Releases: Yubico/java-webauthn-server
Version 1.12.0
New features:
- New method
RegisteredCredential.builder().publicKeyEs256Raw(ByteArray)
. This is a mutually exclusive alternative to.publicKeyCose(ByteArray)
, for easier backwards-compatibility with U2F-formatted (Raw ANSI X9.62) public keys. - "Migrating from U2F" section added to project README
Artifacts built with openjdk 11.0.13 2021-10-19
.
Pre-release 1.12.0-RC1
New features:
- New method
RegisteredCredential.builder().publicKeyEs256Raw(ByteArray)
. This is a mutually exclusive alternative to.publicKeyCose(ByteArray)
, for easier backwards-compatibility with U2F-formatted (Raw ANSI X9.62) public keys. - "Migrating from U2F" section added to project README
Artifacts built with openjdk 11.0.12 2021-07-20
.
Version 1.11.0
Deprecated features:
AuthenticatorSelectionCriteria
methodsbuilder().requireResidentKey(boolean)
andisRequireResidentKey()
deprecated in favor of a new option, see below.- The
icon
field inRelyingPartyIdentity
andUserIdentity
, and its associated methods, are now deprecated. The corresponding property was removed in WebAuthn Level 2.
Deprecated features will be removed in the next major version release.
Changes:
RelyingParty.startAssertion()
no longer overwrites theappid
extension input in theStartAssertionOptions
argument.RelyingParty.appId
setting now also activates theappidExclude
extension in addition to theappid
extension.RelyingParty.startRegistration()
now enables thecredProps
extension by default. The extension output, if any, is available asRegistrationResult.isDiscoverable()
andRegistrationResult.getClientExtensionOutputs().getCredProps()
.
New features:
RegistrationResult.keyId()
now includestransports
if any were included in theAuthenticatorAttestatationResponse
. To get transports passed through, callPublicKeyCredential.response.getTransports()
on the client side after successful registration, and add the result as the propertyresponse.transports
in the JSON passed intoPublicKeyCredential.parseRegistrationResponseJson
. See the project README for an example.- Added support for the
appidExclude
,credProps
,largeBlob
anduvm
extensions. - Added support for the new
authenticatorSelectionCriteria.residentKey
option:- Added method
AuthenticatorSelectionCriteria.builder().residentKey(ResidentKeyRequirement)
. - Added method
AuthenticatorSelectionCriteria.getResidentKey()
. - Methods
builder().requireResidentKey(boolean)
andisRequireResidentKey()
deprecated in favor of the above two new methods. - The builder methods
requireResidentKey(boolean)
andresidentKey(ResidentKeyRequirement)
both control one shared setting, which sets both therequireResidentKey
andresidentKey
options simultaneously and in agreement with each other for backwards compatibility with older browsers.
- Added method
- Added methods
PublicKeyCredentialCreationOptions.toCredentialsCreateJson()
,PublicKeyCredentialRequestOptions.toCredentialsGetJson()
andAssertionRequest.toCredentialsGetJson()
for serializing to JSON without having to use Jackson directly. - Added methods
PublicKeyCredentialCreationOptions.toJson()
and.fromJson(String)
suitable for encoding to and decoding from JSON. - Added methods
AssertionRequest.toJson()
and.fromJson(String)
suitable for encoding to and decoding from JSON. - Added methods
StartAssertionOptions.builder().userHandle(ByteArray)
and.userHandle(Optional<ByteArray>)
as alternatives to.username(String)
and.username(Optional<String>)
. TheuserHandle
methods fill the same function as, and are mutually exclusive with, theusername
methods.
Fixes:
- Added missing JavaDoc for
id
andname
methods of initialRelyingPartyIdentityBuilder
stages. - Added and improved JavaDoc for required builder methods.
- Javadoc for
TokenBindingInfo.id
incorrectly stated that the value is base64url encoded. - Javadoc for
TokenBindingStatus.PRESENT
incorrectly referenced its own (private)id
member instead ofTokenBindingInfo.id
. - Improved JavaDoc for
StartRegistrationOptions.authenticatorSelection
- Improved JavaDoc for
RelyingParty.appid
- Make the
RelyingParty.validateSignatureCounter
JavaDoc also cover the success case where stored and received signature count are both zero.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Pre-release 1.11.0-RC5
Changes:
RelyingParty.startRegistration()
no longer overwrites theappidExclude
andcredProps
extension inputs in theStartRegistrationOptions
argument.RelyingParty.startAssertion()
no longer overwrites theappid
extension input in theStartAssertionOptions
argument.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Pre-release 1.11.0-RC4
Pre-release 1.11.0-RC3
mistakenly included an unversioned file in the webauthn-server-attestation
artifact, which broke signature reproducibility. 1.11.0-RC4
is a rebuild from the same sources but without that additional file.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Pre-release 1.11.0-RC3
Note: This release has a defective webauthn-server-attestation
artifact. Please use version 1.11.0-RC4
instead.
Breaking changes from 1.11.0-RC2:
- Class
UserVerificationMethod
converted to enum - Class
KeyProtectionType
converted to enum - Class
MatcherProtectionType
converted to enum
Fixes:
- Javadoc for
TokenBindingInfo.id
incorrectly stated that the value is base64url encoded. - Javadoc for
TokenBindingStatus.PRESENT
incorrectly referenced its own (private)id
member instead ofTokenBindingInfo.id
. - Improved JavaDoc for
StartRegistrationOptions.authenticatorSelection
- Improved JavaDoc for
RelyingParty.appid
- Made the
RelyingParty.validateSignatureCounter
JavaDoc also cover the success case where stored and received signature count are both zero.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Pre-release 1.11.0-RC2
New features:
- Added methods
PublicKeyCredentialCreationOptions.toJson()
and.fromJson(String)
suitable for encoding to and decoding from JSON. - Added methods
AssertionRequest.toJson()
and.fromJson(String)
suitable for encoding to and decoding from JSON. - Added methods
StartAssertionOptions.builder().userHandle(ByteArray)
and.userHandle(Optional<ByteArray>)
as alternatives to.username(String)
and.username(Optional<String>)
. TheuserHandle
methods fill the same function as, and are mutually exclusive with, theusername
methods.
Fixes:
- Added and improved JavaDoc for required builder methods.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Pre-release 1.11.0-RC1
Deprecated features:
AuthenticatorSelectionCriteria
methodsbuilder().requireResidentKey(boolean)
andisRequireResidentKey()
deprecated in favor of a new option, see below.- The
icon
field inRelyingPartyIdentity
andUserIdentity
, and its associated methods, are now deprecated. The corresponding property was removed in WebAuthn Level 2.
Deprecated features will be removed in the next major version release.
Changes:
RelyingParty.appId
setting now also activates theappidExclude
extension in addition to theappid
extension.RelyingParty.startRegistration()
now enables thecredProps
extension by default. The extension output, if any, is available asRegistrationResult.isDiscoverable()
andRegistrationResult.getClientExtensionOutputs().getCredProps()
.
New features:
RegistrationResult.keyId()
now includestransports
if any were included in theAuthenticatorAttestatationResponse
. To get transports passed through, callPublicKeyCredential.response.getTransports()
on the client side after successful registration, and add the result as the propertyresponse.transports
in the JSON passed intoPublicKeyCredential.parseRegistrationResponseJson
. See the project README for an example.- Added support for the
appidExclude
,credProps
,largeBlob
anduvm
extensions. - Added support for the new
authenticatorSelectionCriteria.residentKey
option:- Added method
AuthenticatorSelectionCriteria.builder().residentKey(ResidentKeyRequirement)
. - Added method
AuthenticatorSelectionCriteria.getResidentKey()
. - Methods
builder().requireResidentKey(boolean)
andisRequireResidentKey()
deprecated in favor of the above two new methods. - The builder methods
requireResidentKey(boolean)
andresidentKey(ResidentKeyRequirement)
both control one shared setting, which sets both therequireResidentKey
andresidentKey
options simultaneously and in agreement with each other for backwards compatibility with older browsers.
- Added method
- Added methods
PublicKeyCredentialCreationOptions.toCredentialsCreateJson()
,PublicKeyCredentialRequestOptions.toCredentialsGetJson()
andAssertionRequest.toCredentialsGetJson()
for serializing to JSON without having to use Jackson directly.
Fixes:
- Added missing JavaDoc for
id
andname
methods of initialRelyingPartyIdentityBuilder
stages.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Version 1.10.1
webauthn-server-attestation
:
- Fixed name of YubiKey Bio - FIDO edition in attestation metadata.
Artifacts built with openjdk 11.0.12 2021-07-20
.
Version 1.10.0
webauthn-server-attestation
:
- Added attestation metadata for YubiKey Bio.
Artifacts built with openjdk 11.0.11 2021-04-20
.