UNPKG

@ideem/zsm-client-sdk

Version:

ZSM makes 2FA easy and invisible for everyone, all the time, using advanced cryptography like MPC to establish cryptographic proof of the origin of any transaction or login attempt, while eliminating opportunities for social engineering. ZSM has no relian

useideem.com

useideem/vHSM

219 lines (189 loc) 12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# ZSM Client SDK for Browser Apps The ZSM Client SDK for Browser Apps provides the resources needed to integrate Ideem's FIDO2 Authenticator and Universal MFA into a browser application. ## Resources: - Documentation: https://docs.useideem.com/pkp - Support: support@useideem.com ## Known Issues - None at this time. ---- ## Release 2.8.1 - Mat 8, 2026 [ NPM PACKAGE RELEASE ] **latest release** - Minor bug fixes and improvements - Alters Webauthn object to provide Passkeys+ support Android WebViews ## Release 2.8.0 - April 15, 2026 [ NPM PACKAGE RELEASE ] - Migrates all Passkeys+ functionality into the Core package - "Zeroes out" the Passkeys+ Plug-In package (basically now throws a warning in the console explaining it is now unnecessary, and that it can be removed, along with instructions on how to do so. - Includes "wrapper" function stub for userIdentifier (encodeUserIdentifier.js) for future hashing operations. - Expands error messaging (this is some of the precursor work to my intention to standardize all outputs into a risk engine-compliant format) such that recommended actions are included inside of error messages (e.g. "Cannot authenticate with passkey; user does not have a passkey registered for this ZSM account, but you have set the userVerification parameter to 'required'! Either: enroll the user's passkey before attempting to authenticate, downgrade the userVerification requirement's strictness to 'preferred' or 'discouraged', or attempt to authenticate the user using only their ZSM credential." - Sets up the requested "fallback" behavior for userVerification = "preferred"(/true): the PKP operations now only fail when the UV flag is set to "required". - Adds additional support to userVerification parameter: - Now accepts "zsm" - same behavior as "prevented": ZSM-only operation - Now accepts "re-enroll"/"reenroll" - forcibly overrides the existing passkey and allows for registration of a new one - Sets up fairly exhaustive checks for device support of passkeys, and includes same inside of the enhanced checkAllEnrollments function (see below) - Extensive enhancements to checkAllEnrollments: - Expands data returned to include all of the following data: - "userIdentifier" - Now includes the customer_defined_identifier in the data object - "enrollmentActive" - Whether or not the credential has been finalized via an OOB validate-token call - "passkeySupported" - Whether or not the DEVICE supports passkeys - "passkeyEligible" - Whether on not passkeys ARE AVAILABLE (i.e. passkeySupported && one is registered) - "hasLocalPasskey" - Whether or not a passkey has been registered on this device's enrollment - "hasRemotePasskey" - Whether or not a passkey has been registered on ANY device, under this identity - "pkpCredential": - The challenge object representing the PKP credential - "pkpCredentialID" - The PKP credential ID (or a collection of ID's if multiple are available) - "hasZSMCred" - Whether or not a ZSM Credential exists for CDI - "zsmCredential" - The ZSM Credential's Data - "zsmCredentialID" - The ID of the local ZSM Credential - Automatically consults the remote server when data is negative and not already retrieved (and bypasses consultation when data is known to be up-to-date) - Automatically manages the latest retrieval in memory (to minimize RTT's) ## Release 2.7.1 - March 3, 2026 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Added dynamic versioning headers - Updates to WASM code to remove Base64URL encoding and decoding steps for improved performance and reduced complexity - Updates to documentation ## Release 2.7.0 - January 15, 2026 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Standardization of credential responses across all SDK platforms (browser, mobile, native) - Standardization of credential schema across all all UMFA workflows - Improved security by addition of new validation checks for webauthn attestation and assertion responses - Improvements to performance by removing now-unnecessary API trips during UMFA enrollment and authentication flows ## Release 2.6.3 - January 6, 2026 [ NPM PACKAGE RELEASE ] - Minor alteration to event coordinator to support legacy versions of Safari (versions 14-18.4) ## Release 2.6.2 - December 19, 2025 [ NPM PACKAGE RELEASE ] - Hotfix release to address an issue with the Passkeys+ plugin integration. ## Release 2.6.1 - December 16, 2025 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Minor alteration to initialization process to remove the need to provide a `userIdentifier` when initializing (all method calls now provide the update). - Improvements to EventCoordinator: - Streamlined onReset to ensure that all events are set to "PENDING" state. - Improved onReady handling to ensure accurate state representation. - Enhanced error handling and reporting mechanisms. - Improvements to NPM packaging and distribution process for use with additional package managers and build tools. - Reduced complexity of `zsm_app_config.json` file by: - Removing _necessity_ of `use_passkeys` and `use_origin` properties (now auto-detected based on environment and browser capabilities). - Simplifying host URL configuration down to a `region` property; host URLs are now auto-generated based on region although previous syntax is still supported for backward compatibility. ## Release 2.6.0 - November 26, 2025 [ NPM PACKAGE RELEASE ] - Support of updated Passkeys plugin that provides migration scenarios for ZSM to Passkeys+ and boostrapping of new device using existing passkey. ## Release 2.5.1 - October 6, 2025 [ NPM PACKAGE RELEASE ] - Minor improvements ## Release 2.5.0 - Aug 29, 2025 [ NPM PACKAGE RELEASE ] - Significant re-architecture of the SDK to improve performance and maintainability (non-breaking, but may alter existing implementations, if plugins are used) - Introduction of a new plugin system for easier integration of additional Ideem services - Plugin system allows for dynamic loading and unloading of features - Improved modularity and separation of concerns - Enhanced error handling and recovery mechanisms - Plugins can be easily added or removed without affecting the core SDK functionality - Industry-leading implementation approach; no code changes or plugin registration required! Simply `import` the plugin and the functionality is available! - Improved performance and reduced bundle size - Advanced event coordination capabilities - Fine-grained control over event propagation and handling - Support for complex event workflows and dependencies - Asynchronous loading of SDK and its constituent components and plugins - Optional `async`/`await` support for class constructors - Optional `finished()` method introduced for better async flow control - Optional callback method support for SDK initialization - Optional global-scoped events emitted during SDK initialization and lifecycle - Relying Party improvements - (RP) identification improvements - (RP) configuration enhancements - RP now single-instance when using Passkeys+; no need for secondary instance when using the same browser context - Error handling, reporting, logging, and recovery improvements - Centralized error handling and recovery mechanisms - Extended support for custom error types and structured error information - Normalized error responses across SDK components - Significant improvements to documentation - Significant updates to sample apps - Automated shim polyfills introduced to simplify VanillaJS integrations using NPM packages (no more `importmap` configuration required!) - Significant updates to build process and tooling ## Release 2.4.1 - May 5, 2025 - Minor bug fixes and improvements - Updates to documentation - Updates to sample apps - Alters worker communication protocol to ensure that the worker is not blocked by the main thread and vice versa, while still ensuring that the initialization of the worker is completed before any other operations are performed. ## Release 2.4.0 - May 1, 2025 - Minor bug fixes and improvements - Updates to documentation - Adds event emitters to the UMFAClient and FIDO2Client for on-the-fly initializations - Adds extended multi-tenancy support for the UMFAClient and FIDO2Client - Adds increased detail to performance logging - Extends secure local storage support ## Release 2.3.0 - Mar 24, 2025 - Minor bug fixes and improvements - Updates to documentation - Introduces web-worker-driven JS SDK Client for browser-based applications - Significant performance improvements to the UMFA JS Client - Updates native mobile SDKs to support the new optimized flows - Adds unenroll/webauthnDelete functionality to UMFAClient and FIDO2Client (browser, mobile, and native) - Updates data parsing and replication in SQL and Oracle environments ## Release 2.2.12 - Mar 14, 2025 - Minor bug fixes and improvements - Updates to documentation - Improves server-side TLS handling performance - Adds optimized flows to the UMFA CLI Client ## Release 2.2.11 - Mar 5, 2025 - Minor bug fixes and improvements - Updates to documentation - Updates to UMFA CLI for enhanced trace reporting - Updates Affinity rules - Native Webauthn apps and sdk updates - Improves package and file versioning for safer deployments ## Release 2.2.10 - Feb 27, 2025 - Minor bug fixes and improvements - Updates to documentation - Performance upgrades to AS2 environment - Extended Trace Map and Host URL Parameter Renames - Updates to Android-based tls security - CLI updates for compression formats ## Release 2.2.9 - Feb 14, 2025 - Minor bug fixes and improvements - Updates to documentation - Adjustments to deployment process - React Native SDK updates - Extended trace mapping implementation ## Release 2.2.8 - Feb 7, 2025 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Updates to documentation - Adds support for the latest version of the React Native SDK - Adds 2 New production-ready environments - Updates binaries for use with M-class Macs - Improves WASM binary benchmarks ## Release 2.2.7 - Jan 31, 2025 - Minor bug fixes and improvements - Updates to documentation - Removed validate token message from UMFA demo transcript - Fixes condition in which mobile portrait view loses contact with clear and docs buttons. - Removed dependency on colored crate - Added new API for enhanced security features ## Release 2.2.6 - January 24, 2024 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Updates to documentation - Increased high-latency tolerance timeout from a 65-second max to a 300-second max. - Expand Performance Logging ## Release 2.2.4 - January 22, 2024 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Updates to documentation - AS2 support added ## Release 2.2.3 - January 20, 2024 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Updates to documentation - Stability and format improvements ## Release v2.2.2 - January 13, 2024 [ NPM PACKAGE RELEASE ] - Minor bug fixes and improvements - Updates to documentation - Deployment via NPM - Addition of Vue support (foundation for other web frameworks) - Addition of checkEnrollment() and enroll() APIs - Addition of SDK-to-server API Key for reporting purposes (not security) - Removal of validateToken() API. Token validation is to be via server-to-server for security reasons. ## Release v2.2.1 - December 9, 2024 [ NPM PACKAGE RELEASE ] - Performance and stability improvements - WASM size reduction - Reduced expiration time to 30 seconds for the JWT returned by Authenticate - Restructured SDK files to be more organized - Modified application configuration approach to use a configuration json file, but can also be overridden in the code. - Improvements to Demo apps at https://demo.useideem.com ## Release v2.2.0 - November 19, 2024 [ NPM PACKAGE RELEASE ] - Addition of FIDO2 Authenticator interfaces - Addition of Universal MFA interfaces