Skip to content

Pre-release 1.11.0-RC1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@emlun emlun released this 16 Sep 19:12
1.11.0-RC1
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Verified
Learn about vigilant mode.
fe7a557
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Verified
Learn about vigilant mode.

Deprecated features:

  • AuthenticatorSelectionCriteria methods builder().requireResidentKey(boolean) and isRequireResidentKey() deprecated in favor of a new option, see below.
  • The icon field in RelyingPartyIdentity and UserIdentity, and its associated methods, are now deprecated. The corresponding property was removed in WebAuthn Level 2.

Deprecated features will be removed in the next major version release.

Changes:

  • RelyingParty.appId setting now also activates the appidExclude extension in addition to the appid extension.
  • RelyingParty.startRegistration() now enables the credProps extension by default. The extension output, if any, is available as RegistrationResult.isDiscoverable() and RegistrationResult.getClientExtensionOutputs().getCredProps().

New features:

  • RegistrationResult.keyId() now includes transports if any were included in the AuthenticatorAttestatationResponse. To get transports passed through, call PublicKeyCredential.response.getTransports() on the client side after successful registration, and add the result as the property response.transports in the JSON passed into PublicKeyCredential.parseRegistrationResponseJson. See the project README for an example.
  • Added support for the appidExclude, credProps, largeBlob and uvm extensions.
  • Added support for the new authenticatorSelectionCriteria.residentKey option:
    • Added method AuthenticatorSelectionCriteria.builder().residentKey(ResidentKeyRequirement).
    • Added method AuthenticatorSelectionCriteria.getResidentKey().
    • Methods builder().requireResidentKey(boolean) and isRequireResidentKey() deprecated in favor of the above two new methods.
    • The builder methods requireResidentKey(boolean) and residentKey(ResidentKeyRequirement) both control one shared setting, which sets both the requireResidentKey and residentKey options simultaneously and in agreement with each other for backwards compatibility with older browsers.
  • Added methods PublicKeyCredentialCreationOptions.toCredentialsCreateJson(), PublicKeyCredentialRequestOptions.toCredentialsGetJson() and AssertionRequest.toCredentialsGetJson() for serializing to JSON without having to use Jackson directly.

Fixes:

  • Added missing JavaDoc for id and name methods of initial RelyingPartyIdentityBuilder stages.

Artifacts built with openjdk 11.0.12 2021-07-20.

Assets 5
Loading