ForgeRock Developer Experience

SDK for Android changelog

Android SDK 4.2.0

October 3, 2023 minor


  • Added Gradle 8 and JDK 17 support. [SDKS-2451]

  • Added Android 14 support. [SDKS-2636]

  • Added verification of key pairs during device binding enrollment by using Google Key Attestation. [SDKS-2412]

  • Added issued at (iat) and not before (nbf) claims to JSON Web tokens used for device binding and signing verification. [SDKS-2747]

Android SDK 4.1.0

July 31, 2023 minor


  • Added support for interceptors in the authenticator module. [SDKS-2544]

  • Added an interface for refreshing access tokens. [SDKS-2567]

  • Added support for policy advice from IG in JSON format. [SDKS-2240]


  • Fixed an issue with parsing the issuer value in the URI provided by the combined MFA registration node. [SDKS-2542]

  • Added an error message about duplicated accounts while using the combined MFA registration node. [SDKS-2627]

  • Fixed an issue that caused loss of WebAuthn credentials when upgrading the SDK from 4.0.0-beta4 to newer versions. [SDKS-2576]

Android SDK 4.0.0

May 30, 2023 major


  • Upgraded the Google Fido client to support Passkeys. [SDKS-2243]

  • Added the FRWebAuthn interface to remove WebAuthn reference keys. [SDKS-2272]

  • Added an interface to specify a device name during WebAuthn registration. [SDKS-2296]

  • Added DeviceBinding callback support. [SDKS-1747]

  • Added DeviceSigningVerifier callback support. [SDKS-2022]

  • Added support for combined MFA registration in the Authenticator SDK. [SDKS-1972]

  • Added support for enforcing policies in the Authenticator SDK. [SDKS-2166]


  • Fixed WebAuthn authentication on devices that use a full-screen biometric prompt. [SDKS-2340]

  • Fixed functionality of the NetworkCollector method. [SDKS-2445]

Incompatible changes

  • Removed support for native single sign-on (SSO).

  • Changed the signature for a number of methods.

For more information, refer to Incompatible changes.

Android SDK 3.4.0

September 29, 2022 minor


  • Dynamic SDK Configuration. [SDKS-1759]

  • Android 13 support. [SDKS-1944]


  • Changed activity type used as parameter in PushNotification.accept. [SDKS-1968]

  • Updated deserialization of objects to use a class allowlist to prevent access to untrusted data. [SDKS-1818]

  • Updated the Authenticator module and sample app to handle the new POST_NOTIFICATIONS permission in Android 13. [SDKS-2033]

  • Fixed an issue where the DefaultTokenManager was not caching the AccessToken in memory upon retrieval from Shared Preferences. [SDKS-2066]

  • Deprecated the forgerock_enable_cookie configuration. [SDKS-2069]

  • Align forgerock_logout_endpoint configuration name with the ForgeRock SDK for iOS. [SDKS-2085]

  • Allow leading slash on custom endpoint path. [SDKS-2074]

  • Fixed bug where the state parameter value was not being verified upon calling the Authorize endpoint. [SDKS-2078]

Android SDK 3.3.3

June 22, 2022 minor


  • Updated the version of the com.squareup.okhttp3 library in the SDK to 4.10.0 [SDKS-1957]

Android SDK 3.3.2

June 21, 2022 minor


  • Interface for log management [SDKS-1864]

Android SDK 3.3.0

May 18, 2022 minor


  • Support SSL pinning [SDKS-80]

  • Restore session token when it is out of sync with the session token that bound with the access token [SDKS-1664]

  • Session token should be included in the header instead of request parameter for /authorize endpoint [SDKS-1670]

  • Support to broadcast logout event to clear application tokens when user logout the app [SDKS-1663]

  • Obtain timestamp from new PushNotification payload [SDKS-1666]

  • Add new payload attributes to the PushNotification [SDKS-1776]

  • Allow processing of push notifications without device token [SDKS-1844]


  • Dispose AuthorizationService when no longer required [SDKS-1636]

  • Authenticator sample app crash after scanning push mechanism [SDKS-1454]

Android SDK 3.2.0

January 26, 2022 minor


  • Google Sign-In Security Enhancement.

  • Fix for WebAuthn Registration & Authentication prompt.

Android SDK 3.1.2

October 28, 2021 minor


  • Disable native SSO when the SDK fails to access the Android AccountManager.

Android SDK 3.1.1

September 09, 2021 minor


  • Support for Android 12.

  • Unlocked device is not required for data decryption.

  • Introduced FRLifecycle interface and exposed interfaces to allow custom native SSO implementation.

Copyright © 2010-2023 ForgeRock, all rights reserved.