Skip to content

Releases: ForgeRock/forgerock-android-sdk

4.7.0 Release

10 Feb 22:12
@spetrov spetrov
4.7.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
46841d2
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.7.0 Release Latest
Latest

ForgeRock Android SDK 4.6.0 Release

Added

  • A fallback mechanism that uses an asymmetric key if symmetric key generation in the Android Keystore fails [SDKS-3467]
  • Support for Self-Service [SDKS-3408]
  • Support for Sign-out with ID Token in the PingOne Platform [SDKS-3423]

Fixed

  • Prevent duplicate PUSH notifications in the Authenticator module [SDKS-3533]
  • Fixed an issue where, in some cases, a user's session was not invalidated upon re-authentication [SDKS-3772]
Assets 2
Loading

4.6.0 Release

10 Oct 21:34
@spetrov spetrov
4.6.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
797e1bb
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.6.0 Release

ForgeRock Android SDK 4.6.0 Release

Added

  • Support for Android 15. [SDKS-3098]
  • Interface allowing developers to customize how the SDK stores tokens and data. [SDKS-3378]
  • Support of http/https scheme for centralize login redirect. [SDKS-3433]
  • Support for the PingOne Protect Marketplace nodes. [SDKS-3297]
  • Client-side support for the upcoming ReCaptchaEnterpriseCallback callback. [SDKS-2499]
  • Exposed the realm and success URL values within SSOToken. [SDKS-3351]

Fixed

  • Potential ServiceConnection leaks in CustomTabManager. [SDKS-3346]
  • Updated the SDK to ignore type 4 TextOutputCallback callbacks, as these may contain JavaScript that Android cannot execute. [SDKS-3227]
  • Fixed an issue where upon force refresh the access_token api call was triggered twice. [SDKS-3254]
Loading

4.5.0 Release

26 Jun 23:54
@spetrov spetrov
4.5.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
8cfe3d0
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.5.0 Release

ForgeRock Android SDK 4.5.0 Release

Added

  • Added SDK support for deleting registered WebAuthn devices from the server. [SDKS-1710]
  • Added support for signing off from PingOne to the centralized login flow. [SDKS-3020]
  • Added the ability to dynamically configure the SDK by collecting values from the server's OpenID Connect .well-known endpoint. [SDKS-3022]

Fixed

  • Resolved security vulnerability warnings related to the commons-io-2.6.jar and bcprov-jdk15on-1.68.jar libraries. [SDKS-3072, SDKS-3073]
  • Fixed a NullPointerException in the centralized login flow. [SDKS-3079]
  • Improved multi-threaded performance when caching access tokens. [SDKS-3104]
  • Synchronized the encryption and decryption block to avoid keystore crashes. [SDKS-3199]
  • Fixed an issue related to handling HiddenValueCallback if isMinifyEnabled is set to true. [SDKS-3201]
  • Fixed an issue where device binding using an application PIN was failing when Arabic language was used. [SDKS-3221]
  • Fixed an issue where browser sessions were not properly signed out when a non-default browser was used in centralized login. [SDKS-3276]
  • Fixed an unexpected behavior in the authentication flow caused by AppAuthConfiguration settings being ignored during centralized login. [SDKS-3277]
  • Fixed the FRUser.revokeAccessToken() method to not end the user's session during the centralized login flow. [SDKS-3282]
Loading

4.4.0 Release

02 Apr 17:30
@spetrov spetrov
4.4.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
44b2561
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.4.0 Release

ForgeRock Android SDK 4.4.0 Release

Added

  • Added support for the TextInput callback. [SDKS-545]
  • Added a new module for future integration with PingOne Protect. [SDKS-2900]
  • Added an interface for customizing the biometric UI prompts when device binding or signing. [SDKS-2991]
  • Added x-requested-with: forgerock-sdk and x-requested-platform: android immutable HTTP headers to each outgoing request. [SDKS-3033]

Fixed

  • Addressed a NullPointerException during centralized login by using ActivityResultContract in place of the deprecated onActivityResult method. [SDKS-3079]
  • Addressed nimbus-jose-jwt:9.25 library security vulnerability (CVE-2023-52428). [SDKS-2988]
Loading

4.3.1 Release

12 Feb 23:42
@spetrov spetrov
4.3.1
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
7d4b16c
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.3.1 Release

ForgeRock Android SDK 4.3.1 Release

Fixed

  • Fixed an issue where the SDK was crashing during device binding on Android 9 devices [SDKS-2948]
Loading

4.3.0 Release

28 Dec 17:07
@spetrov spetrov
4.3.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
784c3c2
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.3.0 Release

ForgeRock Android SDK 4.3.0 Release

Added

  • Added the ability to customize cookie headers in outgoing requests from the SDK [SDKS-2780]
  • Added the ability to insert custom claims when performing device signing verification [SDKS-2787]
  • Added client-side support for the AppIntegrity callback [SDKS-2631]

Fixed

  • The SDK now uses auth-per-use keys for Device Binding [SDKS-2797]
  • Improved handling of WebAuthn cancellations [SDKS-2819]
  • Made forgerock_url, forgerock_realm, and forgerock_cookie_name params mandatory when dynamically configuring the SDK [SDKS-2782]
  • Addressed woodstox-core:6.2.4 library security vulnerability (CVE-2022-40152) [SDKS-2751]
Loading

4.2.0 Release

04 Oct 00:35
@spetrov spetrov
4.2.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
9f47716
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.2.0 Release

ForgeRock Android SDK 4.2.0 Release

Added

  • Gradle 8 and JDK 17 support [SDKS-2451]
  • Android 14 support [SDKS-2636]
  • Key pair verification with key attestation during device binding enrollment [SDKS-2412]
  • Added iat and nbf claims in the Device Binding and Device Signed JWT [SDKS-2747]
Loading

4.1.0 Release

01 Aug 18:25
@spetrov spetrov
4.1.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
cc9c81c
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.1.0 Release

ForgeRock Android SDK 4.1.0 Release

Added

Interceptor support for the Authenticator module [SDKS-2544]
Interface for access_token refresh [SDKS-2567]
Ability to process new JSON format of IG policy advice [SDKS-2240]

Fixed

Fixed an issue on parsing issuer from combined MFA registration uri [SDKS-2542]
Added error message about duplicated accounts while performing combined MFA registration [SDKS-2627]
Fixed an issue related to "lost" WebAuthn credentials upon upgrade from 4.0.0-beta4 to newer version [SDKS-2576]

Loading

4.0.0 Release

29 May 18:57
@spetrov spetrov
4.0.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
2049a2a
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0 Release

ForgeRock Android SDK 4.0.0 Release

Added

  • Upgrade Google Fido Client to support PassKey [SDKS-2243]
  • FRWebAuthn interface to remove WebAuthn Reference Keys [SDKS-2272]
  • Interface to set Device Name during WebAuthn Registration [SDKS-2296]
  • DeviceBinding callback support [SDKS-1747]
  • DeviceSigningVerifier callback support [SDKS-2022]
  • Support for combined MFA in the Authenticator SDK [SDKS-1972]
  • Support for policy enforcement in the Authenticator SDK [SDKS-2166]

Fixed

  • Fix for WebAuthn authentication for devices which use full-screen biometric prompt [SDKS-2340]
  • Fixed functionality for NetworkCollector [SDKS-2445]

Changed

  • public void WebAuthnRegistrationCallback.register(Node node,FRListener<Void> listener) to suspend fun register(context: Context, node: Node)
  • public void WebAuthAuthenticationCallback.authenticate(@NonNull Fragment fragment, @NonNull Node node, @Nullable WebAuthnKeySelector selector, FRListener<Void> listener) to suspend fun authenticate(context: Context, node: Node, selector: WebAuthnKeySelector = WebAuthnKeySelector.DEFAULT)
  • FRAClient.updateAccount now throws AccountLockException upon attempt to update a locked account [SDKS-2166]
  • OathMechanism.getOathTokenCode(), HOTPMechanism.getOathTokenCode() and TOTPMechanism.getOathTokenCode() now throws AccountLockException upon attempt to get an OATH token for a locked account [SDKS-2166]

Deprecated

  • Removed support for native single sign-on (SSO) [SDKS-2260], [SDKS-1367]
Loading

3.4.0 Release

29 Sep 18:31
@spetrov spetrov
3.4.0
This tag was signed with the committer’s verified signature.
spetrov Stoyan Petrov
GPG key ID: C9FBA86125CAB1E8
Verified
Learn about vigilant mode.
aa8b9b1
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.4.0 Release

ForgeRock Android SDK 3.4.0 Release

Added

  • Dynamic SDK Configuration [SDKS-1759]
  • Android 13 support. [SDKS-1944]

Fixed

  • Changed Activity type used as parameter in PushNotification.accept. [SDKS-1968]
  • Deserializing an object with whitelist to prevent deserialization of untrusted data. [SDKS-1818]
  • Updated the Authenticator module and sample app to handle the new POST_NOTIFICATIONS permission in Android 13. [SDKS-2033]
  • Fixed an issue where the DefaultTokenManager was not caching the AccessToken in memory upon retrieval from Shared Preferences. [SDKS-2066]
  • Deprecated the forgerock_enable_cookie configuration [SDKS-2069]
  • Align forgerock_logout_endpoint configuration name with the ForgeRock iOS SDK [SDKS-2085]
  • Allow leading slash on custom endpoint path [SDKS-2074]
  • Fixed bug where the state parameter value was not being verified upon calling the Authorize endpoint [SDKS-2078]
Loading