6 files changed, 139 insertions, 65 deletions

diff --git a/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts b/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts
index 117bf4c..afc1176 100644
--- a/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts
+++ b/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts
@@ -1,4 +1,3 @@
-/* eslint-disable @typescript-eslint/ban-ts-comment */
 import { PublicKeyCredentialFuture } from '@simplewebauthn/typescript-types';
 
 /**
diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts
index 600a2d6..e617a7d 100644
--- a/packages/browser/src/helpers/identifyAuthenticationError.ts
+++ b/packages/browser/src/helpers/identifyAuthenticationError.ts
@@ -1,5 +1,5 @@
 import { isValidDomain } from './isValidDomain';
-import { WebAuthnError } from './structs';
+import { WebAuthnError } from './webAuthnError';
 
 /**
  * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()`
@@ -20,32 +20,47 @@ export function identifyAuthenticationError({
   if (error.name === 'AbortError') {
     if (options.signal === new AbortController().signal) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
-      return new WebAuthnError('Authentication ceremony was sent an abort signal', 'AbortError');
+      return new WebAuthnError({
+        message: 'Authentication ceremony was sent an abort signal',
+        code: 'ERROR_CEREMONY_ABORTED',
+        cause: error,
+      });
     }
   } else if (error.name === 'NotAllowedError') {
     /**
      * Pass the error directly through. Platforms are overloading this error beyond what the spec
      * defines and we don't want to overwrite potentially useful error messages.
      */
+    return new WebAuthnError({
+      message: error.message,
+      code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+      cause: error,
+    });
   } else if (error.name === 'SecurityError') {
     const effectiveDomain = window.location.hostname;
     if (!isValidDomain(effectiveDomain)) {
       // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5)
-      return new WebAuthnError(`${window.location.hostname} is an invalid domain`, 'SecurityError');
+      return new WebAuthnError({
+        message: `${window.location.hostname} is an invalid domain`,
+        code: 'ERROR_INVALID_DOMAIN',
+        cause: error,
+      });
     } else if (publicKey.rpId !== effectiveDomain) {
       // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6)
-      return new WebAuthnError(
-        `The RP ID "${publicKey.rpId}" is invalid for this domain`,
-        'SecurityError',
-      );
+      return new WebAuthnError({
+        message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+        code: 'ERROR_INVALID_RP_ID',
+        cause: error,
+      });
     }
   } else if (error.name === 'UnknownError') {
     // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1)
     // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12)
-    return new WebAuthnError(
-      'The authenticator was unable to process the specified options, or could not create a new assertion signature',
-      'UnknownError',
-    );
+    return new WebAuthnError({
+      message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature',
+      code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+      cause: error,
+    });
   }
 
   return error;
diff --git a/packages/browser/src/helpers/identifyRegistrationError.ts b/packages/browser/src/helpers/identifyRegistrationError.ts
index 9b76454..4649fb9 100644
--- a/packages/browser/src/helpers/identifyRegistrationError.ts
+++ b/packages/browser/src/helpers/identifyRegistrationError.ts
@@ -1,5 +1,5 @@
 import { isValidDomain } from './isValidDomain';
-import { WebAuthnError } from './structs';
+import { WebAuthnError } from './webAuthnError';
 
 /**
  * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
@@ -20,31 +20,46 @@ export function identifyRegistrationError({
   if (error.name === 'AbortError') {
     if (options.signal === new AbortController().signal) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
-      return new WebAuthnError('Registration ceremony was sent an abort signal', 'AbortError');
+      return new WebAuthnError({
+        message: 'Registration ceremony was sent an abort signal',
+        code: 'ERROR_CEREMONY_ABORTED',
+        cause: error,
+      });
     }
   } else if (error.name === 'ConstraintError') {
     if (publicKey.authenticatorSelection?.requireResidentKey === true) {
       // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)
-      return new WebAuthnError(
-        'Discoverable credentials were required but no available authenticator supported it',
-        'ConstraintError',
-      );
+      return new WebAuthnError({
+        message: 'Discoverable credentials were required but no available authenticator supported it',
+        code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
+        cause: error,
+      });
     } else if (publicKey.authenticatorSelection?.userVerification === 'required') {
       // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)
-      return new WebAuthnError(
-        'User verification was required but no available authenticator supported it',
-        'ConstraintError',
-      );
+      return new WebAuthnError({
+        message: 'User verification was required but no available authenticator supported it',
+        code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
+        cause: error,
+      });
     }
   } else if (error.name === 'InvalidStateError') {
     // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)
     // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)
-    return new WebAuthnError('The authenticator was previously registered', 'InvalidStateError');
+    return new WebAuthnError({
+      message: 'The authenticator was previously registered',
+      code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
+      cause: error
+    });
   } else if (error.name === 'NotAllowedError') {
     /**
      * Pass the error directly through. Platforms are overloading this error beyond what the spec
      * defines and we don't want to overwrite potentially useful error messages.
      */
+    return new WebAuthnError({
+      message: error.message,
+      code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+      cause: error,
+    });
   } else if (error.name === 'NotSupportedError') {
     const validPubKeyCredParams = publicKey.pubKeyCredParams.filter(
       param => param.type === 'public-key',
@@ -52,41 +67,53 @@ export function identifyRegistrationError({
 
     if (validPubKeyCredParams.length === 0) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)
-      return new WebAuthnError(
-        'No entry in pubKeyCredParams was of type "public-key"',
-        'NotSupportedError',
-      );
+      return new WebAuthnError({
+        message: 'No entry in pubKeyCredParams was of type "public-key"',
+        code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
+        cause: error,
+      });
     }
 
     // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)
-    return new WebAuthnError(
-      'No available authenticator supported any of the specified pubKeyCredParams algorithms',
-      'NotSupportedError',
-    );
+    return new WebAuthnError({
+      message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
+      code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
+      cause: error,
+    });
   } else if (error.name === 'SecurityError') {
     const effectiveDomain = window.location.hostname;
     if (!isValidDomain(effectiveDomain)) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)
-      return new WebAuthnError(`${window.location.hostname} is an invalid domain`, 'SecurityError');
+      return new WebAuthnError({
+        message: `${window.location.hostname} is an invalid domain`,
+        code: 'ERROR_INVALID_DOMAIN',
+        cause: error
+      });
     } else if (publicKey.rp.id !== effectiveDomain) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)
-      return new WebAuthnError(
-        `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
-        'SecurityError',
-      );
+      return new WebAuthnError({
+        message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+        code: 'ERROR_INVALID_RP_ID',
+        cause: error,
+      });
     }
   } else if (error.name === 'TypeError') {
     if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
       // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)
-      return new WebAuthnError('User ID was not between 1 and 64 characters', 'TypeError');
+      return new WebAuthnError({
+        message: 'User ID was not between 1 and 64 characters',
+        code: 'ERROR_INVALID_USER_ID_LENGTH',
+        cause: error,
+      });
     }
   } else if (error.name === 'UnknownError') {
     // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)
     // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)
-    return new WebAuthnError(
-      'The authenticator was unable to process the specified options, or could not create a new credential',
-      'UnknownError',
-    );
+    return new WebAuthnError({
+      message: 'The authenticator was unable to process the specified options, or could not create a new credential',
+      code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+      cause: error,
+    });
   }
 
   return error;
diff --git a/packages/browser/src/helpers/structs.ts b/packages/browser/src/helpers/structs.ts
deleted file mode 100644
index 8ae01b7..0000000
--- a/packages/browser/src/helpers/structs.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-/**
- * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
- * errors in the spec was raised after calling `navigator.credentials.create()` or
- * `navigator.credentials.get()`:
- *
- * - `AbortError`
- * - `ConstraintError`
- * - `InvalidStateError`
- * - `NotAllowedError`
- * - `NotSupportedError`
- * - `SecurityError`
- * - `TypeError`
- * - `UnknownError`
- *
- * Error messages were determined through investigation of the spec to determine under which
- * scenarios a given error would be raised.
- */
-export class WebAuthnError extends Error {
-  constructor(message: string, name = 'WebAuthnError') {
-    super(message);
-    this.name = name;
-  }
-}
diff --git a/packages/browser/src/helpers/webAuthnAbortService.test.ts b/packages/browser/src/helpers/webAuthnAbortService.test.ts
index 294a894..b3ec518 100644
--- a/packages/browser/src/helpers/webAuthnAbortService.test.ts
+++ b/packages/browser/src/helpers/webAuthnAbortService.test.ts
@@ -14,7 +14,7 @@ test('should call abort() on existing controller when creating a new signal', ()
   // Spy on the existing instance of AbortController
   const abortSpy = jest.fn();
   // @ts-ignore
-  webauthnAbortService.controller?.abort = abortSpy;
+  webauthnAbortService.controller.abort = abortSpy;
 
   // Generate a new signal, which should call `abort()` on the existing controller
   webauthnAbortService.createNewAbortSignal();
diff --git a/packages/browser/src/helpers/webAuthnError.ts b/packages/browser/src/helpers/webAuthnError.ts
new file mode 100644
index 0000000..1debec0
--- /dev/null
+++ b/packages/browser/src/helpers/webAuthnError.ts
@@ -0,0 +1,56 @@
+/* eslint-disable @typescript-eslint/ban-ts-comment */
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
+export class WebAuthnError extends Error {
+  code: WebAuthnErrorCode;
+
+  constructor({
+    message,
+    code,
+    cause,
+    name,
+  }: {
+    message: string,
+    code: WebAuthnErrorCode,
+    cause: Error,
+    name?: string,
+  }) {
+    /**
+     * `cause` is supported in evergreen browsers, but not IE10, so this ts-ignore is to
+     * help Rollup complete the ES5 build.
+     */
+    // @ts-ignore
+    super(message, { cause })
+    this.name = name ?? cause.name;
+    this.code = code;
+  }
+}
+
+export type WebAuthnErrorCode =
+  'ERROR_CEREMONY_ABORTED'
+  | 'ERROR_INVALID_DOMAIN'
+  | 'ERROR_INVALID_RP_ID'
+  | 'ERROR_INVALID_USER_ID_LENGTH'
+  | 'ERROR_MALFORMED_PUBKEYCREDPARAMS'
+  | 'ERROR_AUTHENTICATOR_GENERAL_ERROR'
+  | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT'
+  | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT'
+  | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED'
+  | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG'
+  | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY'
+  ;