Skip to content

Releases: MasterKale/SimpleWebAuthn

v0.8.0 - The one with better challenges

31 Jul 01:49
@MasterKale MasterKale
v0.8.0
ad53568
Compare
Choose a tag to compare
v0.8.0 - The one with better challenges

Packages:

Changes:

  • [server] The challenge parameter of generateAttestationOptions() and generateAssertionOptions() is now optional.
    • When undefined the library will generate a random challenge. This value will be base64url-encoded in preparation for transit to the front end.
    • When defined the value will be directly encoded to base64url in preparation for transit to the front end.
  • [browser] startAttestation() and startAssertion() now convert the base64url-encoded options.challenge to a buffer before passing it to the authenticator.

Breaking Changes

  • [server] verifyAttestationResponse() and verifyAssertionResponse() now require the base64url-encoded challenge to be passed in as expectedChallenge:

Before:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Raw original value
  expectedChallenge: challenge,
});

After:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  // This is now optional
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Now expected to be the base64url-encoded `challenge` returned
  // by `generateAttestationOptions()`
  expectedChallenge: opts.challenge,
});
Assets 2
Loading

v0.7.4

29 Jul 05:51
@MasterKale MasterKale
v0.7.4
b947952
Compare
Choose a tag to compare
v0.7.4

Packages:

Changes:

  • [browser] Update dependencies
  • [server] Update dependencies
Assets 2
Loading

v0.7.3

29 Jul 05:51
@MasterKale MasterKale
v0.7.3
4183d56
Compare
Choose a tag to compare
v0.7.3

Packages:

Changes:

  • [browser] Add support for UTF-8 values in server challenges
  • [server] Minor performance improvement
Assets 2
Loading

v0.7.2

24 Jul 17:31
@MasterKale MasterKale
v0.7.2
612e620
Compare
Choose a tag to compare
v0.7.2

Packages:

Changes:

  • [server] Added support for specifying a custom array of COSE algorithm identifiers when calling generateAttestationOptions() and verifyAttestationResponse()
  • [browser] Updated README.md with new doc URLs
Assets 2
Loading

v0.7.1

14 Jul 00:10
@MasterKale MasterKale
v0.7.1
023c656
Compare
Choose a tag to compare
v0.7.1

Packages:

Changes:

  • Fixed broken README and Homepage links in package listings on NPMJS.com
Assets 2
Loading

v0.7.0 - The one that passes FIDO conformance testing

13 Jul 02:39
@MasterKale MasterKale
v0.7.0
629ca79
Compare
Choose a tag to compare
v0.7.0 - The one that passes FIDO conformance testing

Packages:

Changes:

  • [server] Add support for TPM attestations
  • [server] Add support for Android Key attestations
  • [server] Add support for authenticator metadata statements and the FIDO Metadata Service (MDS)

Breaking Changes

  • [server] The return type of verifyAttestationResponse() changed from boolean to Promise<boolean>. This was necessary to support querying FIDO MDS for an authenticator metadata statement during attestation verification.
  • [server] The optional requireUserVerification parameter of verifyAssertionResponse() has been replaced with the new optional fidoUserVerification parameter. This enables greater control over user verification when verifying assertions.
Assets 2
Loading

v0.6.1

07 Jun 22:26
@MasterKale MasterKale
v0.6.1
e00cbfb
Compare
Choose a tag to compare
v0.6.1
  • [typescript-types] Update verifyAttestationResponse() options param description.
Assets 2
Loading

v0.6.0 - The one with better response verification

07 Jun 22:14
@MasterKale MasterKale
v0.6.0
2180c77
Compare
Choose a tag to compare
v0.6.0 - The one with better response verification
  • [server] (BREAKING) Server's verifyAttestationResponse() and verifyAssertionResponse() methods now take a single arguments object.
  • [server] These methods now include the ability to require user verification during attestation and assertion verification via the new requireUserVerification argument.
Assets 2
Loading

v0.5.1

06 Jun 00:16
@MasterKale MasterKale
v0.5.1
607fbc9
Compare
Choose a tag to compare
v0.5.1
  • [typescript-types] Re-export AuthenticatorAttestationResponseJSON and AuthenticatorAssertionResponseJSON
Assets 2
Loading

v0.5.0 - The one where browser returns more info

06 Jun 00:18
@MasterKale MasterKale
v0.5.0
8feadcb
Compare
Choose a tag to compare
v0.5.0 - The one where browser returns more info
  • [browser] (BREAKING) Refactor startAttestation() and startAssertion() to return more of the output from the navigator.credentials calls
  • [browser] Replace base64-js dependency with internal functionality
  • [browser, server] Standardize on use of Base64URL encoding when converting to and from JSON
  • [server] (BREAKING) Remove references to "base64" from generateAttestationOptions() and generateAssertionOptions() by renaming the excludedBase64CredentialIDs and allowedBase64CredentialIDs to excludedCredentialIDs and allowedCredentialIDs respectively
  • [typescript-types] (BREAKING) Migrate some non-shared typings into server
Assets 2
Loading