SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.

MIT License

Downloads
2.4M
Stars
1.3K
Committers
23
View Code on GitHub Visit Website View on X
Ecosystems: TypeScript, Deno, Node.js

Bot releases are visible (Hide)

SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] Third-party package security update
SimpleWebAuthn - v0.9.0 - The one that knows RSA from EC2

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] Add support for attestations and assertions containing RSA public keys.
  • [browser] Version sync.
  • [typescript-types] Version sync.

Breaking Changes

  • [server] authenticatorInfo.base64PublicKey returned by verifyAttestationResponse() is now the entire public key buffer instead of a pared down form of it (it's still returned base64url-encoded). This helps ensure support for existing public keys, as well as future public key formats that may be introduced in the future. Public keys previously returned by this method must be upgraded via this "upgrader" script to work with future assertions.
  • [server] The serviceName argument for generateAttestationOptions() has been renamed to rpName. This brings it in line with the existing rpID argument and maps more obviously to its respective property within the returned options.
SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] Return explicit defaults for authenticatorSelection in return value from generateAttestationOptions() for enhanced device compatibility.
  • [browser] Version sync.
  • [typescript-types] Version sync.
SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] Stop filtering out algorithm ID's from supportedAlgorithmIDs when calling generateAttestationOptions()
  • [server] Fix a bug when verifying TPM attestation extensions
SimpleWebAuthn - v0.8.0 - The one with better challenges

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] The challenge parameter of generateAttestationOptions() and generateAssertionOptions() is now optional.
    • When undefined the library will generate a random challenge. This value will be base64url-encoded in preparation for transit to the front end.
    • When defined the value will be directly encoded to base64url in preparation for transit to the front end.
  • [browser] startAttestation() and startAssertion() now convert the base64url-encoded options.challenge to a buffer before passing it to the authenticator.

Breaking Changes

  • [server] verifyAttestationResponse() and verifyAssertionResponse() now require the base64url-encoded challenge to be passed in as expectedChallenge:

Before:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Raw original value
  expectedChallenge: challenge,
});

After:

const challenge = 'someChallenge';

const opts = generateAttestationOptions({
  ...atteOpts,
  // This is now optional
  challenge,
});

const verification = verifyAttestationResponse({
  ...atteResp,
  // Now expected to be the base64url-encoded `challenge` returned
  // by `generateAttestationOptions()`
  expectedChallenge: opts.challenge,
});
SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [browser] Update dependencies
  • [server] Update dependencies
SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [browser] Add support for UTF-8 values in server challenges
  • [server] Minor performance improvement
SimpleWebAuthn -

Published by MasterKale about 4 years ago

Packages:

Changes:

  • [server] Added support for specifying a custom array of COSE algorithm identifiers when calling generateAttestationOptions() and verifyAttestationResponse()
  • [browser] Updated README.md with new doc URLs
SimpleWebAuthn - v0.7.1

Published by MasterKale over 4 years ago

Packages:

Changes:

  • Fixed broken README and Homepage links in package listings on NPMJS.com
SimpleWebAuthn - v0.7.0 - The one that passes FIDO conformance testing

Published by MasterKale over 4 years ago

Packages:

Changes:

  • [server] Add support for TPM attestations
  • [server] Add support for Android Key attestations
  • [server] Add support for authenticator metadata statements and the FIDO Metadata Service (MDS)

Breaking Changes

  • [server] The return type of verifyAttestationResponse() changed from boolean to Promise<boolean>. This was necessary to support querying FIDO MDS for an authenticator metadata statement during attestation verification.
  • [server] The optional requireUserVerification parameter of verifyAssertionResponse() has been replaced with the new optional fidoUserVerification parameter. This enables greater control over user verification when verifying assertions.
SimpleWebAuthn -

Published by MasterKale over 4 years ago

  • [typescript-types] Update verifyAttestationResponse() options param description.
SimpleWebAuthn - v0.6.0 - The one with better response verification

Published by MasterKale over 4 years ago

  • [server] (BREAKING) Server's verifyAttestationResponse() and verifyAssertionResponse() methods now take a single arguments object.
  • [server] These methods now include the ability to require user verification during attestation and assertion verification via the new requireUserVerification argument.
SimpleWebAuthn - v0.5.0 - The one where browser returns more info

Published by MasterKale over 4 years ago

  • [browser] (BREAKING) Refactor startAttestation() and startAssertion() to return more of the output from the navigator.credentials calls
  • [browser] Replace base64-js dependency with internal functionality
  • [browser, server] Standardize on use of Base64URL encoding when converting to and from JSON
  • [server] (BREAKING) Remove references to "base64" from generateAttestationOptions() and generateAssertionOptions() by renaming the excludedBase64CredentialIDs and allowedBase64CredentialIDs to excludedCredentialIDs and allowedCredentialIDs respectively
  • [typescript-types] (BREAKING) Migrate some non-shared typings into server
SimpleWebAuthn -

Published by MasterKale over 4 years ago

  • [typescript-types] Re-export AuthenticatorAttestationResponseJSON and AuthenticatorAssertionResponseJSON
Package Rankings
Top 1.5% on Npmjs.org
Top 5.88% on Deno.land
Badges
Extracted from project README
npm (scoped)
Related Projects
neonode-oss-quick-starter

Node.js/TypeScript starter kit optimized for seamless development and deployment, powered by Neon...

23 Aug 2024 4
typescript-webpack-starter

⚡ create-ts-lib: A Starter Kit and a CLI to create your TypeScript / ES6 module bundled by Webpac...

08 Aug 2016 374
ts-package-starter

A universal TypeScript package template for creating libraries compatible with React, Node.js, an...

31 Jul 2024 1
node-express-mongodb-jwt-rest-api-skeleton

This is a basic API REST skeleton written on JavaScript using async/await. Great for building a s...

11 Sep 2018 898
discordeno

Discord API library for Node and Deno

07 Feb 2020 784
express-ts-starter

Welcome to the Express.js TypeScript Starter. This project provides a solid foundation for buildi...

18 May 2024 5
eta

Embedded JS template engine for Node, Deno, and the browser. Lighweight, fast, and pluggable. Wri...

26 Mar 2020 1,301
subhosting-js

The JavaScript client library for Subhosting API.

13 Feb 2024 4
nhttp

An Simple web-framework for Deno and Friends.

29 May 2021 88
libs

🍱 Collection of carefully crafted TypeScript standalone libraries. Minimal, unbloated, convenient.

04 May 2021 73
node-boilerplate

Node Typescript Boilerplate for Microservices. Skeleton for Node.js Apps written in TypeScript (w...

08 Mar 2021 345