Skip to content

Version 1.5.0

Choose a tag to compare

View all tags
@emlun emlun released this 01 Nov 15:04
1.5.0
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Verified
Learn about vigilant mode.
f8693e0
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Verified
Learn about vigilant mode.

Changes:

  • RelyingParty now makes an immutable copy of the origins argument, instead of storing a reference to a possibly mutable value.
  • The enum AuthenticatorTransport has been replaced by a value class containing methods and value constants equivalent to the previous enum.
  • The return type of PublicKeyCredentialDescriptor.getTransports() is now a SortedSet instead of Set. The builder still accepts a plain Set.
  • Registration ceremony now verifies that the returned credential public key matches one of the algorithms specified in RelyingParty.preferredPubkeyParams and can be successfully parsed.

New features:

  • Origin matching can now be relaxed via two new RelyingParty options:
    • allowOriginPort (default false): Allow any port number in the origin
    • allowOriginSubdomain (default false): Allow any subdomain of any origin listed in RelyingParty.origins
    • See JavaDoc for details and examples.
  • The new AuthenticatorTransport can now contain any string value as the transport identifier, as required in the editor's draft of the L2 spec. See: w3c/webauthn#1275
  • Added support for RS1 credentials. Registration of RS1 credentials is not enabled by default, but can be enabled by setting RelyingParty.preferredPubKeyCredParams to a list containing PublicKeyCredentialParameters.RS1.
    • New constant PublicKeyCredentialParameters.RS1
    • New constant COSEAlgorithmIdentifier.RS1

Artifacts built with JDK 11.

Assets 4
Loading