Releases: Yubico/java-webauthn-server
Releases · Yubico/java-webauthn-server
0.5.0
webauthn-server-core
New features:
PackedAttestationStatementVerifier
now supports SHA256WithRSA signatures
Bug fixes:
PublicKeyCredentialDescriptor.compareTo
is now consistent with equalsAuthenticatorData
constructor should now throw more descriptive exceptions instead of rawArrayIndexOutOfBoundsException
s
webauthn-server-attestation
Breaking changes:
- Interface
MetadataResolver
replaced with interfacesAttestationResolver
andTrustResolver
- Class
SimpleResolver
split intoSimpleAttestationResolver
andSimpleTrustResolver
- Both of these classes now take the metadata as a constructor parameter instead of exposing
addMetadata
methods
- Both of these classes now take the metadata as a constructor parameter instead of exposing
- Class
CompositeResolver
split intoCompositeAttestationResolver
andCompositeTrustResolver
- Class
- Class
StandardMetadataService
overhauled
0.4.0
0.3.0
With this release, the library is getting close to mature enough for a production-ready release. There may be breaking API changes necessary before 1.0, but none are planned.
Changes:
- Major API overhaul; public API changes include but are not limited to:
- Reorganised package structure
CredentialRepository.getCredentialIdsForUsername(String)
now returnsSet
instead ofList
- Most data classes now expose a builder instead of a public constructor
- Shortcut constants added to
COSEAlgorithmIdentifier
andPublicKeyCredentialParameters
- Exception
U2fBadConfigurationException
renamed toBadConfigurationException
RelyingParty.startRegistration
now accepts oneStartRegistrationOptions
parameter instead of several parametersRelyingParty.finishRegistration
now accepts oneFinishRegistrationOptions
parameter instead of several parametersRelyingParty.startAssertion
now accepts oneStartAssertionOptions
parameter instead of several parametersRelyingParty.finishAssertion
now accepts oneFinishAssertionOptions
parameter instead of several parametersRelyingParty.finishRegistration
now throws checkedRegistrationFailedException
instead ofIllegalArgumentException
on most failuresRelyingParty.finishAssertion
now throws checkedAssertionFailedException
instead ofIllegalArgumentException
on most failures- Class
MetadataResolver
replaced with interface - Constructor
CollectedClientData(JsonNode)
deleted - Type of fields
StartAssertionOptions.extensions
,StartRegistrationOptions.extensions
andPublicKeyCredential.clientExtensionOutputs
narrowed fromJsonNode
toObjectNode
- Parameters
StartRegistrationOptions.excludeCredentials
andStartAssertionOptions.allowCredentials
deleted; they are now discovered automatically from theCredentialRepository
. If custom control overexcludeCredentials
orallowCredentials
is needed, modify thePublicKeyCredentialCreationOptions
orPublicKeyCredentialRequestOptions
object manually. COSEAlgorithmIdentifier
is now an actual enum- Extensions are now passed and returned as domain objects instead of as Jackson types
- Type parameter added to
PublicKeyCredential
to express extensions type - Fields
CollectedClientData.authenticatorExtensions
and.clientExtensions
deleted
- Fixed a bug in
AuthenticatorDataFlags
that caused theED
(0x80) flag to never be set - All classes in
com.yubico.webauthn.data
can now be serialized and deserialized using Jackson- JSON output has been slightly changed:
AttestationObject
,AuthenticatorData
andCollectedClientData
now serialize back to Base64Url encoded bytes instead of to JSON objects- Member
_attestationObject
removed from serializedAuthenticatorAttestationResponse
- Member
authenticatorData
removed from serializedAuthenticatorAttestationResponse
- JSON output has been slightly changed:
- New methods
ByteArray.size(): int
and.isEmpty(): boolean
ByteArray
is nowComparable
to itself- Added support for
appid
extension