Release/4.4.2

[mehmet-yoti]

Add Support for Retrieving SHARE_CODE Resources in IDV Sessions

Overview

This PR implements support for retrieving the new SHARE_CODE resource type from IDV session data. Share codes are managed server-side by the API — the SDK provides read access to share code resources returned in session retrieval responses.

Changes

Session Retrieval (Response)

• Resource Response: Created ShareCodeResourceResponse with support for:

  • Basic fields: id, source, created_at, last_updated
  • Media fields via ShareCodeMediaResponse wrapper: lookup_profile, returned_profile, id_photo, file
  • Source handling via parent ResourceResponse (parses {"type":"END_USER"} into AllowedSourceResponse subclasses)
  • Tasks array with automatic filtering for VERIFY_SHARE_CODE_TASK

• Task Response: Added VerifyShareCodeTaskResponse for handling VERIFY_SHARE_CODE_TASK type

• Resource Container: Updated to include shareCodes field (ShareCodeResourceResponse[]) with getShareCodes() getter

• Task Dispatch: Updated ResourceResponse::createTaskFromArray() to recognise VERIFY_SHARE_CODE_TASK

Constants

• Added VERIFY_SHARE_CODE_TASK = 'VERIFY_SHARE_CODE_TASK' to Constants.php

API Usage

Retrieving Share Codes from a Session

$result = $client->getSession($sessionId);

foreach ($result->getResources()->getShareCodes() as $shareCode) {
    echo 'ID: ' . $shareCode->getId() . PHP_EOL;
    echo 'Created: ' . $shareCode->getCreatedAt() . PHP_EOL;

    if ($shareCode->getIdPhoto() !== null && $shareCode->getIdPhoto()->getMedia() !== null) {
        echo 'ID Photo Media ID: ' . $shareCode->getIdPhoto()->getMedia()->getId() . PHP_EOL;
    }

    foreach ($shareCode->getVerifyShareCodeTasks() as $task) {
        echo 'Task: ' . $task->getId() . ' State: ' . $task->getState() . PHP_EOL;
    }
}

Central Auth Token Support (SDK-2767)

Adds OAuth2-based central authentication tokens alongside the existing signed-request (PEM) authentication, mirroring the Java SDK's yoti-sdk-auth module.

What Changed

• New AuthStrategy abstraction (BearerTokenStrategy, SignedRequestStrategy, NoAuthStrategy)
• New Auth module for generating tokens via OAuth2 client_credentials grant with PS384-signed JWT
• DocScanClient and DigitalIdentityClient now support a fluent builder() pattern with two auth modes
• Full backward compatibility — existing PEM-based constructors continue to work unchanged

Auth Modes

The two modes are mutually exclusive:

Mode	Method	Description
Token Auth (new)	withAuthenticationToken($token)	Use a pre-obtained bearer token
Signed Request (legacy)	withClientSdkId($id) + withPemFilePath($path)	Use SDK ID and PEM key pair

Usage

Generating a Token

$generator = AuthenticationTokenGenerator::builder()
    ->withSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

$response = $generator->generate(['scope1', 'scope2']);
$token = $response->getAccessToken();

DocScan Client — Token Auth (new)

$client = DocScanClient::builder()
    ->withAuthenticationToken($token)
    ->build();

DocScan Client — Signed Request (existing)

$client = DocScanClient::builder()
    ->withClientSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

Digital Identity Client — Token Auth (new)

$client = DigitalIdentityClient::builder()
    ->withAuthenticationToken($token)
    ->build();