0.17.3 iOS

IOS & watchOS changes

This build fixes Bitcode support in PowerAuth2ForWatch & PowerAuth2ForExtensions cocoa pods (see #90 issue for details)

0.17.2 iOS + Android

Android Changes

• Our networking code on Android now always try to parse received response as JSON. From now, both FailedApiException and ErrorResponseApiException may contain response body and JsonObject, parsed from that body.
  Be aware that this change may cause that a different exception is reported:
  • In previous versions: ErrorResponseApiException was reported only if HTTP Status Code was 400 or 401. For all other status codes FailedApiException was raised.
  • Since this version: Reported exception doesn't depend on status code but on existence of JSON data. So, FailedApiException is raised only if there's no JSON response or JSON response doesn't contain an error object defined by the PowerAuth protocol. If there's a valid error object in response, then the ErrorResponseApiException is raised.
• In case you missed previous build, there's a bugfix for PasswordUtil.evaluateStrength() method, which did not work as expected.

IOS Changes

PowerAuth now supports Apple Watch!!

• You can now use pod PowerAuth2ForWatch for your WatchKit projects
• Check out our integration guide for WatchKit apps or additional functionality now available for iOS.

0.17.1 iOS + Android

Common Changes

This build adds several small improvements to API for Token Based Authentication and brings complete new IOS library designed for IOS App Extensions.

Android Changes

• Added PowerAuthTokenStore.getLocalToken() method which simplifies accessing already cached tokens.
• This version also contains bugfix for PasswordUtil.evaluateStrength() method, which did not work as expected.

IOS Changes

• Added new pod 'PowerAuth2ForExtensions' library targeting App Extensions. For more details, please check our integration documentation.
• Added PowerAuthTokenStore.localToken(withName:) method which simplifies accessing already cached tokens.
• Fixed performance of tokens' in-memory cache
• This version also contains bugfix for PA2PasswordUtil.evaluateStrength() method, which did not work as expected.

0.17.0 iOS + Android

Common Changes

WARNING: This version of SDK requires PowerAuth server 0.16.1 or higher, but the 0.17.0 is recommended. Check our product release matrix for more details.

• We have removed encryption field from our model objects used for networking. This change should be transparent from clients side.
• The C++ core now contains methods for an activation code validation and parsing. This affects both platforms, but doesn't break an existing interface contracts.
• Added method for validating data received from the server. The data signature must be calculated with the master server private key.
• Finalized "offline" signatures. The offline signatures are now officially supported in the SDK
• Added support for token based authentication. Please visit our wiki page for powerauth-crypto for more information about this new feature.
• The low level C++ Session object is now thread safe. It is still recommended to use a high level PowerAuthSDK from one thread only (typically dedicated for UI), but now, the internal mutex guarantees, that the session's state is always consistent.
• The low level C++ code is now able to migrate session data produced in very old, non-opensource version of the PowerAuth mobile library. That library is history, but one of our clients has still a significant number of active users using that very old code, so we decided to help them with the migration.

Android Changes

• Updated networking model classes to io.getlime.security:powerauth-restful-model:0.17.1.
• Added various validation methods to OtpUtil class. For example, you can use OtpUtil.validateAndCorrectTypedCharacter(character) to check and autocorrect characters during the manual activation code editing.
• You can now use PowerAuthSDK.offlineSignatureWithAuthentication() interface for offline signatures calculation.
• You can now use PowerAuthSDK.verifyServerSignedData() to verify, whether the data has been signed with master server private key.
• Added PowerAuthSDK.getTokenStore() method to access a new facility for calculating tokens. You can use a newly created PowerAuthToken & PowerAuthTokenStore classes for calculating token-based authentication headers.
• PowerAuthAuthorizationHttpHeader class is now used also for token based headers, so you can use it's key property to get the right HTTP header's name.

IOS Changes

• Added various validation methods to PA2OtpUtil interface. For example, you can use PA2OtpUtil.validateAndCorrectTypedCharacter(character) to check and autocorrect characters during the manual activation code editing.
• Added debug description method implementation to following classes: PA2ActivationStatus, PA2ActivationResult, PA2Error, PA2ErrorResponse, PA2OperationTask. This change helps with debugging but it's available only when PowerAuth2-Debug pod is used.
• Removed PA2Session.lastErrorCode due to problematic thread safety. The enum PA2CoreErrorCode is now deprecated and will be moved to private headers in some future release of the SDK. The enumeration had always only a debugging value, so you suppose to not use it for your own purposes. You can used a DEBUG build of the library to get the detailed log about the problem.
• You can now use PowerAuthSDK.offlineSignature() interface for offline signatures calculation.
• You can now use PowerAuthSDK.verifyServerSignedData() to verify, whether the data has been signed with master server private key.
• Added PowerAuthSDK.tokenStore property to access a new facility for calculating tokens. Then, you can use a newly created PowerAuthToken & PowerAuthTokenStore interfaces for calculating token-based authentication headers.
• PA2AuthorizationHttpHeader class is now used also for token based headers, so you can use it's key property to get the right HTTP header's name.
• PA2AuthorizationHttpHeader has its value property now declared as nonnull. This change might cause a couple of warnings in swift codes due to fact, that you previously had to handle nullability of that property. We can guarantee that if you get the header object, then it always has a valid "value". The interface's designated intializer is now private, so it's no longer to possible create a header object just with value.
• Removed an import for <UIKit/UIKit.h> from SDK's public header. This is a minor change, but may cause a lot of troubles due to fact, that the application is typically importing our PowerAuth SDK in its bridging header. The imports from bridging header are visible for the whole module so for previous versions of the library you didn't need to import UIKit at all. The quick fix for this change is to add an import for UIKit to your bridging header, but we recommend to add a proper imports to all your affected swift files.
• Removed private constant PA2KeychainKey_SessionState. The value is no longer used in the SDK internals, so if your code depends on it, you can use following string constant as a replacement: "PA2KeychainKey_SessionState"
• When custom activation fails, then the returned NSError contains additional information about the failure. You can use following keys to error.userInfo dictionary:
  • PA2ErrorInfoKey_ResponseData to get NSData with response body, if that data is available
  • PA2ErrorInfoKey_AdditionalInfo to get JSON parsed from response body, if it's possible to parse that data

0.16.5 iOS + Android

Common changes

Now it's possible to receive customAttributes in create activation response (/pa/activation/create endpoint) or in complete custom activations. The custom attributes are useful when you need to pass an additional information to your application, during the activation process.

We had to change some high-level interfaces in SDK, so you may expect that this version will break your application's build. Check the detailed per-platform description in this release notes.

iOS Changes

• Support for custom activation attributes

  • Only visible interface change is in PowerAuthSDK class where all createActivation... methods have a different prototype for completion block. Now you can receive a PA2ActivationResult object instead of NSString with an activation fingerprint.
  • As far as we know, no application was using activation fingerprint returned previously. So, it might work without a change on your side.

• Important changes from previous builds

  • Fixed #59 - possible unsafe creation of model object from HTTP response. The bug description looks nasty, but normally it affected only a systems in active development. Typically, when the server's endpoint implementation is not complete (e.g. doesn't handle error responses properly).
  • Now you can use debug pod: pod 'PowerAuth2-Debug'

Android Changes

• Support for custom activation attributes

  • ICreateActivationListener.onActivationCreateSucceed method prototype was changed, so you need to update your code to build your application.

• We have fixed a several issues in our fingerprint dialog's implementation:

  • In 0.16.1 build, we have added possibility to cancel a fingerprint dialog by pressing back button, but that change made the whole dialog very unreliable. For example, if the underlying FingerprintCallback returned success, then the dialog sometimes reported a failure to its callback. So, we fixed this and the back button should still work as expected.
  • We have fixed a possible (but very rare) crash in the dialog implementation.
  • Now it's not possible to cancel the dialog during the "success" animation. There was a very limited, but yet available time window, when was possible to cancel already accepted fingerprint. The result was that both "success" and "cancel" results were reported to the callback.

0.16.4 iOS

iOS Changes

• Fixed #59 - possible unsafe creation of model object from HTTP response. The bug description looks nasty, but normally it affected only a systems in active development. Typically, when the server's endpoint implementation is not complete (e.g. doesn't handle error responses properly).

Android Changes

There are no changes for Android platform in this build.

0.16.3 iOS

iOS Changes

The library functionality is complete identical to 0.16.2. The only change is in our library's deployment infrastructure and now we're supporting a Debug podspec. You can temporary use pod 'PowerAuth2-Debug' for this purpose.

If you're expecting a more regular debugging in your project, then you may setup a conditional dependency, based on the build configuration:

pod 'PowerAuth2', :configurations => ['Release']
pod 'PowerAuth2-Debug', :configurations => ['Debug']

Android Changes

There are no changes for Android platform in this build.

0.16.2 Android + iOS

Common changes

In previous build we promised a reset() method to be removed, but this unfortunately didn't go very well, so we're finally removing that method now. At first, let me explain some reasons why we wanted to remove the method at all.

We had a several problems with an oldreset implementation:

• The naming of the method was not very descriptive. I would expect that reset will also reset the persisted data.
• The reset just reseted an internal object, without taking a care about the rest of the SDK object. This might lead to inconsistent states between the persisted data and the in-memory SDK object.
• We were forcing developers to reset the SDK object in many situations, like as response for the error, during the activation, or before the starting of the activation process. This one particular subject we also addressed in this new build.

How to migrate

1. You have to just replace reset() with a brand new removeActivationLocal() method. The new method also guarantees that the underlying storage is also properly wiped out.
2. You don't need to "reset" the SDK instance when an error occurs, during the activation process. The new createActivation* implementation guarantees that SDK object ends in "empty" state when the activation fails. You need to start a new activation process in this situation.
3. removeActivationLocal() should work in all situations. The method doesn't check the state of the activation (so you can call it also when there's no activation).
4. Known bug: removeActivationLocal() doesn't cancel a pending asynchronous task. You should not call the method when the SDK object is communicating with the server. This problem will be resolved in some future release of the library.

Android

• Added PowerAuthSDK.removeActivationLocal(Context context, boolean removeSharedBiometryKey) method which gives you a chance to do not remove a shared biometry key.
  • This addition is useful only for applications using multiple SDK instances at the same time. We're internally sharing the biometry key between these instances and thus this kind of control is required. It is recommended to remove the key together with removing the last local activation.

0.16.1 Android + iOS

Common changes

• OpenSSL updated to 1.0.2l (no vulnerabilities reported)
• Improved internal data format compatibility with prehistoric PowerAuth versions. This change doesn't affect library functionality, but allows better migration from (very) old PowerAuth implementations.

Android changes

• ⚠️ Removed PowerAuthSDK.reset() method
• Added PowerAuthSDK.removeActivationLocal() method for removing local activation data
• Improved state validations in PowerAuthSDK methods. This is in general prevention against misuse of public API.
• FingerprintAuthenticationDialogFragment can be cancelled by pressing back button

IOS changes

• ⚠️ Removed PowerAuthSDK.reset() method
• ⚠️ Removed PowerAuthSDK.clearActivationDataKeychain() method
• Added PowerAuthSDK.removeActivationLocal() method for removing local activation data
• PowerAuthSDK.fetchActivationStatus now returns nullable status object in callback

0.16.0 - Android + IOS

Android changes

• Fixed multiple issues in HTTP response processing
• Now it's possible to connect to development servers over plain HTTP connection
• Now you can turn on HTTP request & response debug logging by calling PA2Log.setEnabled(true)
• Added support for "offline signatures"

IOS changes

• Added support for "offline signatures"