version v3.0.0

Overview

The v3 release introduces a unified biometric enrolment and authentication process across platforms.

Note: Users who were previously enrolled using earlier SDK versions will be required to re-enrol due to changes in the token architecture introduced in v3.

• A refresh of the Firebase JSON is required in sandbox (and production if applicable). The new firebase token will work with the v3 SDK. If you had previously provided a firebase token (to work with v1 or v2 SDK), this will no longer be displayed in the embedder portal, but it will still be applicable for that SDK.
  • Generate a new token (with the same configuration) from your Firebase Console
  • In the embedder portal, re-enable Biometric Authentication, and then Provide your Firebase Json file. Even if you had previously configured a firebase Json, a new one must be provided.
  • Re-enable Biometrics for user actions
  • Previously enrolled users will have to enrol again
• Changes to un-enrolment behaviour. Previously, a new user was allowed to enrol on a device that was already being used; and the old user would be unenrolled automatically. Now, the app must be uninstalled, or the user unlinked via multi-API, before a new user can enrol on the device. See un-enrolment section of the docs.

Android

To upgrade to SDK v3.0.0, update your Gradle dependency:

implementation 'io.weavr.components:secure-components:3.0.0'

In your settings.gradle file, remove the following repository entry:

maven {
    url "https://gitlab.okaythis.com/api/v4/projects/15/packages/maven"
    name "GitLab"
}

Key changes

• The biometrics user enrolment flow now requires an OTP. This is delivered via SMS, and input by the user into an integrated screen in the component.
• The ability to exchange tokens via the SDK has been removed. For the biometrics login flow, the auth token is shared via webhook only and must be exchanged for an access token via your backend to the Weavr multi API.
• Moved ErrorResponse class to io.weavr.components.utils.ErrorResponse package. Update any custom error handling implementations to use the new package path
• Improved handling of the hardware back button on the Device Authorization screen in the enrolment flow that is launched via UXComponents.psa.startPSAEnrollment(). Pressing the back button now triggers the onFailed() callback, enabling client apps to handle user-initiated cancellations more effectively.