|
1 | 1 | # Migration Guide from SDK v3 to v4 |
2 | 2 |
|
3 | | -## Overview |
| 3 | +> **Note:** This guide is actively maintained during the v4 development phase. As new changes are merged, this document will be updated to reflect the latest breaking changes and migration steps. |
4 | 4 |
|
5 | | -v4 of the Auth0 Android SDK includes significant build toolchain updates to support the latest |
6 | | -Android development environment. This guide documents the changes required when migrating from v3 to |
7 | | -v4. |
| 5 | +v4 of the Auth0 Android SDK includes significant build toolchain updates, updated default values for better out-of-the-box behavior, and behavior changes to simplify credential management. This guide documents the changes required when migrating from v3 to v4. |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## Table of Contents |
| 10 | + |
| 11 | +- [**Requirements Changes**](#requirements-changes) |
| 12 | + + [Java Version](#java-version) |
| 13 | + + [Gradle and Android Gradle Plugin](#gradle-and-android-gradle-plugin) |
| 14 | + + [Kotlin Version](#kotlin-version) |
| 15 | +- [**Breaking Changes**](#breaking-changes) |
| 16 | + + [Classes Removed](#classes-removed) |
| 17 | + + [DPoP Configuration Moved to Builder](#dpop-configuration-moved-to-builder) |
| 18 | +- [**Default Values Changed**](#default-values-changed) |
| 19 | + + [Credentials Manager minTTL](#credentials-manager-minttl) |
| 20 | +- [**Behavior Changes**](#behavior-changes) |
| 21 | + + [clearCredentials() Now Clears All Storage](#clearCredentials-now-clears-all-storage) |
| 22 | + + [Storage Interface: New removeAll() Method](#storage-interface-new-removeall-method) |
| 23 | +- [**Dependency Changes**](#dependency-changes) |
| 24 | + + [Gson 2.8.9 → 2.11.0](#️-gson-289--2110-transitive-dependency) |
| 25 | + + [DefaultClient.Builder](#defaultclientbuilder) |
| 26 | + |
| 27 | +--- |
8 | 28 |
|
9 | 29 | ## Requirements Changes |
10 | 30 |
|
@@ -103,6 +123,60 @@ WebAuthProvider |
103 | 123 | This change ensures that DPoP configuration is scoped to individual login requests rather than |
104 | 124 | persisting across the entire application lifecycle. |
105 | 125 |
|
| 126 | +## Default Values Changed |
| 127 | + |
| 128 | +### Credentials Manager `minTTL` |
| 129 | + |
| 130 | +**Change:** The default `minTtl` value changed from `0` to `60` seconds. |
| 131 | + |
| 132 | +This change affects the following Credentials Manager methods: |
| 133 | + |
| 134 | +- `getCredentials(callback)` / `awaitCredentials()` |
| 135 | +- `getCredentials(scope, minTtl, callback)` / `awaitCredentials(scope, minTtl)` |
| 136 | +- `getCredentials(scope, minTtl, parameters, callback)` / `awaitCredentials(scope, minTtl, parameters)` |
| 137 | +- `getCredentials(scope, minTtl, parameters, forceRefresh, callback)` / `awaitCredentials(scope, minTtl, parameters, forceRefresh)` |
| 138 | +- `getCredentials(scope, minTtl, parameters, headers, forceRefresh, callback)` / `awaitCredentials(scope, minTtl, parameters, headers, forceRefresh)` |
| 139 | +- `hasValidCredentials()` |
| 140 | + |
| 141 | +**Impact:** Credentials will be renewed if they expire within 60 seconds, instead of only when already expired. |
| 142 | + |
| 143 | +<details> |
| 144 | + <summary>Migration example</summary> |
| 145 | + |
| 146 | +```kotlin |
| 147 | +// v3 - minTtl defaulted to 0, had to be set explicitly |
| 148 | +credentialsManager.getCredentials(scope = null, minTtl = 60, callback = callback) |
| 149 | + |
| 150 | +// v4 - minTtl defaults to 60 seconds |
| 151 | +credentialsManager.getCredentials(callback) |
| 152 | + |
| 153 | +// v4 - use 0 to restore v3 behavior |
| 154 | +credentialsManager.getCredentials(scope = null, minTtl = 0, callback = callback) |
| 155 | +``` |
| 156 | +</details> |
| 157 | + |
| 158 | +**Reason:** A `minTtl` of `0` meant credentials were not renewed until expired, which could result in delivering access tokens that expire immediately after retrieval, causing subsequent API requests to fail. Setting a default value of `60` seconds ensures the access token remains valid for a reasonable period. |
| 159 | + |
| 160 | +## Behavior Changes |
| 161 | + |
| 162 | +### `clearCredentials()` Now Clears All Storage |
| 163 | + |
| 164 | +**Change:** `clearCredentials()` now calls `Storage.removeAll()` instead of removing individual credential keys. |
| 165 | + |
| 166 | +In v3, `clearCredentials()` removed only specific credential keys (access token, refresh token, ID token, etc.) from the underlying `Storage`. |
| 167 | + |
| 168 | +In v4, `clearCredentials()` calls `Storage.removeAll()`, which clears **all** values in the storage — including any API credentials stored for specific audiences. |
| 169 | + |
| 170 | +**Impact:** If you need to remove only the primary credentials while preserving other stored data, consider using a separate `Storage` instance for API credentials. |
| 171 | + |
| 172 | +**Reason:** This simplifies credential cleanup and ensures no stale data remains in storage after logout. It aligns the behavior with the Swift SDK's `clear()` method, which also clears all stored values. |
| 173 | + |
| 174 | +### `Storage` Interface: New `removeAll()` Method |
| 175 | + |
| 176 | +**Change:** The `Storage` interface now includes a `removeAll()` method with a default empty implementation. |
| 177 | + |
| 178 | +**Impact:** Existing custom `Storage` implementations will continue to compile and work without changes. Override `removeAll()` to provide the actual clearing behavior if your custom storage is used with `clearCredentials()`. |
| 179 | + |
106 | 180 | ## Dependency Changes |
107 | 181 |
|
108 | 182 | ### ⚠️ Gson 2.8.9 → 2.11.0 (Transitive Dependency) |
|
0 commit comments