ox 0.12.3 → 0.13.0

package/_types/webauthn/Registration.d.ts

@@ -0,0 +1,308 @@
+import * as Base64 from '../core/Base64.js';
+import * as Bytes from '../core/Bytes.js';
+import * as Cbor from '../core/Cbor.js';
+import * as CoseKey from '../core/CoseKey.js';
+import * as Errors from '../core/Errors.js';
+import * as Hash from '../core/Hash.js';
+import * as Hex from '../core/Hex.js';
+import type { OneOf } from '../core/internal/types.js';
+import * as internal from '../core/internal/webauthn.js';
+import * as P256 from '../core/P256.js';
+import * as PublicKey from '../core/PublicKey.js';
+import * as Signature from '../core/Signature.js';
+import type * as Credential_ from './Credential.js';
+import type * as Types from './Types.js';
+export declare const createChallenge: Uint8Array;
+/** Response from a WebAuthn registration ceremony. */
+export type Response<serialized extends boolean = false> = {
+    credential: Credential_.Credential<serialized>;
+    counter: number;
+    userVerified?: true | undefined;
+    backedUp?: boolean | undefined;
+    deviceType?: 'multiDevice' | 'singleDevice' | undefined;
+};
+/**
+ * Creates a new WebAuthn P256 Credential, which can be stored and later used for signing.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const credential = await Registration.create({ name: 'Example' }) // [!code focus]
+ * // @log: {
+ * // @log:   id: 'oZ48...',
+ * // @log:   publicKey: { x: 51421...5123n, y: 12345...6789n },
+ * // @log:   raw: PublicKeyCredential {},
+ * // @log: }
+ * ```
+ *
+ * @param options - Credential creation options.
+ * @returns A WebAuthn P256 credential.
+ */
+export declare function create(options: create.Options): Promise<Credential_.Credential>;
+export declare namespace create {
+    type Options = OneOf<(getOptions.Options & {
+        /**
+         * Credential creation function. Useful for environments that do not support
+         * the WebAuthn API natively (i.e. React Native or testing environments).
+         *
+         * @default window.navigator.credentials.create
+         */
+        createFn?: ((options?: Types.CredentialCreationOptions | undefined) => Promise<Types.Credential | null>) | undefined;
+    }) | Types.CredentialCreationOptions>;
+    type ErrorType = getOptions.ErrorType | internal.parseCredentialPublicKey.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Returns the creation options for a P256 WebAuthn Credential to be used with
+ * the Web Authentication API.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const options = Registration.getOptions({ name: 'Example' })
+ *
+ * const credential = await window.navigator.credentials.create(options)
+ * ```
+ *
+ * @param options - Options.
+ * @returns The credential creation options.
+ */
+export declare function getOptions(options: getOptions.Options): Types.CredentialCreationOptions;
+export declare namespace getOptions {
+    type Options = {
+        /**
+         * A string specifying the relying party's preference for how the attestation statement
+         * (i.e., provision of verifiable evidence of the authenticity of the authenticator and its data)
+         * is conveyed during credential creation.
+         */
+        attestation?: Types.PublicKeyCredentialCreationOptions['attestation'] | undefined;
+        /**
+         * An object whose properties are criteria used to filter out the potential authenticators
+         * for the credential creation operation.
+         */
+        authenticatorSelection?: Types.PublicKeyCredentialCreationOptions['authenticatorSelection'] | undefined;
+        /**
+         * An `ArrayBuffer`, `TypedArray`, or `DataView` used as a cryptographic challenge.
+         */
+        challenge?: Hex.Hex | Types.PublicKeyCredentialCreationOptions['challenge'] | undefined;
+        /**
+         * List of credential IDs to exclude from the creation. This property can be used
+         * to prevent creation of a credential if it already exists.
+         */
+        excludeCredentialIds?: readonly string[] | undefined;
+        /**
+         * List of Web Authentication API credentials to use during creation or authentication.
+         */
+        extensions?: Types.PublicKeyCredentialCreationOptions['extensions'] | undefined;
+        /**
+         * An object describing the relying party that requested the credential creation
+         */
+        rp?: {
+            id: string;
+            name: string;
+        } | undefined;
+        /**
+         * A numerical hint, in milliseconds, which indicates the time the calling web app is willing to wait for the creation operation to complete.
+         */
+        timeout?: Types.PublicKeyCredentialCreationOptions['timeout'] | undefined;
+    } & OneOf<{
+        /** Name for the credential (user.name). */
+        name: string;
+        user?: {
+            displayName?: string;
+            id?: Types.BufferSource;
+            name: string;
+        } | undefined;
+    } | {
+        name?: string | undefined;
+        /**
+         * An object describing the user account for which the credential is generated.
+         */
+        user: {
+            displayName?: string;
+            id?: Types.BufferSource;
+            name: string;
+        };
+    }>;
+    type ErrorType = Base64.toBytes.ErrorType | Hash.keccak256.ErrorType | Bytes.fromString.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Serializes a registration response into a JSON-serializable
+ * format, converting `ArrayBuffer` fields to base64url strings
+ * and the public key to a hex string.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const credential = await Registration.create({ name: 'Example' })
+ * const response = Registration.verify({
+ *   credential,
+ *   challenge: '0x...',
+ *   origin: 'https://example.com',
+ *   rpId: 'example.com',
+ * })
+ *
+ * const serialized = Registration.serializeResponse(response) // [!code focus]
+ *
+ * // `serialized` is JSON-serializable — send it to a server, store it, etc.
+ * const json = JSON.stringify(serialized)
+ * ```
+ *
+ * @param response - The registration response to serialize.
+ * @returns The serialized registration response.
+ */
+export declare function serializeResponse(response: Response): Response<true>;
+export declare namespace serializeResponse {
+    type ErrorType = Base64.fromBytes.ErrorType | PublicKey.toHex.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Serializes credential creation options into a JSON-serializable
+ * format, converting `BufferSource` fields to base64url strings.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const options = Registration.getOptions({ name: 'Example' })
+ *
+ * const serialized = Registration.serializeOptions(options) // [!code focus]
+ *
+ * // `serialized` is JSON-serializable — send it to a server, store it, etc.
+ * const json = JSON.stringify(serialized)
+ * ```
+ *
+ * @param options - The credential creation options to serialize.
+ * @returns The serialized credential creation options.
+ */
+export declare function serializeOptions(options: Types.CredentialCreationOptions): Types.CredentialCreationOptions<true>;
+export declare namespace serializeOptions {
+    type ErrorType = Base64.fromBytes.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Deserializes credential creation options that can be passed to
+ * `navigator.credentials.create()`.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const options = Registration.getOptions({ name: 'Example' })
+ * const serialized = Registration.serializeOptions(options)
+ *
+ * // ... send to server and back ...
+ *
+ * const deserialized = Registration.deserializeOptions(serialized) // [!code focus]
+ * const credential = await window.navigator.credentials.create(deserialized)
+ * ```
+ *
+ * @param options - The serialized credential creation options.
+ * @returns The deserialized credential creation options.
+ */
+export declare function deserializeOptions(options: Types.CredentialCreationOptions<true>): Types.CredentialCreationOptions;
+export declare namespace deserializeOptions {
+    type ErrorType = Base64.toBytes.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Deserializes a serialized registration response.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const response = Registration.deserializeResponse({ // [!code focus]
+ *   credential: { // [!code focus]
+ *     attestationObject: 'o2NmbXRkbm9uZQ...', // [!code focus]
+ *     clientDataJSON: 'eyJ0eXBlIjoid2Vi...', // [!code focus]
+ *     id: 'm1-bMPuAqpWhCxHZQZTT6e-lSPntQbh3opIoGe7g4Qs', // [!code focus]
+ *     publicKey: '0x04ab891400...', // [!code focus]
+ *     raw: { id: '...', type: 'public-key', authenticatorAttachment: 'platform', rawId: '...', response: { clientDataJSON: 'eyJ0eXBlIjoid2Vi...' } }, // [!code focus]
+ *   }, // [!code focus]
+ *   counter: 0, // [!code focus]
+ * }) // [!code focus]
+ * ```
+ *
+ * @param response - The serialized registration response.
+ * @returns The deserialized registration response.
+ */
+export declare function deserializeResponse(response: Response<true>): Response;
+export declare namespace deserializeResponse {
+    type ErrorType = Base64.toBytes.ErrorType | PublicKey.from.ErrorType | Errors.GlobalErrorType;
+}
+/**
+ * Verifies a WebAuthn registration (credential creation) response. Validates the
+ * `clientDataJSON`, `attestationObject`, authenticator flags, challenge, origin, and
+ * relying party ID, then extracts the credential ID and public key.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Registration } from 'ox/webauthn'
+ *
+ * const credential = await Registration.create({ name: 'Example' })
+ *
+ * const result = Registration.verify({ // [!code focus]
+ *   credential, // [!code focus]
+ *   challenge: '0x69abb4b5a0de4bc62a2a201f8d25bae9', // [!code focus]
+ *   origin: 'https://example.com', // [!code focus]
+ *   rpId: 'example.com', // [!code focus]
+ * }) // [!code focus]
+ * // @log: {
+ * // @log:   credential: {
+ * // @log:     id: 'oZ48...',
+ * // @log:     publicKey: { prefix: 4, x: 51421...5123n, y: 12345...6789n },
+ * // @log:   },
+ * // @log:   counter: 0,
+ * // @log:   userVerified: true,
+ * // @log: }
+ * ```
+ *
+ * @param options - Verification options.
+ * @returns The verified registration result.
+ */
+export declare function verify(options: verify.Options): verify.ReturnType;
+export declare namespace verify {
+    type Options = {
+        /**
+         * Attestation verification mode.
+         * - `'required'` (default): attestation signature must be present and valid (`packed` self-attestation).
+         * - `'none'`: accept `fmt: "none"` attestation (no cryptographic binding of authData to clientDataJSON).
+         *
+         * @default 'required'
+         */
+        attestation?: 'required' | 'none' | undefined;
+        /** The credential response from `Registration.create()`. */
+        credential: {
+            attestationObject: Credential_.Credential['attestationObject'];
+            clientDataJSON: Credential_.Credential['clientDataJSON'];
+            id?: Credential_.Credential['id'] | undefined;
+            raw?: Credential_.Credential['raw'] | undefined;
+        };
+        /**
+         * Challenge to verify. Either the raw hex/bytes originally generated, or a
+         * function that receives the base64url challenge string and returns whether
+         * it is valid (for async/DB lookups).
+         */
+        challenge: Hex.Hex | Uint8Array | ((challenge: string) => boolean);
+        /** Expected origin(s) (e.g. `"https://example.com"`). */
+        origin: string | string[];
+        /** Relying party ID (e.g. `"example.com"`). */
+        rpId: string;
+        /** The user verification requirement. @default 'required' */
+        userVerification?: Types.UserVerificationRequirement | undefined;
+    };
+    type ReturnType = Response;
+    type ErrorType = Base64.toBytes.ErrorType | Base64.fromBytes.ErrorType | Bytes.fromHex.ErrorType | Bytes.isEqual.ErrorType | Cbor.decode.ErrorType | CoseKey.toPublicKey.ErrorType | Hash.sha256.ErrorType | P256.verify.ErrorType | Signature.fromDerBytes.ErrorType | VerifyError | Errors.GlobalErrorType;
+}
+/** Thrown when WebAuthn registration verification fails. */
+export declare class VerifyError extends Errors.BaseError {
+    readonly name = "Registration.VerifyError";
+}
+/** Thrown when a WebAuthn P256 credential creation fails. */
+export declare class CreateFailedError extends Errors.BaseError<Error> {
+    readonly name = "Registration.CreateFailedError";
+    constructor({ cause }?: {
+        cause?: Error | undefined;
+    });
+}
+//# sourceMappingURL=Registration.d.ts.map

package/_types/webauthn/Registration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Registration.d.ts","sourceRoot":"","sources":["../../webauthn/Registration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAA;AAC3C,OAAO,KAAK,KAAK,MAAM,kBAAkB,CAAA;AACzC,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAA;AACvC,OAAO,KAAK,OAAO,MAAM,oBAAoB,CAAA;AAC7C,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAA;AAC3C,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAA;AACvC,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAA;AACrC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,KAAK,QAAQ,MAAM,8BAA8B,CAAA;AACxD,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAA;AACvC,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAA;AACjD,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAA;AACjD,OAAO,KAAK,KAAK,WAAW,MAAM,iBAAiB,CAAA;AASnD,OAAO,KAAK,KAAK,KAAK,MAAM,YAAY,CAAA;AAExC,eAAO,MAAM,eAAe,YAE1B,CAAA;AAEF,sDAAsD;AACtD,MAAM,MAAM,QAAQ,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACzD,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;IAC9C,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,CAAC,EAAE,IAAI,GAAG,SAAS,CAAA;IAC/B,QAAQ,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC9B,UAAU,CAAC,EAAE,aAAa,GAAG,cAAc,GAAG,SAAS,CAAA;CACxD,CAAA;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,MAAM,CAAC,OAAO,GACtB,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,CAiCjC;AAED,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC;IAC9B,KAAK,OAAO,GAAG,KAAK,CAChB,CAAC,UAAU,CAAC,OAAO,GAAG;QACpB;;;;;WAKG;QACH,QAAQ,CAAC,EACL,CAAC,CACC,OAAO,CAAC,EAAE,KAAK,CAAC,yBAAyB,GAAG,SAAS,KAClD,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,GACtC,SAAS,CAAA;KACd,CAAC,GACF,KAAK,CAAC,yBAAyB,CAClC,CAAA;IAED,KAAK,SAAS,GACV,UAAU,CAAC,SAAS,GACpB,QAAQ,CAAC,wBAAwB,CAAC,SAAS,GAC3C,MAAM,CAAC,eAAe,CAAA;CAC3B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,UAAU,CAAC,OAAO,GAC1B,KAAK,CAAC,yBAAyB,CAgDjC;AAED,MAAM,CAAC,OAAO,WAAW,UAAU,CAAC;IAClC,KAAK,OAAO,GAAG;QACb;;;;WAIG;QACH,WAAW,CAAC,EACR,KAAK,CAAC,kCAAkC,CAAC,aAAa,CAAC,GACvD,SAAS,CAAA;QACb;;;WAGG;QACH,sBAAsB,CAAC,EACnB,KAAK,CAAC,kCAAkC,CAAC,wBAAwB,CAAC,GAClE,SAAS,CAAA;QACb;;WAEG;QACH,SAAS,CAAC,EACN,GAAG,CAAC,GAAG,GACP,KAAK,CAAC,kCAAkC,CAAC,WAAW,CAAC,GACrD,SAAS,CAAA;QACb;;;WAGG;QACH,oBAAoB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAA;QACpD;;WAEG;QACH,UAAU,CAAC,EACP,KAAK,CAAC,kCAAkC,CAAC,YAAY,CAAC,GACtD,SAAS,CAAA;QACb;;WAEG;QACH,EAAE,CAAC,EACC;YACE,EAAE,EAAE,MAAM,CAAA;YACV,IAAI,EAAE,MAAM,CAAA;SACb,GACD,SAAS,CAAA;QACb;;WAEG;QACH,OAAO,CAAC,EAAE,KAAK,CAAC,kCAAkC,CAAC,SAAS,CAAC,GAAG,SAAS,CAAA;KAC1E,GAAG,KAAK,CACL;QACE,2CAA2C;QAC3C,IAAI,EAAE,MAAM,CAAA;QACZ,IAAI,CAAC,EACD;YACE,WAAW,CAAC,EAAE,MAAM,CAAA;YACpB,EAAE,CAAC,EAAE,KAAK,CAAC,YAAY,CAAA;YACvB,IAAI,EAAE,MAAM,CAAA;SACb,GACD,SAAS,CAAA;KACd,GACD;QACE,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB;;WAEG;QACH,IAAI,EAAE;YACJ,WAAW,CAAC,EAAE,MAAM,CAAA;YACpB,EAAE,CAAC,EAAE,KAAK,CAAC,YAAY,CAAA;YACvB,IAAI,EAAE,MAAM,CAAA;SACb,CAAA;KACF,CACJ,CAAA;IAED,KAAK,SAAS,GACV,MAAM,CAAC,OAAO,CAAC,SAAS,GACxB,IAAI,CAAC,SAAS,CAAC,SAAS,GACxB,KAAK,CAAC,UAAU,CAAC,SAAS,GAC1B,MAAM,CAAC,eAAe,CAAA;CAC3B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAwCpE;AAED,MAAM,CAAC,OAAO,WAAW,iBAAiB,CAAC;IACzC,KAAK,SAAS,GACV,MAAM,CAAC,SAAS,CAAC,SAAS,GAC1B,SAAS,CAAC,KAAK,CAAC,SAAS,GACzB,MAAM,CAAC,eAAe,CAAA;CAC3B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,KAAK,CAAC,yBAAyB,GACvC,KAAK,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAyBvC;AAED,MAAM,CAAC,OAAO,WAAW,gBAAgB,CAAC;IACxC,KAAK,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,GAAG,MAAM,CAAC,eAAe,CAAA;CACrE;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,KAAK,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAC7C,KAAK,CAAC,yBAAyB,CAyBjC;AAED,MAAM,CAAC,OAAO,WAAW,kBAAkB,CAAC;IAC1C,KAAK,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,eAAe,CAAA;CACnE;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CA4BtE;AAED,MAAM,CAAC,OAAO,WAAW,mBAAmB,CAAC;IAC3C,KAAK,SAAS,GACV,MAAM,CAAC,OAAO,CAAC,SAAS,GACxB,SAAS,CAAC,IAAI,CAAC,SAAS,GACxB,MAAM,CAAC,eAAe,CAAA;CAC3B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAiNjE;AAED,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC;IAC9B,KAAK,OAAO,GAAG;QACb;;;;;;WAMG;QACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,SAAS,CAAA;QAC7C,4DAA4D;QAC5D,UAAU,EAAE;YACV,iBAAiB,EAAE,WAAW,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAA;YAC9D,cAAc,EAAE,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAA;YACxD,EAAE,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAA;YAC7C,GAAG,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,SAAS,CAAA;SAChD,CAAA;QACD;;;;WAIG;QACH,SAAS,EAAE,GAAG,CAAC,GAAG,GAAG,UAAU,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,CAAA;QAClE,yDAAyD;QACzD,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;QACzB,+CAA+C;QAC/C,IAAI,EAAE,MAAM,CAAA;QACZ,6DAA6D;QAC7D,gBAAgB,CAAC,EAAE,KAAK,CAAC,2BAA2B,GAAG,SAAS,CAAA;KACjE,CAAA;IAED,KAAK,UAAU,GAAG,QAAQ,CAAA;IAE1B,KAAK,SAAS,GACV,MAAM,CAAC,OAAO,CAAC,SAAS,GACxB,MAAM,CAAC,SAAS,CAAC,SAAS,GAC1B,KAAK,CAAC,OAAO,CAAC,SAAS,GACvB,KAAK,CAAC,OAAO,CAAC,SAAS,GACvB,IAAI,CAAC,MAAM,CAAC,SAAS,GACrB,OAAO,CAAC,WAAW,CAAC,SAAS,GAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,GACrB,IAAI,CAAC,MAAM,CAAC,SAAS,GACrB,SAAS,CAAC,YAAY,CAAC,SAAS,GAChC,WAAW,GACX,MAAM,CAAC,eAAe,CAAA;CAC3B;AAED,4DAA4D;AAC5D,qBAAa,WAAY,SAAQ,MAAM,CAAC,SAAS;IAC/C,SAAkB,IAAI,8BAA6B;CACpD;AAED,6DAA6D;AAC7D,qBAAa,iBAAkB,SAAQ,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;IAC5D,SAAkB,IAAI,oCAAmC;gBAE7C,EAAE,KAAK,EAAE,GAAE;QAAE,KAAK,CAAC,EAAE,KAAK,GAAG,SAAS,CAAA;KAAO;CAK1D"}

package/_types/webauthn/Types.d.ts

@@ -0,0 +1,106 @@
+import type * as Hex from '../core/Hex.js';
+export type AttestationConveyancePreference = 'direct' | 'enterprise' | 'indirect' | 'none';
+export type AuthenticatorAttachment = 'cross-platform' | 'platform';
+export type AuthenticatorTransport = 'ble' | 'hybrid' | 'internal' | 'nfc' | 'usb';
+export type COSEAlgorithmIdentifier = number;
+export type CredentialMediationRequirement = 'conditional' | 'optional' | 'required' | 'silent';
+export type PublicKeyCredentialType = 'public-key';
+export type ResidentKeyRequirement = 'discouraged' | 'preferred' | 'required';
+export type UserVerificationRequirement = 'discouraged' | 'preferred' | 'required';
+export type LargeBlobSupport = {
+    support: 'required' | 'preferred';
+};
+export type BufferSource = ArrayBufferView | ArrayBuffer;
+export type PrfExtension = Record<'eval', Record<'first', Uint8Array>>;
+export interface AuthenticationExtensionsClientInputs<serialized extends boolean = false> {
+    appid?: string;
+    credProps?: boolean;
+    hmacCreateSecret?: boolean;
+    minPinLength?: boolean;
+    prf?: serialized extends true ? {
+        eval: {
+            first: string;
+        };
+    } : PrfExtension;
+    largeBlob?: LargeBlobSupport;
+}
+export interface AuthenticatorSelectionCriteria {
+    authenticatorAttachment?: AuthenticatorAttachment;
+    requireResidentKey?: boolean;
+    residentKey?: ResidentKeyRequirement;
+    userVerification?: UserVerificationRequirement;
+}
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse)
+ */
+export interface AuthenticatorAttestationResponse<serialized extends boolean = false> extends AuthenticatorResponse<serialized> {
+    readonly attestationObject: serialized extends true ? string : ArrayBuffer;
+    getAuthenticatorData(): ArrayBuffer;
+    getPublicKey(): ArrayBuffer | null;
+    getPublicKeyAlgorithm(): COSEAlgorithmIdentifier;
+    getTransports(): string[];
+}
+export interface AuthenticatorResponse<serialized extends boolean = false> {
+    readonly clientDataJSON: serialized extends true ? string : ArrayBuffer;
+}
+export interface Credential {
+    readonly id: string;
+    readonly type: string;
+}
+export interface CredentialCreationOptions<serialized extends boolean = false> {
+    publicKey?: PublicKeyCredentialCreationOptions<serialized>;
+    signal?: AbortSignal;
+}
+export interface CredentialRequestOptions<serialized extends boolean = false> {
+    mediation?: CredentialMediationRequirement;
+    publicKey?: PublicKeyCredentialRequestOptions<serialized>;
+    signal?: AbortSignal;
+}
+export type PublicKeyCredential<serialized extends boolean = false> = Credential & {
+    readonly authenticatorAttachment: string | null;
+    readonly rawId: serialized extends true ? string : ArrayBuffer;
+    readonly response: AuthenticatorResponse<serialized>;
+} & (serialized extends true ? {} : {
+    getClientExtensionResults(): AuthenticationExtensionsClientOutputs;
+});
+export interface PublicKeyCredentialCreationOptions<serialized extends boolean = false> {
+    attestation?: AttestationConveyancePreference;
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    challenge: serialized extends true ? Hex.Hex : BufferSource;
+    excludeCredentials?: PublicKeyCredentialDescriptor<serialized>[];
+    extensions?: AuthenticationExtensionsClientInputs<serialized>;
+    pubKeyCredParams: PublicKeyCredentialParameters[];
+    rp: PublicKeyCredentialRpEntity;
+    timeout?: number;
+    user: PublicKeyCredentialUserEntity<serialized>;
+}
+export interface PublicKeyCredentialDescriptor<serialized extends boolean = false> {
+    id: serialized extends true ? string : BufferSource;
+    transports?: AuthenticatorTransport[];
+    type: PublicKeyCredentialType;
+}
+export interface PublicKeyCredentialEntity {
+    name: string;
+}
+export interface PublicKeyCredentialParameters {
+    alg: COSEAlgorithmIdentifier;
+    type: PublicKeyCredentialType;
+}
+export interface PublicKeyCredentialRequestOptions<serialized extends boolean = false> {
+    allowCredentials?: PublicKeyCredentialDescriptor<serialized>[];
+    challenge: serialized extends true ? Hex.Hex : BufferSource;
+    extensions?: AuthenticationExtensionsClientInputs<serialized>;
+    rpId?: string;
+    timeout?: number;
+    userVerification?: UserVerificationRequirement;
+}
+export interface PublicKeyCredentialRpEntity extends PublicKeyCredentialEntity {
+    id: string;
+}
+export interface PublicKeyCredentialUserEntity<serialized extends boolean = false> extends PublicKeyCredentialEntity {
+    displayName: string;
+    id: serialized extends true ? string : BufferSource;
+}
+//# sourceMappingURL=Types.d.ts.map

package/_types/webauthn/Types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Types.d.ts","sourceRoot":"","sources":["../../webauthn/Types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,GAAG,MAAM,gBAAgB,CAAA;AAE1C,MAAM,MAAM,+BAA+B,GACvC,QAAQ,GACR,YAAY,GACZ,UAAU,GACV,MAAM,CAAA;AAEV,MAAM,MAAM,uBAAuB,GAAG,gBAAgB,GAAG,UAAU,CAAA;AAEnE,MAAM,MAAM,sBAAsB,GAC9B,KAAK,GACL,QAAQ,GACR,UAAU,GACV,KAAK,GACL,KAAK,CAAA;AAET,MAAM,MAAM,uBAAuB,GAAG,MAAM,CAAA;AAE5C,MAAM,MAAM,8BAA8B,GACtC,aAAa,GACb,UAAU,GACV,UAAU,GACV,QAAQ,CAAA;AAEZ,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAAA;AAElD,MAAM,MAAM,sBAAsB,GAAG,aAAa,GAAG,WAAW,GAAG,UAAU,CAAA;AAE7E,MAAM,MAAM,2BAA2B,GACnC,aAAa,GACb,WAAW,GACX,UAAU,CAAA;AAEd,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,UAAU,GAAG,WAAW,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,eAAe,GAAG,WAAW,CAAA;AAExD,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAA;AAEtE,MAAM,WAAW,oCAAoC,CACnD,UAAU,SAAS,OAAO,GAAG,KAAK;IAElC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,GAAG,CAAC,EAAE,UAAU,SAAS,IAAI,GAAG;QAAE,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,GAAG,YAAY,CAAA;IAC1E,SAAS,CAAC,EAAE,gBAAgB,CAAA;CAC7B;AAED,MAAM,WAAW,8BAA8B;IAC7C,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;IACjD,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,WAAW,CAAC,EAAE,sBAAsB,CAAA;IACpC,gBAAgB,CAAC,EAAE,2BAA2B,CAAA;CAC/C;AAED;;;;GAIG;AACH,MAAM,WAAW,gCAAgC,CAC/C,UAAU,SAAS,OAAO,GAAG,KAAK,CAClC,SAAQ,qBAAqB,CAAC,UAAU,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,UAAU,SAAS,IAAI,GAAG,MAAM,GAAG,WAAW,CAAA;IAC1E,oBAAoB,IAAI,WAAW,CAAA;IACnC,YAAY,IAAI,WAAW,GAAG,IAAI,CAAA;IAClC,qBAAqB,IAAI,uBAAuB,CAAA;IAChD,aAAa,IAAI,MAAM,EAAE,CAAA;CAC1B;AAED,MAAM,WAAW,qBAAqB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK;IACvE,QAAQ,CAAC,cAAc,EAAE,UAAU,SAAS,IAAI,GAAG,MAAM,GAAG,WAAW,CAAA;CACxE;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CACtB;AAED,MAAM,WAAW,yBAAyB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK;IAC3E,SAAS,CAAC,EAAE,kCAAkC,CAAC,UAAU,CAAC,CAAA;IAC1D,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED,MAAM,WAAW,wBAAwB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK;IAC1E,SAAS,CAAC,EAAE,8BAA8B,CAAA;IAC1C,SAAS,CAAC,EAAE,iCAAiC,CAAC,UAAU,CAAC,CAAA;IACzD,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED,MAAM,MAAM,mBAAmB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAChE,UAAU,GAAG;IACX,QAAQ,CAAC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/C,QAAQ,CAAC,KAAK,EAAE,UAAU,SAAS,IAAI,GAAG,MAAM,GAAG,WAAW,CAAA;IAC9D,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC,UAAU,CAAC,CAAA;CACrD,GAAG,CAAC,UAAU,SAAS,IAAI,GACtB,EAAE,GACF;IACE,yBAAyB,IAAI,qCAAqC,CAAA;CACnE,CAAC,CAAA;AAEV,MAAM,WAAW,kCAAkC,CACjD,UAAU,SAAS,OAAO,GAAG,KAAK;IAElC,WAAW,CAAC,EAAE,+BAA+B,CAAA;IAC7C,sBAAsB,CAAC,EAAE,8BAA8B,CAAA;IACvD,SAAS,EAAE,UAAU,SAAS,IAAI,GAAG,GAAG,CAAC,GAAG,GAAG,YAAY,CAAA;IAC3D,kBAAkB,CAAC,EAAE,6BAA6B,CAAC,UAAU,CAAC,EAAE,CAAA;IAChE,UAAU,CAAC,EAAE,oCAAoC,CAAC,UAAU,CAAC,CAAA;IAC7D,gBAAgB,EAAE,6BAA6B,EAAE,CAAA;IACjD,EAAE,EAAE,2BAA2B,CAAA;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,6BAA6B,CAAC,UAAU,CAAC,CAAA;CAChD;AAED,MAAM,WAAW,6BAA6B,CAC5C,UAAU,SAAS,OAAO,GAAG,KAAK;IAElC,EAAE,EAAE,UAAU,SAAS,IAAI,GAAG,MAAM,GAAG,YAAY,CAAA;IACnD,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAA;IACrC,IAAI,EAAE,uBAAuB,CAAA;CAC9B;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,6BAA6B;IAC5C,GAAG,EAAE,uBAAuB,CAAA;IAC5B,IAAI,EAAE,uBAAuB,CAAA;CAC9B;AAED,MAAM,WAAW,iCAAiC,CAChD,UAAU,SAAS,OAAO,GAAG,KAAK;IAElC,gBAAgB,CAAC,EAAE,6BAA6B,CAAC,UAAU,CAAC,EAAE,CAAA;IAC9D,SAAS,EAAE,UAAU,SAAS,IAAI,GAAG,GAAG,CAAC,GAAG,GAAG,YAAY,CAAA;IAC3D,UAAU,CAAC,EAAE,oCAAoC,CAAC,UAAU,CAAC,CAAA;IAC7D,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,2BAA2B,CAAA;CAC/C;AAED,MAAM,WAAW,2BAA4B,SAAQ,yBAAyB;IAC5E,EAAE,EAAE,MAAM,CAAA;CACX;AAED,MAAM,WAAW,6BAA6B,CAC5C,UAAU,SAAS,OAAO,GAAG,KAAK,CAClC,SAAQ,yBAAyB;IACjC,WAAW,EAAE,MAAM,CAAA;IACnB,EAAE,EAAE,UAAU,SAAS,IAAI,GAAG,MAAM,GAAG,YAAY,CAAA;CACpD"}

package/_types/webauthn/index.d.ts

@@ -0,0 +1,33 @@
+/** @entrypointCategory WebAuthn */
+export type {};
+/**
+ * Utility functions and types for WebAuthn authentication ceremonies (signing and verification).
+ *
+ * @category WebAuthn
+ */
+export * as Authentication from './Authentication.js';
+/**
+ * Utility functions for constructing and parsing authenticator data and client data JSON.
+ *
+ * @category WebAuthn
+ */
+export * as Authenticator from './Authenticator.js';
+/**
+ * Utility functions and types for WebAuthn P256 credentials.
+ *
+ * @category WebAuthn
+ */
+export * as Credential from './Credential.js';
+/**
+ * Utility functions and types for WebAuthn registration ceremonies (credential creation and verification).
+ *
+ * @category WebAuthn
+ */
+export * as Registration from './Registration.js';
+/**
+ * WebAuthn type definitions.
+ *
+ * @category WebAuthn
+ */
+export * as Types from './Types.js';
+//# sourceMappingURL=index.d.ts.map

package/_types/webauthn/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../webauthn/index.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAEnC,YAAY,EAAE,CAAA;AAEd;;;;GAIG;AACH,OAAO,KAAK,cAAc,MAAM,qBAAqB,CAAA;AAErD;;;;GAIG;AACH,OAAO,KAAK,aAAa,MAAM,oBAAoB,CAAA;AAEnD;;;;GAIG;AACH,OAAO,KAAK,UAAU,MAAM,iBAAiB,CAAA;AAE7C;;;;GAIG;AACH,OAAO,KAAK,YAAY,MAAM,mBAAmB,CAAA;AAEjD;;;;GAIG;AACH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAA"}

package/_types/webauthn/internal/utils.d.ts

@@ -0,0 +1,17 @@
+import type * as Types from '../Types.js';
+/** @internal */
+export declare const base64UrlOptions: {
+    readonly url: true;
+    readonly pad: false;
+};
+/** @internal */
+export declare const responseKeys: readonly ["attestationObject", "authenticatorData", "clientDataJSON", "signature", "userHandle"];
+/** @internal */
+export declare function bytesToArrayBuffer(bytes: Uint8Array): ArrayBuffer;
+/** @internal */
+export declare function bufferSourceToBytes(source: Types.BufferSource): Uint8Array;
+/** @internal */
+export declare function serializeExtensions(extensions: Types.AuthenticationExtensionsClientInputs): Types.AuthenticationExtensionsClientInputs<true>;
+/** @internal */
+export declare function deserializeExtensions(extensions: Types.AuthenticationExtensionsClientInputs<true>): Types.AuthenticationExtensionsClientInputs;
+//# sourceMappingURL=utils.d.ts.map

package/_types/webauthn/internal/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../webauthn/internal/utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,KAAK,KAAK,MAAM,aAAa,CAAA;AAEzC,gBAAgB;AAChB,eAAO,MAAM,gBAAgB;;;CAAqC,CAAA;AAElE,gBAAgB;AAChB,eAAO,MAAM,YAAY,kGAMf,CAAA;AAEV,gBAAgB;AAChB,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,UAAU,GAAG,WAAW,CAKjE;AAED,gBAAgB;AAChB,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,YAAY,GAAG,UAAU,CAI1E;AAED,gBAAgB;AAChB,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,KAAK,CAAC,oCAAoC,GACrD,KAAK,CAAC,oCAAoC,CAAC,IAAI,CAAC,CAYlD;AAED,gBAAgB;AAChB,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,KAAK,CAAC,oCAAoC,CAAC,IAAI,CAAC,GAC3D,KAAK,CAAC,oCAAoC,CAY5C"}

package/core/P256.ts

@@ -336,7 +336,7 @@ export function verify(options: verify.Options): boolean {
     signature,
     payload instanceof Uint8Array ? payload : Bytes.fromHex(payload),
     PublicKey.toHex(publicKey).substring(2),
-    ...(hash ? [{ prehash: true, lowS: true }] : []),
+    { lowS: true, ...(hash ? { prehash: true } : {}) },
   )
 }