Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
87
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Versions

1
9

6.3.0-alpha.1

Diff

iamkale
published 6.2.1 •

Changelog

Source

v6.2.1

Packages:

  • @simplewebauthn/browser@6.2.1
  • @simplewebauthn/server@6.2.1
  • @simplewebauthn/testing@6.2.1
  • @simplewebauthn/typescript-types@6.2.1

Changes:

  • [browser] Multiple calls to startRegistration() and startAuthentication() will now more reliably cancel the preceding call (#275)
  • [server] Version sync
  • [testing] Version sync
  • [typescript-types] Version sync
iamkale
published 6.3.0-alpha.0 •

iamkale
published 6.2.0 •

Changelog

Source

v6.2.0

Packages:

  • @simplewebauthn/server@6.2.0

Changes:

  • [server] The value of the user verification flag is now returned from verifyAuthenticationResponse() as authenticationInfo.userVerified, similar to how verifyRegistrationResponse() currently returns this value (#263)
iamkale
published 6.1.0 •

Changelog

Source

v6.1.0

Packages:

  • @simplewebauthn/server@6.1.0

Changes:

  • [server] Improve support for requiring resident keys when targeting WebAuthn L1 (#259)
  • [server] Encourage authenticators to produce Ed25519 credential keypairs when supported (#261)
iamkale
published 6.0.0 •

Changelog

Source

v6.0.0 - The one with Ed25519 Support

This release also marks the return of the library's ability to pass FIDO Conformance! Adding Ed25519 signature verification (see below) finally allowed the library to pass all required tests, and nearly all optional tests.

Packages:

  • @simplewebauthn/browser@6.0.0
  • @simplewebauthn/server@6.0.0
  • @simplewebauthn/testing@6.0.0
  • @simplewebauthn/typescript-types@6.0.0

Changes:

  • [server] Signatures can now be verified with OKP public keys that use the Ed25519 curve and EDDSA algorithm (#256)
  • [testing] Version sync
  • [typescript-types] Version sync

Breaking Changes

  • [server] verifyAuthenticationResponse() now returns Promise<VerifiedAuthenticationResponse> instead of VerifiedAuthenticationResponse (#256)

Update your existing calls to verifyAuthenticationResponse() to handle the values resolved by the promises, whether with .then() or await depending on your code structure:

Before:

const verification = verifyAuthenticationResponse({
  // ...
});

After:

const verification = await verifyAuthenticationResponse({
  // ...
});
  • [browser] browserSupportsWebauthn() has been renamed to browserSupportsWebAuthn() (#257)

Update calls to browserSupportsWebauthn() to capitalize the "A" in "WebAuthn":

Before:

if (browserSupportsWebauthn()) {
  // ...
}

After:

if (browserSupportsWebAuthn()) {
  // ...
}
iamkale
published 5.4.5 •

Changelog

Source

v5.4.5

Packages:

  • @simplewebauthn/server@5.4.5

Changes:

  • [server] Support FIDO Conformance user verification requirements (#254)

To leverage these requirements (as might be the case for RP's seeking FIDO certification), update your calls to verifyAuthenticationResponse() to replace requireUserVerification with the new advancedFIDOConfig.userVerification option:

Before:

const verification = verifyAuthenticationResponse({
  // ...
  requireUserVerification: true,
});

After

const verification = verifyAuthenticationResponse({
  // ...
  advancedFIDOConfig: {
    // UserVerificationRequirement: 'required' | 'preferred' | 'discouraged'
    userVerification: 'required',
  },
});

Setting advancedFIDOConfig.userVerification to 'required' will only require the uv flag to be true; up flag may be false. Setting it to 'preferred' or 'discouraged' will allow both up and uv to be false during verification.

  • [server] Rename the devicePublicKey property on the AuthenticationExtensionsAuthenticatorOutputs type to devicePubKey (#243; no one supports this yet so it's not a breaking change)
iamkale
published 5.4.4 •

Changelog

Source

v5.4.4

Packages:

  • @simplewebauthn/server@5.4.4

Changes:

  • [server] Enhance compliance with current FIDO conformance requirements (#249, #251)
  • [server] Minor performance improvements (#150)
iamkale
published 5.4.3 •

Changelog

Source

v5.4.3

Packages:

  • @simplewebauthn/server@5.4.3

Changes:

  • [server] Remove support for the following defunct FIDO metadata authentication algorithms: "rsa_emsa_pkcs1_sha256_raw", "rsa_emsa_pkcs1_sha256_der", "sm2_sm3_raw" (#245)
  • [server] Update remaining FIDO metadata constants to match v2.2 of the FIDO Registry of Predefined Values (#244)
iamkale
published 5.4.2 •

Changelog

Source

v5.4.2

Packages:

  • @simplewebauthn/server@5.4.2

Changes:

  • [server] Add support for "rsa_emsa_pkcs1_sha256_raw" and "rsa_emsa_pkcs1_sha256_der" authentication algorithms in FIDO MDS metadata statements (#241)
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc