Releases: aws-samples/amazon-cognito-passwordless-auth
v0.12.1
v0.12.0
What's Changed
- Add AllowedApplicationOrigin environment variable for non url origins by @RobHarveyDev in #127
Full Changelog: v0.10.0...v0.12.0
v0.10.0
What's Changed
- Bump react-devtools-core from 4.27.2 to 4.28.4 by @dependabot in #115
- Bump react-devtools-core from 4.27.6 to 4.28.4 in /end-to-end-example/client by @dependabot in #116
- Bump react-devtools-core from 4.27.8 to 4.28.4 in /end-to-end-example/cdk by @dependabot in #117
- Fido20 notification-feature on adding and removing device by @Geranimo in #99
- v0.10.0 by @ottokruse in #123
New Contributors
Full Changelog: v0.9.1...v0.10.0
v0.9.1
What's Changed
- Add fido rest api props by @RobHarveyDev in #113
- Bump @babel/traverse from 7.21.3 to 7.23.2 by @dependabot in #112
- Bump @babel/traverse from 7.22.5 to 7.23.2 in /end-to-end-example/cdk by @dependabot in #111
- Bump @babel/traverse from 7.21.4 to 7.23.2 in /end-to-end-example/client by @dependabot in #110
Full Changelog: v0.9.0...v0.9.1
v0.9.0
Breaking change warning
PR #106 introduces a breaking change for users that would have configured their user pool to use username
as a sign-in option (vs email and/or phone_number only). All FIDO2 credentials will have to be recreated, because we changed the logic that determines the userHandle
. This is unfortunate, but we felt it warranted because the new logic is more secure. Also this lib is still at major version 0
for a reason.
If you did not use username as a sign-in option, but only e-mail and/or phone_number, you are unaffected by this change: all FIDO2 credentials remain usable.
What's Changed
- Fix number type by @ottokruse in #102
- Update fido challenge lambda to use fido2Challenge function props by @RobHarveyDev in #105
- Update to set CfnWebACLAssociation only if addWaf is true by @RobHarveyDev in #108
- Fix userHandle determination by @ottokruse in #106
- Version bump to v0.9.0 by @ottokruse in #109
New Contributors
- @RobHarveyDev made their first contribution in #105
Full Changelog: v0.8.0...v0.9.0
v0.8.0
Notice
This release introduces support for "usernameless" authentication: users with a passkey can sign-in without typing in their username.
We're pretty stoked about this change, but it does come with some big and potentially breaking changes! Existing users: do not update to this release without thorough testing.
Notably:
- Switched from HTTP API to REST API, and added WAF protection to the API. After deploying you will have a new FIDO2 API endpoint that you should configure in your frontend.
- Overhauled UI to offer the "Sign in with passkey" button, that does not require entry of a username
These changes make this solution more expensive, as AWS WAF comes at a cost and also REST API is more expensive than HTTP API. However, these features are probably worth your money! You can disable WAF in this solution should you really want.
Also note that we have introduced a new public endpoint /sign-in-challenge
(protected by throttling and WAF rate limit) to support signing in without knowing the username upfront.
What's Changed
- Document using another e-mail provider by @ottokruse in #86
- Support using the client library in different runtimes than just Web, e.g. also in Node.js by @ottokruse in #87
- fix(react-native): build minimal location from passkeyDomain by @EricBorland in #89
- Bump postcss from 8.4.24 to 8.4.31 in /end-to-end-example/client by @dependabot in #98
- Support usernameless authentication by @ottokruse in #100
- Version bump to 0.8.0 for npm release by @ottokruse in #101
Full Changelog: v0.7.1...v0.8.0
v0.7.1
What's Changed
- Added docs for customize auth by @ottokruse in #82
- Also use STACK_ID as salt for FIDO2 by @ottokruse in #83
- v0.7.1 by @ottokruse in #84
Full Changelog: v0.7.0...v0.7.1
v0.7.0
Breaking Changes
- Client (generic JS): the interface for
requestSignInLink
has changed: parameterusernameOrAlias
has been renamed tousername
(for consistency with other methods that all useusername
terminology, even though they also accept an alias, similar to Cognito APIs) - React: the interface for
requestSignInLink
has changed: you need to provide an object now as first argument ({username:"[email protected]"}
). Before, the first argument was just the username as string.
What's Changed
- Add redirectUri option to requestSignInLink hook by @mikemeerschaert in #75
- Refactor/username by @ottokruse in #77
- Chore/tweaks by @ottokruse in #79
- Fix/magic link session by @ottokruse in #78
- v0.7.0 by @ottokruse in #80
New Contributors
- @mikemeerschaert made their first contribution in #75
Full Changelog: v0.6.7...v0.7.0
v0.6.7
What's Changed
- Clean unused d.ts file from dist by @ottokruse in #65
- Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #66
- Add rel=noreferrer to end-to-end example links by @ottokruse in #67
- Allow magic links that match allowedOrigins regardless of the path in the magic link by @ottokruse in #70
- Improve documentation by @ottokruse in #73
- Version bump for NPM release by @ottokruse in #74
Full Changelog: v0.6.6...v0.6.7
v0.6.6
What's Changed
- chore: add fix for common eresolve error to docs by @ottokruse in #54
- docs(react-native): properly indicate how to configure the client by @EricBorland in #56
- Chore: remove superfluous code by @ottokruse in #57
- Fix type and remove unused file by @ottokruse in #58
- Create 1st version of GH action with some checks by @ottokruse in #59
- Bump semver from 5.7.1 to 5.7.2 by @dependabot in #62
- Bump semver from 5.7.1 to 5.7.2 in /end-to-end-example/client by @dependabot in #61
- Bump semver from 5.7.1 to 5.7.2 in /end-to-end-example/cdk by @dependabot in #60
- Fix: use CSS-based spinner for compatibility with NextJS by @ottokruse in #63
- Version bump for NPM release by @ottokruse in #64
Full Changelog: v0.6.5...v0.6.6