postex-auth-sdk-stage 2.3.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -3
- package/dist/auth.d.ts +20 -7
- package/dist/postex-auth-sdk-stage.es.js +300 -296
- package/dist/postex-auth-sdk-stage.iife.js +1 -1
- package/dist/postex-auth-sdk-stage.umd.js +1 -1
- package/package.json +1 -1
|
@@ -9,129 +9,129 @@ async function j() {
|
|
|
9
9
|
return !1;
|
|
10
10
|
}
|
|
11
11
|
}
|
|
12
|
-
function N(
|
|
13
|
-
const e = new Uint8Array(
|
|
14
|
-
let
|
|
12
|
+
function N(a) {
|
|
13
|
+
const e = new Uint8Array(a);
|
|
14
|
+
let s = "";
|
|
15
15
|
for (let t = 0; t < e.byteLength; t++)
|
|
16
|
-
|
|
17
|
-
return btoa(
|
|
16
|
+
s += String.fromCharCode(e[t]);
|
|
17
|
+
return btoa(s);
|
|
18
18
|
}
|
|
19
|
-
function C(
|
|
20
|
-
if (typeof
|
|
19
|
+
function C(a) {
|
|
20
|
+
if (typeof a != "string" || !a)
|
|
21
21
|
throw new Error("Invalid base64: expected non-empty string");
|
|
22
|
-
const e =
|
|
22
|
+
const e = a.replace(/\s/g, "").replace(/-/g, "+").replace(/_/g, "/"), s = e.length % 4, t = s > 0 ? e + "=".repeat(4 - s) : e;
|
|
23
23
|
try {
|
|
24
|
-
const n = atob(t),
|
|
25
|
-
for (let
|
|
26
|
-
|
|
27
|
-
return
|
|
24
|
+
const n = atob(t), r = new Uint8Array(n.length);
|
|
25
|
+
for (let o = 0; o < n.length; o++)
|
|
26
|
+
r[o] = n.charCodeAt(o);
|
|
27
|
+
return r.buffer;
|
|
28
28
|
} catch {
|
|
29
29
|
throw new Error(
|
|
30
30
|
"Invalid base64: string is not correctly encoded. Check challenge/credentialId from server."
|
|
31
31
|
);
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
|
-
function
|
|
35
|
-
return N(
|
|
34
|
+
function y(a) {
|
|
35
|
+
return N(a).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
|
|
36
36
|
}
|
|
37
|
-
function H(
|
|
37
|
+
function H(a) {
|
|
38
38
|
return /^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$/i.test(
|
|
39
|
-
|
|
39
|
+
a
|
|
40
40
|
);
|
|
41
41
|
}
|
|
42
|
-
function J(
|
|
43
|
-
const e =
|
|
44
|
-
for (let t = 0; t <
|
|
45
|
-
|
|
46
|
-
return
|
|
42
|
+
function J(a) {
|
|
43
|
+
const e = a.replace(/-/g, ""), s = new Uint8Array(e.length / 2);
|
|
44
|
+
for (let t = 0; t < s.length; t++)
|
|
45
|
+
s[t] = parseInt(e.substr(t * 2, 2), 16);
|
|
46
|
+
return s.buffer;
|
|
47
47
|
}
|
|
48
|
-
function b(
|
|
49
|
-
if (!
|
|
48
|
+
function b(a) {
|
|
49
|
+
if (!a || typeof a != "string")
|
|
50
50
|
throw new Error("Invalid input: expected non-empty string");
|
|
51
|
-
return H(
|
|
51
|
+
return H(a) ? J(a) : C(a);
|
|
52
52
|
}
|
|
53
|
-
function k(
|
|
54
|
-
return new TextEncoder().encode(
|
|
53
|
+
function k(a) {
|
|
54
|
+
return new TextEncoder().encode(a).buffer;
|
|
55
55
|
}
|
|
56
|
-
function F(
|
|
57
|
-
return String.fromCharCode(...
|
|
56
|
+
function F(a) {
|
|
57
|
+
return String.fromCharCode(...a);
|
|
58
58
|
}
|
|
59
59
|
const G = "xpay_webauthn", W = 1, u = "passkey_data", E = "passkey_email", _ = "passkey_mobile_number";
|
|
60
|
-
function
|
|
61
|
-
return new Promise((
|
|
62
|
-
const
|
|
63
|
-
|
|
64
|
-
const t =
|
|
60
|
+
function m() {
|
|
61
|
+
return new Promise((a, e) => {
|
|
62
|
+
const s = indexedDB.open(G, W);
|
|
63
|
+
s.onerror = () => e(s.error), s.onsuccess = () => a(s.result), s.onupgradeneeded = () => {
|
|
64
|
+
const t = s.result;
|
|
65
65
|
t.objectStoreNames.contains(u) || t.createObjectStore(u);
|
|
66
66
|
};
|
|
67
67
|
});
|
|
68
68
|
}
|
|
69
69
|
async function Y() {
|
|
70
70
|
try {
|
|
71
|
-
const
|
|
72
|
-
return new Promise((e,
|
|
73
|
-
const t =
|
|
74
|
-
|
|
71
|
+
const a = await m();
|
|
72
|
+
return new Promise((e, s) => {
|
|
73
|
+
const t = a.transaction(u, "readonly"), r = t.objectStore(u).get(E);
|
|
74
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(r.result ?? null), t.oncomplete = () => a.close();
|
|
75
75
|
});
|
|
76
76
|
} catch {
|
|
77
77
|
return null;
|
|
78
78
|
}
|
|
79
79
|
}
|
|
80
|
-
async function V(
|
|
80
|
+
async function V(a) {
|
|
81
81
|
try {
|
|
82
|
-
const e = await
|
|
83
|
-
return new Promise((
|
|
84
|
-
const n = e.transaction(u, "readwrite"),
|
|
85
|
-
|
|
82
|
+
const e = await m();
|
|
83
|
+
return new Promise((s, t) => {
|
|
84
|
+
const n = e.transaction(u, "readwrite"), o = n.objectStore(u).put(a, E);
|
|
85
|
+
o.onerror = () => t(o.error), o.onsuccess = () => s(), n.oncomplete = () => e.close();
|
|
86
86
|
});
|
|
87
87
|
} catch {
|
|
88
88
|
}
|
|
89
89
|
}
|
|
90
90
|
async function X() {
|
|
91
91
|
try {
|
|
92
|
-
const
|
|
93
|
-
return new Promise((e,
|
|
94
|
-
const t =
|
|
95
|
-
|
|
92
|
+
const a = await m();
|
|
93
|
+
return new Promise((e, s) => {
|
|
94
|
+
const t = a.transaction(u, "readwrite"), r = t.objectStore(u).delete(E);
|
|
95
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(), t.oncomplete = () => a.close();
|
|
96
96
|
});
|
|
97
97
|
} catch {
|
|
98
98
|
}
|
|
99
99
|
}
|
|
100
100
|
async function Z() {
|
|
101
101
|
try {
|
|
102
|
-
const
|
|
103
|
-
return new Promise((e,
|
|
104
|
-
const t =
|
|
105
|
-
|
|
102
|
+
const a = await m();
|
|
103
|
+
return new Promise((e, s) => {
|
|
104
|
+
const t = a.transaction(u, "readonly"), r = t.objectStore(u).get(_);
|
|
105
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(r.result ?? null), t.oncomplete = () => a.close();
|
|
106
106
|
});
|
|
107
107
|
} catch {
|
|
108
108
|
return null;
|
|
109
109
|
}
|
|
110
110
|
}
|
|
111
|
-
async function Q(
|
|
111
|
+
async function Q(a) {
|
|
112
112
|
try {
|
|
113
|
-
const e = await
|
|
114
|
-
return new Promise((
|
|
115
|
-
const n = e.transaction(u, "readwrite"),
|
|
116
|
-
|
|
113
|
+
const e = await m();
|
|
114
|
+
return new Promise((s, t) => {
|
|
115
|
+
const n = e.transaction(u, "readwrite"), o = n.objectStore(u).put(a, _);
|
|
116
|
+
o.onerror = () => t(o.error), o.onsuccess = () => s(), n.oncomplete = () => e.close();
|
|
117
117
|
});
|
|
118
118
|
} catch {
|
|
119
119
|
}
|
|
120
120
|
}
|
|
121
121
|
async function ee() {
|
|
122
122
|
try {
|
|
123
|
-
const
|
|
124
|
-
return new Promise((e,
|
|
125
|
-
const t =
|
|
126
|
-
|
|
123
|
+
const a = await m();
|
|
124
|
+
return new Promise((e, s) => {
|
|
125
|
+
const t = a.transaction(u, "readwrite"), r = t.objectStore(u).delete(_);
|
|
126
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(), t.oncomplete = () => a.close();
|
|
127
127
|
});
|
|
128
128
|
} catch {
|
|
129
129
|
}
|
|
130
130
|
}
|
|
131
|
-
const S = "dpop_private_key",
|
|
132
|
-
function K(
|
|
133
|
-
if (!
|
|
134
|
-
const e =
|
|
131
|
+
const S = "dpop_private_key", v = "dpop_public_key_jwk";
|
|
132
|
+
function K(a) {
|
|
133
|
+
if (!a || typeof a != "object") return !1;
|
|
134
|
+
const e = a;
|
|
135
135
|
return e.kty === "EC" && e.crv === "P-256" && typeof e.x == "string" && typeof e.y == "string";
|
|
136
136
|
}
|
|
137
137
|
class g extends Error {
|
|
@@ -139,43 +139,43 @@ class g extends Error {
|
|
|
139
139
|
super(e), this.name = "DPoPProofGenerationError";
|
|
140
140
|
}
|
|
141
141
|
}
|
|
142
|
-
function te(
|
|
142
|
+
function te(a) {
|
|
143
143
|
return {
|
|
144
144
|
kty: "EC",
|
|
145
145
|
crv: "P-256",
|
|
146
|
-
x:
|
|
147
|
-
y:
|
|
146
|
+
x: a.x,
|
|
147
|
+
y: a.y
|
|
148
148
|
};
|
|
149
149
|
}
|
|
150
|
-
async function q(
|
|
150
|
+
async function q(a) {
|
|
151
151
|
const e = JSON.stringify({
|
|
152
|
-
crv:
|
|
153
|
-
kty:
|
|
154
|
-
x:
|
|
155
|
-
y:
|
|
156
|
-
}),
|
|
152
|
+
crv: a.crv,
|
|
153
|
+
kty: a.kty,
|
|
154
|
+
x: a.x,
|
|
155
|
+
y: a.y
|
|
156
|
+
}), s = await crypto.subtle.digest(
|
|
157
157
|
"SHA-256",
|
|
158
158
|
new TextEncoder().encode(e)
|
|
159
159
|
);
|
|
160
|
-
return
|
|
160
|
+
return y(s);
|
|
161
161
|
}
|
|
162
|
-
async function
|
|
162
|
+
async function se(a) {
|
|
163
163
|
try {
|
|
164
|
-
const e = await
|
|
165
|
-
return new Promise((
|
|
166
|
-
const n = e.transaction(u, "readwrite"),
|
|
167
|
-
|
|
164
|
+
const e = await m();
|
|
165
|
+
return new Promise((s, t) => {
|
|
166
|
+
const n = e.transaction(u, "readwrite"), o = n.objectStore(u).put(a, S);
|
|
167
|
+
o.onerror = () => t(o.error), o.onsuccess = () => s(), n.oncomplete = () => e.close();
|
|
168
168
|
});
|
|
169
169
|
} catch (e) {
|
|
170
170
|
console.error("Failed to store DPoP private key:", e);
|
|
171
171
|
}
|
|
172
172
|
}
|
|
173
|
-
async function
|
|
173
|
+
async function re(a) {
|
|
174
174
|
try {
|
|
175
|
-
const e = await
|
|
176
|
-
return new Promise((
|
|
177
|
-
const n = e.transaction(u, "readwrite"),
|
|
178
|
-
|
|
175
|
+
const e = await m();
|
|
176
|
+
return new Promise((s, t) => {
|
|
177
|
+
const n = e.transaction(u, "readwrite"), o = n.objectStore(u).put(a, v);
|
|
178
|
+
o.onerror = () => t(o.error), o.onsuccess = () => s(), n.oncomplete = () => e.close();
|
|
179
179
|
});
|
|
180
180
|
} catch (e) {
|
|
181
181
|
console.error("Failed to store DPoP public key JWK:", e);
|
|
@@ -183,21 +183,21 @@ async function se(o) {
|
|
|
183
183
|
}
|
|
184
184
|
async function $() {
|
|
185
185
|
try {
|
|
186
|
-
const
|
|
187
|
-
return new Promise((e,
|
|
188
|
-
const t =
|
|
189
|
-
|
|
186
|
+
const a = await m();
|
|
187
|
+
return new Promise((e, s) => {
|
|
188
|
+
const t = a.transaction(u, "readonly"), r = t.objectStore(u).get(S);
|
|
189
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(r.result ?? null), t.oncomplete = () => a.close();
|
|
190
190
|
});
|
|
191
191
|
} catch {
|
|
192
192
|
return null;
|
|
193
193
|
}
|
|
194
194
|
}
|
|
195
|
-
async function
|
|
195
|
+
async function B() {
|
|
196
196
|
try {
|
|
197
|
-
const
|
|
198
|
-
return new Promise((e,
|
|
199
|
-
const t =
|
|
200
|
-
|
|
197
|
+
const a = await m();
|
|
198
|
+
return new Promise((e, s) => {
|
|
199
|
+
const t = a.transaction(u, "readonly"), r = t.objectStore(u).get(v);
|
|
200
|
+
r.onerror = () => s(r.error), r.onsuccess = () => e(r.result ?? null), t.oncomplete = () => a.close();
|
|
201
201
|
});
|
|
202
202
|
} catch {
|
|
203
203
|
return null;
|
|
@@ -205,18 +205,18 @@ async function U() {
|
|
|
205
205
|
}
|
|
206
206
|
async function T() {
|
|
207
207
|
try {
|
|
208
|
-
const
|
|
209
|
-
return new Promise((e,
|
|
210
|
-
const t =
|
|
211
|
-
n.delete(S), n.delete(
|
|
212
|
-
|
|
208
|
+
const a = await m();
|
|
209
|
+
return new Promise((e, s) => {
|
|
210
|
+
const t = a.transaction(u, "readwrite"), n = t.objectStore(u);
|
|
211
|
+
n.delete(S), n.delete(v), t.onerror = () => s(t.error), t.oncomplete = () => {
|
|
212
|
+
a.close(), e();
|
|
213
213
|
};
|
|
214
214
|
});
|
|
215
215
|
} catch {
|
|
216
216
|
}
|
|
217
217
|
}
|
|
218
218
|
async function ne() {
|
|
219
|
-
const
|
|
219
|
+
const a = await crypto.subtle.generateKey(
|
|
220
220
|
{
|
|
221
221
|
name: "ECDSA",
|
|
222
222
|
namedCurve: "P-256"
|
|
@@ -224,64 +224,64 @@ async function ne() {
|
|
|
224
224
|
!1,
|
|
225
225
|
// Private key is non-extractable
|
|
226
226
|
["sign", "verify"]
|
|
227
|
-
), e = await crypto.subtle.exportKey("jwk",
|
|
228
|
-
return await
|
|
227
|
+
), e = await crypto.subtle.exportKey("jwk", a.publicKey), s = te(e), t = await q(s);
|
|
228
|
+
return await se(a.privateKey), await re(s), { publicKey: s, thumbprint: t };
|
|
229
229
|
}
|
|
230
230
|
async function oe() {
|
|
231
|
-
const
|
|
232
|
-
return
|
|
231
|
+
const a = await $(), e = await B();
|
|
232
|
+
return a && K(e) ? {
|
|
233
233
|
publicKey: e,
|
|
234
234
|
thumbprint: await q(e)
|
|
235
|
-
} : ((
|
|
235
|
+
} : ((a || e) && await T(), ne());
|
|
236
236
|
}
|
|
237
|
-
async function ae(
|
|
237
|
+
async function ae(a, e, s) {
|
|
238
238
|
try {
|
|
239
|
-
const t = await $(), n = await
|
|
239
|
+
const t = await $(), n = await B();
|
|
240
240
|
if (!t || !K(n))
|
|
241
241
|
throw new g(
|
|
242
242
|
"DPoP key material is unavailable or invalid"
|
|
243
243
|
);
|
|
244
|
-
const
|
|
244
|
+
const r = {
|
|
245
245
|
typ: "dpop+jwt",
|
|
246
246
|
alg: "ES256",
|
|
247
247
|
jwk: n
|
|
248
248
|
// Public key in JWK format
|
|
249
|
-
},
|
|
249
|
+
}, o = new URL(
|
|
250
250
|
e,
|
|
251
251
|
typeof window < "u" ? window.location.origin : void 0
|
|
252
|
-
), l = `${
|
|
252
|
+
), l = `${o.origin}${o.pathname}`, c = {
|
|
253
253
|
jti: crypto.randomUUID(),
|
|
254
|
-
htm:
|
|
254
|
+
htm: a.toUpperCase(),
|
|
255
255
|
htu: l,
|
|
256
256
|
iat: Math.floor(Date.now() / 1e3)
|
|
257
257
|
};
|
|
258
|
-
if (
|
|
259
|
-
const L = new TextEncoder().encode(
|
|
260
|
-
c.ath =
|
|
258
|
+
if (s) {
|
|
259
|
+
const L = new TextEncoder().encode(s), M = await crypto.subtle.digest("SHA-256", L);
|
|
260
|
+
c.ath = y(M);
|
|
261
261
|
}
|
|
262
|
-
const d =
|
|
263
|
-
new TextEncoder().encode(JSON.stringify(
|
|
264
|
-
), i =
|
|
262
|
+
const d = y(
|
|
263
|
+
new TextEncoder().encode(JSON.stringify(r)).buffer
|
|
264
|
+
), i = y(
|
|
265
265
|
new TextEncoder().encode(JSON.stringify(c)).buffer
|
|
266
|
-
),
|
|
266
|
+
), h = `${d}.${i}`, f = await crypto.subtle.sign(
|
|
267
267
|
{
|
|
268
268
|
name: "ECDSA",
|
|
269
269
|
hash: { name: "SHA-256" }
|
|
270
270
|
},
|
|
271
271
|
t,
|
|
272
|
-
new TextEncoder().encode(
|
|
273
|
-
), w =
|
|
272
|
+
new TextEncoder().encode(h)
|
|
273
|
+
), w = y(f);
|
|
274
274
|
return `${d}.${i}.${w}`;
|
|
275
275
|
} catch (t) {
|
|
276
276
|
throw console.error("Failed to generate DPoP proof:", t), t instanceof g ? t : new g("Failed to generate DPoP proof");
|
|
277
277
|
}
|
|
278
278
|
}
|
|
279
|
-
const
|
|
279
|
+
const U = {
|
|
280
280
|
isWebAuthnSupported: O,
|
|
281
281
|
isConditionalUISupported: j,
|
|
282
282
|
arrayBufferToBase64: N,
|
|
283
283
|
base64ToArrayBuffer: C,
|
|
284
|
-
arrayBufferToBase64url:
|
|
284
|
+
arrayBufferToBase64url: y,
|
|
285
285
|
base64urlToArrayBuffer: b,
|
|
286
286
|
stringToArrayBuffer: k,
|
|
287
287
|
uint8ArrayToString: F,
|
|
@@ -292,24 +292,24 @@ const B = {
|
|
|
292
292
|
setPasskeyMobileNumber: Q,
|
|
293
293
|
clearPasskeyMobileNumber: ee
|
|
294
294
|
};
|
|
295
|
-
typeof window < "u" && (window.WebAuthn =
|
|
295
|
+
typeof window < "u" && (window.WebAuthn = U);
|
|
296
296
|
const ie = typeof window < "u" ? window : globalThis;
|
|
297
|
-
ie.WebAuthn =
|
|
297
|
+
ie.WebAuthn = U;
|
|
298
298
|
const P = "postex-auth-token", ce = "postexglobal", le = {
|
|
299
299
|
xstak: "https://auth-stage.xstak.com/public/v1",
|
|
300
300
|
postex: "https://auth-stage.postex.pk/public/v1",
|
|
301
301
|
callcourier: "https://auth-stage.callcourier.com.pk/public/v1",
|
|
302
302
|
postexglobal: "https://auth-stage.postexglobal.com/public/v1",
|
|
303
303
|
postexsa: "https://auth-stage.postex.sa/public/v1"
|
|
304
|
-
}, ue = /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/, de = /^\+[1-9]\d{6,14}$/, he = /^\d{6}$/, pe = /^[A-Za-z0-9_-]{16,512}$/,
|
|
304
|
+
}, ue = /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/, de = /^\+[1-9]\d{6,14}$/, he = /^\d{6}$/, pe = /^[A-Za-z0-9_-]{16,512}$/, ye = /[\u0000-\u001F\u007F-\u009F]/, me = /[A-Za-z]/, fe = /[\u0400-\u04FF]/, A = 254, x = 16, I = 64, D = 64;
|
|
305
305
|
class we extends Error {
|
|
306
|
-
constructor(e,
|
|
307
|
-
super(t ?? `Request failed with status ${e}`), this.response = { status: e, data:
|
|
306
|
+
constructor(e, s, t) {
|
|
307
|
+
super(t ?? `Request failed with status ${e}`), this.response = { status: e, data: s }, this.name = "AuthSDKFetchError";
|
|
308
308
|
}
|
|
309
309
|
}
|
|
310
|
-
class
|
|
311
|
-
constructor(e,
|
|
312
|
-
super(
|
|
310
|
+
class p extends Error {
|
|
311
|
+
constructor(e, s, t = "invalid_input") {
|
|
312
|
+
super(s), this.field = e, this.code = t, this.name = "SDKValidationError";
|
|
313
313
|
}
|
|
314
314
|
}
|
|
315
315
|
const R = "auth_sdk_refresh_token";
|
|
@@ -329,97 +329,97 @@ class z {
|
|
|
329
329
|
}
|
|
330
330
|
createDPoPInitializationPromise() {
|
|
331
331
|
const e = this.initializeDPoPState();
|
|
332
|
-
return e.catch((
|
|
333
|
-
console.warn("[AuthSDK] DPoP initialization failed:",
|
|
332
|
+
return e.catch((s) => {
|
|
333
|
+
console.warn("[AuthSDK] DPoP initialization failed:", s);
|
|
334
334
|
}), e;
|
|
335
335
|
}
|
|
336
336
|
resetDPoPInitialization() {
|
|
337
337
|
this.dpopInitializationPromise = this.createDPoPInitializationPromise();
|
|
338
338
|
}
|
|
339
|
-
async getRequiredDPoPProof(e,
|
|
340
|
-
return await this.ensureDPoPInitialized(), ae(e.toUpperCase(),
|
|
339
|
+
async getRequiredDPoPProof(e, s, t) {
|
|
340
|
+
return await this.ensureDPoPInitialized(), ae(e.toUpperCase(), s, t);
|
|
341
341
|
}
|
|
342
342
|
containsControlChars(e) {
|
|
343
|
-
return
|
|
343
|
+
return ye.test(e);
|
|
344
344
|
}
|
|
345
345
|
hasMixedLatinAndCyrillic(e) {
|
|
346
|
-
return
|
|
346
|
+
return me.test(e) && fe.test(e);
|
|
347
347
|
}
|
|
348
|
-
assertNoControlChars(e,
|
|
349
|
-
if (this.containsControlChars(
|
|
350
|
-
throw new
|
|
348
|
+
assertNoControlChars(e, s) {
|
|
349
|
+
if (this.containsControlChars(s))
|
|
350
|
+
throw new p(
|
|
351
351
|
e,
|
|
352
352
|
`${e} must not contain control characters`
|
|
353
353
|
);
|
|
354
354
|
}
|
|
355
|
-
validateEmail(e,
|
|
355
|
+
validateEmail(e, s = "email") {
|
|
356
356
|
const t = e.trim();
|
|
357
357
|
if (!t)
|
|
358
|
-
throw new
|
|
359
|
-
if (t.length >
|
|
360
|
-
throw new
|
|
361
|
-
|
|
362
|
-
`${
|
|
358
|
+
throw new p(s, `${s} is required`);
|
|
359
|
+
if (t.length > A)
|
|
360
|
+
throw new p(
|
|
361
|
+
s,
|
|
362
|
+
`${s} must be ${A} characters or fewer`
|
|
363
363
|
);
|
|
364
|
-
this.assertNoControlChars(
|
|
364
|
+
this.assertNoControlChars(s, t);
|
|
365
365
|
const [n = ""] = t.split("@");
|
|
366
366
|
if (this.hasMixedLatinAndCyrillic(n))
|
|
367
|
-
throw new
|
|
368
|
-
|
|
369
|
-
`${
|
|
367
|
+
throw new p(
|
|
368
|
+
s,
|
|
369
|
+
`${s} must not mix Latin and Cyrillic characters in the local part`
|
|
370
370
|
);
|
|
371
371
|
if (!ue.test(t))
|
|
372
|
-
throw new
|
|
372
|
+
throw new p(s, `${s} must be a valid email`);
|
|
373
373
|
return t;
|
|
374
374
|
}
|
|
375
|
-
validateMobileNumber(e,
|
|
375
|
+
validateMobileNumber(e, s = "mobileNumber") {
|
|
376
376
|
const t = e.trim();
|
|
377
377
|
if (!t)
|
|
378
|
-
throw new
|
|
378
|
+
throw new p(s, `${s} is required`);
|
|
379
379
|
if (t.length > x)
|
|
380
|
-
throw new
|
|
381
|
-
|
|
382
|
-
`${
|
|
380
|
+
throw new p(
|
|
381
|
+
s,
|
|
382
|
+
`${s} must be ${x} characters or fewer`
|
|
383
383
|
);
|
|
384
|
-
if (this.assertNoControlChars(
|
|
385
|
-
throw new
|
|
384
|
+
if (this.assertNoControlChars(s, t), !de.test(t))
|
|
385
|
+
throw new p(s, `${s} must be in E.164 format`);
|
|
386
386
|
return t;
|
|
387
387
|
}
|
|
388
|
-
validateUsername(e,
|
|
388
|
+
validateUsername(e, s = "username") {
|
|
389
389
|
const t = e.trim();
|
|
390
390
|
if (!t)
|
|
391
|
-
throw new
|
|
391
|
+
throw new p(s, `${s} is required`);
|
|
392
392
|
if (t.length > I)
|
|
393
|
-
throw new
|
|
394
|
-
|
|
395
|
-
`${
|
|
393
|
+
throw new p(
|
|
394
|
+
s,
|
|
395
|
+
`${s} must be ${I} characters or fewer`
|
|
396
396
|
);
|
|
397
|
-
return this.assertNoControlChars(
|
|
397
|
+
return this.assertNoControlChars(s, t), t;
|
|
398
398
|
}
|
|
399
|
-
validateOTP(e,
|
|
399
|
+
validateOTP(e, s = "otp") {
|
|
400
400
|
const t = e.trim();
|
|
401
|
-
if (this.assertNoControlChars(
|
|
402
|
-
throw new
|
|
401
|
+
if (this.assertNoControlChars(s, t), !he.test(t))
|
|
402
|
+
throw new p(s, `${s} must be a 6-digit code`);
|
|
403
403
|
return t;
|
|
404
404
|
}
|
|
405
|
-
validateMagicLinkToken(e,
|
|
405
|
+
validateMagicLinkToken(e, s = "token") {
|
|
406
406
|
const t = e.trim();
|
|
407
|
-
if (this.assertNoControlChars(
|
|
408
|
-
throw new
|
|
409
|
-
|
|
410
|
-
`${
|
|
407
|
+
if (this.assertNoControlChars(s, t), !pe.test(t))
|
|
408
|
+
throw new p(
|
|
409
|
+
s,
|
|
410
|
+
`${s} must be 16-512 URL-safe characters`
|
|
411
411
|
);
|
|
412
412
|
return t;
|
|
413
413
|
}
|
|
414
414
|
validateRealm(e) {
|
|
415
|
-
const
|
|
416
|
-
if (
|
|
417
|
-
if (this.assertNoControlChars("realm",
|
|
418
|
-
throw new
|
|
415
|
+
const s = e?.trim();
|
|
416
|
+
if (s) {
|
|
417
|
+
if (this.assertNoControlChars("realm", s), s.length > D)
|
|
418
|
+
throw new p(
|
|
419
419
|
"realm",
|
|
420
420
|
`realm must be ${D} characters or fewer`
|
|
421
421
|
);
|
|
422
|
-
return
|
|
422
|
+
return s;
|
|
423
423
|
}
|
|
424
424
|
}
|
|
425
425
|
normalizeAndValidateIdentifier(e) {
|
|
@@ -432,41 +432,41 @@ class z {
|
|
|
432
432
|
normalizeAuthIdentifier(e) {
|
|
433
433
|
return this.normalizeAndValidateIdentifier(e);
|
|
434
434
|
}
|
|
435
|
-
extractRealm(e,
|
|
436
|
-
const t =
|
|
435
|
+
extractRealm(e, s) {
|
|
436
|
+
const t = s?.realm ?? (e && typeof e != "string" ? e.realm : void 0);
|
|
437
437
|
return this.validateRealm(t);
|
|
438
438
|
}
|
|
439
|
-
buildAuthRequestBody(e,
|
|
440
|
-
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e,
|
|
439
|
+
buildAuthRequestBody(e, s) {
|
|
440
|
+
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e, s);
|
|
441
441
|
return {
|
|
442
442
|
...t,
|
|
443
443
|
...n ? { realm: n } : {}
|
|
444
444
|
};
|
|
445
445
|
}
|
|
446
|
-
buildUrl(e,
|
|
447
|
-
const t = this.getBaseUrl().replace(/\/$/, ""), n = e.startsWith("/") ? e : `/${e}`,
|
|
448
|
-
if (!
|
|
449
|
-
const
|
|
450
|
-
return `${
|
|
446
|
+
buildUrl(e, s) {
|
|
447
|
+
const t = this.getBaseUrl().replace(/\/$/, ""), n = e.startsWith("/") ? e : `/${e}`, r = `${t}${n}`;
|
|
448
|
+
if (!s || Object.keys(s).length === 0) return r;
|
|
449
|
+
const o = new URLSearchParams(s).toString();
|
|
450
|
+
return `${r}?${o}`;
|
|
451
451
|
}
|
|
452
|
-
async request(e,
|
|
453
|
-
const n = this.buildUrl(
|
|
452
|
+
async request(e, s, t) {
|
|
453
|
+
const n = this.buildUrl(s, t?.params), r = {
|
|
454
454
|
"Content-Type": "application/json",
|
|
455
455
|
Accept: "application/json",
|
|
456
456
|
"X-API-Key": this.config.apiKey ?? "",
|
|
457
457
|
...t?.headers
|
|
458
|
-
},
|
|
458
|
+
}, o = {
|
|
459
459
|
method: e,
|
|
460
460
|
credentials: "include",
|
|
461
|
-
headers:
|
|
461
|
+
headers: r
|
|
462
462
|
};
|
|
463
|
-
t?.body !== void 0 && t?.body !== null && (
|
|
464
|
-
const l = await fetch(n,
|
|
463
|
+
t?.body !== void 0 && t?.body !== null && (o.body = JSON.stringify(t.body));
|
|
464
|
+
const l = await fetch(n, o);
|
|
465
465
|
if (!l.ok) {
|
|
466
466
|
let i;
|
|
467
467
|
try {
|
|
468
|
-
const
|
|
469
|
-
i =
|
|
468
|
+
const h = await l.text();
|
|
469
|
+
i = h ? JSON.parse(h) : void 0;
|
|
470
470
|
} catch {
|
|
471
471
|
i = void 0;
|
|
472
472
|
}
|
|
@@ -481,60 +481,64 @@ class z {
|
|
|
481
481
|
* @param method - HTTP method (e.g. "GET", "POST")
|
|
482
482
|
* @param url - Full request URL
|
|
483
483
|
*/
|
|
484
|
-
async getRequestAuthHeaders(e,
|
|
484
|
+
async getRequestAuthHeaders(e, s) {
|
|
485
485
|
const t = localStorage.getItem(P);
|
|
486
486
|
if (!t) return {};
|
|
487
|
-
const n =
|
|
487
|
+
const n = s.startsWith("http") ? s : `${this.getBaseUrl()}${s}`, r = await this.getRequiredDPoPProof(e, n, t);
|
|
488
488
|
return {
|
|
489
489
|
Authorization: `Bearer ${t}`,
|
|
490
|
-
DPoP:
|
|
490
|
+
DPoP: r
|
|
491
491
|
};
|
|
492
492
|
}
|
|
493
493
|
/**
|
|
494
494
|
* GET /auth/status - Check if client has trusted device session and what auth method is available.
|
|
495
495
|
* Returns no_session | session_found | webauthn_ready per PostEx Auth BFF spec.
|
|
496
496
|
*/
|
|
497
|
-
async getStatus(e,
|
|
498
|
-
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e,
|
|
499
|
-
t.email && (
|
|
500
|
-
const
|
|
501
|
-
params:
|
|
497
|
+
async getStatus(e, s) {
|
|
498
|
+
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e, s), r = {};
|
|
499
|
+
t.email && (r.email = t.email), t.mobileNumber && (r.mobileNumber = t.mobileNumber), t.username && (r.username = t.username), n && (r.realm = n);
|
|
500
|
+
const o = await this.request("GET", "/auth/status", {
|
|
501
|
+
params: r
|
|
502
502
|
});
|
|
503
|
-
return
|
|
503
|
+
return o.data.data ?? o.data;
|
|
504
504
|
}
|
|
505
505
|
/**
|
|
506
506
|
* POST /auth/initiate - Unified entry: returns webauthn_challenge or otp_sent.
|
|
507
|
-
* Sets auth_session cookie when otp_sent.
|
|
507
|
+
* Sets auth_session cookie and includes delivery metadata when otp_sent.
|
|
508
508
|
*/
|
|
509
|
-
async initiateAuth(e,
|
|
510
|
-
const t = this.buildAuthRequestBody(e,
|
|
509
|
+
async initiateAuth(e, s) {
|
|
510
|
+
const t = this.buildAuthRequestBody(e, s), r = (await this.request("POST", "/auth/initiate", {
|
|
511
511
|
body: t
|
|
512
|
-
}),
|
|
512
|
+
})).data, o = r.data;
|
|
513
513
|
return {
|
|
514
|
-
status:
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
514
|
+
status: o.status,
|
|
515
|
+
message: r.message,
|
|
516
|
+
delivery: o.delivery,
|
|
517
|
+
challenge: o.challenge,
|
|
518
|
+
credentialIds: o.credentialIds,
|
|
519
|
+
rp: o.rp
|
|
518
520
|
};
|
|
519
521
|
}
|
|
520
522
|
/**
|
|
521
523
|
* POST /otp/initiate - Direct OTP initiation using email, mobile number, or username.
|
|
522
524
|
* Requires at least one identifier: email, mobileNumber, or username.
|
|
523
525
|
*/
|
|
524
|
-
async initiateOTP(e,
|
|
525
|
-
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e,
|
|
526
|
-
if (!
|
|
527
|
-
throw new
|
|
526
|
+
async initiateOTP(e, s) {
|
|
527
|
+
const t = this.normalizeAuthIdentifier(e), n = this.extractRealm(e, s), r = t.email, o = t.mobileNumber, l = t.username;
|
|
528
|
+
if (!r && !o && !l)
|
|
529
|
+
throw new p(
|
|
528
530
|
"identifier",
|
|
529
531
|
"Either mobileNumber, email, or username is required"
|
|
530
532
|
);
|
|
531
533
|
const c = {};
|
|
532
|
-
|
|
534
|
+
r && (c.email = r), o && (c.mobileNumber = o), l && (c.username = l), n && (c.realm = n);
|
|
533
535
|
const i = (await this.request("POST", "/otp/initiate", {
|
|
534
536
|
body: c
|
|
535
|
-
})).data;
|
|
537
|
+
})).data, h = i.data;
|
|
536
538
|
return {
|
|
537
|
-
message: i.message
|
|
539
|
+
message: i.message,
|
|
540
|
+
success: i.success,
|
|
541
|
+
...h
|
|
538
542
|
};
|
|
539
543
|
}
|
|
540
544
|
/**
|
|
@@ -542,13 +546,13 @@ class z {
|
|
|
542
546
|
* Stores tokens from the response.
|
|
543
547
|
*/
|
|
544
548
|
async verifyOTP(e) {
|
|
545
|
-
const
|
|
549
|
+
const s = this.validateOTP(e), t = await this.getRequiredDPoPProof(
|
|
546
550
|
"POST",
|
|
547
551
|
`${this.getBaseUrl()}/otp/verify`
|
|
548
552
|
), n = await this.request("POST", "/otp/verify", {
|
|
549
|
-
body: { otp:
|
|
553
|
+
body: { otp: s },
|
|
550
554
|
headers: { DPoP: t }
|
|
551
|
-
}),
|
|
555
|
+
}), r = n.data.data ?? n.data, o = r.AuthenticationResult ?? r, l = o.access_token ?? o.accessToken ?? o.AccessToken, c = o.refresh_token ?? o.refreshToken ?? o.RefreshToken, d = o.expires_in ?? o.expiresIn, i = o.token_type ?? o.tokenType;
|
|
552
556
|
return l && await this.storeTokens({
|
|
553
557
|
accessToken: l,
|
|
554
558
|
refreshToken: c,
|
|
@@ -559,21 +563,21 @@ class z {
|
|
|
559
563
|
refresh_token: c,
|
|
560
564
|
expires_in: d,
|
|
561
565
|
token_type: i,
|
|
562
|
-
verified:
|
|
563
|
-
email:
|
|
564
|
-
...
|
|
566
|
+
verified: o.verified,
|
|
567
|
+
email: o.email ?? o.Email,
|
|
568
|
+
...o
|
|
565
569
|
};
|
|
566
570
|
}
|
|
567
571
|
/**
|
|
568
|
-
* POST /resend - Resend OTP code to the user's email.
|
|
572
|
+
* POST /otp/resend - Resend OTP code to the user's email or mobile number.
|
|
569
573
|
* No payload required, relies on auth_session cookie.
|
|
570
574
|
*/
|
|
571
575
|
async resendOTP() {
|
|
572
|
-
const
|
|
576
|
+
const s = (await this.request("POST", "/otp/resend", {})).data;
|
|
573
577
|
return {
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
...
|
|
578
|
+
message: s.message,
|
|
579
|
+
success: s.success,
|
|
580
|
+
...s.data
|
|
577
581
|
};
|
|
578
582
|
}
|
|
579
583
|
/**
|
|
@@ -582,24 +586,24 @@ class z {
|
|
|
582
586
|
*/
|
|
583
587
|
async verifySignupOTP({
|
|
584
588
|
mobileNumber: e,
|
|
585
|
-
otp:
|
|
589
|
+
otp: s
|
|
586
590
|
}) {
|
|
587
|
-
const t = this.validateMobileNumber(e), n = this.validateOTP(
|
|
591
|
+
const t = this.validateMobileNumber(e), n = this.validateOTP(s), r = await this.getRequiredDPoPProof(
|
|
588
592
|
"POST",
|
|
589
593
|
`${this.getBaseUrl()}/otp/signup/verify`
|
|
590
|
-
),
|
|
594
|
+
), o = await this.request("POST", "/otp/signup/verify", {
|
|
591
595
|
body: { mobileNumber: t, otp: n },
|
|
592
|
-
headers: { DPoP:
|
|
593
|
-
}), l =
|
|
596
|
+
headers: { DPoP: r }
|
|
597
|
+
}), l = o.data.data ?? o.data, c = l.AuthenticationResult ?? l, d = c.access_token ?? c.accessToken ?? c.AccessToken, i = c.refresh_token ?? c.refreshToken ?? c.RefreshToken, h = c.expires_in ?? c.expiresIn, f = c.token_type ?? c.tokenType;
|
|
594
598
|
return d && await this.storeTokens({
|
|
595
599
|
accessToken: d,
|
|
596
600
|
refreshToken: i,
|
|
597
|
-
expiresIn:
|
|
601
|
+
expiresIn: h,
|
|
598
602
|
tokenType: f
|
|
599
603
|
}), {
|
|
600
604
|
access_token: d,
|
|
601
605
|
refresh_token: i,
|
|
602
|
-
expires_in:
|
|
606
|
+
expires_in: h,
|
|
603
607
|
token_type: f,
|
|
604
608
|
verified: c.verified,
|
|
605
609
|
email: c.email ?? c.Email,
|
|
@@ -611,15 +615,15 @@ class z {
|
|
|
611
615
|
*/
|
|
612
616
|
async resendSignupOTP({
|
|
613
617
|
mobileNumber: e,
|
|
614
|
-
email:
|
|
618
|
+
email: s = ""
|
|
615
619
|
}) {
|
|
616
|
-
const t = this.validateMobileNumber(e), n =
|
|
620
|
+
const t = this.validateMobileNumber(e), n = s ? this.validateEmail(s) : "", r = await this.request("POST", "/otp/signup/resend", {
|
|
617
621
|
body: { email: n, mobileNumber: t }
|
|
618
|
-
}),
|
|
622
|
+
}), o = r.data.data ?? r.data;
|
|
619
623
|
return {
|
|
620
|
-
success:
|
|
621
|
-
message:
|
|
622
|
-
...
|
|
624
|
+
success: o.success,
|
|
625
|
+
message: o.message,
|
|
626
|
+
...o
|
|
623
627
|
};
|
|
624
628
|
}
|
|
625
629
|
/**
|
|
@@ -627,10 +631,10 @@ class z {
|
|
|
627
631
|
* Sets auth_session cookie on success.
|
|
628
632
|
*/
|
|
629
633
|
async verifyMagicLink(e) {
|
|
630
|
-
const
|
|
634
|
+
const s = this.validateMagicLinkToken(e);
|
|
631
635
|
await this.request("GET", "/verify/magic-link", {
|
|
632
636
|
params: {
|
|
633
|
-
token:
|
|
637
|
+
token: s,
|
|
634
638
|
redirect_mode: "frontend"
|
|
635
639
|
}
|
|
636
640
|
});
|
|
@@ -647,16 +651,16 @@ class z {
|
|
|
647
651
|
{
|
|
648
652
|
body: {}
|
|
649
653
|
}
|
|
650
|
-
),
|
|
654
|
+
), s = e.data.data ?? e.data, t = s.AuthenticationResult ?? s, n = t.access_token ?? t.accessToken ?? t.AccessToken, r = t.refresh_token ?? t.refreshToken ?? t.RefreshToken, o = t.expires_in ?? t.expiresIn, l = t.token_type ?? t.tokenType;
|
|
651
655
|
return n && await this.storeTokens({
|
|
652
656
|
accessToken: n,
|
|
653
|
-
refreshToken:
|
|
654
|
-
expiresIn:
|
|
657
|
+
refreshToken: r,
|
|
658
|
+
expiresIn: o,
|
|
655
659
|
tokenType: l
|
|
656
660
|
}), {
|
|
657
661
|
access_token: n,
|
|
658
|
-
refresh_token:
|
|
659
|
-
expires_in:
|
|
662
|
+
refresh_token: r,
|
|
663
|
+
expires_in: o,
|
|
660
664
|
token_type: l,
|
|
661
665
|
verified: t.verified,
|
|
662
666
|
email: t.email ?? t.Email,
|
|
@@ -674,7 +678,7 @@ class z {
|
|
|
674
678
|
return e.data.data ?? e.data;
|
|
675
679
|
}
|
|
676
680
|
async registerPasskey(e) {
|
|
677
|
-
const
|
|
681
|
+
const s = this.validateEmail(e), t = await this.initiatePasskeyRegistration();
|
|
678
682
|
let n;
|
|
679
683
|
if (t?.user?.id)
|
|
680
684
|
try {
|
|
@@ -683,14 +687,14 @@ class z {
|
|
|
683
687
|
n = k(t.user.id);
|
|
684
688
|
}
|
|
685
689
|
else
|
|
686
|
-
n = k(
|
|
687
|
-
const
|
|
690
|
+
n = k(s);
|
|
691
|
+
const r = (t.pubKeyCredParams ?? [
|
|
688
692
|
{ type: "public-key", alg: -7 },
|
|
689
693
|
{ type: "public-key", alg: -257 }
|
|
690
694
|
]).map((w) => ({
|
|
691
695
|
type: "public-key",
|
|
692
696
|
alg: w.alg
|
|
693
|
-
})),
|
|
697
|
+
})), o = t.excludeCredentials?.map((w) => ({
|
|
694
698
|
type: "public-key",
|
|
695
699
|
id: b(w)
|
|
696
700
|
})), l = {
|
|
@@ -701,11 +705,11 @@ class z {
|
|
|
701
705
|
},
|
|
702
706
|
user: {
|
|
703
707
|
id: n,
|
|
704
|
-
name: t.user?.name ??
|
|
705
|
-
displayName: t.user?.displayName ??
|
|
708
|
+
name: t.user?.name ?? s,
|
|
709
|
+
displayName: t.user?.displayName ?? s
|
|
706
710
|
},
|
|
707
|
-
pubKeyCredParams:
|
|
708
|
-
excludeCredentials:
|
|
711
|
+
pubKeyCredParams: r,
|
|
712
|
+
excludeCredentials: o,
|
|
709
713
|
timeout: t.timeout ?? 6e4,
|
|
710
714
|
attestation: "direct",
|
|
711
715
|
authenticatorSelection: {
|
|
@@ -718,12 +722,12 @@ class z {
|
|
|
718
722
|
});
|
|
719
723
|
if (!c) throw new Error("Credential creation failed");
|
|
720
724
|
const d = c.response, i = {
|
|
721
|
-
clientDataJSON:
|
|
722
|
-
attestationObject:
|
|
723
|
-
rawId:
|
|
725
|
+
clientDataJSON: y(d.clientDataJSON),
|
|
726
|
+
attestationObject: y(d.attestationObject),
|
|
727
|
+
rawId: y(c.rawId)
|
|
724
728
|
};
|
|
725
729
|
if (!i.rawId) throw new Error("Raw ID is required");
|
|
726
|
-
const
|
|
730
|
+
const h = await this.getRequiredDPoPProof(
|
|
727
731
|
"POST",
|
|
728
732
|
`${this.getBaseUrl()}/webauthn/register/challenge`
|
|
729
733
|
), f = await this.request(
|
|
@@ -731,7 +735,7 @@ class z {
|
|
|
731
735
|
"/webauthn/register/challenge",
|
|
732
736
|
{
|
|
733
737
|
body: i,
|
|
734
|
-
headers: { DPoP:
|
|
738
|
+
headers: { DPoP: h }
|
|
735
739
|
}
|
|
736
740
|
);
|
|
737
741
|
return f.data.data ?? f.data;
|
|
@@ -741,13 +745,13 @@ class z {
|
|
|
741
745
|
*/
|
|
742
746
|
async authenticateWithPasskey({
|
|
743
747
|
challenge: e,
|
|
744
|
-
rp:
|
|
748
|
+
rp: s,
|
|
745
749
|
credentialIds: t
|
|
746
750
|
}) {
|
|
747
751
|
const n = await navigator.credentials.get({
|
|
748
752
|
publicKey: {
|
|
749
753
|
challenge: b(e),
|
|
750
|
-
rpId:
|
|
754
|
+
rpId: s?.host ?? void 0,
|
|
751
755
|
allowCredentials: t.map((w) => ({
|
|
752
756
|
type: "public-key",
|
|
753
757
|
id: b(w),
|
|
@@ -758,14 +762,14 @@ class z {
|
|
|
758
762
|
}
|
|
759
763
|
});
|
|
760
764
|
if (!n) throw new Error("Authentication failed");
|
|
761
|
-
const
|
|
762
|
-
clientDataJSON:
|
|
763
|
-
authenticatorData:
|
|
764
|
-
|
|
765
|
+
const r = n.response, o = {
|
|
766
|
+
clientDataJSON: y(r.clientDataJSON),
|
|
767
|
+
authenticatorData: y(
|
|
768
|
+
r.authenticatorData
|
|
765
769
|
),
|
|
766
|
-
signature:
|
|
767
|
-
rawId:
|
|
768
|
-
userHandle:
|
|
770
|
+
signature: y(r.signature),
|
|
771
|
+
rawId: y(n.rawId),
|
|
772
|
+
userHandle: r.userHandle ? y(r.userHandle) : ""
|
|
769
773
|
}, l = await this.getRequiredDPoPProof(
|
|
770
774
|
"POST",
|
|
771
775
|
`${this.getBaseUrl()}/webauthn/authenticate/challenge`
|
|
@@ -773,17 +777,17 @@ class z {
|
|
|
773
777
|
"POST",
|
|
774
778
|
"/webauthn/authenticate/challenge",
|
|
775
779
|
{
|
|
776
|
-
body:
|
|
780
|
+
body: o,
|
|
777
781
|
headers: { DPoP: l }
|
|
778
782
|
}
|
|
779
|
-
), d = c.data.data ?? c.data, i = d.AuthenticationResult ?? d,
|
|
780
|
-
return
|
|
781
|
-
accessToken:
|
|
783
|
+
), d = c.data.data ?? c.data, i = d.AuthenticationResult ?? d, h = i.AccessToken ?? i.accessToken ?? i.access_token, f = i.RefreshToken ?? i.refreshToken ?? i.refresh_token;
|
|
784
|
+
return h && await this.storeTokens({
|
|
785
|
+
accessToken: h,
|
|
782
786
|
refreshToken: f,
|
|
783
787
|
expiresIn: i.expiresIn ?? i.ExpiresIn,
|
|
784
788
|
tokenType: i.tokenType ?? i.token_type
|
|
785
789
|
}), {
|
|
786
|
-
access_token:
|
|
790
|
+
access_token: h,
|
|
787
791
|
refresh_token: f,
|
|
788
792
|
email: i.email,
|
|
789
793
|
name: i.name ?? i.userName,
|
|
@@ -796,12 +800,12 @@ class z {
|
|
|
796
800
|
* GET /webauthn/credentials/:username - Get user's passkey status.
|
|
797
801
|
*/
|
|
798
802
|
async getPasskeyStatus(e) {
|
|
799
|
-
const t = `/webauthn/credentials/${encodeURIComponent(e)}`, n = await this.signRequest("GET", t),
|
|
803
|
+
const t = `/webauthn/credentials/${encodeURIComponent(e)}`, n = await this.signRequest("GET", t), r = await this.request("GET", t, {
|
|
800
804
|
headers: n.headers
|
|
801
|
-
}),
|
|
805
|
+
}), o = r.data.data ?? r.data;
|
|
802
806
|
return {
|
|
803
|
-
...
|
|
804
|
-
hasCredentials: !!(
|
|
807
|
+
...o,
|
|
808
|
+
hasCredentials: !!(o.hasCredentials ?? o.credentialId)
|
|
805
809
|
};
|
|
806
810
|
}
|
|
807
811
|
/**
|
|
@@ -816,18 +820,18 @@ class z {
|
|
|
816
820
|
/**
|
|
817
821
|
* Signs a request with DPoP and Authorization headers (internal use).
|
|
818
822
|
*/
|
|
819
|
-
async signRequest(e,
|
|
820
|
-
const n =
|
|
821
|
-
return { ...t, headers: { ...t.headers, ...
|
|
823
|
+
async signRequest(e, s, t = {}) {
|
|
824
|
+
const n = s.startsWith("http") ? s : `${this.getBaseUrl()}${s}`, r = await this.getRequestAuthHeaders(e, n);
|
|
825
|
+
return { ...t, headers: { ...t.headers, ...r } };
|
|
822
826
|
}
|
|
823
827
|
/**
|
|
824
828
|
* Replaces native fetch or Axios with a DPoP-signed version.
|
|
825
829
|
*/
|
|
826
|
-
async authenticatedFetch(e,
|
|
827
|
-
const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, n =
|
|
828
|
-
headers:
|
|
830
|
+
async authenticatedFetch(e, s) {
|
|
831
|
+
const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, n = s?.method || "GET", r = await this.signRequest(n, t, {
|
|
832
|
+
headers: s?.headers
|
|
829
833
|
});
|
|
830
|
-
return fetch(e, { ...
|
|
834
|
+
return fetch(e, { ...s, headers: r.headers });
|
|
831
835
|
}
|
|
832
836
|
/**
|
|
833
837
|
* Store tokens from /webauthn/authenticate (per spec: sessionStorage preferred).
|
|
@@ -847,16 +851,16 @@ class z {
|
|
|
847
851
|
* Rate limit: 10 requests per minute.
|
|
848
852
|
*/
|
|
849
853
|
async refreshToken(e) {
|
|
850
|
-
const
|
|
851
|
-
body:
|
|
852
|
-
}), n = t.data.data ?? t.data,
|
|
853
|
-
return
|
|
854
|
-
accessToken:
|
|
854
|
+
const s = this.extractRealm(void 0, e), t = await this.request("POST", "/auth/refresh", {
|
|
855
|
+
body: s ? { realm: s } : {}
|
|
856
|
+
}), n = t.data.data ?? t.data, r = n.access_token, o = n.token_type, l = n.expires_in;
|
|
857
|
+
return r && await this.storeTokens({
|
|
858
|
+
accessToken: r,
|
|
855
859
|
expiresIn: l,
|
|
856
|
-
tokenType:
|
|
860
|
+
tokenType: o
|
|
857
861
|
}), {
|
|
858
|
-
access_token:
|
|
859
|
-
token_type:
|
|
862
|
+
access_token: r,
|
|
863
|
+
token_type: o,
|
|
860
864
|
expires_in: l
|
|
861
865
|
};
|
|
862
866
|
}
|
|
@@ -866,8 +870,8 @@ class z {
|
|
|
866
870
|
*/
|
|
867
871
|
async logout() {
|
|
868
872
|
try {
|
|
869
|
-
const
|
|
870
|
-
await this.request("POST", "/auth/logout",
|
|
873
|
+
const s = await this.getAccessToken() ? await this.signRequest("POST", "/auth/logout", { body: {} }) : { body: {} };
|
|
874
|
+
await this.request("POST", "/auth/logout", s), await T(), this.resetDPoPInitialization();
|
|
871
875
|
} catch {
|
|
872
876
|
}
|
|
873
877
|
await this.clearTokens();
|
|
@@ -882,9 +886,9 @@ be.AuthSDK = z;
|
|
|
882
886
|
export {
|
|
883
887
|
z as AuthSDK,
|
|
884
888
|
we as AuthSDKFetchError,
|
|
885
|
-
|
|
889
|
+
p as SDKValidationError,
|
|
886
890
|
N as arrayBufferToBase64,
|
|
887
|
-
|
|
891
|
+
y as arrayBufferToBase64url,
|
|
888
892
|
C as base64ToArrayBuffer,
|
|
889
893
|
b as base64urlToArrayBuffer,
|
|
890
894
|
X as clearPasskeyEmail,
|