The client now supports additional user-defined properties in the client data, while also clarifying how the client handles client data and its hash.
- Change
register
andauthenticate
to take aClientData<E>
instead ofOption<Vec<u8>>
. - Custom client data hashes are now specified using
DefaultClientDataWithCustomHash(Vec<u8>)
instead ofSome(Vec<u8>)
. - Additional fields can be added to the client data using
DefaultClientDataWithExtra(ExtraData)
.
CollectedClientData
is now generic and supports additional strongly typed fields.
CollectedClientData
has changed toCollectedClientData<E = ()>
The changes in this version are centered around giving the users of this library more control over the validation process.
The UserValidationMethod
trait has been updated to give the implementation more information about the request, which can be
used to decide whether additional validations are needed. To reflect this, the UserValidationMethod
trait now also
returns which validations were performed.
- ⚠ BREAKING: Consolidated
UserValidationMethod::check_user_presence
andUserValidationMethod::check_user_verification
into a singleUserValidationMethod::check_user
method (#5).
Updated to support the changes in passkey-authenticator
v0.3.0.
These changes add functionality without breaking previously working stores. However, it does change
the semantics of save_credential
whose doc said that it should be used for both saving and updating.
update_credential
only needs to be implemented if the authenticator supports signature counters.
- Add support for signature counters
- ⚠ BREAKING: Add
update_credential
function to store (#3). - Add
make_credentials_with_signature_counter
toauthenticator
.
- ⚠ BREAKING: Add
- The client no longer hardcodes the UV value sent to the authenticator. (#2)
Most of these changes are adding fields to structs which are breaking changes due to the current lack of builder methods for these types. Due to this, additions of fields to structs or variants to enums won't be marked as breaking in this release's notes. Other types of breaking changes will be explicitly called out.
- ⚠ BREAKING: Update
bitflags
from v1 to v2. This meansctap2::Flags
no longer implementPartialOrd
,Ord
andHash
as those traits aren't applicable. - Added a
transports
field toctap2::get_info::Response
- Changes in
webauthn::PublicKeyCredential
:- ⚠ BREAKING:
authenticator_attachment
is now optional - ⚠ BREAKING:
client_extension_results
's type has been renamed fromAuthenticationExtensionsClientOutputs
toAuthenticatorExtensionsClientOutputs
- ⚠ BREAKING:
- Changes for
webauthn::PublicKeyCredentialRequestOptions
:timeout
now supports deserializing from a stringified numberuser_verification
will now ignore unknown values instead of returning an error on deserialization- Add
hints
field (#9) - Add
attestation
andattestation_formats
fields
- Changes for
webauthn::AuthenticatorAssertionResponse
- Add
attestation_object
field
- Add
- Changes for
webauthn::PublicKeyCredentialCreationOptions
:timeout
now supports deserializing from a stringified number- Add
hints
field (#9) - Add
attestation_formats
field
- Fix
webauthn::CollectedClientData
JSON serialization to correctly follow the spec. (#6)- Add
unknown_keys
field - Always serializes
cross_origin
with a boolean even if it is set toNone
- ⚠ BREAKING: Remove from
#[typeshare]
generation as#[serde(flatten)]
onunknown_keys
is not supported.
- Add
- Add
webauthn::ClientDataType::PaymentGet
variant. - Make all enums with unit variants
Clone
,Copy
,PartialEq
andEq
- Add support for the
CredProps
extension withauthenticatorDisplayName
- Add
Authenticator::transports(Vec<AuthenticatorTransport>)
builder method for customizing the transports during credential creation. The default isinternal
andhybrid
. - Add
Authenticator:{set_display_name, display_name}
methods for setting a display name for theCredProps
extension'sauthenticatorDisplayName
. - Update
p256
to version0.13
- Update
signature
to version2
- Add
WebauthnError::is_vendor_error()
for verifying if the internal CTAP error was in the range ofpasskey_types::ctap2::VendorError
- Break out Rp Id verification from the
Client
into its ownRpIdVerifier
which it now uses internally. This allows the use ofRpIdVerifier::assert_domain
publicly now instead of it being a private method to client without the need for everything else the client needs. Client::register
now handlesCredProps
extension requests.- Update
idna
to version0.5
- Update the public suffix list