0.4.1.1
- #153 Increase cabal bounds to support up to GHC 9.2
0.4.1.0
- #148 Allow authentication on Safari even though it violates the specification with an empty user handle
- #149 Export constructors for
Crypto.WebAuthn.Encoding.WebAuthnJson
types and derive FromJSON
for all of them
- #151 Fix decoding of packed attestations without a
x5c
CBOR key. This fixes attestation on MacBook Pros with Chrome and TouchID.
0.4.0.0
- #129 Rename and expand
documentation for authentication/registration errors.
- #136 Improve the safety and
remove duplication of the public key interface. More checks are being done
now, preventing invalid public keys from being constructed.
- #140 Introduction of new
serialization-related modules, all reexported via
Crypto.WebAuthn
:
Crypto.WebAuthn.Model.Defaults
for defaults of optional fields
Crypto.WebAuthn.Encoding.Strings
for string serializations of enumerations
Crypto.WebAuthn.Encoding.Binary
for binary serializations
- #140 Backwards-incompatible
changes/fixes regarding serialization:
- Fix unknown
AuthenticatorTransport
values being ignored. This breaks
backwards compatibility when the received AuthenticatorTransport
s are
inspected and stored in the database. Users are encouraged to serialize
individual AuthenticatorTransport
s to strings using the new
encodeAuthenticatorTransport
. The example
server has been
updated to store all encoded AuthenticatorTransport
s as a CBOR-encoded
bytestring in the database, but other schemes to store multiple transports
can also be employed.
- Rename webauthn-json decoding/encoding functions to have a "wj" prefix like
wjEncodeCredentialOptionsRegistration
. The types they interact with have
changed their prefix from IDL
to WJ
as well
- Introduce
wjDecodeCredentialRegistration'
(with a tick) to take a
SupportedAttestationStatementFormats
argument, while the unticked version
doesn't take such an argument anymore. In the future only the unticked
version is expected to stay backwards-compatible.
ccdCrossOrigin
s type was corrected from Bool
to Maybe Bool
, where
Nothing
has the same semantics as Just False
. This is necessary for
compatibility with WebAuthn Level 1 clients, which don't set this field
0.3.0.0
- #125 Some small metadata type
simplifications involving
msUpv
and SomeMetadataEntry
- #126 Decrease lower bounds of
many dependencies including
base
, adding compatibility with GHC 8.8
0.2.0.0
- #115 Increase the upper bound
of the supported Aeson versions, allowing the library to be built with Aeson
2.0. Drop the deriving-aeson dependency.
- #117 Rename and expand
documentation for attestation statement format errors. Some unused errors
were removed.
0.1.1.0
- #111 Support the
transports
field, allowing servers to store information from the browser on how
authenticators were communicated with (e.g. internal, NFC, etc.). When users
log in, this information can then be passed along in Credential
Descriptors,
ensuring that only the transports initially registered as supported by the
authenticator may be used. This is recommended by the standard.
- #112 Decrease lower bounds for
aeson and unordered-containers.