v0.27.5

• #555: Another fix for launching the a12nserver npx script. (@Zen-cronic)

v0.27.4

• Schemas misspelled as 'schema'. Sorry for all the releases, I dont know to do a clean test of npx without doing a release first, so the feedback loop is change->release->test.

v0.27.3

• Copy simplewebauthn browser bundle into assets directory for easier distribution.

v0.27.2

• Fix missing entries in files section in package.json, preventing the npx @curveball/a12n-server tool from working.

v0.27.1

• Fix HTTP/500 error when requesting a developer access token.

v0.27.0

• authorization_challenge now supports a TOTP challenge step!
• Refactored logging system. Less ugly now with fewer enums!
• authorization_challenge clients can now specify remote_addr and user_agent, so the server can keep accurate logs of the users' browser that's trying to authenticate.
• Return the correct 'ttl' value for a verification-token.
• Instead of 1 generic error with a few parameters, the server now emits invididual error codes for each kind of error that may be emitted from the authorization_challenge endpoint. This is change is based on examples in more recent drafts and should simplify the process for clients a bit. This is a BC break for authorization_challenge.
• Renamed login_failed event to password-check-failed.
• Added events: password-check-succes, totp-success, login-challenge-started, login-challenge-success

v0.26.7

• Updated Curveball dependencies. CURVEBALL_TRUSTPROXY should now work as expected.

v0.26.6

• Updated Curveball dependencies

v0.26.5

• Developer tokens will now be associated with a client_id if an OAuth2 client was used to generate one. This allows them to be refreshed.
• A scope can now be specified when creating a developer token.

v0.26.4

• New: access-token endpoint now returns refresh token.