3.2.0 (2021-10-11)
Changed
- update dependencies and sdk #636 (lbalmaceda)
3.1.0 (2021-07-20)
Added
- Add support for OOB multi-factor authentication #632 (lbalmaceda)
Fixed
- Update AndroidManifest.xml for Android 12 support #631 (VincentJoshuaET)
3.0.1 (2021-05-27)
Fixed
- Trim username and email input to avoid NPE #628 (lbalmaceda)
3.0.0 (2021-05-04)
Full Changelog Closed issues
- AuthenticationCallback methods are only called the first time I login #607
- UnauthorizedErrors are not received in lock widget callbacks #606
Added
- Add migration guide [SDK-2430] #615 (lbalmaceda)
Changed
- Drop Jetifier plugin usage #624 (lbalmaceda)
- Enable AppLinks in the declared intent filters #622 (lbalmaceda)
- Simplify library set up by declaring activities internally #620 (lbalmaceda)
- Refactor broadcast receiver usage #619 (lbalmaceda)
- Raise Unauthorized and Access Denied errors through callback [SDK-2480] #618 (lbalmaceda)
- Update readme #617 (lbalmaceda)
- Migrate sample app to use Kotlin [SDK-2431] #616 (lbalmaceda)
Removed
- Remove support for changing the Social Button style [SDK-2430] #614 (lbalmaceda)
- Remove support for Implicit Authentication flow [SDK-2430] #613 (lbalmaceda)
- Remove WebView component support [SDK-2430] #612 (lbalmaceda)
Fixed
- Fix filtering by Country name [SDK-2546] #623 (lbalmaceda)
- Run lint and fix inspection results #611 (lbalmaceda)
Breaking changes
- Update LockCallback and AuthenticationCallback [SDK-2480] #621 (lbalmaceda)
- Use Auth0.Android v2 [SDK-2429] #610 (lbalmaceda)
- Migrate to AndroidX #609 (lbalmaceda)
- Bump the minimum required android version [SDK-2427] #608 (lbalmaceda)
2.23.0 (2020-09-14)
Having project sync issues after upgrading? This release updates the core SDK to make it compatible with Android 11 new privacy changes. If you run into a build compile issue when importing this version, make sure that you are using the latest patch version of the Android Gradle Plugin. Check the table in the announcement blogpost to learn to what version you should update.
Changed
- Improve compatibility with Kotlin and run Lint on CI #596 (lbalmaceda)
- Add compatibility with Android 11: Bump SDK version #595 (lbalmaceda)
- Update "37 Signals" auth style to "Basecamp" [SDK-1944] #593 (lbalmaceda)
2.22.0 (2020-08-25)
Added
- Support bot protection #589 (lbalmaceda)
2.21.1 (2020-08-05)
Fixed
- Use latest SDK patch #587 (lbalmaceda)
2.21.0 (2020-07-20)
Starting from this version, the alias used to store the key pair in the Android Keystore is prefixed to avoid collisions between other Auth0 enabled apps. Your users will be facing a "credentials not found" scenario, requiring them to log in again once. Double check that you are not ignoring the errors being returned in the callback and documented here.
Changed
- Bump SDK to version 1.24.0 #583 (lbalmaceda)
Fixed
- Bugfix #581 | Fix social login buttons with white backgrounds #582 (morganlutz)
2.20.0 (2020-05-26)
Added
- Allow to change the visible sign-up fields threshold #578 (lbalmaceda)
- Add social button style for Sign In with Apple #575 (lbalmaceda)
Fixed
- Fix ModeSelectionView sync issue #577 (lbalmaceda)
- Center Custom Fields additional form vertically #576 (lbalmaceda)
2.19.0 (2020-04-29)
Changed
- Bump the SDK version to 1.23.0 #570 (lbalmaceda)
Fixed
2.18.0 (2020-03-04)
Changed
- Update Social Button style #563 (lbalmaceda)
2.17.1 (2020-01-10)
Fixed
- Bump SDK version and OSS plugin version #560 (lbalmaceda)
2.17.0 (2019-12-26)
Added
- Improve OIDC Compliance and support new Passwordless #558 (lbalmaceda)
Security
- Improve OIDC Compliance and support new Passwordless #558 (lbalmaceda)
2.16.0 (2019-10-24)
Added
- Add hidden extra sign up fields #552 (lbalmaceda)
2.15.0 (2019-07-26)
Added
- Add Root Attributes on sign up or user creation #543 (lbalmaceda)
Changed
- Update username regex to allow special chars #544 (lbalmaceda)
- Use latest Android Gradle plugin version #542 (lbalmaceda)
Fixed
- Fix typo in password reset string #541 (horsejockey)
- Avoid registering multiple broadcast receiver instances #539 (lbalmaceda)
2.14.1 (2019-06-06)
Fixed
- Remove entirely the small social button style #537 (lbalmaceda)
- Define custom email regex to validate emails #534 (lbalmaceda)
2.14.0 (2019-04-30)
From this release on, the option to display social connections in small styled buttons is no longer available due to branding compliance reasons. All the social connections will now be displayed as large styled buttons. Full Changelog
Changed
- Remove "Small" social button style #529 (lbalmaceda)
- Update google-oauth2 strategy logo #528 (lbalmaceda)
2.13.0 (2019-04-17)
Changed
- Use auth0.android 1.15.2 #526 (lbalmaceda)
- Update facebook icon to comply with new branding #525 (lbalmaceda)
2.12.1 (2019-02-22)
Fixed
- Parse 'password_leaked' error message #522 (lbalmaceda)
2.12.0 (2019-01-30)
Changed
- Use latest Auth0.Android SDK #520 (lbalmaceda)
2.11.1 (2018-10-16)
Fixed
- Handle Tab change manually on ModeSelectionView #499 (lbalmaceda)
2.11.0 (2018-10-05)
Added
Fixed
- Use target SDK 28 and latest Auth0 SDK version #484 (lbalmaceda)
2.10.0 (2018-09-14)
Added
- Allow to override the password minimum length #474 (lbalmaceda)
2.9.0 (2018-07-25)
Added
- Allow to disable 'ActiveAuth' on enterprise Connections #471 (lbalmaceda)
2.8.6 (2018-07-20)
Fixed
- Fix CustomTabsController issues #469 (lbalmaceda)
2.8.5 (2018-07-19)
Fixed
- Enable MFA support for OIDC conformant clients #451 (lbalmaceda)
2.8.4 (2018-07-13)
Fixed
- Fix WebAuth issues by updating SDK to 1.13.1 #465 (lbalmaceda)
2.8.3 (2018-03-19)
Fixed
- Disable HTTP 2 protocol #458 (lbalmaceda)
2.8.2 (2018-02-26)
Fixed
- Draw background and borders on programmatically created fields #455 (lbalmaceda)
2.8.1 (2018-02-21)
Changed
- Bump SDK version to 1.12.1 #452 (lbalmaceda)
2.8.0 (2017-10-19)
Full Changelog Closed issues
- Cannot navigate social login buttons using gamepad on Android TV #443
Added
- Add RTL support #445 (lbalmaceda)
Fixed
- Fix ValidatedInputView border color on focus change #446 (lbalmaceda)
- Fix non touchscreen navigation #444 (lbalmaceda)
2.7.0 (2017-07-19)
Changed
- Update lib version to use auth0Scheme placeholder #431 (lbalmaceda)
2.6.0 (2017-07-12)
Full Changelog Closed issues
- NullPointerException in onResume for certain devices #415
Added
- Add Password Toggle enabler/disabler #423 (lbalmaceda)
- Add Hosted Login Page button to the demo. #422 (lbalmaceda)
- Add "show password" button for Password fields. #421 (lbalmaceda)
Changed
- Change activity to context in Lock initialization #416 (skrabacz-michal)
Fixed
- Fix NPE when enabling or disabling Lock interaction #420 (lbalmaceda)
2.5.0 (2017-04-27)
Added
- Add paypal-sandbox support #412 (ziluvatar)
- Send login_hint on enterprise web auth when username/email is available #410 (lbalmaceda)
- Add screens for Lock loading errors #407 (lbalmaceda)
Changed
- Allow to customize the capitalization of messages #408 (lbalmaceda)
2.4.0 (2017-03-06)
Full Changelog Closed issues
- LockBuilder withScope method not working. #397
Added
- Add Passwordless auto login #392 (lbalmaceda)
Changed
- Update auth0.android library to version 1.6.0 #400 (lbalmaceda)
- Remove "invalid client type" user message #391 (lbalmaceda)
Fixed
- Fix setScope to properly send the scope attribute on Auth #399 (lbalmaceda)
- Add loggingEnabled flag to the Auth0 parcel #398 (lbalmaceda)
2.3.0 (2017-01-02)
Added
- Send custom audience on login/signIn if is OIDC conformant #387 (lbalmaceda)
- Include updated Proguard rules in the packaged aar #385 (lbalmaceda)
- Support custom audience for Web Authentication #383 (lbalmaceda)
- Support custom schemes for Web Authentication #382 (lbalmaceda)
- Add option to hide Header Title on the Main screen #381 (lbalmaceda)
Changed
- Update gradle plugins and google dependencies #389 (hzalaz)
- Use Header style and fix Submit button height when label is displayed #388 (lbalmaceda)
Deprecated
- Deprecate useImplicitGrant method #372 (lbalmaceda)
Fixed
- Fix Auth0 parcel that was losing telemetry and OIDC flag #384 (lbalmaceda)
- Fix wrong label setting if login was disabled and pwd reset was first screen #380 (lbalmaceda)
- Don't return to login/signup screen after pwd reset if those screens are disabled #379 (lbalmaceda)
- Add authentication parameters to custom AuthProvider #375 (lbalmaceda)
- Avoid sending authentication parameters on password-reset #373 (lbalmaceda)
Breaking changes
- Use labeled submit button by default and separate signUp/logIn strings #386 (lbalmaceda)
2.2.1 (2016-11-22)
Changed
2.2.0 (2016-11-21)
Added
- Allow to set a custom scope. #368 (lbalmaceda)
Changed
2.1.1 (2016-11-02)
Fixed
- Fix NPE when connection scope is missing #365 (lbalmaceda)
2.1.0 (2016-10-24)
Added
- Support connection_scope for OAuth Connections #361 (lbalmaceda)
- Send LockException if the Theme is invalid #358 (lbalmaceda)
- Add labeled submit button option #352 (lbalmaceda)
Fixed
- Non-empty username validation for custom/imported connections #360 (lbalmaceda)
- Fix Theme load from styles.xml #357 (lbalmaceda)
Breaking changes
- Use browser by default when using WebAuthProvider. #355 (lbalmaceda)
Since Google will be blocking webview OAuth request we switched the default authentication flow for all social connections from WebView to Browser.
Browser authentication requires a little more configuration in your AndroidManifest.xml file.
First make sure LockActivity has singleTask in android:launchMode and then add to it an intent-filter:
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="{YOUR_AUTH0_DOMAIN}"
android:pathPrefix="/android/{YOUR_APP_PACKAGE_NAME}/callback"
android:scheme="https" />
</intent-filter>2.0.0 (2016-09-21)
Changed
- Merge Enterprise and Social login events #347 (lbalmaceda)
- Show button when only one enterprise connection is available #341 (lbalmaceda)
- Filter social strategies by connection name #340 (lbalmaceda)
- Flatten Strategies into Connections #335 (lbalmaceda)
Fixed
- Fix OAuth connection callback for PasswordlessActivity #346 (lbalmaceda)
- Fix non ro-enabled enterprise connections flow. #344 (lbalmaceda)
- Fix wrong telemetry version #342 (lbalmaceda)
Breaking changes
- [Breaking Change] Rename builder methods #350 (lbalmaceda)
- Refactor AuthProviderResolver [Breaking Change]#333 (lbalmaceda)
2.0.0-beta.4 (2016-08-24)
Closed issues
- Lock SSO Username Fails Validation #332
Fixed
- Change username validation for SSO connections #334 (lbalmaceda)
- Check that requested tokens are present on the result. #330 (lbalmaceda)
- Use first available connection name when authenticating with OAuth #320 (lbalmaceda)
Added
- Custom Style for Social Buttons #325 (lbalmaceda)
- Request the user to accept Terms&Policy before Sign Up #319 (lbalmaceda)
- Handle too_many_attempts API error #308 (lbalmaceda)
- Add Service Terms and Privacy Policy dialog #307 (lbalmaceda)
Changed
- Force init lock [Breaking Change]#329 (lbalmaceda)
- Update Auth0 lib version to latest #327 (lbalmaceda)
- Hide Theme configuration on the Builder [Breaking Change]#326 (lbalmaceda)
- Use AuthMode constants when notifying tab change #323 (lbalmaceda)
- Handle wrong Client Type error #321 (lbalmaceda)
- Change SocialButton title when changing the Form mode #317 (lbalmaceda)
- UI Improvements: Bigger buttons/fields #314 (lbalmaceda)
- New Tab design. #313 (lbalmaceda)
- Use pngs instead of vectorial xml files #311 (lbalmaceda)
- Make PKCE enabled by default #310 (lbalmaceda)
- Always pick defaultDbConnection if available #309 (lbalmaceda)
Breaking changes
Lock & PassworlessLock no longer has the method onCreate(Activity) and it's logic is now part of the method Lock.Builder.build(Activity). So to create a Lock instance you will have
Lock lock = Lock.newBuilder(auth0, callback)
//Customize Lock
.build(this);Also now you can create Lock by reading your Auth0 account credentials from a strings file
Lock lock = Lock.newBuilder(callback)
//Customize Lock
.build(this);and he string file should have
<resources>
<string name="com_auth0_client_id">{CLIENT_ID}</string>
<string name="com_auth0_domain">{DOMAIN}</string>
</resources>Lock.Builder no longers allow to customize Lock's theme using the method withTheme(Theme) since using Android themes is preferable.
Also for all non-database authentication will use Proof Key for Code Exchange by default so your client type in Auth0 dashboard must be Native.
2.0.0-beta.3 (2016-07-22)
Added
- Locally Configurable Lock sample app #298 (lbalmaceda
- Password Strength Widget #297 (lbalmaceda
Changed
- Update Proguard rules #305 (lbalmaceda
- Remove Fullscreen feature #302 (lbalmaceda
- Add callback setup on dashboard #300 (lbalmaceda
- Allow to customize Lock's theme programmatically #294 (lbalmaceda
- Remove unused User Profile calls. #293 (lbalmaceda
- Take email input across the forms #292 (lbalmaceda
- Allow up to 3 Social Big Buttons on Passwordless mode #291 (lbalmaceda
- Improve Custom Fields flow and layout #290 (lbalmaceda
- Handle Application without Connections #289 (lbalmaceda
- Draw the header behind the statusBar in Lollipop or greater #288 (lbalmaceda
Fixed
- Fix sign up request not sending the user metadata #303 (lbalmaceda
- Fix TextView extra padding. #296 (lbalmaceda
- Country code selection widget fixes #295 (lbalmaceda
Breaking changes
Lock Builder method
public Builder allowSignIn(boolean allow) {...}was renamed to
public Builder allowLogIn(boolean allow) {...}Also this method (and feature) is no longer supported in Lock
public Builder fullscreen(boolean fullscreen) {...}2.0.0-beta.2 (2016-06-06)
Changed
- Use new version of auth0-java to fix issue with json parsing #286 (lbalmaceda)
- Fix issues with default values of
allow****andinitialScreenoptions #286 (lbalmaceda)
Breaking changes
AuthenticationCallback no longer returns UserProfile, it only returns Credentials object with the tokens of the authenticated user:
private LockCallback callback = new AuthenticationCallback() {
@Override
public void onAuthentication(Credentials credentials) {
//Authenticated
}
@Override
public void onCanceled() {
//User pressed back
}
@Override
public void onError(LockException error)
//Exception occurred
}
};To request the UserProfile, just use AuthenticationAPIClient from auth0-java
@Override
public void onAuthentication(Credentials credentials) {
AuthenticationAPIClient client = new AuthenticationAPIClient(new Auth0("YOUR_CLIENT_ID", "YOUR_DOMAIN"));
client.tokenInfo(credentials.idToken)
.start(new BaseCallback<UserProfile>() {
@Override
public void onSuccess(UserProfile payload) { }
@Override
public void onFailure(Auth0Exception error) { }
});
}2.0.0-beta.1 (2016-06-03)
First beta release of Lock for Android v2
Now Lock for Android requires these permisssions
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />and this is how LockActivity should be declared in your Android Manifest
<activity
android:name="com.auth0.android.lock.LockActivity"
android:label="@string/app_name"
android:launchMode="singleTask"
android:screenOrientation="portrait"
android:theme="@style/Lock.Theme">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="YOUR_AUTH0_DOMAIN"
android:pathPrefix="/android/YOUR_APP_PACKAGE_NAME/callback"
android:scheme="https" />
</intent-filter>
</activity>In the previous version of Lock, you were asked to create a custom Application class and initialize the Lock.Context there. Now this is no longer needed. To create a new Lock instance and configure it, use the Lock.Builder class.
Create an Auth0 instance to hold your account details, which are the AUTH0_CLIENT_ID and the AUTH0_DOMAIN.
Auth0 auth0 = new Auth0("YOUR_AUTH0_CLIENT_ID", "YOUR_AUTH0_DOMAIN");You'll also need a LockCallback implementation, we provide AuthenticationCallback that reports the following events:
- onAuthentication: User successfuly authenticated
- onError: An unrecoverable error ocurred during authentication
- onCanceled: User pressed back (if closable is true)
If you need a more fine grained control you can implement
LockCallbackfull interface.
private LockCallback callback = new AuthenticationCallback() {
@Override
public void onAuthentication(Authentication authentication) {
//Authenticated
}
@Override
public void onCanceled() {
//User pressed back
}
@Override
public void onError(LockException error)
//Exception occurred
}
};Call the static method Lock.newBuilder(Auth0, AuthenticationCallback) passing the account details and the callback implementation, and start configuring the Options. After you're done, build the Lock instance and use it to start the LockActivity.
This is how your activity should look like.
public class MainActivity extends Activity {
private Lock lock;
@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
Auth0 auth0 = new Auth0(AUTH0_CLIENT_ID, AUTH0_DOMAIN);
lock = Lock.newBuilder(auth0, callback)
// ... Options
.build();
lock.onCreate(this);
}
@Override
public void onDestroy() {
lock.onDestroy(this);
super.onDestroy();
}
private void performLogin(boolean useBrowser) {
startActivity(lock.newIntent(this));
}
private LockCallback callback = new AuthenticationCallback() {
@Override
public void onAuthentication(Authentication authentication) {
//Authenticated
}
@Override
public void onCanceled() {
//User pressed back
}
@Override
public void onError(LockException error) {
//Exception occurred
}
};
}Remember to notify the
LockActivityon everyOnCreateandOnDestroycall on your Activity, as it helps to keep the Lock state.
As in the previous version, Lock can be configured with extra options. Check below if the behavior changed or if they only got renamed.
- shouldUseEmail: Renamed to
withUsernameStyle. Defines if it should ask for email only, username only, or both of them. By default, it'll respect the Dashboard configuration of the parameterrequires_username. - isClosable: Renamed to
closable. Defines if the LockActivity can be closed. By default, it's not closable. - setFullscreen: Renamed to
fullscreen. Defines if the LockActivity it's displayed in fullscreen. By default, it's not fullscreen. - shouldLoginAfterSignUp: Renamed to
loginAfterSignUp. Whether after a SignUp the user should be logged in automatically. - disableSignupAction: Renamed to
allowSignUp. Shows the Sign Up form if a Database connection is configured. - disableResetAction: Renamed to
allowForgotPassword. Shows a link to the Forgot Password form if a Database connection is configured and it's allowed from the Dashboard. - defaultUserPasswordConnection: Renamed to
setDefaultDatabaseConnection. Defines which will be the default Database connection. This is useful if your application has many Database connections configured. - setConnections: Renamed to
onlyUseConnections. Filters the allowed connections from the list configured in the Dashboard.. - setAuthenticationParameters: Renamed to
withAuthenticationParameters. Defines extra authentication parameters, sent on sign up and log in/sign in.
initialScreen(int)allows to customize which form will show first when launching Lock. The possibles values are LOG_IN, SIGN_UP, and FORGOT_PASSWORD. By default LOG_IN is the initial screen.allowLogIn(boolean)shows the Log In form if a Database connection is configured. By default, this screen it's enabled.allowSignUp(boolean)shows the Sign Up form if a Database connection is configured. By default, this screen it's enabled.allowForgotPassword(boolean)shows the Forgot Password form if a Database connection is configured. By default, this screen it's enabled.withSignUpFields(List<CustomFields>)shows a second screen with extra fields after completing the sign up fields.withProviderResolver(AuthProviderResolver)pass your own AuthProviderResolver instance to query for AuthProviders.withSocialButtonStyle(int)allows to customize the Style of the Social buttons. Possible values are SMALL and BIG. If this is not specified, it will default to SMALL when many Social and Db/Enterprise connections are configured; and BIG on the rest of the cases.usePKCE(boolean)whether to use the new PKCE flow or the old Token exchange one when authenticating. By default, it won't use PKCE.