iOS SDK release notes

12.4.0

Features

• Added auto and manual stateless session refresh
• Root detection, debug detection, and debug logs are now set at compile time by selecting the development or production version of SDK. Read more about using security controls during development.
• SDK Configurator 6.x is required

Bug fixes

• Fixed request scopes separator
• Fixed ONGDisconnectController assembly

12.3.6

Features

• Exposed ID Token

Bug fixes

• Added Apple's Privacy Manifest

12.3.4

Features

• Added Register stateless user feature.

Bug fixes

• Fixed an issue with canHandleOTPMobileAuthRequest method

12.2.4

Bug fixes

• Preferred authenticator is no longer removed while deregistering another authenticator.

12.2.2

Features

• The API no longer enforces a fileName and mimeType for its multipart data resource calls.
• The build method on ClientBuilder object marked as deprecated, please use buildAndWaitForProtectedData.The deprecated method will be removed in future versions.
• Added an optional error while canceling the custom registration request (with a reason description)

Bug fixes

• Fix for a crash in implicit authentication when locally stored client cache model is expired
• Some of public API methods were not visible for Swift API

12.2.0

Features

• Added improvements for the prewarming mechanism introduced in iOS 15.

12.1.1

Bug fixes

• All requests outside the SDK are no longer affected by the certificate pinning mechanism.

Features

• Requesting resources for different base URLs than ones set in the ConfigModel needs a usage of the optional method setAdditionalResourceUrls . More info here: Setting up the project.

12.1.0

Features

• Fetching resources can be made for a different base URL than the one set in the model. The domain for a different base URL has to be protected with a valid certificate, otherwise the pinning mechanism will not allow the fetch to be executed.

12.0.0

Features

• Public API written in Swift

11.0.2

Features

• Added support for Network connectivity errors.

11.0.1

Bugfixes

• Fix for handling push notifications

11.0.0

Features

• The SDK can perform different app integrity checks depending on the provided configuration

Improvements

• Increased minimum required iOS version to 13.0
• Fixed the flow with expired token during e.g. QR code scan by returning ONGMobileAuthRequestErrorUserNotAuthenticated despite of ONGGenericErrorUnknown

10.0.2

Bugfixes

• Fixed an issue preventing mobile applications using the Payload Encryption functionality from being updated to a newer version.
• Fixed an issue with the Payload Encryption handshake retries.

10.0.1

Bugfixes

• Fixed a crash that might occur on devices running on iOS 12.

10.0.0

Improvements

• Increased minimum required iOS version to 12.0.
• Certificate pinning does no longer require including .cer files to the app.
• The Payload Encryption feature can be now disabled server side without a need to recompile and release a new app version.
• Improved root and debug detection.

9.8.0

Improvements

• Added support for PATCH and HEAD HTTP methods for resource calls

9.7.0

Improvements

• The SDK is now distributed as xcframework

Bugfixes

• Fixed the issue with authenticateUser:authenticator:delegate: selector

9.6.0

Improvements

• The SDK is now an OpenID Connect Relying Party. During registration it can enforce the user to login with the Identity Provider.

9.5.2

Improvements

Payload encryption stability improvements

9.5.1

Improvements

• Deprecated authenticateUser:delegate: and authenticateUserWithAuthenticator:profile:delegate: methods and created authenticateUser:authenticator:delegate: method with optional authenticator parameter.
• Removed deprecated UIWebView APIs usage.

9.5.0

Features

• Introduced native Sign in with Apple support.

9.4.2

Bugfixes

• Fixed crash that could occur using deprecated error method on mobile authentication flow.
• Fixed push notifications for iOS 13.
• Fixed redirect URL validation.

9.4.1

Improvements

• Improved authorization flow to ensure web pages shown using the SDK are displayed in the device's language.

Bugfixes

• Fixed crashes that could occur during network communication.

9.4.0

Improvements

• Created recovery procedures for the event future unannounced iOS and Android platform changes impact the working of our SDK.

9.3.0

Improvements

• Deprecated user profile property in ONGBrowserRegistrationChallenge.
• Added authenticator parameter to methods of ONGAuthenticationDelegate and ONGMobileAuthRequestDelegate.

Bugfixes

• Fixed crashes releated to ONGMultipartData object.

9.2.0

Features

• Introduced App To Web Single Sign On feature, which can be used to continue a user session in a web browser.

Bugfixes

• Fixed warnings related to deprecations in case of using Biometric API's.

Improvements

• Improved error handling related to data storage.

9.1.3

Improvements

• Renamed Fingerprint APIs to Biometric.
• Registration delegate will now return an identity provider object on completion.

Bugfixes

• Fixed application signature calculation issue for App Store builds.

9.1.2

Bugfixes

• Fixed issues with undefined symbols when using ONGClientBuilder methods or ONGConfigModel constants.

9.1.1

Bugfixes

• The reset method now also performs the DCR in case of missing client credentials.
• Fixed issues with the state of authenticator object returned after deregistration flow.

9.1.0

Features

• Introduced method to reset the state of the SDK.

Improvements

• Security improvements.

9.0.0

Improvements

• Onegini iOS SDK is now distributed as a dynamic framework.

9.0.0-M1

Improvements

• Onegini iOS SDK is now distributed as a dynamic framework.

8.0.1

Improvements

• Updated SecureBlackBox dependency.
• Removed RestKit dependency.
• Deprecated ONGParametersEncodingPropertyList encoding.

Bugfixes

• Fixed missing parameters for GET method while fetching resources.

8.0.0

Bugfixes

• Fixed FaceID issue when the application shows FaceID authenticator as registered when user re-registered face on their device.
• Fixed invalid PIN flow after fallback to PIN from custom authentication.

8.0.0-BETA

• This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!

Features

Introduced an API for custom user registration.

7.2.4

Bugfixes

• Fingerprint is now properly detected as deregistered when its disabled in the iOS settings.

7.2.3

Bugfixes

• Fixed missing parameters for GET method while fetching resources.

7.2.2

Bugfixes

• Fixed malformed HTTP respones after multiple requests in a short timeframe.

7.2.1

Improvements

• Security improvements.

Bugfixes

• Fixed resource request issue which doesn't accept absolute URL.

7.2.0

Improvements

• Removed direct support for FIDO authenticators. FIDO can still be used when integrated with the SDK as a Custom Authenticator.
• Replaced arc4random with Randomization Services from Security.framework.

Bugfixes

• Keychain items are now excluded from backups.
• Fixed error returned after cancelling fingerprint authentication.
• Fixed NSKeyedUnarchiver nullability issues, which were producing warning logs.
• After fallback from fingerprint to PIN, providing the wrong pin will now properly send another pin challenge.
• Fixed error decryption crash when payload encryption is on.

7.1.0

Features

• Introduced an API for fetching and handling push mobile authentication requests.

Improvements

• OS version is no longer part of the device name sent to the Mobile Identity module.

Bug fixes

• Fixed mobile authentication issues which were occurring when payload encryption was on.

7.0.0

Features

• Added Custom Authenticator support for Mobile Authentication.
• ClientId can now be retrieved using the ONGDeviceClient.

Improvements

• Improved naming consistency of Custom Authenticator API.

Bug fixes

• Fixed fingerprint deregistration issues during migration from 4.10.09.
• Added missing body parameter to ONGResourceRequest.

7.0.0-BETA

• This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!

Features

• Added a new type of supported authenticator: Custom Authenticator.
• Added implicit user authentication.

Improvements

• The reauthenticateUser:delegate: method was removed. The authenticateUser:delegate: method will always force a user to reauthenticate.
• New authenticateUser:delegate: method that allows you to specify which registered authenticator should be used for authentication.

Release notes 6.X

6.1.6

Improvements

• Security improvements.

6.1.5

Bug fixes

• Fixed error returned after cancelling fingerprint authentication.
• Fixed mobile authentication issues when payload encryption is on.
• Fingerprint is no longer deregistered when the device is locked during authentication.
• Fixed error decryption crash when payload encryption is on.

6.1.4

Bug fixes

• Fixed DCU failure when Tampering Protection was turned on.
• Fixed fingerprint authenticator deregistration during migration.

6.1.3

Bug fixes

• Added missing body parameter to ONGResourceRequest.

6.1.2

Bug fixes

• Fixed jailbreak detection false positives.

6.1.1

Bug fixes

• The access token is now properly added to a multipart request.
• Fixed a case where the SDK would think all user profiles are deregistered because of an issue with the NSUserDefaults.
• Added a missing file to the FIDO version.

6.1.0

Features

• Added multipart support to ONGResourceRequest.

Bugfixes

• Fixed concurrency issues with dynamic client registration.

6.0.1

Bug fixes

• The client configuration is now cached on the device.
• Fixed a crash related to debug detection.
• Fixed a crash occurring when no response body was received from the Security Proxy.

6.0.0

Improvements

• Inline error handling for the handleOTPMobileAuthRequest and handlePushMobileAuthRequest methods.

Bugfixes

• Prevent an error when dynamic client upgrade is performed concurrently.
• Fixed error handling crashes occurring when payload encryption is turned on.

6.0.0-BETA

Features

• Added possibility to perform mobile authentication with OTP.

Improvements

• Separated enrollment methods for mobile authentication and mobile authentication with push.

Bugfixes

• The SDK will no longer deregister the device in case of unsupported client credentials grant type.

Release notes 5.X

5.04.00

Features

• Transaction signing support for mobile authentication with push.

Improvements

• ONGAuthenticationErrorAuthenticatorDeregistered is returned when the fingerprint authenticator is deregistered
• Internet connectivity and server reachability errors are now returned as ONGGenericErrorNetworkConnectivityFailure and ONGGenericErrorServerNotReachable respectively and no longer as ONGGenericErrorUnknown.

Bugfixes

• The fingerprint authenticator was not marked as preferred after migrating from iOS SDK version 4.x to 5.04.00.

5.03.08

Bug fixes

• Fixed error returned after cancelling fingerprint authentication.
• Fingerprint is no longer deregistered when the device is locked during authentication.
• Fixed error decryption crash when payload encryption is on.

5.03.07

Bug fixes

• Fixed fingerprint and mobile authentication migration issues.
• Fixed DCU error preventing successful client validation.

5.03.06

Bug fixes

• Added missing body parameter to ONGResourceRequest.

5.03.05

Bug fixes

• Fixed jailbreak detection false positives.

5.03.04

Bug fixes

• Fixed a case where the SDK would think all user profiles are deregistered because of an issue with the NSUserDefaults.
• Fixed concurrency issues with dynamic client registration.
• Fixed an issue that prevented detecting abuse (jailbreak / debugger) on the Server side in a certain case.

5.03.03

Bug fixes

• The invalid grant type error will no longer deregister the device.
• The client configuration is now cached on the device.
• Fixed a crash occurring when no response body was received from the Security Proxy.
• Fixed a crash during error handling when payload encryption is turned on.

5.03.02

Bugfixes

• The fingerprint authenticator was not marked as preferred after migrating from iOS SDK version 4.x to 5.x.

5.03.01

Bugfixes

• The local logout error is no longer propagated when revocation succeeded with unsupported content type.

5.03.00

Features

• Added support for unauthenticated resource calls.
• Network communication can now be logged using SecurityController.

Improvements

• Improved security of tokens stored in the memory.

5.02.01

Bugfixes

• Fixed crash when payload encrytion handshake fails during resource requests.

5.02.00

Features

• Registration requests are now cancellable.
• Mobile Authentication transactionId is now accessible in ONGMobileAuthRequest.

Improvements

• Improved security of the randomization algorythm used in payload encryption.

Bugfixes

• ONGRequestBuilder now properly sets headers property when building ONGResourceRequest.
• Fixed error handling for FIDO errors.

5.01.02

Bugfixes

• Touch ID authentication was not properly disabled after the SDK detected abuse.
• Correctly handle User and device deregistration for Touch ID authentication.
• Only return fully registered profiles.
• Prevent generating empty nonces for payload encryption messages.

Improvements

• Add accept application/json headers to all REST requests.

5.01.01

Bugfixes

• Deregistering FIDO authenticator doesnt mark all of FIDO authenticator as deregistered anymore.
• Fixed user deregistered and device deregistered error handling.
• Payload encryption handshake is no longer failing when executing concurrent network tasks.

5.01.00

Features

• Support for FIDO UAF (Fast IDentity Online) authenticators.

Improvements

• Authenticator type values inlined with Android SDK.

Bugfixes

• Fixed concurrency issue which might have prevented from receiving a new pin challenge.
• Fixed validatePinWithPolicy issue preventing successful registration.
• Cancelling mobile authentication now sends error with correct description.
• Fixed issue when mobile authentication might have logout the user.

5.00.02

Features

• Added beta support for FIDO authentication.

Bugfixes

• Fixed bug preventing retrial of DCU.
• Fixed device registration & upgrade for iOS 10 on a Cordova app.

5.00.01

Bugfixes

• Fixed the bug which was preventing from including a path within base URL.

5.00.00

Improvements

• Error codes were aligned with Android.
• Create and change pin challenges are now cancellable.
• Methods for fetching registered and nonregistered authenticators are now both synchronous and take a user profile as a parameter.
• Introduced allAuthenticatorsForUser: convenience method.

Bugfixes

• Fixed mobile authentication cancellation.
• Fixed occasional error preventing registration completion.
• The authenticatedUserProfile property of ONGUserClient is now updated after deregistration.
• The ONGMobileAuthRequest now provides a message property instead of a title and body.
• The ONGMobileAuthRequest now properly returns a user profile.
• Removed clearTokens: and isAuthorized methods from ONGUserClient.
• Fixed migration issues.

5.00.00-BETA

This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!

Improvements

• Completely redesigned public API to make the SDK easier to use.

Release notes 4.X

4.10.09

Bug fixes

• Fixed error handling crashes occurring when payload encryption is turned on.

4.10.08

Bug fixes

• Fixed data migration issue causing user deregistration.

4.10.07

Bug fixes

• Prevent the payload encryption handshake to be executed concurrently.
• Fixed a crash when the fingerprint refresh token was nil but it's not expected to be nil.

4.10.06

Improvements

• Improved security of the randomization algorithm used in payload encryption.

Bug fixes

• Fixed crash when payload encryption handshake fails during resource requests.

4.10.05

Bug fixes

• Touch ID authentication was not properly disabled after the SDK detected abuse
• Prevent generating empty nonces for payload encryption messages

4.10.04

Bug fixes

• Fixed user profile management for the deprecated API.

4.10.03

Bug fixes

• Fix a potential issue with the device upgrade flow if there are connectivity issues
• Fix device registration & upgrade for iOS 10 on a Cordova app

4.10.02

Bug fixes

• Fixed invalid architecture header sent when using 64 bit simulator.

4.10.01

Bug fixes

• A third party dependency was linked twice in the SDK which could cause problems in some linking scenarios
• Mobile authentication did not work after performing DCU
• AFNetworking could cause linking issues if included into the application that included the iOS SDK
• Logging out caused a network error
• In case of enabled Payload encryption the app could crash if a malformed http request was returned to the SDK

4.10.00

Features

• Introduced multiple user profiles feature

Bug fixes

• Mobile authentication with fingerprint is now properly working before the user is authenticated.

4.09.00

Features

• Changed the way the SDK allows to perform secure resource calls. Introduced new methods for fetching resources on behalf of a user as well as executing anonymous calls.
• Deprecated the old API for fetching resources.
• Added OGOneginiClient#authorizeClient method to allow client authentication which is required for performing anonymous resource calls.

4.08.04

Bug fixes

• Keychain data management improvements.
• Cookie policy fix.
• Push authentication stability improvements.

4.08.03

Bug fixes

• Fixed revoke issues

4.08.02

Improvements

• Push authentication security improvements.
• Added the OGChangePinDelegate protocol method - pinChangeErrorNotAuthenticated. This Method is called whenever a PIN change fails due to an unauthorized client.
• Added the OGFingerprintDelegete protocol method - fingerprintAuthenticationEnrollmentFailureNotAuthenticated. This Method is called whenever fingerprint enrollment fails due to an unauthorized client.

4.08.01

Bug fixes

• Fixed push authentication issues

4.08.00

Features

• Added support for automatization of config delivery and certificate pinning through the Onegini SDK Configurator.

4.07.00

Features

• Added optional OGCustomizationDelegate which can be used for providing custom TouchID prompts

4.06.00

Features

• Security improvements
• Appledocs documentation is now included
• Support for Xcode 7.2

Bug fixes

• Fixed disable fingerprint authentication issue
• The OGFingerprintDelegate will receive fingerprintAuthenticationEnrollmentErrorInvalidPin call when an invalid PIN is provided during the fingerprint authentication enrollment flow

4.05.03

Bug fixes

• Fixed authorization issue occurring on attempt to fetch a resource with fingerprint authentication enabled

4.05.02

Bug fixes

• Fixed reauthorize not being able to find an AuthorizationDelegate

4.05.01

Bug fixes

• Fixed authorization request format when multiple scopes are used

4.05.00

Features

• Added the reauthorize method to the OGOneginiClient public API which forces a user to re-authenticate regardless of the current access token state

Improvements

• Fingerprint authentication stability improvements

4.04.00

Features

• Fingerprint authentication for push notifications

Improvements

• Added isFingerprintAuthenticationAvailable method which determines if fingerprint authentication is possible by checking if device possess Touch ID sensor, at least one fingerprint is registered and if fingerprint is enabled for client configuration provided by token server. iOS 9 or greater is required.

4.03.00

Improvements

• Payload Encryption improvements

Bug fixes

• Authorization error object will be provided safely to the delegate implementor

4.02.00

Features

• Added support for Xcode 7 and iOS 9

Bug fixes

• The SDK will always provide a valid client identifier to the backend instance

4.01.00

Bug fixes

• Fixed authorization error handling when Payload Encryption is enabled

Features

• Removed deprecated methods from the OGOneginiClient public API
• Introduced OGLogoutDelegate for the logout action

4.00.01

Bug fixes

• Removed unneeded headers from requests sent using a native WebView

4.00.00

Features

• SDK is capable of sending and handling encrypted communication - Payload Encryption

Release notes 3.X

3.05.00

Features

• Improved root/debug detection
• Added CPU architecture to User-Agent header

3.04.00

Features

• Added device unique identifier generation
• OS version detection
• Device CPU architecture detection

Improvements

• Removed unused properties from SDK configuration

3.03.00

Features

• Fingerprint authentication.
• Binary hash calculator support for universal binaries.

Bug fixes

• Error when using multiple certificates for certificate pinning.
• Removed unnecessary config properties from the config file.

3.02.00

Features

• Forced update support. SDK validates against Token Server if current application version can be still used and if not notifies that an update is necessary.
• Extended error handling within the DCR process. All connectivity and other unsuspected errors which will occur within the DCR flow will be mapped to general authorizationError.
• Support for debug detection.
• Support for jailbreak detection.
• Dynamic Client Update flow support.
• Tampering detection.
• Custom User-Agent header.