Merged
Conversation
… prevent saveCredentials() crash
…S1-OAEP-key-migration-to-prevent-saveCredentials-crash
…saveCredentials() crash (#924)
There was a problem hiding this comment.
Pull request overview
This PR rebases main with changes from v4_development, including SDK behavior updates (telemetry headers, crypto migration robustness), API deprecations, and accompanying test/docs/version updates.
Changes:
- Ensure
Auth0-Clientheader is set for MyAccount and MFA API requests, with tests validating it. - Improve
CryptoUtilhandling around Android 12+ProviderExceptionduring RSA/AES key operations and PKCS1→OAEP migration paths, with expanded test coverage. - Deprecate legacy/soon-to-be-removed APIs and update docs/changelog/version plus a GitHub Action flag.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| auth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.kt | Adds header assertion test; formatting tweaks; adds a constant. |
| auth0/src/test/java/com/auth0/android/authentication/storage/CryptoUtilTest.java | Adds extensive tests covering ProviderException/migration/regeneration scenarios. |
| auth0/src/test/java/com/auth0/android/authentication/MfaApiClientTest.kt | Adds tests ensuring Auth0-Client header is present across MFA calls; import/format cleanup. |
| auth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.kt | Sets Auth0-Client info on the RequestFactory during initialization. |
| auth0/src/main/java/com/auth0/android/management/UsersAPIClient.kt | Marks UsersAPIClient as deprecated. |
| auth0/src/main/java/com/auth0/android/management/ManagementException.kt | Marks ManagementException as deprecated. |
| auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java | Adds/adjusts ProviderException handling and key migration/regeneration cleanup behavior. |
| auth0/src/main/java/com/auth0/android/authentication/mfa/MfaApiClient.kt | Ensures MFA RequestFactory instances include Auth0-Client info. |
| auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt | Deprecates legacy MFA-related methods in favor of MfaApiClient. |
| EXAMPLES.md | Updates DPoP docs section/title/TOC anchors (removes EA labeling/note). |
| CHANGELOG.md | Adds 3.14.0 release notes entries for the included fixes/deprecations. |
| .version | Bumps SDK version to 3.14.0. |
| .github/actions/rl-scanner/action.yml | Updates scanner flag name to --suppress-output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.kt
Show resolved
Hide resolved
|
|
||
| private companion object { | ||
| private const val CLIENT_ID = "CLIENTID" | ||
| private const val DOMAIN = "test-domain" |
There was a problem hiding this comment.
DOMAIN is declared but not used anywhere in this test file. If it’s leftover from an earlier version of the setup, removing it will avoid accumulating dead constants (and potential unused-constant warnings in stricter builds).
Suggested change
| private const val DOMAIN = "test-domain" |
|
|
||
|
|
||
| @Deprecated( | ||
| """ManagementException is deprecated and will be removed in the next major version of the SDK. """, |
There was a problem hiding this comment.
The deprecation message literal has an extra trailing space before the closing triple-quote ("SDK. "). This will show up in the warning text; consider removing the extra space so the message is clean.
Suggested change
| """ManagementException is deprecated and will be removed in the next major version of the SDK. """, | |
| """ManagementException is deprecated and will be removed in the next major version of the SDK.""", |
utkrishtsahu
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
This PR rebases the main branch with the changes from
v4_development