3.2.1 (2024-12-06)
Added
- Added new error types for CredentialsManagerException #783 (pmathew92)
- Making realm parameter optional for passkeys #776 (pmathew92)
3.2.0 (2024-11-07)
Added
3.1.0 (2024-10-31)
Added
3.0.0 (2024-10-30)
Check the Migration Guide to understand the changes required to migrate your application to v3 Check the [3.0.0.beta.0][https://github.com/auth0/Auth0.Android/releases/tag/3.0.0-beta.0] to understand other major changes
- BREAKING CHANGE: updated description of AuthenticationException in case of empty description #756 (desusai7)
- feat: implemented biometrics authentication for SecureCredentialsManager using androidx.biometrics package #745 (desusai7)
Added
3.0.0-beta.0 (2024-08-01)
- feat: implemented biometrics authentication for SecureCredentialsManager using androidx.biometrics package #745 (desusai7)
2.11.0 (2024-05-08)
Added
Fixed
Security
- Bump codecov/codecov-action from 3.1.4 to 4.0.1 #714 (dependabot[bot])
- Bump github/codeql-action from 2 to 3 #705 (dependabot[bot])
- chore(dependencies): Update OkHttp to 4.12.0 #696 (evansims)
2.10.2 (2023-10-04)
Fixed
- Destroy TWA Launcher at unbind #690 (poovamraj)
- Use ThreadPool to launch browser for authentication #689 (poovamraj)
Security
- Update Okio to resolve CVE-2023-3635 #687 (jimmyjames)
- build(dependencies): Update OkHttp to 4.11.0 [SDK-4501] #684 (evansims)
2.10.1 (2023-08-01)
Fixed
2.10.0 (2023-07-18)
Added
- Return refreshed Credentials in CredentialsManagerException to avoid logout #666 (poovamraj)
- [SDK-4413] Support Organization Name #669 (poovamraj)
- Add more error pairs to isMultifactorCodeInvalid [SDK-4194] #664 (poovamraj)
Fixed
- Avoid null pointer exception because of error description #667 (poovamraj)
- Revert changes from #654. Fix renew Credentials logic #670 (poovamraj)
Security
2.9.3 (2023-05-19)
Fixed
- Consider SocketException as network error #659 (poovamraj)
- [ESD-28245] Fix not propagating error values from server #658 (poovamraj)
2.9.2 (2023-05-05)
Fixed
- Add required scopes to token and renewAuth requests #654 (poovamraj)
- Added rule to support Proguard in full mode #652 (poovamraj)
2.9.1 (2023-04-18)
Fixed
2.9.0 (2023-03-16)
Added
- Added forceRefresh option to getCredentials #637 (poovamraj)
- Add Invalid refresh token flag #635 (poovamraj)
- [SDK-3348] Implement trusted web activity support #631 (poovamraj)
- Allow
authorizeUrl
andlogoutUrl
customisation #622 (poovamraj) - Add AuthenticationException.isTooManyAttempts error #615 (tomhusson-toast)
Fixed
2.8.1 (2023-01-11)
This patch release does not contain any functional changes, but is being released using an updated signing key for verification as part of our commitment to best security practices. Please review the README note for additional details.
2.8.0 (2022-07-05)
Added
- [SDK-3329] Improved ID token exception API #577 (poovamraj)
- [SDK-3144] Add user property to Credentials #569 (adamjmcgrath)
- [SDK-3353] Validate claims for ID Token received in Authentication API Client #575 (poovamraj)
- [SDK-3346] Implemented coroutine support #563 (poovamraj)
Changed
- [SDK-3358] Improve Android README #579 (adamjmcgrath)
- [SDK-3352] Expire credentials based on access token alone #572 (adamjmcgrath)
Deprecated
- Remove
user_metadata
use case fromaddSignUpParameters
#567 (adamjmcgrath)
Fixed
- [SDK-3452] Network Exception Issue Fix #580 (poovamraj)
- [SDK-3350] Empty credentials before continuing should throw CredentialsManagerException #576 (poovamraj)
- [SDK-3354] Deserialize UserProfile.createdAt as ISO8601 #571 (adamjmcgrath)
- [SDK-3082] Avoid config change to handle authentication #566 (poovamraj)
- createdAt should be deserialized as ISO8601 UTC (not local time) #564 (adamjmcgrath)
Security
- Security: Update OkHttp to 4.10.0 #574 (evansims)
- Security: Bump Kotlin Stdlib to 1.6.20 to address CVE-2022-24329 #552 (evansims)
- Bump OkHttp version #551 (lbalmaceda)
2.7.0 (2022-02-25)
Changed
2.6.0 (2021-12-07)
Changed
- Improve authenticated flow of the Credentials Manager #519 (lbalmaceda)
2.5.1 (2021-11-08)
Security
2.5.0 (2021-10-11)
Added
Changed
- Update Configuration URL (CDN URL) [SDK-2710] #520 (lbalmaceda)
Fixed
- Fix memory leak in CustomTabsService #517 (lbalmaceda)
- Prevent NPE when parsing email_verified boolean #516 (lbalmaceda)
- Proper migration for the new key sets was applied #512 (lbalmaceda)
- Always close request body InputStream when exception occurs #492 (Marcono1234)
2.4.0 (2021-07-20)
Added
- Add federated option to the Web Auth Logout [SDK-2165] #501 (lbalmaceda)
- Add support for Recovery Code multi-factor authentication #500 (lbalmaceda)
- Add support for OOB multi-factor authentication [SDK-2657] #498 (lbalmaceda)
Fixed
- Fix MFA Challenge authentication and prevent sending the scope again #504 (lbalmaceda)
- Fix bug parsing content type headers #503 (lbalmaceda)
- Catch IOExceptions from response body InputStream #486 (jeffdgr8)
2.3.0 (2021-07-02)
Changed
- Explicitly specify charset, don't rely on default charset #491 (Marcono1234)
- Disable share button in Chrome custom tabs #489 (latsson)
- Rewrite ThreadSwitcher class so that it is not tied to Looper #482 (alvindizon)
Fixed
- Improve access_denied error handling by using the description #494 (lbalmaceda)
2.2.0 (2021-04-21)
Added
- Accept UserMetadata for creating users [SDK-2429] #475 (lbalmaceda)
Fixed
- Let dokka plugin pull dependencies from JCenter #471 (lbalmaceda)
2.1.0 (2021-03-26)
Added
- Add support for Organizations [SDK-2396] #467 (lbalmaceda)
Changed
- Migrate to newer OSS Plugin with support for Sonatype #469 (lbalmaceda)
Fixed
- Add Java's R8 Proguard rules for Gson #465 (lbalmaceda)
2.0.0 (2021-02-10)
This is a major release and contains breaking changes!
Please see the migration guide document. The full changelog from version 1 to version 2 is here.
v2 requires Android API version 21 or later and Java 8+. Update your build.gradle
file with the following:
android {
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = '1.8'
}
}
- Supports exclusively the OpenID Connect authentication pipeline from Auth0.
- Uses AndroidX dependencies, and drops the use of the Jetifier plugin.
- Reworked networking stack. Offers a customizable Networking Client.
See the changelog entries below for additional details.
What follows is the summary of changes made from 2.0.0-beta.0
.
Changed
- Improve Credentials class nullability #457 (lbalmaceda)
- Enforce openid scope on the AuthenticationAPIClient #455 (lbalmaceda)
- Make JsonRequired annotation internal #452 (lbalmaceda)
- Make requests that return Void have an optional type #447 (lbalmaceda)
2.0.0-beta.0 (2021-01-19)
Changed
- Refactor JWT decoding logic #443 (lbalmaceda)
- Explicitly reject "none" signing algorithm #442 (lbalmaceda)
- Receive NetworkingClient through the Auth0 instance #440 (lbalmaceda)
- Update the Credentials class #435 (lbalmaceda)
- Move to a JSON client singleton #433 (lbalmaceda)
- Migrate default NetworkingClient implementation to use OkHttp #428 (lbalmaceda)
- Enforce the "openid" scope for the WebAuthProvider #422 (lbalmaceda)
- Update WebAuthProvider#start required Context #421 (lbalmaceda)
- Stop using kotlin.Unit in public APIs #414 (lbalmaceda)
- Migrate Public API to Kotlin #410 (lbalmaceda)
Deprecated
- Deprecate isAuthenticationCanceled in favor of isCanceled #425 (lbalmaceda)
- Merge BaseCallback into Callback #416 (jimmyjames)
Removed
- Remove setUserAgent methods from API clients #444 (lbalmaceda)
- Remove timeouts and logging setters from Auth0 class #441 (lbalmaceda)
- Run and fix inspections, remove unused classes #439 (lbalmaceda)
- Remove obsolete config properties #432 (jimmyjames)
- Remove DatabaseConnectionRequest class #417 (lbalmaceda)
Fixed
- Fix request to patch user metadata #429 (lbalmaceda)
Breaking changes
- Stop using VoidCallback on WebAuth Logout #424 (lbalmaceda)
- Change WebAuthProvider (Login) callback type #415 (lbalmaceda)
1.30.0 (2020-12-18)
Added
Deprecated
- Deprecate API client constructors that take Context #393 (lbalmaceda)
- Deprecate Legacy Authentication APIs #391 (jimmyjames)
1.29.2 (2020-11-11)
Fixed
- Refactor: Move passwordless "invalid credentials" errors #373 (lbalmaceda)
1.29.1 (2020-11-10)
Fixed
1.29.0 (2020-11-04)
Added
- SecureCredentialsManager: Allow to pass scope and minTTL #369 (lbalmaceda)
- CredentialsManager: Allow to pass scope and minTTL #363 (lbalmaceda)
1.28.0 (2020-10-13)
Added
- Accept a custom clock instance in both Credentials Managers [SDK-1973] #358 (lbalmaceda)
Fixed
1.27.0 (2020-09-25)
Added
- Feat: Filter allowed CustomTabs browsers #353 (lbalmaceda)
1.26.1 (2020-09-16)
Fixed
- Fix NPE on Kotlin when callbacks returned a nullable value #344 (lbalmaceda)
1.26.0 (2020-09-11)
Having project sync issues after upgrading? This release defines a "queries" element in the Android Manifest file to make the SDK compatible with Android 11 new privacy changes. If you run into a build compile issue when importing this version, make sure that you are using the latest patch version of the Android Gradle Plugin. Check the table in the announcement blogpost to learn to what version you should update.
Changed
- Improve compatibility with Kotlin and run Lint on CI #337 (lbalmaceda)
Fixed
- Add support for Android 11 new privacy settings #335 (lbalmaceda)
1.25.0 (2020-08-21)
Added
- Add Bot Protection support #329 (lbalmaceda)
- Support use of Custom Issuer for ID Token verification [SDK-1910] #328 (lbalmaceda)
1.24.1 (2020-08-04)
Fixed
- Patch Key alias migration for Secure Credentials Manager #325 (lbalmaceda)
1.24.0 (2020-07-16)
Starting from this version, the alias used to store the key pair in the Android Keystore is prefixed to avoid collisions between other Auth0 enabled apps. Your users will be facing a "credentials not found" scenario, requiring them to log in again once. Double check that you are not ignoring the errors being returned in the callback and documented here.
Changed
- Allow to set headers and parameters in all requests #318 (lbalmaceda)
Fixed
- Use of a unique keystore key alias across apps #315 (lbalmaceda)
1.23.0 (2020-03-30)
Added
- Support Refresh Token Rotation #294 (lbalmaceda)
Fixed
- Improve consistency around Expires At in CredentialsManager #295 (lbalmaceda)
1.22.1 (2020-03-04)
Fixed
- Handle weird SecureCredentialsManager exceptions #288 (lbalmaceda)
1.22.0 (2020-02-06)
Added
- Add support for Social Native Token Exchange endpoint #281 (lbalmaceda)
1.21.0 (2020-01-29)
Added
- Allow to customize the redirect URI / return to URL #279 (lbalmaceda)
1.20.1 (2020-01-10)
Changed
- Update OSS Gradle plugin version #275 (lbalmaceda)
Removed
- Remove issued_at value check #274 (lbalmaceda)
1.20.0 (2019-12-23)
Added
- Add OIDC passwordless #271 (lbalmaceda)
- Support fetching the JWKS #260 (lbalmaceda)
Fixed
- Use closeTo to still match with small differences [part 2] #272 (lbalmaceda)
Security
- Improve OIDC compliance #265 (lbalmaceda)
1.19.1 (2019-11-29)
Fixed
- Fix CredentialsManager migration scenario #266 (lbalmaceda)
1.19.0 (2019-09-10)
Changed
- Update CredentialManager classes to include IDToken expiration #254 (lbalmaceda)
1.18.0 (2019-07-26)
Changed
- Update gradle android plugin and wrapper version #250 (lbalmaceda)
1.17.0 (2019-06-28)
Added
- Add WebAuth Logout feature #245 (lbalmaceda)
Deprecated
- Deprecate WebAuthProvider.init() #247 (lbalmaceda)
1.16.0 (2019-06-18)
Added
- Support Web authentication cancel scenario #240 (lbalmaceda)
- Expose NetworkErrorException when request fails due to networking #235 (lbalmaceda)
Fixed
- Update PKCE usage requirements and errors #239 (lbalmaceda)
- Make connection_scope separate values with comma #236 (lbalmaceda)
1.15.2 (2019-04-17)
Fixed
- Update telemetry format #228 (lbalmaceda)
1.15.1 (2019-01-28)
Fixed
- Delete keys and stored Credentials on unrecoverable use cases #218 (lbalmaceda)
1.15.0 (2019-01-10)
Added
- Allow to override default timeouts for Http Client #206 (nolivermke)
Changed
- Update Telemetry format #209 (lbalmaceda)
Fixed
- Add Android P support for SecureCredentialsManager #203 (TheGamer007)
1.14.1 (2018-10-04)
Fixed
- Use latest patch of the OSS plugin #190 (lbalmaceda)
1.14.0 (2018-10-03)
Fixed
- Change target sdk to 28 and use latest Gradle plugin #186 (lbalmaceda)
1.13.2 (2018-07-20)
Fixed
- Fix service handling when custom tabs are not available #173 (lbalmaceda)
1.13.1 (2018-07-13)
Fixed
- Fix Web Authentication issues #169 (lbalmaceda)
1.13.0 (2018-06-05)
Added
- Allow SSO error to go through #161 (lbalmaceda)
- Add support for MFA using OIDC conformant endpoints #146 (lbalmaceda)
1.12.2 (2018-03-19)
Fixed
- Disable HTTP 2 protocol on OkHttp client #152 (lbalmaceda)
1.12.1 (2018-02-01)
Fixed
- Fix NPE when browser re-attempts a finished authentication #143 (lbalmaceda)
1.12.0 (2017-11-17)
Added
1.11.0 (2017-10-17)
Added
- Add an encrypted version of the CredentialsManager #115 (lbalmaceda)
- Allow Custom Tabs UI to be customizable #111 (lbalmaceda)
Changed
- Make Credential Managers save the refreshed value #118 (lbalmaceda)
1.10.1 (2017-10-05)
Fixed
- Make CCT stay alive when activity is paused #121 (lbalmaceda)
- Fix bug when canceling WebAuth flow #120 (lbalmaceda)
- Capture invalid_credentials error for OIDC endpoints #114 (lbalmaceda)
1.10.0 (2017-07-19)
Changed
- Add a manifest placeholder for configuring the scheme #110 (lbalmaceda)
1.9.0 (2017-07-10)
Added
- Add hasValidCredentials and clearCredentials to CredentialsManager #102 (lbalmaceda)
- Add granted scope to the Credentials object #97 (lbalmaceda)
- Add CredentialsManager and generic Storage #96 (lbalmaceda)
Changed
- Use Chrome Custom Tabs when possible #95 (lbalmaceda)
1.8.0 (2017-04-27)
Added
- Add method to revoke a refresh_token #86 (lbalmaceda)
1.7.0 (2017-04-06)
Added
- Add WebAuthProvider Rule error message parsing #89 (lbalmaceda)
1.6.0 (2017-03-02)
Added
- Add expires_in field to the Credentials class #78 (lbalmaceda)
- Added: GET UserProfile endpoint for UsersAPIClient #76 (lbalmaceda)
Changed
- Extract the user id from the 'sub' claim if present #77 (lbalmaceda)
- Strictly compare the OIDC invalid_request message #75 (lbalmaceda)
- Credentials fields are not guaranteed to be present #74 (lbalmaceda)
Fixed
- Ensure closing the response body after it was parsed #79 (lbalmaceda)
1.5.0 (2017-01-31)
Added
- Log a warning message when using non-OIDC endpoints in OIDC mode #70 (lbalmaceda)
- Refresh auth using /oauth/token refresh_token grant (OIDC mode) #68 (lbalmaceda)
Fixed
- Fix JavaDoc errors and warnings #72 (lbalmaceda)
1.4.0 (2017-01-02)
Added
- Update Proguard rules and include them on the packaging #66 (lbalmaceda)
- Add base values getters for the Telemetry class #63 (lbalmaceda)
- Add warning log message when custom scheme is not lower case #58 (lbalmaceda)
- Add flag to authenticate with OIDC mode #57 (lbalmaceda)
- Customize the Scheme used in the redirect_uri parameter #54 (lbalmaceda)
Changed
- Remove required fields check on UserProfile deserializing #65 (lbalmaceda)
- Migrate OIDCConformant flag into Auth0 class #62 (lbalmaceda)
- Use password-realm grant for /oauth/token endpoint #56 (lbalmaceda)
Fixed
- Fix bug when parsing PasswordStrength errors into AuthenticationException #60 (lbalmaceda)
Breaking changes
- Migrate loggingEnabled flag to Auth0 class #64 (lbalmaceda)
1.3.0 (2016-12-12)
Added
- Allow to specify Audience parameter in the WebAuthProvider #49 (lbalmaceda)
Fixed
- Generate and save State and Nonce variables for WebAuthProvider #50 (lbalmaceda)
1.2.0 (2016-11-30)
Added
- Add userInfo method #44 (lbalmaceda)
- Get new Credentials using a Refresh Token #43 (lbalmaceda)
- Login with password grant using /oauth/token endpoint #42 (lbalmaceda)
- Add Logging for Requests/Responses and Uri's. #40 (lbalmaceda)
- Support multiple response_type values #38 (lbalmaceda)
Deprecated
- Deprecate useCodeGrant in the WebAuthProvider class #46 (lbalmaceda)
- Deprecate tokenInfo method in favor of userInfo #45 (lbalmaceda)
1.1.2 (2015-11-22)
Fixed
1.1.1 (2015-11-21)
Deprecated
- Deprecate WebView authentication flow #36 (lbalmaceda)
Fixed
- Avoid sending null parameters in the authorize URI #35 (lbalmaceda)
1.1.0 (2015-10-14)
Added
- Add connection_scope setter #31 (lbalmaceda)
- Allow to set additional Parameters. #29 (lbalmaceda)
Deprecated
- Remove Deprecated WebView/Fullscreen options #32 (lbalmaceda)
Fixed
- Change default WebAuthProvider connection to null #33 (lbalmaceda)
1.0.1 (2015-09-27)
Changed
- Make AuthHandler callback protected again #27 (lbalmaceda)
1.0.0 (2015-09-15)
Android java toolkit for Auth0 API
Android API version 15 or newer
Auth0.android is available through Gradle. To install it, simply add the following line to your build.gradle
file:
dependencies {
compile "com.auth0.android:auth0:1.0.0"
}