Workflow

Fido2

Latest version: v1.2.0

Safety actively analyzes 714815 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

0.8.1

** Bugfix: WindowsClient.make_credential error when resident key requirement is
unspecified.

0.8.0

** New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
** CTAP2 send_cbor/make_credential/get_assertion and U2fClient
request/authenticate `timeout` arguments replaced with `event` used to
cancel a request.
** Fido2Client:
*** make_credential/get_assertion now take WebAuthn options objects.
*** timeout is now provided in ms in WebAuthn options objects. Event based
cancelation also available by passing an Event.
** Fido2Server:
*** ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums
have been replaced with fido2.webauthn classes.
*** RelyingParty has been replaced with PublicKeyCredentialRpEntity, and
name is no longer optional.
*** Options returned by register_begin/authenticate_begin now omit unspecified
values if they are optional, instead of filling in default values.
*** Fido2Server.allowed_algorithms now contains a list of
PublicKeyCredentialParameters instead of algorithm identifiers.
*** Fido2Server.timeout is now in ms and of type int.
** Support native WebAuthn API on Windows through WindowsClient.

0.7.3

** Bugfix: Workaround for size of int on Python 2 on Windows.

0.7.2

** Support for the TPM attestation format.
** Allow passing custom challenges to register/authenticate in Fido2Server.
** Bugfix: CTAP2 CANCEL command response handling fixed.
** Bugfix: Fido2Client fix handling of empty allow_list.
** Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail.

0.7.1

** Support for FreeBSD.
** Enforce canonical CBOR on Authenticator responses by default.
** PCSC: Support extended APDUs.
** Server: Verify that UP flag is set.
** U2FFido2Server: Implement AppID exclusion extension.
** U2FFido2Server: Allow custom U2F facet verification.
** Bugfix: U2FFido2Server.authenticate_complete now returns the result.

0.7.0

** Add support for NFC devices using PCSC.
** Add support for the hmac-secret Authenticator extension.
** Honor max credential ID length and number of credentials to Authenticator.
** Add close() method to CTAP devices to explicitly release their resources.

Page 3 of 5

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.