All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Define permission class for API views (#19 by nijel)
- Make WebAuthnCredentialManager inherit from DeviceManager (#23 by nijel)
- Clarify
username_field_selector
example in README (#20 by nijel) - Clarify custom credential model usage (#26 by jmichalicek)
- The built-in Passkey registration and verification views error handling has been reworked. (#12 by Stormheg)
- A regression in v0.2.0 was fixed were
AuthenticationDisabled
would incorrectly be raised. (Issue #10 by jmichalicek; fixed in #12 by Stormheg) - Support for
CSRF_USE_SESSIONS = True
was added. (Issue #14 by nijel; fixed in #15 by nijel and Stormheg) - An issue that prevented MySQL from being used as the database backend was fixed. (Issue #17 by nijel; fixed in #18 by Stormheg)
- The unused
RegistrationDisabled
,AuthenticationDisabled
, andLoginRequired
exceptions are removed. (#12 by Stormheg)
- Support for having multiple
AUTHENTICATION_BACKENDS
was added. (#8 by jmichalicek)- Action required: add
django_otp_webauthn.backends.WebAuthnBackend
to yourAUTHENTICATION_BACKENDS
setting if you want to use passwordless login.
- Action required: add
- The default manager for the
WebAuthnCredential
model now includes aas_credential_descriptors
method to make it easier to format the credentials for use in custom implementations.
- A bug was fixed with Python 3.11 and older that caused an exception when authenticating with a WebAuthn credential. (#6 by jmichalicek)
- The
http://localhost:8000
default value forOTP_WEBAUTHN_ALLOWED_ORIGINS
was removed. - Use more appropriate examples for the
OTP_WEBAUTHN_*
settings in the README. - Update admonition in the README to reflect the current state of the project. We have moved from don't use in production to use at your own risk.
- The helper classes'
get_credential_display_name
andget_credential_name
methods are now correctly called. Previously, the users' full name was being used as the credential name, bypassing above methods.
- Set discoverable credential policy to
required
at registration time whenOTP_WEBAUTHN_ALLOW_PASSWORDLESS_LOGIN
is set toTrue
. This is to ensure a credential capable of passwordless login is created.
- Make is easier to override the helper class using the new
OTP_WEBAUTHN_HELPER_CLASS
setting. Pass it a dotted path to your custom helper class and it will be used instead of the default one.
- An issue with the button label not showing any text was fixed.
WebAuthnCredential
now inherits fromdjango_otp.models.TimestampMixin
to add acreated_at
andlast_used_at
fields. Subsequently, this raises the minimumdjango-otp
version to1.4.0+
.
- Switch to
hatch
for managing the project.
- Initial release.