import { DeviceInfo } from "./device_history"; import { fetchConfig } from "../shared"; import { Session } from "./sessions"; import { User, WebAuthnRegistration } from "./users"; export interface WebAuthnCredential { credential_id: string; webauthn_registration_id: string; type: string; public_key: string; } export interface WebAuthnAuthenticateRequest { /** * The response of the * [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential). */ public_key_credential: string; session_token?: string; /** * Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't * already exist, * returning both an opaque `session_token` and `session_jwt` for this session. Remember that the * `session_jwt` will have a fixed lifetime of * five minutes regardless of the underlying session duration, and will need to be refreshed over time. * * This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). * * If a `session_token` or `session_jwt` is provided then a successful authentication will continue to * extend the session this many minutes. * * If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. */ session_duration_minutes?: number; session_jwt?: string; /** * Add a custom claims map to the Session being authenticated. Claims are only created if a Session is * initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session * object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, * supply a null value. * * Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be * ignored. Total custom claims size cannot exceed four kilobytes. */ session_custom_claims?: Record; /** * If the `telemetry_id` is passed, as part of this request, Stytch will call the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated * fingerprints and IPGEO information for the User. Your workspace must be enabled for Device * Fingerprinting to use this feature. */ telemetry_id?: string; } export interface WebAuthnAuthenticateResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; user_id: string; webauthn_registration_id: string; session_token: string; session_jwt: string; /** * The `user` object affected by this API call. See the * [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details. */ user: User; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; /** * If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll * receive a full Session object in the response. * * See [Session object](https://stytch.com/docs/api/session-object) for complete response fields. * */ session?: Session; /** * If a valid `telemetry_id` was passed in the request and the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the * `user_device` response field will contain information about the user's device attributes. */ user_device?: DeviceInfo; } export interface WebAuthnAuthenticateStartRequest { domain: string; /** * The `user_id` of an active user the Passkey or WebAuthn registration should be tied to. You may use an * `external_id` here if one is set for the user. */ user_id?: string; /** * If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with * `userVerification` set to `"preferred"`. * */ return_passkey_credential_options?: boolean; /** * If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this * option to true when using built-in browser methods like `navigator.credentials.create` and * `navigator.credentials.get`. */ use_base64_url_encoding?: boolean; } export interface WebAuthnAuthenticateStartResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; user_id: string; public_key_credential_request_options: string; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; } export interface WebAuthnListCredentialsRequest { user_id: string; domain: string; } export interface WebAuthnListCredentialsResponse { credentials: WebAuthnCredential[]; /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; } export interface WebAuthnRegisterRequest { /** * The `user_id` of an active user the Passkey or WebAuthn registration should be tied to. You may use an * `external_id` here if one is set for the user. */ user_id: string; /** * The response of the * [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential). */ public_key_credential: string; session_token?: string; /** * Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't * already exist, * returning both an opaque `session_token` and `session_jwt` for this session. Remember that the * `session_jwt` will have a fixed lifetime of * five minutes regardless of the underlying session duration, and will need to be refreshed over time. * * This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). * * If a `session_token` or `session_jwt` is provided then a successful authentication will continue to * extend the session this many minutes. * * If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. */ session_duration_minutes?: number; session_jwt?: string; /** * Add a custom claims map to the Session being authenticated. Claims are only created if a Session is * initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session * object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, * supply a null value. * * Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be * ignored. Total custom claims size cannot exceed four kilobytes. */ session_custom_claims?: Record; /** * If the `telemetry_id` is passed, as part of this request, Stytch will call the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated * fingerprints and IPGEO information for the User. Your workspace must be enabled for Device * Fingerprinting to use this feature. */ telemetry_id?: string; } export interface WebAuthnRegisterResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; user_id: string; webauthn_registration_id: string; session_token: string; session_jwt: string; user: User; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; /** * If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll * receive a full Session object in the response. * * See [Session object](https://stytch.com/docs/api/session-object) for complete response fields. * */ session?: Session; /** * If a valid `telemetry_id` was passed in the request and the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the * `user_device` response field will contain information about the user's device attributes. */ user_device?: DeviceInfo; } export interface WebAuthnRegisterStartRequest { /** * The `user_id` of an active user the Passkey or WebAuthn registration should be tied to. You may use an * `external_id` here if one is set for the user. */ user_id: string; domain: string; user_agent?: string; /** * The requested authenticator type of the Passkey or WebAuthn device. The two valid values are platform * and cross-platform. If no value passed, we assume both values are allowed. */ authenticator_type?: string; /** * If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with * `residentKey` set to `"required"` and `userVerification` set to `"preferred"`. * */ return_passkey_credential_options?: boolean; override_id?: string; override_name?: string; override_display_name?: string; /** * If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this * option to true when using built-in browser methods like `navigator.credentials.create` and * `navigator.credentials.get`. */ use_base64_url_encoding?: boolean; } export interface WebAuthnRegisterStartResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; user_id: string; public_key_credential_creation_options: string; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; } export interface WebAuthnUpdateRequest { /** * Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The * `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. */ webauthn_registration_id: string; name: string; } export interface WebAuthnUpdateResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; webauthn_registration?: WebAuthnRegistration; } export declare class WebAuthn { private fetchConfig; constructor(fetchConfig: fetchConfig); /** * Initiate the process of creating a new Passkey or WebAuthn registration. * * To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`. * * After calling this endpoint, the browser will need to call * [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data * from * [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) * passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) * request via the public key argument. * * When using built-in browser methods like `navigator.credentials.create()`, set the * `use_base64_url_encoding` option to `true`. * * See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage * instructions and example code. * @param data {@link WebAuthnRegisterStartRequest} * @returns {@link WebAuthnRegisterStartResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ registerStart(data: WebAuthnRegisterStartRequest): Promise; /** * Complete the creation of a WebAuthn registration by passing the response from the * [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to * this endpoint as the `public_key_credential` parameter. * * See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage * instructions and example code. * @param data {@link WebAuthnRegisterRequest} * @returns {@link WebAuthnRegisterResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ register(data: WebAuthnRegisterRequest): Promise; /** * Initiate the authentication of a Passkey or WebAuthn registration. * * To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`. * * After calling this endpoint, the browser will need to call * [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from * `public_key_credential_request_options` passed to the * [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the * public key argument. * * When using built-in browser methods like `navigator.credentials.get()`, set the * `use_base64_url_encoding` option to `true`. * * See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage * instructions and example code. * @param data {@link WebAuthnAuthenticateStartRequest} * @returns {@link WebAuthnAuthenticateStartResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ authenticateStart(data: WebAuthnAuthenticateStartRequest): Promise; /** * Complete the authentication of a Passkey or WebAuthn registration by passing the response from the * [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the * authenticate endpoint. * * See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage * instructions and example code. * @param data {@link WebAuthnAuthenticateRequest} * @returns {@link WebAuthnAuthenticateResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ authenticate(data: WebAuthnAuthenticateRequest): Promise; /** * Updates a Passkey or WebAuthn registration. * @param data {@link WebAuthnUpdateRequest} * @returns {@link WebAuthnUpdateResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ update(data: WebAuthnUpdateRequest): Promise; /** * List the public key credentials of the WebAuthn Registrations or Passkeys registered to a specific User. * @param params {@link WebAuthnListCredentialsRequest} * @returns {@link WebAuthnListCredentialsResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ listCredentials(params: WebAuthnListCredentialsRequest): Promise; }