v0.7.0

v0.7.0 (2023-01-29)

Important Notes

This release adjusts the base64 URL encoding and parsing of several elements in the JSON input and output. There is potential this may result in issues with previously registered credentials in particular ones which use non-readable characters (i.e. random bytes rather than a string converted to bytes) for the user.id. If this presents an issue we request you open an issue and we'll figure out how to adequately deal with this.

Changes

Bug Fixes

• webauthncose: potential nil ptr in ec unmarshal (#102) (c3d789d)

Features

• protocol: add enterprise attestation preference (#100) (ad214bd), closes #90
• protocol: ignore padding for base64 url encoding (#95) (dca408e), closes #93
• protocol: native android fido2 origin (#94) (5f46788), closes #92

Additional Information

Full Changelog: v0.6.1...v0.7.0

v0.6.2

v0.6.2 (2023-01-29)

Bug Fixes

• webauthncose: potential nil ptr in ec unmarshal (#101) (a328b58)

Additional Information

Full Changelog: v0.6.1...v0.6.2

v0.6.1

v0.6.1 (2023-01-28)

Bug Fixes

• metadata: mds3 tests failure due to url change (#96) (83e3622)
• protocol: user entity id not encoded correctly (#98) (3d8dfc7), closes #97

Additional Information

Full Changelog: v0.6.0...v0.6.1

v0.6.0

v0.6.0 (2022-12-26)

Important Changes

The bug fix listed in this release may cause issues for users who are theoretically not properly encoding the data according to the relevant specifications. This is because we were allowing the json.Marshaller to handle all decoding previously and are now explicitly deocding data as Base64 URL Encoding (unpadded) See #82.

Bug Fixes

• challenge: urlsafe base64 encoding (#82) (6abd351)

Features

• add config option to add multiple rp origins (#81) (0bba500), closes #76
• protocol: added authentication transportation hybrid (#86) (752defd), closes #74
• protocol: implement device eligible and backup flags (#85) (694d289), closes #75

Additional Information

Full Changelog: v0.5.0...v0.6.0

New Contributors

• @ArnaudBrousseau made their first contribution in #72
• @tobiaszheller made their first contribution in #79
• @matoous made their first contribution in #82
• @FreddyDevelop made their first contribution in #81

v0.5.0

0.5.0 (2022-10-22)

Features

• metadata: mds3 support (#54) (697bc4c)
• refactor of tpm attestation (#60) (cdfc867)

Build

• deps: update module github.com/go-webauthn/revoke to v0.1.6(#65) (3660651)
• deps: update module golang.org/x/crypto to v0.1.0 (#66) (e17f7c0)

Additional Information

Full Changelog: v0.4.0...v0.5.0

v0.4.0

0.4.0 (2022-08-20)

Build

• deps: go mod 1.18 (#44) (8a3ca8b)
• deps: update golang.org/x/crypto digest to bc19a97 (#45) (50f4dc1)
• deps: update module go to 1.19 (#41) (4b2217f)

Bug Fixes

• google tpm ec mapping (#43) (6be1bd6)
• protocol: potential panic in u2f attestation (#46) (59c2424)

Additional Information

Full Changelog: v0.3.4...v0.4.0

v0.3.4

0.3.4 (2022-07-01)

Features

• expose credential parameter configuration (#40) (46f365d)

Additional Information

Full Changelog: v0.3.3...v0.3.4

New Contributors

• @tarrencev made their first contribution in #40

v0.3.3

0.3.3 (2022-06-24)

Bug Fixes

• webauthn: potential panic in parse fido public key (#39) (3551cfa)

Additional Information

Full Changelog: v0.3.2...v0.3.3

v0.3.2

0.3.2 (2022-06-24)

This release updates dependencies.

Build

• deps: update module golang.org/x/crypto to 05595931fe9d (24bd523)
• deps: update module github.com/go-webauthn/revoke to v0.1.2 (fc740cf)
• deps: update module github.com/mitchellh/mapstructure to v1.5.0 (228139a)
• deps: update module github.com/golang-jwt/jwt/v4 to v4.4.2 (ca1bc79)

Additional Information

Full Changelog: v0.3.1...v0.3.2

v0.3.1

0.3.1 (2022-04-13)

This release ensures that this library is not effected by the recently discovered go CVE's which were fixed in 1.17.9 and 1.18.1. While it is unclear at this time as to if this library is affected, and it is believe that it is not affected; it's better to be safe than sorry.

Build

• deps: update module golang.org/x/crypto to 7b82a4e95df4 (4d9fa80)
• deps: update module github.com/go-webauthn/revoke to v0.1.1 (a2f6df9)

Additional Information

Full Changelog: v0.3.0...v0.3.1