Releases: tkhq/swift-sdk
Releases · tkhq/swift-sdk
Release: v3.2.0
Release: v3.1.0
Release notes
Summary
- Added config-driven
Stamperinitializers for API keys, passkeys, Secure Enclave, and Secure Storage; supports automatic on-device keypair creation and exposespublicKeyHex. - Introduced
Stamper.sign(payload:format:)with.der(default) and.raw64-byte outputs; passkey mode intentionally unsupported for generic sign. - Added delegated access/session conveniences to
TurnkeyContext: raw/message/transaction signing via the active session, session helpers, and policy/user utility functions. - Introduced
TurnkeyKeyManagermodule withEnclaveManagerandSecureStorageManagerfor secure key lifecycle and signing. - Added tests for
TurnkeyStamperand updated README/examples.
What changed
TurnkeyStamper
- New public config models:
ApiKeyStamperConfig,PasskeyStamperConfig,SecureEnclaveStamperConfig,SecureStorageStamperConfig, andStamperConfiguration. - New convenience initializers including on-device keypair creation and selection (
.auto,.secureEnclave,.secureStorage). - New
publicKeyHexsurface;SignatureFormat.der | .raw;sign(payload:format:)returning hex. - Secure Storage stamping now passes stored config at stamp time to scope Keychain/auth prompts; DER conversion updated.
TurnkeyContext
- Signing:
signRawPayload(...),signMessage(...),signTransaction(...)using the selected session. - Session helpers:
createKeyPair(),storeSession(...)with optional auto-refresh TTL,setActiveSession(...),refreshSession(...),getActiveSession(), andsignWithSession(message:). - Delegated access utilities:
fetchOrCreateP256ApiKeyUser(...),fetchOrCreatePolicies(...). - OTP result rename:
VerifyOtpResult(verificationToken: String).
New module TurnkeyKeyManager
EnclaveManager: create/bind/list/delete P-256 keys in Secure Enclave; sign messages (DER output).SecureStorageManager: create/import/list/delete keys in Keychain with configurable access control, prompts, reuse window, access group; retrieve private keys when permitted.
TurnkeyClient
- Additional initializers to use on-device keys or passkeys, and combinations with Auth Proxy.
API compatibility
- Additive for
StamperandTurnkeyClientinitializers andsign(...). - OTP struct field rename to
verificationToken; update call sites accordingly.
Full Changelog: v3.0.0...v3.1.0
Release: v3.0.0
What's Changed
✨ New Functionality
Auth Proxy Integration
- Added Auth Proxy support
- AddedloginWithPasskey(),signUpWithPasskey()for direct passkey authentication
- AddedinitOtp(),verifyOtp(),loginWithOtp(),signUpWithOtp(),completeOtp()for email/SMS authentication
- AddedloginWithOAuth(),signUpWithOAuth(),completeOAuth()for OAuth flows
- Added convenience handlershandleGoogleOAuth(),handleAppleOAuth(),handleDiscordOAuth(),handleXOauth()for specific OAuth providers
Secure Key Storage
- TurnkeySwift session keys now stored in Secure Enclave by default (with Keychain fallback)
- Added
SecureEnclaveStamperfor hardware-backed key storage (keys never leave Secure Enclave) - Added
SecureStorageStamperfor Keychain-backed key storage as fallback
State Management
- Added
@Publishedproperties forsession,user, andwalletsthat automatically update throughout the application lifecycle - State automatically refreshed after authentication and relevant operations
- Observable in SwiftUI via
@EnvironmentObject
Type System & Client
- New
TurnkeyTypespackage with smarter, easier-to-use types generated from Turnkey API - Updated
TurnkeyHttpclient to use the new type system for improved type safety and developer experience
Release: v2.2.0
What's Changed
✨ New Functionality
- Added
authStatetoTurnkeyContextfor synchronously tracking authentication state and determining the appropriate screen on app load. - Added
refreshSession()to manually refresh the session. Defaults to the selected session but accepts an optionalsessionKey. - Added
updateUserEmail(email:verificationToken:)andupdateUserPhoneNumber(phone:verificationToken:)for updating user contact details. These methods support optional verification tokens to mark the fields as verified, and allow deletion by passing an empty string. - Added support for automatically refreshing sessions before expiry when the app is active by passing the optional
refreshedSessionTTLSecondsparameter tocreateSession(). This controls the duration of refreshed sessions and must be at least 30 seconds.
🛠 Fixes
- Fixed a scheduling issue where expiry timers were not firing correctly while the app was active in the foreground.
Release: v2.1.1
What's Changed
🐛 Bug Fixes
- Fixed an issue where active sessions were being cleared due to stale pending keys not being removed after session creation.
- Pending keys are now correctly removed once a session is established.
Release: v2.1.0
What's Changed
✨ New Functionality
Added startGoogleOAuthFlow() to TurnkeySwift.
- This method uses ASWebAuthenticationSession to launch Google OAuth in a system browser and return an OIDC token, simplifying OAuth integration.
Release: v2.0.0
What's Changed
⚠️ Breaking
The SDK has been fully refactored into modular packages:
TurnkeyCryptoTurnkeyPasskeysTurnkeyStamperTurnkeyEncodingTurnkeyHttpTurnkeySwift
TurnkeyPasskeys
- Now uses
async/awaitinstead of notification-based observers. - Simplified API for passkey creation and assertion workflows.
TurnkeyHttp
- Provides low-level request construction using fully typed, OpenAPI-generated interfaces.
- Fixed an issue where undocumented errors were thrown without context. Errors are now structured and consistently surfaced.
TurnkeySwift
Introduced as the high-level abstraction layer, providing:
- Session management (JWT-backed)
- Simplified workflows for stamping, wallet creation, and user flows
Release: v1.2.1
Release: v1.2.0
What's Changed
Challenge format ( #1 )
The backend expects the challenge in hex format, and SHA256Digest returns only the raw format.
Now the challenge is properly encoded/formated.
ProxyMiddleware ( #5 ) - ⚠️ Minor Breaking
The ProxyMiddleware header for the forwarded Turnkey API request has been renamed:
| Old | New |
|---|---|
X-Forwarded-For |
X-Turnkey-Request-Url |
Ensure your backend is updated to support the new header name if you are using the latest version.
New Contributors
- @ericlewis made their first contribution in #1
Full Changelog: 1.1.0...1.2.0
Contributors
ericlewis
Assets 2
Release: v1.1.0
Version: 1.1.0
What's Changed
Oauth
Support for OAuth endpoints has been added:
getOauthProviders()createOauthProviders()deleteOauthProviders()
Sessions
Support for Session endpoints has been added:
createReadOnlySession()createReadWriteSession()
Non-breaking
emailAuth(): Added an optionalinvalidateExistingparameter toemailAuthfor API key invalidation.updateUser():updateUsernow supports updating theuserPhoneNumberfield.
⚠️ Breaking
createApiKeys():- Now uses
ApiKeyParamsV2, which introduces a new requiredcurveTypeparameter. Existing calls must be updated to provide a value forcurveType. https://docs.turnkey.com/api#tag/API-Keys/operation/CreateApiKeys
- Now uses
createSubOrganization:- Now uses
RootUserParamsV4, which introduces the following changes:- New required
oauthProvidersfield: Must be provided as a list of OAuth provider parameters. - New optional
userPhoneNumberfield: Represents the user's phone number in E.164 format. - Updated
apiKeystype: Now requiresApiKeyParamsV2instead ofApiKeyParams.
- New required
- Now uses
Migration Guide: createSubOrganization()
let rootUsers: [Components.Schemas.RootUserParamsV4] = [
.init(
userName: "user1",
userEmail: "[email protected]",
apiKeys: [
.init(
apiKeyName: "turnkey-demo",
publicKey: apiPublicKey!,
curveType: .API_KEY_CURVE_P256 // New required field
)
],
authenticators: [],
oauthProviders: [] // New required field
)
]
let output = try await client.createSubOrganization(
organizationId: organizationId!,
subOrganizationName: subOrganizationName,
rootUsers: rootUsers,
rootQuorumThreshold: rootQuorumThreshold,
wallet: wallet,
disableEmailRecovery: disableEmailRecovery,
disableEmailAuth: disableEmailAuth,
disableSmsAuth: false, // New optional parameter
disableOtpEmailAuth: false // New optional parameter
)
Full Changelog: 1.0.0...1.1.0