Skip to content
Tags give the ability to mark specific points in history as being important
  • 0.10.0
    0939d6d4 · Add ID token azp (authorized party) validation (#727) · 
    AppAuth 0.10.0 release
- Add ID token azp (authorized party) validation (#727)
- Support requesting specific claims and claims languages (#20)
- Deserialize objects using the constructor instead of the builder - fixes (#726)
  • 0.9.1
    e047a5e4 · Return cancellation result if browser couldn't be opened (#459) · 
    AppAuth 0.9.1 release

- Return cancellation result if browser couldn't be opened (#459)
- Fix browser selector returning only default (#521)
- Fix possible NPE in isFullBrowser() test (#623)
  • 0.9.0
    ce43ba83 · Fix assertions in BrowserSelectorTest · 
    AppAuth 0.9.0 release

- [API Breaking Change] Update end-session request optional field requirements
- [API Breaking Change] Remove skipNonceVerification in favor of setNonce(null)
- [API Breaking Change] Remove deprecated browser white/blacklist
- Add fetchFromIssuer with ConnectionBuilder param (#594)
- Convert AuthorizationManagementRequest to public interface (#694)
- Implement ui_locales parameter support (#413)
- Make library activities inherit AppCompatActivity (#676)
  • 0.8.1
    5ce45465 · Upgrade dependencies to latest stable · 
    AppAuth 0.8.1 release

- Add ability to skip issuer https check and token nonce verification (#662)
- Upgrade dependencies to latest stable releases
  • 0.8.0
    907ebbd8 · Restore backwards compatible of configuration constructor · 
    AppAuth 0.8.0 release

- Migrate to AndroidX & update dependencies (#508)
- Android11 support (#558)
- Add end session support (#525)
- Implement ID Token validation according to OIDC spec (#385)
- Use CustomTabsService.ACTION_CUSTOM_TABS_CONNECTION in BrowserSelector (#411)
- Fix NPE in case input stream is null (#414)
  • 0.7.1
    5a58643e · Android gradle plugin version bump · 
    Minor bug fixes:

- Synchronizes multiple actions when requiring token refresh (#332)
- Make handling of non-standard expires_at more tolerant (#336)
- Changes related to Android tool changes between v25 and v27 (#341, #363)
- Fix encoding of client ids and secrets for auth (#345)
- Handle CustomTabsSession.newSession failures (#362)
- Do not automatically pass scope on token exchange request (#364)
- Do not override tab title setting (#365)
- Respect default browser of the user correctly (#379)
- Updated custom tab definitions, including Firefox (#378, #383)
  • 0.7.0
    aa1f83f5 · Dependency version bump and maven pom configuration tweak · 
    AppAuth 0.7.0 release

- Adds startActivityForResult based authorization flow
- Minor bug fixes
  • 0.6.1
    bf33daf9 · Unit tests for failure cases of CodeVerifierUtil · 
    AppAuth 0.6.1 release

- Fixes exponential growth of AuthState objects
- README.md documentation overhaul
  • 0.6.0
    8aafde94 · Dependency version bumps · 
    0.6.0 release

- ClientAuthentication can be specified explicitly for performActionWithFreshTokens
- client_id is only passed on a token request if no other client authentication
  method is in use
- CustomTabManager is now easier to use, enabling:
  - Priming a custom tab session for multiple URLs
  - Adding event listeners for the tab
- Fixed leak of browser connection for custom tabs
- Javadoc is now built and bundled with releases

Additionally, the demo app has been mostly rewritten to focus on the single IDP
use case, and should be much easier to read as a result. All Google specific
code has been removed.
  • 0.5.1
    a4de9985 · Update README to be version agnostic · 
    Fixes parsing of authorization errors which do not contain a description
  • 0.5.0
    022471d4 · Update version numbers in README.md · 
    - Fixes token request error response handling
- The full response URI for authorization responses is now provided
  as part of the response intent.
  • 0.4.1
    393ce146 · Version update in readme for new release · 
    Bug fix release:

- BrowserSelector now passes the correct flag on M+ devices to
  list all available browsers (see #124, $125).
  • 0.4.0
    fbcba7b3 · Readme update for 0.4.0 release · 
    Version 0.4.0, with the following fixes and new features:

- Direct support for login_hint in authorization requests
- Introduction of AppAuthConfiguration, with allows an app to:
    - Control which browser(s) can be used for the authorization flow, through the use of a `BrowserMatcher`. A variety of generally useful browser matcher implementations are provided in the "browser" package.
    - Control over the creation of HttpURLConnection, through the use of a `ConnectionBuilder`. This allows for the use of alternative HTTP stacks (e.g. okhttp), disabling of certificate checks (for testing), and certificate pinning.
- The library will work without a browser, for use cases that only require token exchange, such as when the token is bootstrapped through some other means. Authorization requests still require a browser.
- Better handling of the back stack and authorization request state - switching apps during the authorization flow will no longer kill the flow.
- Apps can provide a "cancel" intent in addition to a completion intent, in order to better handle cancelation of the authorization flow.
  • 0.3.0
    14ef58eb · Merge pull request #97 from iainmcgin/fixbuild · 
    - Support for dynamic client registration (thanks to rebeckag)
- Support for some additional OpenID request params (ongoing work)
- Minor bug fixes
  • 0.2.0
    59dc59cf · Version 0.2.0 release · 
    0.2.0 release:
- Token endpoint is now used verbatim (#36)
- Support for OpenID Connect display and prompt params
- Error handling in AuthState for failed authorization and token requests
  • 0.1.1
    593a847d · 0.1.1 release · 
    0.1.1 release - fixes auth requests on devices without a default browser
  • 0.1.0
    c75b8f18 · Initial release of AppAuth for Android · 
    0.1.0

VideoLAN code repository instance