webauthn-json
The webauthn-json library is no longer used in the product, because all major browsers now support native APIs that are equivalent to what webauthn-json provided.
The assets/js/lib/webauthn-json.js file has been removed from the server distribution. In addition, the following Velocity templates were updated to remove usages of the library:
assets/js/lib/webauthn-json.js
authenticator/passkeys/js/authenticate-device.vm
authenticator/passkeys/js/register.vm
authenticator/webauthn/js/add-additional-device.vm
authenticator/webauthn/js/authenticate-device.vm
authenticator/webauthn/js/register.vm
authenticator/webauthn/js/common-js.vm
If any of these templates were customized in your deployment, they need to be updated, namely:
webauthnJSON.get
getPublicKeyCredential
common-js.vm
webauthnJSON.create
createPublicKeyCredential
This section contains important remarks in preparation for the upcoming 11.0.0 major release, scheduled for February 2026.
Warning
Summary:
In version 11.0.0 it will be required to store credentials in the credentials table. The credentials-in-accounts-table and credentials-migration credential modes will no longer be supported. The standard credentials mode will be the only supported mode. If this mode is already being used, no action is needed.
credentials
credentials-in-accounts-table
credentials-migration
standard
In version 9.0.0 of the Curity Identity Server a new credentials table was introduced to store credentials separately from accounts, and credential modes were added to support the previous database structure as well as transitioning to the new one. In version 10.0.0 the older database schema - where passwords were stored in the accounts table - was deprecated. The corresponding credentials-in-accounts-table and credentials-migration credential modes were also deprecated.
accounts
In the upcoming 11.0.0 release the older database schema will no longer be supported. Also, support for the credentials-in-accounts-table and credentials-migration credential modes will be dropped. Any JDBC data source still using the old credentials schema/modes must be upgraded and configured with standard credentials mode before upgrading the server to version 11.0.0. Refer to the upgrade guide for version 9.0.0 for details on how to upgrade the database schema.
If you’re still depending on any of the options only available in the deprecated credential modes (namely credential-query and custom-query-verifies-password), please contact support.
credential-query
custom-query-verifies-password
CredentialDataAccessProvider
Note
The changes mentioned in this section are meant for authors of data access plugins, namely when implementing support for Credential Data Access using the CredentialDataAccessProvider interface.
The deprecated CredentialDataAccessProvider interface will be removed in version 11.0.0. The corresponding getCredentialDataAccessProvider method in the DataAccessProviderPluginDescriptor interface will also be removed.
getCredentialDataAccessProvider
DataAccessProviderPluginDescriptor
Any data access plugin implementing that interface should be updated to implement one of the subtypes of the CredentialManagementDataAccessProvider interface before upgrading the server to version 11.0.0. Refer to the upgrade guide for version 10.0.0 for details on how to update such plugins.
CredentialManagementDataAccessProvider