Handle expired connectAccessToken cleanly. Long-lived pages no longer surface the misleading 422 when the ~60-minute server-side TTL elapses; integrations opt into transparent refresh via a new server-side endpoint hook, or a clean expiry callback as a fallback. See the Refreshing an expired token integration guide.
Polished default appearance, React 19 + TypeScript, real-time credential-validation streaming, and a substantial dependency cleanup. The init() contract is backward-compatible: every option supported in 0.7.7 keeps working, including the custom render props (renderChoosePayer, renderPayerForm, renderEndWidget).
This SDK embeds the EasyEnrollment platform into the host application's own pages. From 0.8.0 onward, the SDK ships with a polished default appearance so it looks good out of the box on any host page, with no required CSS work. Branding is configurable via theme.primaryColor, and the existing custom render props remain available for integrators who want full control over a particular step.
Latest highlights below. The full per-version changelog lives in CHANGELOG.md.
- Handle expired
connectAccessToken(the ~60-minute server-side TTL) without the misleading 422. Opt in to transparent recovery by wiringconnectAccessTokenRefreshFnagainst a server-side refresh endpoint (Flask + Express snippets in docs), or use theonConnectAccessTokenExpiredcallback (andtpastream-connect-token-expiredwindow event) to render a "session expired" UI as a fallback. Parallel-request stampede guarded; notifications coalesced to one per expiry cycle. Integrations that wire nothing see a cleaner error message but still need a page reload to recover.
- Polished default appearance; no host-page CSS required.
theme.primaryColorinit option recolors buttons, links, focus rings, and progress bars.- React 19, full TypeScript port; substantial dependency cleanup (Bootstrap, jQuery, FontAwesome, react-jsonschema-form, react-popup, react-select, query-string and others removed).
- Non-blocking credential validation: SSE-driven progress in a hero element + corner panel, parallel validations, inline 2FA, no modal/full-screen takeover.
enableInterop->enablePatientAccessAPIrename (legacy alias kept indefinitely).realtimeTimeoutandmaxRetriesaccepted but@deprecatedno-ops (knobs for the deleted polling loop).fixCredentialsaccepted but@deprecatedand ignored; member-portal mode is derived fromconnectAccessTokenpresence.- Backward-compatible with 0.7.7 at the
init()call site. Seedocs/migration-0.7-to-0.8.mdfor the upgrade story.
Start with docs/ for a full table of contents.
Common entry points:
- Quickstart
- Client Usage: full init option reference
- Migrating from 0.7.x to 0.8
- SDK Flow
- Two-Factor Authentication
- Fix Credentials
- Patient Access API (Interop)
- Theme
- Connect Access Token
- Errors
- FAQ
The separate React Native hook package (stream-connect-sdk-hook@0.6.2)
is soft-deprecated in favor of embedding the main SDK in a WebView.
The published 0.6.2 tarball on npm keeps working for existing
integrations; we're not republishing because the hook's source
imports from assets/shared/ which the 0.8 rewrite deleted, and
the right path for new integrations is the WebView pattern anyway.
See sdk-hook/docs/README.md for the
deprecation notice and recommended pattern;
Quickstart > Mobile
has end-to-end examples.
npm install # install dependencies
npm run build # build sdk.js (production bundle)
npm run format # biome check --write across assets/
npm test # lint + typecheck (runs both below)
npm run test:lint # biome check assets/
npm run test:types # tsc --noEmit
Bump the version in package.json with each release and update
CHANGELOG.md.
A dev-only /sdk-test route is wired into the stream webapp for
iterating on the SDK against a real backend. It mints a fresh
connect access token server-side per request and embeds the SDK with
a known-good fixture. See stream/views.py::sdk_test in the
stream repo for the
implementation, and stream/static/js/sdk-test.js for the bundled
SDK artifact it serves.