Changelog

All notable changes to this project will be documented in this file.

⚠️ The different IdsvrHaapi packages are versioned together for simplicity. Some packages may not change in a given version. For additional information refer to the changes in IdsvrHaapiDriver and IdsvrHaapiSdk.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[5.4.0] - 2026-05-04

Added

• Added a DEBUG-only UI preview feature (HaapiUIPreviewer) which renders the framework supported UI layouts, component galleries, embedded diagnostics overlay. Allows for quick iterations over UI theming customization directly in Xcode IDE. This feature is marked as experimental and may receive breaking changes in minor releases. [HSI-451]
• New userCode message style for MessageView, used to display recovery codes in a 2-column monospace grid. A "Copy codes" button is shown within the container — tapping it copies all codes to the clipboard immediately. Adds MessageStyleAttribute.usercode to the public API and the MessageView.UserCode theming key. [HSI-476]

Fixed

• Some UI components style definitions could in some cases cause the app's style override to be dropped due to a silenced exception when loading named configurations. Affected styles: InputTextField, Border, ExpandableView. [HSI-499]

[5.3.0] - 2026-03-23

Added

• Added BankIdViewController, aligned with the latest bankID and accessibility requirements. [HSI-462]
  • Added BankIdModel to support the new BankID flow
• Added HaapiResponseTypeable protocol with representationType property. UIInteractionModel, UIProblemModel, and UIOperationModel now conform to this protocol, exposing the HAAPI response type that produced the UI model. [HSI-455]
  • HaapiResponseTypeable protocol provides a default representationType of nil.
  • Custom implementations of UIInteractionModel, UIProblemModel, and UIOperationModel can optionally override representationType.
• Added isRequired property to InteractionValueModel indicating whether a form field value is required. [HSI-455]
  • InteractionValueModel protocol provides a default isRequired of false.
  • Custom implementations (including InteractionItemInputTextModel, InteractionItemCheckboxModel, and InteractionItemSelectModel) can optionally override isRequired.
• Polling UI models now honor the optional server-provided polling interval from HAAPI responses. [HSI-495]

Changed

• Improvements to the logging module provided by the framework. [HSI-353]
• Introduces log type hierarchy levels for simpler configuration.
• Deprecates static properties configuration isXXXEnabled in favor of setLogType() configuration method.
• See the upgrade guide section in the latest docs for migration details.
• FormViewController displays a required field indicator (asterisk) on input text fields and select fields when the field is required and the current flow is a registration signup action. The asterisk uses the configured errorColor from the InputTextField style. [HSI-455]
• The polling cadence fallback order is now: server-provided interval, otherwise, for BankID uses 1 second as per guidelines, or for normal polling operations the configured autoPollingDuration. [HSI-495]

Fixed

• FormViewController checkbox layout rendering when applying defined styling configuration. [HSI-471]

[5.2.0] - 2026-02-09

Fixed

• Sets the correct open visibility modifier for the preSubmit hook method in BaseViewController allowing for its override when extending from the class. [HSI-473]
• Closing an authentication flow and canceling the action keeps the flow active. [HSI-470]

[5.1.0] - 2025-12-15

Added

• setUsePasskeysBrowserFallback is a new configuration option in HaapiUIKitConfigurationBuilder. It lets you define how the app should behave when Passkeys are not supported on the device. [HSI-269]
• A new case tooManyAttemptsProblem is added to the enum HandleableProblemType, which could potentially cause a breaking change if this enum is used explicitly in the client app's code. [HSI-445]

Changed

• Improved handling for problems Too many attempts and Incorrect Credentials in FormViewController. [HSI-445]
• Webauthn cross-platform credential request is updated to use the residentKey values provided by the server models. [HSI-453]

Fixed

• Handling for Too Many Attempts problem type as a recoverable condition. [HSI-445]

[5.0.0] - 2025-11-03

Changed

• @MainActor is explicitely mentioned for the specific properties for the following protocols: InteractionErrorModel, InteractionValueModel, InteractionItemSelectModel and InteractionItemCheckboxModel
• HaapiFlowViewModel functions such as start, submit and followLink are asynchronous functions. [HSI-425]
• The framework is configured with Strict Concurrency Checking set to Complete. [HSI-376]
• The framework ships with Default Actor Isolation set as NonIsolated and Approachable Concurrency enabled. [HSI-443]
• OAuthErrorModel is aligned with ErrorTokenResponse. [HSI-291]

Fixed

• Fixed an issue where the TextField title was not displaying correctly after updating to Xcode 26. [HSI-442]

[4.7.0] - 2025-06-16

Added

• Webauthn registration additional actions are handled and presented to the user. [HSI-381]
  • When registering a cross-platform device using the Webauthn authenticator, it is possible to ask the user to register an additional platform device.

Changed

• HaapiUIKitConfigurationBuilder.setApplicationBundle is deprecated and replaced with HaapiUIKitConfigurationBuilder.setRiskAssessmentConfiguration for advanced customization options. [HSI-399]

Fixed

• Prevents downloading image with an invalid href from LinkItemModel. [HSI-389]

[4.6.1] - 2025-05-16

No changes.

[4.6.0] - 2025-05-05

Added

• HaapiUIKitConfiguration can be configured to clear an existing DCR client. [HSI-378]

Fixed

• When displaying an InputTextView depending on the Theme configurations, sometimes the input cursor blends with the background. [HSI-382]
  • Added missing tintColorName to the InputTextView bundled Theme definitions to make sure the base theme settings display the cursor correctly.

[4.5.0] - 2025-03-24

Added

• Handle link models with rel set as download by triggering the external browser. [HSI-258]

• Passkey creation success displays a user feedback notification. [HSI-319]

  • Adds new NotificationBannerView Success style variation to theme configuration. [HSI-319]

• IdsvrHaapiUIKit UI customization [HSI-236]

  • HAAPI UI framework models are published and made available for customization. [HSI-238]
  • Experimental support for custom UI models mapping extensibility is available via DataMapperBuilder. [HSI-238]
  • Experimental support for customization of the UI and its behavior is available via ViewControllerFactoryRegistry. [HSI-237]

[4.4.1] - 2025-01-24

No changes.

[4.4.0] - 2024-12-16

Added

• A Client Authentication Method can be provided to the framework configuration, adding on security options enforcement. [HSI-321]
• A DCR fallback configuration can be provided to allow the framework to gracefully fallback when attestation errors occur or when the device doesn't support it. [HSI-324]
• Configuration for the Token Endpoint Dpop binding mechanism behaviour added to HaapiUIKitConfigurationBuilder. [HSI-354]
• Adds support for Risk Assessment data collection (ex: BankID's risk assessment functionality) by providing application context to the framework. [HSI-349]
  • It requires a version of the Curity Identity Server that accepts the risk assessment information (starting from 9.7.0).

Changed

• Depending on the provided configurations for Attestation and DCR, the framework can gracefully handle attestation errors and fallback to use Dynamic Client Registration. [HSI-324]
• UI Authentication flow functionality is now using the HaapiAccessorBuilder to create the underlying haapi flow interaction accessors. [HSI-324]

[4.3.0] - 2024-10-14

Added

• Support for Discoverable Credentials mode setting when enabled in the server PassKeys authenticator. [HSI-281]
• Full support for Passkeys functionality requires iOS 16 and iClould Keychain enabled on the devices.
• It requires a version of the Curity Identity Server that supports PassKeys Discoverable Credentials (starting from 9.3.0).
• HaapiUIKitError conforms to IdsvrError protocol which provides additional metadata about the errors. [HSI-335]

[4.2.1] - 2024-08-12

Added

• HaapiFlowViewModel.refreshAccessToken and OAuthLifeCycle.refreshToken can take an optional dictionary of parameters to be added to the request body. [HSI-286]
• HaapiFlowViewModel can take an optional Map of parameters to be added to the request body when invoking fetchAccessToken or refreshAccessToken. [HSI-286]
• OAuthLifecycle can take an optional Map of parameters to be added to the request body when invoking refreshAccessToken. [HSI-286]

[4.2.0] 2024-08-05

Fixed

• The version metadata exposed by the frameworks.

[4.2.0-rc.1] 2024-07-24

No changes.

[4.1.4] - 2024-06-28

No changes.

[4.1.3] - 2024-06-13

No changes.

[4.1.2] - 2024-06-10

No changes.

[4.1.1] - 2024-03-25

Added

• Debug and info logs for traceability when using client operations such as BankId. [HSI-242]

[4.1.0] - 2024-02-27

Changed

• When BankId authenticator is used and the BankId application is not installed on the device, the Haapi flow is not interrupted. Instead, a view is presented. The view displays a QRCode that can be scanned by a device that has BankId .
  • BankId v5 requires to have Generate Autostart Qr Code set to true.
  • BankId v6 displays automatically the QRCode.

[4.0.0] - 2024-02-12

No changes.

[3.2.0] - 2023-12-18

Changed

• A message error mentioning the app scheme is shown when displaying an error for no alternative routes after trying to open an external application. [HSI-253]
• issue-token-bound-authorization-code is supported when using HaapiFlowViewModel or HaapiFlowViewController. [HSI-244]
  • It requires a version of the Curity Identity Server that supports token binding (starting from 8.7.0).

Fixed

• When displaying a LinkView, the view's dark mode default background color is now clear. [HSI-253]
• When a QRCode image is tapped and the URL from the QRCode cannot be opened, the action is ignored. [HSI-253]

[3.1.0] - 2023-11-06

Added

• Two new attributes are added to TextAppearance: kern and lineHeightMultiple. [HSI-216]
• A new HaapiFlowViewControllerRepresentable class that is safe to use with iOS 17. [HSI-229]
• A new AuthenticatorSelectionPresentation tabs has been added. [HSI-215]
• A long press on a MessageView can copy the text to the UIPasteboard. [HSI-233]
• A new setting useDefaultExternalBrowser in HaapiUIKitConfiguration allows to replace ASWebAuthenticationSession usage with the default external browser. [HSI-203]
• The username field supports autofill. [HSI-36]
• When user interaction is triggered on a QRCode image, it can open an installed application or an external browser. [HSI-235]

Changed

• The default value of UICTFontTextStyleTitle2 is 24 instead of 20. [HSI-216]
• When the WebAuthn system dialog is invoked, a loading indicator is shown in the background view. [HSI-140]

Fixed

• The vertical spacing for the HeaderView UI element and for the ViewController's contentTextAppearance configuration. [HSI-225]
• A retain cycle / memory leak that would occur when using HaapiFlow.start on iOS 17 in a SwiftUI project. [HSI-229]
• The LinkView does not display extra spacing. [HSI-235]

[3.0.0] - 2023-08-14

Added

• The Haapi UIKit framework is created. [HSI-108]