- Added: support for controlling generated credential's ID length to passkey-authenticator (#49)
- Added: support for signature counters
- ⚠ BREAKING: Add
update_credentialfunction toCredentialStore(#23). - Add
make_credentials_with_signature_countertoAuthenticator.
- ⚠ BREAKING: Add
- ⚠ BREAKING: Merge functions in
UserValidationMethod(#24)- Removed:
UserValidationMethod::check_user_presence - Removed:
UserValidationMethod::check_user_verification - Added:
UserValidationMethod::check_user. This function now performs both user presence and user verification checks. The function now also returns which validations were performed, even if they were not requested.
- Removed:
- Added: Support for discoverable credentials
- ⚠ BREAKING: Added:
CredentialStore::get_infowhich returnsStoreInfocontainingDiscoverabilitySupport. - ⚠ BREAKING: Changed:
CredentialStore::save_credentialnow also takesOptions. - Changed:
Authenticator::make_credentialsnow returns an error if a discoverable credential was requested but not supported by the store.
- ⚠ BREAKING: Added:
- Changed: The
Clientno longer hardcodes the UV value sent to theAuthenticator(#22). - Changed: The
Clientno longer hardcodes the RK value sent to theAuthenticator(#27). - The client now supports additional user-defined properties in the client data, while also clarifying how the client
handles client data and its hash.
- ⚠ BREAKING: Changed:
registerandauthenticatetakeClientData<E>instead ofOption<Vec<u8>>. - ⚠ BREAKING: Changed: Custom client data hashes are now specified using
DefaultClientDataWithCustomHash(Vec<u8>)instead ofSome(Vec<u8>). - Added: Additional fields can be added to the client data using
DefaultClientDataWithExtra(ExtraData).
- ⚠ BREAKING: Changed:
- Added: The
Clientnow has the ability to adjust the response for quirky relying parties when a fully featured response would break their server side validation. (#31) - ⚠ BREAKING: Added the
Originenum which is now the origin parameter for the following methods (#32):Client::registertakes animpl Into<Origin>instead of a&UrlClient::authenticatetakes animpl Into<Origin>instead of a&UrlRpIdValidator::assert_domaintakes an&Origininstead of a&Url
- ⚠ BREAKING: The collected client data will now have the android app signature as the origin when a request comes from an app directly. (#32)
CollectedClientDatais now generic and supports additional strongly typed fields. (#28)- Changed:
CollectedClientDatahas changed toCollectedClientData<E = ()>
- Changed:
- The
Clientnow returnsCredProps::rkdepending on the authenticator's capabilities. (#29) - ⚠ BREAKING: Rename webauthn extension outputs to be consistent with inputs. (#33)
- ⚠ BREAKING: Create new extension inputs for the CTAP authenticator inputs. (#33)
- ⚠ BREAKING: Add unsigned extension outputs for the CTAP authenticator outputs. (#34)
- ⚠ BREAKING: Add ability for
Passkeyto store associated extension data. (#36) - ⚠ BREAKING: Change version and extension information in
ctap2::get_infofrom strings to enums. (#39) - ⚠ BREAKING: Add missing CTAP2.1 fields to
make_credential::Responseandget_assertion::Response. (#39) - Make the
PublicKeyCredentialoutputs equatable in swift. (#39)
Most of these changes are adding fields to structs which are breaking changes due to the current lack of builder methods for these types. Due to this, additions of fields to structs or variants to enums won't be marked as breaking in this release's notes. Other types of breaking changes will be explicitly called out.
- ⚠ BREAKING: Update
bitflagsfrom v1 to v2. This meansctap2::Flagsno longer implementPartialOrd,OrdandHashas those traits aren't applicable. - Added a
transportsfield toctap2::get_info::Response - Changes in
webauthn::PublicKeyCredential:- ⚠ BREAKING:
authenticator_attachmentis now optional - ⚠ BREAKING:
client_extension_results's type has been renamed fromAuthenticationExtensionsClientOutputstoAuthenticatorExtensionsClientOutputs
- ⚠ BREAKING:
- Changes for
webauthn::PublicKeyCredentialRequestOptions:timeoutnow supports deserializing from a stringified numberuser_verificationwill now ignore unknown values instead of returning an error on deserialization- Add
hintsfield (#9) - Add
attestationandattestation_formatsfields
- Changes for
webauthn::AuthenticatorAssertionResponse- Add
attestation_objectfield
- Add
- Changes for
webauthn::PublicKeyCredentialCreationOptions:timeoutnow supports deserializing from a stringified number- Add
hintsfield (#9) - Add
attestation_formatsfield
- Fix
webauthn::CollectedClientDataJSON serialization to correctly follow the spec. (#6)- Add
unknown_keysfield - Always serializes
cross_originwith a boolean even if it is set toNone - ⚠ BREAKING: Remove from
#[typeshare]generation as#[serde(flatten)]onunknown_keysis not supported.
- Add
- Add
webauthn::ClientDataType::PaymentGetvariant. - Make all enums with unit variants
Clone,Copy,PartialEqandEq - Add support for the
CredPropsextension withauthenticatorDisplayName
- Add
Authenticator::transports(Vec<AuthenticatorTransport>)builder method for customizing the transports during credential creation. The default isinternalandhybrid. - Add
Authenticator:{set_display_name, display_name}methods for setting a display name for theCredPropsextension'sauthenticatorDisplayName. - Update
p256to version0.13 - Update
signatureto version2
- Add
WebauthnError::is_vendor_error()for verifying if the internal CTAP error was in the range ofpasskey_types::ctap2::VendorError - Break out Rp Id verification from the
Clientinto its ownRpIdVerifierwhich it now uses internally. This allows the use ofRpIdVerifier::assert_domainpublicly now instead of it being a private method to client without the need for everything else the client needs. Client::registernow handlesCredPropsextension requests.- Update
idnato version0.5
- Update the public suffix list