Skip to content

Releases: MasterKale/SimpleWebAuthn

v1.0.0 - The one that gets things out of "Beta"

05 Feb 17:34
@MasterKale MasterKale
v1.0.0
0ae2283
Compare
Choose a tag to compare
v1.0.0 - The one that gets things out of "Beta"

Packages:

Changes:

  • [server] Add support for multiple expected origins and RP IDs in verifyAttestationResponse() and verifyAssertionResponse()
  • [server] Update generateAttestationOptions() to force legacy authenticatorSelection.requireResidentKey to true when authenticatorSelection.residentKey is "required" (as per L2 of the WebAuthn spec)
  • [typescript-types] Update AuthenticatorDevice type with optional transports property
  • [browser] Version sync
  • [testing] Version sync

Breaking Changes

There are no breaking changes in this release. Several recent minor changes presented an opportunity to release a "v1.0". I'd received enough positive feedback about SimpleWebAuthn and noticed growing usage which granted me the confidence to take advantage of this opportunity.

And perhaps this will give the project more legitimacy in the eyes of larger organizations wishing to use it but waiting for the libraries to "get out of beta"...

Assets 2
Loading

v0.10.4

01 Dec 23:37
@MasterKale MasterKale
v0.10.4
9a360dd
Compare
Choose a tag to compare
v0.10.4

Packages:

Changes:

  • [server] Unpin dependency versions
  • [server] Upgrade dependencies and devDependencies
  • [typescript-types] Pull in TypeScript DOM lib types on build
  • [docs] Upgrade TypeDoc for better API docs
Assets 2
Loading

v0.10.3

19 Oct 16:27
@MasterKale MasterKale
v0.10.3
c7859df
Compare
Choose a tag to compare
v0.10.3

Packages:

Changes:

  • [server] Add optional rpID argument to generateAssertionOptions()
Assets 2
Loading

v0.10.2

12 Oct 21:23
@MasterKale MasterKale
v0.10.2
c47cc9b
Compare
Choose a tag to compare
v0.10.2

Packages:

Changes:

  • [server] Update ASN.1 parsing libraries to latest releases
Assets 2
Loading

v0.10.1

08 Oct 05:59
@MasterKale MasterKale
v0.10.1
3d68818
Compare
Choose a tag to compare
v0.10.1

Packages:

Changes:

  • [server] Pin third-party package versions
Assets 2
Loading

v0.10.0 - The one you can use your face with

08 Oct 05:45
@MasterKale MasterKale
v0.10.0
30839ed
Compare
Choose a tag to compare
v0.10.0 - The one you can use your face with

Packages:

Changes:

  • [server] Add support for "apple" attestations to support iOS Face ID and Touch ID
  • [server] [browser] Enable specifying transports per credential for allowCredentials and excludeCredentials
  • [browser] Return authenticator's transports (when available) as transports in response from startAttestation()
  • [typescript-types] Add new AuthenticatorAttestationResponseFuture type for better typing of credential response methods (getTransports(), getAuthenticatorData(), etc...)

Breaking Changes

  • [server] Existing implementations of generateAttestationOptions() and generateAssertionOptions() must be updated to specify credentials with their own transports:

generateAttestationOptions()

// OLD
const options = generateAttestationOptions({
  excludedCredentialIDs: devices.map(dev => dev.credentialID),
  suggestedTransports: ['usb', 'ble', 'nfc', 'internal'],
});

// NEW
const options = generateAttestationOptions({
  excludeCredentials: devices.map(dev => ({
    id: dev.credentialID,
    type: 'public-key',
    transports: dev.transports,
  })),
});

generateAssertionOptions()

// OLD
const options = generateAssertionOptions({
  allowedCredentialIDs: user.devices.map(dev => dev.credentialID),
  suggestedTransports: ['usb', 'ble', 'nfc', 'internal'],
});

// NEW
const options = generateAssertionOptions({
  allowCredentials: devices.map(dev => ({
    id: dev.credentialID,
    type: 'public-key',
    transports: dev.transports,
  })),
});
Assets 2
Loading

v0.9.1

08 Oct 05:44
@MasterKale MasterKale
v0.9.1
6e7ebe0
Compare
Choose a tag to compare
v0.9.1

Packages:

Changes:

  • [server] Third-party package security update
Assets 2
Loading

v0.9.0 - The one that knows RSA from EC2

10 Sep 06:22
@MasterKale MasterKale
v0.9.0
c6c147f
Compare
Choose a tag to compare
v0.9.0 - The one that knows RSA from EC2

Packages:

Changes:

  • [server] Add support for attestations and assertions containing RSA public keys.
  • [browser] Version sync.
  • [typescript-types] Version sync.

Breaking Changes

  • [server] authenticatorInfo.base64PublicKey returned by verifyAttestationResponse() is now the entire public key buffer instead of a pared down form of it (it's still returned base64url-encoded). This helps ensure support for existing public keys, as well as future public key formats that may be introduced in the future. Public keys previously returned by this method must be upgraded via this "upgrader" script to work with future assertions.
  • [server] The serviceName argument for generateAttestationOptions() has been renamed to rpName. This brings it in line with the existing rpID argument and maps more obviously to its respective property within the returned options.
Assets 2
Loading

v0.8.2

12 Aug 05:41
@MasterKale MasterKale
v0.8.2
3a9bff5
Compare
Choose a tag to compare
v0.8.2

Packages:

Changes:

  • [server] Return explicit defaults for authenticatorSelection in return value from generateAttestationOptions() for enhanced device compatibility.
  • [browser] Version sync.
  • [typescript-types] Version sync.
Assets 2
Loading

v0.8.1

12 Aug 05:41
@MasterKale MasterKale
v0.8.1
5ddb5e0
Compare
Choose a tag to compare
v0.8.1

Packages:

Changes:

  • [server] Stop filtering out algorithm ID's from supportedAlgorithmIDs when calling generateAttestationOptions()
  • [server] Fix a bug when verifying TPM attestation extensions
Assets 2
Loading