-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trusted Entitlements
: improved documentation
#2782
Conversation
I've also added a link to our new documentation page: https://rev.cat/trusted-entitlements
/// Defaults to ``Configuration/EntitlementVerificationMode/disabled``. | ||
/// | ||
/// The result of the verification can be obtained from ``EntitlementInfos/verification`` or | ||
/// ``EntitlementInfo/verification``. | ||
/// | ||
/// - Note: This requires iOS 13+. | ||
/// - Important: This feature is currently in beta. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've also removed this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
**This is an automatic release.** ### New Features * `Trusted Entitlements`: (#2621) via NachoSoto (@NachoSoto) This new feature prevents MitM attacks between the SDK and the RevenueCat server. With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent. This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult` property, which will indicate the validity of the responses when this feature is enabled. ```swift let purchases = Purchases.configure( with: Configuration .builder(withAPIKey: "") .with(entitlementVerificationMode: .informational) ) let customerInfo = try await purchases.customerInfo() if !customerInfo.entitlements.verification.isVerified { print("Entitlements could not be verified") } ``` You can learn more from [the documentation](https://www.revenuecat.com/docs/trusted-entitlements). ### Other Changes * `TrustedEntitlements`: new `VerificationResult.isVerified` (#2788) via NachoSoto (@NachoSoto) * `Refactor`: extracted `Collection.subscript(safe:)` (#2779) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: added link to docs in `ErrorCode.signatureVerificationFailed` (#2783) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: improved documentation (#2782) via NachoSoto (@NachoSoto) * `Tests`: fixed flaky failure with asynchronous check (#2777) via NachoSoto (@NachoSoto) * `Integration Tests`: re-enable signature verification tests (#2744) via NachoSoto (@NachoSoto) * `CI`: remove `Jazzy` (#2775) via NachoSoto (@NachoSoto) * `Signing`: inject `ClockType` to ensure hardcoded signatures don't fail when intermediate key expires (#2771) via NachoSoto (@NachoSoto) --------- Co-authored-by: NachoSoto <ignaciosoto90@gmail.com>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2782 +/- ##
==========================================
- Coverage 86.49% 86.37% -0.13%
==========================================
Files 214 214
Lines 15379 15379
==========================================
- Hits 13302 13283 -19
- Misses 2077 2096 +19 ☔ View full report in Codecov by Sentry. |
I've also added a link to our new documentation page: https://rev.cat/trusted-entitlements