Releases · Yubico/python-fido2

WARNING: Backwards-incompatible changes!

Version 0.9.0 (released 2021-01-20)

Server: Attestation is now done in two parts (to align better with the spec):
First, type-specific validation is done to provide a trust chain.
Second, validation of the trust chain is done.
Client: API changes to better support extensions.
- Fido2Client can be configured with Ctap2Extensions to support.
- Client.make_credential now returns a AuthenticatorAttestationResponse,
  which holds the AttestationObject and ClientData, as well as any client
  extension results for the credential.
- Client.get_assertion now returns an AssertionSelection object, which is
  used to select between multiple assertions, resulting in an
  AuthenticatorAssertionResponse, which holds the ClientData, assertion
  values, as well as any client extension results for the assertion.
Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2,
respectively. The old names currently work, but will be removed in the
future.
ClientPin: The ClientPin API has been restructured to support multiple PIN
protocols, UV tokens, and token permissions.
CTAP 2.1 PRE: Several new features have been added for CTAP 2.1, including
Credential Management, Bio Enrollment, Large Blobs, and Authenticator Config.
HID: The platform specific HID code has been revamped and cleaned up.

WARNING: Backwards-incompatible changes!

Version 0.8.1 (released 2019-11-25)

Bugfix: WindowsClient.make_credential error when resident key requirement is
unspecified.

Version 0.8.0 (released 2019-11-25)

New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
CTAP2 send_cbor/make_credential/get_assertion and U2fClient
request/authenticate timeout arguments replaced with event used to
cancel a request.
Fido2Client:
make_credential/get_assertion now take WebAuthn options objects.
timeout is now provided in ms in WebAuthn options objects. Event based
cancelation also available by passing an Event.
Fido2Server:
ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums
have been replaced with fido2.webauthn classes.
RelyingParty has been replaced with PublicKeyCredentialRpEntity, and
name is no longer optional.
Options returned by register_begin/authenticate_begin now omit unspecified
values if they are optional, instead of filling in default values.
Fido2Server.allowed_algorithms now contains a list of
PublicKeyCredentialParameters instead of algorithm identifiers.
Fido2Server.timeout is now in ms and of type int.
Support native WebAuthn API on Windows through WindowsClient.

Provide feedback