Skip to content
Tags give the ability to mark specific points in history as being important
  • 0.10.0
    AppAuth 0.10.0 release
    - Add ID token azp (authorized party) validation (#727)
    - Support requesting specific claims and claims languages (#20)
    - Deserialize objects using the constructor instead of the builder - fixes (#726)
  • 0.9.1
    AppAuth 0.9.1 release
    - Return cancellation result if browser couldn't be opened (#459)
    - Fix browser selector returning only default (#521)
    - Fix possible NPE in isFullBrowser() test (#623)
  • 0.9.0
    AppAuth 0.9.0 release
    - [API Breaking Change] Update end-session request optional field requirements
    - [API Breaking Change] Remove skipNonceVerification in favor of setNonce(null)
    - [API Breaking Change] Remove deprecated browser white/blacklist
    - Add fetchFromIssuer with ConnectionBuilder param (#594)
    - Convert AuthorizationManagementRequest to public interface (#694)
    - Implement ui_locales parameter support (#413)
    - Make library activities inherit AppCompatActivity (#676)
  • 0.8.1
    AppAuth 0.8.1 release
    - Add ability to skip issuer https check and token nonce verification (#662)
    - Upgrade dependencies to latest stable releases
  • 0.8.0
    AppAuth 0.8.0 release
    - Migrate to AndroidX & update dependencies (#508)
    - Android11 support (#558)
    - Add end session support (#525)
    - Implement ID Token validation according to OIDC spec (#385)
    - Use CustomTabsService.ACTION_CUSTOM_TABS_CONNECTION in BrowserSelector (#411)
    - Fix NPE in case input stream is null (#414)
  • 0.7.1
    Minor bug fixes:
    - Synchronizes multiple actions when requiring token refresh (#332)
    - Make handling of non-standard expires_at more tolerant (#336)
    - Changes related to Android tool changes between v25 and v27 (#341, #363)
    - Fix encoding of client ids and secrets for auth (#345)
    - Handle CustomTabsSession.newSession failures (#362)
    - Do not automatically pass scope on token exchange request (#364)
    - Do not override tab title setting (#365)
    - Respect default browser of the user correctly (#379)
    - Updated custom tab definitions, including Firefox (#378, #383)
  • 0.7.0
    AppAuth 0.7.0 release
    - Adds startActivityForResult based authorization flow
    - Minor bug fixes
  • 0.6.1
    AppAuth 0.6.1 release
    - Fixes exponential growth of AuthState objects
    - documentation overhaul
  • 0.6.0
    8aafde94 · Dependency version bumps ·
    0.6.0 release
    - ClientAuthentication can be specified explicitly for performActionWithFreshTokens
    - client_id is only passed on a token request if no other client authentication
      method is in use
    - CustomTabManager is now easier to use, enabling:
      - Priming a custom tab session for multiple URLs
      - Adding event listeners for the tab
    - Fixed leak of browser connection for custom tabs
    - Javadoc is now built and bundled with releases
    Additionally, the demo app has been mostly rewritten to focus on the single IDP
    use case, and should be much easier to read as a result. All Google specific
    code has been removed.
  • 0.5.1
    Fixes parsing of authorization errors which do not contain a description
  • 0.5.0
    - Fixes token request error response handling
    - The full response URI for authorization responses is now provided
      as part of the response intent.
  • 0.4.1
    Bug fix release:
    - BrowserSelector now passes the correct flag on M+ devices to
      list all available browsers (see #124, $125).
  • 0.4.0
    Version 0.4.0, with the following fixes and new features:
    - Direct support for login_hint in authorization requests
    - Introduction of AppAuthConfiguration, with allows an app to:
        - Control which browser(s) can be used for the authorization flow, through the use of a `BrowserMatcher`. A variety of generally useful browser matcher implementations are provided in the "browser" package.
        - Control over the creation of HttpURLConnection, through the use of a `ConnectionBuilder`. This allows for the use of alternative HTTP stacks (e.g. okhttp), disabling of certificate checks (for testing), and certificate pinning.
    - The library will work without a browser, for use cases that only require token exchange, such as when the token is bootstrapped through some other means. Authorization requests still require a browser.
    - Better handling of the back stack and authorization request state - switching apps during the authorization flow will no longer kill the flow.
    - Apps can provide a "cancel" intent in addition to a completion intent, in order to better handle cancelation of the authorization flow.
  • 0.3.0
    - Support for dynamic client registration (thanks to rebeckag)
    - Support for some additional OpenID request params (ongoing work)
    - Minor bug fixes
  • 0.2.0
    59dc59cf · Version 0.2.0 release ·
    0.2.0 release:
    - Token endpoint is now used verbatim (#36)
    - Support for OpenID Connect display and prompt params
    - Error handling in AuthState for failed authorization and token requests
  • 0.1.1
    593a847d · 0.1.1 release ·
    0.1.1 release - fixes auth requests on devices without a default browser
  • 0.1.0