search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.62k stars 137 forks source link

fix/597-shadow-dom-support #621

Closed MasterKale closed 1 month ago

MasterKale commented 1 month ago

This PR adds a new verifyBrowserAutofillInput options to @simplewebauthn/browser's startAuthentication(). When set to false the method will no longer raise an error when it cannot find a suitable <input autocomplete="... webauthn"> element.

Most users of this method shouldn't need to use this new flag. However projects using e.g. shadow components which contain an otherwise suitable element for conditional UI can use this new flag to benefit from startAuthentication() as well.

Fixes #597.

Breaking Changes

startAuthentication() now uses an option object

Positional arguments have been replaced by a single object containing all options. Keywords match the name of the previously positional arguments.

To update existing implementations, wrap existing options in an object with corresponding properties:

Before:

startAuthentication(options, true);

After:

startAuthentication({ optionsJSON: options, useBrowserAutofill: true });

startRegistration() now uses an option object

Positional arguments have been replaced by a single object containing all options. Keywords match the name of the previously positional arguments.

To update existing implementations, wrap existing options in an object with corresponding properties:

Before:

startRegistration(options);

After:

startRegistration({ optionsJSON: options });

(It may seem premature to make this change to startRegistration() too, but this is in preparation for #582)

treeder commented 1 month ago

Curious why you didn't call it options instead of optionsJSON? It's not actually a JSON string is it?

MasterKale commented 1 month ago

Curious why you didn't call it options instead of optionsJSON? It's not actually a JSON string is it?

Historically that option has been called optionsJSON to try and communicate that the input is not standard WebAuthn options (e.g. PublicKeyCredentialCreationOptions) but the JSON-ified output of them from the corresponding generate...Options() method in @simplewebauthn/server (e.g. PublicKeyCredentialCreationOptionsJSON that just arrived in the browser as JSON.)

I debated a different name but figured the goal remains unchanged so I'm sticking with it for now.