2026-07-08 · SDK
React Native 1.18.0 — encrypted-at-rest tokens, offline anon id, identity webhooks
- `@sendoracloud/sdk-react-native@1.18.0`: opt-in `init({ secureStorage })` routes the refresh / access token + cached user through a Keychain / Keystore adapter you supply (Supabase `auth.storage` model — the SDK never imports expo-secure-store, so bare-RN stays Metro-safe). Transparent plaintext→adapter migration (no sign-out), graceful fallback. Default is unchanged (plain AsyncStorage, OWASP MASVS-L1).
- `getAnonymousIdSync(): string | null` (1.17.0) — synchronous, non-throwing anonymous-id read for offline-first / cold-start callers.
- New backend webhooks `auth.user_upgraded` (anon→account in place, `sub` preserved) and `auth.user_merged` (anon→existing account, anon `sub` retired) — subscribe your backend to re-key device data on the post-conversion id.
- New guide: [Identity in your backend](/docs/backend-identity) — JWKS RS256 verification, analytics-anonId vs auth-`sub`, and the merge / upgrade remap. All additive + opt-in.