UNPKG

@authsignal/react

Version:

React components for [Authsignal](https://authsignal.com).

authsignal/authsignal-react

1 lines 1.33 MB
1
{"version":3,"file":"index.esm.mjs","sources":["../node_modules/@authsignal/browser/dist/index.js","../node_modules/style-inject/dist/style-inject.es.js","../node_modules/@radix-ui/primitive/dist/index.mjs","../node_modules/@radix-ui/react-compose-refs/dist/index.mjs","../node_modules/@radix-ui/react-context/dist/index.mjs","../node_modules/@radix-ui/react-use-layout-effect/dist/index.mjs","../node_modules/@radix-ui/react-id/dist/index.mjs","../node_modules/@radix-ui/react-use-callback-ref/dist/index.mjs","../node_modules/@radix-ui/react-use-controllable-state/dist/index.mjs","../node_modules/@radix-ui/react-slot/dist/index.mjs","../node_modules/@radix-ui/react-primitive/dist/index.mjs","../node_modules/@radix-ui/react-dismissable-layer/dist/index.mjs","../node_modules/@radix-ui/react-use-escape-keydown/dist/index.mjs","../node_modules/@radix-ui/react-focus-scope/dist/index.mjs","../node_modules/@radix-ui/react-portal/dist/index.mjs","../node_modules/@radix-ui/react-presence/dist/index.mjs","../node_modules/@radix-ui/react-focus-guards/dist/index.mjs","../node_modules/tslib/tslib.es6.js","../node_modules/react-remove-scroll-bar/dist/es2015/constants.js","../node_modules/use-callback-ref/dist/es2015/assignRef.js","../node_modules/use-callback-ref/dist/es2015/useMergeRef.js","../node_modules/use-callback-ref/dist/es2015/useRef.js","../node_modules/use-sidecar/dist/es2015/medium.js","../node_modules/use-sidecar/dist/es2015/exports.js","../node_modules/react-remove-scroll/dist/es2015/medium.js","../node_modules/react-remove-scroll/dist/es2015/UI.js","../node_modules/react-style-singleton/dist/es2015/singleton.js","../node_modules/get-nonce/dist/es2015/index.js","../node_modules/react-style-singleton/dist/es2015/component.js","../node_modules/react-style-singleton/dist/es2015/hook.js","../node_modules/react-remove-scroll-bar/dist/es2015/utils.js","../node_modules/react-remove-scroll-bar/dist/es2015/component.js","../node_modules/react-remove-scroll/dist/es2015/aggresiveCapture.js","../node_modules/react-remove-scroll/dist/es2015/handleScroll.js","../node_modules/react-remove-scroll/dist/es2015/SideEffect.js","../node_modules/react-remove-scroll/dist/es2015/sidecar.js","../node_modules/react-remove-scroll/dist/es2015/Combination.js","../node_modules/aria-hidden/dist/es2015/index.js","../node_modules/@radix-ui/react-dialog/dist/index.mjs","../node_modules/vaul/dist/index.mjs","../src/hooks/use-authsignal-context.ts","../node_modules/@radix-ui/react-icons/dist/react-icons.esm.js","../node_modules/clsx/dist/clsx.mjs","../node_modules/tailwind-merge/dist/bundle-mjs.mjs","../src/lib/utils.ts","../src/ui/dialog.tsx","../src/components/icons/authenticator-app-icon.tsx","../src/components/icons/email-otp-icon.tsx","../src/components/icons/passkey-icon.tsx","../src/components/icons/sms-otp-icon.tsx","../node_modules/react-hook-form/dist/index.esm.mjs","../node_modules/@radix-ui/react-label/dist/index.mjs","../src/ui/label.tsx","../src/ui/form.tsx","../node_modules/input-otp/dist/index.mjs","../src/ui/input-otp.tsx","../src/components/challenge/use-challenge-context.tsx","../src/components/challenge/screens/authenticator-app-challenge.tsx","../src/components/challenge/screens/email-otp-challenge.tsx","../src/components/challenge/screens/passkey-challenge.tsx","../src/components/challenge/screens/sms-otp-challenge.tsx","../node_modules/@simplewebauthn/browser/dist/bundle/index.js","../src/lib/device.ts","../src/types.ts","../src/components/icons/email-magic-link-icon.tsx","../src/components/icons/security-key-icon.tsx","../src/components/challenge/screens/verification-methods.tsx","../src/lib/create-theme.ts","../src/components/challenge/screens/email-magic-link-challenge.tsx","../src/components/challenge/screens/security-key-challenge.tsx","../src/components/challenge/challenge.tsx","../src/hooks/use-media-query.ts","../src/authsignal-provider.tsx","../src/use-authsignal.tsx"],"sourcesContent":["// Unique ID creation requires a high quality random # generator. In the browser we therefore\n// require the crypto API and do not support built-in fallback to lower quality random number\n// generators (like Math.random()).\nlet getRandomValues;\nconst rnds8 = new Uint8Array(16);\nfunction rng() {\n // lazy load so that environments that need to polyfill have a chance to do so\n if (!getRandomValues) {\n // getRandomValues needs to be invoked in a context where \"this\" is a Crypto implementation.\n getRandomValues = typeof crypto !== 'undefined' && crypto.getRandomValues && crypto.getRandomValues.bind(crypto);\n\n if (!getRandomValues) {\n throw new Error('crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported');\n }\n }\n\n return getRandomValues(rnds8);\n}\n\n/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\n\nconst byteToHex = [];\n\nfor (let i = 0; i < 256; ++i) {\n byteToHex.push((i + 0x100).toString(16).slice(1));\n}\n\nfunction unsafeStringify(arr, offset = 0) {\n // Note: Be careful editing this code! It's been tuned for performance\n // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434\n return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + '-' + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + '-' + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + '-' + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + '-' + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();\n}\n\nconst randomUUID = typeof crypto !== 'undefined' && crypto.randomUUID && crypto.randomUUID.bind(crypto);\nvar native = {\n randomUUID\n};\n\nfunction v4(options, buf, offset) {\n if (native.randomUUID && !buf && !options) {\n return native.randomUUID();\n }\n\n options = options || {};\n const rnds = options.random || (options.rng || rng)(); // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n\n rnds[6] = rnds[6] & 0x0f | 0x40;\n rnds[8] = rnds[8] & 0x3f | 0x80; // Copy bytes to buffer, if provided\n\n if (buf) {\n offset = offset || 0;\n\n for (let i = 0; i < 16; ++i) {\n buf[offset + i] = rnds[i];\n }\n\n return buf;\n }\n\n return unsafeStringify(rnds);\n}\n\n/******************************************************************************\r\nCopyright (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS SOFTWARE.\r\n***************************************************************************** */\r\n\r\nvar __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n };\r\n return __assign.apply(this, arguments);\r\n};\r\n\r\nfunction __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n}\r\n\r\nfunction __awaiter(thisArg, _arguments, P, generator) {\r\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nfunction __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\n\n/* [@simplewebauthn/browser@11.0.0] */\nfunction bufferToBase64URLString(buffer) {\n const bytes = new Uint8Array(buffer);\n let str = '';\n for (const charCode of bytes) {\n str += String.fromCharCode(charCode);\n }\n const base64String = btoa(str);\n return base64String.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction base64URLStringToBuffer(base64URLString) {\n const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');\n const padLength = (4 - (base64.length % 4)) % 4;\n const padded = base64.padEnd(base64.length + padLength, '=');\n const binary = atob(padded);\n const buffer = new ArrayBuffer(binary.length);\n const bytes = new Uint8Array(buffer);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return buffer;\n}\n\nfunction browserSupportsWebAuthn() {\n return (window?.PublicKeyCredential !== undefined &&\n typeof window.PublicKeyCredential === 'function');\n}\n\nfunction toPublicKeyCredentialDescriptor(descriptor) {\n const { id } = descriptor;\n return {\n ...descriptor,\n id: base64URLStringToBuffer(id),\n transports: descriptor.transports,\n };\n}\n\nfunction isValidDomain(hostname) {\n return (hostname === 'localhost' ||\n /^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,}$/i.test(hostname));\n}\n\nclass WebAuthnError extends Error {\n constructor({ message, code, cause, name, }) {\n super(message, { cause });\n this.name = name ?? cause.name;\n this.code = code;\n }\n}\n\nfunction identifyRegistrationError({ error, options, }) {\n const { publicKey } = options;\n if (!publicKey) {\n throw Error('options was missing required publicKey property');\n }\n if (error.name === 'AbortError') {\n if (options.signal instanceof AbortSignal) {\n return new WebAuthnError({\n message: 'Registration ceremony was sent an abort signal',\n code: 'ERROR_CEREMONY_ABORTED',\n cause: error,\n });\n }\n }\n else if (error.name === 'ConstraintError') {\n if (publicKey.authenticatorSelection?.requireResidentKey === true) {\n return new WebAuthnError({\n message: 'Discoverable credentials were required but no available authenticator supported it',\n code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',\n cause: error,\n });\n }\n else if (options.mediation === 'conditional' &&\n publicKey.authenticatorSelection?.userVerification === 'required') {\n return new WebAuthnError({\n message: 'User verification was required during automatic registration but it could not be performed',\n code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',\n cause: error,\n });\n }\n else if (publicKey.authenticatorSelection?.userVerification === 'required') {\n return new WebAuthnError({\n message: 'User verification was required but no available authenticator supported it',\n code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',\n cause: error,\n });\n }\n }\n else if (error.name === 'InvalidStateError') {\n return new WebAuthnError({\n message: 'The authenticator was previously registered',\n code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',\n cause: error,\n });\n }\n else if (error.name === 'NotAllowedError') {\n return new WebAuthnError({\n message: error.message,\n code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',\n cause: error,\n });\n }\n else if (error.name === 'NotSupportedError') {\n const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');\n if (validPubKeyCredParams.length === 0) {\n return new WebAuthnError({\n message: 'No entry in pubKeyCredParams was of type \"public-key\"',\n code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',\n cause: error,\n });\n }\n return new WebAuthnError({\n message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',\n code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',\n cause: error,\n });\n }\n else if (error.name === 'SecurityError') {\n const effectiveDomain = window.location.hostname;\n if (!isValidDomain(effectiveDomain)) {\n return new WebAuthnError({\n message: `${window.location.hostname} is an invalid domain`,\n code: 'ERROR_INVALID_DOMAIN',\n cause: error,\n });\n }\n else if (publicKey.rp.id !== effectiveDomain) {\n return new WebAuthnError({\n message: `The RP ID \"${publicKey.rp.id}\" is invalid for this domain`,\n code: 'ERROR_INVALID_RP_ID',\n cause: error,\n });\n }\n }\n else if (error.name === 'TypeError') {\n if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {\n return new WebAuthnError({\n message: 'User ID was not between 1 and 64 characters',\n code: 'ERROR_INVALID_USER_ID_LENGTH',\n cause: error,\n });\n }\n }\n else if (error.name === 'UnknownError') {\n return new WebAuthnError({\n message: 'The authenticator was unable to process the specified options, or could not create a new credential',\n code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',\n cause: error,\n });\n }\n return error;\n}\n\nclass BaseWebAuthnAbortService {\n createNewAbortSignal() {\n if (this.controller) {\n const abortError = new Error('Cancelling existing WebAuthn API call for new one');\n abortError.name = 'AbortError';\n this.controller.abort(abortError);\n }\n const newController = new AbortController();\n this.controller = newController;\n return newController.signal;\n }\n cancelCeremony() {\n if (this.controller) {\n const abortError = new Error('Manually cancelling existing WebAuthn API call');\n abortError.name = 'AbortError';\n this.controller.abort(abortError);\n this.controller = undefined;\n }\n }\n}\nconst WebAuthnAbortService = new BaseWebAuthnAbortService();\n\nconst attachments = ['cross-platform', 'platform'];\nfunction toAuthenticatorAttachment(attachment) {\n if (!attachment) {\n return;\n }\n if (attachments.indexOf(attachment) < 0) {\n return;\n }\n return attachment;\n}\n\nasync function startRegistration(options) {\n const { optionsJSON, useAutoRegister = false } = options;\n if (!browserSupportsWebAuthn()) {\n throw new Error('WebAuthn is not supported in this browser');\n }\n const publicKey = {\n ...optionsJSON,\n challenge: base64URLStringToBuffer(optionsJSON.challenge),\n user: {\n ...optionsJSON.user,\n id: base64URLStringToBuffer(optionsJSON.user.id),\n },\n excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),\n };\n const createOptions = {};\n if (useAutoRegister) {\n createOptions.mediation = 'conditional';\n }\n createOptions.publicKey = publicKey;\n createOptions.signal = WebAuthnAbortService.createNewAbortSignal();\n let credential;\n try {\n credential = (await navigator.credentials.create(createOptions));\n }\n catch (err) {\n throw identifyRegistrationError({ error: err, options: createOptions });\n }\n if (!credential) {\n throw new Error('Registration was not completed');\n }\n const { id, rawId, response, type } = credential;\n let transports = undefined;\n if (typeof response.getTransports === 'function') {\n transports = response.getTransports();\n }\n let responsePublicKeyAlgorithm = undefined;\n if (typeof response.getPublicKeyAlgorithm === 'function') {\n try {\n responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();\n }\n catch (error) {\n warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);\n }\n }\n let responsePublicKey = undefined;\n if (typeof response.getPublicKey === 'function') {\n try {\n const _publicKey = response.getPublicKey();\n if (_publicKey !== null) {\n responsePublicKey = bufferToBase64URLString(_publicKey);\n }\n }\n catch (error) {\n warnOnBrokenImplementation('getPublicKey()', error);\n }\n }\n let responseAuthenticatorData;\n if (typeof response.getAuthenticatorData === 'function') {\n try {\n responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());\n }\n catch (error) {\n warnOnBrokenImplementation('getAuthenticatorData()', error);\n }\n }\n return {\n id,\n rawId: bufferToBase64URLString(rawId),\n response: {\n attestationObject: bufferToBase64URLString(response.attestationObject),\n clientDataJSON: bufferToBase64URLString(response.clientDataJSON),\n transports,\n publicKeyAlgorithm: responsePublicKeyAlgorithm,\n publicKey: responsePublicKey,\n authenticatorData: responseAuthenticatorData,\n },\n type,\n clientExtensionResults: credential.getClientExtensionResults(),\n authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),\n };\n}\nfunction warnOnBrokenImplementation(methodName, cause) {\n console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\\n`, cause);\n}\n\nfunction browserSupportsWebAuthnAutofill() {\n if (!browserSupportsWebAuthn()) {\n return new Promise((resolve) => resolve(false));\n }\n const globalPublicKeyCredential = window\n .PublicKeyCredential;\n if (globalPublicKeyCredential.isConditionalMediationAvailable === undefined) {\n return new Promise((resolve) => resolve(false));\n }\n return globalPublicKeyCredential.isConditionalMediationAvailable();\n}\n\nfunction identifyAuthenticationError({ error, options, }) {\n const { publicKey } = options;\n if (!publicKey) {\n throw Error('options was missing required publicKey property');\n }\n if (error.name === 'AbortError') {\n if (options.signal instanceof AbortSignal) {\n return new WebAuthnError({\n message: 'Authentication ceremony was sent an abort signal',\n code: 'ERROR_CEREMONY_ABORTED',\n cause: error,\n });\n }\n }\n else if (error.name === 'NotAllowedError') {\n return new WebAuthnError({\n message: error.message,\n code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',\n cause: error,\n });\n }\n else if (error.name === 'SecurityError') {\n const effectiveDomain = window.location.hostname;\n if (!isValidDomain(effectiveDomain)) {\n return new WebAuthnError({\n message: `${window.location.hostname} is an invalid domain`,\n code: 'ERROR_INVALID_DOMAIN',\n cause: error,\n });\n }\n else if (publicKey.rpId !== effectiveDomain) {\n return new WebAuthnError({\n message: `The RP ID \"${publicKey.rpId}\" is invalid for this domain`,\n code: 'ERROR_INVALID_RP_ID',\n cause: error,\n });\n }\n }\n else if (error.name === 'UnknownError') {\n return new WebAuthnError({\n message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',\n code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',\n cause: error,\n });\n }\n return error;\n}\n\nasync function startAuthentication(options) {\n const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;\n if (!browserSupportsWebAuthn()) {\n throw new Error('WebAuthn is not supported in this browser');\n }\n let allowCredentials;\n if (optionsJSON.allowCredentials?.length !== 0) {\n allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);\n }\n const publicKey = {\n ...optionsJSON,\n challenge: base64URLStringToBuffer(optionsJSON.challenge),\n allowCredentials,\n };\n const getOptions = {};\n if (useBrowserAutofill) {\n if (!(await browserSupportsWebAuthnAutofill())) {\n throw Error('Browser does not support WebAuthn autofill');\n }\n const eligibleInputs = document.querySelectorAll(\"input[autocomplete$='webauthn']\");\n if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {\n throw Error('No <input> with \"webauthn\" as the only or last value in its `autocomplete` attribute was detected');\n }\n getOptions.mediation = 'conditional';\n publicKey.allowCredentials = [];\n }\n getOptions.publicKey = publicKey;\n getOptions.signal = WebAuthnAbortService.createNewAbortSignal();\n let credential;\n try {\n credential = (await navigator.credentials.get(getOptions));\n }\n catch (err) {\n throw identifyAuthenticationError({ error: err, options: getOptions });\n }\n if (!credential) {\n throw new Error('Authentication was not completed');\n }\n const { id, rawId, response, type } = credential;\n let userHandle = undefined;\n if (response.userHandle) {\n userHandle = bufferToBase64URLString(response.userHandle);\n }\n return {\n id,\n rawId: bufferToBase64URLString(rawId),\n response: {\n authenticatorData: bufferToBase64URLString(response.authenticatorData),\n clientDataJSON: bufferToBase64URLString(response.clientDataJSON),\n signature: bufferToBase64URLString(response.signature),\n userHandle,\n },\n type,\n clientExtensionResults: credential.getClientExtensionResults(),\n authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),\n };\n}\n\nfunction setCookie(_a) {\n var name = _a.name, value = _a.value, expire = _a.expire, domain = _a.domain, secure = _a.secure;\n var expireString = expire === Infinity ? \" expires=Fri, 31 Dec 9999 23:59:59 GMT\" : \"; max-age=\" + expire;\n document.cookie =\n encodeURIComponent(name) +\n \"=\" +\n value +\n \"; path=/;\" +\n expireString +\n (domain ? \"; domain=\" + domain : \"\") +\n (secure ? \"; secure\" : \"\");\n}\nfunction getCookieDomain() {\n return document.location.hostname.replace(\"www.\", \"\");\n}\nfunction getCookie(name) {\n if (!name) {\n return null;\n }\n return (decodeURIComponent(document.cookie.replace(new RegExp(\"(?:(?:^|.*;)\\\\s*\" + encodeURIComponent(name).replace(/[\\-\\.\\+\\*]/g, \"\\\\$&\") + \"\\\\s*\\\\=\\\\s*([^;]*).*$)|^.*$\"), \"$1\")) || null);\n}\nfunction handleErrorResponse(errorResponse) {\n var _a;\n var error = (_a = errorResponse.errorDescription) !== null && _a !== void 0 ? _a : errorResponse.error;\n console.error(error);\n return {\n error: error,\n };\n}\nfunction handleApiResponse(response) {\n var _a;\n if (response && typeof response === \"object\" && \"error\" in response) {\n var error = (_a = response.errorDescription) !== null && _a !== void 0 ? _a : response.error;\n console.error(error);\n return {\n error: error,\n };\n }\n else if (response &&\n typeof response === \"object\" &&\n \"accessToken\" in response &&\n typeof response.accessToken === \"string\") {\n var accessToken = response.accessToken, data = __rest(response, [\"accessToken\"]);\n return {\n data: __assign(__assign({}, data), { token: accessToken }),\n };\n }\n else {\n return {\n data: response,\n };\n }\n}\nfunction handleWebAuthnError(error) {\n var _a, _b;\n if (error instanceof WebAuthnError && error.code === \"ERROR_INVALID_RP_ID\") {\n var rpId = ((_b = (_a = error.message) === null || _a === void 0 ? void 0 : _a.match(/\"([^\"]*)\"/)) === null || _b === void 0 ? void 0 : _b[1]) || \"\";\n console.error(\"[Authsignal] The Relying Party ID \\\"\".concat(rpId, \"\\\" is invalid for this domain.\\n To learn more, visit https://docs.authsignal.com/scenarios/passkeys-prebuilt-ui#defining-the-relying-party\"));\n }\n}\n\nvar AuthsignalWindowMessage;\n(function (AuthsignalWindowMessage) {\n AuthsignalWindowMessage[\"AUTHSIGNAL_CLOSE_POPUP\"] = \"AUTHSIGNAL_CLOSE_POPUP\";\n})(AuthsignalWindowMessage || (AuthsignalWindowMessage = {}));\n\nfunction buildHeaders(_a) {\n var token = _a.token, tenantId = _a.tenantId;\n var authorizationHeader = token ? \"Bearer \".concat(token) : \"Basic \".concat(window.btoa(encodeURIComponent(tenantId)));\n return {\n \"Content-Type\": \"application/json\",\n Authorization: authorizationHeader,\n };\n}\nfunction handleTokenExpired(_a) {\n var response = _a.response, onTokenExpired = _a.onTokenExpired;\n if (\"error\" in response && response.errorCode === \"expired_token\" && onTokenExpired) {\n onTokenExpired();\n }\n}\n\nvar PasskeyApiClient = /** @class */ (function () {\n function PasskeyApiClient(_a) {\n var baseUrl = _a.baseUrl, tenantId = _a.tenantId, onTokenExpired = _a.onTokenExpired;\n this.tenantId = tenantId;\n this.baseUrl = baseUrl;\n this.onTokenExpired = onTokenExpired;\n }\n PasskeyApiClient.prototype.registrationOptions = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var body, response, responseJson;\n var token = _b.token, username = _b.username, authenticatorAttachment = _b.authenticatorAttachment;\n return __generator(this, function (_c) {\n switch (_c.label) {\n case 0:\n body = Boolean(authenticatorAttachment)\n ? { username: username, authenticatorAttachment: authenticatorAttachment }\n : { username: username };\n return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/user-authenticators/passkey/registration-options\"), {\n method: \"POST\",\n headers: buildHeaders({ token: token, tenantId: this.tenantId }),\n body: JSON.stringify(body),\n })];\n case 1:\n response = _c.sent();\n return [4 /*yield*/, response.json()];\n case 2:\n responseJson = _c.sent();\n handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });\n return [2 /*return*/, responseJson];\n }\n });\n });\n };\n PasskeyApiClient.prototype.authenticationOptions = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var body, response, responseJson;\n var token = _b.token, challengeId = _b.challengeId;\n return __generator(this, function (_c) {\n switch (_c.label) {\n case 0:\n body = { challengeId: challengeId };\n return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/user-authenticators/passkey/authentication-options\"), {\n method: \"POST\",\n headers: buildHeaders({ token: token, tenantId: this.tenantId }),\n body: JSON.stringify(body),\n })];\n case 1:\n response = _c.sent();\n return [4 /*yield*/, response.json()];\n case 2:\n responseJson = _c.sent();\n handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });\n return [2 /*return*/, responseJson];\n }\n });\n });\n };\n PasskeyApiClient.prototype.addAuthenticator = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var body, response, responseJson;\n var token = _b.token, challengeId = _b.challengeId, registrationCredential = _b.registrationCredential;\n return __generator(this, function (_c) {\n switch (_c.label) {\n case 0:\n body = {\n challengeId: challengeId,\n registrationCredential: registrationCredential,\n };\n return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/user-authenticators/passkey\"), {\n method: \"POST\",\n headers: buildHeaders({ token: token, tenantId: this.tenantId }),\n body: JSON.stringify(body),\n })];\n case 1:\n response = _c.sent();\n return [4 /*yield*/, response.json()];\n case 2:\n responseJson = _c.sent();\n handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });\n return [2 /*return*/, responseJson];\n }\n });\n });\n };\n PasskeyApiClient.prototype.verify = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var body, response, responseJson;\n var token = _b.token, challengeId = _b.challengeId, authenticationCredential = _b.authenticationCredential, deviceId = _b.deviceId;\n return __generator(this, function (_c) {\n switch (_c.label) {\n case 0:\n body = { challengeId: challengeId, authenticationCredential: authenticationCredential, deviceId: deviceId };\n return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/verify/passkey\"), {\n method: \"POST\",\n headers: buildHeaders({ token: token, tenantId: this.tenantId }),\n body: JSON.stringify(body),\n })];\n case 1:\n response = _c.sent();\n return [4 /*yield*/, response.json()];\n case 2:\n responseJson = _c.sent();\n handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });\n return [2 /*return*/, responseJson];\n }\n });\n });\n };\n PasskeyApiClient.prototype.getPasskeyAuthenticator = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var response;\n var credentialIds = _b.credentialIds;\n return __generator(this, function (_c) {\n switch (_c.label) {\n case 0: return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/user-authenticators/passkey?credentialIds=\").concat(credentialIds), {\n method: \"GET\",\n headers: buildHeaders({ tenantId: this.tenantId }),\n })];\n case 1:\n response = _c.sent();\n if (!response.ok) {\n throw new Error(response.statusText);\n }\n return [2 /*return*/, response.json()];\n }\n });\n });\n };\n PasskeyApiClient.prototype.challenge = function (action) {\n return __awaiter(this, void 0, void 0, function () {\n var response, responseJson;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0: return [4 /*yield*/, fetch(\"\".concat(this.baseUrl, \"/client/challenge\"), {\n method: \"POST\",\n headers: buildHeaders({ tenantId: this.tenantId }),\n body: JSON.stringify({ action: action }),\n })];\n case 1:\n response = _a.sent();\n return [4 /*yield*/, response.json()];\n case 2:\n responseJson = _a.sent();\n handleTokenExpired({ response: responseJson, onTokenExpired: this.onTokenExpired });\n return [2 /*return*/, responseJson];\n }\n });\n });\n };\n return PasskeyApiClient;\n}());\n\nvar TokenCache = /** @class */ (function () {\n function TokenCache() {\n this.token = null;\n }\n TokenCache.prototype.handleTokenNotSetError = function () {\n var error = \"A token has not been set. Call 'setToken' first.\";\n var errorCode = \"TOKEN_NOT_SET\";\n console.error(\"Error: \".concat(error));\n return {\n error: errorCode,\n errorDescription: error,\n };\n };\n TokenCache.shared = new TokenCache();\n return TokenCache;\n}());\n\nvar autofillRequestPending = false;\nvar Passkey = /** @class */ (function () {\n function Passkey(_a) {\n var baseUrl = _a.baseUrl, tenantId = _a.tenantId, anonymousId = _a.anonymousId, onTokenExpired = _a.onTokenExpired;\n this.passkeyLocalStorageKey = \"as_user_passkey_map\";\n this.cache = TokenCache.shared;\n this.api = new PasskeyApiClient({ baseUrl: baseUrl, tenantId: tenantId, onTokenExpired: onTokenExpired });\n this.anonymousId = anonymousId;\n }\n Passkey.prototype.signUp = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var userToken, optionsInput, optionsResponse, registrationResponse, addAuthenticatorResponse, e_1;\n var username = _b.username, displayName = _b.displayName, token = _b.token, _c = _b.authenticatorAttachment, authenticatorAttachment = _c === void 0 ? \"platform\" : _c, _d = _b.useAutoRegister, useAutoRegister = _d === void 0 ? false : _d;\n return __generator(this, function (_e) {\n switch (_e.label) {\n case 0:\n userToken = token !== null && token !== void 0 ? token : this.cache.token;\n if (!userToken) {\n return [2 /*return*/, this.cache.handleTokenNotSetError()];\n }\n optionsInput = {\n username: username,\n displayName: displayName,\n token: userToken,\n authenticatorAttachment: authenticatorAttachment,\n };\n return [4 /*yield*/, this.api.registrationOptions(optionsInput)];\n case 1:\n optionsResponse = _e.sent();\n if (\"error\" in optionsResponse) {\n return [2 /*return*/, handleErrorResponse(optionsResponse)];\n }\n _e.label = 2;\n case 2:\n _e.trys.push([2, 5, , 6]);\n return [4 /*yield*/, startRegistration({ optionsJSON: optionsResponse.options, useAutoRegister: useAutoRegister })];\n case 3:\n registrationResponse = _e.sent();\n return [4 /*yield*/, this.api.addAuthenticator({\n challengeId: optionsResponse.challengeId,\n registrationCredential: registrationResponse,\n token: userToken,\n })];\n case 4:\n addAuthenticatorResponse = _e.sent();\n if (\"error\" in addAuthenticatorResponse) {\n return [2 /*return*/, handleErrorResponse(addAuthenticatorResponse)];\n }\n if (addAuthenticatorResponse.isVerified) {\n this.storeCredentialAgainstDevice(__assign(__assign({}, registrationResponse), { userId: addAuthenticatorResponse.userId }));\n }\n if (addAuthenticatorResponse.accessToken) {\n this.cache.token = addAuthenticatorResponse.accessToken;\n }\n return [2 /*return*/, {\n data: {\n token: addAuthenticatorResponse.accessToken,\n registrationResponse: registrationResponse,\n },\n }];\n case 5:\n e_1 = _e.sent();\n autofillRequestPending = false;\n handleWebAuthnError(e_1);\n throw e_1;\n case 6: return [2 /*return*/];\n }\n });\n });\n };\n Passkey.prototype.signIn = function (params) {\n return __awaiter(this, void 0, void 0, function () {\n var challengeResponse, _a, optionsResponse, authenticationResponse, verifyResponse, token, userId, userAuthenticatorId, username, userDisplayName, isVerified, e_2;\n return __generator(this, function (_b) {\n switch (_b.label) {\n case 0:\n if ((params === null || params === void 0 ? void 0 : params.token) && params.autofill) {\n throw new Error(\"autofill is not supported when providing a token\");\n }\n if ((params === null || params === void 0 ? void 0 : params.action) && params.token) {\n throw new Error(\"action is not supported when providing a token\");\n }\n if (params === null || params === void 0 ? void 0 : params.autofill) {\n if (autofillRequestPending) {\n return [2 /*return*/, {}];\n }\n else {\n autofillRequestPending = true;\n }\n }\n if (!(params === null || params === void 0 ? void 0 : params.action)) return [3 /*break*/, 2];\n return [4 /*yield*/, this.api.challenge(params.action)];\n case 1:\n _a = _b.sent();\n return [3 /*break*/, 3];\n case 2:\n _a = null;\n _b.label = 3;\n case 3:\n challengeResponse = _a;\n if (challengeResponse && \"error\" in challengeResponse) {\n autofillRequestPending = false;\n return [2 /*return*/, handleErrorResponse(challengeResponse)];\n }\n return [4 /*yield*/, this.api.authenticationOptions({\n token: params === null || params === void 0 ? void 0 : params.token,\n challengeId: challengeResponse === null || challengeResponse === void 0 ? void 0 : challengeResponse.challengeId,\n })];\n case 4:\n optionsResponse = _b.sent();\n if (\"error\" in optionsResponse) {\n autofillRequestPending = false;\n return [2 /*return*/, handleErrorResponse(optionsResponse)];\n }\n _b.label = 5;\n case 5:\n _b.trys.push([5, 8, , 9]);\n return [4 /*yield*/, startAuthentication({\n optionsJSON: optionsResponse.options,\n useBrowserAutofill: params === null || params === void 0 ? void 0 : params.autofill,\n })];\n case 6:\n authenticationResponse = _b.sent();\n if (params === null || params === void 0 ? void 0 : params.onVerificationStarted) {\n params.onVerificationStarted();\n }\n return [4 /*yield*/, this.api.verify({\n challengeId: optionsResponse.challengeId,\n authenticationCredential: authenticationResponse,\n token: params === null || params === void 0 ? void 0 : params.token,\n deviceId: this.anonymousId,\n })];\n case 7:\n verifyResponse = _b.sent();\n if (\"error\" in verifyResponse) {\n autofillRequestPending = false;\n return [2 /*return*/, handleErrorResponse(verifyResponse)];\n }\n if (verifyResponse.isVerified) {\n this.storeCredentialAgainstDevice(__assign(__assign({}, authenticationResponse), { userId: verifyResponse.userId }));\n }\n if (verifyResponse.accessToken) {\n this.cache.token = verifyResponse.accessToken;\n }\n token = verifyResponse.accessToken, userId = verifyResponse.userId, userAuthenticatorId = verifyResponse.userAuthenticatorId, username = verifyResponse.username, userDisplayName = verifyResponse.userDisplayName, isVerified = verifyResponse.isVerified;\n autofillRequestPending = false;\n return [2 /*return*/, {\n data: {\n isVerified: isVerified,\n token: token,\n userId: userId,\n userAuthenticatorId: userAuthenticatorId,\n username: username,\n displayName: userDisplayName,\n authenticationResponse: authenticationResponse,\n },\n }];\n case 8:\n e_2 = _b.sent();\n autofillRequestPending = false;\n handleWebAuthnError(e_2);\n throw e_2;\n case 9: return [2 /*return*/];\n }\n });\n });\n };\n Passkey.prototype.isAvailableOnDevice = function (_a) {\n return __awaiter(this, arguments, void 0, function (_b) {\n var storedCredentials, credentialsMap, credentialIds;\n var _d;\n var userId = _b.userId;\n return __generator(this, function (_e) {\n switch (_e.label) {\n case 0:\n if (!userId) {\n throw new Error(\"userId is required\");\n }\n storedCredentials = localStorage.getItem(this.passkeyLocalStorageKey);\n if (!storedCredentials) {\n return [2 /*return*/, false];\n }\n credentialsMap = JSON.parse(storedCredentials);\n credentialIds = (_d = credentialsMap[userId]) !== null && _d !== void 0 ? _d : [];\n if (credentialIds.length === 0) {\n return [2 /*return*/, false];\n }\n _e.label = 1;\n case 1:\n _e.trys.push([1, 3, , 4]);\n return [4 /*yield*/, this.api.getPasskeyAuthenticator({ credentialIds: credentialIds })];\n case 2:\n _e.sent();\n return [2 /*return*/, true];\n case 3:\n _e.sent();\n return [2 /*return*/, false];\n case 4: return [2 /*return*/];\n }\n });\n });\n };\n Passkey.prototype.storeCredentialAgainstDevice = function (_a) {\n var id = _a.id, authenticatorAttachment = _a.authenticatorAttachment, _b = _a.userId, userId = _b === void 0 ? \"\" : _b;\n if (authenticatorAttachment === \"cross-platform\") {\n return;\n }\n var storedCredentials = localStorage.getItem(this.passkeyLocalStorageKey);\n var credentialsMap = storedCredentials ? JSON.parse(storedCredentials) : {};\n if (credentialsMap[userId]) {\n if (!credentialsMap[userId].includes(id)) {\n credentialsMap[userId].push(id);\n }\n }\n else {\n credentialsMap[userId] = [id];\n }\n localStorage.setItem(this.passkeyLocalStorageKey, JSON.stringify(credentialsMap));\n };\n return Passkey;\n}());\n\nvar DEFAULT_WIDTH$1 = 400;\nvar DEFAULT_HEIGHT = 500;\nvar WindowHandler = /** @class */ (function () {\n function WindowHandler() {\n this.windowRef = null;\n }\n WindowHandler.prototype.show = function (_a) {\n var u