Trusted Entitlements: stable#1105
Conversation
There was a problem hiding this comment.
I think this should be the final API, so it can support ENFORCED when we re-add that, and so that it provides a consistent API for the hybrids. Thoughts @tonidero?
There was a problem hiding this comment.
Well, In Android, I changed the parameter to a boolean since it kinda made more sense to me that, for this function that enabled 2 features to be a boolean instead of an EntitlementVerificationMode which doesn't have anything to do with diagnostics. I do agree that for the final release, if we separate both features, passing an enum like this to configure trusted entitlements makes the most sense. Happy to chat more about this though! cc @aboedo In case you have any thoughts.
Another question is, do we want to tie diagnostics to trusted entitlements for the final release? IMO, I mostly would like these features tied only while they are on beta so we can be more confident about it until we release it fully. I would split them after that.
There was a problem hiding this comment.
Oh yeah that makes sense, even simpler.
There was a problem hiding this comment.
This probably needs a test.
|
@NachoSoto I'm taking over this PR! Lmk if you had anything else planned here |
960fbcf to
1672fde
Compare
There was a problem hiding this comment.
I kept the existing experimental method but deprecated, In case anyone is using it since it's pretty easy to keep. We can remove it on the next major.
There was a problem hiding this comment.
This will be the way to enable entitlement verification.
Trusted Entitlements: re-enable verification APITrusted Entitlements: stable
|
Awesome. We'll just need to update RevenueCat/purchases-hybrid-common#451 |
42240b8 to
c6603dd
Compare
I updated that PR to reflect the new name |
c6603dd to
31f10f1
Compare
31f10f1 to
affe47d
Compare
Codecov Report
@@ Coverage Diff @@
## main #1105 +/- ##
==========================================
- Coverage 85.60% 85.25% -0.36%
==========================================
Files 175 175
Lines 6038 6098 +60
Branches 875 893 +18
==========================================
+ Hits 5169 5199 +30
- Misses 528 555 +27
- Partials 341 344 +3
|
**This is an automatic release.** ### New Features * `Trusted Entitlements`: made API stable (#1105) via NachoSoto (@NachoSoto) This new feature prevents MitM attacks between the SDK and the RevenueCat server. With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent. This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult` property, which will indicate the validity of the responses when this feature is enabled. ```kotlin fun configureRevenueCat() { val configuration = PurchasesConfiguration.Builder(context, apiKey) .entitlementVerificationMode(EntitlementVerificationMode.INFORMATIONAL) .build() Purchases.configure(configuration) } ``` ### Experimental features * Add await offerings (#1096) via Cesar de la Vega (@vegaro) ### Bugfixes * Fix issue updating customer info on app open (#1128) via Toni Rico (@tonidero) ### Dependency Updates * Bump fastlane-plugin-revenuecat_internal from `13773d2` to `b2108fb` (#1095) via dependabot[bot] (@dependabot[bot]) ### Other Changes * [PurchaseTester] Add option to purchase an arbitrary product id (#1099) via Mark Villacampa (@MarkVillacampa) * Fix release path after module refactor (#1129) via Toni Rico (@tonidero) * Fix load shedder integration tests (#1125) via Toni Rico (@tonidero) * Trusted entitlements: New trusted entitlements signature format (#1117) via Toni Rico (@tonidero) * Fix integration tests and change to a different project (#1123) via Toni Rico (@tonidero) * Move files into src/main/kotlin (#1122) via Cesar de la Vega (@vegaro) * Remove public module (#1113) via Cesar de la Vega (@vegaro) * Remove common module (#1106) via Cesar de la Vega (@vegaro) * Fix flaky integration tests: Wait for coroutines to finish before continuing (#1120) via Toni Rico (@tonidero) * Move amazon module into purchases (#1112) via Cesar de la Vega (@vegaro) * Trusted entitlements: Add IntermediateSignatureHelper to handle intermediate signature verification process (#1110) via Toni Rico (@tonidero) * Trusted entitlements: Add Signature type to process new signature response format (#1109) via Toni Rico (@tonidero) * [EXTERNAL] Add `awaitCustomerInfo` / coroutines tests to `TrustedEntitlementsInformationalModeIntegrationTest` (#1077) via @pablo-guardiola (#1107) via Toni Rico (@tonidero) * Remove feature:google module (#1104) via Cesar de la Vega (@vegaro) * Remove identity module (#1103) via Cesar de la Vega (@vegaro) * Remove subscriber attributes module (#1102) via Cesar de la Vega (@vegaro) * Delete utils module (#1098) via Cesar de la Vega (@vegaro) * Remove strings module (#1097) via Cesar de la Vega (@vegaro) * Update CHANGELOG.md to include external contribution (#1100) via Cesar de la Vega (@vegaro) * [EXTERNAL] Add missing `fetchPolicy` parameter to `awaitCustomerInfo` API (#1086) via @pablo-guardiola (#1090) via Toni Rico (@tonidero) --------- Co-authored-by: revenuecat-ops <ops@revenuecat.com> Co-authored-by: Toni Rico <antonio.rico.diez@revenuecat.com>
) Depends on RevenueCat/purchases-ios#2621 and RevenueCat/purchases-android#1105. --------- Co-authored-by: Toni Rico <antonio.rico.diez@revenuecat.com>
This PR brings Trusted entitlements to stable and to java.
Trusted entitlements
This new feature prevents MitM attacks between the SDK and the RevenueCat server.
With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent.
This is 100% opt-in. EntitlementInfos have a new VerificationResult property, which will indicate the validity of the responses when this feature is enabled.