Added new error type for thumbprint mismatch scenario

pmathew92 · pmathew92 · commit fed47bb8c1cb · 2026-03-26T11:33:13.000+05:30
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
@@ -238,9 +238,9 @@ public abstract class BaseCredentialsManager internal constructor(
 
         if (storedThumbprint != null) {
             if (currentThumbprint != storedThumbprint) {
-                Log.w(this::class.java.simpleName, "DPoP key thumbprint mismatch. Clearing stale credentials.")
+                Log.w(this::class.java.simpleName, "DPoP key thumbprint mismatch. The key pair has changed since credentials were saved. Clearing stale credentials.")
                 clearCredentials()
-                return CredentialsManagerException(CredentialsManagerException.Code.DPOP_KEY_MISSING)
+                return CredentialsManagerException(CredentialsManagerException.Code.DPOP_KEY_MISMATCH)
             }
         } else if (currentThumbprint != null) {
             // Migration: existing DPoP user upgraded — no thumbprint stored yet.
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt
@@ -49,6 +49,7 @@ public class CredentialsManagerException :
         SSO_EXCHANGE_FAILED,
         MFA_REQUIRED,
         DPOP_KEY_MISSING,
+        DPOP_KEY_MISMATCH,
         DPOP_NOT_CONFIGURED,
         UNKNOWN_ERROR
     }
@@ -163,6 +164,8 @@ public class CredentialsManagerException :
 
         public val DPOP_KEY_MISSING: CredentialsManagerException =
             CredentialsManagerException(Code.DPOP_KEY_MISSING)
+        public val DPOP_KEY_MISMATCH: CredentialsManagerException =
+            CredentialsManagerException(Code.DPOP_KEY_MISMATCH)
         public val DPOP_NOT_CONFIGURED: CredentialsManagerException =
             CredentialsManagerException(Code.DPOP_NOT_CONFIGURED)
 
@@ -215,6 +218,7 @@ public class CredentialsManagerException :
                 Code.SSO_EXCHANGE_FAILED ->"The exchange of the refresh token for SSO credentials failed."
                 Code.MFA_REQUIRED -> "Multi-factor authentication is required to complete the credential renewal."
                 Code.DPOP_KEY_MISSING -> "The stored credentials are DPoP-bound but the DPoP key pair is no longer available in the Android KeyStore. Re-authentication is required."
+                Code.DPOP_KEY_MISMATCH -> "The stored credentials are DPoP-bound but the current DPoP key pair does not match the one used when credentials were saved. Re-authentication is required."
                 Code.DPOP_NOT_CONFIGURED -> "The stored credentials are DPoP-bound but the AuthenticationAPIClient used by this credentials manager was not configured with useDPoP(context). Call AuthenticationAPIClient(auth0).useDPoP(context) and pass the configured client to the credentials manager."
                 Code.UNKNOWN_ERROR -> "An unknown error has occurred while fetching the token. Please check the error cause for more details."
             }
