Changelog of @hackage/webauthn 0.5.0.1

0.5.0.1

  • #159 Allow mtl-2.3.1 and support GHC 9.4

0.5.0.0

0.4.1.2

  • #155 Increase cabal bounds for aeson and monad-time to support latest versions from Hackage

0.4.1.1

  • #153 Increase cabal bounds to support up to GHC 9.2

0.4.1.0

  • #148 Allow authentication on Safari even though it violates the specification with an empty user handle
  • #149 Export constructors for Crypto.WebAuthn.Encoding.WebAuthnJson types and derive FromJSON for all of them
  • #151 Fix decoding of packed attestations without a x5c CBOR key. This fixes attestation on MacBook Pros with Chrome and TouchID.

0.4.0.0

  • #129 Rename and expand documentation for authentication/registration errors.
  • #136 Improve the safety and remove duplication of the public key interface. More checks are being done now, preventing invalid public keys from being constructed.
  • #140 Introduction of new serialization-related modules, all reexported via Crypto.WebAuthn:
    • Crypto.WebAuthn.Model.Defaults for defaults of optional fields
    • Crypto.WebAuthn.Encoding.Strings for string serializations of enumerations
    • Crypto.WebAuthn.Encoding.Binary for binary serializations
  • #140 Backwards-incompatible changes/fixes regarding serialization:
    • Fix unknown AuthenticatorTransport values being ignored. This breaks backwards compatibility when the received AuthenticatorTransports are inspected and stored in the database. Users are encouraged to serialize individual AuthenticatorTransports to strings using the new encodeAuthenticatorTransport. The example server has been updated to store all encoded AuthenticatorTransports as a CBOR-encoded bytestring in the database, but other schemes to store multiple transports can also be employed.
    • Rename webauthn-json decoding/encoding functions to have a "wj" prefix like wjEncodeCredentialOptionsRegistration. The types they interact with have changed their prefix from IDL to WJ as well
    • Introduce wjDecodeCredentialRegistration' (with a tick) to take a SupportedAttestationStatementFormats argument, while the unticked version doesn't take such an argument anymore. In the future only the unticked version is expected to stay backwards-compatible.
    • ccdCrossOrigins type was corrected from Bool to Maybe Bool, where Nothing has the same semantics as Just False. This is necessary for compatibility with WebAuthn Level 1 clients, which don't set this field

0.3.0.0

  • #125 Some small metadata type simplifications involving msUpv and SomeMetadataEntry
  • #126 Decrease lower bounds of many dependencies including base, adding compatibility with GHC 8.8

0.2.0.0

  • #115 Increase the upper bound of the supported Aeson versions, allowing the library to be built with Aeson 2.0. Drop the deriving-aeson dependency.
  • #117 Rename and expand documentation for attestation statement format errors. Some unused errors were removed.

0.1.1.0

  • #111 Support the transports field, allowing servers to store information from the browser on how authenticators were communicated with (e.g. internal, NFC, etc.). When users log in, this information can then be passed along in Credential Descriptors, ensuring that only the transports initially registered as supported by the authenticator may be used. This is recommended by the standard.
  • #112 Decrease lower bounds for aeson and unordered-containers.