Release notes v6.X
6.06.02
Bug-fixes
- Fixed the "unsupported class javax.crypto.spec.IvParameterSpec" exception that was thrown during the Payload Encryption handshake on the Android 8.1 (API 27)
- Fixed migration of the preferred authenticator during the SDK version upgrade
- Fixed null pointer exception that may occur during user deregistration
6.06.01
Bug-fixes
- Fixed a bug that corrupted the mobile authentication storage after any SDK update. All users must re-enroll for mobile authentication to fix the storage and mobile authentication functionality.
6.06.00
Features
- Transaction signing support for mobile authentication with push.
Improvements
- Google Guava is not an SDK dependency anymore.
- Performance improvements.
Bug-fixes
- The SDK will not crash anymore when the PIN policy was not defined in the Token Server configuration.
- Fixed a bug introduced in 6.05.00 when UserProfile might not be removed properly during deregistration.
- Fixed a bug introduced in 6.05.00 that limited only one SDK instance to be installed on the same device.
6.05.00
Improvements
- The SDK exposes a new type of the OkHttp client (via
DeviceClient#getUnauthenticatedResourceOkHttpClient
method) that can be used to fetch resources without authentication. - The FIDO SDK dependencies are not required anymore unless the app actually uses FIDO authentication.
- Improved error handling for FIDO authentication.
- Added experimental custom authenticator API. The API is not in the final state and it should not be used for production apps.
- Internal SDK data storage improvements.
6.04.08
Bug-fixes
- Fixed the invalid PIN length error for PINs longer than 5 digits.
6.04.07
Bug-fixes
- Fixed the "unsupported class javax.crypto.spec.IvParameterSpec" exception that was thrown during the Payload Encryption handshake on the Android 8.1 (API 27)
6.04.06
Bug-fixes
- Fixed preferred authenticator migration
6.04.05
Improvements
- The SDK will not show any root permission dialogs on rooted devices anymore
6.04.04
Bug-fixes
- Fixed a bug that corrupted the mobile authentication storage after any SDK update. All users must re-enroll for mobile authentication to fix the storage and mobile authentication functionality.
6.04.03
Bug-fixes
onNextAuthenticationAttempt
was called always when the failed attempts is > 0 during push mobile authentication with PIN. If a new mobile authentication request arrives thestartAuthentication
method must always be called.- Fixed a minor cache issue for client configuration.
6.04.02
Bug-fixes
- The fingerprint authenticator was not marked as preferred after migrating from Android SDK version 5.x to 6.x in case the user had the fingerprint authenticator registered.
6.04.01
Improvements
- Performance improvements
6.04.00
Improvements
- Major update of the OkHttp client dependency (from 2.4.0 to latest 3.5.0). The new client is now used in all SDK requests and is also exposed to the end app
via the new methods:
DeviceClient#getOkHttpClient()
,DeviceClient#getAnonymousResourceOkHttpClient()
,UserClient#getResourceOkHttpClient()
. Old, deprecated methods will now return instance ofcom.jakewharton.retrofit.Ok3Client
for backwards compatibility. - The SDK will enable TLS 1.2 support for network calls on older Android 4.X devices, where it's disabled by default.
- Update of the FIDO SDK to the latest 1.5.0 version.
- New
OneginiClientBuilder#setSecurityController
that can be used for disabling root/debug detection. - The SDK won't deregister the fingerprint authenticator if fingerprint authentication was canceled by the end-user. Instead it will perform a fallback to PIN authentication.
6.03.01
Bug-fixes
- Fixed a cookie store issue, where cookies were never stored even if proper method in OneginiClientBuilder was set.
6.03.00
Improvements
- Registration action is now performed with a new OneginiRegistraionRequestHandler.
- When root or debug is detected before DCR, the SDK will still notify the Token Server about a client abuse.
Bug-fixes
- The SDK will return only
UserProfile
s that were able to finish the registration process. In previous versions when the app was forced to close during the registration action, the SDK could return corrupted profile object as registered.
6.02.00
Features
- Support for FIDO UAF (Fast IDentity Online) authenticators.
Improvements
- The SDK client will store cookies by default (if it wasn't set directly with OneginiClientBuilder#shouldStoreCookies() call).
- Improved error handling when a user or device gets deregistered on the Token Server side during SDK's runtime.
Bug-fixes
- The SDK will throw an
IllegalArgumentException
whenNULL
is passed in public methods that require theUserProfile
param. - Few smaller bug-fixes and improvements.
6.01.01
Bug-fixes
- Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
6.01.00
Improvements
- The
OneginiClientConfigModel.getMaxPinFailures()
was removed. The SDK will use a maximum pin failures limit that's declared in the Token Server configuration - Improved root and debug detection
- The third-party libraries that are used by the Android SDK can now be resolved as transitive dependencies when including the SDK in an application
- When the user provides a wrong PIN/fingerprint, but his failed attempts limit is not reached yet, he won't get logged out
Bug-fixes
- The
getPreferredAuthenticator()
method will returnnull
if no user is currently authenticated - The SDK will return the proper error type
DEVICE_DEREGISTERED
if the device was deregistered on the Token Server side - Fixed Dynamic Client Registration functionality, that could fail if the DCR was performed after device deregistration on the Token Server side
- The SDK will throw the
OneginiInitializationException
if internal data decryption will fail due to unrecoverable changes in app client config - The SDK will throw the
OneginiInitializationException
if an optionalRequestHandler
was not set but it's required to handle an authentication request - Other internal bugfixes and improvements
6.00.01
Bug-fixes
- Fixed an error when preferred authenticator could not be loaded properly
6.00.00
This is a stable release of the SDK v6.00.00. Main changes between 6.00.00-BETA release and the stable release are described below.
Improvements
- Inlined the failed fingerprint attempts with the Android OS. The fingerprint scanner will get automatically blocked by the Android OS. If the fingerprint scanner is blocked (i.e. abuse is detected) the Onegini SDK will revoke fingerprint authentication for the current profile and a fallback to PIN authentication will be triggered
- The
handleAuthorizationCallback
method has been renamed intohandleRegistrationCallback
- The package name has been renamed from
com.onegini.mobile.android.sdk
intocom.onegini.mobile.sdk.android
- The SDK will throw an
OneginiInitializationException
rather thanNullPointerException
if it was used without a proper RequestHandler - When the user denies a mobile authentication request, the SDK will return an error with the
ACTION_CANCELED
type - New handler class
OneginiDeviceAuthenticationHandler
forauthenticateDevice
method - All error type values are now inline with error types in the iOS SDK
- A new
AuthenticationAttemptCounter
object has been added to several methods inOneginiPinAuthenticationRequestHandler
andOneginiMobileAuthenticationPinRequestHandler
interfaces - All deprecated and/or classes that were not used publicly have been removed
- The asynchronous method
void fetchNotRegisteredAuthenticators
has been removed. New synchronous methodSet<OneginiAuthenticator> getNotRegisteredAuthenticators
has been introduced - A new
Set<OneginiAuthenticator> getAllAuthenticators
method has been introduced - The
getUser
method has been renamed intogetOpenIdUserInfo
- The
OneginiAuthenticator
interface has newisRegistered
andisPreferred
convenience methods - The
OneginiClientBuilder
has newsetDeviceConfigCacheDurationSeconds
method - Updated the Google Cloud Messaging library dependency from v8.4.0 to latest v9.6.1
Bug-fixes
- Fixed user registration that could not be finished because of internal client config cache
- The SDK wil not 'hang' when a fingerprint authentication request is received but fingerprint is disabled for the given user
- Increased the security for mobile authentication by using a stronger hashing algorithm
- All internal data is being wiped out when the device is deregistered
- Fixed certificate pinning issues for latest Android Nougat release
- The SDK will not return an error during the change PIN flow when the user provides a wrong pin but he has more attempts left
6.00.00-BETA
This is a BETA release that can still contain bugs and issues. You should not use it for any production releases!
Improvements
- Completely redesigned public API to make the SDK easier to use