Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@simplewebauthn/server
Advanced tools
@simplewebauthn/server - npm Package Compare versions
Comparing version 6.0.0 to 6.1.0
@@ -15,6 +15,6 @@ "use strict"; | ||
| exports.supportedCOSEAlgorithmIdentifiers = [ | ||
| // EdDSA (In first position to encourage authenticators to use this over ES256) | ||
| -8, | ||
| // ECDSA w/ SHA-256 | ||
| -7, | ||
| // EdDSA | ||
| -8, | ||
| // ECDSA w/ SHA-512 | ||
@@ -84,12 +84,33 @@ -36, | ||
| /** | ||
| * "Relying Parties SHOULD set [requireResidentKey] to true if, and only if, residentKey is set | ||
| * to "required"" | ||
| * | ||
| * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey | ||
| * Capture some of the nuances of how `residentKey` and `requireResidentKey` how either is set | ||
| * depending on when either is defined in the options | ||
| */ | ||
| if (authenticatorSelection.residentKey === 'required') { | ||
| authenticatorSelection.requireResidentKey = true; | ||
| if (authenticatorSelection.residentKey === undefined) { | ||
| /** | ||
| * `residentKey`: "If no value is given then the effective value is `required` if | ||
| * requireResidentKey is true or `discouraged` if it is false or absent." | ||
| * | ||
| * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-residentkey | ||
| */ | ||
| if (authenticatorSelection.requireResidentKey) { | ||
| authenticatorSelection.residentKey = 'required'; | ||
| } | ||
| else { | ||
| /** | ||
| * FIDO Conformance v1.7.2 fails the first test if we do this, even though this is | ||
| * technically compatible with the WebAuthn L2 spec... | ||
| */ | ||
| // authenticatorSelection.residentKey = 'discouraged'; | ||
| } | ||
| } | ||
| else { | ||
| authenticatorSelection.requireResidentKey = false; | ||
| /** | ||
| * `requireResidentKey`: "Relying Parties SHOULD set it to true if, and only if, residentKey is | ||
| * set to "required"" | ||
| * | ||
| * Spec says this property defaults to `false` so we should still be okay to assign `false` too | ||
| * | ||
| * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey | ||
| */ | ||
| authenticatorSelection.requireResidentKey = authenticatorSelection.residentKey === 'required'; | ||
| } | ||
@@ -96,0 +117,0 @@ return { |
| { | ||
| "name": "@simplewebauthn/server", | ||
| "version": "6.0.0", | ||
| "version": "6.1.0", | ||
| "description": "SimpleWebAuthn for Servers", | ||
@@ -61,3 +61,3 @@ "main": "dist/index.js", | ||
| }, | ||
| "gitHead": "95cb2107d15ae15994367cc99040720ae186c9bd", | ||
| "gitHead": "865a44488e6ab6cda3ab2332008cd2609e24dfed", | ||
| "devDependencies": { | ||
@@ -64,0 +64,0 @@ "@types/cbor": "^5.0.1", |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.46%
264983
- Lines of code
- increased by0.5%
4191
No dependency changes