Lock.Android

Full Changelog

Changed

• Use auth0.android 1.15.2 #526 (lbalmaceda)
• Update facebook icon to comply with new branding #525 (lbalmaceda)

Full Changelog

Changed

• Update auth0.android to fix scope issue #370 (hzalaz)

Full Changelog

Added

• Send custom audience on login/signIn if is OIDC conformant #387 (lbalmaceda)
• Include updated Proguard rules in the packaged aar #385 (lbalmaceda)
• Support custom audience for Web Authentication #383 (lbalmaceda)
• Support custom schemes for Web Authentication #382 (lbalmaceda)
• Add option to hide Header Title on the Main screen #381 (lbalmaceda)

Changed

• Update gradle plugins and google dependencies #389 (hzalaz)
• Use Header style and fix Submit button height when label is displayed #388 (lbalmaceda)

Deprecated

• Deprecate useImplicitGrant method #372 (lbalmaceda)

Fixed

• Fix Auth0 parcel that was losing telemetry and OIDC flag #384 (lbalmaceda)
• Fix wrong label setting if login was disabled and pwd reset was first screen #380 (lbalmaceda)
• Don't return to login/signup screen after pwd reset if those screens are disabled #379 (lbalmaceda)
• Add authentication parameters to custom AuthProvider #375 (lbalmaceda)
• Avoid sending authentication parameters on password-reset #373 (lbalmaceda)

Breaking changes

• Use labeled submit button by default and separate signUp/logIn strings #386 (lbalmaceda)

Full Changelog

Added

• Allow to set a custom scope. #368 (lbalmaceda)

Changed

• Update to auth0.android 1.1.1 #369 (hzalaz)

Full Changelog

Fixed

• Fix NPE when connection scope is missing #365 (lbalmaceda)

Full Changelog

Added

• Support connection_scope for OAuth Connections #361 (lbalmaceda)
• Send LockException if the Theme is invalid #358 (lbalmaceda)
• Add labeled submit button option #352 (lbalmaceda)

Fixed

• Non-empty username validation for custom/imported connections #360 (lbalmaceda)
• Fix Theme load from styles.xml #357 (lbalmaceda)

Breaking changes

• Use browser by default when using WebAuthProvider. #355 (lbalmaceda)

Since Google will be blocking webview OAuth request we switched the default authentication flow for all social connections from WebView to Browser.
Browser authentication requires a little more configuration in your AndroidManifest.xml file.
First make sure LockActivity has singleTask in android:launchMode and then add to it an intent-filter:

<intent-filter>
  <action android:name="android.intent.action.VIEW" />

  <category android:name="android.intent.category.DEFAULT" />
  <category android:name="android.intent.category.BROWSABLE" />

  <data
    android:host="{YOUR_AUTH0_DOMAIN}"
    android:pathPrefix="/android/{YOUR_APP_PACKAGE_NAME}/callback"
    android:scheme="https" />
</intent-filter>

Full Changelog

Changed

• Merge Enterprise and Social login events #347 (lbalmaceda)
• Show button when only one enterprise connection is available #341 (lbalmaceda)
• Filter social strategies by connection name #340 (lbalmaceda)
• Flatten Strategies into Connections #335 (lbalmaceda)

Fixed

• Fix OAuth connection callback for PasswordlessActivity #346 (lbalmaceda)
• Fix non ro-enabled enterprise connections flow. #344 (lbalmaceda)
• Fix wrong telemetry version #342 (lbalmaceda)

Breaking changes

• [Breaking Change] Rename builder methods #350 (lbalmaceda)
• Refactor AuthProviderResolver [Breaking Change] #333 (lbalmaceda)

Full Changelog

Added

• [v1] Add username length validation using client values #349 (lbalmaceda)

Full Changelog

Issues fixed:

• IllegalStateException in GoogleIdentityProvider.onPermissionsRequireExplanation #331

Changed:

• Scale down bitbucket icon #338 (hzalaz)
• Fix crash after permissions are denied in Android 23 #337 (hzalaz)

Full Changelog

Closed issues

• Lock SSO Username Fails Validation #332

Fixed

• Change username validation for SSO connections #334 (lbalmaceda)
• Check that requested tokens are present on the result. #330 (lbalmaceda)
• Use first available connection name when authenticating with OAuth #320 (lbalmaceda)

Added

• Custom Style for Social Buttons #325 (lbalmaceda)
• Request the user to accept Terms&Policy before Sign Up #319 (lbalmaceda)
• Handle too_many_attempts API error #308 (lbalmaceda)
• Add Service Terms and Privacy Policy dialog #307 (lbalmaceda)

Changed

• Force init lock [Breaking Change] #329 (lbalmaceda)
• Update Auth0 lib version to latest #327 (lbalmaceda)
• Hide Theme configuration on the Builder [Breaking Change] #326 (lbalmaceda)
• Use AuthMode constants when notifying tab change #323 (lbalmaceda)
• Handle wrong Client Type error #321 (lbalmaceda)
• Change SocialButton title when changing the Form mode #317 (lbalmaceda)
• UI Improvements: Bigger buttons/fields #314 (lbalmaceda)
• New Tab design. #313 (lbalmaceda)
• Use pngs instead of vectorial xml files #311 (lbalmaceda)
• Make PKCE enabled by default #310 (lbalmaceda)
• Always pick defaultDbConnection if available #309 (lbalmaceda)

Breaking changes

Lock & PassworlessLock no longer has the method onCreate(Activity) and it's logic is now part of the method Lock.Builder.build(Activity). So to create a Lock instance you will have

Lock lock = Lock.newBuilder(auth0, callback)
      //Customize Lock
      .build(this);

Also now you can create Lock by reading your Auth0 account credentials from a strings file

Lock lock = Lock.newBuilder(callback)
      //Customize Lock
      .build(this);

and he string file should have

 <resources>
    <string name="com_auth0_client_id">{CLIENT_ID}</string>
    <string name="com_auth0_domain">{DOMAIN}</string>
</resources>

Lock.Builder no longers allow to customize Lock's theme using the method withTheme(Theme) since using Android themes is preferable.

Also for all non-database authentication will use Proof Key for Code Exchange by default so your client type in Auth0 dashboard must be Native.

Full Changelog

Added

• Locally Configurable Lock sample app #298 (lbalmaceda
• Password Strength Widget #297 (lbalmaceda

Changed

• Update Proguard rules #305 (lbalmaceda
• Remove Fullscreen feature #302 (lbalmaceda
• Add callback setup on dashboard #300 (lbalmaceda
• Allow to customize Lock's theme programmatically #294 (lbalmaceda
• Remove unused User Profile calls. #293 (lbalmaceda
• Take email input across the forms #292 (lbalmaceda
• Allow up to 3 Social Big Buttons on Passwordless mode #291 (lbalmaceda
• Improve Custom Fields flow and layout #290 (lbalmaceda
• Handle Application without Connections #289 (lbalmaceda
• Draw the header behind the statusBar in Lollipop or greater #288 (lbalmaceda

Fixed

• Fix sign up request not sending the user metadata #303 (lbalmaceda
• Fix TextView extra padding. #296 (lbalmaceda
• Country code selection widget fixes #295 (lbalmaceda

Breaking changes

Lock Builder method

public Builder allowSignIn(boolean allow) {...}

was renamed to

public Builder allowLogIn(boolean allow) {...}

Also this method (and feature) is no longer supported in Lock

public Builder fullscreen(boolean fullscreen) {...}

Full Changelog

Merged pull requests:

• Send Accept-Language Header #312 (lbalmaceda)
• Add Dropbox and Bitbucket social connections #316 (lbalmaceda)
• Allow to cancel requests #318 (lbalmaceda)

Full Changelog

Full Changelog

Merged pull requests:

• Add mention and link to magic-link docs #259 (nikolaseu)
• Active MFA support #261 (lbalmaceda)

Full Changelog

Merged pull requests:

• Add OAuth2 callback #241 (hzalaz)
• WebIdentityProvider for OAuth2 flow #240 (hzalaz)
• Use PKCE on calls to /authorize #238 (lbalmaceda)

Full Changelog

Fixed bugs:

• Fix UserIdentity properties #232
• DB Signup with more than one connection fails #217

Merged pull requests:

• Rework telemetry logic #235 (hzalaz)
• Handle required and optional attribute for UserIdentity #234 (hzalaz)

Full Changelog

Changed

• Use new version of auth0-java to fix issue with json parsing #286 (lbalmaceda)
• Fix issues with default values of allow**** and initialScreen options #286 (lbalmaceda)

Breaking changes

AuthenticationCallback no longer returns UserProfile, it only returns Credentials object with the tokens of the authenticated user:

private LockCallback callback = new AuthenticationCallback() {
     @Override
     public void onAuthentication(Credentials credentials) {
        //Authenticated
     }

     @Override
     public void onCanceled() {
        //User pressed back
     }

     @Override
     public void onError(LockException error)
        //Exception occurred
     }
 };

To request the UserProfile, just use AuthenticationAPIClient from auth0-java

@Override
public void onAuthentication(Credentials credentials) {
    AuthenticationAPIClient client = new AuthenticationAPIClient(new Auth0("YOUR_CLIENT_ID", "YOUR_DOMAIN"));

    client.tokenInfo(credentials.idToken)
        .start(new BaseCallback<UserProfile>() {
            @Override
            public void onSuccess(UserProfile payload) { }

            @Override
            public void onFailure(Auth0Exception error) { }
        });
}

First beta release of Lock for Android v2

Declaration in AndroidManifest.xml

Now Lock for Android requires these permisssions

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

and this is how LockActivity should be declared in your Android Manifest

<activity
  android:name="com.auth0.android.lock.LockActivity"
  android:label="@string/app_name"
  android:launchMode="singleTask"
  android:screenOrientation="portrait"
  android:theme="@style/Lock.Theme">
    <intent-filter>
      <action android:name="android.intent.action.VIEW" />

      <category android:name="android.intent.category.DEFAULT" />
      <category android:name="android.intent.category.BROWSABLE" />

      <data
        android:host="YOUR_AUTH0_DOMAIN"
        android:pathPrefix="/android/YOUR_APP_PACKAGE_NAME/callback"
        android:scheme="https" />
    </intent-filter>
</activity>

Lock instance

In the previous version of Lock, you were asked to create a custom Application class and initialize the Lock.Context there. Now this is no longer needed. To create a new Lock instance and configure it, use the Lock.Builder class.

Auth0

Create an Auth0 instance to hold your account details, which are the AUTH0_CLIENT_ID and the AUTH0_DOMAIN.

Auth0 auth0 = new Auth0("YOUR_AUTH0_CLIENT_ID", "YOUR_AUTH0_DOMAIN");

Authentication Callback

You'll also need a LockCallback implementation, we provide AuthenticationCallback that reports the following events:

• onAuthentication: User successfuly authenticated
• onError: An unrecoverable error ocurred during authentication
• onCanceled: User pressed back (if closable is true)

If you need a more fine grained control you can implement LockCallback full interface.

private LockCallback callback = new AuthenticationCallback() {
     @Override
     public void onAuthentication(Authentication authentication) {
        //Authenticated
     }

     @Override
     public void onCanceled() {
        //User pressed back
     }

     @Override
     public void onError(LockException error)
        //Exception occurred
     }
 };

Lock.Builder

Call the static method Lock.newBuilder(Auth0, AuthenticationCallback) passing the account details and the callback implementation, and start configuring the Options. After you're done, build the Lock instance and use it to start the LockActivity.

This is how your activity should look like.

public class MainActivity extends Activity {
  private Lock lock;

  @Override
  protected void onCreate(@Nullable Bundle savedInstanceState) {
    Auth0 auth0 = new Auth0(AUTH0_CLIENT_ID, AUTH0_DOMAIN);
    lock = Lock.newBuilder(auth0, callback)
      // ... Options
      .build();
    lock.onCreate(this);
  }

  @Override
  public void onDestroy() {
    lock.onDestroy(this);
    super.onDestroy();
  }

  private void performLogin(boolean useBrowser) {
    startActivity(lock.newIntent(this));
  }

  private LockCallback callback = new AuthenticationCallback() {
       @Override
       public void onAuthentication(Authentication authentication) {
          //Authenticated
       }

       @Override
       public void onCanceled() {
          //User pressed back
       }

       @Override
       public void onError(LockException error) {
          //Exception occurred
       }
   };
}

Remember to notify the LockActivity on every OnCreate and OnDestroy call on your Activity, as it helps to keep the Lock state.

Options

As in the previous version, Lock can be configured with extra options. Check below if the behavior changed or if they only got renamed.

Renamed options from v1

• shouldUseWebView: Renamed to useBrowser. Whether to use the WebView or the Browser to request calls to the /authorize endpoint. Using the Browser has some restrictions.
• shouldUseEmail: Renamed to withUsernameStyle. Defines if it should ask for email only, username only, or both of them. By default, it'll respect the Dashboard configuration of the parameter requires_username.
• isClosable: Renamed to closable. Defines if the LockActivity can be closed. By default, it's not closable.
• setFullscreen: Renamed to fullscreen. Defines if the LockActivity it's displayed in fullscreen. By default, it's not fullscreen.
• shouldLoginAfterSignUp: Renamed to loginAfterSignUp. Whether after a SignUp the user should be logged in automatically.
• disableSignupAction: Renamed to allowSignUp. Shows the Sign Up form if a Database connection is configured.
• disableResetAction: Renamed to allowForgotPassword. Shows a link to the Forgot Password form if a Database connection is configured and it's allowed from the Dashboard.
• defaultUserPasswordConnection: Renamed to setDefaultDatabaseConnection. Defines which will be the default Database connection. This is useful if your application has many Database connections configured.
• setConnections: Renamed to onlyUseConnections. Filters the allowed connections from the list configured in the Dashboard..
• setAuthenticationParameters: Renamed to withAuthenticationParameters. Defines extra authentication parameters, sent on sign up and log in/sign in.

New options in v2

• initialScreen(int) allows to customize which form will show first when launching Lock. The possibles values are LOG_IN, SIGN_UP, and FORGOT_PASSWORD. By default LOG_IN is the initial screen.
• allowLogIn(boolean) shows the Log In form if a Database connection is configured. By default, this screen it's enabled.
• allowSignUp(boolean) shows the Sign Up form if a Database connection is configured. By default, this screen it's enabled.
• allowForgotPassword(boolean) shows the Forgot Password form if a Database connection is configured. By default, this screen it's enabled.
• withSignUpFields(List<CustomFields>) shows a second screen with extra fields after completing the sign up fields.
• withProviderResolver(AuthProviderResolver) pass your own AuthProviderResolver instance to query for AuthProviders.
• withSocialButtonStyle(int) allows to customize the Style of the Social buttons. Possible values are SMALL and BIG. If this is not specified, it will default to SMALL when many Social and Db/Enterprise connections are configured; and BIG on the rest of the cases.
• usePKCE(boolean) whether to use the new PKCE flow or the old Token exchange one when authenticating. By default, it won't use PKCE.

Full Changelog

Closed issues:

• License and Readme need fixing #162

Merged pull requests:

• Set the proper connection when creating a new user #223 (lbalmaceda)
• Change password: Remove old flow and layout #222 (lbalmaceda)
• send the link to the email for password reset by default #220 (lbalmaceda)
• handle M permissions on permission required providers #219 (lbalmaceda)
• Bug fixing #198 (lbalmaceda)
• Fix license and readme #163 (aguerere)

Full Changelog

Closed issues:

• Add an option to use Webview with ADFS connections #158
• Add au region for CDN #152

Merged pull requests:

• Add option to force webview on adfs connections #159 (nikolaseu)
• Add AU region CDN #156 (nikolaseu)