All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
ProofRequestOptions.orgIdis now also sent on session initialization (POST /api/sdk/init/session/), so the backend can attribute the session — and itsSESSION_INITanalytics record — to the partner organization at creation time instead of waiting for the first status update. Omitted entirely when unset.
- New
ProofRequestOptions.orgIdoption for partner organization attribution (e.g. the SheerID orgId). When set, the SDK includes it in the body of its own session status updates (SESSION_STARTED,SESSION_CANCELLED) and embeds it top-level in the request template so the verification client forwards it on every status update it posts. Round-trips throughtoJsonString/fromJsonString. Optional and omitted entirely when unset; it has no effect on the verification process.
- Inclusion of parameters from
JSON.parse($.claimData.parameters).paramValuesalong withJSON.parse($.claimData.context).extractedParameters.
RequestSpec.templateParamsMode('separate' | 'merge', defaults to'separate') controls howgenerateSpecsFromRequestSpecTemplateexpands a template with multipletemplateParamsvalues.'separate'is the existing/default behavior — one independent spec (and expected hash) per value, matching N separate proofs.'merge'is new: it folds every value into a single spec whoseresponseMatches/responseRedactionsgain one entry per value, matching one proof that bundles many values into a single claim (e.g. acustomInjectionprovider that proves 30+ playlist names in one claim instead of 30 separate ones). See the README's "Provider Authors: Validating Dynamically Injected Claims" section for examples.
- Enable deferred deep links for android by default.
- Add opt-in for deferred deep links for iOS. Defaults to app clip.
- New
ReclaimProofRequest.cancelSession()method to deliberately cancel an in-progress verification (e.g. the user navigates away before a proof is produced). It tears down all local session machinery — the status polling interval, the 10-minute interval-ending timeout, and any portal UI (modal / tab / embedded iframe) — and marks the sessionSESSION_CANCELLEDon the backend.onSuccess/onErrorare intentionally not invoked; cancellation is a silent, deliberate teardown rather than a verification outcome. Safe to call multiple times; a no-op when no session is active. - New
SessionStatus.SESSION_CANCELLEDenum value. Marking a session cancelled lets the portal treat it as a clean terminal state, so an abandoned session is not later reported as a connection failure to the (typically shared) cancel/error callback URL — preventing a stale session from contaminating the next one in multi-session flows.
startSessionnow validates submitted proofs against the version the backend actually used for the session (read fromsession.providerVersionStringon the status response) instead of the version resolved at init. Previously, if a provider's AI patch (e.g.1.0.0-ai.6) was created mid-session and the proof was generated against that patch, the default-callback validation path threwUnknownProofsNotValidatedErrorbecause it kept asking for hashes against the init-time base version. Callers that pass an explicitverificationConfigtostartSessionare unaffected.
- New
ReclaimProofRequest.initWithSignature(applicationId, providerId, sessionAuth, options)static method that initializes a proof request from a pre-computed signature, soappSecretnever has to be shipped to the client. - New
generateInitSignature(appSecret, providerId, timestamp)helper, intended for server-side use, that produces the signatureinitWithSignatureexpects (over canonicalized{providerId, timestamp}). - Export
generateAttestationNonceso backends can compute the TEE attestation nonce aftersessionIdis known and return it via thegetAttestationNoncecallback oninitWithSignature. WhenacceptTeeAttestationis enabled,initWithSignaturerequires this callback and throws otherwise.
- Request TEE attestations by default when initializing proof requests.
- Include the SDK-controlled TEE attestation version in request templates and attestation nonce context so attestors can keep older SDK clients on compatible proof formats.
- Add example support for server-side TEE attestation verification and displaying returned TEE proof details.
- Support v3 TEE digest binding verification while keeping v2 verification compatible.
- Breaking:
verifyTeeAttestationnow takes(proof, appSecret)instead of(proof). It performs full GCP attestation verification and returns{ isVerified, error? }instead of a boolean. The application ID is derived fromappSecretautomatically. - Breaking:
verifyProofconfig option renamed fromverifyTEE: booleantoteeAttestation: { appSecret }. The app secret is now required so the SDK can verify application binding and recompute the attestation nonce. - Breaking: Renamed
isTeeVerifiedtoisTeeAttestationVerifiedonVerifyProofResult. Now returnstruewhen TEE verification passes andundefinedwhen not requested (previouslyfalse).
- GCP TEE attestation verification: OIDC token signature validation, platform claims, nonce/digest binding, application and session binding.
- New
runTeeVerification(proofs, config)export for batch TEE verification that throwsTeeVerificationErroron failure. TeeVerificationErrorexported for catching TEE-specific failures.
- Refactor
VerifyProofResulttype into a discriminated union (VerifyProofResultSuccessandVerifyProofResultFailure).
- Include
publicDatain successfulVerifyProofResult(typeVerifyProofResultSuccess) responses. - Add
verificationConfigparameter tostartSessionmethod.
- Update type of
hashfield to includeoprf-rawas a hashing method inResponseRedactionSpecinterface.