- Add sendEmailVerification and verifyEmail
- trusted device cookie is set during verify passwordless when trust device is true
- Support for structured custom fields (with fully qualified path)
- Add sendEmailVerification and verifyEmail
- Replace deprecated Google Sign-In with Credential Manager for Google social login
- Fix
ReachFiveError.getErrorCode.
- Fix WebView crash when WebAuthn is not configured
- Set default value
nullfororiginparameter ofonLoginActivityResult
- Remove cookies from the cookie jar on
logout
- Save cookies from
https://$domain/oauth/tokento cookie jar logoutmethod extended for native & custom tab SSO logout, and token revocation- Logout handler for logout custom tab redirection
- RBA support:
- Methods:
listMfaTrustedDevices,removeMfaTrustedDevice - Allow to start step up from
loginWithPasswordwhen mfa is required
- Methods:
AuthToken change:
- add optional amr stepUpToken field + make accessToken optional
- Fix completion of WebAuthn device registration
-
MFA support:
- Methods
startMfaPhoneNumberRegistration,verifyMfaPhoneNumberRegistration,startMfaEmailRegistration,verifyMfaEmailRegistration,listMfaCredentials,removeMfaEmail,removeMfaPhoneNumber,startStepUp,endStepUp
- Methods
-
Passkey support:
- methods
signupWithPasskey,loginWithPasskey,discoverableLogin,registerNewPasskey - for passkeys,
originWebAuthnis to be configured in theSdkConfigobject - support in WebView flow
- methods
-
Account Recovery support.
- The ReachFive now SDK supports Android SDK from API Level 21 (Android version 5.0 Lollipop).
- Added custom fields for Address entity.
- Improve error messages for WeChat.
- Added 'Accept-Language' header in requests sent to the backend.
- Upgrade Facebook Login 12.2 => 16.3: a client token is now required in the manifest (see https://developers.facebook.com/docs/android/getting-started/#add-app_id)
loginWithWebViewperforms the same flows asloginWithWeb, but within a WebView
- Added WeChat provider's login
- Option 3 of google's mitigation doc (see: https://support.google.com/faqs/answer/9267555).
- Basic checks against intent redirections
- Added field Custom Identifier to loginWithPassword
- Added field Custom Identifier to signup
- Handle WebAuthn user cancellation as failures so that integrators can detect them more easily.
This major releases includes many breaking changes but greatly simplifies the SDK integration overall.
loginWithWebenables SDK integrators to delegate login to another ReachFive first-party identity client such as web page they control.onLoginActivityResulthandles all login flow results and automatically calls the appropriate internal completion flow. SDK integrators no longer have to match on request codes themselves. The method ignores any request code that does not concern the SDK.- SDK integrators can use
ReachFive.resolveResultHandlerto let the SDK automatically wire the appropriate activity result handler (i.e.,onLoginActivityHandleroronAddNewWebAuthnDeviceResult).
- Client implementation was broken down into smaller modules.
- Client constructor no longer takes an
Activity. - Client initialization now only fetches client configuration.
- A separate initialization method (
loadSocialProviders) has been added for social providers configuration. WebViewProvidersocial login flows now use a Custom Tab.- Internal login callback no longer open a custom tab and silently obtain an authorization code.
- All errors are now communicated through the
failurecallback channel; AndroidActivityresult codes no longer need to be manually inspected. - An
ErrorCodeenumeration class documents all ReachFive API and SDK errors. - The
SuccessWithNoContent<Unit>type has been removed; all success callbacks now only useSuccess<T>orSuccess<Unit>.
onLoginWithWebAuthnResult: result is now automatically handled inonLoginActivityResultonSignupWithWebAuthnResult: result is now automatically handled inonLoginActivityResult
- Social login providers that did not support webviews are now fixed by virtue of using custom tabs.
- Social login errors have been improved.
- Activity callback methods no longer throw exceptions when the request code does not concern an SDK flow. Instead, no action is taken and a debug-level log is emitted.
Addressproperties are all nullable- Suppression of proguard rules
- Fix error propagation in FB login flows. (#152)
- Fix
SdkInfos.versionnot indicating the correct SDK version. (#149) - Use the scope configured in identity client as default value in
loginWithProvider. (#148) - Call
/userinfoinstead deprecated endpoint/me. (#147)
- Revised Gradle build
- Upgrade Android target SDK to 31
- Upgrade Kotlin to 1.6.10
- Upgrade build plugins
- Upgrade libraries
- Upgrade Facebook Login 11.3 => 12.2
- All packages have been migrated from
com.reach5toco.reachfive
- Publish artifacts to Sonatype
- Package FQDN has changed from
com.reach5.identitytoco.reachfive.identity
- Passwordless API calls have been updated following the latest backend changes (#125).
- Upgrade Facebook SDK dependency from 5.0.3 to 8.2.0.
The redirectUrl was added to the signup
method to redirect the user after the email confirmation.
- Fix the exchange of an authorization code with an access token at the end of a Webauthn workflow.
- Fix the Google login through a Webview.
The format expected for your redirection scheme has changed to reachfive://${clientId}/callback.
Some updates are required if you are using the Webview SDK:
-
Update the scheme required by the
SdkConfigobject for the SDK initialization. In our example, the value is stored in theenvfile. -
Update the scheme in the Allowed Callback URLs section of your Identity client on the ReachFive console.
You can now implement a biometric authentication flow.
Follow our FIDO2 guide for more information on the configuration and methods.
The errorMessageKey field is now returned in the error response object. See for
example updateEmail
to view the documentation of the new field.
Add the scope parameter to
the loginWithProvider
method.
- App-specific scheme handling (pattern
reachfive-${clientId}://callback). This custom scheme has to be specified inAndroidManifest.xmlapplication and passed during SDK configuration inSdkConfigobject:
DOMAIN=my-reachfive-url
CLIENT_ID=my-reachfive-client-id
SCHEME=my-reachfive-url-scheme
val sdkConfig = SdkConfig(
domain = DOMAIN,
clientId = CLIENT_ID,
scheme = SCHEME
)- This custom scheme will be used as a redirect URL by default in payload of Start Passwordless call.
The following fields are now returned by
the getProfile method: bio
, birthdate, company, external_id, locale, middle_name, nickname, picture
and tos_accepted_at.
The consents, emails, email_verified, phone_number and phone_number_verified fields are
returned again by the getProfile
method.
The custom fields are now returned by
the getProfile method.
- The
redirectUrlis configurable for the methodstartPasswordless.
- A new
method
startPasswordlesswas implemented to trigger an email/sms sending for a passwordless flow. - A new
method
verifyPasswordlesswas implemented to verify a passwordless sms verification code. - A new
method
exchangeCodeForTokenwas implemented to exchange an authorization code for an access token.
- The
signedUidattribute of theProfilemodel was removed. - Login with the Facebook social account was fixed.
- The
ProfileAddressmodel'sisDefaultattribute is now correctly serialized. - All the string attributes of the
ProfileAddressmodel are now null by default. - The
addressTypeattribute of theProfileAddressmodel is no longer aStringbut aProfileAddressType.
The ReachFive error models were improved:
- the
codeattribute was added to theReachFiveErrormodel to specify the HTTP code response. - the
errorIdand theerrorUserMsgattributes were added to theReachFiveApiErrormodel to specify the identifier and the user-friendly message of the error.
A new
method refreshAccessToken
was implemented to refresh a profile's access token.
- Fix the sign-up on the demo application.
- The type of the
consentTypeproperty was changed toString.
- The
codeparameter was deleted from theAuthTokenmodel since it was unused. - The
redirectUrlargument was deleted from thelogoutmethod since it wasn't pertinent for mobile.
- The
authTokenargument of theupdatePasswordmethod was deleted since it is not required when the user provides his email or phone number with a verification code. Nevertheless, thefreshAuthTokenargument was added toFreshAccessTokenParamsandauthTokentoAccessTokenParams. - The
updatePhoneNumberRequestargument of theupdatePasswordmethod was renamed toupdatePasswordRequest.
- The new default is to use the scopes defined for your client via the ReachFive console. Keep in
mind that you must initialize the client through the
initializemethod for the scopes to be set, or an empty value will be used. - All the data models used for requests were moved in a sub-folder
named
requests(com.reach5.identity.sdk.core.models->com.reach5.identity.sdk.core.models.requests). - The profile's data passed as an argument to the
signupmethod is no longer aProfilebut aProfileSignupRequest. Note thatProfileSignupRequestcontains the same attributes asProfileplus thepasswordfield and minus the identifiers and authentication details. - The
Userdata model was renamed toOpenIdUser. - The
AuthToken.idTokenfield became optional since it isn't returned when theopenidscope is not provided. - The
openidscope is no longer provided by default to theloginWithProvidermethod through theWebViewProvider. - The
logoutmethod now disconnects all sessions including those created with a provider.
An HTTP logging interceptor
was added to the sdk-core module to log the API requests and responses in debug mode.
- New fields were added to the
Profiledata model. You'll find their descriptions on the ReachFive developer documentation .uidsignedUidprofileURLexternalIdauthTypesloginSummaryemailVerifiedemailsphoneNumberVerifiedbiocustomFieldsconsentstosAcceptedAtcreatedAtupdatedAtliteOnly
- New fields were also added to the
ProfileAddressdata model. - A new method
getProfilewas implemented to fetch the profile's information.
The requestPasswordReset no longer needs the authToken argument.
- All the SDK core models are now serialized for an Android implementation.
- The authorization flow with code and the PKCE are implemented for login with the
WebViewProvider.
- A new method
updatePasswordwas implemented to update the profile's password. - A new method
logoutwas implemented to kill the SSO session of the profile.
The success parameter of the requestPasswordReset and verifyPhoneNumber methods was renamed
into successWithNoContent and is now correctly called.
New modular version of the Identity SDK Android: