Skip to content

Releases: aws-samples/amazon-cognito-passwordless-auth

v0.12.1

11 Dec 09:37
ca2609a
Compare
Choose a tag to compare

What's Changed

  • fix bug that required fido2 config object to be passed for Config by @brno32 in #129

New Contributors

Full Changelog: v0.12.0...v0.12.1

v0.12.0

06 Dec 12:10
9e1641d
Compare
Choose a tag to compare

What's Changed

  • Add AllowedApplicationOrigin environment variable for non url origins by @RobHarveyDev in #127

Full Changelog: v0.10.0...v0.12.0

v0.10.0

05 Nov 15:22
c6bd49c
Compare
Choose a tag to compare

What's Changed

  • Bump react-devtools-core from 4.27.2 to 4.28.4 by @dependabot in #115
  • Bump react-devtools-core from 4.27.6 to 4.28.4 in /end-to-end-example/client by @dependabot in #116
  • Bump react-devtools-core from 4.27.8 to 4.28.4 in /end-to-end-example/cdk by @dependabot in #117
  • Fido20 notification-feature on adding and removing device by @Geranimo in #99
  • v0.10.0 by @ottokruse in #123

New Contributors

Full Changelog: v0.9.1...v0.10.0

v0.9.1

19 Oct 13:37
fed38dd
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.9.0...v0.9.1

v0.9.0

17 Oct 19:17
b3afa16
Compare
Choose a tag to compare

Breaking change warning

PR #106 introduces a breaking change for users that would have configured their user pool to use username as a sign-in option (vs email and/or phone_number only). All FIDO2 credentials will have to be recreated, because we changed the logic that determines the userHandle. This is unfortunate, but we felt it warranted because the new logic is more secure. Also this lib is still at major version 0 for a reason.
If you did not use username as a sign-in option, but only e-mail and/or phone_number, you are unaffected by this change: all FIDO2 credentials remain usable.

What's Changed

New Contributors

Full Changelog: v0.8.0...v0.9.0

v0.8.0

11 Oct 06:27
d84abc6
Compare
Choose a tag to compare

Notice

This release introduces support for "usernameless" authentication: users with a passkey can sign-in without typing in their username.

We're pretty stoked about this change, but it does come with some big and potentially breaking changes! Existing users: do not update to this release without thorough testing.

Notably:

  • Switched from HTTP API to REST API, and added WAF protection to the API. After deploying you will have a new FIDO2 API endpoint that you should configure in your frontend.
  • Overhauled UI to offer the "Sign in with passkey" button, that does not require entry of a username

These changes make this solution more expensive, as AWS WAF comes at a cost and also REST API is more expensive than HTTP API. However, these features are probably worth your money! You can disable WAF in this solution should you really want.

Also note that we have introduced a new public endpoint /sign-in-challenge (protected by throttling and WAF rate limit) to support signing in without knowing the username upfront.

What's Changed

  • Document using another e-mail provider by @ottokruse in #86
  • Support using the client library in different runtimes than just Web, e.g. also in Node.js by @ottokruse in #87
  • fix(react-native): build minimal location from passkeyDomain by @EricBorland in #89
  • Bump postcss from 8.4.24 to 8.4.31 in /end-to-end-example/client by @dependabot in #98
  • Support usernameless authentication by @ottokruse in #100
  • Version bump to 0.8.0 for npm release by @ottokruse in #101

Full Changelog: v0.7.1...v0.8.0

v0.7.1

22 Aug 11:38
85a04f2
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.7.0...v0.7.1

v0.7.0

18 Aug 08:09
8c6ec1b
Compare
Choose a tag to compare

Breaking Changes

  • Client (generic JS): the interface for requestSignInLink has changed: parameter usernameOrAlias has been renamed to username (for consistency with other methods that all use username terminology, even though they also accept an alias, similar to Cognito APIs)
  • React: the interface for requestSignInLink has changed: you need to provide an object now as first argument ({username:"[email protected]"}). Before, the first argument was just the username as string.

What's Changed

New Contributors

Full Changelog: v0.6.7...v0.7.0

v0.6.7

08 Aug 12:59
15afe94
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.6.6...v0.6.7

v0.6.6

12 Jul 10:14
7bd9756
Compare
Choose a tag to compare

What's Changed

  • chore: add fix for common eresolve error to docs by @ottokruse in #54
  • docs(react-native): properly indicate how to configure the client by @EricBorland in #56
  • Chore: remove superfluous code by @ottokruse in #57
  • Fix type and remove unused file by @ottokruse in #58
  • Create 1st version of GH action with some checks by @ottokruse in #59
  • Bump semver from 5.7.1 to 5.7.2 by @dependabot in #62
  • Bump semver from 5.7.1 to 5.7.2 in /end-to-end-example/client by @dependabot in #61
  • Bump semver from 5.7.1 to 5.7.2 in /end-to-end-example/cdk by @dependabot in #60
  • Fix: use CSS-based spinner for compatibility with NextJS by @ottokruse in #63
  • Version bump for NPM release by @ottokruse in #64

Full Changelog: v0.6.5...v0.6.6