Skip to content

v0.8.0
Compare
Choose a tag to compare
@ottokruse ottokruse released this 11 Oct 06:27
· 64 commits to main since this release
v0.8.0
d84abc6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Notice

This release introduces support for "usernameless" authentication: users with a passkey can sign-in without typing in their username.

We're pretty stoked about this change, but it does come with some big and potentially breaking changes! Existing users: do not update to this release without thorough testing.

Notably:

  • Switched from HTTP API to REST API, and added WAF protection to the API. After deploying you will have a new FIDO2 API endpoint that you should configure in your frontend.
  • Overhauled UI to offer the "Sign in with passkey" button, that does not require entry of a username

These changes make this solution more expensive, as AWS WAF comes at a cost and also REST API is more expensive than HTTP API. However, these features are probably worth your money! You can disable WAF in this solution should you really want.

Also note that we have introduced a new public endpoint /sign-in-challenge (protected by throttling and WAF rate limit) to support signing in without knowing the username upfront.

What's Changed

  • Document using another e-mail provider by @ottokruse in #86
  • Support using the client library in different runtimes than just Web, e.g. also in Node.js by @ottokruse in #87
  • fix(react-native): build minimal location from passkeyDomain by @EricBorland in #89
  • Bump postcss from 8.4.24 to 8.4.31 in /end-to-end-example/client by @dependabot in #98
  • Support usernameless authentication by @ottokruse in #100
  • Version bump to 0.8.0 for npm release by @ottokruse in #101

Full Changelog: v0.7.1...v0.8.0

Contributors

ottokruse, EricBorland, and dependabot
Assets 2
Loading