v4.10.0

Summary

• Allow for the management of single purpose keys

v4.9.0

• Allow for the use of single purpose keys
• Upgrade JOSETransport to include SDK version in User Agent header
• Remove example apps (CLI and Example Spring Boot App)

v4.8.0

• FIPS 140-2 support validation
  • Use BouncyCastleFipsProvider for tests to ensure compatibility going forward
  • Updated tests with keys that are supported by the BouncyCastleFipsProvider
  • Added genrsa command to CLI example to generate RSA private keys acceptable to BouncyCastleFipsProvider
  • Added ability to get PEM from Private Key to JCECrypto in support of the genrsa command
• Fixed the Organization commands in the CLI example
• Added Directory TOTP Post and Delete
• Added Service TOTP POST to verify TOTP codes
• Upgraded Cucumber to the latest version
• Updated CLI to include generate-totp, remove-totp, and verify-totp

v4.7.0

Added support for Device IDs returned by API in creating Authorization Requests. This will assist 3rd party push implementations.

v4.6.0

• Added new policy types for method amount, factor, and geo-conditional policies
• Add territorial fences
• Deprecated existing policy objects as well as methods and objects that used them

v4.5.0

• Added Auth Response Insights
  • These enhancements will only be added for responses from Mobile Auth SDK versions that return the data in the response.
  • Added auth authPolicy to auth response
  • Added auth methods to auth response
• Fixed missing SENSOR failure reason in AuthorizationResponse. It will no longer be returned as OTHER
• Fixed transport issue which would fail JWT validation on 401 responses from API
• Add device link completion webhook handling to the Directory client
• Updated Organization client to be able to set Directory webhook URL
• Updated example app to use Directory Users and have device link completion webhook implementation

v4.3.0

• Added busy signal processing
• Added dynamic authorization request push messaging
• Added authorization response context
• Added ability to enable jailbreak protection to authorization policy constructor.
• Fixed bug in authorization policy the swapped inherence and knowledge factors.
• Fixed bug where response headers were not being properly validated and verified.
• Added verification of webhook headers.
• Added dynamic authorization request title
• Added authorization response context
• Fix bug when attempting to retrieve and authorization response after an authorization request timed out. The transport would throw a JWE exception when attempting to decrypt an unencrypted response rather than throwing the expected AuthorizationRequestTimedOutError.

v4.2.2

• Fix bug in Jackson Databind annotation of ServerSentEventAuthorizationResponseCore that would throw a JsonMappingException when unknown attributes were returned in the response.

v4.2.1

• Fixed bug in Jose4jJWTService#decode which caused null pointer exception when decoding a request JWT from a webhook

v4.2.0

• Add Organization Service management
• Add Directory management
• Add Directory Service management
• Add Jail Break Protection to Auth Service Policy
• Remove UUID version 1 requirement in factories for Organization, Directory, and Service ID as they can now be version 3 or 4
• Add more specific named errors for HTTP status codes and LaunchKey error codes.
• Migrate test mocks from Mockito 1.x to 2.x
• Cucumber based integration tests
• Dropped support for Java 6