Release: v2.2.0

What's Changed

✨ New Functionality

• Added authState to TurnkeyContext for synchronously tracking authentication state and determining the appropriate screen on app load.
• Added refreshSession() to manually refresh the session. Defaults to the selected session but accepts an optional sessionKey.
• Added updateUserEmail(email:verificationToken:) and updateUserPhoneNumber(phone:verificationToken:) for updating user contact details. These methods support optional verification tokens to mark the fields as verified, and allow deletion by passing an empty string.
• Added support for automatically refreshing sessions before expiry when the app is active by passing the optional refreshedSessionTTLSeconds parameter to createSession(). This controls the duration of refreshed sessions and must be at least 30 seconds.

🛠 Fixes

• Fixed a scheduling issue where expiry timers were not firing correctly while the app was active in the foreground.

Release: v2.1.1

What's Changed

🐛 Bug Fixes

• Fixed an issue where active sessions were being cleared due to stale pending keys not being removed after session creation.
• Pending keys are now correctly removed once a session is established.

Release: v2.1.0

What's Changed

✨ New Functionality

Added startGoogleOAuthFlow() to TurnkeySwift.

• This method uses ASWebAuthenticationSession to launch Google OAuth in a system browser and return an OIDC token, simplifying OAuth integration.

Release: v2.0.0

What's Changed

⚠️ Breaking

The SDK has been fully refactored into modular packages:

• TurnkeyCrypto
• TurnkeyPasskeys
• TurnkeyStamper
• TurnkeyEncoding
• TurnkeyHttp
• TurnkeySwift

---

TurnkeyPasskeys

• Now uses async/await instead of notification-based observers.
• Simplified API for passkey creation and assertion workflows.

---

TurnkeyHttp

• Provides low-level request construction using fully typed, OpenAPI-generated interfaces.
• Fixed an issue where undocumented errors were thrown without context. Errors are now structured and consistently surfaced.

---

TurnkeySwift

Introduced as the high-level abstraction layer, providing:

• Session management (JWT-backed)
• Simplified workflows for stamping, wallet creation, and user flows

Release: v1.2.1

What's Changed

• Fixed missing return in guard statement ( #9 )

Full Changelog: 1.2.0...1.2.1

Release: v1.2.0

What's Changed

Challenge format ( #1 )

The backend expects the challenge in hex format, and SHA256Digest returns only the raw format.
Now the challenge is properly encoded/formated.

ProxyMiddleware ( #5 ) - ⚠️ Minor Breaking

The ProxyMiddleware header for the forwarded Turnkey API request has been renamed:

Old	New
X-Forwarded-For	X-Turnkey-Request-Url

Ensure your backend is updated to support the new header name if you are using the latest version.

New Contributors

• @ericlewis made their first contribution in #1

Full Changelog: 1.1.0...1.2.0

Release: v1.1.0

Version: 1.1.0

What's Changed

Oauth

Support for OAuth endpoints has been added:

• getOauthProviders()
• createOauthProviders()
• deleteOauthProviders()

Sessions

Support for Session endpoints has been added:

• createReadOnlySession()
• createReadWriteSession()

Non-breaking

• emailAuth(): Added an optional invalidateExisting parameter to emailAuth for API key invalidation.
• updateUser(): updateUser now supports updating the userPhoneNumber field.

⚠️ Breaking

• createApiKeys():
  • Now uses ApiKeyParamsV2, which introduces a new required curveType parameter. Existing calls must be updated to provide a value for curveType. https://docs.turnkey.com/api#tag/API-Keys/operation/CreateApiKeys
• createSubOrganization:
  • Now uses RootUserParamsV4, which introduces the following changes:
    • New required oauthProviders field: Must be provided as a list of OAuth provider parameters.
    • New optional userPhoneNumber field: Represents the user's phone number in E.164 format.
    • Updated apiKeys type: Now requires ApiKeyParamsV2 instead of ApiKeyParams.

Migration Guide: createSubOrganization()

let rootUsers: [Components.Schemas.RootUserParamsV4] = [
  .init(
    userName: "user1",
    userEmail: "[email protected]",
    apiKeys: [
      .init(
        apiKeyName: "turnkey-demo",
        publicKey: apiPublicKey!,
        curveType: .API_KEY_CURVE_P256 // New required field
      )
    ],
    authenticators: [],
    oauthProviders: [] // New required field
  )
]

let output = try await client.createSubOrganization(
  organizationId: organizationId!,
  subOrganizationName: subOrganizationName,
  rootUsers: rootUsers,
  rootQuorumThreshold: rootQuorumThreshold,
  wallet: wallet,
  disableEmailRecovery: disableEmailRecovery,
  disableEmailAuth: disableEmailAuth,
  disableSmsAuth: false, // New optional parameter
  disableOtpEmailAuth: false // New optional parameter
)

Full Changelog: 1.0.0...1.1.0

Turnkey's swift-sdk

Initial release for Turnkey's swift-sdk 🎉