Will support for tcfv2 added anytime soon?

Hi

I have installed the consent-string v1.4.0 and here the node_modules directory:

ls node_modules/consent-string/
LICENSE		README.md	package.json

Did you forget to add the compiled code?

It seems that if you create a new consent string SDK instance with a consent string to decode
const consentData = new ConsentString("BOVVB7VOW4CvmC6ABAITB1-AAAAid7_______9______9uz_Gv_v_f__33e8__9v_l_7_-___u_-33d4-_1vX99yfm1-7ftr3tp_86ues2_Xur_959__njUAAA");

and then call
consentData.getParsedVendorConsents()

You will get an error
TypeError: Cannot read property 'vendors' of null

This should probably be supported

Originally posted by @dev-spandey in https://github.com/InteractiveAdvertisingBureau/Consent-String-SDK-JS/issue_comments#issuecomment-427335212

Hello,
It is a common use case to want to store consent for non IAB vendors.
Would it be considered a good idea to include such vendors here under another key?
Dennis

I tried to update today to version 1.4.1 and I noticed from my lint rules that the import was not resolved. Anyway digging into node_modules folder I saw that instead of the dist folder now there’s the src. So the package is not imported anymore.

Did something change in the last release?

Reading through the documentation, it doesn't appear that this library has any support for the Publisher Consents component of the consent string spec. Has there been any discussion on this?

Related, from the Java SDK: InteractiveAdvertisingBureau/Consent-String-SDK-Java#12

... There are two distinct consent string formats outlined in the specification (v.1.1):

1. global, vendor consent string (euconsent) as described in https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/Consent%20string%20and%20vendor%20list%20formats%20v1.1%20Final.md#vendor-consent-string-format-
2. publisher purposes consent string (pubconsent) as described in https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/Consent%20string%20and%20vendor%20list%20formats%20v1.1%20Final.md#publisher-purposes-consent-string-format-

However, currently the library appears to support only global, vendor consent string (correct me if I'm wrong). Looking from a publisher's perspective it would surely help if the publisher purposes consent string was supported as well. It makes sense since both consent strings have similar formats so there is potential for reusing significant part of codebase between the two implementations.
...

It seems that if you create a new consent string SDK instance with a consent string to decode
const consentData = new ConsentString("BOVVB7VOW4CvmC6ABAITB1-AAAAid7_______9______9uz_Gv_v_f__33e8__9v_l_7_-___u_-33d4-_1vX99yfm1-7ftr3tp_86ues2_Xur_959__njUAAA");

and then call
consentData.getParsedPurposeConsents()

You will get an error
TypeError: Cannot read property 'purposes' of null

This should probably be supported

Trying to decode this consent string: 'BOUy_skOUy_skABABBENA8-AAAAbN7'

Max Vendor ID is '435', but when I trying to see if '4' is an allowed vendor ID, I get the following exception: java.lang.ArrayIndexOutOfBoundsException: 22

Any ideas what is causing this and what it means ?

I am trying to run the transpiled library in IE8 but it seems that it does not like the following bit:

 if (context.method === "throw") {
        if (delegate.iterator.return) {
... etc etc

Obviously IE8 does not allow return as an object property name so the only way to get around it, is to actually edit the source. That's my understanding at least. Would you be able to tackle this? Thanks

When we use method getVendorConsents, sometimes it returns 24 purposes (while the maximum existing is 5 or so).

You can reproduce it in this site> https://www.shefinds.com/.

1. Go to mobile version of the webisite
2. Click accept all in CMP
3. Run the method for the saved consent string

Thank you!

Are there plans to support TCF version 2?

If every vendor is true, I get this result (the range is wrong, see #10, but it's more about we really need the range):

BOOQvTDOOQvTDABABBENAU-AAAALeABgAQALQA

{
  "cookieVersion": 1,
  "created": "2018-05-24T12:37:39.500Z",
  "lastUpdated": "2018-05-24T12:37:39.500Z",
  "cmpId": 1,
  "cmpVersion": 1,
  "consentScreen": 1,
  "consentLanguage": "EN",
  "vendorListVersion": 20,
  "purposeIdBitString": "111110000000000000000000",
  "maxVendorId": 183,
  "isRange": true,
  "defaultConsent": false,
  "numEntries": 1,
  "vendorRangeList": [
    {
      "isRange": true,
      "startVendorId": 8,
      "endVendorId": 90
    }
  ]
}

But I would expect it to be:

{
  "cookieVersion": 1,
  "created": "2018-05-24T12:37:39.500Z",
  "lastUpdated": "2018-05-24T12:37:39.500Z",
  "cmpId": 1,
  "cmpVersion": 1,
  "consentScreen": 1,
  "consentLanguage": "EN",
  "vendorListVersion": 20,
  "purposeIdBitString": "111110000000000000000000",
  "maxVendorId": 183,
  "isRange": true,
  "defaultConsent": true,
  "numEntries": 0,
  "vendorRangeList": []
}

the function encodeConsentString only checks for rangesData with default Consent = false but not the opposite. depending on choices the oposite can result in a shorter consent string ...

The vendorlist.json from IAB is not sorted by ID by default. But the range takes the first and last entry of the array, which results in a wrong consent-string.

For example https://vendorlist.consensu.org/v-20/vendorlist.json starts with ID 8 and ends with ID 90, as the array is not sorted. If you give a consent to all vendors, you get this constent string:

BOOQUp9OOQU3FABABBENAU-AAAALeABgAQALQA

{
  "cookieVersion": 1,
  "created": "2018-05-24T09:35:46.900Z",
  "lastUpdated": "2018-05-24T09:37:10.900Z",
  "cmpId": 1,
  "cmpVersion": 1,
  "consentScreen": 1,
  "consentLanguage": "EN",
  "vendorListVersion": 20,
  "purposeIdBitString": "111110000000000000000000",
  "maxVendorId": 183,
  "isRange": true,
  "defaultConsent": false,
  "numEntries": 1,
  "vendorRangeList": [
    {
      "isRange": true,
      "startVendorId": 8,
      "endVendorId": 90
    }
  ]
}

The range is wrong. It needs to be 1 - 183 --> sort the array of vendors first

Update/edit: I understood defaultConsent wrong and corrected this ticket.

Documentation and the tech spec links are 404s in the readme.

The encoding should first encode the bitfield, because that will always need to be available because of the "parsedVendorConsents" api we expose. But when we should determine if range encoding would be smaller by using some math to calculate ahead of beginning the range encoding.

Consent string fields

Range encoding constant sunk size cost:

1 bit for default consent
12 bits for num entries
13 total bits

Each range size cost:

1 bit for SingleOrRange[idx]
16 bits for SingleVendorId[idx] or StartVendorId[idx]
16 bits (if range) for EndVendorId[idx]
33 total bits or 17 total bits for single

Therefore, a range encoding, in the worst case (all sub-ranges and no singles), can be expressed as:

f(n) = 33n + 13; where n is the number of gaps and points where consent changes from the complement to the default and default to compliment. Any case would create a new range.

With a bitfield encoding, we know there will be a constant number of bits equal to the maxVendorId. The equation for determining which encoding to execute to minimize the size of the final encoding would be:

f(n) < maxVendorId; then range encode
f(n) >= maxVendorId; then bitfield

It would be possible to begin counting gaps in the vendorlist and consent value changes from default and run that through f(n) on each loop until that number is greater than maxVendorId and then break the loop and abandon the range encoding.

On vendorlist version 125 (latest) I found 67 gaps in 460 vendors. f(67) = 2224 which is far greater than the 560 (maxVendorId) that would have been allocated if it were a bitfield encoding. It would be a shame to spend the time to encode that range encoded string and then just throw it out when we can know ahead of time with some math if it will be too large.

With this vendorlist, assuming default consent is 0 and each vendor has a 1, we could only encode 16 range sections before the encoding length would be longer than the bitfield.

Hello there,

Providing a ready-to-use bundle, concatenated and with resolved dependencies would be a really nice improvement.

Best regards

Hi! I can't understand why or what I do wrong!

const consentData = {
    allowedPurposeIds: [ 1, 2, 3 ],
    allowedVendorIds: [1,2,3,66,77,88,98,415,534],
    cmpId: 7,
    cmpVersion: 1,
    consentLanguage: 'es',
    consentScreen: 3,
    created: new Date(Date.now()),
    lastUpdated: new Date(Date.now()),
    maxVendorId: 747,
    vendorListVersion: 196,
    version: 1,
};

I use method for creating consent string
encodeConsentString(consentData)
I got it but when i use this consent stirng i have no allowedVendorIds
I decode created string and I saw array is empty
here is screenshot

Hello,
There is a small difference between the method name in the docs and actual method name for setting the create date. In the docs is "setCreatedDate(date)" in the implementation is "setCreated".

And 2 methods are missing in the docs: getVendorsAllowed, setVendorsAllowed;

And I have a question. What is the deal with features in the vendor list and are they going to be included in the API of the ConsentString.

Thank you, cheers.

Hi Team,

I used below data to generating consent string "BAAAAAAOT_-v_AcABBENBh-AAAAgmAWAAyAAEADAADYAQAAUADQALYARQASABRACYAFIAFQAhAAvgCQAFbALcAOgBHQCUAEAApoBZw". When i am decoding same consent string i noticed vebdor ID - 10,32,58,64,148,183 is missing. Could you please check and let me know if it is a bug in SDK or i am missing any configuration.

{"gdprApplies":false,"hasGlobalScope":true,"cookieVersion":"1","created":"2018-08-30T10:33:08.169","lastUpdated":"2018-08-30T10:33:08.169","cmpId":"28","cmpVersion":"1","consentLanguage":"en","consentScreen":"1","vendorListVersion":97,"maxVendorId":521,"purposeConsents":{"1":true,"2":true,"3":true,"4":true,"5":true},"vendorConsents":{"1":true,"10":true,"13":true,"24":true,"25":true,"32":true,"36":true,"42":true,"52":true,"58":true,"64":true,"69":true,"76":true,"81":true,"82":true,"91":true,"95":true,"132":true,"142":true,"144":true,"148":true,"173":true,"183":true,"333":true,"359":true}}

Decoded consent string "BAAAAAAOT_-v_AcABBENBh-AAAAgmAWAAyAAEADAADYAQAAUADQALYARQASABRACYAFIAFQAhAAvgCQAFbALcAOgBHQCUAEAApoBZw"

{"created":"1970-01-01T00:00:00.000Z","lastUpdated":"2018-09-12T22:33:18.800Z","version":1,"vendorList":null,"vendorListVersion":97,"cmpId":28,"cmpVersion":1,"consentScreen":1,"consentLanguage":"en","allowedPurposeIds":[1,2,3,4,5],"allowedVendorIds":[1,13,24,25,36,42,52,69,76,81,82,91,95,132,142,144,173,333,359],"maxVendorId":521}

I am using "1.2.4" consent string version.
Thanks,
Sumant

Hello,

Is there a pre-release version published by any chance?

I see that on master the types have been corrected in: 271e66f#diff-b739f95ace6bbf2f0fd5e8cf1dab97d8

Having cacheString in global make unexpected behavior.

Example:

const {ConsentString} = require('consent-string');

const globalVendorList = {vendorListVersion: 1,
  purposes: [{id: 1}, {id: 2}, {id: 3}, {id: 4}, {id: 5}],
  vendors: [{id: 10, name: 'vendor1'}, {id: 20, name: 'vendor2'}]};

const test1 = new ConsentString();
test1.setGlobalVendorList(globalVendorList);
test1.setCmpId(7);

const test2 = new ConsentString();
test2.setGlobalVendorList(globalVendorList);
test2.setCmpId(45);

console.log('TEST1:', test1.getConsentString(false));
console.log('TEST2:', test2.getConsentString(false));
console.log(test1.getConsentString(false) === test2.getConsentString(false))
;

In that case the consentString of the first object is returned on the second object!

Hi,

the readme states that there should be a method getMetadataString() which is helpful to construct the necessary metadata string for the getVendorConsents command of the iAB framework.

However this method is not implemented! Was this simply forgotten or intentionally stripped?

In bits.js line 53, the result of date.getTime() / 100 is a float number. This may result in a wrong encoding because encodeIntToBits function that is called there expects an int number.

I think it should be Math.round(date.getTime() / 100) as in description of the consent string format here.

Hi,

There is an issue with encoded cookie value. Encoding and decoding a ConsentString should provide the same values.

Here is the reproduction case

let cs = new ConsentString();
cs.setGlobalVendorList(globalVendorList); // retrieved from JSON vendor list url
cs.setVendorsAllowed([8, 12]);
let csEncoded = cs.getConsentString();
cs = new ConsentString(csEncoded);
let allowedVendors = cs.getVendorsAllowed(); // allowedVendors = [8, 9, 10, 11, 12]
// selecting any two consecutive ids with first one lower than second one will produce the bug

The issue comes from convertVendorsToRanges (encode.js).
vendors.reduce parses vendor ids assuming they are sorted, which is not the case.

Regard,

You would want to cover as many browsers as you can. Currently you can not really test the code with PhantomJS (I know, outdated, but the case is still valid) as for Array.from is not supported.

I would suggest for babel:

  "plugins": [
    "@59naga/babel-plugin-transform-array-from",
    "transform-es2015-arrow-functions",
    "transform-es2015-classes",
    "transform-es2015-destructuring",
    "transform-es2015-modules-commonjs",
    "transform-es2015-object-super",
    "transform-class-properties"
  ]

Only for Promises the user of the lib should have it's own Polyfill.

I would actually prefer to remove Array.from

And one other thing: Skip on the base-64 library. You can easily do without it, it will decrease bundle size and dependencies.

should they apply for a custom id? or should they use id=0?

Hi Team,

We have tried to bundle the consent string sdk JS using webpack but it doesnt work.
could yu please provide any guide or documentation on how to do that.
we want to use it for our web application . that will run on client side(browser).

Kind regards

Hi! I'm working in @schibsted spain and starting to implement for our webs the GDPR.
We are interested in having a library to handle all stuff related with CMP, like in this repo https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/tree/master/reference but without mixing presentation and logic ;)
I found this repo of consent string like an isolated concept and that's the idea we want to follow so I was wondering if it's possible that you create a repo like this for only the concept of CMP (CMP-SDK-JS perhaps ? ) and we can help you with 100% dedication doing PR's.
My main idea is to rewrite this https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/reference/src/lib/cmp.js using Promises to deal with async and use some architectural concepts to organize the code and the responsabilities.
Main goal is to not be coupled to presentation so anyone will can use this library to manage consents using whatever they want to use for presentation (react, cycle or whatever framework)

The repository field in package.json has a l at the end of the url making the link in the package page in npm go to a 404 in github

Does the framework have any suggestions/best practice/code snippets to show how third party cookies should be set in an ideal world?

The implementation I am working on is having issues cross browser.

Loading a CMP via a script tag on a publisher/advertiser site works well. As does then setting cookies from that domain.

However then making calls to the server to solicit a Set-Cookie header, does not seem to stick with all browsers.

Some help would be great, as cookies had been decided by the IAB as the storage mechanism, so guidance would be useful.

Thanks,
D

This package hasn't received updates in almost four years.

It no longer works with the latest vendor-list.json because the schema has changed:
https://vendor-list.consensu.org/v2/vendor-list.json

There seems to be an officially supported package for encoding/decoding from IAB:
https://www.npmjs.com/package/@iabtechlabtcf/core

There is an encoder/decoder tool built using this package here:
https://iabtcf.com/#/

I'd suggest we update the README of this package to point to that one instead.

The readme states

// Set the global vendor list
// You need to download and provide the vendor list yourself
// It can be found here - https://vendorlist.consensu.org/vendorlist.json

When viewing that link, I see an Access Denied error.
https://vendorlist.consensu.org/vendorlist.json