@simplewebauthn/types
Advanced tools
Changelog
v10.0.0 - The one that goes up to 20
Thanks for everything, Node 16 and Node 18, but it's time to move on! The headlining change of this release is the targeting of Node LTS v20+ as the minimum Node runtime. Additional developer-centric quality-of-life changes have also been made in the name of streamlining use of SimpleWebAuthn on both the back end and front end.
This release is packed with updates, so buckle up! Refactor advice for breaking changes is, as always, offered below.
user.displayName now defaults to an empty string if a value is not specified for
userDisplayName when calling generateRegistrationOptions()
(#538)browserSupportsWebAuthnAutofill() helper will no longer break in environments
in which PublicKeyCredential is not present
(#557, with thanks to @clarafitzgerald)generateRegistrationOptions() now expects Base64URLString for excluded credential IDsgenerateAuthenticationOptions() now expects Base64URLString for allowed credential IDscredentialID returned from response verification methods is now a Base64URLStringAuthenticatorDevice.credentialID is now a Base64URLStringisoBase64URL.isBase64url() is now called isoBase64URL.isBase64URL()generateRegistrationOptions() now accepts an optional Uint8Array instead of a string for
userIDisoBase64URL.toString() and isoBase64URL.fromString() have been renamedgenerateRegistrationOptions() will now generate random user IDsuser.id is now treated like a base64url string in startRegistration()userHandle is now treated like a base64url string in startAuthentication()rpID is now a required argument when calling generateAuthenticationOptions()
(#555)generateRegistrationOptions() now expects Base64URLString for excluded credential IDsThe isoBase64URL helper can be used to massage Uint8Array credential IDs into base64url strings:
Before
const opts = await generateRegistrationOptions({
// ...
excludeCredentials: devices.map((dev) => ({
id: dev.credentialID, // type: Uint8Array
type: 'public-key',
transports: dev.transports,
})),
});
After
import { isoBase64URL } from '@simplewebauthn/server/helpers';
const opts = await generateRegistrationOptions({
// ...
excludeCredentials: devices.map((dev) => ({
id: isoBase64URL.fromBuffer(dev.credentialID), // type: string
transports: dev.transports,
})),
});
The type argument is no longer needed either.
generateAuthenticationOptions() now expects Base64URLString for allowed credential IDsSimilarly, the isoBase64URL helper can also be used during auth to massage Uint8Array credential
IDs into base64url strings:
Before
const opts = await generateAuthenticationOptions({
// ...
allowCredentials: devices.map((dev) => ({
id: dev.credentialID, // type: Uint8Array
type: 'public-key',
transports: dev.transports,
})),
});
After
import { isoBase64URL } from '@simplewebauthn/server/helpers';
const opts = await generateAuthenticationOptions({
// ...
allowCredentials: devices.map((dev) => ({
id: isoBase64URL.fromBuffer(dev.credentialID), // type: Base64URLString (a.k.a string)
transports: dev.transports,
})),
});
The type argument is no longer needed either.
credentialID returned from response verification methods is now a Base64URLStringIt is no longer necessary to manually stringify credentialID out of response verification methods:
Before
import { isoBase64URL } from '@simplewebauthn/server/helpers';
// Registration
const { verified, registrationInfo } = await verifyRegistrationResponse({ ... });
if (verified && registrationInfo) {
const { credentialID } = registrationInfo;
await storeInDatabase({ credIDString: isoBase64URL.fromBuffer(credentialID), ... });
}
// Authentication
const { verified, authenticationInfo } = await verifyAuthenticationResponse({ ... });
if (verified && authenticationInfo) {
const { newCounter, credentialID } = authenticationInfo;
dbAuthenticator.counter = authenticationInfo.newCounter;
await updateCounterInDatabase({
credIDString: isoBase64URL.fromBuffer(credentialID),
newCounter,
});
}
After
// Registration
const { verified, registrationInfo } = await verifyRegistrationResponse({ ... });
if (verified && registrationInfo) {
const { credentialID } = registrationInfo;
await storeInDatabase({ credIDString: credentialID, ... });
}
// Authentication
const { verified, authenticationInfo } = await verifyAuthenticationResponse({ ... });
if (verified && authenticationInfo) {
const { newCounter, credentialID } = authenticationInfo;
dbAuthenticator.counter = authenticationInfo.newCounter;
await updateCounterInDatabase({ credIDString: credentialID, newCounter });
}
Readme
TypeScript typings for @simplewebauthn/server and @simplewebauthn/browser
This package is available on npm:
npm install @simplewebauthn/types
It is also available for import into Deno projects from deno.land/x:
import {...} from 'https://deno.land/x/simplewebauthn/deno/types.ts';
FAQs
TypeScript types used by the @simplewebauthn series of libraries
The npm package @simplewebauthn/types receives a total of 31,445 weekly downloads. As such, @simplewebauthn/types popularity was classified as popular.
We found that @simplewebauthn/types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team has identified a malicious Python package that is typosquatting the popular crytic-compile utility, frequently used in popular toolkits and development environments for smart contracts and crypto applications.
Security News
NIST updates on the NVD backlog after media reports that over 50% of KEVs were unenriched since mid-February. They've contracted additional support and partnered with CISA to clear the backlog by fiscal year-end.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.