- Added the ability to customize cookie headers in outgoing requests from the SDK [SDKS-2780]
- Added the ability to insert custom claims when performing device signing verification [SDKS-2787]
- Added client-side support for the
AppIntegritycallback [SDKS-2631]
- The SDK now uses
auth-per-usekeys for Device Binding [SDKS-2797] - Improved handling of WebAuthn cancellations [SDKS-2819]
- Made
forgerock_url,forgerock_realm, andforgerock_cookie_nameparams mandatory when dynamically configuring the SDK [SDKS-2782] - Addressed
woodstox-core:6.2.4library security vulnerability (CVE-2022-40152) [SDKS-2751]
- Gradle 8 and JDK 17 support [SDKS-2451]
- Android 14 support [SDKS-2636]
- Key pair verification with key attestation during device binding enrollment [SDKS-2412]
- Added
iatandnbfclaims in the Device Binding and Device Signed JWT [SDKS-2747]
- Interceptor support for the Authenticator module [SDKS-2544]
- Interface for access_token refresh [SDKS-2567]
- Ability to process new JSON format of IG policy advice [SDKS-2240]
- Fixed an issue on parsing
issuerfrom combined MFA registration uri [SDKS-2542] - Added error message about duplicated accounts while performing combined MFA registration [SDKS-2627]
- Fixed an issue related to "lost" WebAuthn credentials upon upgrade from 4.0.0-beta4 to newer version [SDKS-2576]
- Upgrade Google Fido Client to support PassKey [SDKS-2243]
- FRWebAuthn interface to remove WebAuthn Reference Keys [SDKS-2272]
- Interface to set Device Name during WebAuthn Registration [SDKS-2296]
DeviceBindingcallback support [SDKS-1747]DeviceSigningVerifiercallback support [SDKS-2022]- Support for combined MFA in the Authenticator SDK [SDKS-2166]
- Support for policy enforcement in the Authenticator SDK [SDKS-2166]
- Fix for WebAuthn authentication for devices which use full screen biometric prompt [SDKS-2340]
- Fixed functionality for NetworkCollector [SDKS-2445]
public void WebAuthnRegistrationCallback.register(Node node,FRListener<Void> listener)tosuspend fun register(context: Context, node: Node)public void WebAuthAuthenticationCallback.authenticate(@NonNull Fragment fragment, @NonNull Node node, @Nullable WebAuthnKeySelector selector, FRListener<Void> listener)tosuspend fun authenticate(context: Context, node: Node, selector: WebAuthnKeySelector = WebAuthnKeySelector.DEFAULT)FRAClient.updateAccountnow throwsAccountLockExceptionupon attempt to update a locked account [SDKS-2166]OathMechanism.getOathTokenCode(),HOTPMechanism.getOathTokenCode()andTOTPMechanism.getOathTokenCode()now throwsAccountLockExceptionupon attempt to get an OATH token for a locked account [SDKS-2166]
- Removed support for native single sign-on (SSO) [SDKS-2260], [SDKS-1367]
- Dynamic SDK Configuration [SDKS-1759]
- Android 13 support. [SDKS-1944]
- Changed Activity type used as parameter in
PushNotification.accept. [SDKS-1968] - Deserializing an object with whitelist to prevent deserialization of untrusted data. [SDKS-1818]
- Updated the
Authenticatormodule and sample app to handle the newPOST_NOTIFICATIONSpermission in Android 13. [SDKS-2033] - Fixed issue where the
DefaultTokenManagerwas not caching theAccessTokenin memory upon retrieval from Shared Preferences. [SDKS-2066] - Deprecated the
forgerock_enable_cookieconfiguration [SDKS-2069] - Align
forgerock_logout_endpointconfiguration name with the ForgeRock iOS SDK [SDKS-2085] - Allow leading slash on custom endpoint path [SDKS-2074]
- Fixed bug where
stateparameter value was not being verified upon calling theAuthorizeendpoint [SDKS-2078]
- Bumped the version of the com.squareup.okhttp3 library to 4.10.0 [SDKS-1957]
- Interface for log management [SDKS-1864]
- Support SSL Pinning [SDKS-80]
- Restore SSO Token when it is out of sync with the SSO Token that bound with the Access Token [SDKS-1664]
- SSO Token should be included in the header instead of request parameter for /authorize endpoint [SDKS-1670]
- Support to broadcast logout event to clear application tokens when user logout the app [SDKS-1663]
- Obtain timestamp from new PushNotification payload [SDKS-1666]
- Add new payload attributes to the PushNotification [SDKS-1776]
- Allow processing of Push Notifications without device token [SDKS-1844]
- Dispose AuthorizationService when no longer required [SDKS-1636]
- Authenticator sample app crash after scan push mechanism [SDKS-1454]
- Google Sign-In Security Enhancement [SDKS-1255]
- WebAuthn Registration & Authentication prompt not shown on second invocation on Single Activity App [SDKS-1297]
- AbstractValidatedCallback is not serializable [SDKS-1486]
- Provide Build-in Binary Protection to avoid Memory Corruption Attack [SDKS-1368]
- Disable native SSO if failed to access Android AccountManager [SDKS-1304]
- Introduce
FRLifecycleand exposed interfaces to allow custom Native SSO implementation. [SDKS-1140] - Unlock device is not required for data decryption. [SDKS-1141]
- Support Android 12. [SDKS-1141]
- Social Login support for Google and Facebook
- Biometric Authentication with WebAuthn
- Exposed Revoke access token method [SDKS-980] - 'FRUser.getCurrentUser().revokeAccessToken(Listener)'
- Support Apple SignIn
- Remove deprecated methods (Config.getInstance(Context), FRAuth Builder, FRUserViewModel)
- Centralize Login (
AppAuthIntegration) [SDKS-330]
- Refresh Token is not persisted when refresh_token grant is not issuing new Refresh Token [SDKS-649]
- org.forgerock.android.auth.FRUser.getAccessToken() clean up tokens in the following conditions: [SDKS-701] -- When Refresh Token Grant Types is used, Server returns invalid_grant (Refresh Token expired), and failed to acquire OAuth2 Tokens with Session Token -- When Refresh Token Grant Types is not used, and failed to acquire OAuth2 Tokens with Session Token
- Properly cache and reuse OKHttpClient [SDKS-770]
- Fix HostOnly Cookie handling [SDKS-808]
- Support NumberAttributeInputCallback [SDKS-495]
- Support BooleanAttributeInputCallback [SDKS-497]
- Access to the Page Node's header and description property [SDKS-518]
- Support Email Suspend Node [SDKS-505]
- Security Enhancement for Android 28+ Device [SDKS-571]
Set Persistent Cookie Nodeis now supported to persist and manage Cookie [SDKS-182]Device Profile Collector Nodeis now supported [SDKS-293]MetadataCallbackis now supported. For AM 6.5.2, whenMetadataCallbackis returned with stage value, SDK automatically parsesMetadataCallbackinto Node's stage property. Please refer this blog post for more details. [SDKS-305]- Allow server url paths to be configurable, Custom URL paths can be configured through
String.xmlorServerConfig[SDKS-307] - Support
Authentication by ServerandTransaction Authenticate to Treein Policy Environment. [SDKS-88] - Interface alignment with other platforms and introduce FRSession to authenticate against Authentication Tree in AM, persist and manage Session Token [SDKS-177]
- Allow developers to customize SDK outbound request, for example customize url to provide query parameters or adding/removing headers [SDKS-308]
- Allow developers to configure the cookie name [SDKS-364]
- New
forgerock-authenticatormodule added to the SDK. This module allows developers to easily incorporate One-Time Password and Push Authentication capabilities in their apps [SDKS-225]
FRUser.login&FRUser.registernow throwsAlreadyAuthenticatedExceptionwhen there is already authenticated user sessions [SDKS-177]- When Session Token is updated through
FRSession.authenticateorFRUser.login, previously granted OAuth2 token set will automatically be revoked. [SDKS-177] - Rename device browser
agentattribute touserAgentforFRDevice[SDKS-371]
- Fix Instrument Test. [SDKS-162]
- Fix Refresh of Access Token with Threshold not working consistently. [SDKS-476]
FRAuth.next()is now deprecated, useFRSession.authenticateinstead [SDKS-177]
- General Availability release for SDKs
- Changed OAuth2 authorization request to POST [SDKS-125]
- Store SSO token even SSO is disabled [SDKS-166]
- Initial release for forgerock-auth sdk
- Initial release for forgerock-auth-ui sdk