2.1.4

What's Changed

• Guard against ASWebAuthenticationSession invoking the callback repeatedly by @AlexNachbaur in #265

Full Changelog: 2.1.3...2.1.4

2.1.3

What's Changed

• Support https redirect URIs in browser sign-in (#252)
• Improve browser sign in error messaging
• Fix import statements for other platforms (#256)
• Fix problems with BrowserSignin on tvOS (#259)
• Bump version numbers and include additional docs

Full Changelog: 2.1.2...2.1.3

2.1.2

What's Changed

• Fix a regression where DirectAuth OOB channel_hint is missing by @AlexNachbaur in #253

Full Changelog: 2.1.1...2.1.2

2.1.1

What's Changed

• Drop support for Xcode 15.4 by @AlexNachbaur in #249
• Update BrowserSignin initializer to not throw unnecessarily by @AlexNachbaur in #251

Full Changelog: 2.1.0...2.1.1

2.1.0

This update introduces updates to OktaIdxAuth supporting Passkey / Security Key authentication and enrollment.

New Features

Passkey / WebAuthn support within OktaIdxAuth

This update adds two new Capability types:

1. WebAuthnAuthenticationCapability – Exposes the data necessary for a WebAuthn authenticator to complete an authentication challenge, and a challenge(credential:) function to return the authentication assertion to the server.
2. WebAuthnRegistrationCapability – Exposes information used by a WebAuthn authenticator to create a WebAuthn attestation to register a new passkey, which can be returned to the server using the register(credential:) function.

Additionally, a new remediation type challengeWebAuthnAutofillUIAuthenticator can be used to implement credential autofill for passkeys.

Password complexity rules in OktaIdxAuth

The PasswordSettingsCapability has a new passwordRules property on supported platforms. This returns a UITextInputPasswordRules object that represents the requirements indicated by the client’s password complexity rules defined within Okta, and can be used to improve the user experience when a user is setting or changing their password within a sign-in flow.

Xcode 26 Beta compatibility

All libraries now support Xcode 26 Beta, and Swift 6.2.

What's Changed

• Implement WebAuthn enrolment and authentication capabilities in IDX by @AlexNachbaur in #236
• Add support for more passkey provider options, AuthorizationServices conveniences, and API docs by @AlexNachbaur in #237
• Ensure rpId property is checked for Authentication requests by @AlexNachbaur in #240
• Updates to support Xcode 26 Beta by @AlexNachbaur in #239
• Release 2.0.1 by @AlexNachbaur in #241
• Implement password autofill support by @AlexNachbaur in #242
• Updates for 2.1.0 release by @AlexNachbaur in #244

Full Changelog: 2.0.1...2.1.0

2.0.2

What's Changed

• Fix BrowserSignin cancel() causing an unexpected hang by @AlexNachbaur in #243

2.0.1

This update adds support for Xcode 26 Beta and Swift 6.2, as well as makes improvements to ensure CI workflows are more stable, and cover more environments.

• Improvements to the test matrix to include more Xcode and Swift versions
  • Swift Package Manager tests across macOS and Linux:
    • Swift 5.10 (macOS only)
    • Swift 6.0
    • Swift 6.1
    • Swift 6.2
  • Xcode tests include:
    • iPhone: 16.4, 18.2, 18.5
    • tvOS: 18.5
    • watchOS: 11.5
    • visionOS: 1.0, 2.5
    • macOS: 15
• Improves dependency resolution performance by only importing swift-docc-plugin when run in CI
• Test and CI workflow improvements

What's Changed

• Release 2.0.1 by @AlexNachbaur in #241

Full Changelog: 2.0.0...2.0.1

2.0.0

This release is a large update that introduces full Swift 6 compatibility with support for Strict Concurrency. This includes task cancellation and inheritance support for all asynchronous operations, and resolves data race and concurrency issues within the Credential Storage system. In addition, the update improves the Developer Experience (DX) for authentication flow customizations. This also marks the first major release of the Okta Client SDK for Swift.

New Features

Swift 6 compatibility

All asynchronous operations in the SDK were changed to work around Swift's Task APIs, replacing the legacy DispatchQueue completion block approach. Swift Actors were adopted where appropriate, while still providing a convenient developer experience (DX) with support for synchronous or nonisolated access to commonly-used properties or functions.

Some other improvements include:

• Support for both Swift 6 and Swift 5.10
• Enforces "complete" Strict Concurrency mode
• All asynchronous operations are now built around Task, instead of GCD completion blocks, which enables:
  • Task cancellation
  • Task priority inheritance
• Sendable conformance for all appropriate types
• Authentication flows are now Actor types, improving data race consistency

Credential Storage subsystem improvements

The storage of tokens is critical, and ensuring data race consistency and thread safety is of the utmost importance. Many improvements to the Credential Storage system of AuthFoundation have been made to use Swift Concurrency features. This ensures that access to the storage system remains consistent, while keeping the same performance and developer experience.

• Introduces a new CredentialActor global actor for all components of the storage system
• Improves the customization of URLSession customization using a new OAuth2Client.defaultSession static property
• Fixes bugs in how the Keychain APIs are used, which prevented consistent assignment of the Credential.default value

Authentication Flow improvements

Many improvements were made to AuthenticationFlow types to ensure that the developer experience across flows is consistent. In addition, these improvements simplify and expand on the customization of configurable properties, and resolve data race issues in asynchronous operations.

• The AuthenticationFlow protocol is now an Actor type, ensuring that all flows are actors
• Flows have a mandatory Context type that’s used for managing developer customizations and runtime state for in-flight authentication sessions
• Adds support for the customization of common authorization parameters:
  • acr_values (Authentication Context Class References)
  • max_age for authentication flows that support them
  • Conveniences for the Authorization Code flow, such as display, prompt, loginHint, and so on.
• Improvements to types that use claims
  • Added HasClaims support to Token, allowing developers to handle custom values in token responses
  • Improved assignment and conversion of claim values to Swift-native types
  • Supports Swift's ExpressibleBy\* protocols for simpler assignment of literals to claim values
• All uses of scope use a collection type to streamline the developer experience
  • Allows you to supply scope values as strings and arrays of strings
  • Supports the use of string literals for convenient assignment
• Introduced the JWT Bearer Authorization flow, supporting RFC7523 for authentication using a signed JWT assertion
• Improved feature support within the Okta Direct Authentication flow
  • Self-Service Password Reset (SSPR) intent support
• OktaIdxAuth was introduced into the monorepo, relocated from the okta-idx-swift repository

Distribution and build support

• Includes separate Swift 6 and 5.10 Swift Package Manager files for improved compatibility
• CocoaPods support improved, with the introduction of an umbrella OktaClient podspec

Other Updates

• OktaOAuth2 renamed to OAuth2Auth
• WebAuthenticationUI renamed to BrowserSignin
• The Okta IDX authentication library has moved into this repository
  • The full okta-idx-swift history has been merged into this monorepo
  • OktaIdx was renamed to OktaIdxAuth for consistency
• Minimum supported versions changed
  • Xcode 15.4
  • Swift 5.10
  • iOS 13.0
  • tvOS 13.0
  • watchOS 7.0
  • visionOS 1.0
  • macCatalyst 13.0
  • macOS 10.15
• (Experimental) Linux compatibility
  • Requires the use of Swift 6
  • Note: Linux isn’t officially supported

What's Changed

• OKTA-789927: Move away from orb by @rlepage-okta in #205
• Implement RFC7523 with JWTAuthorizationFlow by @alexnachbaur-okta in #206
• Extend Token with HasClaims for custom claims by @alexnachbaur-okta in #204
• Add sample application for JWT Bearer Authorization flow (RFC7523) by @alexnachbaur-okta in #208
• Update minimum Swift, Xcode, and platform versions by @alexnachbaur-okta in #207
• Introduce a sign-in "intent" to enable SSPR by @alexnachbaur-okta in #209
• Refactor Authentication Flows for consistency and customization by @alexnachbaur-okta in #214
• Change scope to be an array of strings for developer convenience and consistency by @alexnachbaur-okta in #217
• Update asynchronous APIs to use Swift Concurrency by default by @alexnachbaur-okta in #220
• Ensure Keychain SecItemDelete is not called with unsupported attributes by @alexnachbaur-okta in #229
• Updates to ensure OktaIdx supports the Swift6 updates by @alexnachbaur-okta in #230
• Update CocoaPods support and testing by @alexnachbaur-okta in #231
• Integrate okta-idx-swift into the monorepo by @AlexNachbaur in #232
• Rename WebAuthentication to BrowserSignin by @AlexNachbaur in #233
• Updated API docs and fixed docc warnings by @AlexNachbaur in #234

New Contributors

• @rlepage-okta made their first contribution in #205

Full Changelog: 1.8.2...2.0.0

1.8.3

What's Changed

• Update the HTTP cache policy for key requests by @alexnachbaur-okta in #227

Full Changelog: 1.8.2...1.8.3

1.8.2

What's Changed

• API request usability and stability improvements by @mikenachbaur-okta in #202
• Fix "Multiple commands produce PrivacyInfo.xcprivacy" error by @mikenachbaur-okta in #203

Full Changelog: 1.8.1...1.8.2