profile
viewpoint
Jonathan Stewmon jstewmon Austin, TX

99designs/aws-vault 4503

A vault for securely storing and accessing AWS credentials in development environments

jstewmon/check-swagger 5

pre-commit hook to validate swagger specs

jstewmon/async 1

Async utilities for node and the browser

jstewmon/bson 1

BSON Parser for node and browser

jstewmon/consolidate.js 1

Template engine consolidation library for node.js

jstewmon/ajv 0

The fastest JSON Schema Validator. Supports draft-04/06/07

jstewmon/ajv-merge-patch 0

$merge and $patch keywords for Ajv JSON-Schema validator to extend schemas

jstewmon/asCallback 0

A performant and standard (Bluebird) library that registers a node-style callback on a promise

jstewmon/asn1-schema 0

asn1-schema is a collection of TypeScript schemas that make working with common ASN.1 objects easy

jstewmon/aws-cdk 0

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

issue commentpinojs/pino

Redacting headers in express

An HTTP header is just a property in the req.headers object. The doc describe the generic case of redacting an object property.

BryanDollery

comment created time in an hour

issue commentpinojs/pino

Redacting headers in express

The docs don't seem to mention how to redact a header, and there is no mention of res.headers. Unless I'm going blind in my old age :)

I have searched that page for the word 'header' and it is nowhere to be found. Am I just reading it wrong?

BryanDollery

comment created time in 3 hours

push eventpinojs/pino

Mendel Jacks

commit sha 712cab65c9df5489170939b7e3ef3e33b916d50b

Typo

view details

James Sumners

commit sha 185dc159166d8d31471a31532fede220d5a8d588

Merge pull request #957 from mendeljacks/patch-1 Typo

view details

push time in 7 hours

PR merged pinojs/pino

Typo
+1 -1

0 comment

1 changed file

mendeljacks

pr closed time in 7 hours

PR opened pinojs/pino

Typo
+1 -1

0 comment

1 changed file

pr created time in 7 hours

issue opened99designs/aws-vault

Release darwin dmg in HFS format?

Would it be possible to include a Darwin DMG release in HFS or HFS+ format in addition to (or instead of) APFS? I'm hoping to install the signed version of aws-vault via Nix, but unpacking APFS DMGs is currently unsupported.

created time in 14 hours

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha 70c1360339d0e63dafd4a04fa1824d9453f0a802

Create FUNDING.yml

view details

push time in 17 hours

pull request commentMasterKale/SimpleWebAuthn

Testing package utils

Hi @Mikescops , I hope I can finish this one in 2-3 weeks ☺️

Moumouls

comment created time in a day

startednetworkupstools/nut

started time in a day

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha 50f21853714f575b042ff053520ec8b1a4dd034b

Update example to v1.0.0

view details

push time in 2 days

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha 34f0e1492a7129331c72cbaddb8b67173256e997

Update CHANGELOG to v1.0.0

view details

push time in 2 days

pull request commentMasterKale/SimpleWebAuthn

feature/multiple-origins

Thanks a lot @MasterKale, I'll update my dependencies tomorrow morning first hour 😄 🚀

MasterKale

comment created time in 2 days

pull request commentMasterKale/SimpleWebAuthn

Testing package utils

I really like the idea of this PR, I went through the same process of adding integration testing on my projects and that could be much cleaner with this. Hope you'll manage to finish this PR @Moumouls 👍

Moumouls

comment created time in 2 days

pull request commentMasterKale/SimpleWebAuthn

feature/multiple-origins

These changes have been published as part of the latest v1.0.0 release (🎉)

MasterKale

comment created time in 2 days

issue closedMasterKale/SimpleWebAuthn

New release of specifications - Level 2

A new release of the specification has been deployed and we should check it to be sure all is still conform to it.

closed time in 2 days

akanass

issue commentMasterKale/SimpleWebAuthn

New release of specifications - Level 2

L2-specific changes addressed in PR #89 have been released as part of the latest v1.0.0 release (🎉)

akanass

comment created time in 2 days

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha 0ae228320e2c2120022958c0d5abb78d070fa0aa

chore(release): publish v1.0.0

view details

push time in 2 days

created tagMasterKale/SimpleWebAuthn

tagv1.0.0

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers and Node.

created time in 2 days

delete branch MasterKale/SimpleWebAuthn

delete branch : feature/multiple-origins

delete time in 2 days

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha 9d982618229a6a721289808b439553f00fcc120d

Support multiple expected origins

view details

Matthew Miller

commit sha 8d6e42d86d1482270f2ff1c9729c52e61e5c5cbb

Update Jest to support TS 4.0

view details

Matthew Miller

commit sha b54687eed6be07ae8ba27a55adfa1525ff950814

Support multiple expected RP IDs

view details

Matthew Miller

commit sha 29c8bed4c3e4db7e39651b57d98685e429bd9a90

Update JSDocs for verify methods

view details

Matthew Miller

commit sha 61deecf7a86a5a06e351469a72b2785ffa940d4e

Remove unexpected import

view details

Matthew Miller

commit sha 5fa62a7f182028ddb25d4ae450756e2f290efbb7

Rename variables to match existing naming

view details

Matthew Miller

commit sha c7bce757ebb64dfe856e62326b2045761b70ea48

Merge pull request #91 from MasterKale/feature/multiple-origins feature/multiple-origins

view details

push time in 2 days

PR merged MasterKale/SimpleWebAuthn

feature/multiple-origins enhancement package:server

This PR adds support for multiple origins and RP IDs to verifyAttestationResponse() and verifyAssertionResponse(). In addition to a single string value, an array of values can now be provided:

const verification = await verifyAttestationResponse({
  // ...
  expectedOrigin: ['https://simplewebauthn.dev', 'https://fizz.buzz'],
  expectedRPID: ['simplewebauthn.dev', 'fizz.buzz'],
  // ...
});
const verification = verifyAssertionResponse({
  // ...
  expectedOrigin: ['https://simplewebauthn.dev', 'https://fizz.buzz'],
  expectedRPID: ['simplewebauthn.dev', 'fizz.buzz'],
  // ...
});

This should resolve #90.

+152 -20

0 comment

5 changed files

MasterKale

pr closed time in 2 days

issue closedMasterKale/SimpleWebAuthn

Multiple expectedOrigin and expectedRPID

Hello,

Thanks for your great work.

I have a use case that seems not working with the current implementation of the lib. When using SimpleWebAuthn on a browser extension I have different expectedOrigin and expectedRPID for Firefox / Chrome / ... Maybe I'm wrong but the only way I see to have the lib working with this use case is to change both expectedOrigin and expectedRPID from string to tables so that I can check if the origin and rpId in the attestation/assertion are in the list.

Is my interpretation correct and is it worth to support this use case in the lib?

closed time in 2 days

Mikescops

Pull request review commentMasterKale/SimpleWebAuthn

feature/multiple-origins

 export default function verifyAssertionResponse(options: Options): VerifiedAsser   }    // Check that the origin is our site-  if (origin !== expectedOrigin) {-    throw new Error(`Unexpected assertion origin "${origin}", expected "${expectedOrigin}"`);+  if (Array.isArray(expectedOrigin)) {+    if (!expectedOrigin.includes(origin)) {

Ok right, true true! I didn't thought about it 😅

MasterKale

comment created time in 2 days

Pull request review commentMasterKale/SimpleWebAuthn

feature/multiple-origins

 export default function verifyAssertionResponse(options: Options): VerifiedAsser   }    // Check that the origin is our site-  if (origin !== expectedOrigin) {-    throw new Error(`Unexpected assertion origin "${origin}", expected "${expectedOrigin}"`);+  if (Array.isArray(expectedOrigin)) {+    if (!expectedOrigin.includes(origin)) {

I agree that the nested IF statement looks a little clunky, but I purposefully went with it for the sake of better type guarding for TypeScript. Nested, TypeScript knows that expectedOrigin in the else branch is always going to be a string:

Screen Shot 2021-01-21 at 1 58 39 PM

If I collapse the if () statement as suggested above then TypeScript (correctly) infers that expectedOrigin could still be an array in the else branch:

Screen Shot 2021-01-21 at 1 58 57 PM

MasterKale

comment created time in 2 days

delete branch MasterKale/SimpleWebAuthn

delete branch : feat/W3C-L2-update

delete time in 2 days

push eventMasterKale/SimpleWebAuthn

Matthew Miller

commit sha a62ff95e9a16c531e2096e55b8d04f7c0d664774

Improve typing in Example

view details

Matthew Miller

commit sha 713db8fee857d5a089c350640bf55afa84007a97

Add optional `transports` to AuthenticatorDevice

view details

Matthew Miller

commit sha 5f4d3485d0cbe286a3fa439ed8519f951d37f63b

Handle requireResidentKey nuance

view details

Matthew Miller

commit sha 9ad5f7d214a707af9c3f9d6d078323e41ce1a017

Merge pull request #89 from MasterKale/feat/W3C-L2-update feat/W3C-L2-update

view details

push time in 2 days

PR merged MasterKale/SimpleWebAuthn

feat/W3C-L2-update

This PR contains library tweaks in preparation for L2 of the WebAuthn spec (now a Candidate Recommendation) becoming the next Recommendation (optimistically sometime in January). As SimpleWebAuthn implemented L2 of the spec, changes should be minimal.

As mentioned in #88, a diff of the changes between L1 and L2 can be viewed here: https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2F2019%2FREC-webauthn-1-20190304%2F&doc2=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F#sctn-storeCredential

+23 -12

1 comment

3 changed files

MasterKale

pr closed time in 2 days

pull request commentMasterKale/SimpleWebAuthn

feat/W3C-L2-update

I've gone through the diff of the two levels and believe this is all the work needed to get the library up-to-spec with the latest CR draft of L2.

MasterKale

comment created time in 2 days

issue commentMasterKale/SimpleWebAuthn

Multiple expectedOrigin and expectedRPID

@MasterKale wow that's fast, thanks! 👍

Mikescops

comment created time in 2 days

Pull request review commentMasterKale/SimpleWebAuthn

feature/multiple-origins

 export default function verifyAssertionResponse(options: Options): VerifiedAsser   }    // Check that the origin is our site-  if (origin !== expectedOrigin) {-    throw new Error(`Unexpected assertion origin "${origin}", expected "${expectedOrigin}"`);+  if (Array.isArray(expectedOrigin)) {+    if (!expectedOrigin.includes(origin)) {
  if (Array.isArray(expectedOrigin) && !expectedOrigin.includes(origin)) {
MasterKale

comment created time in 2 days

more