Skip to content

Latest commit

 

History

History
722 lines (506 loc) · 45.3 KB

CHANGELOG.md

File metadata and controls

722 lines (506 loc) · 45.3 KB

Change Log

3.2.1 (2024-12-06)

Full Changelog

Added

  • Added new error types for CredentialsManagerException #783 (pmathew92)
  • Making realm parameter optional for passkeys #776 (pmathew92)

3.2.0 (2024-11-07)

Full Changelog

Added

  • Supporting passkey via AuthenticationAPIClient #773 (pmathew92)

3.1.0 (2024-10-31)

Full Changelog

Added

3.0.0 (2024-10-30)

Full Changelog

Check the Migration Guide to understand the changes required to migrate your application to v3 Check the [3.0.0.beta.0][https://github.com/auth0/Auth0.Android/releases/tag/3.0.0-beta.0] to understand other major changes

⚠️ BREAKING CHANGES

  • BREAKING CHANGE: updated description of AuthenticationException in case of empty description #756 (desusai7)
  • feat: implemented biometrics authentication for SecureCredentialsManager using androidx.biometrics package #745 (desusai7)

Added

3.0.0-beta.0 (2024-08-01)

Full Changelog

⚠️ BREAKING CHANGES

  • feat: implemented biometrics authentication for SecureCredentialsManager using androidx.biometrics package #745 (desusai7)

2.11.0 (2024-05-08)

Full Changelog

Added

  • Implement headers support in getCredentials and awaitCredentials #699 (poovamraj)

Fixed

  • Guard against NullPointerException when getting Credentials from Json #701 (bennycao)

Security

2.10.2 (2023-10-04)

Full Changelog

Fixed

Security

2.10.1 (2023-08-01)

Full Changelog

Fixed

  • Handle SecurityException thrown while launching the browser #677 (poovamraj)

2.10.0 (2023-07-18)

Full Changelog

Added

  • Return refreshed Credentials in CredentialsManagerException to avoid logout #666 (poovamraj)
  • [SDK-4413] Support Organization Name #669 (poovamraj)
  • Add more error pairs to isMultifactorCodeInvalid [SDK-4194] #664 (poovamraj)

Fixed

  • Avoid null pointer exception because of error description #667 (poovamraj)
  • Revert changes from #654. Fix renew Credentials logic #670 (poovamraj)

Security

  • chore(security): Update and pin Graddle workflow actions #671 (evansims)

2.9.3 (2023-05-19)

Full Changelog

Fixed

  • Consider SocketException as network error #659 (poovamraj)
  • [ESD-28245] Fix not propagating error values from server #658 (poovamraj)

2.9.2 (2023-05-05)

Full Changelog

Fixed

  • Add required scopes to token and renewAuth requests #654 (poovamraj)
  • Added rule to support Proguard in full mode #652 (poovamraj)

2.9.1 (2023-04-18)

Full Changelog

Fixed

2.9.0 (2023-03-16)

Full Changelog

Added

Fixed

  • Gson crashes when minified with R8 strict mode #634 (wiyarmir)

2.8.1 (2023-01-11)

Full Changelog

This patch release does not contain any functional changes, but is being released using an updated signing key for verification as part of our commitment to best security practices. Please review the README note for additional details.

2.8.0 (2022-07-05)

Full Changelog

Added

  • [SDK-3329] Improved ID token exception API #577 (poovamraj)
  • [SDK-3144] Add user property to Credentials #569 (adamjmcgrath)
  • [SDK-3353] Validate claims for ID Token received in Authentication API Client #575 (poovamraj)
  • [SDK-3346] Implemented coroutine support #563 (poovamraj)

Changed

Deprecated

Fixed

  • [SDK-3452] Network Exception Issue Fix #580 (poovamraj)
  • [SDK-3350] Empty credentials before continuing should throw CredentialsManagerException #576 (poovamraj)
  • [SDK-3354] Deserialize UserProfile.createdAt as ISO8601 #571 (adamjmcgrath)
  • [SDK-3082] Avoid config change to handle authentication #566 (poovamraj)
  • createdAt should be deserialized as ISO8601 UTC (not local time) #564 (adamjmcgrath)

Security

2.7.0 (2022-02-25)

Full Changelog

Changed

2.6.0 (2021-12-07)

Full Changelog

Changed

  • Improve authenticated flow of the Credentials Manager #519 (lbalmaceda)

2.5.1 (2021-11-08)

Full Changelog

Security

2.5.0 (2021-10-11)

Full Changelog

Added

  • Credentials Managers: renew tokens with extra parameters #514 (lustikuss)

Changed

Fixed

2.4.0 (2021-07-20)

Full Changelog

Added

  • Add federated option to the Web Auth Logout [SDK-2165] #501 (lbalmaceda)
  • Add support for Recovery Code multi-factor authentication #500 (lbalmaceda)
  • Add support for OOB multi-factor authentication [SDK-2657] #498 (lbalmaceda)

Fixed

  • Fix MFA Challenge authentication and prevent sending the scope again #504 (lbalmaceda)
  • Fix bug parsing content type headers #503 (lbalmaceda)
  • Catch IOExceptions from response body InputStream #486 (jeffdgr8)

2.3.0 (2021-07-02)

Full Changelog

Changed

  • Explicitly specify charset, don't rely on default charset #491 (Marcono1234)
  • Disable share button in Chrome custom tabs #489 (latsson)
  • Rewrite ThreadSwitcher class so that it is not tied to Looper #482 (alvindizon)

Fixed

  • Improve access_denied error handling by using the description #494 (lbalmaceda)

2.2.0 (2021-04-21)

Full Changelog

Added

Fixed

2.1.0 (2021-03-26)

Full Changelog

Added

Changed

  • Migrate to newer OSS Plugin with support for Sonatype #469 (lbalmaceda)

Fixed

2.0.0 (2021-02-10)

This is a major release and contains breaking changes!

Please see the migration guide document. The full changelog from version 1 to version 2 is here.

New requirements

v2 requires Android API version 21 or later and Java 8+. Update your build.gradle file with the following:

android {
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }

    kotlinOptions {
        jvmTarget = '1.8'
    }
}

Main features

  • Supports exclusively the OpenID Connect authentication pipeline from Auth0.
  • Uses AndroidX dependencies, and drops the use of the Jetifier plugin.
  • Reworked networking stack. Offers a customizable Networking Client.

See the changelog entries below for additional details.

What follows is the summary of changes made from 2.0.0-beta.0.

Full Changelog

Changed

2.0.0-beta.0 (2021-01-19)

Full Changelog

Changed

Deprecated

Removed

Fixed

Breaking changes

1.30.0 (2020-12-18)

Full Changelog

Added

  • Add custom headers to social token request #351 (TLFilip)

Deprecated

1.29.2 (2020-11-11)

Full Changelog

Fixed

  • Refactor: Move passwordless "invalid credentials" errors #373 (lbalmaceda)

1.29.1 (2020-11-10)

Full Changelog

Fixed

  • Handle API response for mobile OTP code incorrect. #371 (nicbell)

1.29.0 (2020-11-04)

Full Changelog

Added

  • SecureCredentialsManager: Allow to pass scope and minTTL #369 (lbalmaceda)
  • CredentialsManager: Allow to pass scope and minTTL #363 (lbalmaceda)

1.28.0 (2020-10-13)

Full Changelog

Added

  • Accept a custom clock instance in both Credentials Managers [SDK-1973] #358 (lbalmaceda)

Fixed

  • Catch a gson JsonIOException when parsing SimpleRequest response [SDK-1981] #355 (quibi-jlk)

1.27.0 (2020-09-25)

Full Changelog

Added

1.26.1 (2020-09-16)

Full Changelog

Fixed

  • Fix NPE on Kotlin when callbacks returned a nullable value #344 (lbalmaceda)

1.26.0 (2020-09-11)

Full Changelog

Having project sync issues after upgrading? This release defines a "queries" element in the Android Manifest file to make the SDK compatible with Android 11 new privacy changes. If you run into a build compile issue when importing this version, make sure that you are using the latest patch version of the Android Gradle Plugin. Check the table in the announcement blogpost to learn to what version you should update.

Changed

  • Improve compatibility with Kotlin and run Lint on CI #337 (lbalmaceda)

Fixed

1.25.0 (2020-08-21)

Full Changelog

Added

1.24.1 (2020-08-04)

Full Changelog

Fixed

  • Patch Key alias migration for Secure Credentials Manager #325 (lbalmaceda)

1.24.0 (2020-07-16)

Full Changelog

Read if using the SecureCredentialsManager

Starting from this version, the alias used to store the key pair in the Android Keystore is prefixed to avoid collisions between other Auth0 enabled apps. Your users will be facing a "credentials not found" scenario, requiring them to log in again once. Double check that you are not ignoring the errors being returned in the callback and documented here.

Changed

  • Allow to set headers and parameters in all requests #318 (lbalmaceda)

Fixed

1.23.0 (2020-03-30)

Full Changelog

Added

Fixed

  • Improve consistency around Expires At in CredentialsManager #295 (lbalmaceda)

1.22.1 (2020-03-04)

Full Changelog

Fixed

1.22.0 (2020-02-06)

Full Changelog

Added

  • Add support for Social Native Token Exchange endpoint #281 (lbalmaceda)

1.21.0 (2020-01-29)

Full Changelog

Added

  • Allow to customize the redirect URI / return to URL #279 (lbalmaceda)

1.20.1 (2020-01-10)

Full Changelog

Changed

Removed

1.20.0 (2019-12-23)

Full Changelog

Added

Fixed

  • Use closeTo to still match with small differences [part 2] #272 (lbalmaceda)

Security

1.19.1 (2019-11-29)

Full Changelog

Fixed

1.19.0 (2019-09-10)

Full Changelog

Changed

  • Update CredentialManager classes to include IDToken expiration #254 (lbalmaceda)

1.18.0 (2019-07-26)

Full Changelog

Changed

1.17.0 (2019-06-28)

Full Changelog

Added

Deprecated

1.16.0 (2019-06-18)

Full Changelog

Added

  • Support Web authentication cancel scenario #240 (lbalmaceda)
  • Expose NetworkErrorException when request fails due to networking #235 (lbalmaceda)

Fixed

1.15.2 (2019-04-17)

Full Changelog

Fixed

1.15.1 (2019-01-28)

Full Changelog

Fixed

  • Delete keys and stored Credentials on unrecoverable use cases #218 (lbalmaceda)

1.15.0 (2019-01-10)

Full Changelog

Added

  • Allow to override default timeouts for Http Client #206 (nolivermke)

Changed

Fixed

1.14.1 (2018-10-04)

Full Changelog

Fixed

1.14.0 (2018-10-03)

Full Changelog

Fixed

  • Change target sdk to 28 and use latest Gradle plugin #186 (lbalmaceda)

1.13.2 (2018-07-20)

Full Changelog

Fixed

  • Fix service handling when custom tabs are not available #173 (lbalmaceda)

1.13.1 (2018-07-13)

Full Changelog

Fixed

1.13.0 (2018-06-05)

Full Changelog

Added

1.12.2 (2018-03-19)

Full Changelog

Fixed

1.12.1 (2018-02-01)

Full Changelog

Fixed

  • Fix NPE when browser re-attempts a finished authentication #143 (lbalmaceda)

1.12.0 (2017-11-17)

Full Changelog

Added

  • Add support for TLS1.2 on pre-lollipop devices. #128 (dj-mal)

1.11.0 (2017-10-17)

Full Changelog

Added

Changed

1.10.1 (2017-10-05)

Full Changelog

Fixed

1.10.0 (2017-07-19)

Full Changelog

Changed

  • Add a manifest placeholder for configuring the scheme #110 (lbalmaceda)

1.9.0 (2017-07-10)

Full Changelog

Added

  • Add hasValidCredentials and clearCredentials to CredentialsManager #102 (lbalmaceda)
  • Add granted scope to the Credentials object #97 (lbalmaceda)
  • Add CredentialsManager and generic Storage #96 (lbalmaceda)

Changed

1.8.0 (2017-04-27)

Full Changelog

Added

1.7.0 (2017-04-06)

Full Changelog

Added

  • Add WebAuthProvider Rule error message parsing #89 (lbalmaceda)

1.6.0 (2017-03-02)

Full Changelog

Added

  • Add expires_in field to the Credentials class #78 (lbalmaceda)
  • Added: GET UserProfile endpoint for UsersAPIClient #76 (lbalmaceda)

Changed

  • Extract the user id from the 'sub' claim if present #77 (lbalmaceda)
  • Strictly compare the OIDC invalid_request message #75 (lbalmaceda)
  • Credentials fields are not guaranteed to be present #74 (lbalmaceda)

Fixed

  • Ensure closing the response body after it was parsed #79 (lbalmaceda)

1.5.0 (2017-01-31)

Full Changelog

Added

  • Log a warning message when using non-OIDC endpoints in OIDC mode #70 (lbalmaceda)
  • Refresh auth using /oauth/token refresh_token grant (OIDC mode) #68 (lbalmaceda)

Fixed

1.4.0 (2017-01-02)

Full Changelog

Added

  • Update Proguard rules and include them on the packaging #66 (lbalmaceda)
  • Add base values getters for the Telemetry class #63 (lbalmaceda)
  • Add warning log message when custom scheme is not lower case #58 (lbalmaceda)
  • Add flag to authenticate with OIDC mode #57 (lbalmaceda)
  • Customize the Scheme used in the redirect_uri parameter #54 (lbalmaceda)

Changed

  • Remove required fields check on UserProfile deserializing #65 (lbalmaceda)
  • Migrate OIDCConformant flag into Auth0 class #62 (lbalmaceda)
  • Use password-realm grant for /oauth/token endpoint #56 (lbalmaceda)

Fixed

  • Fix bug when parsing PasswordStrength errors into AuthenticationException #60 (lbalmaceda)

Breaking changes

1.3.0 (2016-12-12)

Full Changelog

Added

  • Allow to specify Audience parameter in the WebAuthProvider #49 (lbalmaceda)

Fixed

  • Generate and save State and Nonce variables for WebAuthProvider #50 (lbalmaceda)

1.2.0 (2016-11-30)

Full Changelog

Added

Deprecated

  • Deprecate useCodeGrant in the WebAuthProvider class #46 (lbalmaceda)
  • Deprecate tokenInfo method in favor of userInfo #45 (lbalmaceda)

1.1.2 (2015-11-22)

Full Changelog

Fixed

  • Fix scope being overriden during WebAuth #37 (hzalaz)

1.1.1 (2015-11-21)

Full Changelog

Deprecated

Fixed

  • Avoid sending null parameters in the authorize URI #35 (lbalmaceda)

1.1.0 (2015-10-14)

Full Changelog

Added

Deprecated

Fixed

  • Change default WebAuthProvider connection to null #33 (lbalmaceda)

1.0.1 (2015-09-27)

Full Changelog

Changed

1.0.0 (2015-09-15)

Android java toolkit for Auth0 API

Requirements

Android API version 15 or newer

Installation

Gradle

Auth0.android is available through Gradle. To install it, simply add the following line to your build.gradle file:

dependencies {
    compile "com.auth0.android:auth0:1.0.0"
}