SDK for Android changelog
Subscribe to get automatic updates: Developer Experience Changelog RSS feed
Android SDK 4.4.0
March 28, 2024 minor
Added
-
Added a new module for integration with PingOne Protect. [SDKS-2900]
-
Added support for the
TextInput
callback. [SDKS-545] -
Added an interface for customizing the biometric UI prompts when device binding or signing. [SDKS-2991]
-
Added
x-requested-with: forgerock-sdk
andx-requested-platform: android
immutable HTTP headers to each outgoing request. [SDKS-3033]
Fixed
-
Addressed a null pointer exception during centralized login by using
ActivityResultContract
in place of the deprecatedonActivityResult
method. [SDKS-3079] -
Addressed
nimbus-jose-jwt:9.25
library security vulnerability (CVE-2023-52428). [SDKS-2988]
Android SDK 4.3.1
February 9, 2024 patch
Fixed
-
Fixed an issue where the SDK crashes during device binding on Android 9 devices. [SDKS-2948]
Android SDK 4.3.0
December 28, 2023 minor
Added
-
Added ability to customize cookie headers in outgoing requests from the SDK. [SDKS-2780]
-
Added ability to add custom claims when verifying signatures from bound devices. [SDKS-2787]
-
Added client-side support for the upcoming
AppIntegrity
callback. [SDKS-2631]
Updated
-
The SDK now uses auth-per-use keys for Device Binding. [SDKS-2797]
-
Improved handling of WebAuthn cancellations. [SDKS-2819]
-
The
forgerock_url
,forgerock_realm
, andforgerock_cookie_name
parameters are now mandatory when dynamically configuring the SDK. [SDKS-2782] -
Addressed
woodstox-core:6.2.4
library security vulnerability CVE-2022-40152. [SDKS-2751]
Android SDK 4.2.0
October 3, 2023 minor
Added
-
Added Gradle 8 and JDK 17 support. [SDKS-2451]
-
Added Android 14 support. [SDKS-2636]
-
Added verification of key pairs during device binding enrollment by using Google Key Attestation. [SDKS-2412]
-
Added issued at (
iat
) and not before (nbf
) claims to JSON Web tokens used for device binding and signing verification. [SDKS-2747]
Android SDK 4.1.0
July 31, 2023 minor
Added
-
Added support for interceptors in the authenticator module. [SDKS-2544]
-
Added an interface for refreshing access tokens. [SDKS-2567]
-
Added support for policy advice from IG in JSON format. [SDKS-2240]
Fixed
-
Fixed an issue with parsing the
issuer
value in the URI provided by the combined MFA registration node. [SDKS-2542] -
Added an error message about duplicated accounts while using the combined MFA registration node. [SDKS-2627]
-
Fixed an issue that caused loss of WebAuthn credentials when upgrading the SDK from 4.0.0-beta4 to newer versions. [SDKS-2576]
Android SDK 4.0.0
May 30, 2023 major
Added
-
Upgraded the Google Fido client to support Passkeys. [SDKS-2243]
-
Added the
FRWebAuthn
interface to remove WebAuthn reference keys. [SDKS-2272] -
Added an interface to specify a device name during WebAuthn registration. [SDKS-2296]
-
Added
DeviceBinding
callback support. [SDKS-1747] -
Added
DeviceSigningVerifier
callback support. [SDKS-2022] -
Added support for combined MFA registration in the Authenticator SDK. [SDKS-1972]
-
Added support for enforcing policies in the Authenticator SDK. [SDKS-2166]
Fixed
-
Fixed WebAuthn authentication on devices that use a full-screen biometric prompt. [SDKS-2340]
-
Fixed functionality of the
NetworkCollector
method. [SDKS-2445]
Incompatible changes
-
Removed support for native single sign-on (SSO).
-
Changed the signature for a number of methods.
For more information, refer to Incompatible changes.
Android SDK 3.4.0
September 29, 2022 minor
Added
-
Dynamic SDK Configuration. [SDKS-1759]
-
Android 13 support. [SDKS-1944]
Changed
-
Changed activity type used as parameter in
PushNotification.accept
. [SDKS-1968] -
Updated deserialization of objects to use a class allowlist to prevent access to untrusted data. [SDKS-1818]
-
Updated the
Authenticator
module and sample app to handle the newPOST_NOTIFICATIONS
permission in Android 13. [SDKS-2033] -
Fixed an issue where the
DefaultTokenManager
was not caching theAccessToken
in memory upon retrieval from Shared Preferences. [SDKS-2066] -
Deprecated the
forgerock_enable_cookie
configuration. [SDKS-2069] -
Align
forgerock_logout_endpoint
configuration name with the ForgeRock SDK for iOS. [SDKS-2085] -
Allow leading slash on custom endpoint path. [SDKS-2074]
-
Fixed bug where the
state
parameter value was not being verified upon calling theAuthorize
endpoint. [SDKS-2078]
Android SDK 3.3.3
June 22, 2022 minor
Changed
-
Updated the version of the
com.squareup.okhttp3
library in the SDK to 4.10.0 [SDKS-1957]
Android SDK 3.3.0
May 18, 2022 minor
Added
-
Support SSL pinning [SDKS-80]
-
Restore session token when it is out of sync with the session token that bound with the access token [SDKS-1664]
-
Session token should be included in the header instead of request parameter for
/authorize
endpoint [SDKS-1670] -
Support to broadcast logout event to clear application tokens when user logout the app [SDKS-1663]
-
Obtain timestamp from new
PushNotification
payload [SDKS-1666] -
Add new payload attributes to the
PushNotification
[SDKS-1776] -
Allow processing of push notifications without device token [SDKS-1844]
Fixed
-
Dispose
AuthorizationService
when no longer required [SDKS-1636] -
Authenticator sample app crash after scanning push mechanism [SDKS-1454]
Android SDK 3.2.0
January 26, 2022 minor
Features
-
Google Sign-In Security Enhancement.
-
Fix for WebAuthn Registration & Authentication prompt.