Release 14.32.0

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](https://semver.org/).
 
+## 14.32.0 - 2024-07-24
+### Changed
+- Updated CSP - Added data: to media-src
+
 ## 14.31.0 - 2024-07-17
 
 ## 14.30.0 - 2024-07-04

README.md

@@ -200,19 +200,9 @@ For details on how to generate a `workflow_run_id`, please refer to the `POST /w
 
 ### SDK authentication
 
-The SDK is authenticated using SDK tokens. As each SDK token must be specific to a given applicant and session, a new token must be generated each time you initialize the Onfido Web SDK.
-
-- **`token {String}` - required**
+The SDK is authenticated using SDK tokens. Onfido Studio generates and exposes SDK tokens in the workflow run payload returned by the API when a workflow run is [created](https://documentation.onfido.com/#create-workflow-run).
 
-  A JWT is required in order to authorize with the Onfido WebSocket endpoint. If the SDK token is missing, an exception will be thrown.
-
-For details on how to generate SDK tokens, please refer to `POST /sdk_token/` definition in the Onfido [API reference](https://documentation.onfido.com/api/latest#generate-sdk-token).
-
-<Callout type="warning">
-
-> SDK tokens have a fixed expiry of 90 minutes.
-
-</Callout>
+SDK tokens for Studio can only be used together with the specific workflow run they are generated for, and remain valid for a period of five weeks.
 
 **Note**: You must never use API tokens in the frontend of your application as malicious users could discover them in your source code. You should only use them on your server.
 
@@ -395,7 +385,67 @@ Regardless of the cross-device method, the secure URL is unique to this session.
 
 At the end of the capture process, users will be instructed to revert back to their desktop to complete the SDK flow.
 
-**Note** that during a capture sequence on a desktop device, if a camera cannot be detected, the user is forward by default to the cross-device flow in order to attempt the capture on another device.
+**Note** that during a capture sequence on a desktop device, if a camera cannot be detected, the user is forwarded directly to the cross-device flow in order to attempt the capture on another device.
+
+**Also note** that One-Time SMS links **cannot** be sent to the following regions and the messages will not be delivered:
+
+**North America**
+- Belize
+- Cuba
+- Grenada
+- Haiti
+- St Kitts and Nevis
+
+**Asia**
+- Afghanistan
+- Azerbaijan
+- Bangladesh
+- Bhutan
+- East Timor
+- Iran
+- Iraq
+- Jordan
+- Democratic People's Republic of Korea
+- Kyrgyzstan
+- Laos
+- Lebanon
+- Myanmar
+- Oman
+- Palestinian Territory
+- Sri Lanka
+- Syria
+- Tajikistan
+- Turkmenistan
+- Yemen
+
+**Africa**
+- Burkina Faso
+- Burundi
+- Cape Verde
+- Central Africa
+- Chad
+- Comoros
+- Djibouti
+- Egypt
+- Equatorial Guinea
+- Eritrea
+- Guinea Bissau
+- Liberia
+- Libya
+- Madagascar
+- Mauritania
+- Niger
+- Sao Tome and Principe
+- Senegal
+- Seychelles
+- Somalia
+- South Sudan
+- Sudan
+- Swaziland
+- Zambia
+- Zimbabwe
+
+For more information regarding region blocking, please contact Onfido's [Customer Support](mailto:[email protected]).
 
 #### Enforcing cross-device navigation
 
@@ -700,6 +750,24 @@ The `steps` parameter is mutually exclusive with `workflowRunId`. The other para
 
 **Note** that this initialization process is **not recommended** as the majority of new features are exclusively released for Studio workflows.
 
+### Manual SDK authentication
+
+The SDK is authenticated using SDK tokens. As each SDK token must be specific to a given applicant and session, a new token must be generated each time you initialize the Onfido Web SDK.
+
+- **`token {String}` - required**
+
+  A JWT is required in order to authorize with the Onfido WebSocket endpoint. If the SDK token is missing, an exception will be thrown.
+
+For details on how to manually generate SDK tokens, please refer to the `POST /sdk_token/` definition in the Onfido [API reference](https://documentation.onfido.com/#generate-sdk-token).
+
+<Callout type="warning">
+
+> It's important to note that manually generated SDK tokens expire after 90 minutes (SDK tokens generated in Onfido Studio when creating workflow runs are **not** affected by this limit).
+
+</Callout>
+
+**Note**: You must never use API tokens in the frontend of your application as malicious users could discover them in your source code. You should only use them on your server.
+
 - **`steps {List<String>}` - optional**
 
   The list of user verification steps, in order of appearance. Each step can either be specified as a string (when no customization is required) or an object (when customization is required). Customization options are described in the following sections.
@@ -710,7 +778,8 @@ From the possible steps listed below, only `document` is required:
 | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `welcome`  | Welcome screen shown to the user with preliminary instructions. [Customization](#welcome-step) options include modification to the text elements and instructions shown to the user.                                                     |
 | `document` | Set of screens that control the capture via photo or upload of the user's document. Numerous [customization](#document-step) options are available to define the document list presented to the user and the overall capture experience. |
-| `face`     | Set of screens that control the capture of a selfie, video or motion of the user. The [customization](#face-step) options allow the selection of the capture variant as well as fallback options.                                        |
+| `face`     | Set of screens that control the capture of a selfie, video or motion of the user. The [customization](#face-step) options allow the selection of the capture variant as well as fallback options.   
+| `poa`     | Set of screens where the user selects the issuing country and type of document to [verify their address](#poa-step).                                     |
 | `complete` | Screen shown to the user at the end of the flow. [Customization](#complete-step) options include modifications to the text elements shown to the user.                                                                                   |
 
 ```javascript
@@ -725,6 +794,7 @@ Onfido.init({
       },
     },
     "document",
+    "poa",
     "face",
   ];
 });
@@ -859,6 +929,9 @@ In case you require to capture a document that is not supported by Onfido or a s
     }
   }
   ```
+#### `poa` step
+
+This is the Proof of Address capture step. Users will be asked to select the issuing country of their document, the document type, and to provide images of their selected document. They will also have a chance to check the quality of the images before confirming. There are no custom options for this step.
 
 #### `face` step
 

locales/ar/ar.json

@@ -1269,6 +1269,27 @@
             "subtitle": "سنقارنها بمستندك",
             "title": "التقط صورة سيلفي"
         },
+        "sid": {
+            "passkey": {
+                "fail": {
+                    "button": "ابدأ التحقق",
+                    "content": "سنطلب بعض الوثائق والمعلومات الشخصية منك، التي يمكن أن تساعدنا في التأكد من أنك الشخص الذي تدعي أنك هو.",
+                    "disclaimer": "ستتمكن من إعداد هذا التحقق ليكون قابلاً لإعادة الاستخدام في نهاية العملية.",
+                    "subtitle": "عذرًا، لا يمكنك تجاوز هذا الإجراء، يرجى المرور عبر عملية التحقق من الهوية:",
+                    "title": "لا يوجد تحقق من الهوية قابل للاستخدام"
+                },
+                "success": {
+                    "biophoto": "صورة لوجهك لإثبات أنك شخص حقيقي",
+                    "biovideo": "تسجيل لوجهك لإثبات أنك شخص حقيقي",
+                    "button": "استمر",
+                    "datacapture": "بعض المعلومات الشخصية",
+                    "document": "وثيقة هوية صادرة عن الحكومة وهي صالحة",
+                    "drivinglicense": "رخصة قيادة صادرة عن الحكومة وهي صالحة",
+                    "proofofaddress": "وثيقة صالحة يمكن أن تكون بمثابة دليل على العنوان",
+                    "title": "تم العثور على عملية التحقق السابقة!"
+                }
+            }
+        },
         "sms_sent": {
             "info": "نصائح",
             "info_link_expire": "ستنتهي صلاحية رابطك خلال ساعة واحدة",
@@ -1355,11 +1376,11 @@
             "list_header_doc_video": "استخدم جهازك للتسجيل:",
             "list_header_webcam": "استخدم كاميرا الويب أو الهاتف لالتقاط صورة:",
             "list_item_doc": "بطاقة هويتك",
-            "list_item_doc_generic": "قم بتسجيل فيديو لمستند هويتك",
+            "list_item_doc_generic": "تسجيل فيديو لمستند هويتك",
             "list_item_doc_photo": "التقط صورة لمستند هويتك",
             "list_item_doc_video": "سجّل فيديو لمستند هويتك",
             "list_item_doc_video_timeout": "يقتصر تسجيل الفيديو على ​<timeout>​​<\/timeout>​ ثوانٍ. ​<fallback>​ابدأ مرة أخرى​<\/fallback>​",
-            "list_item_face_photo": "التقط صورة لوجهك",
+            "list_item_face_photo": "التقاط صورة لوجهك",
             "list_item_face_video": "سجِّل فيديو لوجهك",
             "list_item_poa": "إثبات عنوانك",
             "list_item_selfie": "وجهك",

locales/bg/bg.json

@@ -346,7 +346,7 @@
             "header_step1": "Стойте неподвижно",
             "header_step2": "Бавно обърнете документа си, за да покажете задната страна",
             "prompt": {
-                "detail_timeout": "Видеозаписът е ограничен до <timeout><\/timeout>°секунди. <fallback>Започнете отново<\/fallback>"
+                "detail_timeout": "Видеозаписът е ограничен до <timeout><\/timeout> секунди. <fallback>Започнете отново<\/fallback>"
             },
             "stepper": "Стъпка <step><\/step> от <total><\/total>",
             "success_accessibility": "Успешен опит"
@@ -1269,6 +1269,27 @@
             "subtitle": "Ще сравним това с документа ви",
             "title": "Направете си селфи"
         },
+        "sid": {
+            "passkey": {
+                "fail": {
+                    "button": "Стартиране на проверката",
+                    "content": "Ще поискаме някои документи и лична информация от вас, които могат да ни помогнат да разберем, че сте този, за когото твърдите, че сте.",
+                    "disclaimer": "Ще можете да настроите тази верификация да бъде повторно използваема в края на потока.",
+                    "subtitle": "Съжаляваме, не можете да пропуснете този етап, моля, преминете през процеса на верификация на самоличността:",
+                    "title": "Няма налична подходяща верификация"
+                },
+                "success": {
+                    "biophoto": "Снимка на лицето ви, за да докажете, че сте истински човек",
+                    "biovideo": "Запис на вашето лице, за да докажете, че сте истински човек",
+                    "button": "Продължете",
+                    "datacapture": "Някои лични данни",
+                    "document": "Валиден документ за самоличност, издаден от държавата",
+                    "drivinglicense": "Валидна шофьорска книжка, издадена от правителството",
+                    "proofofaddress": "Валиден документ, който може да служи като доказателство за адрес",
+                    "title": "Предишна верификация е открита!"
+                }
+            }
+        },
         "sms_sent": {
             "info": "Съвети",
             "info_link_expire": "Връзката ще изтече след един час",
@@ -1339,8 +1360,8 @@
             "video_accessibility": "Възпроизвеждане на записаното видео"
         },
         "video_intro": {
-            "button_pause_accessibility": "Пауза на видеото",
-            "button_play_accessibility": "Възпроизвеждане на видеото",
+            "button_pause_accessibility": "Пауза на илюстративната анимация на процедурата за сканиране",
+            "button_play_accessibility": "Пуснете илюстративна анимация на процедурата за сканиране",
             "button_primary": "Запишете видео",
             "list_accessibility": "Действия за записване на видео селфи",
             "list_item_actions": "Имате 20 секунди, за да завършите",
@@ -1358,7 +1379,7 @@
             "list_item_doc_generic": "Запишете видео на вашия документ за самоличност",
             "list_item_doc_photo": "Направите снимка на документа си за самоличност",
             "list_item_doc_video": "Запишете видео с документа си за самоличност",
-            "list_item_doc_video_timeout": "Видеозаписът е ограничен до <timeout><\/timeout>°секунди. <fallback>Започнете отново<\/fallback>",
+            "list_item_doc_video_timeout": "Видеозаписът е ограничен до <timeout><\/timeout> секунди. <fallback>Започнете отново<\/fallback>",
             "list_item_face_photo": "Направите снимка на лицето си",
             "list_item_face_video": "Запишете видео на лицето си",
             "list_item_poa": "доказателство за адрес",

locales/cs/cs.json

@@ -1269,6 +1269,27 @@
             "subtitle": "Porovnáme to s vaším dokumentem",
             "title": "Pořiďte si selfie"
         },
+        "sid": {
+            "passkey": {
+                "fail": {
+                    "button": "Zahájit proces ověřování",
+                    "content": "Požádáme vás o nějakou dokumentaci a osobní informace, které nám mohou pomoci ověřit, že jste to, kým tvrdíte, že jste.",
+                    "disclaimer": "Budete moci nastavit tuto ověřování tak, aby byla opakovatelná na konci procesu.",
+                    "subtitle": "Omlouváme se, ale nemůžete tento proces přeskočit, prosím projděte procesem ověření identity:",
+                    "title": "Žádné použitelné ověření identity není k dispozici"
+                },
+                "success": {
+                    "biophoto": "Fotografie vaší tváře prokazující, že jste skutečná osoba",
+                    "biovideo": "Nahrávka vaší tváře prokazující, že jste skutečná osoba",
+                    "button": "Pokračovat",
+                    "datacapture": "Některé osobní informace",
+                    "document": "Platný doklad totožnosti vydaný vládou",
+                    "drivinglicense": "Platný řidičský průkaz vydaný vládou",
+                    "proofofaddress": "Platný dokument, který může sloužit jako důkaz adresy",
+                    "title": "Předchozí ověření nalezeno!"
+                }
+            }
+        },
         "sms_sent": {
             "info": "Tipy",
             "info_link_expire": "Platnost Vašeho odkazu vyprší za hodinu",
@@ -1339,8 +1360,8 @@
             "video_accessibility": "Přehrání nahraného videa"
         },
         "video_intro": {
-            "button_pause_accessibility": "Pozastavit video",
-            "button_play_accessibility": "Přehrát video",
+            "button_pause_accessibility": "Pozastavit ilustrativní animaci skenovacího postupu",
+            "button_play_accessibility": "Přehrát ilustrativní animaci skenovacího postupu",
             "button_primary": "Nahrávání videa",
             "list_accessibility": "Akce pro nahrávání selfie videa",
             "list_item_actions": "Na dokončení máte 20 sekund",

locales/da/da.json

@@ -1269,6 +1269,27 @@
             "subtitle": "Vi sammenligner billedet med dit dokument",
             "title": "Tag en selfie"
         },
+        "sid": {
+            "passkey": {
+                "fail": {
+                    "button": "Start verificering",
+                    "content": "Vi vil anmode om noget dokumentation og personlige oplysninger fra dig, der kan hjælpe os med at vide, at du er den, du siger, du er.",
+                    "disclaimer": "Du vil være i stand til at indstille denne verifikation til at være genanvendelig i slutningen af flowet.",
+                    "subtitle": "Beklager, du kan ikke springe denne proces over, gå venligst igennem identitetsverifikationsprocessen:",
+                    "title": "Ingen brugbar verifikation tilgængelig"
+                },
+                "success": {
+                    "biophoto": "Et billede af dit ansigt for at bevise, at du er en rigtig person",
+                    "biovideo": "En optagelse af dit ansigt for at bevise, at du er en rigtig person",
+                    "button": "Fortsæt",
+                    "datacapture": "Noget personlig information",
+                    "document": "Et gyldigt identitetsdokument udstedt af regeringen",
+                    "drivinglicense": "Et gyldigt kørekort udstedt af regeringen",
+                    "proofofaddress": "Et gyldigt dokument, der kan fungere som bevis for adresse",
+                    "title": "Tidligere verifikation fundet!"
+                }
+            }
+        },
         "sms_sent": {
             "info": "Tips",
             "info_link_expire": "Dit link udløber om én time",
@@ -1339,8 +1360,8 @@
             "video_accessibility": "Afspil videoen, du har optaget, igen"
         },
         "video_intro": {
-            "button_pause_accessibility": "Sæt videoen på pause",
-            "button_play_accessibility": "Afspil video",
+            "button_pause_accessibility": "Pause illustrativ animation af scanning procedure",
+            "button_play_accessibility": "Afspil illustrativ animation af scanning procedure",
             "button_primary": "Optag video",
             "list_accessibility": "Sådan optager du en selfie-video",
             "list_item_actions": "Du har 20 sekunder til at afslutte",