Skip to content

v0.27.0

Choose a tag to compare

View all tags
@sraptis-scy sraptis-scy released this 29 Apr 13:26
· 17 commits to main since this release
v0.27.0
1d17f2f

Enhancements

Re-issuance: refresh AuthorizedRequest before credential request

reissueDocument() now explicitly refreshes the access token using the stored refresh token before
submitting the credential request. Previously it submitted with the original (potentially expired)
token and relied on error handling. If the refresh token itself is expired (400 invalid_grant),
the flow falls back to full OAuth authorization when allowAuthorizationFallback is enabled, or
throws ReissuanceAuthorizationException in background mode.

DCAPI: support native app-to-app flows

Problem:
The library currently aborts DCAPI requests with "Calling origin must not be null" whenever the caller is a native Android verifier app. This happens because CallingAppInfo.getOrigin(privilegedAllowlist) returns null for any caller that is not a privileged user agent (typically a browser) registered in the configured allowlist.

Solution:
When getOrigin() returns null, the library now calculates the origin value from the calling app's signing certificate, in the format:
android:apk-key-hash:<encoded SHA 256 fingerprint>

See https://developer.android.com/identity/digital-credentials/credential-holder/credential-holder#check-verifier-origin.

Dependency Updates

  • eudi-lib-android-wallet-document-manager updated to 0.16.0
  • eudi-lib-android-iso18013-data-transfer updated to 0.13.0
  • eudi-lib-jvm-openid4vci-kt updated to 0.10.1
  • eudi-lib-jvm-sdjwt-kt updated to 0.20.0
  • eudi-lib-kmp-statium updated to 0.5.1
  • Kotlin updated to 2.2.21

Bug Fixes

DPoP key alias crash when DPoP is disabled

Fixed UninitializedPropertyAccessException when DPopConfig.Disabled is configured.
IssuerCreator.dpopKeyAlias was declared as lateinit var but was never assigned when DPoP was
disabled. Changed to a nullable var with a default of null.

Test Updates

CRL validation mock removed from TrustStoreRsaRootEcIntermediateTest

The test previously mocked the internal CertificateCRLValidation class to bypass CRL checks. That
class was removed in iso18013-data-transfer 0.13.0, which replaced the custom CRL implementation
with Java's built-in PKIXRevocationChecker and a RevocationPolicy sealed interface. The default
policy is RevocationPolicy.NoCheck, making the mock unnecessary.

Various Changes

SampleDocumentManager removed from public API

startRemotePresentation(intent: Intent) deprecated

Use startRemotePresentation(uri: Uri) instead. The Intent-based overload is deprecated and will
be removed in a future release.

The Uri-based method no longer wraps into an Intent internally — it resolves the OpenID4VP
request URI directly. The mdoc:// scheme handling via transferManager.startEngagementToApp() has
been removed, as engagement-to-app is handled by the data-transfer layer.

Assets 2
Loading