
-        extensions: {},
-    };
-    if (publicKeyOptions.extensions?.credProps) {
-        data.extensions.credProps = {
-            rk: result.isResidentKey,
-        };
-    }
-    if (result.isLargeBlobSupported !== null) {
-        data.extensions.largeBlob = {
-            supported: result.isLargeBlobSupported,
-        };
-    }
-    if (result.isPRFSupported !== null) {
-        const prfFirst = result.prfFirst;
-        const prfSecond = result.prfSecond;
-        data.extensions.prf = {
-            enabled: result.isPRFSupported,
-            results: {
-                first: prfFirst ? bufferToBase64Url(prfFirst) : undefined,
-                second: prfSecond ? bufferToBase64Url(prfSecond) : undefined,
-            },
-        };
-    }
-    return { success: true, data };
-}

package/dist/create/internal-handler.d.ts

@@ -1,35 +0,0 @@
-import { type PRFInput } from "../helpers/prf.js";
-import { type PublicKeyCredentialParams } from "./authorization-controller.js";
-export type AuthenticatorAttachmentWithExtra = AuthenticatorAttachment | "all";
-export interface CreateCredentialResult {
-    credentialId: Buffer;
-    clientDataJSON: Buffer;
-    attestationObject: Buffer;
-    authenticatorData: Buffer;
-    attachment: AuthenticatorAttachment;
-    transports: string[];
-    isResidentKey: boolean;
-    publicKeyAlgorithm: number;
-    publicKey: Buffer;
-    isLargeBlobSupported: boolean | null;
-    isPRFSupported: boolean | null;
-    prfFirst: Buffer | null;
-    prfSecond: Buffer | null;
-}
-type CredentialUserVerificationPreference = "required" | "preferred" | "discouraged";
-type CredentialAttestationPreference = "direct" | "enterprise" | "indirect" | "none";
-declare const VALID_EXTENSIONS: readonly ["largeBlob", "prf"];
-export type CredentialCreationExtensions = (typeof VALID_EXTENSIONS)[number];
-export type LargeBlobSupport = "required" | "preferred" | "unspecified";
-interface CreateCredentialAdditionalOptions {
-    topFrameOrigin?: string;
-    userDisplayName?: string;
-    largeBlobSupport?: LargeBlobSupport;
-    prf?: PRFInput;
-}
-export interface ExcludeCredential {
-    id: Buffer;
-    transports?: string[];
-}
-declare function createCredentialInternal(rpid: string, challenge: Buffer, username: string, userID: Buffer, nativeWindowHandle: Buffer, origin: string, timeout: number, enabledExtensions: CredentialCreationExtensions[], attestation: CredentialAttestationPreference, supportedAlgorithmIdentifiers: PublicKeyCredentialParams[], excludeCredentials: ExcludeCredential[], residentKeyRequired?: boolean, preferredAuthenticatorAttachment?: AuthenticatorAttachmentWithExtra, userVerification?: CredentialUserVerificationPreference, additionalOptions?: CreateCredentialAdditionalOptions): Promise<CreateCredentialResult>;
-export { createCredentialInternal };