|
| 1 | +# Migration Guide |
| 2 | +This guide will help you migrate Lock.Android from version v2.x.x to version v3.x.x. |
| 3 | + |
| 4 | +## About this release |
| 5 | +The new version makes use of the latest Auth0.Android SDK, bringing improvements like: |
| 6 | + - Open ID Connect compliant practices. |
| 7 | + - ID token verification for Web Authentication flows. |
| 8 | + - A new customizable networking stack. |
| 9 | + |
| 10 | + Some of these features were already available but only enforced when the "OIDC" flag was explicitly enabled. |
| 11 | + |
| 12 | +## New requirements |
| 13 | +Using the latest core SDK comes with new constraints. Your android application will need to: |
| 14 | +- Require a minimum Android version of 21 and above. |
| 15 | +- Target Java version 8 and above. |
| 16 | + |
| 17 | +Here’s what you need in build.gradle to target Java 8 byte code for Android and Kotlin plugins respectively. |
| 18 | + |
| 19 | +```groovy |
| 20 | +android { |
| 21 | + compileOptions { |
| 22 | + sourceCompatibility JavaVersion.VERSION_1_8 |
| 23 | + targetCompatibility JavaVersion.VERSION_1_8 |
| 24 | + } |
| 25 | +
|
| 26 | + kotlinOptions { |
| 27 | + jvmTarget = '1.8' |
| 28 | + } |
| 29 | +} |
| 30 | +``` |
| 31 | + |
| 32 | +## Changes to the Public API |
| 33 | +As part of removing legacy APIs or authentication flows no longer recommended for mobile clients, the following features are no longer available: |
| 34 | + |
| 35 | +- Web Authentication flow using a WebView component instead of an external Browser. Please refer to [this blog post](https://auth0.com/blog/google-blocks-oauth-requests-from-embedded-browsers/) for additional information. |
| 36 | +- Web Authentication flow using a response type other than "code". |
| 37 | +- Authentication API methods categorized as Legacy in the [API docs](https://auth0.com/docs/api/authentication). |
| 38 | + |
| 39 | +Continue reading for the detail of classes and methods that were impacted. |
| 40 | + |
| 41 | +### Removed classes |
| 42 | +- `VoidCallback` is no longer available. Please, use `Callback<Void, AuthenticationException>` instead. |
| 43 | + |
| 44 | +### Removed methods |
| 45 | + |
| 46 | +#### From class `Lock.Builder` |
| 47 | +- Removed `public Builder useBrowser(boolean)`. The library will always use a third party browser app instead of a Web View to authenticate. No replacement is available. |
| 48 | +- Removed `public Builder useImplicitGrant(boolean)`. The library will always use the "Proof Key for Code Exchange" (PKCE) flow. Your application must be configured with the type "Native" and the "OIDC Conformant" switch ON. No replacement is available. |
| 49 | +- Removed `public Builder withAuthButtonSize(int)`. Social buttons will always have a "large button" style. No replacement is available. |
| 50 | + |
| 51 | +#### From class `PasswordlessLock.Builder` |
| 52 | +- Removed `public Builder useBrowser(boolean)`. The library will always use a third party browser app instead of a Web View to authenticate. No replacement is available. |
| 53 | +- Removed `public Builder useImplicitGrant(boolean)`. The library will always use the "Proof Key for Code Exchange" (PKCE) flow. Your application must be configured with the type "Native" and the "OIDC Conformant" switch ON. No replacement is available. |
| 54 | +- Removed `public Builder withAuthButtonSize(int)`. Social buttons will always have a "large button" style. No replacement is available. |
| 55 | + |
| 56 | +#### From `Auth0` class |
| 57 | +- Removed `setOIDCConformant(boolean)`. The library will only use Open ID Connect compliant flows from now on, this cannot be turned off. |
| 58 | +- Removed `setLoggingEnabled(boolean)`. The ability to turn on the networking logs has been removed. If you need to inspect the traffic, take a look at the [Network Profiler](https://developer.android.com/studio/profile/network-profiler) tool. |
| 59 | + |
| 60 | +### Changed methods |
| 61 | + |
| 62 | +#### From cass `Lock.Builder` |
| 63 | +- Changed `public Builder withAuthenticationParameters(@NonNull Map<String, Object> authenticationParameters)` to `public Builder withAuthenticationParameters(@NonNull Map<String, String> authenticationParameters)`. Request parameters must be specified as String key/values. |
| 64 | + |
| 65 | +#### From cass `PasswordlessLock.Builder` |
| 66 | +- Changed `public Builder withAuthenticationParameters(@NonNull Map<String, Object> authenticationParameters)` to `public Builder withAuthenticationParameters(@NonNull Map<String, String> authenticationParameters)`. Request parameters must be specified as String key/values. |
| 67 | + |
| 68 | +### Changes to the underlying SDK |
| 69 | + |
| 70 | +The core SDK has been updated to the version 2+. Since this is exposed as an API scoped dependency, if you were using any of the classes or methods that changed in the new major release (e.g. the `WebAuthProvider` class), you might need to update your code. Follow the [Auth0.Android Migration Guide](https://github.com/auth0/Auth0.Android/blob/main/V2_MIGRATION_GUIDE.md) to assess the impact. |
0 commit comments