Support for OkHttp 4.3.x

[MorrisonCole]

Currently, the library depends on 3.9.1. It's old enough that it's causing a dependency issue in my project, and I'd rather use a version from the latest major release.

Indeed, the OkHttp documentation states that:

We highly recommend you keep OkHttp up-to-date. As with auto-updating web browsers, staying current with HTTPS clients is an important defense against potential security problems.

(*Source).

We should upgrade to 4.3.x! 🚀

[lbalmaceda]

Thanks for the heads-up! Probably not something we will do until the next major. There are no plans for one yet. But, definitely good to keep in mind.
I'll close this issue as we won't be actioning it.

[swankjesse]

You should upgrade OkHttp sooner. Staying with an old OkHttp is like staying with an old version of OpenSSL or Chrome: it's a security hazard!

Here's SSL configuration changes since that release.
https://square.github.io/okhttp/tls_configuration_history/

Note that OkHttp 3.13 bumped the minimum platform to Java 8 or Android 5. These are the earliest platforms to support TLS 1.2.

[MorrisonCole]

You should upgrade OkHttp sooner. Staying with an old OkHttp is like staying with an old version of OpenSSL or Chrome: it's a security hazard!

Yes, and 3.9.1 appears to be around 810 days old! I'd expect security to be a concern motivating the release of new Auth0 SDKs 😅