Skip to content

Releases: MasterKale/SimpleWebAuthn

v6.2.2

04 Nov 04:02
@MasterKale MasterKale
v6.2.2
ba039fd
This commit was signed with the committer’s verified signature.
MasterKale Matthew Miller
SSH Key Fingerprint: Jvn6a+nBf2s5VcRr+Xw7UKKWTc32Fl0Ol/uC7cKTI3k Learn about vigilant mode.
Compare
Choose a tag to compare
v6.2.2

Packages:

Changes:

  • [browser] browserSupportsWebAuthnAutofill() no longer supports the old Chrome Canary way of testing for conditional UI support (#298)
  • [server] Version sync
Assets 2
Loading

v6.2.1

29 Sep 04:56
@MasterKale MasterKale
v6.2.1
f560ccb
This commit was signed with the committer’s verified signature.
MasterKale Matthew Miller
SSH Key Fingerprint: Jvn6a+nBf2s5VcRr+Xw7UKKWTc32Fl0Ol/uC7cKTI3k Learn about vigilant mode.
Compare
Choose a tag to compare
v6.2.1

Packages:

Changes:

  • [browser] Multiple calls to startRegistration() and startAuthentication() will now more reliably cancel the preceding call (#275)
  • [server] Version sync
  • [testing] Version sync
  • [typescript-types] Version sync
Assets 2
Loading

v6.2.0

22 Aug 22:40
@MasterKale MasterKale
v6.2.0
b0aa153
Compare
Choose a tag to compare
v6.2.0

Packages:

Changes:

  • [server] The value of the user verification flag is now returned from verifyAuthenticationResponse() as authenticationInfo.userVerified, similar to how verifyRegistrationResponse() currently returns this value.
Assets 2
Loading

v6.1.0

22 Aug 22:39
@MasterKale MasterKale
v6.1.0
865a444
Compare
Choose a tag to compare
v6.1.0

Packages:

Changes:

  • [server] Improve support for requiring resident keys when targeting WebAuthn L1 (#259)
  • [server] Encourage authenticators to produce Ed25519 credential keypairs when supported (#261)
Assets 2
Loading

v6.0.0 - The one with Ed25519 Support

17 Aug 06:17
@MasterKale MasterKale
v6.0.0
95cb210
Compare
Choose a tag to compare
v6.0.0 - The one with Ed25519 Support

This release marks the return of the library's ability to pass FIDO Conformance 🎉

Adding Ed25519 signature verification (see below) finally allowed the library to pass all required tests, and nearly all optional tests:

Screen Shot 2022-08-16 at 12 22 11 AM
Screen Shot 2022-08-16 at 12 24 39 AM

Packages:

Changes:

  • [server] Signatures can now be verified with OKP public keys that use the Ed25519 curve and EDDSA algorithm (#256)
  • [testing] Version sync
  • [typescript-types] Version sync

Breaking Changes

  • [server] verifyAuthenticationResponse() now returns Promise<VerifiedAuthenticationResponse> instead of VerifiedAuthenticationResponse (#256)

Update your existing calls to verifyAuthenticationResponse() to handle the values resolved by the promises, whether with .then() or await depending on your code structure:

Before:

const verification = verifyAuthenticationResponse({
  // ...
});

After:

const verification = await verifyAuthenticationResponse({
  // ...
});
  • [browser] browserSupportsWebauthn() has been renamed to browserSupportsWebAuthn() (#257)

Update calls to browserSupportsWebauthn() to capitalize the "A" in "WebAuthn":

Before:

if (browserSupportsWebauthn()) {
  // ...
}

After:

if (browserSupportsWebAuthn()) {
  // ...
}
Assets 2
Loading

v5.4.5

16 Aug 04:49
@MasterKale MasterKale
v5.4.5
d5fbeb3
Compare
Choose a tag to compare
v5.4.5

Packages:

Changes:

  • [server] Support FIDO Conformance user verification requirements (#254)

To leverage these requirements (as might be the case for RP's seeking FIDO certification), update your calls to verifyAuthenticationResponse() to replace requireUserVerification with the new advancedFIDOConfig.userVerification option:

Before:

const verification = verifyAuthenticationResponse({
  // ...
  requireUserVerification: true
});

After

const verification = verifyAuthenticationResponse({
  // ...
  advancedFIDOConfig: {
    // UserVerificationRequirement: 'required' | 'preferred' | 'discouraged'
    userVerification: 'required',
  },
});

Setting advancedFIDOConfig.userVerification to 'required' will only require the uv flag to be true; up flag may be false. Setting it to 'preferred' or 'discouraged' will allow both up and uv to be false during verification.

  • [server] Rename the devicePublicKey property on the AuthenticationExtensionsAuthenticatorOutputs type to devicePubKey (#243; no one supports this yet so it's not a breaking change)
Assets 2
Loading

v5.4.4

16 Aug 03:33
@MasterKale MasterKale
v5.4.4
9c05ec5
Compare
Choose a tag to compare
v5.4.4

Packages:

Changes:

  • [server] Enhance compliance with current FIDO conformance requirements (#249, #251)
  • [server] Minor performance improvements (#150)
Assets 2
Loading

v5.4.3

11 Aug 06:23
@MasterKale MasterKale
v5.4.3
bee3aef
Compare
Choose a tag to compare
v5.4.3

Packages:

Changes:

  • [server] Remove support for the following defunct FIDO metadata authentication algorithms: "rsa_emsa_pkcs1_sha256_raw", "rsa_emsa_pkcs1_sha256_der", "sm2_sm3_raw" (#245)
  • [server] Update remaining FIDO metadata constants to match v2.2 of the FIDO Registry of Predefined Values (#244)
Assets 2
Loading

v5.4.2

08 Aug 23:36
@MasterKale MasterKale
v5.4.2
a79e3d3
Compare
Choose a tag to compare
v5.4.2

Packages:

Changes:

  • [server] Add support for "rsa_emsa_pkcs1_sha256_raw" and "rsa_emsa_pkcs1_sha256_der" authentication algorithms in FIDO MDS metadata statements (#241)
Assets 2
Loading

v5.4.1

06 Aug 05:39
@MasterKale MasterKale
v5.4.1
3a673b2
Compare
Choose a tag to compare
v5.4.1

Packages:

Changes:

  • [browser] "type": "module" has been added to package.json to appease modern front end tooling that expects this value to be present when using the ESM build (#237)
  • [server] TPM attestation statement verification now properly verifies statements with ECC public area type (#239)
Assets 2
Loading