verification_sdk 1.1.4

Flutter SDK for multi-stage identity verification with camera, webview and KYC flows for mobile and web apps.

1.1.4 — 2026-01-31

Added

• SDK now returns digilocker_xml in host callbacks after a DigiLocker fetch; includes aadhaar_front_base64 and aadhaar_front_path when available.
• OCR failure retry UI: when OCR fails for a side, the SDK prompts the user to retry and clears the failed side for recapture.

Changed

• Removed presign upload flow in production; face-match now sends both images directly as multipart (image1 + image2) by default.
• Face-match success threshold raised to require match > 70%.
• Processing overlay and navigation handling hardened to use a safe host/root context and avoid inadvertent SDK closure on errors.

Fixed

• Presign-related requests that caused production failures have been removed.
• OCR failure path no longer closes the SDK; it now surfaces a retry option and clears only the failed side(s).
• DigiLocker flow now reliably surfaces fetched Aadhaar XML to host callbacks.

Integration Notes

• Server: support multipart image1 (Aadhaar) and image2 (selfie). image2_url remains supported for backward compatibility.
• Host apps: expect digilocker_xml in callbacks and optional aadhaar_front_base64 / aadhaar_front_path.
• selfie_base64 and aadhaar_*_base64 can be large — avoid logging or persisting them insecurely.
• Face-match threshold change may require coordination with backend tuning for production accuracy.

1.1.3 — 2026-01-30

Added

• Direct face-match multipart upload: client can now POST both Aadhaar (image1) and selfie (image2) files in a single request via postFaceMatchWithFiles.
• Face-match callbacks include selfie_path and selfie_base64 on success (base64 included when encoding succeeds).

Changed

• Replaced presigned selfie-upload + image2_url flow with direct multipart file upload by default; client now sends image1 + image2.
• Simplified debug logging for face-match (removed presign-specific logs).

Fixed

• Presign-related failures no longer block face-match resolution.
• Reduced edge cases where presigned upload race conditions interfered with camera lifecycle.

Integration Notes

• Server: support for multipart image1 (Aadhaar) and image2 (selfie) is required; image2_url is still accepted for backwards compatibility.
• Host apps: ensure a valid sessionToken and accessible Aadhaar front image file before invoking face-match.
• selfie_base64 can be large — avoid logging or storing it insecurely.

1.1.2 — 2026-01-24

Added

• Enforced circular viewfinder in Face Match UI:
  • Camera preview and captured image are constrained to a fixed square so ClipOval renders a perfect circle on all devices.
• Face-match callbacks now include selfie details:
  • selfie_path is always provided on success; selfie_base64 is included when encoding succeeds.
• Small debug logging improvements to help trace upload/presign steps.

Changed

• Face Match preview sizing: preview is forced to a 260×260 square to avoid aspect-ratio distortions that previously produced an oval viewfinder.
• Improved error and lifecycle signaling around selfie upload and processing; host callbacks receive clearer success/failure payloads.

Fixed

• Fixed an issue where the viewfinder could appear oval on some devices due to non-square preview constraints.
• Ensured selfie data is sent to host callbacks even when base64 encoding fails (fallback to selfie_path).

Integration Notes

• selfie_base64 can be large; host apps should avoid logging or persisting it insecurely.
• No API contract changes: face-match still uploads selfie to presign and sends image2_url to server.

1.1.1 — 2026-01-16

Added

• Face-match presigned upload flow:
  • Selfie is uploaded to a presigned URL and image2_url is sent to the face-match API (matches server contract).
• Debug logging for face-match:
  • Token preview, file paths and sizes, and the raw server response are now logged to help trace requests.
• Aadhaar OCR callback enhancements:
  • aadhaar_front_path and aadhaar_back_path are provided to host callbacks.
  • Optional aadhaar_front_base64 and aadhaar_back_base64 included when encoding succeeds.
• Fail-fast error propagation:
  • Service-side error objects are surfaced to the UI and host callbacks so issues are visible immediately.

Changed

• Face match invocation:
  • Client now uses postFaceMatch (file + image2_url) after uploading selfie to presign instead of sending two files directly.
• Aadhaar OCR UI and camera handling:
  • Ensured camera is released between flows with a short cooldown and endOfFrame waits.
  • Prevents duplicate camera/API calls on rapid taps.
• Improved stage lifecycle signaling:
  • Stage events include clearer stage_started, stage_completed, and stage_failed semantics and now carry error details when available.

Fixed

• 422 error from face-match due to missing image2_url — now fixed by uploading selfie and sending URL.
• Silent client-side swallowing of server error payloads — errors now surface in dialogs and callbacks.
• SDKState now stores Aadhaar front base64 when available; callbacks include file paths/base64 for host consumption.
• Minor camera lifecycle issues in OCR flow (release/timing) resolved.

Integration Notes

• Host must provide a valid sessionToken and environment to the SDK for API requests.
• Presign response format: server should return usable presign url and fields/headers as appropriate. Client supports both POST-form and PUT-style presigns.
• The SDK logs face-match request/response details to the Flutter console — remove or filter these logs in production as needed.

1.1.0 — 2026-01-12

Added

• Unified verification flow stability layer

  • Centralized lifecycle handling for Camera, WebView, and native intents.
  • Prevents overlapping platform surfaces (camera/webview/image picker).

• Deterministic navigation stack management

  • SDK guarantees a single active verification surface at any time.
  • Explicit teardown of obsolete routes before launching the next stage.
  • Prevents previous screens from bleeding through behind bottom sheets.

• Face Match threshold control

  • Configurable face-match threshold (default: 10% for testing; backend-driven for production).
  • Match percentage normalized and exposed via callbacks.

• Strict stage gating

  • Face Match can only be launched after Aadhaar verification.
  • OCR/DigiLocker stages become terminal once completed.

• Improved host signaling

  • Introduced a clearer stage lifecycle:
    • stage_started
    • stage_completed
    • stage_failed

---

Changed

• Camera architecture hardening

  • Enforced single-camera ownership between image_picker and camera.
  • Ensures camera resources are fully released before reinitialization.
  • Added a cooldown window between camera transitions.

• Bottom-sheet rendering model

  • SDK screens now render on a dedicated opaque layer.
  • Host app UI is fully hidden during verification.
  • Eliminates background leaks and black flashes.

• OCR → Overview → Face Match flow

  • Overview screen is the only gateway to Face Match.
  • Direct navigation from OCR to Face Match is blocked.

• API invocation behavior

  • APIs now fail fast on malformed responses.
  • Removed implicit success assumptions in client logic.
  • Response validation enforced before stage completion.

---

Fixed

• Android BLASTBufferQueue errors caused by unreleased camera frames.
• Black screens when pushing non-opaque routes over camera surfaces.
• Aadhaar OCR UI remaining visible behind Face Match bottom sheets.
• Camera freezes when simulate: false on slower networks.
• Multiple Proceed taps triggering duplicate API calls.
• Navigator context disposal edge cases.

---

Performance Improvements

• Reduced camera initialization latency on mid-range Android devices.
• Fewer widget rebuilds during camera preview.
• Lower memory churn during OCR → Overview transitions.

---

Known Issues

• Some OEM camera implementations may still log low-level warnings.
• WebView stability depends on system WebView version.
• Backend APIs must return meaningful validation fields.

---

Integration Notes

• Do not open host-side camera while SDK is active.
• Always launch the SDK using the provided entry point.
• Recommended Android override:

  dependency_overrides:
    camera_android: ^0.10.8
  

1.0.0 — 2026-01-05

Added

• Initial public release of the verification_sdk Flutter package.
• End-to-end verification flow:
  • Mobile OTP request & verification.
  • DigiLocker OIDC integration to fetch Aadhaar XML via WebView.
  • Front-camera selfie capture and face-match against Aadhaar photo (presigned upload support).
• Host integration hooks:
  • VerificationSDK.initialize(...) with optional branding (brandLogoUrl, brandTitle, primaryColor) and mobileNumber.
  • VerificationSDK.startVerification(context, callbacks: ...) to launch the flow.
  • VerificationCallbacks for onStageComplete, onError, and onComplete.
• Local example app (example) demonstrating SDK initialization and launch.
• Theming support: primaryColor can be provided as hex string or integer in userData.

Changed

• Consolidated upload helper for presigned URL flows supporting POST-form and PUT presigns.
• Inline face-match UX: captured selfie stays on-screen with a small inline “Processing” spinner; full-screen processing overlay used only when intentionally invoked.

Fixed

• Robust navigator handling: SDK stores root NavigatorState at startup to safely close and restore host UI.
• Camera lifecycle fixes to avoid preview/dispose races on common devices.
• Temporary client-side fix for presign PUT signature issues (adds required headers when server signs them). (Recommendation: backend should remove signed headers or document required client headers.)

Known Issues

• Some Android emulators may show camera2 warnings ("Handler ... on a dead thread") — mitigations added; recommend testing on physical devices.
• WebView renderer crashes can occur on some emulator/system WebView versions; test Digilocker flows on target devices.
• Server presign contract: server should avoid signing headers that the client may not include. See integration notes.

Integration Notes

• Ensure AndroidManifest.xml contains camera and internet permissions.
• Add NSCameraUsageDescription in iOS Info.plist.
• Pass a valid sessionToken from your backend for API calls.
• Test the example app on a physical device for best camera/WebView results.

Contact

• For integration support, provide clientId/environment details and sample sessionToken acquisition flow to the SDK team.