@simplewebauthn/server 6.0.0 → 6.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -12,10 +12,10 @@ const generateChallenge_1 = require("../helpers/generateChallenge");
|
|
|
12
12
|
* and https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
13
13
|
*/
|
|
14
14
|
exports.supportedCOSEAlgorithmIdentifiers = [
|
|
15
|
+
// EdDSA (In first position to encourage authenticators to use this over ES256)
|
|
16
|
+
-8,
|
|
15
17
|
// ECDSA w/ SHA-256
|
|
16
18
|
-7,
|
|
17
|
-
// EdDSA
|
|
18
|
-
-8,
|
|
19
19
|
// ECDSA w/ SHA-512
|
|
20
20
|
-36,
|
|
21
21
|
// RSASSA-PSS w/ SHA-256
|
|
@@ -80,16 +80,37 @@ function generateRegistrationOptions(options) {
|
|
|
80
80
|
type: 'public-key',
|
|
81
81
|
}));
|
|
82
82
|
/**
|
|
83
|
-
*
|
|
84
|
-
*
|
|
85
|
-
*
|
|
86
|
-
* See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
|
|
83
|
+
* Capture some of the nuances of how `residentKey` and `requireResidentKey` how either is set
|
|
84
|
+
* depending on when either is defined in the options
|
|
87
85
|
*/
|
|
88
|
-
if (authenticatorSelection.residentKey ===
|
|
89
|
-
|
|
86
|
+
if (authenticatorSelection.residentKey === undefined) {
|
|
87
|
+
/**
|
|
88
|
+
* `residentKey`: "If no value is given then the effective value is `required` if
|
|
89
|
+
* requireResidentKey is true or `discouraged` if it is false or absent."
|
|
90
|
+
*
|
|
91
|
+
* See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-residentkey
|
|
92
|
+
*/
|
|
93
|
+
if (authenticatorSelection.requireResidentKey) {
|
|
94
|
+
authenticatorSelection.residentKey = 'required';
|
|
95
|
+
}
|
|
96
|
+
else {
|
|
97
|
+
/**
|
|
98
|
+
* FIDO Conformance v1.7.2 fails the first test if we do this, even though this is
|
|
99
|
+
* technically compatible with the WebAuthn L2 spec...
|
|
100
|
+
*/
|
|
101
|
+
// authenticatorSelection.residentKey = 'discouraged';
|
|
102
|
+
}
|
|
90
103
|
}
|
|
91
104
|
else {
|
|
92
|
-
|
|
105
|
+
/**
|
|
106
|
+
* `requireResidentKey`: "Relying Parties SHOULD set it to true if, and only if, residentKey is
|
|
107
|
+
* set to "required""
|
|
108
|
+
*
|
|
109
|
+
* Spec says this property defaults to `false` so we should still be okay to assign `false` too
|
|
110
|
+
*
|
|
111
|
+
* See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
|
|
112
|
+
*/
|
|
113
|
+
authenticatorSelection.requireResidentKey = authenticatorSelection.residentKey === 'required';
|
|
93
114
|
}
|
|
94
115
|
return {
|
|
95
116
|
challenge: base64url_1.default.encode(challenge),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,oEAAiE;AAiBjE;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,oEAAiE;AAiBjE;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,+EAA+E;IAC/E,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,2BAA2B,CACzC,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;OAGG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,SAAS,EAAE;QACpD;;;;;WAKG;QACH,IAAI,sBAAsB,CAAC,kBAAkB,EAAE;YAC7C,sBAAsB,CAAC,WAAW,GAAG,UAAU,CAAC;SACjD;aAAM;YACL;;;eAGG;YACH,sDAAsD;SACvD;KACF;SAAM;QACL;;;;;;;WAOG;QACH,sBAAsB,CAAC,kBAAkB,GAAG,sBAAsB,CAAC,WAAW,KAAK,UAAU,CAAC;KAC/F;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA/ED,kEA+EC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simplewebauthn/server",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.1.0",
|
|
4
4
|
"description": "SimpleWebAuthn for Servers",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -58,7 +58,7 @@
|
|
|
58
58
|
"jwk-to-pem": "^2.0.4",
|
|
59
59
|
"node-fetch": "^2.6.0"
|
|
60
60
|
},
|
|
61
|
-
"gitHead": "
|
|
61
|
+
"gitHead": "865a44488e6ab6cda3ab2332008cd2609e24dfed",
|
|
62
62
|
"devDependencies": {
|
|
63
63
|
"@types/cbor": "^5.0.1",
|
|
64
64
|
"@types/debug": "^4.1.7",
|