"use strict";var J=Object.defineProperty;var De=Object.getOwnPropertyDescriptor;var Ne=Object.getOwnPropertyNames;var Ue=Object.prototype.hasOwnProperty;var ce=(t,e)=>{for(var r in e)J(t,r,{get:e[r],enumerable:!0})},Fe=(t,e,r,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of Ne(e))!Ue.call(t,o)&&o!==r&&J(t,o,{get:()=>e[o],enumerable:!(s=De(e,o))||s.enumerable});return t};var Ke=t=>Fe(J({},"__esModule",{value:!0}),t);var et={};ce(et,{AbortError:()=>V,ApiError:()=>m,LoginIDAPI:()=>se,LoginIDWebSDK:()=>de,PasskeyError:()=>d,WebAuthnHelper:()=>_,canCreatePasskey:()=>Ie,createPasskeyCredential:()=>S,default:()=>Ze,doesDeviceSupportPasskeys:()=>oe,getPasskeyCredential:()=>v,isConditionalUIAvailable:()=>Ae,isPlatformAuthenticatorAvailable:()=>re});module.exports=Ke(et);var M=class{config;constructor(e){this.config=e}getAppId(){if(this.config.appId)return this.config.appId;let e=/https:\/\/([0-9a-fA-F-]+)\.api.*\.loginid\.io/,r=this.config.baseUrl.match(e);if(r)return r[1];throw new Error("Invalid LoginID base URL. App ID not found.")}},K=M;var Le=t=>t.replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""),He=t=>{if(!t)return t;let e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",r=[],s=0;for(;s<t.length;){let i=t.charCodeAt(s++),a=t.charCodeAt(s++),u=t.charCodeAt(s++),p=i<<16|a<<8|u;r.push(e[p>>18&63]+e[p>>12&63]+e[p>>6&63]+e[p&63])}let o=r.join(""),n=t.length%3;return n?o.slice(0,n-3)+"===".slice(n||3):o},Ve=t=>{let e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",r={},s=String.fromCharCode;for(let a=0;a<64;a++)r[e.charAt(a)]=a;let o=0,n=0,i="";for(let a of t){let u=r[a];if(u!==void 0)for(o=(o<<6)+u,n+=6;n>=8;)i+=s(o>>(n-=8)&255)}return i},l=t=>{let e="",r=new Uint8Array(t);for(let o=0;o<r.byteLength;o++)e+=String.fromCharCode(r[o]);let s=He(e);return Le(s)},R=t=>{t=t.replace(/-/g,"+").replace(/_/g,"/");let e=Ve(t),r=new Uint8Array(e.length);for(let s=0;s<e.length;s++)r[s]=e.charCodeAt(s);return r.buffer},me=()=>crypto.randomUUID?crypto.randomUUID():window.crypto.getRandomValues(new Uint32Array(4)).join("-"),ye=(t,e)=>{e.forEach(r=>{Object.getOwnPropertyNames(r.prototype).forEach(s=>{Object.defineProperty(t.prototype,s,Object.getOwnPropertyDescriptor(r.prototype,s)||Object.create(null))})})},w=t=>{try{let r=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/"),s=decodeURIComponent(window.atob(r).split("").map(o=>"%"+("00"+o.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(s)}catch(e){console.error(e)}},fe=t=>{let r=`; ${document.cookie}`.split(`; ${t}=`);if(r&&r.length===2)return r.pop().split(";").shift()},he=t=>{document.cookie=t},Re=t=>{document.cookie=`${t}=; expires=${new Date}`};var $=class{config;constructor(e){this.config=new K(e)}getToken(e){if(e.authzToken)return e.authzToken;{let r=this.getJwtCookie();return r||""}}getSessionInfo(){if(!this.isLoggedIn())return null;let e=w(this.getJwtCookie()||"{}");return{username:e.username,id:e.sub}}getJwtCookieName(){return`LoginID_${this.config.getAppId()}_token`}setJwtCookie(e){let r=w(e),s=new Date(r.exp*1e3).toUTCString(),o=`${this.getJwtCookieName()}=${e}; expires=${s}`;he(o)}getJwtCookie(){return fe(this.getJwtCookieName())}isLoggedIn(){return!!this.getJwtCookie()}logout(){Re(this.getJwtCookieName())}},ge=$;var g=class{constructor(e){this.config=e}};var m=class extends Error{url;status;statusText;body;request;constructor(e,r,s){super(s),this.name="ApiError",this.url=r.url,this.status=r.status,this.statusText=r.statusText,this.body=r.body,this.request=e}};var D=class extends Error{constructor(e){super(e),this.name="CancelError"}get isCancelled(){return!0}},b=class{#t;#r;#e;#o;#n;#i;#s;constructor(e){this.#t=!1,this.#r=!1,this.#e=!1,this.#o=[],this.#n=new Promise((r,s)=>{this.#i=r,this.#s=s;let o=a=>{this.#t||this.#r||this.#e||(this.#t=!0,this.#i&&this.#i(a))},n=a=>{this.#t||this.#r||this.#e||(this.#r=!0,this.#s&&this.#s(a))},i=a=>{this.#t||this.#r||this.#e||this.#o.push(a)};return Object.defineProperty(i,"isResolved",{get:()=>this.#t}),Object.defineProperty(i,"isRejected",{get:()=>this.#r}),Object.defineProperty(i,"isCancelled",{get:()=>this.#e}),e(o,n,i)})}get[Symbol.toStringTag](){return"Cancellable Promise"}then(e,r){return this.#n.then(e,r)}catch(e){return this.#n.catch(e)}finally(e){return this.#n.finally(e)}cancel(){if(!(this.#t||this.#r||this.#e)){if(this.#e=!0,this.#o.length)try{for(let e of this.#o)e()}catch(e){console.warn("Cancellation threw an error",e);return}this.#o.length=0,this.#s&&this.#s(new D("Request aborted"))}}get isCancelled(){return this.#e}};var Y=t=>t!=null,N=t=>typeof t=="string",G=t=>N(t)&&t!=="",Q=t=>typeof t=="object"&&typeof t.type=="string"&&typeof t.stream=="function"&&typeof t.arrayBuffer=="function"&&typeof t.constructor=="function"&&typeof t.constructor.name=="string"&&/^(Blob|File)$/.test(t.constructor.name)&&/^(Blob|File)$/.test(t[Symbol.toStringTag]),be=t=>t instanceof FormData,We=t=>{try{return btoa(t)}catch{return Buffer.from(t).toString("base64")}},ze=t=>{let e=[],r=(o,n)=>{e.push(`${encodeURIComponent(o)}=${encodeURIComponent(String(n))}`)},s=(o,n)=>{Y(n)&&(Array.isArray(n)?n.forEach(i=>{s(o,i)}):typeof n=="object"?Object.entries(n).forEach(([i,a])=>{s(`${o}[${i}]`,a)}):r(o,n))};return Object.entries(t).forEach(([o,n])=>{s(o,n)}),e.length>0?`?${e.join("&")}`:""},_e=(t,e)=>{let r=t.ENCODE_PATH||encodeURI,s=e.url.replace("{api-version}",t.VERSION).replace(/{(.*?)}/g,(n,i)=>e.path?.hasOwnProperty(i)?r(String(e.path[i])):n),o=`${t.BASE}${s}`;return e.query?`${o}${ze(e.query)}`:o},je=t=>{if(t.formData){let e=new FormData,r=(s,o)=>{N(o)||Q(o)?e.append(s,o):e.append(s,JSON.stringify(o))};return Object.entries(t.formData).filter(([s,o])=>Y(o)).forEach(([s,o])=>{Array.isArray(o)?o.forEach(n=>r(s,n)):r(s,o)}),e}},L=async(t,e)=>typeof e=="function"?e(t):e,Je=async(t,e)=>{let[r,s,o,n]=await Promise.all([L(e,t.TOKEN),L(e,t.USERNAME),L(e,t.PASSWORD),L(e,t.HEADERS)]),i=Object.entries({Accept:"application/json",...n,...e.headers}).filter(([a,u])=>Y(u)).reduce((a,[u,p])=>({...a,[u]:String(p)}),{});if(G(r)&&(i.Authorization=`Bearer ${r}`),G(s)&&G(o)){let a=We(`${s}:${o}`);i.Authorization=`Basic ${a}`}return e.body&&(e.mediaType?i["Content-Type"]=e.mediaType:Q(e.body)?i["Content-Type"]=e.body.type||"application/octet-stream":N(e.body)?i["Content-Type"]="text/plain":be(e.body)||(i["Content-Type"]="application/json")),new Headers(i)},Me=t=>{if(t.body!==void 0)return t.mediaType?.includes("/json")?JSON.stringify(t.body):N(t.body)||Q(t.body)||be(t.body)?t.body:JSON.stringify(t.body)},$e=async(t,e,r,s,o,n,i)=>{let a=new AbortController,u={headers:n,body:s??o,method:e.method,signal:a.signal};return t.WITH_CREDENTIALS&&(u.credentials=t.CREDENTIALS),i(()=>a.abort()),await fetch(r,u)},Ge=(t,e)=>{if(e){let r=t.headers.get(e);if(N(r))return r}},Ye=async t=>{if(t.status!==204)try{let e=t.headers.get("Content-Type");if(e)return["application/json","application/problem+json"].some(o=>e.toLowerCase().startsWith(o))?await t.json():await t.text()}catch(e){console.error(e)}},Qe=(t,e)=>{let s={400:"Bad Request",401:"Unauthorized",403:"Forbidden",404:"Not Found",500:"Internal Server Error",502:"Bad Gateway",503:"Service Unavailable",...t.errors}[e.status];if(s)throw new m(t,e,s);if(!e.ok){let o=e.status??"unknown",n=e.statusText??"unknown",i=(()=>{try{return JSON.stringify(e.body,null,2)}catch{return}})();throw new m(t,e,`Generic Error: status: ${o}; status text: ${n}; body: ${i}`)}},Ce=(t,e)=>new b(async(r,s,o)=>{try{let n=_e(t,e),i=je(e),a=Me(e),u=await Je(t,e);if(!o.isCancelled){let p=await $e(t,e,n,a,i,u,o),c=await Ye(p),F=Ge(p,e.responseHeader),j={url:n,ok:p.ok,status:p.status,statusText:p.statusText,body:F??c};Qe(e,j),r(j.body)}}catch(n){s(n)}});var H=class extends g{constructor(e){super(e)}request(e){return Ce(this.config,e)}};var C=class{constructor(e){this.httpRequest=e}authAuthComplete({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/complete",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}authAuthInit({requestBody:e,userAgent:r}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/init",headers:{"User-Agent":r},body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}authAuthCodeRequest({authorization:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/otp",headers:{Authorization:e},errors:{401:"Unauthorized: Unauthorized response.",403:"Forbidden: Forbidden response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}authAuthCodeRequestEmail({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/otp/email",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}authAuthCodeRequestSms({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/otp/sms",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}authAuthCodeVerify({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/auth/otp/verify",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}};var P=class{constructor(e){this.httpRequest=e}mgmtGrantCreate({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/mgmt/grant",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",500:"InternalServerError: Internal Server Error response."}})}mgmtTokenVerify({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/mgmt/token/verify",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",500:"InternalServerError: Internal Server Error response."}})}};var q=class{constructor(e){this.httpRequest=e}passkeysPasskeysList({authorization:e}){return this.httpRequest.request({method:"GET",url:"/fido2/v2/passkeys",headers:{Authorization:e},errors:{401:"Unauthorized: Unauthorized response.",403:"Forbidden: Forbidden response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}passkeysPasskeyDelete({id:e,authorization:r}){return this.httpRequest.request({method:"DELETE",url:"/fido2/v2/passkeys/{id}",path:{id:e},headers:{Authorization:r},errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",403:"Forbidden: Forbidden response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}passkeysPasskeyRename({id:e,requestBody:r,authorization:s}){return this.httpRequest.request({method:"PUT",url:"/fido2/v2/passkeys/{id}",path:{id:e},headers:{Authorization:s},body:r,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",403:"Forbidden: Forbidden response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}};var A=class{constructor(e){this.httpRequest=e}profileProfileDelete({id:e}){return this.httpRequest.request({method:"DELETE",url:"/fido2/v2/profile/{id}",path:{id:e},errors:{404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}profileProfileEmailUpdate({id:e,requestBody:r}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/profile/{id}/email",path:{id:e},body:r,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}profileProfilePhoneDelete({id:e}){return this.httpRequest.request({method:"DELETE",url:"/fido2/v2/profile/{id}/phone",path:{id:e},errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}profileProfilePhoneUpdate({id:e,requestBody:r}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/profile/{id}/phone",path:{id:e},body:r,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}profileProfileEmailVerify({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/profile/email/verify",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}profileProfilePhoneVerify({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/profile/phone/verify",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}};var I=class{constructor(e){this.httpRequest=e}regRegComplete({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/reg/complete",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",403:"Forbidden: Forbidden response.",500:"InternalServerError: Internal Server Error response."}})}regRegInit({requestBody:e,userAgent:r,authorization:s}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/reg/init",headers:{"User-Agent":r,Authorization:s},body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",401:"Unauthorized: Unauthorized response.",403:"Forbidden: Forbidden response.",500:"InternalServerError: Internal Server Error response."}})}};var T=class{constructor(e){this.httpRequest=e}txTxComplete({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/tx/complete",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",403:"Forbidden: Forbidden response.",500:"InternalServerError: Internal Server Error response."}})}txTxInit({requestBody:e}){return this.httpRequest.request({method:"POST",url:"/fido2/v2/tx/init",body:e,mediaType:"application/json",errors:{400:"BadRequest: Bad Request response.",404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}};var O=class{constructor(e){this.httpRequest=e}versionVersionShow(){return this.httpRequest.request({method:"GET",url:"/fido2/v2/version"})}};var x=class{constructor(e){this.httpRequest=e}wellKnownJwks(){return this.httpRequest.request({method:"GET",url:"/fido2/v2/.well-known/jwks.json",errors:{404:"NotFound: Not Found response.",500:"InternalServerError: Internal Server Error response."}})}};var E=class{auth;mgmt;passkeys;profile;reg;tx;version;wellKnown;request;constructor(e,r=H){this.request=new r({BASE:e?.BASE??"https://api.loginid.io/fido2/v2",VERSION:e?.VERSION??"2.0",WITH_CREDENTIALS:e?.WITH_CREDENTIALS??!1,CREDENTIALS:e?.CREDENTIALS??"include",TOKEN:e?.TOKEN,USERNAME:e?.USERNAME,PASSWORD:e?.PASSWORD,HEADERS:e?.HEADERS,ENCODE_PATH:e?.ENCODE_PATH}),this.auth=new C(this.request),this.mgmt=new P(this.request),this.passkeys=new q(this.request),this.profile=new A(this.request),this.reg=new I(this.request),this.tx=new T(this.request),this.version=new O(this.request),this.wellKnown=new x(this.request)}};var X=class{config;service;session;constructor(e){this.config=new K(e),this.service=new E({BASE:e.baseUrl}),this.session=new ge(e)}},y=X;var Z=class extends Error{constructor(e){super(e),this.name="AbortError"}},V=Z;var ee=class t{static abortController=new AbortController;static abortWebAuthnRequest=()=>{let e=new V("Cancelling current WebAuthn request");t.abortController.abort(e)};static renewWebAuthnAbortController=()=>{t.abortWebAuthnRequest();let e=new AbortController;t.abortController=e};static assignWebAuthnAbortController=e=>{t.abortWebAuthnRequest(),t.abortController=e}},h=ee;var f=(t,e,r)=>({...r,authzToken:e||r.authzToken||"",usernameType:r.usernameType||"other",displayName:r.displayName||t,callbacks:r.callbacks||{}}),Pe=(t,e)=>({...f(t,"",e),txType:e.txType||"raw",nonce:e.nonce||me()}),k=(t,e=!0,r=!1)=>({token:t,isAuthenticated:e,isFallback:r});var te=class extends y{constructor(e){super(e)}async validateOtp(e,r,s={}){let o=f(e,"",s),n={authCode:r,user:{username:e,usernameType:o.usernameType}},i=await this.service.auth.authAuthCodeVerify({requestBody:n}),a=k(i.jwtAccess);return h.renewWebAuthnAbortController(),this.session.setJwtCookie(a.token),a}async requestAndSendOtp(e,r="email",s={}){let o=f(e,"",s),n={user:{username:e,usernameType:o.usernameType}};switch(r){case"email":await this.service.auth.authAuthCodeRequestEmail({requestBody:n});break;case"sms":await this.service.auth.authAuthCodeRequestSms({requestBody:n});break;default:throw new Error("Invalid message method")}}},W=te;var qe=require("ua-parser-js"),U=t=>{let e={clientType:"browser",screenWidth:window.screen.width,screenHeight:window.screen.height,clientName:"",clientVersion:"",osName:"",osVersion:"",osArch:""};return t&&(e.deviceId=t),e},Xe=(t,e)=>{let r=t.split(".").map(Number),s=e.split(".").map(Number),o=Math.max(r.length,s.length);for(let n=0;n<o;n++){let i=n<r.length?r[n]:0,a=n<s.length?s[n]:0;if(i<a)return-1;if(i>a)return 1}return 0};async function re(){try{return!window.PublicKeyCredential||!window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?!1:await window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Ae(){try{return!window.PublicKeyCredential||!window.PublicKeyCredential.isConditionalMediationAvailable?!1:await window.PublicKeyCredential.isConditionalMediationAvailable()}catch{return!1}}async function oe(){let t=new qe.UAParser(window.navigator.userAgent).getResult(),e={solution:"",deviceSupported:!1};if(!window.PublicKeyCredential)return e.solution="Your browser seems to be outdated. Please upgrade to the latest version.",e;if(!await window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable())switch(t.os.name){case"Mac OS":{let s=t.browser.version||"";return t.browser.name==="Firefox"&&Xe(s,"122.0")<0?(e.solution="Please update your Firefox browser to the latest version.",e):(e.solution="Enable Touch ID on your device.",e)}case"iOS":return e.solution="Enable Face ID or Touch ID on your device.",e;case"Windows":return e.solution="Enable Windows Hello on your device. See here: https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0.",e;case"Android":return t.browser.name==="Firefox"?(e.solution="Passkeys may not be supported on your Firefox browser. Please switch to a Chromium browser.",e):(e.solution="Enable device unlock via fingerprint, PIN, or facial recognition on your device.",e);default:return e.solution="Enable device unlock features such as fingerprint, PIN, or facial recognition.",e}return e.deviceSupported=!0,e}async function Ie(){let t=await re(),e=await oe();return t&&e.deviceSupported}var se={};ce(se,{ApiError:()=>m,AuthService:()=>C,BaseHttpRequest:()=>g,CancelError:()=>D,CancelablePromise:()=>b,LoginIDService:()=>E,MgmtService:()=>P,OpenAPI:()=>Te,PasskeysService:()=>q,ProfileService:()=>A,RegService:()=>I,TxService:()=>T,VersionService:()=>O,WellKnownService:()=>x});var Te={BASE:"https://api.loginid.io/fido2/v2",VERSION:"2.0",WITH_CREDENTIALS:!1,CREDENTIALS:"include",TOKEN:void 0,USERNAME:void 0,PASSWORD:void 0,HEADERS:void 0,ENCODE_PATH:void 0};var ne=class extends y{constructor(e){super(e)}async verifyConfigSettings(){let e={isValid:!0};try{this.config.getAppId()}catch{return e.isValid=!1,e.solution="Please verify that your base URL is correct.",e.code="invalid_app_id",e.message="Invalid app ID",e}try{let r=f("","",{}),s={app:{id:this.config.getAppId()},deviceInfo:U(),user:{username:"",usernameType:r.usernameType}};await this.service.auth.authAuthInit({requestBody:s})}catch(r){return e.isValid=!1,e.solution="Verify that your application exists and the base URL is correct.",e.code="unknown_error",e.message="Unknown error.",r instanceof m&&(e.code=r.body.msgCode||"unknown_error",e.message=r.body.msg||r.body.message||"Unknown error."),e}return e}getSessionInfo(){return this.session.getSessionInfo()}logout(){this.session.logout()}},Oe=ne;var xe=t=>`LoginID_${t}_device-id`,B=class{static persistDeviceId(e,r){r&&localStorage.setItem(xe(e),r)}static getDeviceId(e){return localStorage.getItem(xe(e))||""}};var Ee=t=>[...t.crossAuthMethods,...t.fallbackMethods];var ie=class extends Error{code;constructor(e,r,s){super(e),this.code=r,this.cause=s}},d=ie;var ae=class extends Error{constructor(e){super(e),this.name="LoginIDError"}},ue=ae;var ke=(t,e)=>{let r=t.name,{publicKey:s}=e;if(r==="ConstraintError"){if(s?.authenticatorSelection?.requireResidentKey===!0)return new d("Your device does not support discoverable credentials","ERROR_DISCOVERABLE_CREDENTIALS_UNSUPPORTED",t);if(s?.authenticatorSelection?.userVerification==="required")return new d("Your device does not support user verification","ERROR_USER_VERIFICATION_UNSUPPORTED",t)}if(r==="InvalidStateError")return new d("A passkey already exists on your device","ERROR_PASSKEY_EXISTS",t);if(r==="NotAllowedError")return new d("Passkey creation has failed","ERROR_GENERAL_ERROR_SEE_CAUSE_FIELD",t);if(r==="NotSupportedError")return new d("Your device does not support the algorithms required for passkey creation","ERROR_ALGORITHMS_UNSUPPORTED",t);if(r==="SecurityError"){let o=s?.rp?.id;if(o!==window.location.hostname)return new d(`The domain of the relying party (${o}) is invalid for this domain`,"ERROR_DOMAIN_MISMATCH",t)}return r==="UnknownError"?new d("Your device could not process the requested options or could not create a new passkey","ERROR_AUTHENTICATOR_UNKNOWN_ERROR",t):t},Be=(t,e)=>{let r=t.name,{publicKey:s}=e;if(r==="AbortError"&&e.signal instanceof AbortSignal)return new d("Passkey authentication has been aborted","ERROR_PASSKEY_ABORTED",t);if(r==="NotAllowedError")return new d("Passkey authentication has failed","ERROR_GENERAL_ERROR_SEE_CAUSE_FIELD",t);if(r==="SecurityError"){let o=s?.rpId;if(o!==window.location.hostname)return new d(`The domain of the relying party (${o}) is invalid for this domain`,"ERROR_DOMAIN_MISMATCH",t)}return r==="UnknownError"?new d("Your device could not process the requested options or could not authenticate with a passkey","ERROR_AUTHENTICATOR_UNKNOWN_ERROR",t):t},Cr=new ue("User needs to be logged in to perform this operation."),Se=new ue("No login options available.");var S=async t=>{let e;if(t.excludeCredentials!==void 0){e=[];for(let o of t.excludeCredentials){let n={id:R(o.id),transports:o.transports,type:o.type};e.push(n)}}let r=t.pubKeyCredParams,s={publicKey:{attestation:t.attestation,authenticatorSelection:{...t.authenticatorSelection},challenge:R(t.challenge),excludeCredentials:e,extensions:t.extensions,pubKeyCredParams:r,rp:t.rp,timeout:t.timeout,user:{...t.user,id:R(t.user.id)}}};try{let o=await navigator.credentials.create(s);if(o===null)throw new Error("Failed to create the passkey credential.");return o}catch(o){throw o instanceof Error?ke(o,s):o}},v=async(t,e={})=>{let r;if(t.allowCredentials!==void 0){r=[];for(let o of t.allowCredentials){let n={id:R(o.id),transports:o.transports,type:o.type};r.push(n)}}let s={...e.autoFill&&{mediation:"conditional"},...e.abortController&&{signal:e.abortController.signal},publicKey:{allowCredentials:r,challenge:R(t.challenge),extensions:t.extensions,rpId:t.rpId,timeout:t.timeout,userVerification:t.userVerification}};try{let o=await navigator.credentials.get(s);if(o===null)throw new Error("Failed to create the passkey credential.");return o}catch(o){throw o instanceof Error?Be(o,s):o}};var pe=class extends W{constructor(e){super(e)}async createNavigatorCredential(e){let{registrationRequestOptions:r,session:s}=e;h.renewWebAuthnAbortController();let o=await S(r),n=o.response,i=n.getPublicKey&&n.getPublicKey(),a=n.getPublicKeyAlgorithm&&n.getPublicKeyAlgorithm(),u=n.getAuthenticatorData&&n.getAuthenticatorData(),p=n.getTransports&&n.getTransports();return{creationResult:{attestationObject:l(n.attestationObject),clientDataJSON:l(n.clientDataJSON),credentialId:o.id,...i&&{publicKey:l(i)},...a&&{publicKeyAlgorithm:a},...u&&{authenticatorData:l(u)},...p&&{transports:p}},session:s}}async createPasskey(e,r="",s={}){let o=this.config.getAppId(),n=U(B.getDeviceId(o)),i=f(e,r,s);i.authzToken=this.session.getToken(i),i.authzToken&&w(i.authzToken).username!==e&&(i.authzToken="");let a={app:{id:o},deviceInfo:n,user:{username:e,usernameType:i.usernameType,displayName:i.displayName}},u=await this.service.reg.regRegInit({requestBody:a,...i.authzToken&&{authorization:i.authzToken}}),p=await this.createNavigatorCredential(u),c=await this.service.reg.regRegComplete({requestBody:p}),F=k(c.jwtAccess);return this.session.setJwtCookie(c.jwtAccess),B.persistDeviceId(o,c.deviceID),F}async getNavigatorCredential(e,r={}){let{assertionOptions:s,session:o}=e;r.abortController?h.assignWebAuthnAbortController(r.abortController):(h.renewWebAuthnAbortController(),r.abortController=h.abortController);let n=await v(s,r),i=n.response;return{assertionResult:{authenticatorData:l(i.authenticatorData),clientDataJSON:l(i.clientDataJSON),credentialId:n.id,signature:l(i.signature),...i.userHandle&&{userHandle:l(i.userHandle)}},session:o}}async authenticateWithPasskey(e="",r={}){let s=this.config.getAppId(),o=U(B.getDeviceId(s)),n=f(e,"",r),i={app:{id:s},deviceInfo:o,user:{username:e,usernameType:n.usernameType}},a=await this.service.auth.authAuthInit({requestBody:i});switch(a.action){case"proceed":{let u=await this.getNavigatorCredential(a,r),p=await this.service.auth.authAuthComplete({requestBody:u}),c=k(p.jwtAccess);return this.session.setJwtCookie(c.token),n?.callbacks?.onSuccess&&await n.callbacks.onSuccess(c),c}case"crossAuth":case"fallback":{if(n?.callbacks?.onFallback){let u=Ee(a);await n.callbacks.onFallback(e,u)}return k("",!1,!0)}default:throw Se}}async authenticateWithPasskeyAutofill(e={}){return e.autoFill=!0,await this.authenticateWithPasskey("",e)}async requestOtp(e,r={}){if(r.authzToken=this.session.getToken(r),!r.authzToken){let o=await this.authenticateWithPasskey(e,r);r.authzToken=o.token}return await this.service.auth.authAuthCodeRequest({authorization:r.authzToken})}async confirmTransaction(e,r,s={}){let o=Pe(e,s),n={username:e,txPayload:r,nonce:o.nonce,txType:o.txType},{assertionOptions:i,session:a}=await this.service.tx.txTxInit({requestBody:n}),u={action:"proceed",crossAuthMethods:[],fallbackMethods:[],assertionOptions:i,session:a},{assertionResult:p}=await this.getNavigatorCredential(u),c={authenticatorData:p.authenticatorData,clientData:p.clientDataJSON,keyHandle:p.credentialId,session:a,signature:p.signature};return await this.service.tx.txTxComplete({requestBody:c})}},ve=pe;var le=class extends y{constructor(e){super(e)}async listPasskeys(e={}){let r=this.session.getToken(e);return await this.service.passkeys.passkeysPasskeysList({authorization:r})}async renamePasskey(e,r,s={}){let o=this.session.getToken(s),n={name:r};await this.service.passkeys.passkeysPasskeyRename({authorization:o,id:e,requestBody:n})}async deletePasskey(e,r={}){let s=this.session.getToken(r);await this.service.passkeys.passkeysPasskeyDelete({authorization:s,id:e})}},we=le;var z=class extends y{constructor(e){super(e)}};ye(z,[y,ve,W,we,Oe]);var de=z;var _=class{static async getNavigatorCredential(e,r={}){let{assertionOptions:s,session:o}=e,n=await v(s,r),i=n.response;return{assertionResult:{authenticatorData:l(i.authenticatorData),clientDataJSON:l(i.clientDataJSON),credentialId:n.id,signature:l(i.signature),...i.userHandle&&{userHandle:l(i.userHandle)}},session:o}}static async createNavigatorCredential(e){let{registrationRequestOptions:r,session:s}=e,o=await S(r),n=o.response,i=n.getPublicKey&&n.getPublicKey(),a=n.getPublicKeyAlgorithm&&n.getPublicKeyAlgorithm(),u=n.getAuthenticatorData&&n.getAuthenticatorData(),p=n.getTransports&&n.getTransports();return{creationResult:{attestationObject:l(n.attestationObject),clientDataJSON:l(n.clientDataJSON),credentialId:o.id,...i&&{publicKey:l(i)},...a&&{publicKeyAlgorithm:a},...u&&{authenticatorData:l(u)},...p&&{transports:p}},session:s}}};var Ze=de;0&&(module.exports={AbortError,ApiError,LoginIDAPI,LoginIDWebSDK,PasskeyError,WebAuthnHelper,canCreatePasskey,createPasskeyCredential,doesDeviceSupportPasskeys,getPasskeyCredential,isConditionalUIAvailable,isPlatformAuthenticatorAvailable});
//# sourceMappingURL=index.cjs.map