SDK for Android changelog
Subscribe to get automatic updates:
Android SDK 4.5.0
July 12, 2024
Added
-
Added support for signing off from PingOne to the centralized login flow. [SDKS-3020]
-
Added the ability to dynamically configure the SDK by collecting values from the server’s OpenID Connect
.well-known
endpoint. [SDKS-3022]
Fixed
-
Resolved security vulnerability warnings related to the
commons-io-2.6.jar
andbcprov-jdk15on-1.68.jar
libraries. [SDKS-3072, SDKS-3073] -
Fixed a
NullPointerException
in the centralized login flow. [SDKS-3079] -
Improved multi-threaded performance when caching access tokens. [SDKS-3104]
-
Synchronized the encryption and decryption block to avoid keystore crashes. [SDKS-3199]
-
Fixed an issue related to handling
HiddenValueCallback
ifisMinifyEnabled
is set totrue
. [SDKS-3201] -
Fixed an issue where device binding using an application PIN was failing when Arabic language was used. [SDKS-3221]
-
Fixed an issue where browser sessions were not properly signed out when a non-default browser was used in centralized login. [SDKS-3276]
-
Fixed an unexpected behavior in the authentication flow caused by
AppAuthConfiguration
settings being ignored during centralized login. [SDKS-3277] -
Fixed the
FRUser.revokeAccessToken()
method to not end the user’s session during the centralized login flow. [SDKS-3282]
Android SDK 4.4.0
March 28, 2024
Added
-
Added a new module for integration with PingOne Protect. [SDKS-2900]
-
Added support for the
TextInput
callback. [SDKS-545] -
Added an interface for customizing the biometric UI prompts when device binding or signing. [SDKS-2991]
-
Added
x-requested-with: forgerock-sdk
andx-requested-platform: android
immutable HTTP headers to each outgoing request. [SDKS-3033]
Fixed
-
Addressed a null pointer exception during centralized login by using
ActivityResultContract
in place of the deprecatedonActivityResult
method. [SDKS-3079] -
Addressed
nimbus-jose-jwt:9.25
library security vulnerability (CVE-2023-52428). [SDKS-2988]
Android SDK 4.3.1
February 9, 2024
Fixed
-
Fixed an issue where the SDK crashes during device binding on Android 9 devices. [SDKS-2948]
Android SDK 4.3.0
December 28, 2023
Added
-
Added ability to customize cookie headers in outgoing requests from the SDK. [SDKS-2780]
-
Added ability to add custom claims when verifying signatures from bound devices. [SDKS-2787]
-
Added client-side support for the upcoming
AppIntegrity
callback. [SDKS-2631]
Updated
-
The SDK now uses auth-per-use keys for Device Binding. [SDKS-2797]
-
Improved handling of WebAuthn cancellations. [SDKS-2819]
-
The
forgerock_url
,forgerock_realm
, andforgerock_cookie_name
parameters are now mandatory when dynamically configuring the SDK. [SDKS-2782] -
Addressed
woodstox-core:6.2.4
library security vulnerability CVE-2022-40152. [SDKS-2751]
Android SDK 4.2.0
October 3, 2023
Added
-
Added Gradle 8 and JDK 17 support. [SDKS-2451]
-
Added Android 14 support. [SDKS-2636]
-
Added verification of key pairs during device binding enrollment by using Google Key Attestation. [SDKS-2412]
-
Added issued at (
iat
) and not before (nbf
) claims to JSON Web tokens used for device binding and signing verification. [SDKS-2747]
Android SDK 4.1.0
July 31, 2023
Added
-
Added support for interceptors in the authenticator module. [SDKS-2544]
-
Added an interface for refreshing access tokens. [SDKS-2567]
-
Added support for policy advice from IG in JSON format. [SDKS-2240]
Fixed
-
Fixed an issue with parsing the
issuer
value in the URI provided by the combined MFA registration node. [SDKS-2542] -
Added an error message about duplicated accounts while using the combined MFA registration node. [SDKS-2627]
-
Fixed an issue that caused loss of WebAuthn credentials when upgrading the SDK from 4.0.0-beta4 to newer versions. [SDKS-2576]
Android SDK 4.0.0
May 30, 2023
Added
-
Upgraded the Google Fido client to support Passkeys. [SDKS-2243]
-
Added the
FRWebAuthn
interface to remove WebAuthn reference keys. [SDKS-2272] -
Added an interface to specify a device name during WebAuthn registration. [SDKS-2296]
-
Added
DeviceBinding
callback support. [SDKS-1747] -
Added
DeviceSigningVerifier
callback support. [SDKS-2022] -
Added support for combined MFA registration in the Authenticator SDK. [SDKS-1972]
-
Added support for enforcing policies in the Authenticator SDK. [SDKS-2166]
Fixed
-
Fixed WebAuthn authentication on devices that use a full-screen biometric prompt. [SDKS-2340]
-
Fixed functionality of the
NetworkCollector
method. [SDKS-2445]
Incompatible changes
-
Removed support for native single sign-on (SSO).
-
Changed the signature for a number of methods.
For more information, refer to Incompatible changes.
Android SDK 3.4.0
September 29, 2022
Added
-
Dynamic SDK Configuration. [SDKS-1759]
-
Android 13 support. [SDKS-1944]
Changed
-
Changed activity type used as parameter in
PushNotification.accept
. [SDKS-1968] -
Updated deserialization of objects to use a class allowlist to prevent access to untrusted data. [SDKS-1818]
-
Updated the
Authenticator
module and sample app to handle the newPOST_NOTIFICATIONS
permission in Android 13. [SDKS-2033] -
Fixed an issue where the
DefaultTokenManager
was not caching theAccessToken
in memory upon retrieval from Shared Preferences. [SDKS-2066] -
Deprecated the
forgerock_enable_cookie
configuration. [SDKS-2069] -
Align
forgerock_logout_endpoint
configuration name with the ForgeRock SDK for iOS. [SDKS-2085] -
Allow leading slash on custom endpoint path. [SDKS-2074]
-
Fixed bug where the
state
parameter value was not being verified upon calling theAuthorize
endpoint. [SDKS-2078]
Android SDK 3.3.3
June 22, 2022
Changed
-
Updated the version of the
com.squareup.okhttp3
library in the SDK to 4.10.0 [SDKS-1957]
Android SDK 3.3.0
May 18, 2022
Added
-
Support SSL pinning [SDKS-80]
-
Restore session token when it is out of sync with the session token that bound with the access token [SDKS-1664]
-
Session token should be included in the header instead of request parameter for
/authorize
endpoint [SDKS-1670] -
Support to broadcast logout event to clear application tokens when user logout the app [SDKS-1663]
-
Obtain timestamp from new
PushNotification
payload [SDKS-1666] -
Add new payload attributes to the
PushNotification
[SDKS-1776] -
Allow processing of push notifications without device token [SDKS-1844]
Fixed
-
Dispose
AuthorizationService
when no longer required [SDKS-1636] -
Authenticator sample app crash after scanning push mechanism [SDKS-1454]
Android SDK 3.2.0
January 26, 2022
Features
-
Google Sign-In Security Enhancement.
-
Fix for WebAuthn Registration & Authentication prompt.