v0.9.0
Breaking change warning
PR #106 introduces a breaking change for users that would have configured their user pool to use username as a sign-in option (vs email and/or phone_number only). All FIDO2 credentials will have to be recreated, because we changed the logic that determines the userHandle. This is unfortunate, but we felt it warranted because the new logic is more secure. Also this lib is still at major version 0 for a reason.
If you did not use username as a sign-in option, but only e-mail and/or phone_number, you are unaffected by this change: all FIDO2 credentials remain usable.
What's Changed
- Fix number type by @ottokruse in #102
- Update fido challenge lambda to use fido2Challenge function props by @RobHarveyDev in #105
- Update to set CfnWebACLAssociation only if addWaf is true by @RobHarveyDev in #108
- Fix userHandle determination by @ottokruse in #106
- Version bump to v0.9.0 by @ottokruse in #109
New Contributors
- @RobHarveyDev made their first contribution in #105
Full Changelog: v0.8.0...v0.9.0
Contributors
ottokruse and RobHarveyDev