PowerAuth Mobile SDK in version 1.8.0
provides the following improvements:
- Added support for simplified configuration. The SDK is now configured with using one Base64 encoded string instead of three separate values.
- Added support for PowerAuth protocol version 3.2, including End-To-End encryption improvements and time synchronized with the server.
- We have replaced the term 'commit activation' with 'persist activation' in our terminology. This change clearly distinguishes between the commit activation process on the server and the activation completion process on the mobile device.
- This release is fully compatible with PowerAuth Server version
1.5.0
and newer.
In case you need to still use the legacy setup to configure the older version of PowerAuth mobile SDK, then you can use the get-legacy-config.swift
script available in the scripts
folder. For example:
# clone the mobile library
git clone https://github.com/wultra/powerauth-mobile-sdk.git
cd powerauth-mobile-sdk/scripts
# Show legacy config
./get-legacy-config.swift ARDTWDPw20CBb+aUeIuWy25MEHy89d2ySbQR2QoCb3taB1EBAUEEPspwnZzj7AOw0emEk/J51V16ZpkDMGE3VT3vzb+3Wh9qEA8MAJBTLPJ3XgFkr6OBVQCkpBezpbXOx1xHvVAqyQ==
Legacy PowerAuth configuration:
appKey : 01gz8NtAgW/mlHiLlstuTA==
appSecret : fLz13bJJtBHZCgJve1oHUQ==
masterServerPublicKey : BD7KcJ2c4+wDsNHphJPyedVdemaZAzBhN1U9782/t1ofahAPDACQUyzyd14BZK+jgVUApKQXs6W1zsdcR71QKsk=
-
PowerAuthConfiguration
Builder
constructor now supports only the simplified configuration. For example:final PowerAuthConfiguration configuration = new PowerAuthConfiguration.Builder( "your-instance-id", "https://api.wultra.com/enrollment-server", "ARDDj6EB6iA...H9bMk8Ju3K1wmjbA==" ).build();
-
PowerAuthSDK.Builder.build()
now requires to use application's context to build an instance ofPowerAuthSDK
. If you don't have such context available, then please use the following code in your application'sonCreate()
method:PowerAuthAppLifecycleListener.getInstance().registerForActivityLifecycleCallbacks(this) // "this" is Application
-
The following methods are now deprecated in the
PowerAuthAuthentication
class:- All variants of
commitWithPassword()
are now replaced withpersistWithPassword()
- All variants of
commitWithPasswordAndBiometry()
are nowpersistWithPasswordAndBiometry()
- All variants of
-
The following methods are now deprecated in the
PowerAuthSDK
class:commitActivationWithAuthentication()
is nowpersistActivationWithAuthentication()
- All variants of
commitActivationWithPassword()
are nowpersistActivationWithPassword()
- All variants of
commitActivation()
are nowpersistActivation()
- All variants of
authenticateUsingBiometry()
are now replaced withauthenticateUsingBiometrics()
with theIAuthenticateWithBiometricsListener
interface returningPowerAuthAuthentication
in success.
-
The
ICommitActivationWithBiometryListener
is now deprecated and you can useIPersistActivationWithBiometricsListener
as a replacement. -
The
PowerAuthAuthentication
object is now an immutable object. -
PowerAuthErrorCodes
now contains the following new error codes:TIME_SYNCHRONIZATION
indicates a problem with the time synchronization.BIOMETRY_NOT_ENROLLED
indicating that the device has no enrolled biometry.
-
The biometry-related methods in
PowerAuthSDK
are no longer annotated as@RequiresApi(api = Build.VERSION_CODES.M)
. This change may lead to several dead code branches in your code if you still support devices older than Android 6.0. -
Removed all interfaces deprecated in release
1.7.x
If the PowerAuthErrorException
is related to a biometric authentication failure, then the new additionalInformation
property will contain an instance of the BiometricErrorInfo
class. It's recommended to test whether the reason for the failure was presented to the user in the authentication dialog or in a custom error dialog provided by the PowerAuth mobile SDK. For example:
// Authenticate user with biometry and obtain encrypted biometry factor-related key.
powerAuthSDK.authenticateUsingBiometrics(context, fragment, "Sign in", "Use the biometric sensor on your device to continue", object: IAuthenticateWithBiometricsListener {
override fun onBiometricDialogCancelled(userCancel: Boolean) {
// User or system canceled the operation
}
override fun onBiometricDialogSuccess(authentication: PowerAuthAuthentication) {
// Success
}
override fun onBiometricDialogFailed(error: PowerAuthErrorException) {
val biometricErrorInfo = error.additionalInformation as? BiometricErrorInfo
if (biometricErrorInfo != null) {
if (biometricErrorInfo.isErrorPresentationRequired) {
// The application should present the reason for the biometric authentication failure to the user.
//
// If you don't disable the error dialog provided by the PowerAuth mobile SDK, then this may happen
// only when you try to use the biometric authentication while the biometric factor is not configured
// in the PowerAuthSDK instance.
val localizedMessage = biometricErrorInfo.getLocalizedErrorMessage(context, null)
}
} else {
// Other reasons for failure
}
}
})
See also the Disable Error Dialog After Failed Biometry chapter for more details.
The requirement for the time synchronized with the server has the following impact on your code:
-
If you use custom End-To-End Encryption in your application, then it's recommended to make sure the time is synchronized with the server:
val timeService = powerAuthSDK.timeSynchronizationService if (!timeService.isTimeSynchronized) { timeService.synchronizeTime(object : ITimeSynchronizationListener { override fun onTimeSynchronizationSucceeded() { // Success } override fun onTimeSynchronizationFailed(t: Throwable) { // Failure } }) }
-
If you use Token-Based Authentication, then you should use the new API provided by
PowerAuthTokenStore
that guarantees that time is synchronized before the token header is calculated:val task = powerAuthSDK.tokenStore.generateAuthorizationHeader(context, "MyToken", object : IGenerateTokenHeaderListener { override fun onGenerateTokenHeaderSucceeded(header: PowerAuthAuthorizationHttpHeader) { val httpHeaderKey = header.key val httpHeaderValue = header.value } override fun onGenerateTokenHeaderFailed(t: Throwable) { // Failure } })
Visit Synchronized Time chapter in our documentation for more details.
- Encrypted request now contains new property
timestamp
with typelong
, please update your model objects. For example:{ "ephemeralPublicKey" : "BASE64-DATA-BLOB", "encryptedData": "BASE64-DATA-BLOB", "mac" : "BASE64-DATA-BLOB", "nonce" : "BASE64-NONCE", "timestamp" : 1694172789256 }
- Encrypted response now contains two new properties:
timestamp
withlong
andnonce
withString
. Please update your model objects:{ "encryptedData": "BASE64-DATA-BLOB", "mac" : "BASE64-DATA-BLOB", "nonce" : "BASE64-NONCE", "timestamp": 1694172789256 }
-
PowerAuthConfiguration
- class now supports only the simplified configuration.- Use a new object constructor with all required parameters:
let config = PowerAuthConfiguration( instanceId: "your-instance-id", baseEndpointUrl: "https://api.wultra.com/enrollment-server", configuration: "ARDDj6EB6iA...H9bMk8Ju3K1wmjbA==" )
- Removed
applicationKey
,applicationSecret
,masterServerPublicKey
properties. - Constructor with no parameters is no longer supported.
- Use a new object constructor with all required parameters:
-
The following methods in
PowerAuthSDK
are now deprecated:commitActivation(with:)
is now replaced withpersistActivation(with:)
commitActivation(withPassword:)
is now replaced withpersistActivation(withPassword:)
-
The following methods in
PowerAuthAuthentication
are now deprecated:.commitWithPassword(password:)
is replaced with.persistWithPassword(password:)
.commitWithPassword(password:customPossessionKey:)
is now.persistWithPassword(password:customPossessionKey:)
.commitWithPasswordAndBiometry(password:)
is now.persistithPasswordAndBiometry(password:)
.commitWithPasswordAndBiometry(password:customBiometryKey:customPossessionKey:)
is now.persistWithPasswordAndBiometry(password:customBiometryKey:customPossessionKey:)
-
The
PowerAuthAuthentication
object is now immutable and no longer implements theNSCopying
protocol. -
PowerAuthErrorCode
now contains a new.timeSynchronization
case indicating a problem with the time synchronization. -
Removed all interfaces deprecated in release
1.7.x
-
Minimum deployment target updated to iOS 12 and tvOS 12
The requirement for the time synchronized with the server has the following impact on your code:
- If you use custom End-To-End Encryption in your application, then it's recommended to make sure the time is synchronized with the server:
if !powerAuthSdk.timeSynchronizationService.isTimeSynchronized { let task = powerAuthSdk.timeSynchronizationService.synchronizeTime(callback: { error in if error == nil { // Success, time has been properly synchronized } else { // Failed to synchronize the time } }, callbackQueue: .main) }
- If you use Token-Based Authentication, then you should use the new API provided by
PowerAuthTokenStore
that guarantees that time is synchronized before the token header is calculated:powerAuthSdk.tokenStore.generateAuthorizationHeader(withName: "MyToken") { header, error in if let header = header { let httpHeader = [ header.key : header.value ] } else { // failure } }
Visit Synchronized Time chapter in our documentation for more details.
- Encrypted request now contains new property
timestamp
with typeUInt64
, please update your model objects. For example:{ "ephemeralPublicKey" : "BASE64-DATA-BLOB", "encryptedData": "BASE64-DATA-BLOB", "mac" : "BASE64-DATA-BLOB", "nonce" : "BASE64-NONCE", "timestamp" : 1694172789256 }
- Encrypted response now contains two new properties:
timestamp
withUInt64
andnonce
withString
. Please update your model objects:{ "encryptedData": "BASE64-DATA-BLOB", "mac" : "BASE64-DATA-BLOB", "nonce" : "BASE64-NONCE", "timestamp": 1694172789256 }
-
PowerAuthConfiguration
- class now supports only the simplified configuration.- Use a new object constructor with all required parameters:
let config = PowerAuthConfiguration( instanceId: "your-instance-id", baseEndpointUrl: "https://api.wultra.com/enrollment-server", configuration: "ARDDj6EB6iA...H9bMk8Ju3K1wmjbA==" )
- Removed
applicationKey
,applicationSecret
,masterServerPublicKey
,disableAutomaticProtocolUpgrade
properties.
- Use a new object constructor with all required parameters:
-
The
PowerAuthAuthentication
object is now an immutable object and no longer implements theNSCopying
protocol. -
Removed all interfaces deprecated in release
1.7.x
-
Minimum deployment target updated to iOS 12 and tvOS 12.
-
PowerAuthConfiguration
- class now supports only the simplified configuration.- Use the new object constructor with all required parameters:
let config = PowerAuthConfiguration( instanceId: "your-instance-id", baseEndpointUrl: "https://api.wultra.com/enrollment-server", configuration: "ARDDj6EB6iA...H9bMk8Ju3K1wmjbA==" )
- Removed
applicationKey
,applicationSecret
,masterServerPublicKey
,disableAutomaticProtocolUpgrade
properties.
- Use the new object constructor with all required parameters:
-
The
PowerAuthAuthentication
object is now an immutable object and no longer implements theNSCopying
protocol. -
Removed all interfaces deprecated in release
1.7.x
The PowerAuth SDKs for iOS and tvOS App Extensions, as well as for watchOS, do not use time synchronized with the server for token-based authentication. To avoid any compatibility issues with the server, the authentication headers generated in your App Extension or on watchOS still use the older protocol version 3.1. This issue will be fixed in a future SDK update.
You can watch the following related issues:
- wultra/powerauth-mobile-sdk#551
- wultra/powerauth-mobile-watch-sdk#7
- wultra/powerauth-mobile-extensions-sdk#7
- The shared biometry-related encryption key is no longer supported in
PowerAuthSDK
. If an activation is already using the shared key, then it's in use until the activation or the biometry factor is removed. As part of this change, the following methods are now deprecated:- Method
PowerAuthSDK.removeActivationLocal(Context, boolean)
is now deprecated. UseremoveActivationLocal(Context)
as a replacement. - Method
PowerAuthKeychainConfiguration.getKeychainBiometryDefaultKey()
is now deprecated. UsegetKeychainKeyBiometry()
as a replacement. - Method
PowerAuthKeychainConfiguration.Builder.keychainBiometryDefaultKey(String)
is now deprecated. UsekeychainKeyBiometry(String)
as a replacement.
- Method