Flutter plugin release notes

Compatibility matrix

Visit the support matrix page for additional compatibility information.

January 2025 - Changes in SDK versioning semantics

We have changed our SDK versioning scheme to better adhere to the semantic versioning principle. This will make it easier for you to determine the nature of the SDK release in use in your projects.
More information can be found here.

Flutter plugin 4.2.0 - 14.08.2025

Native SDKs

• Android 4.1.x
• iOS 4.1.x

General changes and new features

• UPDATE: The native iOS SDK has been updated to version 4.1.0. Refer to the native release notes as it includes several fixes.

Flutter plugin 4.1.0 - 30.07.2025

Native SDKs

• Android 4.1.x
• iOS 4.0.x

General changes and new features

• UPDATE: The native Android SDK has been updated to version 4.1.0. Refer to the native release notes as it includes several fixes.

Breaking Changes

• UPDATE: The minimum required version of Android Gradle Plugin (AGP) has been raised to 8.6.0, the minimum required Gradle version to 8.7, and the minimum supported JDK version is 17. (NEVISACCESSAPP-6817). This is due to several reasons:
  • The new minimum API level requirements in Google Play Store is 35, which imposes the use of AGP 8.6.0.
  • AGP 8.6.0 imposes the use of Gradle 8.7 (or later) of JDK 17 (or later).
  • We must use the latest version of GSON to fix a CVE. This version requires JDK 17 or later.

Flutter plugin 4.0.0 - 19.06.2025

Native SDKs

• Android 4.0.x
• iOS 4.0.x

General changes and new features

• NEW: The SDK supports Application Attestation. (NEVISACCESSAPP-6565)
• NEW: The DeviceCapabilities abstract class has been added to know whether the device supports full basic attestation. (NEVISACCESSAPP-6673)
• NEW: The AndroidMetaData has been extended with the applicationFacetId property. (NEVISACCESSAPP-6669)
• NEW: The Configuration has been extended with the admin4PatternBuilder method that can be used when your application interacts with the Nevis Identity Suite configured with default Nevis Admin 4 pattern. (NEVISACCESSAPP-6375)

Breaking Changes

• CHANGED: Dropped the support of iOS 12 and iOS 13. The minimum supported iOS version is now iOS 14. (NEVISACCESSAPP-6686)
• CHANGED: The MetaDataProvider has been removed. Use MetaData instead. (NEVISACCESSAPP-6585)
• CHANGED: The unnamed and authCloud factory constructors of Configuration have been removed. (NEVISACCESSAPP-6632)
• CHANGED: The Configuration.facetId getter has been removed. We recommend using wildcards during development. (NEVISACCESSAPP-6699)
• CHANGED: The ConfigurationBuilder.facetId method has been removed. We recommend using wildcards during development. (NEVISACCESSAPP-6699)
• CHANGED: The ConfigurationAuthCloudBuilder.facetId method has been removed. We recommend using wildcards during development. (NEVISACCESSAPP-6699)
• CHANGED: The Configuration.authenticationRetryInterval and Configuration.authenticationMaxRetries getters have been removed. Use Authentication.retryPolicyObtainingAuthorizationProvider instead. (NEVISACCESSAPP-6632)
• CHANGED: The ConfigurationBuilder.authenticationRetryInterval and ConfigurationBuilder.authenticationMaxRetries methods have been removed. (NEVISACCESSAPP-6632)
• CHANGED: The ConfigurationAuthCloudBuilder.authenticationRetryInterval and ConfigurationAuthCloudBuilder.authenticationMaxRetries methods have been removed. (NEVISACCESSAPP-6632)
• CHANGED: The PinUserVerificationContext.lastRecoverableError getter has been removed. Use the authenticatorProtectionStatus instead and check whether it is PinProtectionStatusLastAttemptFailed to know whether an invalid PIN was provided previously. (NEVISACCESSAPP-6632)
• CHANGED: The PasswordUserVerificationContext.lastRecoverableError getter has been removed. Use the authenticatorProtectionStatus instead and check whether it is PasswordProtectionStatusLastAttemptFailed to know whether an invalid password was provided previously. (NEVISACCESSAPP-6632)
• CHANGED: The PinUserVerificationError and PinUserVerificationInvalidPinError classes have been removed. (NEVISACCESSAPP-6632)
• CHANGED: The PasswordUserVerificationError and PasswordUserVerificationInvalidPasswordError classes have been removed. (NEVISACCESSAPP-6632)

For more information, see API references.

Flutter plugin 3.10.0 - 02.06.2025

Native SDKs

• Android 3.10.x
• iOS 3.9.x

General changes and new features

• UPDATE: The hardening framework has been upgraded to the latest version. (NEVISACCESSAPP-6650)

For more information, see API references.

Flutter plugin 3.9.0 - 06.03.2025

Native SDKs

• Android 3.9.x
• iOS 3.9.x

General changes and new features

• NEW: The Authenticator has been extended with the isSupportedByOs property.
• CHANGED: The unnamed and authCloud factory constructors of Configuration have been deprecated. Use the builder and authCloudBuilder static methods instead to create a Configuration.
• CHANGED: From this version on, the dependency declaration of the federated Nevis Mobile Authentication SDK Flutter plugin packages uses version range constraints instead of caret syntax.

Breaking Changes

• CHANGED: OperationForbidden and OperationUnauthorized OperationError cases are removed.
• UPDATE: The minimum required version of Android Gradle Plugin has been raised to 7.3.0.
• UPDATE: The minimum required Android API level has been raised to 24 (Android 7).

For more information, see API references.

Flutter plugin 3.8.1 - 27.11.2024

General changes and new features

• FIXED: We fixed application crashes which could occur due to threading issues during out-of-band operations.
• FIXED: We improved the error handling on the iOS platform leading to better indicated method names in crash logs.

For more information, see API references.

Flutter plugin 3.8.0 - 12.11.2024

General changes and new features

• CHANGED: We updated Nevis Mobile Authentication SDK to version 3.8.0.
• NEW: AuthCloudApiClockSkewTooBig error is now also returned as AuthCloudApiError if such error occurs during registration.
• NEW: Two experimental APIs that allow to check and synchronize configuration mismatches between client and backend has been added.
• NEW: The new JwsAuthorizationProvider allows to execute deregistration without authorization requiring user interaction. (NEVISACCESSAPP-5598)

For more information, see API references.

Flutter plugin 3.7.0 - 12.07.2024

General changes and new features

Android 6 / API Level 23 deprecated

As of Flutter plugin 3.7.0, Android API level 23 support is deprecated.

• CHANGED: We updated the minimum supported SDK version to Dart 3.1.0.
• CHANGED: We updated Nevis Mobile Authentication SDK to version 3.7.0.
• NEW: A new MetaData API to retrieve Nevis Mobile Authentication SDK version and other platform-dependent information is available. For applications running on Android, the API retrieves the SHA-256 hash of the signing certificate of the application that includes the SDK. For iOS applications, the API provides the FacetId of the application that includes the SDK.
• NEW: A new experimental API to retrieve pending out-of-band operations has been added.

Breaking Changes

• NEW: A new alphanumeric Password Authenticator is available. Note that this requires the nevisFIDO 8.2405.0 component version, otherwise you will need to manually extend the metadata and policy configuration files in nevisFIDO to support this new authenticator type. In this case refer to Default Nevis Authenticator Metadata to obtain the metadata statements and don't forget to add the authenticator AAIDs to the policy file(s). This is classified as a breaking change as depending on your implementation you may need to adapt your code when filtering or listing the available authenticators. (NEVISACCESSAPP-5406)

For more information, see API references.

Flutter plugin 3.6.0 - 05.02.2024

General changes and new features

• NEW: We extended the PinPolicy with the validatePinForEnrollment and validatePinForPinChange methods. These methods allow implementing custom PIN policies of any nature.
• CHANGED: We updated Nevis Mobile Authentication SDK to version 3.6.0.
• FIXED: We fixed an issue where the plugin crashed during biometric authenticator cancellation on the Android platform.

For more information, see API references.

Flutter plugin 3.5.1 - 03.11.2023

General changes and new features

• Changes to support latest Flutter version (3.13.9).

For more information, see API references.

Flutter plugin 3.5.0 - 09.10.2023

General changes and new features

• CHANGED: We updated Nevis Mobile Authentication SDK to version 3.5.0.

For more information, see API references.

Flutter plugin 3.4.1 - 18.09.2023

General changes and new features

• FIXED: We fixed error handling issues, that occurred in some rare cases during a PIN change operation and multiple backend registration and authentication scenarios.

For more information, see API references.

Flutter plugin 3.4.0 - 22.08.2023

General changes and new features

• NEW: The SDK supports registering authenticators in multiple servers. See the Multiple Backend Support chapter for details.
• NEW: From this version on, the plugin also provides the device ID via DeviceInformation.
• NEW: A new device passcode authenticator is introduced.
• CHANGE: On new registrations, the biometric credentials will be invalidated when a new biometric is added to the operating system if invalidateOnNewOsBiometrics is not invoked (see Registration.invalidateOnNewOsBiometrics, AuthCloudApiRegistration.invalidateOnNewOsBiometrics, OutOfBandRegistration.invalidateOnNewOsBiometrics).
• CHANGED: On new registrations, the device passcode cannot be used with biometric credentials by default (see Registration.allowDevicePasscodeAsFallback, AuthCloudApiRegistration.allowDevicePasscodeAsFallback, OutOfBandRegistration.allowDevicePasscodeAsFallback).

Breaking changes

• NEW: From this version on, the signature of the Authentication.onError callback function has changed. This method is invoked with an AuthenticationError which returns a SessionProvider that can be used to continue with the authentication session.

For more information, see API references.

Flutter plugin 3.3.0 - 30.06.2023

General changes and new features

• NEW: We now support invalidating the FIDO UAF credentials of biometric and fingerprint authenticators when the user adds new biometric credentials in the OS settings, see invalidateOnNewOsBiometrics.
• NEW: We now support providing HTTP request headers that can be sent in the HTTP request during all the operations, see requestHeaders.
• CHANGED: From this version on, the deleteAuthenticator method of LocalData does not require the aaid to be provided. Providing no aaid leads to all authenticator data being deleted.
• CHANGED: Removed property validation for all operations as they are now handled by the native SDKs.

For more information, see API references.

Flutter plugin 3.2.0 - 30.03.2023

General changes and new features

• NEW: We now support disabling the device passcode as fallback for the biometric authenticator, see allowDevicePasscodeAsFallback.
• NEW: We now support adding a retry strategy to the device information change operation, see retryPolicy.
• CHANGED: The authenticationRetryInterval and authenticationMaxRetries properties have been deprecated in the Configuration object. Use the retryPolicyObtainingAuthorizationProvider instead.

For more information, see API references.

Flutter plugin 3.1.0 - 26.02.2023

General changes and new features

• NEW: We now support class 2 sensors for the biometric authenticator on Android platform, see allowClass2AndroidSensors.
• CHANGED: From this version on, the deregistration operation does not require the aaid to be provided. Providing no aaid in the operation leads to the whole account being deregistered instead of a single authenticator.

For more information, see API references.

Flutter plugin 3.0.1 - 05.12.2022

General changes and new features

• Initial release.

For more information, see API references.