{"version":3,"file":"static/chunks/84823-74df41da33481501.js","mappings":"oGAMO,SAAAA,EAAAC,CAAA,EACP,IAAAC,EAAA,IAAAC,WAAAF,GACAG,EAAA,GACA,QAAAC,KAAAH,EACAE,GAAAE,OAAAC,YAAA,CAAAF,GAGA,OAAAG,KADAJ,GACAK,OAAA,YAAAA,OAAA,YAAAA,OAAA,SACA,CCPO,SAAAC,EAAAC,CAAA,EAEP,IAAAC,EAAAD,EAAAF,OAAA,WAAAA,OAAA,WAQAI,EAAA,GAAAD,EAAAE,MAAA,MAGAC,EAAAC,KAFAJ,EAAAK,MAAA,CAAAL,EAAAE,MAAA,CAAAD,EAAA,MAIAZ,EAAA,IAAAiB,YAAAH,EAAAD,MAAA,EACAZ,EAAA,IAAAC,WAAAF,GACA,QAAAkB,EAAA,EAAoBA,EAAAJ,EAAAD,MAAA,CAAmBK,IACvCjB,CAAA,CAAAiB,EAAA,CAAAJ,EAAAK,UAAA,CAAAD,GAEA,OAAAlB,CACA,CCzBO,SAASoB,IAChB,OAAAC,EAAAC,QAAA,CAAAC,YAAAC,sBAAAC,KAAAA,GACA,mBAAAF,WAAAC,mBAAA,CACA,0DAKO,IAAAH,EAAA,CACPC,SAAA,GAAAI,CACA,ECZO,SAAAC,EAAAC,CAAA,EACP,IAAYC,GAAAA,CAAA,EAAKD,EACjB,OACA,GAAAA,CAAA,CACAC,GAAYpB,EAAuBoB,GAMnCC,WAAAF,EAAAE,UAAA,CAEA,CCLO,SAAAC,EAAAC,CAAA,EACP,MAEAA,cAAAA,GACA,0CAA8CC,IAAA,CAAAD,EAC9C,CCIO,MAAAE,UAAAC,MACPC,YAAA,CAAkBC,QAAAA,CAAA,CAAAC,KAAAA,CAAA,CAAAC,MAAAA,CAAA,CAAAC,KAAAA,CAAA,CAA6B,EAE/C,MAAAH,EAAA,CAAyBE,MAAAA,CAAA,GACzBE,OAAAC,cAAA,cACAC,WAAA,GACAC,aAAA,GACAC,SAAA,GACAnB,MAAA,MACA,GACA,KAAAc,IAAA,CAAAA,GAAAD,EAAAC,IAAA,CACA,KAAAF,IAAA,CAAAA,CACA,CACA,CE9BA,MAAAQ,EACAV,aAAA,CACAK,OAAAC,cAAA,oBACAC,WAAA,GACAC,aAAA,GACAC,SAAA,GACAnB,MAAA,MACA,EACA,CACAqB,sBAAA,CAEA,QAAAC,UAAA,EACA,IAAAC,EAAA,0DACAA,CAAAA,EAAAT,IAAA,cACA,KAAAQ,UAAA,CAAAE,KAAA,CAAAD,EACA,CACA,IAAAE,EAAA,IAAAC,gBAEA,OADA,KAAAJ,UAAA,CAAAG,EACAA,EAAAE,MAAA,CAEAC,gBAAA,CACA,QAAAN,UAAA,EACA,IAAAC,EAAA,uDACAA,CAAAA,EAAAT,IAAA,cACA,KAAAQ,UAAA,CAAAE,KAAA,CAAAD,GACA,KAAAD,UAAA,CAAAvB,KAAAA,CACA,CACA,CACA,CAQO,IAAA8B,EAAA,IAAAT,ECpCPU,EAAA,8BAIO,SAAAC,EAAAC,CAAA,EACP,MAAAA,GAGAF,EAAAA,EAAAG,OAAA,CAAAD,IAGA,OAAAA,CACA,CCCO,eAAAE,EAAAC,CAAA,MAqCPC,EAuCAC,EA3BAjC,EAKAkC,EASAC,CA7DA,EAAAJ,EAAAK,WAAA,EAAAL,EAAAM,SAAA,GACAC,QAAAC,IAAA,+TAEAR,EAAA,CAAoBK,YAAAL,CAAA,GAEpB,IAAYK,YAAAA,CAAA,CAAAI,gBAAAA,EAAA,IAAuCT,EACnD,IAASzC,IACT,yDAGA,IAAAmD,EAAA,CACA,GAAAL,CAAA,CACAC,UAAmB1D,EAAuByD,EAAAC,SAAA,EAC1CK,KAAA,CACA,GAAAN,EAAAM,IAAA,CACA3C,GAAgBpB,EAAuByD,EAAAM,IAAA,CAAA3C,EAAA,CACvC,EACA4C,mBAAAP,EAAAO,kBAAA,EAAAC,IAAgE/C,EAChE,EAEAgD,EAAA,GAMAL,GAEAK,CAAAA,EAAAC,SAAA,gBAGAD,EAAAJ,SAAA,CAAAA,EAEAI,EAAAtB,MAAA,CAA2BE,EAAoBR,oBAAA,GAG/C,IACAe,EAAA,MAAAe,UAAAC,WAAA,CAAAC,MAAA,CAAAJ,EACA,CACA,MAAAK,EAAA,CACA,MAAcC,SHlDP,CAAqCC,MAAAA,CAAA,CAAArB,QAAAA,CAAA,CAAiB,EAC7D,IAAYU,UAAAA,CAAA,EAAYV,EACxB,IAAAU,EACA,MAAApC,MAAA,mDAEA,GAAA+C,eAAAA,EAAA1C,IAAA,CACA,IAAAqB,EAAAR,MAAA,YAAA8B,YAEA,WAAuBjD,EAAa,CACpCG,QAAA,iDACAC,KAAA,yBACAC,MAAA2C,CACA,EACA,MAEA,GAAAA,oBAAAA,EAAA1C,IAAA,EACA,GAAA+B,EAAAa,sBAAA,EAAAC,qBAAA,GAEA,WAAuBnD,EAAa,CACpCG,QAAA,qFACAC,KAAA,8DACAC,MAAA2C,CACA,GAEA,GAEArB,gBAAAA,EAAAe,SAAA,EACAL,EAAAa,sBAAA,EAAAE,mBAAA,WAEA,WAAuBpD,EAAa,CACpCG,QAAA,6FACAC,KAAA,gDACAC,MAAA2C,CACA,GAEA,GAAAX,EAAAa,sBAAA,EAAAE,mBAAA,WAEA,WAAuBpD,EAAa,CACpCG,QAAA,6EACAC,KAAA,wDACAC,MAAA2C,CACA,EAEA,MACA,GAAAA,sBAAAA,EAAA1C,IAAA,CAGA,WAAmBN,EAAa,CAChCG,QAAA,8CACAC,KAAA,4CACAC,MAAA2C,CACA,QAEA,GAAAA,oBAAAA,EAAA1C,IAAA,CAKA,WAAmBN,EAAa,CAChCG,QAAA6C,EAAA7C,OAAA,CACAC,KAAA,uCACAC,MAAA2C,CACA,QAEA,GAAAA,sBAAAA,EAAA1C,IAAA,YAIuBN,EAFvBqD,IAAAA,EADAC,gBAAA,CAAAC,MAAA,IAAAC,eAAAA,EAAAC,IAAA,EACA9E,MAAA,CAEoC,CACpCwB,QAAA,wDACAC,KAAA,mCACAC,MAAA2C,CACA,EAGgC,CAChC7C,QAAA,wFACAC,KAAA,wDACAC,MAAA2C,CACA,QAEA,GAAAA,kBAAAA,EAAA1C,IAAA,EACA,IAAAoD,EAAArE,WAAAsE,QAAA,CAAA7D,QAAA,CACA,IAAaD,EAAa6D,GAE1B,WAAuB1D,EAAa,CACpCG,QAAA,GAA4Bd,WAAAsE,QAAA,CAAA7D,QAAA,sBAA8B,EAC1DM,KAAA,uBACAC,MAAA2C,CACA,GAEA,GAAAX,EAAAuB,EAAA,CAAAjE,EAAA,GAAA+D,EAEA,WAAuB1D,EAAa,CACpCG,QAAA,cAAuCkC,EAAAuB,EAAA,CAAAjE,EAAA,CAAgB,8BACvDS,KAAA,sBACAC,MAAA2C,CACA,EAEA,MACA,GAAAA,cAAAA,EAAA1C,IAAA,CACA,IAAA+B,EAAAC,IAAA,CAAA3C,EAAA,CAAAkE,UAAA,IAAAxB,EAAAC,IAAA,CAAA3C,EAAA,CAAAkE,UAAA,IAEA,WAAuB7D,EAAa,CACpCG,QAAA,8CACAC,KAAA,+BACAC,MAAA2C,CACA,EACA,MAEA,GAAAA,iBAAAA,EAAA1C,IAAA,CAGA,WAAmBN,EAAa,CAChCG,QAAA,sGACAC,KAAA,oCACAC,MAAA2C,CACA,GAEA,OAAAA,CACA,EGtEuC,CAAGA,MAAAF,EAAAnB,QAAAc,CAAA,EAC1C,CACA,IAAAb,EACA,8CAEA,IAAYjC,GAAAA,CAAA,CAAAmE,MAAAA,CAAA,CAAAC,SAAAA,CAAA,CAAAN,KAAAA,CAAA,EAA4B7B,EAQxC,GALA,mBAAAmC,EAAAC,aAAA,EACApE,CAAAA,EAAAmE,EAAAC,aAAA,IAIA,mBAAAD,EAAAE,qBAAA,CACA,IACAnC,EAAAiC,EAAAE,qBAAA,EACA,CACA,MAAAjB,EAAA,CACAkB,EAAA,0BAAAlB,EACA,CAGA,sBAAAe,EAAAI,YAAA,CACA,IACA,IAAAC,EAAAL,EAAAI,YAAA,EACA,QAAAC,GACArC,CAAAA,EAAoClE,EAAuBuG,EAAA,CAE3D,CACA,MAAApB,EAAA,CACAkB,EAAA,iBAAAlB,EACA,CAIA,sBAAAe,EAAAM,oBAAA,CACA,IACAxC,EAAwChE,EAAuBkG,EAAAM,oBAAA,GAC/D,CACA,MAAArB,EAAA,CACAkB,EAAA,yBAAAlB,EACA,CAEA,OACArD,GAAAA,EACAmE,MAAejG,EAAuBiG,GACtCC,SAAA,CACAO,kBAA+BzG,EAAuBkG,EAAAO,iBAAA,EACtDC,eAA4B1G,EAAuBkG,EAAAQ,cAAA,EACnD3E,WAAAA,EACA4E,mBAAA1C,EACAO,UAAAN,EACA0C,kBAAA5C,CACA,EACA4B,KAAAA,EACAiB,uBAAA9C,EAAA+C,yBAAA,GACAC,wBAAiCrD,EAAyBK,EAAAgD,uBAAA,CAC1D,CACA,CAKA,SAAAV,EAAAW,CAAA,CAAAxE,CAAA,EACA6B,QAAAC,IAAA,0FAA0G0C,EAAW;AAAA,EAAAxE,EACrH,CCjGO,IAAAyE,EAAA,CACP1F,SAAA,GAAAI,CACA,EEVO,eAAAuF,EAAApD,CAAA,MAaPqD,EAqCApD,EAWAqD,CA3DA,EAAAtD,EAAAK,WAAA,EAAAL,EAAAM,SAAA,GACAC,QAAAC,IAAA,iUAEAR,EAAA,CAAoBK,YAAAL,CAAA,GAEpB,IAAYK,YAAAA,CAAA,CAAAkD,mBAAAA,EAAA,GAAAC,2BAAAA,EAAA,IAA8ExD,EAC1F,IAASzC,IACT,wDAKA8C,CAAAA,EAAAgD,gBAAA,EAAArG,SAAA,GACAqG,CAAAA,EAAAhD,EAAAgD,gBAAA,EAAAxC,IAA6D/C,EAA+B,EAG5F,IAAA4C,EAAA,CACA,GAAAL,CAAA,CACAC,UAAmB1D,EAAuByD,EAAAC,SAAA,EAC1C+C,iBAAAA,CACA,EAEAI,EAAA,GAKA,GAAAF,EAAA,CACA,UAAoBG,WFvCpB,IAASnG,IACT,OAAA4F,EAAA1F,QAAA,KAAAkG,QAAA,GAAAC,EAAA,MAQA,IAAAC,EAAAnG,WACAC,mBAAA,QACA,GAAAmG,kCAAAlG,KAAAA,EACAuF,EAAA1F,QAAA,KAAAkG,QAAA,GAAAC,EAAA,MAEAT,EAAA1F,QAAA,CAAAoG,EAAAC,+BAAA,GACA,IEyBA,MAAAxF,MAAA,8CAKA,GAAAyF,SAFAC,gBAAA,oCAEAhH,MAAA,IAAAwG,EACA,MAAAlF,MAAA,oGAIAmF,CAAAA,EAAA1C,SAAA,eAEAL,EAAA2C,gBAAA,IAGAI,EAAA/C,SAAA,CAAAA,EAEA+C,EAAAjE,MAAA,CAAwBE,EAAoBR,oBAAA,GAG5C,IACAe,EAAA,MAAAe,UAAAC,WAAA,CAAAgD,GAAA,CAAAR,EACA,CACA,MAAAtC,EAAA,CACA,MAAc+C,SDjEP,CAAuC7C,MAAAA,CAAA,CAAArB,QAAAA,CAAA,CAAiB,EAC/D,IAAYU,UAAAA,CAAA,EAAYV,EACxB,IAAAU,EACA,MAAApC,MAAA,mDAEA,GAAA+C,eAAAA,EAAA1C,IAAA,CACA,IAAAqB,EAAAR,MAAA,YAAA8B,YAEA,WAAuBjD,EAAa,CACpCG,QAAA,mDACAC,KAAA,yBACAC,MAAA2C,CACA,EACA,MAEA,GAAAA,oBAAAA,EAAA1C,IAAA,CAKA,WAAmBN,EAAa,CAChCG,QAAA6C,EAAA7C,OAAA,CACAC,KAAA,uCACAC,MAAA2C,CACA,QAEA,GAAAA,kBAAAA,EAAA1C,IAAA,EACA,IAAAoD,EAAArE,WAAAsE,QAAA,CAAA7D,QAAA,CACA,IAAaD,EAAa6D,GAE1B,WAAuB1D,EAAa,CACpCG,QAAA,GAA4Bd,WAAAsE,QAAA,CAAA7D,QAAA,sBAA8B,EAC1DM,KAAA,uBACAC,MAAA2C,CACA,GAEA,GAAAX,EAAAyD,IAAA,GAAApC,EAEA,WAAuB1D,EAAa,CACpCG,QAAA,cAAuCkC,EAAAyD,IAAA,CAAe,8BACtD1F,KAAA,sBACAC,MAAA2C,CACA,EAEA,MACA,GAAAA,iBAAAA,EAAA1C,IAAA,CAGA,WAAmBN,EAAa,CAChCG,QAAA,+GACAC,KAAA,oCACAC,MAAA2C,CACA,GAEA,OAAAA,CACA,ECUyC,CAAGA,MAAAF,EAAAnB,QAAAyD,CAAA,EAC5C,CACA,IAAAxD,EACA,gDAEA,IAAYjC,GAAAA,CAAA,CAAAmE,MAAAA,CAAA,CAAAC,SAAAA,CAAA,CAAAN,KAAAA,CAAA,EAA4B7B,EAMxC,OAJAmC,EAAAkB,UAAA,EACAA,CAAAA,EAAqBpH,EAAuBkG,EAAAkB,UAAA,GAG5C,CACAtF,GAAAA,EACAmE,MAAejG,EAAuBiG,GACtCC,SAAA,CACAU,kBAA+B5G,EAAuBkG,EAAAU,iBAAA,EACtDF,eAA4B1G,EAAuBkG,EAAAQ,cAAA,EACnDwB,UAAuBlI,EAAuBkG,EAAAgC,SAAA,EAC9Cd,WAAAA,CACA,EACAxB,KAAAA,EACAiB,uBAAA9C,EAAA+C,yBAAA,GACAC,wBAAiCrD,EAAyBK,EAAAgD,uBAAA,CAC1D,CACA","sources":["webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/bufferToBase64URLString.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/base64URLStringToBuffer.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/browserSupportsWebAuthn.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/toPublicKeyCredentialDescriptor.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/isValidDomain.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/webAuthnError.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/identifyRegistrationError.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/webAuthnAbortService.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/toAuthenticatorAttachment.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/methods/startRegistration.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/browserSupportsWebAuthnAutofill.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/identifyAuthenticationError.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/methods/startAuthentication.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/helpers/platformAuthenticatorIsAvailable.js","webpack://_N_E/../../node_modules/@simplewebauthn/browser/esm/index.js"],"sourcesContent":["/**\n * Convert the given array buffer into a Base64URL-encoded string. Ideal for converting various\n * credential response ArrayBuffers to string for sending back to the server as JSON.\n *\n * Helper method to compliment `base64URLStringToBuffer`\n */\nexport function bufferToBase64URLString(buffer) {\n    const bytes = new Uint8Array(buffer);\n    let str = '';\n    for (const charCode of bytes) {\n        str += String.fromCharCode(charCode);\n    }\n    const base64String = btoa(str);\n    return base64String.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n","/**\n * Convert from a Base64URL-encoded string to an Array Buffer. Best used when converting a\n * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or\n * excludeCredentials\n *\n * Helper method to compliment `bufferToBase64URLString`\n */\nexport function base64URLStringToBuffer(base64URLString) {\n    // Convert from Base64URL to Base64\n    const base64 = base64URLString.replace(/-/g, '+').replace(/_/g, '/');\n    /**\n     * Pad with '=' until it's a multiple of four\n     * (4 - (85 % 4 = 1) = 3) % 4 = 3 padding\n     * (4 - (86 % 4 = 2) = 2) % 4 = 2 padding\n     * (4 - (87 % 4 = 3) = 1) % 4 = 1 padding\n     * (4 - (88 % 4 = 0) = 4) % 4 = 0 padding\n     */\n    const padLength = (4 - (base64.length % 4)) % 4;\n    const padded = base64.padEnd(base64.length + padLength, '=');\n    // Convert to a binary string\n    const binary = atob(padded);\n    // Convert binary string to buffer\n    const buffer = new ArrayBuffer(binary.length);\n    const bytes = new Uint8Array(buffer);\n    for (let i = 0; i < binary.length; i++) {\n        bytes[i] = binary.charCodeAt(i);\n    }\n    return buffer;\n}\n","/**\n * Determine if the browser is capable of Webauthn\n */\nexport function browserSupportsWebAuthn() {\n    return _browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== undefined &&\n        typeof globalThis.PublicKeyCredential === 'function');\n}\n/**\n * Make it possible to stub the return value during testing\n * @ignore Don't include this in docs output\n */\nexport const _browserSupportsWebAuthnInternals = {\n    stubThis: (value) => value,\n};\n","import { base64URLStringToBuffer } from './base64URLStringToBuffer.js';\nexport function toPublicKeyCredentialDescriptor(descriptor) {\n    const { id } = descriptor;\n    return {\n        ...descriptor,\n        id: base64URLStringToBuffer(id),\n        /**\n         * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer\n         * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports\n         * are fine to pass to WebAuthn since browsers will recognize the new value.\n         */\n        transports: descriptor.transports,\n    };\n}\n","/**\n * A simple test to determine if a hostname is a properly-formatted domain name\n *\n * A \"valid domain\" is defined here: https://url.spec.whatwg.org/#valid-domain\n *\n * Regex sourced from here:\n * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html\n */\nexport function isValidDomain(hostname) {\n    return (\n    // Consider localhost valid as well since it's okay wrt Secure Contexts\n    hostname === 'localhost' ||\n        /^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,}$/i.test(hostname));\n}\n","/**\n * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented\n * errors in the spec was raised after calling `navigator.credentials.create()` or\n * `navigator.credentials.get()`:\n *\n * - `AbortError`\n * - `ConstraintError`\n * - `InvalidStateError`\n * - `NotAllowedError`\n * - `NotSupportedError`\n * - `SecurityError`\n * - `TypeError`\n * - `UnknownError`\n *\n * Error messages were determined through investigation of the spec to determine under which\n * scenarios a given error would be raised.\n */\nexport class WebAuthnError extends Error {\n    constructor({ message, code, cause, name, }) {\n        // @ts-ignore: help Rollup understand that `cause` is okay to set\n        super(message, { cause });\n        Object.defineProperty(this, \"code\", {\n            enumerable: true,\n            configurable: true,\n            writable: true,\n            value: void 0\n        });\n        this.name = name ?? cause.name;\n        this.code = code;\n    }\n}\n","import { isValidDomain } from './isValidDomain.js';\nimport { WebAuthnError } from './webAuthnError.js';\n/**\n * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`\n */\nexport function identifyRegistrationError({ error, options, }) {\n    const { publicKey } = options;\n    if (!publicKey) {\n        throw Error('options was missing required publicKey property');\n    }\n    if (error.name === 'AbortError') {\n        if (options.signal instanceof AbortSignal) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)\n            return new WebAuthnError({\n                message: 'Registration ceremony was sent an abort signal',\n                code: 'ERROR_CEREMONY_ABORTED',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'ConstraintError') {\n        if (publicKey.authenticatorSelection?.requireResidentKey === true) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)\n            return new WebAuthnError({\n                message: 'Discoverable credentials were required but no available authenticator supported it',\n                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',\n                cause: error,\n            });\n        }\n        else if (\n        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024\n        options.mediation === 'conditional' &&\n            publicKey.authenticatorSelection?.userVerification === 'required') {\n            // https://w3c.github.io/webauthn/#sctn-createCredential (Step 22.4)\n            return new WebAuthnError({\n                message: 'User verification was required during automatic registration but it could not be performed',\n                code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',\n                cause: error,\n            });\n        }\n        else if (publicKey.authenticatorSelection?.userVerification === 'required') {\n            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)\n            return new WebAuthnError({\n                message: 'User verification was required but no available authenticator supported it',\n                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'InvalidStateError') {\n        // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)\n        return new WebAuthnError({\n            message: 'The authenticator was previously registered',\n            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',\n            cause: error,\n        });\n    }\n    else if (error.name === 'NotAllowedError') {\n        /**\n         * Pass the error directly through. Platforms are overloading this error beyond what the spec\n         * defines and we don't want to overwrite potentially useful error messages.\n         */\n        return new WebAuthnError({\n            message: error.message,\n            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',\n            cause: error,\n        });\n    }\n    else if (error.name === 'NotSupportedError') {\n        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');\n        if (validPubKeyCredParams.length === 0) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)\n            return new WebAuthnError({\n                message: 'No entry in pubKeyCredParams was of type \"public-key\"',\n                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',\n                cause: error,\n            });\n        }\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)\n        return new WebAuthnError({\n            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',\n            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',\n            cause: error,\n        });\n    }\n    else if (error.name === 'SecurityError') {\n        const effectiveDomain = globalThis.location.hostname;\n        if (!isValidDomain(effectiveDomain)) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)\n            return new WebAuthnError({\n                message: `${globalThis.location.hostname} is an invalid domain`,\n                code: 'ERROR_INVALID_DOMAIN',\n                cause: error,\n            });\n        }\n        else if (publicKey.rp.id !== effectiveDomain) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)\n            return new WebAuthnError({\n                message: `The RP ID \"${publicKey.rp.id}\" is invalid for this domain`,\n                code: 'ERROR_INVALID_RP_ID',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'TypeError') {\n        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)\n            return new WebAuthnError({\n                message: 'User ID was not between 1 and 64 characters',\n                code: 'ERROR_INVALID_USER_ID_LENGTH',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'UnknownError') {\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)\n        return new WebAuthnError({\n            message: 'The authenticator was unable to process the specified options, or could not create a new credential',\n            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',\n            cause: error,\n        });\n    }\n    return error;\n}\n","class BaseWebAuthnAbortService {\n    constructor() {\n        Object.defineProperty(this, \"controller\", {\n            enumerable: true,\n            configurable: true,\n            writable: true,\n            value: void 0\n        });\n    }\n    createNewAbortSignal() {\n        // Abort any existing calls to navigator.credentials.create() or navigator.credentials.get()\n        if (this.controller) {\n            const abortError = new Error('Cancelling existing WebAuthn API call for new one');\n            abortError.name = 'AbortError';\n            this.controller.abort(abortError);\n        }\n        const newController = new AbortController();\n        this.controller = newController;\n        return newController.signal;\n    }\n    cancelCeremony() {\n        if (this.controller) {\n            const abortError = new Error('Manually cancelling existing WebAuthn API call');\n            abortError.name = 'AbortError';\n            this.controller.abort(abortError);\n            this.controller = undefined;\n        }\n    }\n}\n/**\n * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.\n *\n * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.\n * developers building projects that use client-side routing to better control the behavior of\n * their UX in response to router navigation events.\n */\nexport const WebAuthnAbortService = new BaseWebAuthnAbortService();\n","const attachments = ['cross-platform', 'platform'];\n/**\n * If possible coerce a `string` value into a known `AuthenticatorAttachment`\n */\nexport function toAuthenticatorAttachment(attachment) {\n    if (!attachment) {\n        return;\n    }\n    if (attachments.indexOf(attachment) < 0) {\n        return;\n    }\n    return attachment;\n}\n","import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';\nimport { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';\nimport { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';\nimport { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';\nimport { identifyRegistrationError } from '../helpers/identifyRegistrationError.js';\nimport { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';\nimport { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';\n/**\n * Begin authenticator \"registration\" via WebAuthn attestation\n *\n * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`\n * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.\n */\nexport async function startRegistration(options) {\n    // @ts-ignore: Intentionally check for old call structure to warn about improper API call\n    if (!options.optionsJSON && options.challenge) {\n        console.warn('startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.');\n        // @ts-ignore: Reassign the options, passed in as a positional argument, to the expected variable\n        options = { optionsJSON: options };\n    }\n    const { optionsJSON, useAutoRegister = false } = options;\n    if (!browserSupportsWebAuthn()) {\n        throw new Error('WebAuthn is not supported in this browser');\n    }\n    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator\n    const publicKey = {\n        ...optionsJSON,\n        challenge: base64URLStringToBuffer(optionsJSON.challenge),\n        user: {\n            ...optionsJSON.user,\n            id: base64URLStringToBuffer(optionsJSON.user.id),\n        },\n        excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor),\n    };\n    // Prepare options for `.create()`\n    const createOptions = {};\n    /**\n     * Try to use conditional create to register a passkey for the user with the password manager\n     * the user just used to authenticate with. The user won't be shown any prominent UI by the\n     * browser.\n     */\n    if (useAutoRegister) {\n        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024\n        createOptions.mediation = 'conditional';\n    }\n    // Finalize options\n    createOptions.publicKey = publicKey;\n    // Set up the ability to cancel this request if the user attempts another\n    createOptions.signal = WebAuthnAbortService.createNewAbortSignal();\n    // Wait for the user to complete attestation\n    let credential;\n    try {\n        credential = (await navigator.credentials.create(createOptions));\n    }\n    catch (err) {\n        throw identifyRegistrationError({ error: err, options: createOptions });\n    }\n    if (!credential) {\n        throw new Error('Registration was not completed');\n    }\n    const { id, rawId, response, type } = credential;\n    // Continue to play it safe with `getTransports()` for now, even when L3 types say it's required\n    let transports = undefined;\n    if (typeof response.getTransports === 'function') {\n        transports = response.getTransports();\n    }\n    // L3 says this is required, but browser and webview support are still not guaranteed.\n    let responsePublicKeyAlgorithm = undefined;\n    if (typeof response.getPublicKeyAlgorithm === 'function') {\n        try {\n            responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();\n        }\n        catch (error) {\n            warnOnBrokenImplementation('getPublicKeyAlgorithm()', error);\n        }\n    }\n    let responsePublicKey = undefined;\n    if (typeof response.getPublicKey === 'function') {\n        try {\n            const _publicKey = response.getPublicKey();\n            if (_publicKey !== null) {\n                responsePublicKey = bufferToBase64URLString(_publicKey);\n            }\n        }\n        catch (error) {\n            warnOnBrokenImplementation('getPublicKey()', error);\n        }\n    }\n    // L3 says this is required, but browser and webview support are still not guaranteed.\n    let responseAuthenticatorData;\n    if (typeof response.getAuthenticatorData === 'function') {\n        try {\n            responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());\n        }\n        catch (error) {\n            warnOnBrokenImplementation('getAuthenticatorData()', error);\n        }\n    }\n    return {\n        id,\n        rawId: bufferToBase64URLString(rawId),\n        response: {\n            attestationObject: bufferToBase64URLString(response.attestationObject),\n            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),\n            transports,\n            publicKeyAlgorithm: responsePublicKeyAlgorithm,\n            publicKey: responsePublicKey,\n            authenticatorData: responseAuthenticatorData,\n        },\n        type,\n        clientExtensionResults: credential.getClientExtensionResults(),\n        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),\n    };\n}\n/**\n * Visibly warn when we detect an issue related to a passkey provider intercepting WebAuthn API\n * calls\n */\nfunction warnOnBrokenImplementation(methodName, cause) {\n    console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.\\n`, cause);\n}\n","import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';\n/**\n * Determine if the browser supports conditional UI, so that WebAuthn credentials can\n * be shown to the user in the browser's typical password autofill popup.\n */\nexport function browserSupportsWebAuthnAutofill() {\n    if (!browserSupportsWebAuthn()) {\n        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));\n    }\n    /**\n     * I don't like the `as unknown` here but there's a `declare var PublicKeyCredential` in\n     * TS' DOM lib that's making it difficult for me to just go `as PublicKeyCredentialFuture` as I\n     * want. I think I'm fine with this for now since it's _supposed_ to be temporary, until TS types\n     * have a chance to catch up.\n     */\n    const globalPublicKeyCredential = globalThis\n        .PublicKeyCredential;\n    if (globalPublicKeyCredential?.isConditionalMediationAvailable === undefined) {\n        return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));\n    }\n    return _browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());\n}\n// Make it possible to stub the return value during testing\nexport const _browserSupportsWebAuthnAutofillInternals = {\n    stubThis: (value) => value,\n};\n","import { isValidDomain } from './isValidDomain.js';\nimport { WebAuthnError } from './webAuthnError.js';\n/**\n * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`\n */\nexport function identifyAuthenticationError({ error, options, }) {\n    const { publicKey } = options;\n    if (!publicKey) {\n        throw Error('options was missing required publicKey property');\n    }\n    if (error.name === 'AbortError') {\n        if (options.signal instanceof AbortSignal) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)\n            return new WebAuthnError({\n                message: 'Authentication ceremony was sent an abort signal',\n                code: 'ERROR_CEREMONY_ABORTED',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'NotAllowedError') {\n        /**\n         * Pass the error directly through. Platforms are overloading this error beyond what the spec\n         * defines and we don't want to overwrite potentially useful error messages.\n         */\n        return new WebAuthnError({\n            message: error.message,\n            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',\n            cause: error,\n        });\n    }\n    else if (error.name === 'SecurityError') {\n        const effectiveDomain = globalThis.location.hostname;\n        if (!isValidDomain(effectiveDomain)) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5)\n            return new WebAuthnError({\n                message: `${globalThis.location.hostname} is an invalid domain`,\n                code: 'ERROR_INVALID_DOMAIN',\n                cause: error,\n            });\n        }\n        else if (publicKey.rpId !== effectiveDomain) {\n            // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6)\n            return new WebAuthnError({\n                message: `The RP ID \"${publicKey.rpId}\" is invalid for this domain`,\n                code: 'ERROR_INVALID_RP_ID',\n                cause: error,\n            });\n        }\n    }\n    else if (error.name === 'UnknownError') {\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1)\n        // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12)\n        return new WebAuthnError({\n            message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',\n            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',\n            cause: error,\n        });\n    }\n    return error;\n}\n","import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString.js';\nimport { base64URLStringToBuffer } from '../helpers/base64URLStringToBuffer.js';\nimport { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn.js';\nimport { browserSupportsWebAuthnAutofill } from '../helpers/browserSupportsWebAuthnAutofill.js';\nimport { toPublicKeyCredentialDescriptor } from '../helpers/toPublicKeyCredentialDescriptor.js';\nimport { identifyAuthenticationError } from '../helpers/identifyAuthenticationError.js';\nimport { WebAuthnAbortService } from '../helpers/webAuthnAbortService.js';\nimport { toAuthenticatorAttachment } from '../helpers/toAuthenticatorAttachment.js';\n/**\n * Begin authenticator \"login\" via WebAuthn assertion\n *\n * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`\n * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.\n * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.\n */\nexport async function startAuthentication(options) {\n    // @ts-ignore: Intentionally check for old call structure to warn about improper API call\n    if (!options.optionsJSON && options.challenge) {\n        console.warn('startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.');\n        // @ts-ignore: Reassign the options, passed in as a positional argument, to the expected variable\n        options = { optionsJSON: options };\n    }\n    const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;\n    if (!browserSupportsWebAuthn()) {\n        throw new Error('WebAuthn is not supported in this browser');\n    }\n    // We need to avoid passing empty array to avoid blocking retrieval\n    // of public key\n    let allowCredentials;\n    if (optionsJSON.allowCredentials?.length !== 0) {\n        allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);\n    }\n    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator\n    const publicKey = {\n        ...optionsJSON,\n        challenge: base64URLStringToBuffer(optionsJSON.challenge),\n        allowCredentials,\n    };\n    // Prepare options for `.get()`\n    const getOptions = {};\n    /**\n     * Set up the page to prompt the user to select a credential for authentication via the browser's\n     * input autofill mechanism.\n     */\n    if (useBrowserAutofill) {\n        if (!(await browserSupportsWebAuthnAutofill())) {\n            throw Error('Browser does not support WebAuthn autofill');\n        }\n        // Check for an <input> with \"webauthn\" in its `autocomplete` attribute\n        const eligibleInputs = document.querySelectorAll(\"input[autocomplete$='webauthn']\");\n        // WebAuthn autofill requires at least one valid input\n        if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {\n            throw Error('No <input> with \"webauthn\" as the only or last value in its `autocomplete` attribute was detected');\n        }\n        // `CredentialMediationRequirement` doesn't know about \"conditional\" yet as of\n        // typescript@4.6.3\n        getOptions.mediation = 'conditional';\n        // Conditional UI requires an empty allow list\n        publicKey.allowCredentials = [];\n    }\n    // Finalize options\n    getOptions.publicKey = publicKey;\n    // Set up the ability to cancel this request if the user attempts another\n    getOptions.signal = WebAuthnAbortService.createNewAbortSignal();\n    // Wait for the user to complete assertion\n    let credential;\n    try {\n        credential = (await navigator.credentials.get(getOptions));\n    }\n    catch (err) {\n        throw identifyAuthenticationError({ error: err, options: getOptions });\n    }\n    if (!credential) {\n        throw new Error('Authentication was not completed');\n    }\n    const { id, rawId, response, type } = credential;\n    let userHandle = undefined;\n    if (response.userHandle) {\n        userHandle = bufferToBase64URLString(response.userHandle);\n    }\n    // Convert values to base64 to make it easier to send back to the server\n    return {\n        id,\n        rawId: bufferToBase64URLString(rawId),\n        response: {\n            authenticatorData: bufferToBase64URLString(response.authenticatorData),\n            clientDataJSON: bufferToBase64URLString(response.clientDataJSON),\n            signature: bufferToBase64URLString(response.signature),\n            userHandle,\n        },\n        type,\n        clientExtensionResults: credential.getClientExtensionResults(),\n        authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment),\n    };\n}\n","import { browserSupportsWebAuthn } from './browserSupportsWebAuthn.js';\n/**\n * Determine whether the browser can communicate with a built-in authenticator, like\n * Touch ID, Android fingerprint scanner, or Windows Hello.\n *\n * This method will _not_ be able to tell you the name of the platform authenticator.\n */\nexport function platformAuthenticatorIsAvailable() {\n    if (!browserSupportsWebAuthn()) {\n        return new Promise((resolve) => resolve(false));\n    }\n    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();\n}\n","export * from './methods/startRegistration.js';\nexport * from './methods/startAuthentication.js';\nexport * from './helpers/browserSupportsWebAuthn.js';\nexport * from './helpers/platformAuthenticatorIsAvailable.js';\nexport * from './helpers/browserSupportsWebAuthnAutofill.js';\nexport * from './helpers/base64URLStringToBuffer.js';\nexport * from './helpers/bufferToBase64URLString.js';\nexport * from './helpers/webAuthnAbortService.js';\nexport * from './helpers/webAuthnError.js';\nexport * from './types/index.js';\n"],"names":["bufferToBase64URLString","buffer","bytes","Uint8Array","str","charCode","String","fromCharCode","base64String","replace","base64URLStringToBuffer","base64URLString","base64","padLength","length","binary","atob","padEnd","ArrayBuffer","i","charCodeAt","browserSupportsWebAuthn_browserSupportsWebAuthn","_browserSupportsWebAuthnInternals","stubThis","globalThis","PublicKeyCredential","undefined","value","toPublicKeyCredentialDescriptor","descriptor","id","transports","isValidDomain","hostname","test","WebAuthnError","Error","constructor","message","code","cause","name","Object","defineProperty","enumerable","configurable","writable","BaseWebAuthnAbortService","createNewAbortSignal","controller","abortError","abort","newController","AbortController","signal","cancelCeremony","WebAuthnAbortService","attachments","toAuthenticatorAttachment","attachment","indexOf","startRegistration","options","credential","responseAuthenticatorData","responsePublicKeyAlgorithm","responsePublicKey","optionsJSON","challenge","console","warn","useAutoRegister","publicKey","user","excludeCredentials","map","createOptions","mediation","navigator","credentials","create","err","identifyRegistrationError","error","AbortSignal","authenticatorSelection","requireResidentKey","userVerification","validPubKeyCredParams","pubKeyCredParams","filter","param","type","effectiveDomain","location","rp","byteLength","rawId","response","getTransports","getPublicKeyAlgorithm","warnOnBrokenImplementation","getPublicKey","_publicKey","getAuthenticatorData","attestationObject","clientDataJSON","publicKeyAlgorithm","authenticatorData","clientExtensionResults","getClientExtensionResults","authenticatorAttachment","methodName","_browserSupportsWebAuthnAutofillInternals","startAuthentication","allowCredentials","userHandle","useBrowserAutofill","verifyBrowserAutofillInput","getOptions","browserSupportsWebAuthnAutofill","Promise","resolve","globalPublicKeyCredential","isConditionalMediationAvailable","eligibleInputs","querySelectorAll","get","identifyAuthenticationError","rpId","signature"],"sourceRoot":""}