In case when the SDK cant decrypt internal data, all internal data will be removed rather than throwing OneginiInitializationException
5.04.01
Bug-fixes
Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
5.04.00
Features
Inlined the failed fingerprint attempts with the Android OS. The fingerprint scanner will get automatically blocked by the Android OS. If the fingerprint
scanner is blocked (i.e. abuse is detected) the Onegini SDK will revoke fingerprint authentication for the current profile and a fallback to PIN
authentication will be triggered.
Bug-fixes
The SDK wil not 'hang' when a fingerprint authentication request is received but fingerprint is disabled for the given user
Increased the security for mobile authentication by using a stronger hashing algorithm
5.03.03
Bug-fixes
Fixed certificate pinning issues for latest Android Nougat release
5.03.02
Bug-fixes
Fixed OneginiConfigNotFoundException that could occur when config model was provided as an argument in OneginiClient.setupInstance method
Fixed ClassNotFoundException that could occur when compiling app with the SDK on Windows environment
Changed way the SDK allows to perform secure resource calls. Introduced OneginiClient#getResourceRetrofitClient and
OneginiClient#getAnonymousResourceRetrofitClient, which are meant to be used in order to build a Retrofit RestAdapter.
Deprecated ResourceHelperAbstract and AnonymousResourceHelperAbstract
Added new topic guide chapter performing-resource-calls
5.01.00
Bug-fixes
Fixed connectivity issues when baseUrl property was ending with a slash character
Improvements
Mobile Authentication security improvements
OneginiClientNotValidatedException exception will be thrown when isPinValid() is be called before client validation
Updated Google Play Services library to the latest version (8.4.0)
Introduced new documentation layout
5.00.01
Improvements
OneginiClient can be instantiated with custom OneginiClientConfigModel implementation by calling #setupInstance(context, configModel) on OneginiClient
5.00.00
Features
Introduced fingerprint authentication method for devices with Android 6.0 "Marshmallow" or newer
Improvements
The minimum required Android OS version for the SDK is now 4.1 (API LVL 16)
The SDK doesn't require OneginiClientConfigModel instance to be passed during initialization - the config model will be loaded automatically using a reflection API
The SDK supports latest Android version "6.0 Marshmallow" (API lvl 23)
The SDK doesn't require android.permission.GET_ACCOUNTS permission anymore to handle push messages
Updated 3rd party dependencies (for a list of dependencies please refer to documentation: Introduction #4 Used libraries)
Security improvements
Bug-fixes
Fixed issues that were occurring when ProGuard was used to obfuscate the top-level application
Fixed infinite loop issue during anonymous request when client credentials were invalid
Release notes v4.X
4.02.02
Bug fixes
Fixed authorization flow for anonymous resource calls
4.02.01
Bug fixes
Fixed issue with SharedPreferences missing keys when obfuscation was enabled
4.02.00
Features
All data stored by the SDK in Android's SharedPreferences are encrypted
Improvements
Encrypted communication will be handled using binary data
All permission required by the SDK are included and declared by the SDK it self
4.01.02
Improvements
Updated google-play-services and build-tools dependencies to the latest versions
4.01.01
Bug fixes
Fixed obfuscation issue in AnonymousResourceHelperAbstract layer
4.01.00
Features
ResourceHelper abstract layer accepts custom RequestInterceptor which can be used to extend original request with additional headers or parameters
Improvements
Removed deprecated methods and interfaces
4.00.00
Features
SDK is capable of sending and handling encrypted communication - Payload Encryption
Improvements
Removed multi-catch syntax to fix possible issues on older Android versions
Release notes v3.X
3.05.00
Features
Payload encryption handshake implementation
Bug fixes
Fixed client validation loop detection handling
Fixed SSL TrustManager security issue
3.04.00
Features
OS version detection
Device CPU architecture detection
Improvements
Removed unused, deprecated properties from OneginiConfigModel: shouldConfirmPin, shouldDirectlyShowPushMessage
3.03.00
Features
Improved root/debug detection
SDK uses custom user-agent header
3.02.02
Bug fixes
Fixed a bug in accessing the application when using encrypted clientSecret
3.02.01
Features
SDK calculates application secret by it's own, #getAppSecret has been removed from OneginiClientConfigModel interface.
Support debug mode/environment detection.
Support rooted device detection.
Added Dynamic Client Update flow support.
Added tampering detection
3.02.00
Features
Forced update support. SDK validates against Token Server if current application version can be still used and if not notifies that update is needed.
Extended error handling within DCR process. All connectivity and other unsuspected errors which will occur within DCR flow will be mapped to general #authorizationError handler instead of #authorizationErrorClientRegistrationFailed
Release notes v2.X
2.04.05
Features
Added option to configure if cookies should be kept between requests
SDK doesn't provide any base dialogs implementations (like for ex. PinDialog), it's the responsibility of end-developer to provide these layers
SDK exposes new API to validate provided PIN number against set pin policy
SDK added an option to configure the timeouts on HTTP calls