v2.6.0

Although linking of passkeys to user accounts happens in backend code, it was possible for an untrusted client to create a passkey. Following this release passkey registration will first require backend authorisation.

Changed

• Server side passkey registration preparation. This prevents untrusted clients from registering passkeys without proper authorization.
• Updated CHANGELOG.md format following Keep a Changelog.

Added

• (Optional) Server side passkey authentication preparation. Allows developers to supply known passkey IDs (allowCredentials) and other authentication options directly in backend code instead of threading them through the frontend.