Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(passkey): bump @simplewebauthn/server and @simplewebauthn/browser to v10.0.0 #10996

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
2 changes: 1 addition & 1 deletion apps/examples/nextjs/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"@radix-ui/react-dropdown-menu": "^2.0.5",
"@radix-ui/react-navigation-menu": "^1.1.3",
"@radix-ui/react-slot": "^1.0.2",
"@simplewebauthn/server": "^9.0.3",
"@simplewebauthn/server": "^10.0.0",
"@vercel/kv": "^1.0.1",
"class-variance-authority": "^0.7.0",
"clsx": "^2.0.0",
Expand Down
2 changes: 1 addition & 1 deletion docs/pages/getting-started/authentication/webauthn.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Support for more frameworks and adapters are coming soon.
### Install peer dependencies

```bash npm2yarn
npm install @simplewebauthn/server@9.0.3 @simplewebauthn/browser@9.0.1
npm install @simplewebauthn/server@10.0.0 @simplewebauthn/browser@10.0.0
```

The `@simplewebauthn/browser` peer dependency **is only required for custom signin pages**. If you're using the Auth.js default pages, you can skip installing that peer dependency.
Expand Down
2 changes: 1 addition & 1 deletion docs/pages/getting-started/providers/passkey.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Passkeys are currently supported in the following adapters / framework packages.
### Install peer dependencies

```bash npm2yarn
npm install @simplewebauthn/browser@9.0.1 @simplewebauthn/server@9.0.3
npm install @simplewebauthn/browser@10.0.0 @simplewebauthn/server@10.0.0
```

The `@simplewebauthn/browser` peer dependency is only required for custom signin pages. If you're using the Auth.js default pages, you can skip installing that peer dependency.
Expand Down
6 changes: 3 additions & 3 deletions packages/core/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@
"preact-render-to-string": "5.2.3"
},
"peerDependencies": {
"@simplewebauthn/browser": "^9.0.1",
"@simplewebauthn/server": "^9.0.2",
"@simplewebauthn/browser": "^10.0.0",
"@simplewebauthn/server": "^10.0.0",
"nodemailer": "^6.8.0"
},
"peerDependenciesMeta": {
Expand All @@ -96,7 +96,7 @@
"providers": "node scripts/generate-providers"
},
"devDependencies": {
"@simplewebauthn/browser": "v9.0.0",
"@simplewebauthn/browser": "10.0.0",
"@types/node": "18.11.10",
"@types/nodemailer": "6.4.6",
"@types/react": "18.0.37",
Expand Down
18 changes: 9 additions & 9 deletions packages/core/src/lib/utils/webauthn-utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ type WebAuthnOptionsResponse = ResponseInternal & {
export type CredentialDeviceType = "singleDevice" | "multiDevice"
interface InternalAuthenticator {
providerAccountId: string
credentialID: Uint8Array
credentialID: string
credentialPublicKey: Uint8Array
counter: number
credentialDeviceType: CredentialDeviceType
Expand All @@ -72,8 +72,8 @@ type RGetUserInfo = Awaited<ReturnType<GetUserInfo>>
* Infers the WebAuthn options based on the provided parameters.
*
* @param action - The WebAuthn action to perform (optional).
* @param loggedInUser - The logged-in user (optional).
* @param userInfoResponse - The response containing user information (optional).
* @param loggedIn - Whether the user is logged in or not.
* @param userInfoResponse - The response containing user information.
*
* @returns The WebAuthn action to perform, or null if no inference could be made.
*/
Expand Down Expand Up @@ -371,7 +371,7 @@ export async function verifyRegister(

// Build a new account
const account = {
providerAccountId: toBase64(verification.registrationInfo.credentialID),
providerAccountId: verification.registrationInfo.credentialID,
provider: options.provider.id,
type: provider.type,
}
Expand All @@ -380,7 +380,7 @@ export async function verifyRegister(
const authenticator = {
providerAccountId: account.providerAccountId,
counter: verification.registrationInfo.counter,
credentialID: toBase64(verification.registrationInfo.credentialID),
credentialID: verification.registrationInfo.credentialID,
credentialPublicKey: toBase64(
verification.registrationInfo.credentialPublicKey
),
Expand Down Expand Up @@ -428,7 +428,7 @@ async function getAuthenticationOptions(
...provider.authenticationOptions,
rpID: relayingParty.id,
allowCredentials: authenticators?.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down Expand Up @@ -466,13 +466,13 @@ async function getRegistrationOptions(
// Return the registration options.
return await provider.simpleWebAuthn.generateRegistrationOptions({
...provider.registrationOptions,
userID,
userID: new Uint8Array(Buffer.from(userID)),
userName: user.email,
userDisplayName: user.name ?? undefined,
rpID: relayingParty.id,
rpName: relayingParty.name,
excludeCredentials: authenticators?.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down Expand Up @@ -503,7 +503,7 @@ function fromAdapterAuthenticator(
credentialDeviceType:
authenticator.credentialDeviceType as InternalAuthenticator["credentialDeviceType"],
transports: stringToTransports(authenticator.transports),
credentialID: fromBase64(authenticator.credentialID),
credentialID: authenticator.credentialID,
credentialPublicKey: fromBase64(authenticator.credentialPublicKey),
}
}
Expand Down
2 changes: 1 addition & 1 deletion packages/core/src/providers/passkey.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ import WebAuthn, {
* Install the required peer dependency.
*
* ```bash npm2yarn
* npm install @simplewebauthn/browser@9.0.1
* npm install @simplewebauthn/browser@10.0.0
* ```
*
* #### Configuration
Expand Down
2 changes: 1 addition & 1 deletion packages/core/src/providers/webauthn.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import type {
export type WebAuthnProviderType = "webauthn"

export const DEFAULT_WEBAUTHN_TIMEOUT = 5 * 60 * 1000 // 5 minutes
export const DEFAULT_SIMPLEWEBAUTHN_BROWSER_VERSION: SemverString = "v9.0.1"
export const DEFAULT_SIMPLEWEBAUTHN_BROWSER_VERSION: SemverString = "v10.0.0"

export type RelayingParty = {
/** Relaying Party ID. Use the website's domain name. */
Expand Down
10 changes: 5 additions & 5 deletions packages/core/test/webauthn-utils.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ function prepareVerifyTest(
verified: true,
registrationInfo: {
counter: authenticator.counter,
credentialID: fromBase64(authenticator.credentialID),
credentialID: authenticator.credentialID,
credentialPublicKey: fromBase64(authenticator.credentialPublicKey),
credentialBackedUp: authenticator.credentialBackedUp,
// @ts-expect-error
Expand Down Expand Up @@ -547,7 +547,7 @@ describe("getRegistrationResponse", () => {
userName: user.email,
userDisplayName: user.name,
excludeCredentials: authenticators.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down Expand Up @@ -617,7 +617,7 @@ describe("getRegistrationResponse", () => {
userName: user.email,
userDisplayName: user.name,
excludeCredentials: authenticators.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down Expand Up @@ -739,7 +739,7 @@ describe("getAuthenticationResponse", () => {
...defaultWebAuthnConfig.authenticationOptions,
rpID: rp.id,
allowCredentials: authenticators.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down Expand Up @@ -801,7 +801,7 @@ describe("getAuthenticationResponse", () => {
...defaultWebAuthnConfig.authenticationOptions,
rpID: rp.id,
allowCredentials: authenticators.map((a) => ({
id: fromBase64(a.credentialID),
id: a.credentialID,
type: "public-key",
transports: stringToTransports(a.transports),
})),
Expand Down
4 changes: 2 additions & 2 deletions packages/frameworks-sveltekit/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@
"set-cookie-parser": "^2.6.0"
},
"peerDependencies": {
"@simplewebauthn/browser": "^9.0.1",
"@simplewebauthn/server": "^9.0.3",
"@simplewebauthn/browser": "^10.0.0",
"@simplewebauthn/server": "^10.0.0",
"@sveltejs/kit": "^1.0.0 || ^2.0.0",
"nodemailer": "^6.6.5",
"svelte": "^3.54.0 || ^4.0.0 || ^5"
Expand Down
4 changes: 2 additions & 2 deletions packages/next-auth/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@
"@auth/core": "workspace:*"
},
"peerDependencies": {
"@simplewebauthn/browser": "^9.0.1",
"@simplewebauthn/server": "^9.0.2",
"@simplewebauthn/browser": "^10.0.0",
"@simplewebauthn/server": "^10.0.0",
"next": "^14 || ^15.0.0-0",
"nodemailer": "^6.6.5",
"react": "^18.2.0 || ^19.0.0-0"
Expand Down
Loading
Loading