Skip to content

Pre-release 1.5.0-RC1

Pre-release
Pre-release
Compare
Choose a tag to compare
@emlun emlun released this 16 Oct 16:02
1.5.0-RC1
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Learn about vigilant mode.
72bff0f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes:

  • RelyingParty now makes an immutable copy of the origins argument, instead of storing a reference to a possibly mutable value.
  • The enum AuthenticatorTransport has been replaced by a value class containing methods and value constants equivalent to the previous enum.
  • The return type of PublicKeyCredentialDescriptor.getTransports() is now a SortedSet instead of Set. The builder still accepts a plain Set.
  • Registration ceremony now verifies that the returned credential public key matches one of the algorithms specified in RelyingParty.preferredPubkeyParams and can be successfully parsed.

New features:

  • Origin matching can now be relaxed via two new RelyingParty options:
    • allowOriginPort (default false): Allow any port number in the origin
    • allowOriginSubdomain (default false): Allow any subdomain of any origin listed in RelyingParty.origins
    • See JavaDoc for details and examples.
  • The new AuthenticatorTransport can now contain any string value as the transport identifier, as required in the editor's draft of the L2 spec. See: w3c/webauthn#1275
  • Added support for RS1 credentials. Registration of RS1 credentials is not enabled by default, but can be enabled by setting RelyingParty.preferredPubKeyCredParams to a list containing PublicKeyCredentialParameters.RS1.
    • New constant PublicKeyCredentialParameters.RS1
    • New constant COSEAlgorithmIdentifier.RS1

Artifacts built with JDK 11.

Assets 4
Loading