Skip to content

Releases: getyoti/yoti-python-sdk

v2.14.6

Choose a tag to compare

@mehmet-yoti mehmet-yoti released this 25 Jun 08:25
151a8f6

Release 2.14.6 — What's New

New Features

Share Code Resources & Tasks

Adds support for parsing and retrieving share code resources and verify share code tasks from IDV session responses.

  • New ShareCodeResourceResponse class exposing source, media, profile, and task data
  • New ShareCodeMediaResponse and VerifyShareCodeTaskResponse classes
  • ResourceContainer.share_codes property for list access
  • VERIFY_SHARE_CODE_TASK constant added to constants.py

capture_type on Static Liveness Resources (#460)

StaticLivenessResourceResponse now exposes a capture_type property (e.g. "PHOTOGRAPH"). Defaults to None when the field is absent.


extraction_image_ids on IDV Page Responses (#461, #452)

PageResponse now exposes an extraction_image_ids property — the list of media IDs used for automated extraction. Defaults to an empty list when the field is absent or null.


process on Breakdown Response (#453)

BreakdownResponse now exposes a process property indicating the breakdown process type (AUTOMATED / EXPERT_REVIEW). Defaults to None when absent.


brand_id in Session Config (#458)

SdkConfigBuilder.with_brand_id(brand_id) allows a brand identifier to be set on the IDV session config for iframe theming. The field is omitted from the JSON payload when not set.


Suppressed Screens (IDV Shortened Flow) (#459)

SdkConfigBuilder.with_suppressed_screens([...]) / with_suppressed_screen(...) allow specific screens to be omitted from the IDV journey.

Seven new constants added:

Constant
ID_DOCUMENT_EDUCATION
ID_DOCUMENT_REQUIREMENTS
SUPPLEMENTARY_DOCUMENT_EDUCATION
ZOOM_LIVENESS_EDUCATION
STATIC_LIVENESS_EDUCATION
FACE_CAPTURE_EDUCATION
FLOW_COMPLETION

Security & Dependency Upgrades

CVE Remediation

Core SDK (install_requires)

Package Before After Reason
cryptography >=42.0.0 >=44.0.1 CVE-2024-12797
protobuf >=4.21.12 >=4.25.8,<6 CVE-2025-4565, CVE-2026-0994
requests >=2.31.0 >=2.32.4 CVE-2024-47081
urllib3 >=2.2.1 >=2.6.3 Decompression / redirect CVEs
pyopenssl >=24.0.0 >=26.0.0 High severity CVEs

All 10 *_pb2.py files regenerated using the _builder API required by protobuf 4.x/5.x runtimes.

Example Apps

App Key Changes
Django 4.0.14.2 LTS (critical SQLi CVEs closed)
Flask 1.x3.0.6 (CVE-2023-30861)
Werkzeug 1.x3.0.6 (request smuggling, debugger RCE, path traversal)
Jinja2 3.1.6 (5 CVEs)

v2.14.5

Choose a tag to compare

@mehmet-yoti mehmet-yoti released this 16 Dec 15:13
eab6d64

Static Liveness Check Implementation

Overview

This implementation adds support for Static Liveness Check to the Yoti Python SDK, enabling identity verification using a single static image instead of the ZOOM liveness method which requires multiple frames and facemap data.

Features Added

1. Session Creation (Request Side)

Create STATIC Liveness Check

from yoti_python_sdk.doc_scan import RequestedLivenessCheckBuilder

# Build a STATIC liveness check
liveness_check = (
    RequestedLivenessCheckBuilder()
    .for_static_liveness()
    .with_max_retries(3)
    .with_manual_check_never()
    .build()
)

Generated JSON:

{
  "type": "LIVENESS",
  "config": {
    "liveness_type": "STATIC",
    "manual_check": "NEVER",
    "max_retries": 3
  }
}

2. Session Retrieval (Response Side)

Access STATIC Liveness Resources

from yoti_python_sdk.doc_scan import DocScanClient

client = DocScanClient(sdk_id, key_file_path)
session_result = client.get_session(session_id)

# Get all STATIC liveness resources
static_resources = session_result.resources.static_liveness_resources

for resource in static_resources:
    print(f"Resource ID: {resource.id}")
    print(f"Liveness Type: {resource.liveness_type}")
    
    # Access the image and media
    if resource.image and resource.image.media:
        media_id = resource.image.media.id
        media_type = resource.image.media.type
        created = resource.image.media.created
        
        print(f"Media ID: {media_id}")
        print(f"Media Type: {media_type}")

3. Media Content Retrieval

Download STATIC Liveness Image

# Get the first STATIC liveness resource
static_liveness = session_result.resources.static_liveness_resources[0]

# Extract media ID
media_id = static_liveness.image.media.id

# Retrieve the actual image content
media_content = client.get_media_content(session_id, media_id)

# Access the image bytes and MIME type
image_bytes = media_content.content
mime_type = media_content.mime_type  # e.g., "image/jpeg" or "image/png"

# Save to file
with open(f"liveness_image.{mime_type.split('/')[-1]}", "wb") as f:
    f.write(image_bytes)

Example Application

The Flask example application (examples/doc_scan/) now displays Static Liveness resources on the success page:

  • Shows resource ID and liveness type
  • Displays the static liveness image
  • Provides media ID for reference
  • Uses collapsible accordion UI similar to ZOOM liveness

Backward Compatibility

Fully backward compatible - All existing code using ZOOM liveness continues to work without any changes:

# Existing ZOOM liveness code still works
zoom_check = RequestedLivenessCheckBuilder().for_zoom_liveness().build()
zoom_resources = session_result.resources.zoom_liveness_resources

# New STATIC liveness code
static_check = RequestedLivenessCheckBuilder().for_static_liveness().build()
static_resources = session_result.resources.static_liveness_resources

For Existing Implementations

No changes required! Your existing ZOOM liveness code will continue to work. You can optionally add STATIC liveness support:

# Add STATIC liveness alongside existing ZOOM liveness
session_spec = (
    SessionSpecBuilder()
    .with_requested_check(
        RequestedLivenessCheckBuilder()
        .for_zoom_liveness()  # Existing
        .with_max_retries(1)
        .build()
    )
    .with_requested_check(
        RequestedLivenessCheckBuilder()
        .for_static_liveness()  # New
        .with_max_retries(3)
        .with_manual_check_never()
        .build()
    )
    # ... other configuration
    .build()
)

v2.14.4

Choose a tag to compare

@mehmet-yoti mehmet-yoti released this 08 Aug 15:12
3b2454e

Updated

** Updated protobuf dependency from 3.20.3 to >=4.21.12 for improved compatibility and security
** Reorganized protobuf modules to original API structure
** Dependency Updates:** All relevant libraries have been updated to ensure compatibility with Python 3.12.
** Updated GitHub Actions workflows for faster CI execution
** Enhanced example applications with updated dependency requirements
** Improved backward compatibility while supporting modern protobuf versions

v2.14.3

Choose a tag to compare

@mehmet-yoti mehmet-yoti released this 03 Jul 14:11
af34005

Added

Python 3.12 Support: The project supports Python 3.12.
Dependency Updates: All relevant libraries have been updated to ensure compatibility with Python 3.12.

v2.14.2

Choose a tag to compare

@mehmet-yoti mehmet-yoti released this 23 Feb 14:21
6fe15da

Changed

  • Update to protobuf==4.21.12
  • Set protobuf==3.20.1 in setup.py

v2.14.1

Choose a tag to compare

@echarrod echarrod released this 21 Jun 13:09
8f019e3

Security

  • Update to pytz==2022.1

Changed

  • Set protobuf==3.13.0 in setup.py

Removed

  • Support for Python 2.7

v2.14.0

Choose a tag to compare

@davidgrayston davidgrayston released this 16 Nov 16:13
eff67c4

Added

  • Supplementary document support (Doc Scan)
  • DynamicPolicyBuilder().with_document_images()
  • accept_self_asserted option can now be passed to DynamicPolicyBuilder methods

Fixed

  • DocScanClient.get_media_content() will now return None for 204 no content responses (Doc Scan)

v2.13.0

Choose a tag to compare

@davidgrayston davidgrayston released this 21 Oct 12:59
2e003b7

Doc Scan

Added

  • Support for ID document comparison checks
  • Ability to block the collection of biometric consent
  • Allow the configuration of the manual_check value for requested Document Authenticity checks
  • Add support for chip data
    • RequestedTextExtractionTaskBuilder().with_chip_data_desired()
    • RequestedTextExtractionTaskBuilder().with_chip_data_ignore()
    • IdDocumentResourceResponse property: document_id_photo
  • Add support for document page frames

Fixed

  • RequestedDocumentAuthenticityCheckBuilder.build() is no longer static. Python 2 implementations must change this to RequestedDocumentAuthenticityCheckBuilder().build()

v2.12.2

Choose a tag to compare

@echarrod echarrod released this 18 Jun 16:44
da0828a

Fixed

Set pytest version to >=4.6.0 to prevent clashes with upstream dependencies requiring pytest >= 4.6.0

v2.12.1

Choose a tag to compare

@echarrod echarrod released this 09 Jun 11:55
03ba5ee

Fixed

  • Update Attribute Issuance Expiry Date format to be milliseconds, not microseconds