### 0.4.1.1 * [#153](https://github.com/tweag/webauthn/pull/153) Increase cabal bounds to support up to GHC 9.2 ### 0.4.1.0 * [#148](https://github.com/tweag/webauthn/pull/148) Allow authentication on Safari even though it violates the specification with an empty user handle * [#149](https://github.com/tweag/webauthn/pull/149) Export constructors for `Crypto.WebAuthn.Encoding.WebAuthnJson` types and derive `FromJSON` for all of them * [#151](https://github.com/tweag/webauthn/pull/151) Fix decoding of packed attestations without a `x5c` CBOR key. This fixes attestation on MacBook Pros with Chrome and TouchID. ### 0.4.0.0 * [#129](https://github.com/tweag/webauthn/pull/129) Rename and expand documentation for authentication/registration errors. * [#136](https://github.com/tweag/webauthn/pull/136) Improve the safety and remove duplication of the public key interface. More checks are being done now, preventing invalid public keys from being constructed. * [#140](https://github.com/tweag/webauthn/pull/140) Introduction of new serialization-related modules, all reexported via `Crypto.WebAuthn`: - `Crypto.WebAuthn.Model.Defaults` for defaults of optional fields - `Crypto.WebAuthn.Encoding.Strings` for string serializations of enumerations - `Crypto.WebAuthn.Encoding.Binary` for binary serializations * [#140](https://github.com/tweag/webauthn/pull/140) Backwards-incompatible changes/fixes regarding serialization: - Fix unknown `AuthenticatorTransport` values being ignored. This breaks backwards compatibility when the received `AuthenticatorTransport`s are inspected and stored in the database. Users are encouraged to serialize individual `AuthenticatorTransport`s to strings using the new `encodeAuthenticatorTransport`. The [example server](https://github.com/tweag/webauthn/tree/master/server) has been updated to store all encoded `AuthenticatorTransport`s as a CBOR-encoded bytestring in the database, but other schemes to store multiple transports can also be employed. - Rename webauthn-json decoding/encoding functions to have a "wj" prefix like `wjEncodeCredentialOptionsRegistration`. The types they interact with have changed their prefix from `IDL` to `WJ` as well - Introduce `wjDecodeCredentialRegistration'` (with a tick) to take a `SupportedAttestationStatementFormats` argument, while the unticked version doesn't take such an argument anymore. In the future only the unticked version is expected to stay backwards-compatible. - `ccdCrossOrigin`s type was corrected from `Bool` to `Maybe Bool`, where `Nothing` has the same semantics as `Just False`. This is necessary for compatibility with WebAuthn Level 1 clients, which don't set this field ### 0.3.0.0 * [#125](https://github.com/tweag/webauthn/pull/125) Some small metadata type simplifications involving `msUpv` and `SomeMetadataEntry` * [#126](https://github.com/tweag/webauthn/pull/126) Decrease lower bounds of many dependencies including `base`, adding compatibility with GHC 8.8 ### 0.2.0.0 * [#115](https://github.com/tweag/webauthn/pull/115) Increase the upper bound of the supported Aeson versions, allowing the library to be built with Aeson 2.0. Drop the deriving-aeson dependency. * [#117](https://github.com/tweag/webauthn/pull/117) Rename and expand documentation for attestation statement format errors. Some unused errors were removed. ### 0.1.1.0 * [#111](https://github.com/tweag/webauthn/pull/111) Support the [`transports`](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-transports-slot) field, allowing servers to store information from the browser on how authenticators were communicated with (e.g. internal, NFC, etc.). When users log in, this information can then be passed along in [Credential Descriptors](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialdescriptor), ensuring that only the transports initially registered as supported by the authenticator may be used. This is recommended by the standard. * [#112](https://github.com/tweag/webauthn/pull/112) Decrease lower bounds for aeson and unordered-containers.