Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Versions

1
9

6.3.0-alpha.0

Diff
iamkale
 published 6.3.0-alpha.0 •

6.2.0

Diff
iamkale
 published 6.2.0 •

Changelog

Source

v6.2.0

Packages:

  • @simplewebauthn/server@6.2.0

Changes:

  • [server] The value of the user verification flag is now returned from verifyAuthenticationResponse() as authenticationInfo.userVerified, similar to how verifyRegistrationResponse() currently returns this value (#263)

6.1.0

Diff
iamkale
 published 6.1.0 •

Changelog

Source

v6.1.0

Packages:

  • @simplewebauthn/server@6.1.0

Changes:

  • [server] Improve support for requiring resident keys when targeting WebAuthn L1 (#259)
  • [server] Encourage authenticators to produce Ed25519 credential keypairs when supported (#261)

6.0.0

Diff
iamkale
 published 6.0.0 •

Changelog

Source

v6.0.0 - The one with Ed25519 Support

This release also marks the return of the library's ability to pass FIDO Conformance! Adding Ed25519 signature verification (see below) finally allowed the library to pass all required tests, and nearly all optional tests.

Packages:

  • @simplewebauthn/browser@6.0.0
  • @simplewebauthn/server@6.0.0
  • @simplewebauthn/testing@6.0.0
  • @simplewebauthn/typescript-types@6.0.0

Changes:

  • [server] Signatures can now be verified with OKP public keys that use the Ed25519 curve and EDDSA algorithm (#256)
  • [testing] Version sync
  • [typescript-types] Version sync

Breaking Changes

  • [server] verifyAuthenticationResponse() now returns Promise<VerifiedAuthenticationResponse> instead of VerifiedAuthenticationResponse (#256)

Update your existing calls to verifyAuthenticationResponse() to handle the values resolved by the promises, whether with .then() or await depending on your code structure:

Before:

const verification = verifyAuthenticationResponse({
  // ...
});

After:

const verification = await verifyAuthenticationResponse({
  // ...
});
  • [browser] browserSupportsWebauthn() has been renamed to browserSupportsWebAuthn() (#257)

Update calls to browserSupportsWebauthn() to capitalize the "A" in "WebAuthn":

Before:

if (browserSupportsWebauthn()) {
  // ...
}

After:

if (browserSupportsWebAuthn()) {
  // ...
}

5.4.5

Diff
iamkale
 published 5.4.5 •

Changelog

Source

v5.4.5

Packages:

  • @simplewebauthn/server@5.4.5

Changes:

  • [server] Support FIDO Conformance user verification requirements (#254)

To leverage these requirements (as might be the case for RP's seeking FIDO certification), update your calls to verifyAuthenticationResponse() to replace requireUserVerification with the new advancedFIDOConfig.userVerification option:

Before:

const verification = verifyAuthenticationResponse({
  // ...
  requireUserVerification: true,
});

After

const verification = verifyAuthenticationResponse({
  // ...
  advancedFIDOConfig: {
    // UserVerificationRequirement: 'required' | 'preferred' | 'discouraged'
    userVerification: 'required',
  },
});

Setting advancedFIDOConfig.userVerification to 'required' will only require the uv flag to be true; up flag may be false. Setting it to 'preferred' or 'discouraged' will allow both up and uv to be false during verification.

  • [server] Rename the devicePublicKey property on the AuthenticationExtensionsAuthenticatorOutputs type to devicePubKey (#243; no one supports this yet so it's not a breaking change)

5.4.4

Diff
iamkale
 published 5.4.4 •

Changelog

Source

v5.4.4

Packages:

  • @simplewebauthn/server@5.4.4

Changes:

  • [server] Enhance compliance with current FIDO conformance requirements (#249, #251)
  • [server] Minor performance improvements (#150)

5.4.3

Diff
iamkale
 published 5.4.3 •

Changelog

Source

v5.4.3

Packages:

  • @simplewebauthn/server@5.4.3

Changes:

  • [server] Remove support for the following defunct FIDO metadata authentication algorithms: "rsa_emsa_pkcs1_sha256_raw", "rsa_emsa_pkcs1_sha256_der", "sm2_sm3_raw" (#245)
  • [server] Update remaining FIDO metadata constants to match v2.2 of the FIDO Registry of Predefined Values (#244)

5.4.2

Diff
iamkale
 published 5.4.2 •

Changelog

Source

v5.4.2

Packages:

  • @simplewebauthn/server@5.4.2

Changes:

  • [server] Add support for "rsa_emsa_pkcs1_sha256_raw" and "rsa_emsa_pkcs1_sha256_der" authentication algorithms in FIDO MDS metadata statements (#241)

5.4.1

Diff
iamkale
 published 5.4.1 •

Changelog

Source

v5.4.1

Packages:

  • @simplewebauthn/browser@5.4.1
  • @simplewebauthn/server@5.4.1

Changes:

  • [browser] "type": "module" has been added to package.json to appease modern front end tooling that expects this value to be present when using the ESM build (#237)
  • [server] TPM attestation statement verification now properly verifies statements with ECC public area type (#239)

5.4.0

Diff
iamkale
 published 5.4.0 •

Changelog

Source

v5.4.0

Packages:

  • @simplewebauthn/browser@5.4.0
  • @simplewebauthn/server@5.4.0
  • @simplewebauthn/typescript-types@5.4.0

Changes:

  • [server] verifyRegistrationResponse() and verifyAuthenticationResponse() now return authenticator extension data upon successful verification as the new authenticatorExtensionResults property (#230)
  • [browser] Code quality improvements
  • [typescript-types] Code quality improvements
1
9
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc