Changelog

All notable changes to this project will be documented in this file.

⚠️ The different IdsvrHaapi packages are versioned together for simplicity. Some packages may not change in a given version. For additional information refer to the changes in IdsvrHaapiSdk and IdsvrHaapiUIKit.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[4.4.0] - 2024-12-16

Added

• A Client Authentication Method can be provided to the framework configuration, adding on security options enforcement. [HSI-321]
• A DCR fallback configuration can be provided to allow the framework to gracefully fallback when attestation errors occur or when the device doesn't support it. [HSI-324]
• Configuration for the Token Endpoint Dpop binding mechanism behaviour added to HaapiUIKitConfigurationBuilder. [HSI-354]
• Adds support for Risk Assessment data collection (ex: BankID's risk assessment functionality) by providing application context to the framework. [HSI-349]
  • It requires a version of the Curity Identity Server that accepts the risk assessment information (starting from 9.7.0).

Changed

• Depending on the provided configurations for Attestation and DCR, the framework can gracefully handle attestation errors and fallback to use Dynamic Client Registration. [HSI-324]
• UI Authentication flow functionality is now using the HaapiAccessorBuilder to create the underlying haapi flow interaction accessors. [HSI-324]

[4.3.0] - 2024-10-14

Added

• Support for Discoverable Credentials mode setting when enabled in the server PassKeys authenticator. [HSI-281]
• Full support for Passkeys functionality requires iOS 16 and iClould Keychain enabled on the devices.
• It requires a version of the Curity Identity Server that supports PassKeys Discoverable Credentials (starting from 9.3.0).
• HaapiUIKitError conforms to IdsvrError protocol which provides additional metadata about the errors. [HSI-335]

[4.2.1] - 2024-08-12

Added

• HaapiFlowViewModel.refreshAccessToken and OAuthLifeCycle.refreshToken can take an optional dictionary of parameters to be added to the request body. [HSI-286]
• HaapiFlowViewModel can take an optional Map of parameters to be added to the request body when invoking fetchAccessToken or refreshAccessToken. [HSI-286]
• OAuthLifecycle can take an optional Map of parameters to be added to the request body when invoking refreshAccessToken. [HSI-286]

[4.2.0] 2024-08-05

Fixed

• The version metadata exposed by the frameworks.

[4.2.0-rc.1] 2024-07-24

No changes.

[4.1.4] - 2024-06-28

No changes.

[4.1.3] - 2024-06-13

No changes.

[4.1.2] - 2024-06-10

No changes.

[4.1.1] - 2024-03-25

Added

• Debug and info logs for traceability when using client operations such as BankId. [HSI-242]

[4.1.0] - 2024-02-27

Changed

• When BankId authenticator is used and the BankId application is not installed on the device, the Haapi flow is not interrupted. Instead, a view is presented. The view displays a QRCode that can be scanned by a device that has BankId .
  • BankId v5 requires to have Generate Autostart Qr Code set to true.
  • BankId v6 displays automatically the QRCode.

[4.0.0] - 2024-02-12

No changes.

[3.2.0] - 2023-12-18

Changed

• A message error mentioning the app scheme is shown when displaying an error for no alternative routes after trying to open an external application. [HSI-253]
• issue-token-bound-authorization-code is supported when using HaapiFlowViewModel or HaapiFlowViewController. [HSI-244]
  • It requires a version of the Curity Identity Server that supports token binding (starting from 8.7.0).

Fixed

• When displaying a LinkView, the view's dark mode default background color is now clear. [HSI-253]
• When a QRCode image is tapped and the URL from the QRCode cannot be opened, the action is ignored. [HSI-253]

[3.1.0] - 2023-11-06

Added

• Two new attributes are added to TextAppearance: kern and lineHeightMultiple. [HSI-216]
• A new HaapiFlowViewControllerRepresentable class that is safe to use with iOS 17. [HSI-229]
• A new AuthenticatorSelectionPresentation tabs has been added. [HSI-215]
• A long press on a MessageView can copy the text to the UIPasteboard. [HSI-233]
• A new setting useDefaultExternalBrowser in HaapiUIKitConfiguration allows to replace ASWebAuthenticationSession usage with the default external browser. [HSI-203]
• The username field supports autofill. [HSI-36]
• When user interaction is triggered on a QRCode image, it can open an installed application or an external browser. [HSI-235]

Changed

• The default value of UICTFontTextStyleTitle2 is 24 instead of 20. [HSI-216]
• When the WebAuthn system dialog is invoked, a loading indicator is shown in the background view. [HSI-140]

Fixed

• The vertical spacing for the HeaderView UI element and for the ViewController's contentTextAppearance configuration. [HSI-225]
• A retain cycle / memory leak that would occur when using HaapiFlow.start on iOS 17 in a SwiftUI project. [HSI-229]
• The LinkView does not display extra spacing. [HSI-235]

[3.0.0] - 2023-08-14

Added

• The Haapi UIKit framework is created. [HSI-108]