v0.13.2

• Fixed Webauthn origin/host auto-detect.

v0.13.1

• Docker build can now fully run without a pre-existing development
  environment.
• Public Docker Image: https://hub.docker.com/r/curveballjs/a12n-server
• WebauthN and TOTP MFA are now enabled by default.
• No longer using unpkg for browser dependencies.
• Upgraded from hal-browser to @curveball/browser.
• Better error messaging in the OAuth2 flow when a redirect_uri is
  incorrect.

v0.13.0

• Support for WebauthN / Yubikeys (@mhum)
• Logging in is now a multi-step process, with 2FA (Webauthn/Yubikey/TOTP)
  as the second step. (@mhum)
• It's now possible to setup 2FA during registration. (@mhum)
• /validate-bearer and /validate-totp endpoints have been removed.
• Support for OAuth2 PKCE (@mhum)
• tslint -> eslint
• Typescript 4.
• Compatible with Typescript strict mode.

v0.12.7

• Update all dependencies

v0.12.6

• PUBLIC_URI is now correctly being auto-detected if it was not set in the
  environment in standalone mode.
• Improved error messaging when the server fails to start.

v0.12.5

• Now using @curveball/accesslog, which also colorizes CLI output when
  viewed on a terminal.
• A list of privileges are now returned from the 'introspect' endpoint.
• An error will be thrown when the server is used as a middleware (instead
  of standalone) and no PUBLIC_URI environment variable is set.

v0.12.4

• Added user links to accessToken

v0.12.3

• Added user links URL to introspect for 'authenticated-as' link

v0.12.1

• Bug fix. Curveball-session shouldn't have been dev dependency.

v0.12.0

• Added a /privileges endpoint to easily find out what kind of privileges
  are used in the system.
• The server now has an admin privilege, which is required to create new
  users or find information about other users.
• Users that are not yet marked active now show up in the /users
  collection, but still can't log in.
• The session cookie now uses SameSite: Lax, which means that users will see
  login screens less often.