Upgrade instructions
This section describes the steps required to upgrade to the newest Android SDK version.
Upgrade Onewelcome Android SDK to version 13.0.0
Kotlin public API - BREAKING CHANGE
The Kotlin public API has migrated from Java to Kotlin, which means that all of the public classes and interfaces that you could interact with are now in Kotlin. If your project is based on Java, there is no need to worry, because Kotlin is fully compatible with Java code.
Migration may result in breaking changes, especially for errors, because its type migrated from int to enum. 
Example:
    @OneginiRefreshMobileAuthPushTokenError.RefreshMobileAuthPushTokenErrorType final int errorType = error.getErrorType();
to
    final OneginiRefreshMobileAuthPushTokenError.Type errorType = error.getErrorType();
With Kotlin migration, property syntax got introduced, so lots of public variables can be now accessed as a property
Example:
    val redirectUrl = oneginiClient.getConfigModel().getRedirectUri()
to
    val redirectUrl = oneginiClient.configModel.redirectUri
Migration to Kotlin also means full nullability support in the SDK.
Security improvements - IMPORTANT
Version 13.0.0 introduces significant security improvements in the SDK. The most important improvement is the removal of the SecurityController file in favor of two separate versions of the SDK:
    com.onegini.mobile.sdk.android:onegini-sdk:13.0.0@aar
and
    com.onegini.mobile.sdk.android:onegini-sdk-developer:13.0.0@aar
Standard dependency syntax is a version with full security shields turned on. You won't be able to run the app on the emulator. For development purposes, be sure to use the version with the -developer suffix. The developer version has all of the security features turned off and is not meant to be used in production. 
Read more about the Developer and Secure SDK versions.
You are encouraged to use the new version of the SDK configurator 6.0.0 to automatically migrate the ClientConfigModel file into Kotlin and safely remove the SecurityController file. 
Download the new SDK Configurator. This action is not mandatory.
Third-party library updates
- 
Dagger library was updated to version 2.55: com.google.dagger:dagger:2.55 com.google.dagger:dagger-compiler:2.55
- 
JNA library was updated to version 5.16.0: net.java.dev.jna:jna:5.16.0
Upgrade the Android SDK to version 12.2.0
Third-party library updates
With the update of the androidx.core-core library into version 1.15.0, the update of compileSdk and targetSdk are required on your application.
A third-party library was updated, if you provide the SDK as an aar archive, update the dependency in your project:
- 
Dagger library was updated to the version 2.53: com.google.dagger:dagger:2.53 com.google.dagger:dagger-compiler:2.53
- 
JNA library was updated to the version 5.15.0: net.java.dev.jna:jna:5.15.0
- SqlCipher library was updated to version 4.6.1: net.zetetic:sqlcipher-android:4.6.1
- 
RxJava library was updated to the version 3.1.10: io.reactivex:rxjava3:rxjava:3.1.10
- 
Androidx core library was updated to version 1.15.0: androidx.core:core:1.15.0
Upgrade the Android SDK to version 12.1.0
Third-party library updates
With the update of the androidx.core-core library into version 1.13.1, the update of compileSdk and targetSdk are required on your application.
A third-party library was updated, if you provide the SDK as an aar archive, update the dependency in your project:
- 
Retrofit library was updated to the version 2.11.0 com.squareup.retrofit2:retrofit:2.11.0 com.squareup.retrofit2:converter-gson:2.11.0 com.squareup.retrofit2:adapter-rxjava3:2.11.0
- 
Dagger library was updated to the version 2.51.1: com.google.dagger:dagger:2.51.1 com.google.dagger:dagger-compiler:2.51.1
- 
SqlCipher library was updated to version 4.6.0: net.zetetic:sqlcipher-android:4.6.0
- 
Androidx core library was updated to version 1.13.1: androidx.core:core:1.13.1
Upgrade the Android SDK to version 12.0
Third-party library updates
With the update of the androidx.core-core library into version 1.12.0, the update of compileSdk and targetSdk are required on your application.
A third-party library was updated, if you provide the SDK as an aar archive, update the dependency in your project:
- OkHttp library was updated to the version 4.12.0 - com.squareup.okhttp:4.12.0
- Dagger library was updated to the version 2.49.0 - com.google.dagger:dagger:2.49.0
- RxJava library was updated to the version 3.1.6 - io.reactivex:rxjava3:rxjava:3.1.8
- Androidx SQLite library was updated to the version 2.4.0 - androidx.sqlite:sqlite-ktx:2.4.0
- SQLCipher library was updated and renamed to the version 4.5.5 - net.zetetic:sqlcipher-android:4.5.5
- Androidx core library was updated to the version 1.12.0 - androidx.core:core:1.12.0
Added Androidx Biometric version 1.1.0
androidx.biometric:biometric:1.1.0
Stateless registration
With new features added into the app, in order to be able to use stateless registration developers need to:
- Export new config from the backend. No changes needed, just download the recent version again. It contains new necessary fields.
- Download 5.3.0 SDK configurator version.
- Apply new config using SDK configurator.
New biometric authentication
We decided to deprecate old fingerprint authentication and all related classes and remove it in the future major release. This will give you time for migration to biometric authentication based on Android BiometricPrompt.
One important change that has to be done even if you are not planning to migrate right away is to change all occurrences of OneginiAuthenticator.FINGERPRINT to OneginiAuthenticator.BIOMETRIC as we renamed it to better reflect the new possibilities.
Note
The new biometric authentication changes the user experience, but the way the refresh token is stored on the device stays the same. Users with registered a fingerprint or biometric authenticator won't have to register it again after the update.
Instructions for upgrading the Onegini Android SDK to version 11.10
Error codes removal
Removed no longer used error codes in OneginiChangePinError:
- WRONG_PIN_ LENGTH
- PIN_BLACKLISTED
- PIN_IS_A_SEQUENCE
- PIN_USES_SIMILAR_DIGITS
Third-party library updates
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- 
OkHttp library was updated to the version 4.11.0: com.squareup.okhttp3:okhttp:4.11.0 com.squareup.okhttp3:okhttp-urlconnection:4.11.0 com.squareup.okhttp3:logging-interceptor:4.11.0
- 
Dagger library was updated to the version 2.46.1 - com.google.dagger:dagger:2.46.1
- Androidx SQLite library was updated to the version 2.3.1 - androidx.sqlite:sqlite-ktx:2.3.1
- SQLCipher library was updated and renamed to the version 4.5.4 - net.zetetic:sqlcipher-android:4.5.4
- Lazysodium library was updated to the version 5.1.0 - com.goterl:lazysodium-android:5.1.0
- RxJava library was updated to the version 3.1.6 - com.goterl:lazysodium-android:3.1.6
- RxJava library was updated to the version 2.3.1 - androidx.sqlite:sqlite-ktx:2.3.1
Instructions for upgrading the Onegini Android SDK to version 11.9
Third-party library updates
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- 
OkHttp library was updated to the version 4.10.0: com.squareup.okhttp3:okhttp:4.10.0 com.squareup.okhttp3:okhttp-urlconnection:4.10.0 com.squareup.okhttp3:logging-interceptor:4.10.0
- 
Androidx SQLite library was added - androidx.sqlite:sqlite-ktx:2.3.0
- JNA library was updated to the version 5.13.0 - net.java.dev.jna:jna:5.13.0
- RxJava Android library was updated to the version 3.0.2 - io.reactivex.rxjava3:rxandroid:3.0.2
- SQLCipher library was updated to the version 4.5.3 - net.zetetic:android-database-sqlcipher:4.5.3
Instructions for upgrading the Onegini Android SDK to version 11.8
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- JNA library was updated to the version 5.11.0 - net.java.dev.jna:jna:5.11.0
- Dagger library was updated to the version 2.42 - com.google.dagger:dagger:2.42
- RxJava library was updated to the version 3.1.5 - io.reactivex.rxjava3:rxjava:3.1.5
- AndroidX Core was updated to the version 1.8.0 - androidx.core:core:1.8.0
- 
OkHttp library was updated to the version 4.9.3: com.squareup.okhttp3:okhttp:4.9.3 com.squareup.okhttp3:okhttp-urlconnection:4.9.3 com.squareup.okhttp3:logging-interceptor:4.9.3
- 
Bouncy Castle library was updated to the version 1.70: org.bouncycastle:bcprov-jdk15on:1.70 org.bouncycastle:bcpg-jdk15on:1.70
Instructions for upgrading the Onegini Android SDK to version 11.7
stf_product: OneWelcome Identity Platform
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- SQLCipher library was updated to the version 4.5.0 - net.zetetic:android-database-sqlcipher:4.5.0
- RxJava library was updated to the version 3.1.3 - io.reactivex.rxjava3:rxjava:3.1.3
Instructions for upgrading the Onegini Android SDK to version 11.6
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- Kotlin Standard Library JDK 7 extension was updated to the version 1.6.10 - 
org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.6.10
Instructions for upgrading the Onegini Android SDK to version 11.5
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- JNA library was updated to the version 5.9.0 - net.java.dev.jna:jna:5.9.0
- Dagger library was updated to the version 2.39.1 - com.google.dagger:dagger:2.39.1
- Kotlin Standard Library JDK 7 extension was updated to the version 1.5.31 - org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.5.31
- 
OkHttp library was updated to the version 4.9.2 com.squareup.okhttp3:okhttp:4.9.2 com.squareup.okhttp3:okhttp-urlconnection:4.9.2 com.squareup.okhttp3:logging-interceptor:4.9.2
- 
RxJava library was updated to the version 3.1.2 - io.reactivex.rxjava3:rxjava:3.1.2
Instruction for upgrading the Onegini Android SDK to version 11.4
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
Kotlin Standard Library JDK 7 extension was updated to the version 1.5.21:
org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.5.21
Dagger library was updated to the version 2.38.1
com.google.dagger:dagger:2.38.1
Instructions for upgrading the Onegini Android SDK to version 11.3
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- AndroidX Core was updated to the version 1.6.0 - androidx.core:core:1.6.0
Instructions for upgrading the Onegini Android SDK to version 11.2
New tampering protection
For many years the Onegini SDK protected mobile apps from tampering by checking their binaries for any modifications in source code or assets. With the tampering protection enabled the app developers gained confidence that apps installed by customers do not contain malicious code injected by an attacker. Unfortunately, such verification was too strict to allow the app developers to use some functionalities like Play App Signing or App Bundles, since those functionalities were able to modify the binary file protected by the SDK.
Starting with Android SDK 11.2.0 we're introducing a new tampering protection functionality. The new feature does not check what the app contains but who created the app. Whenever the user installs the app on a device, the Android SDK checks if the certificate used to sign the app matches the one configured on the Token Server. This approach allows you to use features like App Bundles, as long as the app is signed by a trusted certificate.
The new functionality does not require any changes in the code of the mobile app, but you need to add your trusted certificates to the configuration of the Token Server. To read more about the certificate and configuration please follow the Application integrity chapter.
New error INVALID_DATETIME
The Onegini MSP uses epoch timestamps for registering and validating mobile devices. In very rare cases when the mobile device has set an incorrect date or time, the SDK will not be able to register and verify the client. In such cases the SDK will return a new INVALID_DATETIME error that can be used to indicate possible issues with the date or time that was set on the device.
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- Kotlin Standard Library JDK 7 extension was updated to the version 1.5.10 - org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.5.10
- BouncyCastle library was updated to the version 1.69 - org.bouncycastle:bcpg-jdk15on:1.69 org.bouncycastle:bcprov-jdk15on:1.69
Instructions for upgrading the Onegini Android SDK to version 11.1
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- Dagger library was updated to the version 2.37 - com.google.dagger:dagger:2.37
- 
OkHttp library was updated to the version 4.9.1 - com.squareup.okhttp3:okhttp-urlconnection:4.9.1 com.squareup.okhttp3:logging-interceptor:4.9.1 com.squareup.okhttp3:okhttp:4.9.1
- 
RxJava library was updated to the version 3.0.13 - io.reactivex.rxjava3:rxjava:3.0.13
- JNA library was updated to the version 5.8.0 - net.java.dev.jna:jna:5.8.0
- SQLCipher library was updated to the version 4.4.3 - net.zetetic:android-database-sqlcipher:4.4.3
- AndroidX Core was updated to the version 1.5.0 - androidx.core:core:1.5.0
Instructions for upgrading the Onegini Android SDK to version 11.0
MSP compatibility
This version of the SDK requires:
- the Token Server 12.12.0 or newer in case when the app is not using the optional Payload Encryption feature
- the Token Server 12.12.0 or newer and the Security Proxy 5.4.0 or newer when the app is using the optional Payload Encryption feature
Android compatibility
The minimum required Android version for the SDK is now 6.0 (API level 23). This means that the app's minimum supported version (minSdkVersion) should be set to 23 or higher.
New security controls
The security controls implementation has been modified, making the tampering protection optional. The application thumbprint (formerly known as application signature) can be calculated with two integrity levels: FULL or NONE. In case of a FULL integrity check, the SDK will perform a full binary check to be sure that the app was not modified, but it means that you will not be able to use features like App Bundles, because they change the application binaries. If you want to use this or any other feature that can modify the app binary, then you should use the NONE integrity level, which will skip the binary check, while still making basic application sanity checks.
The level of the integrity check can be set in the Token Server configuration
Error codes
OneginiInitializationError
The OneginiInitializationError does not return CONFIGURATION_ERROR 10001 anymore.
The OneginiInitializationError can return a new APP_INTEGRITY_FAILURE 10024 error in a case when the app integrity check has returned the wrong result.
OneginiRegistrationError
The OneginiRegistrationError can return a new APP_INTEGRITY_FAILURE 10024 error in a case when the app integrity check has returned the wrong result.
OneginiMobileAuthEnrollmentError
The OneginiMobileAuthEnrollmentError does not return USER_ALREADY_ENROLLED 9018 anymore.
OneginiDeviceAuthenticationError
The OneginiDeviceAuthenticationError can return a new APP_INTEGRITY_FAILURE 10024 error in a case when the app integrity check has returned the wrong result.
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- 
OkHttp library was updated to the version 4.9.0 - com.squareup.okhttp3:okhttp:4.9.0 com.squareup.okhttp3:okhttp-urlconnection:4.9.0 com.squareup.okhttp3:logging-interceptor:4.9.0
- 
RxJava library was updated the the version 3.0.9 - io.reactivex.rxjava3:rxandroid:3.0.0 io.reactivex.rxjava3:rxjava:3.0.9
- 
Retrofit adapter library was updated to the version 3.0.0 - com.squareup.retrofit2:adapter-rxjava3:3.0.0
- 
Retrofit library was updated to the version 2.9.0 com.squareup.retrofit2:retrofit:2.9.0 com.squareup.retrofit2:converter-gson:2.9.0 com.squareup.retrofit2:adapter-rxjava2:2.9.0
- 
BouncyCastle library was updated to the version 1.65 - org.bouncycastle:bcprov-jdk15on:1.65 org.bouncycastle:bcpg-jdk15on:1.65
- 
SQLCipher library was updated to the version 4.4.2 - net.zetetic:android-database-sqlcipher:4.4.2
Apache Commons IO (commons-io:commons-io:2.5) dependency has been removed. Libsodium dependencies have been added Groovy com.goterl.lazycode:lazysodium-android:4.2.0 net.java.dev.jna:jna:5.6.0 Copy
Instructions for upgrading the Onegini Android SDK to version 10.2
OpenID Connect Relying Party
The SDK is now an OpenID Connect Relying Party. During registration it can enforce the user to login with the Identity Provider.
In order to force the user login the app has to provide the openid scope within the set of scopes used for a user registration:
final String[] scopes = new String[]{ "read", "openid" };
    OneginiClient.getInstance()
        .getUserClient()
        .registerUser(identityProvider, scopes, registrationHandler);
All mobile apps configured on the Token Server have the openid scope by default. It means that it will be also used when the app will not define the scopes and let the Token Server use default scopes:
OneginiClient.getInstance()
        .getUserClient()
        .registerUser(identityProvider, null, registrationHandler);
Instructions for upgrading the Onegini Android SDK to version 10.1
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- OkHttp library was updated to the version 3.12.10 -com.squareup.okhttp3:okhttp:3.12.10 com.squareup.okhttp3:okhttp-urlconnection:3.12.10 com.squareup.okhttp3:logging-interceptor:3.12.10
The Onegini SDK still maintains support for Android 4.x and thus could not use the latest version of the OkHttp library (3.14.x or 4.x) as it does not have support Android 4.x at this time.
- 
Retrofit library was updated to the version 2.6.4 - com.squareup.retrofit2:retrofit:2.6.4 com.squareup.retrofit2:converter-gson:2.6.4 com.squareup.retrofit2:adapter-rxjava2:2.6.4
- 
RxJava library was updated the the version 2.2.19 - io.reactivex.rxjava2:rxjava:2.2.19
- SQLCipher library was updated to the version 4.3.0 - net.zetetic:android-database-sqlcipher:4.3.0
Instructions for upgrading the Onegini Android SDK to version 10.0
stf_product: OneWelcome Identity Platform
Mobile authentication
The deprecated handleMobileAuthWithPushRequest(final RemoteMessage pushMessage, final OneginiMobileAuthenticationHandler mobileAuthenticationHandler) method has been removed. Please use handleMobileAuthWithPushRequest(final OneginiMobileAuthWithPushRequest request, final OneginiMobileAuthenticationHandler handler) instead.
The com.google.firebase:firebase-messaging is not used by the SDK anymore, therefore it was removed from it's dependencies. It is the app's responsibility to handle FCM as described in the Mobile authentication with PUSH topic guide.
Migration from SpongyCastle to BouncyCastle
A third-party library called SpongyCastle has been replaced with BouncyCastle. SpongyCastle was an unofficial re-packaged version of BouncyCastle that was addressing some namespace issues on very old Android versions. Since those issues were solved on modern Android devices, the vanilla BouncyCastle dependency can be used.
If you use the same library in your project it is advised to update it as well:
Remove existing SpongyCastle dependencies:
com.madgag.spongycastle:core
com.madgag.spongycastle:prov
com.madgag.spongycastle:bcpg-jdk15on
com.madgag.spongycastle:bcpkix-jdk15on
Add two new BouncyCastle dependencies:
org.bouncycastle:bcprov-jdk15on:1.64
org.bouncycastle:bcpg-jdk15on:1.64
Third-party libraries were updated
A couple of third-party libraries were updated, if you use the same libraries in your project it is advised to update them as well:
- OkHttp library was updated to the version 3.12.6 - com.squareup.okhttp3:okhttp:3.12.6 com.squareup.okhttp3:okhttp-urlconnection:3.12.6 com.squareup.okhttp3:logging-interceptor:3.12.6
The Onegini SDK still maintains support for Android 4.x and thus could not use the latest version of the OkHttp library (3.13.x or 4.x) as it does not have support Android 4.x at this time.
- 
Retrofit library was updated to the version 2.6.2 - com.squareup.retrofit2:retrofit:2.6.2 com.squareup.retrofit2:converter-gson:2.6.2 com.squareup.retrofit2:adapter-rxjava2:2.6.2
- 
RxJava library was updated the the version 2.2.15 - io.reactivex.rxjava2:rxjava:2.2.15
Instructions for upgrading the Onegini Android SDK to version 9.8
stf_product: OneWelcome Identity Platform
OpenID Connect Relying Party
The SDK is now an OpenID Connect Relying Party. During registration it can enforce the user to login with the Identity Provider.
In order to force the user login the app has to provide the openid scope within the set of scopes used for a user registration:
final String[] scopes = new String[]{ "read", "openid" };
    OneginiClient.getInstance()
        .getUserClient()
        .registerUser(identityProvider, scopes, registrationHandler);
All mobile apps configured on the Token Server have the openid scope by default. It means that it will be also used when the app will not define the scopes and let the Token Server use default scopes:
OneginiClient.getInstance()
        .getUserClient()
        .registerUser(identityProvider, null, registrationHandler);
Instructions for upgrading the Onegini Android SDK to version 9.7
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- RxJava library was updated the the version 2.2.10 - io.reactivex.rxjava2:rxjava:2.2.10
- SQLCipher library was updated to the version 4.2.0 - net.zetetic:android-database-sqlcipher:4.2.0
Instructions for upgrading the Onegini Android SDK to version 9.6
New error ACTION_ALREADY_IN_PROGRESS
Since the SDK is a stateful library, you should not call asynchronous methods (like authenticateUser() or start()) in parallel. Starting with this version the SDK will return ACTION_ALREADY_IN_PROGRESS (9007) error in case when multiple calls to the same asynchronous method are made in parallel. You should investigate if you receive the new error in any scenarios and fix it by preventing multiple calls in parallel.
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- OkHttp library was updated to the version 3.12.3 -com.squareup.okhttp3:okhttp:3.12.3 com.squareup.okhttp3:okhttp-urlconnection:3.12.3 com.squareup.okhttp3:logging-interceptor:3.12.3
The Onegini SDK still maintains support for Android 4.x and thus could not use the latest version of the OkHttp library (3.13.x) as it does not have support Android 4.x at this time.
- 
Retrofit library was updated to the version 2.6.0 - com.squareup.retrofit2:retrofit:2.6.0 com.squareup.retrofit2:converter-gson:2.6.0 com.squareup.retrofit2:adapter-rxjava2:2.6.0
- 
RxJava library was updated the the latest version 2.2.9 - io.reactivex.rxjava2:rxjava:2.2.9
Instructions for upgrading the Onegini Android SDK to version 9.5
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- OkHttp library was updated to the version 3.12.1 -com.squareup.okhttp3:okhttp:3.12.1 com.squareup.okhttp3:okhttp-urlconnection:3.12.1 com.squareup.okhttp3:logging-interceptor:3.12.1
The Onegini SDK still maintains support for Android 4.x and thus could not use the latest version of the OkHttp library (3.13.x) as it does not have support Android 4.x at this time.
- 
Retrofit library was updated to the version 2.5.0 - com.squareup.retrofit2:retrofit:2.5.0 com.squareup.retrofit2:converter-gson:2.5.0 com.squareup.retrofit2:adapter-rxjava2:2.5.0
- 
RxJava library was updated the the latest version - io.reactivex.rxjava2:rxandroid:2.0.2 io.reactivex.rxjava2:rxjava:2.1.12
- 
Firebase Cloud Messaging library was updated to the version 17.6.0 com.google.firebase:firebase-messaging:17.6.0
Instructions for upgrading the Onegini Android SDK to version 9.4
stf_product: OneWelcome Identity Platform
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- RxJava library was updated the the latest version 2.2.4 - io.reactivex.rxjava2:rxjava:2.2.4
Instructions for upgrading the Onegini Android SDK to version 9.3
Third-party libraries were updated
A third-party library was updated, if you provide the SDK as an aar archive please update the dependency in your project:
- Firebase Cloud Messaging library was updated to the version 17.3.4 - com.google.firebase:firebase-messaging:17.3.4
Instructions for upgrading the Onegini Android SDK to version 9.2
stf_product: OneWelcome Identity Platform
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- Firebase-messaging library was updated to the latest version 17.3.1 - com.google.firebase:firebase-messaging:17.3.1
- 
OkHttp library was updated to the latest version 3.11.0 - com.squareup.okhttp3:okhttp:3.11.0 com.squareup.okhttp3:okhttp-urlconnection:3.11.0 com.squareup.okhttp3:logging-interceptor:3.11.0
- 
RxJava library was updated the the latest version - io.reactivex.rxjava2:rxandroid:2.1.0 io.reactivex.rxjava2:rxjava:2.2.2
Instructions for upgrading the Onegini Android SDK to version 9.1
stf_product: OneWelcome Identity Platform
Minimum supported Token Server Version 8.2.0
Due to the SDK initialization improvement you need to update the Token Server to at least 8.2.0 version first.
New application signature algorithm
The application signature (secret) is now calculated using new algorithm that takes Google Play Store metadata into account. This algorithm is different than the one used by the Application Signature Calculator v1.x. Therefore, if you want to use the Application Signature Calculator you must use the updated v2.x
Onegini SDK ProGuard rules were embedded into the library
The proguard-onegini.pro file has been embedded in the Onegini SDK library and it no longer has to be explicitly specified in your application. You can remove the proguard-onegini.pro file from the application and edit your proguardFiles configuration in the buildTypes section of the application's build.gradle file to remove its usage.
Third-party libraries were updated
A couple of third-party libraries were updated, if you provide the SDK as an aar archive please update the dependencies in your project:
- SQLCipher library was updated to the version 3.5.9 - net.zetetic:android-database-sqlcipher:3.5.9
- 
OkHttp library was updated to the version 3.10.0 - com.squareup.okhttp3:okhttp:3.10.0 com.squareup.okhttp3:okhttp-urlconnection:3.10.0 com.squareup.okhttp3:logging-interceptor:3.10.0
- 
Retrofit library was updated to the version 2.4.0 - com.squareup.retrofit2:retrofit:2.4.0 com.squareup.retrofit2:converter-gson:2.4.0 com.squareup.retrofit2:adapter-rxjava2:2.4.0
- 
Firebase Cloud Messaging library was updated to the version 15.0.2 - com.google.firebase:firebase-messaging:15.0.2
- 
RxJava library was updated the the latest version - io.reactivex.rxjava2:rxandroid:2.0.2 io.reactivex.rxjava2:rxjava:2.1.12
Instructions for upgrading the Onegini Android SDK to version 9.0
Fixed typo in one of OneginiClientBuilder methods
The OneginiClientBuilder used to have public method:
public OneginiClientBuilder setFingerprintAuthenticatioRequestHandler(@NonNull final OneginiFingerprintAuthenticationRequestHandler fingerprintAuthenticatioRequestHandler) {
The method had a spelling error, there was a missing n in Authentication word. The issue is fixed now, the new name of the method is:
public OneginiClientBuilder setFingerprintAuthenticationRequestHandler(@NonNull final OneginiFingerprintAuthenticationRequestHandler fingerprintAuthenticationRequestHandler) {
The functionality of the method stays the same.
CustomAuthenticatorInfo
The customAuthenticatorInfo class was renamed to CustomInfo. The object is now used to provide results of both custom authentication and custom registration.
OneginiErrorDetails
The getCustomAuthenticatorInfo method from the OneginiErrorDetails has been renamed to getCustomInfo.
OneginiRegistrationHandler
The OneginiRegistrationHandler.onSuccess() has received and additional CustomInfo param:
void onSuccess(UserProfile userProfile, CustomInfo customInfo);
In a case when the user has registered using the CustomIdentityProvider, the object will contain the success status code and optional data received from the Extension Engine. Otherwise, the object will be null.
com.onegini.mobile.sdk.android.handlers.customauth
All public interfaces from com.onegini.mobile.sdk.android.handlers.customauth package has been moved to com.onegini.mobile.sdk.android.handlers.action package.
UserClient#registerUser method
The registerUser method from the UserClient takes additional param: the Identity Provider.
/**
   * Registers a new profile using the specified OneginiIdentityProvider. The new profile will be generated during the registration process and returned
   * with a success callback.
   *
   * @param identityProvider    the {@link OneginiIdentityProvider} that is used for the registration or null for default.
   * @param scopes              the scopes authentication is requested for, when no scopes are requested the default scopes of the application will be used.
   * @param registrationHandler the registration handler to return the authentication result to
   */
  @SuppressWarnings("unused")
  public void registerUser(@Nullable final OneginiIdentityProvider identityProvider, @NonNull final String[] scopes,
                           @NonNull final OneginiRegistrationHandler registrationHandler) {
    sdkClient.registerUser(identityProvider, scopes, registrationHandler);
  }
This allows you to use the multiple Identity Providers feature. In case when you don't want to use the feature, you can pass null as the first param to let the SDK use the default IDP from the TS config.
OneginiRegistrationRequestHandler
The OneginiRegistrationRequestHandler has been renamed to OneginiBrowserRegistrationRequestHandler.
The OneginiBrowserRegistrationRequestHandler implementation is not required anymore if the app doesn't use browser registration (i.e. when registration is done using custom Identity Provider). Because of that the OneginiClientBuilder doesn't require this object in the constructor anymore:
/**
   * Initialize new OneginiBuilder instance.
   *
   * @param context                         Application context should be provided to initialize the SDK
   * @param createPinRequestHandler         instance of {@link OneginiCreatePinRequestHandler} that's responsible for creating new PIN
   * @param pinAuthenticationRequestHandler instance of {@link OneginiPinAuthenticationRequestHandler} that's responsible for authenticating with PIN
   */
  public OneginiClientBuilder(@NonNull final Context context, @NonNull final OneginiCreatePinRequestHandler createPinRequestHandler,
                              @NonNull final OneginiPinAuthenticationRequestHandler pinAuthenticationRequestHandler) {
    // ...
  }
However, if you want to use browser registration, you should still provide the registration handler through new method of the OneginiClientBuilder:
/**
   * Sets the {@link OneginiBrowserRegistrationRequestHandler} implementation that has to be used for authenticating in a web browser.
   *
   * @param browserRegistrationRequestHandler instance of {@link OneginiBrowserRegistrationRequestHandler} that's responsible for authenticating in web browser
   * @return {@link OneginiClientBuilder}
   */
  @SuppressWarnings("unused")
  public OneginiClientBuilder setBrowserRegistrationRequestHandler(@NonNull final OneginiBrowserRegistrationRequestHandler browserRegistrationRequestHandler) {
    // ...
  }
OneginiRegistrationCallback
The OneginiRegistrationCallback has been renamed to OneginiBrowserRegistrationCallback.
Instructions for upgrading the Onegini Android SDK to version 8.3
stf_product: OneWelcome Identity Platform
New application signature algorithm
The application signature (secret) is now calculated using new algorithm that takes Google Play Store metadata into account. This algorithm is different than the one used by the Application Signature Calculator v1.x. Therefore, if you want to use the Application Signature Calculator you must use the updated v2.x
Minimum supported Token Server Version 6.5.0
Due to the SDK initialization improvement you need to update the Token Server to at least 6.5.0 version first.
Instructions for upgrading the Onegini Android SDK to version 8.2
stf_product: OneWelcome Identity Platform
FIDO not supported
FIDO authenticators are not supported by the Onegini SDK anymore. The FIDO-related interfaces and classes (like OneginiFidoAuthenticationRequestHandler) has been removed. However, you can still implement authentication based on 3rd party authenticators like FIDO using the custom authenticator feature.
Instructions for upgrading the Onegini Android SDK to version 8.1
Mobile authentication request
The Onegini SDK doesn't expect a GCM/FCM specific objects anymore when handling mobile authentication requests. In order to handle the mobile authentication request you need to provide an OneginiMobileAuthWithPushRequest instance to the SDK method:
public void handleMobileAuthWithPushRequest(@NonNull final OneginiMobileAuthWithPushRequest oneginiMobileAuthWithPushRequest,
                                            @NonNull final OneginiMobileAuthenticationHandler mobileAuthenticationHandler);
In order to create such a request object, you should parse the incoming GCM/FCM message object in the app. This can be done by your own JSON parser or one of free JSON parsing libraries like Gson. For example, to parse the incoming RemoteMessage (FCM) object into an OneginiMobileAuthWithPushRequest you could use
final String json = message.getData().get("content");
final OneginiMobileAuthWithPushRequest mobileAuthenticationRequest = new Gson().fromJson(json, OneginiMobileAuthWithPushRequest.class);
Instructions for upgrading the Onegini Android SDK to version 8.0
Authenticator registration
The OneginiAuthenticatorRegistrationHandler returns additional object CustomAuthenticatorInfo containing additional information when registering a custom authenticator. In case of other authenticator the parameter will be null.
void onSuccess(CustomAuthenticatorInfo customAuthenticatorInfo);
void onError(OneginiAuthenticatorRegistrationError error);
User authentication
The OneginiAuthenticationHandler returns additional object CustomAuthenticatorInfo containing additional information when authenticating with a custom authenticator. In case of other authenticator the parameter will be null.
void onSuccess(UserProfile userProfile, CustomAuthenticatorInfo customAuthenticatorInfo);
void onError(OneginiAuthenticationError error);
Mobile authentication
The OneginiMobileAuthenticationHandler#onSuccess() returns additional object CustomAuthenticatorInfo containing additional information when authenticating with a custom authenticator. In case of other authenticator the parameter will be null.
void onSuccess(CustomAuthenticatorInfo customAuthenticatorInfo);
Firebase Cloud Messaging
Starting from version 8.0.0 the Onegini SDK supports the Firebase Cloud Messaging (FCM) instead of the Google Cloud Messaging (GCM) for sending push notifications and it is strongly recommended to upgrade your application.
Migration
First you need to set up the FCM in the Firebase Console as described in the Token Server documentation.
In order to migrate your application please refer to the Google Documentation
Method for handling push notifications from the UserClient class has been removed:
public void handleMobileAuthWithPushRequest(final Bundle pushMessage, final OneginiMobileAuthenticationHandler mobileAuthenticationHandler);
all usages should be replace with a new method from the same class:
public void handleMobileAuthWithPushRequest(final RemoteMessage pushMessage, final OneginiMobileAuthenticationHandler mobileAuthenticationHandler);
Behavior changes
Incoming push messages will no longer cause the device's screen to be turned on so the user may not notice the authentication request. You should implement a notification mechanism. An example is implemented in the latest version of Onegini Example Application which is available on GitHub.
User authentication
The authenticateUser method behaviour change
In previous versions of the SDK calling method UserClient#authenticateUser() for already authenticated UserProfile was returning onSuccess without forcing the user to reauthenticate.
Starting from version 8.0.0 the method will logout the current user and will try to authenticate them again - user interaction will be required. It is strongly recommended to first check, if UserProfile isn't already authenticated, by calling the method UserProfile#getAuthenticatedUserProfile() which will return UserProfile of currently authenticated user, or null, if no user is currently authenticated.
The reauthenticateUser method removal
Starting from version 8.0.0 the method UserClient#reauthenticateUser has been removed from the SDK. The method UserClient#authenticateUser should be used instead, its behavior has been changed to always enforce user authentication, just like the reauthenticateUser method did.