v2.5.1

Large revamp of the websocket/socket-io handling which allows scatter-js to act as if it was a socket.io client but also interact with regular WebSockets. This adds support for Mobile which doesn't use Socket.IO as it's server like Desktop does.

v2.4.0

Bugfixes

• Allow importing the library late but still catch Scatter Classic

2 way authentication of application origins

These changes are backwards compatible with older non-authenticated version of scatter-js. However whitelist action permissions will not be available when interacting with non-authenticated apps

This update allows stronger verification of origins to allow for permissions to be validated against specific apps.

Application Key

This key is given to Scatter from the app upon approved connections. The app then saves only a hashed version of it to validate itself against Scatter.

Nonce

Along with the application key a nonce ( randomized uuid ) is sent to Scatter along with every request as well as a hashed version of the next nonce. If a nonce is incorrect and doesn't match the assumed next nonce but the app key is correct permissions are dropped and the user is asked to re-authenticate with the application.