onetrust_publishers_native_cmp 202403.2.0

OneTrust is the leading Consent Management Platform (CMP) for mobile applications, websites, and Connected TVs. This plugin allows your application to leverage OneTrust's SDK for consent collection in [...]

OTPublishersNativeSDK

Expose OneTrust's Native CMP platform to your Flutter project.

Getting Started

Versioning

The SDK version used must match the version of the JSON published from your OneTrust instance. For example, if you’ve published version 6.10.0 of the JSON in your OneTrust environment, you must use the Flutter plugin version 6.10.0 as well. It is recommended to specify a version to avoid automatic updates, as a OneTrust publish is required when you update your SDK version.

To install the OneTrust plugin, run flutter pub add onetrust_publishers_native_cmp

Specify a version in your pubspec.yaml file, for example:

dependencies:
  onetrust_publishers_native_cmp: '6.10.0'

After adding the plugin to your Flutter project, build the project to check for any immediate errors.

This plugin pulls the OneTrust SDK from mavenCentral and Cocoapods.

Notes

OTPublishersNativeSDK supports a minimum iOS version of 11.0. You may have to specify a platform target in your podfile:

platform :ios, '11.0'

In Android, the underlying Native SDK requires a FragmentActivity in order to render a UI. In your Android MainActivity.java file, ensure that the MainActivity class is extending FlutterFragmentActivity.

Additionally, Android must use targetSdkVersion 33 and compileSDKVersion 33 or higher.

public class MainActivity extends FlutterFragmentActivity {
}

Usage

Initialization

Initialize OneTrust to fetch the data configured in your OneTrust tenant. This will make one or two network calls (depending on the type of template) and deliver a JSON object that contains all of the information required to render a banner and preference center.

The init call is an async function that returns a boolean status value; true if the initialization and download of data was successful, false if not.

Future<void> initOneTrust() async{
    bool status;
    Map<String, String> params = { //Params are not required
      "countryCode":"US",
      "regionCode":"CA"
    }
    try{
      status = await OTPublishersNativeSDK.startSDK("cdn.cookielaw.org","dec6b152-4ad9-487b-8e5a-24a06298417f","en", params);
    } on PlatformException{
      print("Error communicating with platform-side code");
    }

    if (!mounted) return;

    setState(() {
      _cmpDownloadStatus = status ? 'Success!':'Error';
    });

  }

Arguments

Name	Type	Description
storageLocation	String	[Required] The CDN location for the JSON that the SDK fetches. (Usually, but not always, cdn.cookielaw.org.)
domainIdentifier	String	[Required] The Application guid (retrieved from OneTrust Admin console)
languageCode	String	[Required] 2-digit ISO language code used to return content in a specific langauge. Note: Any language code format which is not listed in OneTrust environment will be considered as invalid input. Note: If the languageCode passed by your application is valid, but does not match with a language configuration for your template, then the SDK will return content in the default language configured in OneTrust environment (usually, but not always, English).
params	Map<String, String>	Parameter map (see below for accepted values)

Initialization Parameters

All initialization parameters are expected to be of type String, and all are optional.

Name	Type	Description
countryCode	String	2-digit ISO country code that will override OneTrust's geolocation service for locating the user. Typically used for QA to test other regions, or if your application knows the user's location applicable for consent purposes.
regionCode	String	2-digit ISO region code that will overide OneTrust's geolocation service.
androidUXParams	String	A stringified representation of the OTUXParams JSON object to override styling in-app. See "Android - Custom Styling with UXParams JSON" below.

Show an Interface

The plugin can load a Banner or a Preference center using the methods below:

OTPublishersNativeSDK.showBannerUI(); //load Banner
OTPublishersNativeSDK.showPreferenceCenterUI(); //load Preference Center

To determine if a banner should be shown (based on the template rendered and the status of the user's current consent,) use the shouldShowBanner() method. This returns a bool indicating whether or not a banner should be shown.

bool _shouldShowBanner;
try{
      _shouldShowBanner = await OTPublishersNativeSDK.shouldShowBanner();
    } on PlatformException{
      print("Error communicating with platform-side code");
    }
    if(_shouldShowBanner){
      OTPublishersNativeSDK.showBannerUI();
    }

Permission Prompts (App Tracking Transparency and Age Gate)

A permission prompt can be displayed for several reasons. Currently, two prompts are supported on Flutter: the App Tracking Transparency pre-prompt and the Age Gate prompt.

To surface these prompts, ensure that they have been configured in your OneTrust template. The prompts are surfaced by calling showConsentUI and passing in an OTDevicePermission enum. An integer is returned that indicates the result of the prompt.

//IDFA/ATT - iOS Only
 int authStatus = await OTPublishersNativeSDK.showConsentUI(OTDevicePermission.idfa);
 //Use the following to get the status as an enum -- there are several outcomes for IDFA specifically
 OTATTrackingAuthorizationStatus IDFAStatus = OTATTrackingAuthorizationStatus.values[authStatus];

 //Age Gate - iOS and Android
 int authStatus = await OTPublishersNativeSDK.showConsentUI(OTDevicePermission.AgeGate);
 //returns a 0 (user responded no) or a 1 (user responded yes)

This method will not resolve until the user has made a selection for the permission prompt..

This method takes an argument of type OTDevicePermission, which is provided as an enum for ease of use. It returns an OTATTrackingAuthorizationStatus.

Query ATT Status

The current status of App Tracking Transparency can be obtained by calling

OTATTrackingAuthorizationStatus authStatus = await OTPublishersNativeSDK.getATTrackingAuthorizationStatus();

The above method returns an OTATTTrackingAuthorizationStatus which is namespaced as such to avoid issues with other ATT plugins being used. For unsupported OS versions (all Android versions and iOS versions < 14,) this function will immediately return platformNotSupported. Possible values of the enum are

• notDetermined
• restricted
• denied
• authorized
• platformNotSupported

Query for Age Gate Status

The current status of the Age Gate can be obtained by calling

int authStatus = await OTPublishersNativeSDK.getAgeGatePromptValue()

This method will return a 0 for a No response to the Age Gate and a 1 for a Yes response.

Clear OneTrust SDK Data

The plugin can clear the OneTrust SDK data saved locally into persistent storage:

OTPublishersNativeSDK.clearOTSDKData(); //Clear OneTrust SDK data

Android - Custom Styling with UXParams JSON

OneTrust allows you to add custom styling to your preference center by passing in style JSON in a certain format. Build out your JSON by following the guide in the OneTrust Developer Portal.

Pass the JSON as a string into the startSDK function's params argument.

  String AndroidUXParams = await DefaultAssetBundle.of(context)
        .loadString("assets/AndroidUXParams.json");
    Map<String, String> params = {
      "androidUXParams": AndroidUXParams
    };
    try {
      status = await OTPublishersNativeSDK.startSDK(
          "cdn.cookielaw.org", appId, "en", params);
    } on PlatformException {
      print("Error communicating with platform code");
    }

iOS - Custom Styling with UXParams Plist

Custom styling can be added to your iOS Cordova application by using a .plist file in the iOS platform code. In addition to adding the .plist file (which can be obtained from the OneTrust Demo Application) to your bundle, there are a few changes that need to be made in the platform code, outlined below. Review the guide in the OneTrust Developer Portal.

In AppDelegate.swift, import OTPublishersHeadlessSDK. Add an extension below the class to handle the protocol methods:

import OTPublishersHeadlessSDK
...
extension AppDelegate: UIConfigurator{
    func shouldUseCustomUIConfig() -> Bool {
        return true
    }
    
    func customUIConfigFilePath() -> String? {
        return Bundle.main.path(forResource: "OTSDK-UIConfig-iOS", ofType: "plist")
    }
}

In the didFinishLaunchingWithOptions protocol method, assign the AppDelegate as the UIConfigurator:

@objc class AppDelegate: FlutterAppDelegate {
  override func application(
    _ application: UIApplication,
    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
  ) -> Bool {
    OTPublishersHeadlessSDK.shared.uiConfigurator = self //add this line only
    GeneratedPluginRegistrant.register(with: self)
    return super.application(application, didFinishLaunchingWithOptions: launchOptions)
  }
}

Listening for UI Changes

The plugin implements an EventChannel that opens a BroadcastStream with the platform-side code. To listen for changes in the ui.

Note that:

• The BroadcastStream will stay open until it is closed by calling .cancel() on it
• Only one BroadcastStream per EventChannel can be open at a single time. Therefore, you must call .cancel() on this stream before calling .listenForUIInteractions().listen again.

var interactionListener = OTPublishersNativeSDK.listenForUIInteractions().listen((event) {
      print(event);
      });

Expected return:

{
    'uiEvent':String,
    'payload':Object
}

UI Events

Event Name	Description	Payload
onShowBanner	Triggered when banner is shown	null
onHideBanner	Triggered when banner is closed	null
onBannerClickedAcceptAll	Triggered when user allows all consent from banner	null
onBannerClickedRejectAll	Triggered when user rejects all consent from banner	null
onShowPreferenceCenter	Triggered when Preference Center is displayed	null
onHidePreferenceCenter	Triggered when Preference Center is closed	null
onPreferenceCenterAcceptAll	Triggered when user allows all consent from Preference Center	null
onPreferenceCenterRejectAll	Triggered when user rejects all consent from Preference Center	null
onPreferenceCenterConfirmChoices	Triggered when user clicked on save choices after updating consent values from Preference Center	null
onShowVendorList	Triggered when vendor list UI is displayed from an IAB banner/ IAB Preference center	null
onHideVendorList	Triggered when vendor list UI is closed or when back button is clicked	null
onVendorConfirmChoices	Triggered when user updates vendor consent / legitimate interests purpose values and save the choices from vendor list	null
onVendorListVendorConsentChanged	Triggered when user updates consent values for a particular vendor id on vendor list UI	{vendorId:String, consentStatus:Int}
onVendorListVendorLegitimateInterestChanged	Triggered when user updates Legitimate interests values for a particular vendor id on vendor list UI	{vendorId:String, legitInterest:Int}
onPreferenceCenterPurposeConsentChanged	Triggered when user updates consent values for a particular category on Preference Center UI	{purposeId:String, consentStatus:Int}
onPreferenceCenterPurposeLegitimateInterestChanged	Triggered when user updates Legitimate interest values for a particular category on Preference Center UI	{purposeId:String, legitInterest:Int}
allSDKViewsDismissed	Triggered when all the OT SDK Views are dismissed from the view hierarchy.	{interactionType:String}

When Consent Changes

The consent status is returned as an integer value:

Status	Description
1	Consent given
0	Consent not given
-1	Consent not gathered or SDK not initialized

Query for Consent

To get the present consent state for a category, you can query for consent:

Future<void> getConsentStatus() async{
    int status;
    try{
      status = await OTPublishersNativeSDK.getConsentStatusForCategory("C0002");
    } on PlatformException{
      print("Error communicating with platform-side code.");
    }
    print("Queried Status for C0002 is = "+status.toString());
  }

Listen for Consent Changes

The plugin implements an EventChannel that opens a BroadcastStream with the platform-side code. To listen for changes to the consent state.

Note that:

• The BroadcastStream will stay open until it is closed by calling .cancel() on it
• Only one BroadcastStream per EventChannel can be open at a single time. Therefore, you must call .cancel() on this stream before calling .listenForConsentChanges().listen again.

var consentListener = OTPublishersNativeSDK.listenForConsentChanges(["C0002","C0003"]).listen((event) {
      setCategoryState(event['categoryId'], event['consentStatus']);
      print("New status for "+event['categoryId']+" is "+event['consentStatus'].toString());
    });

    //consentListener.cancel() //cancel listener

This listener accepts an array of strings containing Category IDs to listen for. The listener returns an object:

{
    'categoryId':String
    'consentStatus':int
}

Get SDK Consent Status

The consent status is returned as an integer value:

Status	Description
1	Consent Opted-In
0	Consent OptedOut
-1	Consent not gathered or SDK not present

Query for SDK Consent

To get the present consent state for a SDK, you can query for consent:

Future<void> getSDKConsentStatus() async{
    int status;
    try{
      status = await OTPublishersNativeSDK.getConsentStatusForSDK("SDKId");
    } on PlatformException{
      print("Error communicating with platform-side code.");
    }
    print("Queried Status for SDKId is = "+status.toString());
  }

Get Current Data Subject Identifier

OneTrust sets a GUID to identify the user for audit purposes if one is not specified. The identifier of the current suer can be used to look up the user's consent history in the OneTrust Consent module. To surface the identifier:

String id = await OTPublishersNativeSDK.getCurrentActiveProfile();

Set Data Subject Identifier

You can set the Data Subject Identifier by calling the following method. If the identifier is already known, you must pass that in. If the identifier was set by OneTrust as a GUID, you may pass null as the first argument.

await OTPublishersNativeSDK.renameProfile(null, "identifier2")
await OTPublishersNativeSDK.renameProfile("identifier1", "identifier2")

This will return a bool that will be true if successful. Otherwise, a FlutterError will be thrown. For example, if a profile of that name already exists, an error will be thrown.

Inject Consent to WebView

If you use WebViews in your applications, you may encounter a situation where you render a webpage running OneTrust’s Cookie Consent module, and the cookie banner is displayed. OneTrust provides a native way to take the consent gathered from the Native SDK and pass it down to the WebView.

To do this, simply call the function below to request a JavaScript variable from the OneTrust SDK. Placing this on the OneTrust SDK before the Cookies SDK loads will suppress the banner and pass consent to the WebView.

String jsToPass = await OTPublishersNativeSDK.getOTConsentJSForWebview();

Build Your Own UI

The OneTrust SDK offers several methods that can be leveraged to build your own interface.

Get Last Data Download Location

This method returns a map containing the country code and state code information about the last data downloaded location.

Map<String, dynamic> lastDataDownloadedLocation = await OTPublishersNativeSDK.getLastDataDownloadedLocation();

Get Domain Info

This method returns a map containing all the information about the domain (application) including rulesets and template configurations.

Map<String, dynamic> domainInfo = await OTPublishersNativeSDK.getDomainInfo();

Get Common Data

This method returns a map which contains template based information like branding which includes keys for determining colors and styles in the UI specific to a template configured for the user's geolocation along with consent logging information.

Map<String, dynamic> commonData = await OTPublishersNativeSDK.getCommonData();

Get Groups Data

This method returns a dictionary containing the information about all the categories and sdk IDs specific to a template configured for the user's geolocation. This is generally used to populate the preference center's toggle section.

Map<String, dynamic> groups = await OTPublishersNativeSDK.getDomainGroupData();

Get Banner Data

This method returns a dictionary which contains all the keys required to render a banner.

Map<String, dynamic> bannerData = await OTPublishersNativeSDK.getBannerData();

Get Vendor Details

This method returns a dictionary which contains all the details for vendor id.

Map<String, dynamic>? iabVendorDetails = await OTPublishersNativeSDK.getVendorDetails("vendor id", "vendorListMode");

### Update Purpose Consent
This method is used to modify the consent status of a category by passing Custom Group ID as the key and consent status as value. Note that you have to call 'saveConsent(OTInteractionType)', with type being ConsentInteractionType, to have any modifications you perform to actually register in OneTrust SDK. OneTrust will notify the consent status changes to your app on saving changes.

```dart
  //A user has just toggled on Category C0002
  OTPublishersNativeSDK.updatePurposeConsent("C0002", true);
  //After the user has made all of their selections and taps save, execute the saveConsent method below

Save Consent

Call this method to save the user's consent when they've indicated they wish for their consent to take effect. Examples include calling this method when a user accepts all on the banner, or after they've made all of their selections inside of a preference center.

//User confirms their choices in Pref Center
OTPublishersNativeSDK.saveConsent(OTInteractionType.preferenceCenterConfirm);

//User accepts all on the banner
OTPublishersNativeSDK.saveConsent(OTInteractionType.bannerAllowAll);

If configured, this will cause a record of consent to be sent. It will also signal the choices to the rest of your application via listeners.

The OTInteractionType is a convenient way to keep track of interaction types. There are many, but the most commonly used are

Enum Name	Description
bannerAllowAll	User has accepted all on the banner.
bannerRejectAll	User has rejected all on the banner.
bannerContinueWithoutAccepting	User has selected the "Continue Without Accepting" CNIL button on the banner.
bannerClose	User has closed the banner without making a selection.
preferenceCenterAllowAll	User has selected Allow All in the preference center.
preferenceCenterRejectAll	User has selected Reject All in the preference center.
preferenceCenterConfirm	User has made selections in the Preference Center and tapped Confirm.

Reset Local Consent

If a user has made selections in the preference center but then closes the preference center without saving, call this method to abandon the "staged" consent changes.

OTPublishersNativeSDK.resetUpdatedConsent();

Universal Consent

Universal consent allows your application to collect consent for off-device processing. For example, your application might need to request permission to send a user promotional SMS messages. In OneTrust, after a Universal Consent transaction is committed, integration workflows can be triggered in the OneTrust tool.

Universal Consent requires a user identifier to work properly.

Display Universal Consent Preference Center

To load the Universal Consent preference center over the current screen, simply call

OTPublishersNativeSDK.showUCPurposesUI()

Query for Universal Consent Values

This plugin exposes async methods to retrieve the current state of the users' consent.

Status	Explanation
1	Consent Given
0	Consent Not Given
-1	Consent not yet gathered, or SDK not initialized

To query for the top-level purpose's consent:

int? consent = await OTPublishersNativeSDK.getUCPurposeConsent('purposeId')

Argument	Type	Description
purposeId	String	The GUID of the purpose to retrieve.

To query for a custom preference nested under a purpose:

int? consent = await OTPublishersNativeSDK.getUCPurposeCustomPreferenceOptionConsent('customPreferenceOptionId',
 'customPreferenceId','purposeId')

Argument	Type	Description
customPreferenceOptionId	String	The GUID of the custom preference option
customPreferenceId	String	The GUID of the custom preference group
purposeId	String	The GUID of the purpose under which the custom preference is nested.

To query for a topic nested under a purpose:

int? consent = await OTPublishersNativeSDK.getUCPurposeTopicConsent('topicOptionId', 'purposeId')

Argument	Type	Description
topicOptionId	String	The GUID of the topic option
purposeId	String	The GUID of the purpose under which the custom preference is nested.

Programatically Set Universal Consent Values

The package exposes methods to programatically set the users' consent values. A common use case is when a sign-up form has a checkbox at the bottom to allow the user to opt into emails. In this case, the application would set the value of the associated purpose, and the user could change his or her decision later in the preference center.

After making consent updates, the application must call the saveUCConsent() function to commit the changes.

To update the top-level purpose's consent:

await OTPublishersNativeSDK.updateUCPurposeConsent('purposeId', true)

Argument	Type	Description
purposeId	String	The GUID of the purpose to update
consent	Boolean	Whether or not consent has been granted for the specified item

To update a custom preference nested under a purpose:

OTPublishersNativeSDK.updateUCPurposeCutomPreferenceOptionConsent('customPreferenceOptionId',
 'customPreferenceId','purposeId', true)

Argument	Type	Description
topicId	String	The GUID of the custom preference option
purposeId	String	The GUID of the custom preference group
consent	Boolean	Whether or not consent has been granted for the specified item

To update a topic nested under a purpose:

OTPublishersNativeSDK.updateUCPurposeTopicConsent('topicOptionId', 'purposeId', true)

Save Consent

After making updates to the consent values, the application must call the following to commit the changes:

  OTPublishersNativeSDK.saveConsent(OTInteractionType.ucPreferenceCenterConfirm)

Resolving Dependency Clashes

In rare cases, one of the dependencies required by OneTrust's underlying Native Android SDK may clash with dependencies in your application. Most of the time, Gradle will resolve these automatically. If that is not the case however, OneTrust provides the option to suppress all transitive dependencies from the OneTrust .aar file.

To suppress all transitive dependencies, add onetrust.includeTransitiveDependencies=false to your Android project's local.properties file. If your application suppresses OneTrust's dependencies, the dependencies must be added to your project manually. A list of required dependencies is available at Developer.OneTrust.com.