Android SDK release notes
This section contains releases notes and upgrade instructions for the OneWelcome Identity Platform Android SDK. Use the latest available version for security reasons. In the release notes, we mention new features and bug fixes.
12.2.0
Features
- Added stateless session refresh mechanism. Refer to Stateless session refresh for more details.
Improvements
- Updated third party libraries.
- Android 15 support.
12.1.1
Bug fixes
- Fixed issue where biometric authentication would crash the SDK after user enrolled new biometrics in the system security settings.
12.1.0
Features
- Added
UserClient#getIdToken()
method that return ID token for currently authenticated user. Refer to ID Token for more details.
Improvements
- Changed error thrown in
OneginiCustomRegistrationCallbackby
returnError(Exception e)
method. It used to throwGENERAL_ERROR
error withA generic error occurred during the registration action
message and optional Exception passed by the developer. With new version, same method will throwACTION_CANCELED
error withThe registration action was canceled by the user
message, with optional Exception passed by the developer.
12.0.0
Improvements
- Added support for biometric authentication with Android
BiometricPrompt
. Refer to biometric authentication page for instructions on how to implement new authenticator. Previous fingerprint authentication is now deprecated and will be removed in the next major release. Authenticator.FINGERPRINT
is now renamed toAuthenticator.BIOMETRIC
.- Android 14 support
- Updated third party libraries
Features
- Added new type of registration - stateless registration. Refer to stateless registration page for instructions on how to implement new feature.
11.10.1
Bug fixes
- Fixed issue when native libraries loading failed on some devices.
11.10.0
Improvements
- Updated third-party dependencies
- Removed no longer used error codes from OneginiChangePinError.
- WRONG_PIN_ LENGTH
- PIN_BLACKLISTED
- PIN_IS_A_SEQUENCE
- PIN_USES_ SIMILAR_DIGITS
- OneginiPinValidationError.PIN_CONTAINS_INVALID_CHARACTERS got introduced. It will be returned in a case of non-digits passed as PIN.
- OneginiRegistrationError.USER_DEREGISTERED got introduced. It will be returned in a case of re-registration using same credentials when user is not present on the backend side.
- Upgraded Gradle & Gradle Plugin versions, SDK have now full JAVA 17 support.
Bug fixes
- Fixed issue when providing PIN with non-digit characters would lead to the crash.
- In some cases update from older versions of SDK could add fingerprint as supported authentication method. This is no longer a case.
- Fixed issue with fingerprint authentication when user re-registered with the same credentials.
- Fixed issue when accepting fingerprint authentication twice caused deregistering the fingerprint.
11.9.0
Improvements
- Updated third-party dependencies
- Improved root detection capabilities
- The SDK targets the latest Android 13 (API LVL 33)
Bug-fixes
- Fixed a bug which lead to crash when null PIN value was passed to UserClient#validatePinWithPolicy method. Now OneginiPinValidationHandler#onError method will be called with WRONG_PIN_LENGTH error
- Fixed a bug in payload encryption which resulted in failed handshake, when trying to refresh payload encryption session.
- Fixed issues with fingerprint authentication on some of the devices running Android 13 which led to fingerprint authenticator deregistration when user dismissed system prompt.
11.8.1
Bug-fixes
- Fixed an issue where the SDK would enter an unrecoverable state during initialization, when the payload encryption was enabled and a device got deregistered server-side prior to the SDK initialization.
11.8.0
Improvements
- Updated third-party dependencies
- The SDK targets the latest Android 12L (API LVL 32)
Bug-fixes
- The SDK will return OneginiInitializationException if OneginiClient.reset() method was called without initializing the SDK.
11.7.0
Improvements
- Updated third-party dependencies
- Improved root and debug detection
Bug-fixes
- Fixed an issue where the SDK wasn't able to connect to the Token Server when using some of the VPN clients
- Fixed issues with false positives and possible app freezes during the root detection check
11.6.1
Bug-fixes
- Fix a bug when the SDK would prematurely deregister a user who performs multiple failed PIN authentication attempts with a long delay in between (5 minutes or more)
11.6.0
Improvements
- Updated third-party dependencies
Bug-fixes
- Fix a rare Payload Encryption issue that could be caused by generating an empty nonce
11.5.0
Improvements
- The SDK targets the latest Android 12 (API LVL 31)
- Added NonNull / Nullable annotations to all objects returned by the SDK.
- Clear cached data when user or device is deregistered to avoid problems with succeeding user registration
- Updated third-party dependencies
11.4.0
Improvements
- Updated third-party dependencies
- Improved root and debug detection
- Bug-fixes
- Fixed an issue preventing mobile applications using the Payload Encryption functionality from being updated to a newer version
11.3.0
Improvements
- Updated third-party dependencies
Bug-fixes
- Fixed a bug introduced in version 11.2.0 where the SDK would sometimes become unresponsive while checking if fingerprint authenticator is available
11.2.0
Improvements
- Changed the tampering protection functionality to allow developers to use features like Google App Signing or App Bundles
- The SDK will return INVALID_DATETIME (9031) error in rare cases when the device has set wrong time or date.
- Improved root and debug detection
- Updated third-party dependencies
11.1.0
Improvements
- Updated third-party dependencies
11.0.0
Features
- The SDK can perform different app integrity checks depending on the provided configuration
Improvements
- The SDK uses the secure hardware (e.g., Trusted Execution Environment (TEE), Secure Element (SE)) for storing the device credentials
- The Payload Encryption feature can be now disabled server side without a need to recompile and release a new app version
- The minimum required Android OS version for the SDK is now 6.0 (API LVL 23)
- The SDK targets the latest Android 11 (API LVL 30)
- Improved root and debug detection
- Calling the OneginiClient.reset() method will now abandon all actions that were in progress, so that they can be started again
- Updated third-party dependencies
- Apache Commons IO (commons-io:commons-io) dependency has been removed.
Bug-fixes
- Fixed a potential race condition when writing data to storage
10.2.3
Bug-fixes
- Fix possible memory leak during the fingerprint registration
10.2.2
Improvements
- Calling the OneginiClient.reset() method will now abandon all actions that were in progress, so that they can be started again.
10.2.1
Bug-fixes
- Fix parallel Payload Encryption handshake calls which could lead to communication issues with the Token Server
10.2.0
Improvements
- The SDK is now an OpenID Connect Relying Party. During registration it can enforce the user to login with the Identity Provider.
Bug-fixes
- Fix of an unintended fingerprint deregistration that was happening if user canceled fingerprint authentication within a system popup window.
10.1.1
Bug-fix
- When a device was deregistered, internal data was not deleted. This was not correct. The problem was introduced in version 10.1.0 and has been fixed.
10.1.0
Features
- Introduced UserClient#denyMobileAuthWithPushRequest method to cancel selected mobile authentication request
Improvements
- Improved data storage access error handling
- Improved root and debug detection
- Updated third-party dependencies
Bug-fixes
- Fixed a potential race condition when writing data to storage
10.0.0
Improvements
- Added support for TLSv1.3 for Android 10
- Removed support for TLSv1 and TLSv1.1. The minimum supported version is TLSv1.2
- The SDK targets the latest Android 10 (API LVL 29)
- The minimum required Android OS version for the SDK is now 4.4 (API LVL 19)
- Improved root and debug detection
- Migrated from SpongyCastle 1.58 to BouncyCastle 1.64
- Updated third-party dependencies
- Removed deprecated methods
9.8.1
Bug-fixes
- Fix parallel Payload Encryption handshake calls which could lead to communication issues with the Token Server
9.8.0
Improvements
- Improved root and debug detection.
- The SDK is now an OpenID Connect Relying Party. During registration it can enforce the user to login with the Identity Provider.
Bug-fixes
- Fix of an unintended fingerprint deregistration that was happening if user canceled fingerprint authentication within a system popup window.
9.7.0
Improvements
- Created recovery features to mitigate unannounced Android platform changes in the future that could impact the SDK functionality.
- Added device language parameter to the authorization flow in order to display web pages the SDK is redirected to in the device language
- Instead of throwing a runtime exception the isUserEnrolledForMobileAuthWithPush() will return false when data storage is unavailable
- Instead of throwing a runtime exception the isUserEnrolledForMobileAuth() will return false when data storage is unavailable
- Updated third-party dependencies
9.6.1
Improvements
- Improved root and debug detection.
Bug-fixes
- Removed unintended inclusion of the SDK library
9.6.0
Features
- Introduced getAppToWebSingleSignOn() method, which can be used to continue a user session in a web browser.
Improvements
- The SDK targets the latest Android API 28 (Android 9)
- Updated third-party dependencies
- The OneginiDeviceAuthenticationError will use 9024 (DATA_STORAGE_NOT_AVAILABLE) error code to distinguish storage related issues.
- The SDK will return ACTION_ALREADY_IN_PROGRESS (9007) error if asynchronous methods are called in parallel.
- Improved root and debug detection.
9.5.1
Bug-fixes
- Fixed regression in code obfuscation
9.5.0
Improvements
- The SDK supports project migration to AndroidX.
- Payload encryption improvements.
- Updated third-party dependencies
Bug-fixes
- Local storage fixes for devices after upgrading to Android 9.
- Fixed the name of error code 9024 in the error matrix.
- The SDK will return an OneginiMobileAuthWithOtpError if provided OTP (One Time Password) is not a valid Base64.
9.4.0
Features
- Introduced OneginiClient.reset() method, which logs out current user and clears cached data.
Improvements
- Updated third-party dependencies
9.3.3
Improvements
- Created recovery features to mitigate unannounced Android platform changes in the future that could impact the SDK functionality.
9.3.2
Bug-fixes
- Local storage fixes for devices after upgrading to Android 9.
9.3.1
Bug-fixes
- Fix for Android 9 users experiencing issues with login.
- Fix the name of error code 9024 in the error matrix.
9.3.0
Improvements
- OneginiClientConfigModel is validated during OneginiClientBuilder#build method call. The build method will throw an IllegalArgumentException if any of the config model values is invalid.
- Updated the Firebase Messaging library to the latest 17.3.4 version.
- Improved root and debug detection.
9.2.0
Improvements
- The SDK will return a new error code (9024 DATA_STORAGE_NOT_AVAILABLE) in rare cases when it's impossible to access the secured data storage.
- Updated third-party dependencies
Bug-fixes
- Fixed Dynamic Client Update failure that was happening when tampering detection was enabled.
9.1.0
Improvements
- The Onegini SDK ProGuard rules have been embedded in the Onegini SDK and they no longer need to be explicitly specified in an application.
- Updated third-party dependencies
- Improved performance of the SDK initialization.
Bug-fixes
- Changed the tampering protection algorithm to take Google Play Store metadata into account.
- The SDK will fall back to PIN if preferred fingerprint authenticator has been revoked in system settings.
- User-Agent header has been hidden and cannot be seen in HTTPS requests anymore.
9.0.0
Features
- Introduced an API for custom user registration.
Improvements
- Improved root detection.
Bug-fixes
- The Payload Encryption handshake is performed only once when multiple resource calls are triggered in parallel.
- Fixed spelling typo in the OneginiClientBuilder#setFingerprintAuthenticatioRequestHandler method.
- Fixed the invalid PIN length error for PINs longer than 5 digits.
8.3.9
Improvements
- Created recovery features to mitigate unannounced Android platform changes in the future that could impact the SDK functionality.
8.3.8
Bug-fixes
- Local storage fixes for devices after upgrading to Android 9
8.3.7
Bug-fixes
- Fix for Android 9 users experiencing issues with login
8.3.6
Improvements
- Improved root and debug detection.
8.3.5
Bug-fixes
- The SDK will fall back to PIN if preferred fingerprint authenticator has been revoked in system settings
8.3.4
Bug-fixes
- Fixed the NullPointerException that could happen on devices without Fingerprint scanner
8.3.3
Bug-fixes
- Fixed Dynamic Client Update failure that was happening when tampering detection was enabled
8.3.2
Bug-fixes
- Remove unnecessary READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE and READ_PHONE_STATE permissions
8.3.1
Bug-fixes
- If method getDeviceName from OneginiClientConfigModel interface implementation returns null use "unknown" as the device name
8.3.0
Bug-fixes
- Changed the tampering protection algorithm to take Google Play Store metadata into account.
- Improved performance of the SDK initialization.
8.2.1
Bug-fixes
- Fixed the invalid PIN length error for PINs longer than 5 digits.
8.2.0
Improvements
- The SDK supports the latest Android version "Oreo 8.1" (API lvl 27).
- Removed direct support for FIDO authenticators. FIDO can still be used when integrated with the SDK as a Custom Authenticator.
Bug-fixes
- Fixed migration of the preferred authenticator during the SDK version upgrade.
- If the device was not registered yet, multiple calls of the SDK methods won't perform concurrent Dynamic Client Registration calls. Instead only one registration will be performed.
8.1.0
Features
- Introduced an API for fetching and handling push mobile authentication requests.
Improvements
- Gradle plugin update to version 3.0.1.
Bug-fixes
- Resetting PIN attempt counter in the user reregistration flow.
- Fixed a potential issue in the pin change flow.
- Fixed issues that were occurring when ProGuard is used to obfuscate an application that includes the Onegini SDK.
8.0.0
The final 8.0.0 release that brings a lot of improvements!
Features
- Introduced DeviceClient.getClientId() method, which returns a unique client identifier.
Improvements
- The SDK supports the latest Android version "8.0 Oreo" (API lvl 26).
- Improved cleaning the PIN from the device memory.
- Improved synchronization of registered authenticators between the SDK and the Token Server.
- The SDK will provide additional information if fallback to PIN was triggered during mobile authentication.
- Introduced new error type CUSTOM_AUTHENTICATOR_DISABLED for custom authenticator flows.
- Improved root and debug detection.
- All deprecated methods have been removed.
- Updated third party libraries to the latest versions.
Bug-fixes
- Fixed bitmap decoding issue for resource OkHttp clients.
8.0.0-BETA
This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!
Features
- Added new type of supported authenticator: custom authenticator.
- Added implicit user authentication.
- The SDK has been updated to use Firebase Cloud Messaging (instead of GCM which is deprecated)).
Improvements
- The reauthenticateUser method was removed. The authenticateUser method will always force user to reauthenticate.
- New authenticateUser method that allows you to specify which registered authenticator should be used for authentication.
- The SDK will not show any root permission dialogs on rooted devices anymore.
- Improved security of the Access Tokens stored in memory by making them more difficult to read via memory dump.
- Improved error handling in some corner cases.
Bug-fixes
- Fixed an error that was changing user-agent header for requests send while root or debug was detected.
- Fixed an error that was causing fingerprint authentication to constantly fail after a number of failed attempts.
7.0.5
Bug-fixes
- Fixed the "unsupported class javax.crypto.spec.IvParameterSpec" exception that was thrown during the Payload Encryption handshake on the Android 8.1 (API 27)
- Fixed migration of the preferred authenticator during the SDK version upgrade
7.0.4
Bug-fixes
- Fixed a binary body parsing issue for resource OkHttp clients.
7.0.3
Bug-fixes
- Return the correct error during SDK initialization when an Android platform version is blacklisted.
7.0.2
Bug-fixes
- Fixed an error that prevented custom authenticator deregistration from finishing successfully.
7.0.1
Improvements
- Updated SpongyCastle library to the latest 1.56.0 version.
Bug-fixes
- Fixed a NullPointerException that could happen after a canceled registration attempt.
7.0.0
The final 7.0.0 release that brings a lot of optimizations and a number of new features & improvements!
Features
- Network logs can now be enabled / disabled. See the SecurityController reference guide for more info.
Improvements
- The SDK targets the latest Android API 25 (7.1)
- Update of the FIDO SDK to the latest 1.5.1 version.
- The OpenID Connect implementation is removed.
- Communication errors are now distinguished from general errors.
- Support cancellation for all features that require user interaction.
7.0.0-BETA
This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!
Features
- One Time Password (OTP) mobile authentication.
Improvements
- Separated enrollment methods for mobile authentication and mobile authentication with push.
- The SDK uses Retrofit 2 for internal communication.
- The OneginiError now implements Throwable interface.
- The SDK doesn't contain "GCM heartbeat" issue fix anymore for lower energy consumption.
Bug-fixes
- Fixed a NullPointerException when getPreferredAuthenticator() was called when no user was authenticated.
6.06.02
Bug-fixes
- Fixed the "unsupported class javax.crypto.spec.IvParameterSpec" exception that was thrown during the Payload Encryption handshake on the Android 8.1 (API 27)
- Fixed migration of the preferred authenticator during the SDK version upgrade
- Fixed null pointer exception that may occur during user deregistration
6.06.01
Bug-fixes
- Fixed a bug that corrupted the mobile authentication storage after any SDK update. All users must re-enroll for mobile authentication to fix the storage and mobile authentication functionality.
6.06.00
Features
- Transaction signing support for mobile authentication with push.
Improvements
- Google Guava is not an SDK dependency anymore.
- Performance improvements.
Bug-fixes
- The SDK will not crash anymore when the PIN policy was not defined in the Token Server configuration.
- Fixed a bug introduced in 6.05.00 when UserProfile might not be removed properly during deregistration.
- Fixed a bug introduced in 6.05.00 that limited only one SDK instance to be installed on the same device.
6.05.00
Improvements
- The SDK exposes a new type of the OkHttp client (via
DeviceClient#getUnauthenticatedResourceOkHttpClient
method) that can be used to fetch resources without authentication. - The FIDO SDK dependencies are not required anymore unless the app actually uses FIDO authentication.
- Improved error handling for FIDO authentication.
- Added experimental custom authenticator API. The API is not in the final state and it should not be used for production apps.
- Internal SDK data storage improvements.
6.04.08
Bug-fixes
- Fixed the invalid PIN length error for PINs longer than 5 digits.
6.04.07
Bug-fixes
- Fixed the "unsupported class javax.crypto.spec.IvParameterSpec" exception that was thrown during the Payload Encryption handshake on the Android 8.1 (API 27)
6.04.06
Bug-fixes
- Fixed preferred authenticator migration
6.04.05
Improvements
- The SDK will not show any root permission dialogs on rooted devices anymore
6.04.04
Bug-fixes
- Fixed a bug that corrupted the mobile authentication storage after any SDK update. All users must re-enroll for mobile authentication to fix the storage and mobile authentication functionality.
6.04.03
Bug-fixes
onNextAuthenticationAttempt
was called always when the failed attempts is > 0 during push mobile authentication with PIN. If a new mobile authentication request arrives thestartAuthentication
method must always be called.- Fixed a minor cache issue for client configuration.
6.04.02
Bug-fixes
- The fingerprint authenticator was not marked as preferred after migrating from Android SDK version 5.x to 6.x in case the user had the fingerprint authenticator registered.
6.04.01
Improvements
- Performance improvements
6.04.00
Improvements
- Major update of the OkHttp client dependency (from 2.4.0 to latest 3.5.0). The new client is now used in all SDK requests and is also exposed to the end app
via the new methods:
DeviceClient#getOkHttpClient()
,DeviceClient#getAnonymousResourceOkHttpClient()
,UserClient#getResourceOkHttpClient()
. Old, deprecated methods will now return instance ofcom.jakewharton.retrofit.Ok3Client
for backwards compatibility. - The SDK will enable TLS 1.2 support for network calls on older Android 4.X devices, where it's disabled by default.
- Update of the FIDO SDK to the latest 1.5.0 version.
- New
OneginiClientBuilder#setSecurityController
that can be used for disabling root/debug detection. - The SDK won't deregister the fingerprint authenticator if fingerprint authentication was canceled by the end-user. Instead it will perform a fallback to PIN authentication.
6.03.01
Bug-fixes
- Fixed a cookie store issue, where cookies were never stored even if proper method in OneginiClientBuilder was set.
6.03.00
Improvements
- Registration action is now performed with a new OneginiRegistraionRequestHandler.
- When root or debug is detected before DCR, the SDK will still notify the Token Server about a client abuse.
Bug-fixes
- The SDK will return only
UserProfile
s that were able to finish the registration process. In previous versions when the app was forced to close during the registration action, the SDK could return corrupted profile object as registered.
6.02.00
Features
- Support for FIDO UAF (Fast IDentity Online) authenticators.
Improvements
- The SDK client will store cookies by default (if it wasn't set directly with OneginiClientBuilder#shouldStoreCookies() call).
- Improved error handling when a user or device gets deregistered on the Token Server side during SDK's runtime.
Bug-fixes
- The SDK will throw an
IllegalArgumentException
whenNULL
is passed in public methods that require theUserProfile
param. - Few smaller bug-fixes and improvements.
6.01.01
Bug-fixes
- Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
6.01.00
Improvements
- The
OneginiClientConfigModel.getMaxPinFailures()
was removed. The SDK will use a maximum pin failures limit that's declared in the Token Server configuration - Improved root and debug detection
- The third-party libraries that are used by the Android SDK can now be resolved as transitive dependencies when including the SDK in an application
- When the user provides a wrong PIN/fingerprint, but his failed attempts limit is not reached yet, he won't get logged out
Bug-fixes
- The
getPreferredAuthenticator()
method will returnnull
if no user is currently authenticated - The SDK will return the proper error type
DEVICE_DEREGISTERED
if the device was deregistered on the Token Server side - Fixed Dynamic Client Registration functionality, that could fail if the DCR was performed after device deregistration on the Token Server side
- The SDK will throw the
OneginiInitializationException
if internal data decryption will fail due to unrecoverable changes in app client config - The SDK will throw the
OneginiInitializationException
if an optionalRequestHandler
was not set but it's required to handle an authentication request - Other internal bugfixes and improvements
6.00.01
Bug-fixes
- Fixed an error when preferred authenticator could not be loaded properly
6.00.00
This is a stable release of the SDK v6.00.00. Main changes between 6.00.00-BETA release and the stable release are described below.
Improvements
- Inlined the failed fingerprint attempts with the Android OS. The fingerprint scanner will get automatically blocked by the Android OS. If the fingerprint scanner is blocked (i.e. abuse is detected) the Onegini SDK will revoke fingerprint authentication for the current profile and a fallback to PIN authentication will be triggered
- The
handleAuthorizationCallback
method has been renamed intohandleRegistrationCallback
- The package name has been renamed from
com.onegini.mobile.android.sdk
intocom.onegini.mobile.sdk.android
- The SDK will throw an
OneginiInitializationException
rather thanNullPointerException
if it was used without a proper RequestHandler - When the user denies a mobile authentication request, the SDK will return an error with the
ACTION_CANCELED
type - New handler class
OneginiDeviceAuthenticationHandler
forauthenticateDevice
method - All error type values are now inline with error types in the iOS SDK
- A new
AuthenticationAttemptCounter
object has been added to several methods inOneginiPinAuthenticationRequestHandler
andOneginiMobileAuthenticationPinRequestHandler
interfaces - All deprecated and/or classes that were not used publicly have been removed
- The asynchronous method
void fetchNotRegisteredAuthenticators
has been removed. New synchronous methodSet<OneginiAuthenticator> getNotRegisteredAuthenticators
has been introduced - A new
Set<OneginiAuthenticator> getAllAuthenticators
method has been introduced - The
getUser
method has been renamed intogetOpenIdUserInfo
- The
OneginiAuthenticator
interface has newisRegistered
andisPreferred
convenience methods - The
OneginiClientBuilder
has newsetDeviceConfigCacheDurationSeconds
method - Updated the Google Cloud Messaging library dependency from v8.4.0 to latest v9.6.1
Bug-fixes
- Fixed user registration that could not be finished because of internal client config cache
- The SDK wil not 'hang' when a fingerprint authentication request is received but fingerprint is disabled for the given user
- Increased the security for mobile authentication by using a stronger hashing algorithm
- All internal data is being wiped out when the device is deregistered
- Fixed certificate pinning issues for latest Android Nougat release
- The SDK will not return an error during the change PIN flow when the user provides a wrong pin but he has more attempts left
6.00.00-BETA
This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!
Improvements
- Completely redesigned public API to make the SDK easier to use
5.04.02
Improvements
- Performance improvements
Bug-fixes
- In case when the SDK cant decrypt internal data, all internal data will be removed rather than throwing OneginiInitializationException
5.04.01
Bug-fixes
- Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
5.04.00
Features
- Inlined the failed fingerprint attempts with the Android OS. The fingerprint scanner will get automatically blocked by the Android OS. If the fingerprint scanner is blocked (i.e. abuse is detected) the Onegini SDK will revoke fingerprint authentication for the current profile and a fallback to PIN authentication will be triggered.
Bug-fixes
- The SDK wil not 'hang' when a fingerprint authentication request is received but fingerprint is disabled for the given user
- Increased the security for mobile authentication by using a stronger hashing algorithm
5.03.03
Bug-fixes
- Fixed certificate pinning issues for latest Android Nougat release
5.03.02
Bug-fixes
- Fixed OneginiConfigNotFoundException that could occur when config model was provided as an argument in OneginiClient.setupInstance method
- Fixed ClassNotFoundException that could occur when compiling app with the SDK on Windows environment
5.03.01
Bug-fixes
- Updated TrustManager implementation: https://support.google.com/faqs/answer/6346016
- Fixed crash after device reboot
- Delete UserProfile after too many wrong pin attempts
5.03.00
Features
- Introduced multiple user profiles feature
Improvements
- Improved root and debug detection
- Improved security of fingerprint authentication
5.02.02
Bug-fixes
- Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
5.02.01
Bug-fixes
5.02.00
Improvements
- Changed way the SDK allows to perform secure resource calls. Introduced
OneginiClient#getResourceRetrofitClient
andOneginiClient#getAnonymousResourceRetrofitClient
, which are meant to be used in order to build a RetrofitRestAdapter
. - Deprecated
ResourceHelperAbstract
andAnonymousResourceHelperAbstract
- Added new topic guide chapter
performing-resource-calls
5.01.00
Bug-fixes
- Fixed connectivity issues when
baseUrl
property was ending with a slash character
Improvements
- Mobile Authentication security improvements
OneginiClientNotValidatedException
exception will be thrown whenisPinValid()
is be called before client validation- Updated Google Play Services library to the latest version (8.4.0)
- Introduced new documentation layout
5.00.01
Improvements
- OneginiClient can be instantiated with custom
OneginiClientConfigModel
implementation by calling#setupInstance(context, configModel)
onOneginiClient
5.00.00
Features
- Introduced fingerprint authentication method for devices with Android 6.0 "Marshmallow" or newer
Improvements
- The minimum required Android OS version for the SDK is now 4.1 (API LVL 16)
- The SDK doesn't require
OneginiClientConfigModel
instance to be passed during initialization - the config model will be loaded automatically using a reflection API - The SDK supports latest Android version "6.0 Marshmallow" (API lvl 23)
- The SDK doesn't require android.permission.GET_ACCOUNTS permission anymore to handle push messages
- Updated 3rd party dependencies (for a list of dependencies please refer to documentation: Introduction #4 Used libraries)
- Security improvements
Bug-fixes
- Fixed issues that were occurring when ProGuard was used to obfuscate the top-level application
- Fixed infinite loop issue during anonymous request when client credentials were invalid
4.02.02
Bug fixes
- Fixed authorization flow for anonymous resource calls
4.02.01
Bug fixes
- Fixed issue with SharedPreferences missing keys when obfuscation was enabled
4.02.00
Features
- All data stored by the SDK in Android's SharedPreferences are encrypted
Improvements
- Encrypted communication will be handled using binary data
- All permission required by the SDK are included and declared by the SDK it self
4.01.02
Improvements
- Updated google-play-services and build-tools dependencies to the latest versions
4.01.01
Bug fixes
- Fixed obfuscation issue in AnonymousResourceHelperAbstract layer
4.01.00
Features
- ResourceHelper abstract layer accepts custom RequestInterceptor which can be used to extend original request with additional headers or parameters
Improvements
- Removed deprecated methods and interfaces
4.00.00
Features
- SDK is capable of sending and handling encrypted communication - Payload Encryption
Improvements
- Removed multi-catch syntax to fix possible issues on older Android versions
3.05.00
Features
- Payload encryption handshake implementation
Bug fixes
- Fixed client validation loop detection handling
- Fixed SSL TrustManager security issue
3.04.00
Features
- OS version detection
- Device CPU architecture detection
Improvements
- Removed unused, deprecated properties from
OneginiConfigModel
:shouldConfirmPin
,shouldDirectlyShowPushMessage
3.03.00
Features
- Improved root/debug detection
- SDK uses custom user-agent header
3.02.02
Bug fixes
- Fixed a bug in accessing the application when using encrypted clientSecret
3.02.01
Features
- SDK calculates application secret by it's own, #getAppSecret has been removed from OneginiClientConfigModel interface.
- Support debug mode/environment detection.
- Support rooted device detection.
- Added Dynamic Client Update flow support.
- Added tampering detection
3.02.00
Features
- Forced update support. SDK validates against Token Server if current application version can be still used and if not notifies that update is needed.
- Extended error handling within DCR process. All connectivity and other unsuspected errors which will occur within DCR flow will be mapped to general #authorizationError handler instead of #authorizationErrorClientRegistrationFailed
2.04.05
Features
- Added option to configure if cookies should be kept between requests
- SDK doesn't provide any base dialogs implementations (like for ex. PinDialog), it's the responsibility of end-developer to provide these layers
- SDK exposes new API to validate provided PIN number against set pin policy
- SDK added an option to configure the timeouts on HTTP calls