Releases: curveball/a12n-server
Releases · curveball/a12n-server
v0.13.1
- Docker build can now fully run without a pre-existing development
environment. - Public Docker Image: https://hub.docker.com/r/curveballjs/a12n-server
- WebauthN and TOTP MFA are now enabled by default.
- No longer using
unpkgfor browser dependencies. - Upgraded from
hal-browserto@curveball/browser. - Better error messaging in the OAuth2 flow when a
redirect_uriis
incorrect.
v0.13.0
- Support for WebauthN / Yubikeys (@mhum)
- Logging in is now a multi-step process, with 2FA (Webauthn/Yubikey/TOTP)
as the second step. (@mhum) - It's now possible to setup 2FA during registration. (@mhum)
/validate-bearerand/validate-totpendpoints have been removed.- Support for OAuth2 PKCE (@mhum)
- tslint -> eslint
- Typescript 4.
- Compatible with Typescript strict mode.
v0.12.7
v0.12.6
v0.12.5
- Now using
@curveball/accesslog, which also colorizes CLI output when
viewed on a terminal. - A list of privileges are now returned from the 'introspect' endpoint.
- An error will be thrown when the server is used as a middleware (instead
of standalone) and noPUBLIC_URIenvironment variable is set.
v0.12.4
v0.12.3
v0.12.1
v0.12.0
- Added a
/privilegesendpoint to easily find out what kind of privileges
are used in the system. - The server now has an
adminprivilege, which is required to create new
users or find information about other users. - Users that are not yet marked
activenow show up in the/users
collection, but still can't log in. - The session cookie now uses
SameSite: Lax, which means that users will see
login screens less often.
v0.11.2
- Support for the
/.well-known/change-passwordendpoint, as defined in
RFC8615. - Fixed a bug that could cause the TOTP field to not be rendered, even if it's
required. - Fixed a bug where users weren't getting activated using the "Create user"
form.