In case when the SDK cant decrypt internal data, all internal data will be removed rather than throwing OneginiInitializationException
Fixed internal data encryption issue, where the data could be encrypted multiple times when client config has changed.
Inlined the failed fingerprint attempts with the Android OS. The fingerprint scanner will get automatically blocked by the Android OS. If the fingerprint
scanner is blocked (i.e. abuse is detected) the Onegini SDK will revoke fingerprint authentication for the current profile and a fallback to PIN
authentication will be triggered.
The SDK wil not 'hang' when a fingerprint authentication request is received but fingerprint is disabled for the given user
Increased the security for mobile authentication by using a stronger hashing algorithm
Fixed certificate pinning issues for latest Android Nougat release
Fixed OneginiConfigNotFoundException that could occur when config model was provided as an argument in OneginiClient.setupInstance method
Fixed ClassNotFoundException that could occur when compiling app with the SDK on Windows environment
Changed way the SDK allows to perform secure resource calls. Introduced OneginiClient#getResourceRetrofitClient and
OneginiClient#getAnonymousResourceRetrofitClient, which are meant to be used in order to build a Retrofit RestAdapter.
Deprecated ResourceHelperAbstract and AnonymousResourceHelperAbstract
Added new topic guide chapter performing-resource-calls
Fixed connectivity issues when baseUrl property was ending with a slash character
Mobile Authentication security improvements
OneginiClientNotValidatedException exception will be thrown when isPinValid() is be called before client validation
Updated Google Play Services library to the latest version (8.4.0)
Introduced new documentation layout
OneginiClient can be instantiated with custom OneginiClientConfigModel implementation by calling #setupInstance(context, configModel) on OneginiClient
Introduced fingerprint authentication method for devices with Android 6.0 "Marshmallow" or newer
The minimum required Android OS version for the SDK is now 4.1 (API LVL 16)
The SDK doesn't require OneginiClientConfigModel instance to be passed during initialization - the config model will be loaded automatically using a reflection API
The SDK supports latest Android version "6.0 Marshmallow" (API lvl 23)
The SDK doesn't require android.permission.GET_ACCOUNTS permission anymore to handle push messages
Updated 3rd party dependencies (for a list of dependencies please refer to documentation: Introduction #4 Used libraries)
Fixed issues that were occurring when ProGuard was used to obfuscate the top-level application
Fixed infinite loop issue during anonymous request when client credentials were invalid
Release notes v4.X
Fixed authorization flow for anonymous resource calls
Fixed issue with SharedPreferences missing keys when obfuscation was enabled
All data stored by the SDK in Android's SharedPreferences are encrypted
Encrypted communication will be handled using binary data
All permission required by the SDK are included and declared by the SDK it self
Updated google-play-services and build-tools dependencies to the latest versions
Fixed obfuscation issue in AnonymousResourceHelperAbstract layer
ResourceHelper abstract layer accepts custom RequestInterceptor which can be used to extend original request with additional headers or parameters
Removed deprecated methods and interfaces
SDK is capable of sending and handling encrypted communication - Payload Encryption
Removed multi-catch syntax to fix possible issues on older Android versions
Release notes v3.X
Payload encryption handshake implementation
Fixed client validation loop detection handling
Fixed SSL TrustManager security issue
OS version detection
Device CPU architecture detection
Removed unused, deprecated properties from OneginiConfigModel: shouldConfirmPin, shouldDirectlyShowPushMessage
Improved root/debug detection
SDK uses custom user-agent header
Fixed a bug in accessing the application when using encrypted clientSecret
SDK calculates application secret by it's own, #getAppSecret has been removed from OneginiClientConfigModel interface.
Support debug mode/environment detection.
Support rooted device detection.
Added Dynamic Client Update flow support.
Added tampering detection
Forced update support. SDK validates against Token Server if current application version can be still used and if not notifies that update is needed.
Extended error handling within DCR process. All connectivity and other unsuspected errors which will occur within DCR flow will be mapped to general #authorizationError handler instead of #authorizationErrorClientRegistrationFailed
Release notes v2.X
Added option to configure if cookies should be kept between requests
SDK doesn't provide any base dialogs implementations (like for ex. PinDialog), it's the responsibility of end-developer to provide these layers
SDK exposes new API to validate provided PIN number against set pin policy
SDK added an option to configure the timeouts on HTTP calls