Instructions for upgrading the Onegini Android SDK to version 11.0
MSP compatibility
This version of the SDK requires:
- the Token Server 12.12.0 or newer in case when the app is not using the optional Payload Encryption feature
- the Token Server 12.12.0 or newer and the Security Proxy 5.4.0 or newer when the app is using the optional Payload Encryption feature
Android compatibility
The minimum required Android version for the SDK is now 6.0 (API level 23). This means that the app's minimum supported version (minSdkVersion
) should be set to 23 or higher.
New security controls
The security controls implementation has been modified, making the tampering protection optional. The application thumbprint (formerly known as
application signature) can be calculated with two integrity levels: FULL
or NONE
. In case of a FULL
integrity check, the SDK will perform a full binary
check to be sure that the app was not modified, but it means that you will not be able to use features like App Bundles,
because they change the application binaries. If you want to use this or any other feature that can modify the app binary, then you should use the NONE
integrity level, which will skip the binary check, while still making basic application sanity checks.
The level of the integrity check can be set in the Token Server configuration
Error codes
OneginiInitializationError
The OneginiInitializationError
does not return CONFIGURATION_ERROR 10001
anymore.
The OneginiInitializationError
can return a new APP_INTEGRITY_FAILURE 10024
error in a case when the app integrity check has returned the wrong result.
OneginiRegistrationError
The OneginiRegistrationError
can return a new APP_INTEGRITY_FAILURE 10024
error in a case when the app integrity check has returned the wrong result.
OneginiMobileAuthEnrollmentError
The OneginiMobileAuthEnrollmentError
does not return USER_ALREADY_ENROLLED 9018
anymore.
OneginiDeviceAuthenticationError
The OneginiDeviceAuthenticationError
can return a new APP_INTEGRITY_FAILURE 10024
error in a case when the app integrity check has returned the wrong result.
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
OkHttp library was updated to the version 4.9.0:
RxJava library was updated the the version 3.0.9:
Retrofit adapter library was updated to the version 3.0.0:
com.squareup.retrofit2:adapter-rxjava3:3.0.0
Retrofit library was updated to the version 2.9.0:
BouncyCastle library was updated to the version 1.65:
SQLCipher library was updated to the version 4.4.2:
net.zetetic:android-database-sqlcipher:4.4.2