Releases: MasterKale/SimpleWebAuthn
v6.2.0
Packages:
- @simplewebauthn/server@6.2.0
Changes:
- [server] The value of the user verification flag is now returned from
verifyAuthenticationResponse()
asauthenticationInfo.userVerified
, similar to howverifyRegistrationResponse()
currently returns this value.
v6.1.0
v6.0.0 - The one with Ed25519 Support
This release marks the return of the library's ability to pass FIDO Conformance 🎉
Adding Ed25519 signature verification (see below) finally allowed the library to pass all required tests, and nearly all optional tests:
Packages:
- @simplewebauthn/browser@6.0.0
- @simplewebauthn/server@6.0.0
- @simplewebauthn/testing@6.0.0
- @simplewebauthn/typescript-types@6.0.0
Changes:
- [server] Signatures can now be verified with OKP public keys that use the Ed25519 curve and EDDSA algorithm (#256)
- [testing] Version sync
- [typescript-types] Version sync
Breaking Changes
- [server]
verifyAuthenticationResponse()
now returnsPromise<VerifiedAuthenticationResponse>
instead ofVerifiedAuthenticationResponse
(#256)
Update your existing calls to verifyAuthenticationResponse()
to handle the values resolved by the promises, whether with .then()
or await
depending on your code structure:
Before:
const verification = verifyAuthenticationResponse({
// ...
});
After:
const verification = await verifyAuthenticationResponse({
// ...
});
- [browser]
browserSupportsWebauthn()
has been renamed tobrowserSupportsWebAuthn()
(#257)
Update calls to browserSupportsWebauthn()
to capitalize the "A" in "WebAuthn":
Before:
if (browserSupportsWebauthn()) {
// ...
}
After:
if (browserSupportsWebAuthn()) {
// ...
}
v5.4.5
Packages:
- @simplewebauthn/server@5.4.5
Changes:
- [server] Support FIDO Conformance user verification requirements (#254)
To leverage these requirements (as might be the case for RP's seeking FIDO certification), update your calls to verifyAuthenticationResponse()
to replace requireUserVerification
with the new advancedFIDOConfig.userVerification
option:
Before:
const verification = verifyAuthenticationResponse({
// ...
requireUserVerification: true
});
After
const verification = verifyAuthenticationResponse({
// ...
advancedFIDOConfig: {
// UserVerificationRequirement: 'required' | 'preferred' | 'discouraged'
userVerification: 'required',
},
});
Setting advancedFIDOConfig.userVerification
to 'required'
will only require the uv
flag to be true; up
flag may be false
. Setting it to 'preferred'
or 'discouraged'
will allow both up
and uv
to be false
during verification.
- [server] Rename the
devicePublicKey
property on theAuthenticationExtensionsAuthenticatorOutputs
type todevicePubKey
(#243; no one supports this yet so it's not a breaking change)
v5.4.4
v5.4.3
Packages:
- @simplewebauthn/server@5.4.3
Changes:
v5.4.2
v5.4.1
Packages:
- @simplewebauthn/browser@5.4.1
- @simplewebauthn/server@5.4.1
Changes:
v5.4.0
Packages:
- @simplewebauthn/browser@5.4.0
- @simplewebauthn/server@5.4.0
- @simplewebauthn/typescript-types@5.4.0
Changes:
- [server]
verifyRegistrationResponse()
andverifyAuthenticationResponse()
now return authenticator extension data upon successful verification as the newauthenticatorExtensionResults
property (#230) - [browser] Code quality improvements
- [typescript-types] Code quality improvements
v5.3.0
Packages:
- @simplewebauthn/browser@5.3.0
- @simplewebauthn/server@5.3.0
- @simplewebauthn/typescript-types@5.3.0
Changes:
- [browser]
startAuthentication()
now accepts a seconduseBrowserAutofill
boolean argument that sets up support for credential selection via a browser's autofill prompt (a.k.a. Conditional UI). The newbrowserSupportsWebAuthnAutofill()
helper method can be used independently to determine when this feature is supported by the browser (#214) - [browser]
startRegistration()
andstartAuthentication()
will return a newauthenticatorAttachment
value when present that captures whether a cross-platform or platform authenticator was just used (#221) - [typescript-types] A new
PublicKeyCredentialFuture
interface has been added to define new properties currently defined in the WebAuthn L3 spec draft. These new values support the above new functionality until official TypeScript types are updated accordingly (#214, #221) - [typescript-types] A new
"hybrid"
transport has been added toAuthenticatorTransportFuture
while browsers migrate away from the existing"cable"
transport for cross-device auth (#222)