@simplewebauthn/server
Advanced tools
Changelog
v6.2.1
Packages:
Changes:
startRegistration()
and startAuthentication()
will now more
reliably cancel the preceding call (#275)Changelog
v6.0.0 - The one with Ed25519 Support
This release also marks the return of the library's ability to pass FIDO Conformance! Adding Ed25519 signature verification (see below) finally allowed the library to pass all required tests, and nearly all optional tests.
Packages:
Changes:
verifyAuthenticationResponse()
now returns
Promise<VerifiedAuthenticationResponse>
instead of VerifiedAuthenticationResponse
(#256)Update your existing calls to verifyAuthenticationResponse()
to handle the values resolved by the
promises, whether with .then()
or await
depending on your code structure:
Before:
const verification = verifyAuthenticationResponse({
// ...
});
After:
const verification = await verifyAuthenticationResponse({
// ...
});
browserSupportsWebauthn()
has been renamed to browserSupportsWebAuthn()
(#257)Update calls to browserSupportsWebauthn()
to capitalize the "A" in "WebAuthn":
Before:
if (browserSupportsWebauthn()) {
// ...
}
After:
if (browserSupportsWebAuthn()) {
// ...
}
Changelog
v5.4.5
Packages:
Changes:
To leverage these requirements (as might be the case for RP's seeking FIDO certification), update
your calls to verifyAuthenticationResponse()
to replace requireUserVerification
with the new
advancedFIDOConfig.userVerification
option:
Before:
const verification = verifyAuthenticationResponse({
// ...
requireUserVerification: true,
});
After
const verification = verifyAuthenticationResponse({
// ...
advancedFIDOConfig: {
// UserVerificationRequirement: 'required' | 'preferred' | 'discouraged'
userVerification: 'required',
},
});
Setting advancedFIDOConfig.userVerification
to 'required'
will only require the uv
flag to be
true; up
flag may be false
. Setting it to 'preferred'
or 'discouraged'
will allow both up
and uv
to be false
during verification.
devicePublicKey
property on the
AuthenticationExtensionsAuthenticatorOutputs
type to devicePubKey
(#243; no one supports this yet so it's
not a breaking change)