v4.10.0

NEW

Identity Verification service

Given a session, one can now request the devices that interacted with the session using the method getSessionTrackedDevices(sessionId). The devices resources can also be deleted, using deleteSessionTrackedDevices(sessionId).

Example

const sessionId = 'session-xxx';

// Getting the device events
const devicesResponse = await idvClient.getSessionTrackedDevices(sessionId);
const events = devicesResponse.getDeviceEvents()
const firstEvent = events[0]

firstEvent.getEvent();  // string: CONFIG_FIRST_LOADED, RESOURCE_CREATED...
firstEvent.getCreated();  // Date

const firstEventDevice = firstEvent.getDevice();   // Device

firstEventDevice.getIpAddress();  // string | undefined
firstEventDevice.getIpISOCountryCode()  // string | undefined
firstEventDevice.getManufactureName()  // string | undefined
firstEventDevice.getModelName()  // string | undefined
firstEventDevice.getOSName()  // string | undefined
firstEventDevice.getOSVersion()  // string | undefined
firstEventDevice.getBrowserName()  // string | undefined
firstEventDevice.getBrowserVersion()  // string | undefined
firstEventDevice.getLocale()  // string | undefined
firstEventDevice.getClientVersion()  // string


// Deleting the device events
await idvClient.deleteSessionTrackedDevices(sessionId);

v4.9.0

NEW

Identity Verification service

When configuring a session, one can now specify the brand identifier for the IDV client, via the SdkConfigBuilder new method withBrandId(string).

Example

const {
  SdkConfigBuilder,
} = require('yoti');

// Using the SessionSpecificationBuilder
const sdkConfig = new SdkConfigBuilder()
  .withAllowsCameraAndUpload()
  // .... more options
  .withBrandId('some-brand-identifier')  // NEW
  .build();

v4.8.0

NEW

Advanced Identity Profile in Identity Verification service

The SDK now exposes the Advanced Identity Profile supported in the Identity Verification service. It helps with creating a session with Advanced Identity Profile requirements, and supports the response parsing.

Example to create a session

const {
  // ...
  SessionSpecificationBuilder,
  AdvancedIdentityProfileBuilder,
  AdvancedIdentityProfileRequirementsBuilder,
  AdvancedIdentityProfileSchemeBuilder,
} = require('yoti');

// Using the SessionSpecificationBuilder
const sessionSpecificationBuilder = new SessionSpecificationBuilder();

const advancedIdentityProfileSchemeDBS = new AdvancedIdentityProfileSchemeBuilder()
  .withType('DBS')
  .withObjective('BASIC')
  .withLabel('label-for-DBS-BASIC')
  .build();

const advancedIdentityProfileSchemeRTW = new AdvancedIdentityProfileSchemeBuilder()
  .withType('RTW')
  .withLabel('label-for-RTW')
  .build();

const advancedIdentityProfileUKTFIDA = new AdvancedIdentityProfileBuilder()
  .withTrustFramework('UK_TFIDA')
  .withScheme(advancedIdentityProfileSchemeDBS)
  .withScheme(advancedIdentityProfileSchemeRTW)
  .build();

const advancedIdentityProfileSchemeAL1 = new AdvancedIdentityProfileSchemeBuilder()
  .withType('IDENTITY')
  .withObjective('AL_L1')
  .withLabel('label-for-IDENTITY-AL-L1')
  .build();

const advancedIdentityProfileYotiGlobal = new AdvancedIdentityProfileBuilder()
  .withTrustFramework('YOTI_GLOBAL')
  .withScheme(advancedIdentityProfileSchemeAL1)
  .build();

const advancedIdentityProfileRequirements = new AdvancedIdentityProfileRequirementsBuilder()
  .withProfile(advancedIdentityProfileUKTFIDA)
  .withProfile(advancedIdentityProfileYotiGlobal)
  .build();

sessionSpecificationBuilder.withAdvancedIdentityProfileRequirements(advancedIdentityProfileRequirements);

Example to retrieve a session

const sessionResult = await idvClient.getSession(sessionId);

const advancedIdentityProfile = sessionResult.getAdvancedIdentityProfile();
// advancedIdentityProfile.getSubjectId(); // same a simple Identity Profile
// advancedIdentityProfile.getResult(); // same a simple Identity Profile
// advancedIdentityProfile.getFailureReason() // same a simple Identity Profile (see update below)

const report = advancedIdentityProfile.getIdentityProfileReport();
const compliance = report.getCompliance();
// report.getMedia();

// Given one of the compliance - corresponds to the required profiles
const trustFrameworkCompliance = compliance[0];
// trustFrameworkCompliance.getTrustFramework();
const schemesCompliance = trustFrameworkCompliance.getSchemesCompliance();

// Given one of the scheme compliance
const schemeCompliance = schemesCompliance[0];
schemeCompliance.getRequirementsMet();
schemeCompliance.getScheme();
schemeCompliance.getRequirementsNotMetInfo();

Minor updates

Update of type for the error details surfaced in Identity Verification service

The 'requirements not met details' within the IdentityProfileRequirementsNotMetDetailResponse are now parsed as a class.

const sessionResult = await idvClient.getSession(sessionId);
const identityProfile = sessionResult.getIdentityProfile(); // or sessionResult.getAdvancedIdentityProfile();
if (identityProfile) {
  const failureReason = identityProfile.getFailureReason();

  if (failureReason) {
    const reasonCode = failureReason.getReasonCode(); // string
     // Array of IdentityProfileRequirementsNotMetDetailResponse (NEW - class based)
    const requirementsNotMetDetails = failureReason.getRequirementsNotMetDetails();
    /*
    IdentityProfileRequirementsNotMetDetailResponse shape as follows:
    {
      failureType, //string
      documentType, //string
      documentCountryIsoCode, //string
      auditId, //string
      details, //string
    }

    // Getters (NEW):
    .getFailureType() 
    .getDocumentType() {
    .getDocumentCountryIsoCode() {
    .getAuditId() {
    .getDetails() {
    */
  }
}

v4.7.0

New

Surface error details in Profile and Digital Identity services

Surface errorReason for identity profile receipt/activity.

Usage

Share v1 - via Profile service

Given the share is complete and token received:

const activityDetails = await yotiClient.getActivityDetails(token);
const outcome = activityDetails.getOutcome();
const errorDetails = activityDetails.getErrorDetails();

/*
Description of errorDetails:
- errorCode: string, ie 'FRAUD_DETECTED', 'MANDATORY_DOCUMENT_NOT_PROVIDED'...
- description: string
- errorReason: optional object with 'requirementsNotMetDetails' field

errorReason: {
  requirementsNotMetDetails: [
    {
      failureType, //string
      documentType, //string
      documentCountryIsoCode, //string
      auditId, //string
      details, //string
    },
    ...
  ]
}
*/

Share v2 - via Digital Identity service

Given the share is complete (assuming the receiptId was retrieved):

const receipt = await sdkDigitalIdentityClient.getShareReceipt(receiptId);
const receiptError = receipt.getError();
if(receiptError) {
  const receiptErrorReason = receipt.getErrorReason();
  /*
  If defined, object of shape:
  {
    requirementsNotMetDetails: [
      {
        failureType, //string
        documentType, //string
        documentCountryIsoCode, //string
        auditId, //string
        details, //string
      },
      ...
    ]
  }
  */  
}

Surface error details in Identity Verification service

Surface the 'requirements not met details' within the IdentityProfile FailureReasonResponse.

Usage

Given a session (with identity profile requirement) is completed and retrieved:

const sessionResult = await idvClient.getSession(sessionId);
const identityProfile = sessionResult.getIdentityProfile();
if (identityProfile) {
  const failureReason = identityProfile.getFailureReason();

  if (failureReason) {
    const reasonCode = failureReason.getReasonCode(); // string
    const requirementsNotMetDetails = failureReason.getRequirementsNotMetDetails(); // Array of RequirementsNotMetDetail
    /*
    RequirementsNotMetDetail shape as follows:
    {
      failureType, //string
      documentType, //string
      documentCountryIsoCode, //string
      auditId, //string
      details, //string
    }
    */
  }
}

v4.6.0

New

Share capabilities - Advanced Identity Profile Requirements

The SDK now exposes the next iteration Yoti released recently around Identity Profile Requirement: multiple framework and schemas are available.
To use the feature, one shall now call the withAdvancedIdentityProfileRequirements(), which is exposed in both Profile and Digital ID service.

Please check the examples in /examples/digital-identity and /examples/profile-identity-checks for reference.

v4.5.1

No new features

Only includes minor dependencies updates.

Typescript support

The project now includes TS definitions, generated from JSDoc (see documentation).

v4.5.0

New Identity Verification Features

Allowing non-latin documents

A new method withAllowNonLatinDocuments(value: Boolean) on both OrthogonalRestrictionsFilterBuilder and DocumentRestrictionsFilterBuilder filter builders is now available.

with OrthogonalRestrictionsFilterBuilder

  const orthogonalRestrictionsFilter = new OrthogonalRestrictionsFilterBuilder()
    .withWhitelistedDocumentTypes(['PASSPORT'])
    .withAllowNonLatinDocuments(true)
    .build();
     
  const requiredIdDocument = new RequiredIdDocumentBuilder()
    .withFilter(orthogonalRestrictionsFilter)
    .build();

or

withDocumentRestrictionsFilterBuilder

  const documentRestriction = new DocumentRestrictionBuilder()
    .withDocumentTypes(['PASSPORT'])
    .build();

  const documentRestrictionsFilter = new DocumentRestrictionsFilterBuilder()
    .withDocumentRestriction(documentRestriction)
    .forWhitelist()
    .withAllowNonLatinDocuments(true)
    .build();

  const requiredIdDocument = new RequiredIdDocumentBuilder()
    .withFilter(documentRestrictionsFilter)
    .build();

Getting the list of documents supported, including non-latin or not

This is generic feature related to the API capabilities (ie, not bound to any specific session).
One can call the method getSupportedDocuments(includeNonLatin: Boolean), the includeNonLatin is new.

const supportedDocumentsResponse = await idvClient.getSupportedDocuments(true);

v4.4.0

New Identity Verification Features

Face comparison using an uploaded picture

This feature requires some extra setup after creating the session, so, the picture to be used for the face comparison is uploaded.

The steps are:

1. Create session - with FaceComparison (using RequestedFaceComparisonCheckBuilder)
2. Fetch the session configuration
3. Retrieve the face capture requirements
4. Create a FaceCapture resource associated to the face capture requirement (using CreateFaceCaptureResourcePayloadBuilder and the new idv client method createFaceCaptureResource())
5. Upload the picture as the FaceCapture resource content (using UploadFaceCaptureImagePayloadBuilder and the new idv client method uploadFaceCaptureImage())

See full example in examples/idv/src/controllers/use-cases/face.comparison.check.controller.js

Allowing expired documents

A new method withAllowExpiredDocuments(value: Boolean) on both OrthogonalRestrictionsFilterBuilder and DocumentRestrictionsFilterBuilder filter builders is now available.

with OrthogonalRestrictionsFilterBuilder

  const orthogonalRestrictionsFilter = new OrthogonalRestrictionsFilterBuilder()
    .withWhitelistedDocumentTypes(['PASSPORT'])
    .withAllowExpiredDocuments(true)
    .build();
     
  const requiredIdDocument = new RequiredIdDocumentBuilder()
    .withFilter(orthogonalRestrictionsFilter)
    .build();

or

withDocumentRestrictionsFilterBuilder

  const documentRestriction = new DocumentRestrictionBuilder()
    .withDocumentTypes(['PASSPORT'])
    .build();

  const documentRestrictionsFilter = new DocumentRestrictionsFilterBuilder()
    .withDocumentRestriction(documentRestriction)
    .forWhitelist()
    .withAllowExpiredDocuments(true)
    .build();

  const requiredIdDocument = new RequiredIdDocumentBuilder()
    .withFilter(documentRestrictionsFilter)
    .build();

v4.3.0

New Identity Verification Features

Control of Biometric Consent UX flow

New methods available in the builder SdkConfigBuilder to configure when in the flow the biometric consent is being collected: withEarlyBiometricConsentFlow() and withJustInTimeBiometricConsentFlow()

const sdkConfig = new SdkConfigBuilder()
.withEarlyBiometricConsentFlow() // alternatively use .withJustInTimeBiometricConsentFlow()
.build()

Obtain Expanded Document fields

Within the text extraction task, one can now request to include the expanded documents fields, via the RequestedTextExtractionTaskBuilder builder, calling the new method .withCreateExpandedDocumentFields().

new RequestedTextExtractionTaskBuilder()
.withCreateExpandedDocumentFields(true) // default is false
.build()

Then, within each document received, the expanded documents field can be retrieved using the getExpandedDocumentFields() method.

const expandedFields = document.getExpandedDocumentFields()
expandedFields.getMedia()

Retrieve the session configuration

It is now possible to retrieve the session configuration of a given session, by sessionId, by calling directly on the IDVClient the method getSessionConfiguration()

const sessionConfig = await idvClient.getSessionConfiguration(sessionId);

v4.2.1

Maintenance

Addressed dependencies vulnerabilities.

Code dependencies:

• node-forge => 1.3.1
• eslint-plugin-jest => 7.2.4

Updated manually dev dependencies:

• eslint => 8.43.0
• eslint-plugin-jest => 27.2.2
• jest => 29.5.0

• Dependencies vulnerabilities fix - (via npm audit --fix)

• Added audit-ci and audit-ci.jsonc.
  Currently white listing: "GHSA-c2qf-rxjj-qqgw" (semver)