v8.1.1

Packages

• @simplewebauthn/[email protected]

Changes

• [server] Debug logger output from MetadataService has been disabled
  (#434)

v8.1.0

Packages

• @simplewebauthn/[email protected]

Changes

• [server] The expectedChallenge argument for verifyRegistrationResponse() and
  verifyAuthenticationResponse() methods now also accept asynchronous methods
  (#432, with thanks to @jordanbtucker)

v8.0.2

Packages

• @simplewebauthn/[email protected]

Changes

• [browser] The NPM package now targets ES2021 for support in older browsers like Safari 13.1
  (#429)

v8.0.1

Packages

• @simplewebauthn/[email protected]

Changes

• [server] Node projects with "type": "module" in their package.json will no longer error
  out when trying to use methods that leverage the Crypto APIs
  (#428)

v8.0.0 - Around the (ESM) World

This major release marks the completion of a long journey that started with the release of v7.0.0:
SimpleWebAuthn is now available for use in non-Node projects! 🎉

SimpleWebAuthn debuted in mid-2020 as a combination of libraries aiming to make WebAuthn simpler to
use across browsers and "NodeJS + CommonJS" applications. Since then NodeJS has evolved to gain ESM
support, and additional JavaScript and TypeScript runtimes have debuted that offer ESM-centric,
TypeScript-first alternatives while also implementing Web APIs to offer a more consistent and
capable execution environment for developers.

I've wanted to make this project available to developers using these Node alternatives to help them
get past some of WebAuthn's rough spots. Today I'm happy to announce that this goal has been
achieved! 😌

See the Changes below for more information, as well as additional information on breaking
changes made in this release.

Packages

• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]

Changes

• [server] [typescript-types] SimpleWebAuthn can now also be used in runtimes other than Node.
  Deno is now a first-class runtime for this project alongside Node.
  • The following list of runtimes are officially supported:
    • (Existing) NodeJS using CommonJS
    • (Existing) NodeJS using ECMAScript Modules (ESM)
    • (New) Deno @ https://deno.land/x/simplewebauthn
  • The following list of runtimes are periodically tested but unofficially supported:
    • (New) CloudFlare Workers
    • (New) Bun
• [browser] Version sync

Breaking Changes

• [server] generateRegistrationOptions() and generateAuthenticationOptions() are now
  asynchronous methods. Refactor calls to these methods to handle the Promise that's now returned
  in whatever way is appropriate for your project.
• [server] generateChallenge() (in @simplewebauthn/server/helpers) is now an asynchronous
  method. Refactor calls to this method to handle the Promise that's now returned in whatever way
  is appropriate for your project.

v7.4.0

Packages:

• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]

Changes:

• [browser] [typescript-types] AuthenticatorAttestationResponseJSON now includes additional, optional publicKeyAlgorithm, publicKey, and authenticatorData convenience values that track JSON interface changes in WebAuthn L3 draft (#400)
• [iso-crypto] Version sync
• [server] verifyRegistrationResponse() and verifyAuthenticationResponse() now return the matched origin and RP ID in their to output to help RP's that use the same verification logic with multiple origins and RP ID's understand where a response was generated and for which RP (#415)
• [typescript-types] "smart-card" is now a recognized value for AuthenticatorTransportFuture (#399)

v7.3.1

Packages:

• @simplewebauthn/[email protected]

Changes:

• [server] The AttestationStatement.size property declaration is now more tolerant of older versions of TypeScript
• [server] Declared minimum supported TypeScript version of 4.4+

v7.3.0

Packages:

• @simplewebauthn/[email protected]

Changes:

• [server] Improved signature verification of the latest FIDO MDS JWTs (#390)

v7.2.0

Packages:

• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]
• @simplewebauthn/[email protected]

Changes:

• [server] generateRegistrationOptions() defaults to -8, -7, and -257 for supported public key algorithms (#361)
• [browser] [iso-webcrypto] [server] Users will no longer need to also npm install @simplewebauthn/typescript-types to pull in type definitions when using these libraries (#370)
• [browser] Errors raised by startRegistration() and startAuthentication() now include a code property to help programmatically detect identified errors. A new cause property is also populated that will always include the original error raised by the WebAuthn API call (#367)
• [browser] Aborting conditional UI (i.e. calling startAuthentication(..., true) and then subsequently calling startAuthentication() for modal UI) will now throw an AbortError instead of a string (#371)

v7.1.0

Packages:

• @simplewebauthn/[email protected]

Changes:

• [browser] startRegistration() and startAuthentication() now pass through all NotAllowedError's without trying to interpret what caused them (#353)