Aka The Compatibility Patch.
After our initial release about a month ago, we've been coding through the heat wave and made sure to fix a handful of issues. We were able to make some important steps to give the Hanko login experience a good polish. Here are some highlights:
<hanko-auth>
- The default design of hanko-auth element is now a bit more neutral and we removed most width and height default settings to make it more responsive for seamless integration into different layouts
- Entering an email address now also triggers the WebAuthn / passkey login flow if the associated account has a credential
- Disabled the passkey button on Android, as passkeys (i.e., discoverable credentials / empty allowCredentials lists) are not yet supported on Android; WebAuthn logins can still be triggered by entering an email that has registered a credential before
Hanko API
- Added support for cross-domain cookies to allow backend and frontend to be hosted on different domains
- WebAuthn `transports = "internal"` is currently broken on Android and Windows, so we removed transports from all login requests; this results in the option "Security Keys" being shown in some login scenarios, even if the credential was created with a platform authenticator; we'll revisit this when the authenticators on Android and Windows got better passkey support
- Worked around an issue with Safari on iOS 15 and macOS Monterey where the WebAuthn login could only be initiated once per page reload
Other
- Docker Compose / Quickstart now works properly on M1 macs
Contributors
- @SojinSamuel made their first contribution to this project. Thank you!
- @SimoMay contributed to v0.1.0, but we forgot to mention it. Sorry & big thanks to you!
