Rebase Main with V4_development #906
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…stency and handled review comment
There was a problem hiding this comment.
Pull request overview
This PR rebases main with v4_development, bringing in a build/toolchain modernization (Gradle/AGP/Kotlin/Java), updates to testing dependencies (Mockito/Robolectric), and new MFA Flexible Factors Grant support (including an MFA API client and structured MFA error payload handling).
Changes:
- Upgrade build toolchain to Gradle 8.10.2 / AGP 8.8.2 / Kotlin 2.0.21 and move manifests to
namespace-based configuration. - Add MFA Flexible Factors Grant support (new MFA client, MFA exceptions/types, structured MFA payload parsing, and docs/tests).
- Adjust networking behavior for DPoP requests by using a non-retryable OkHttpClient configuration.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| sample/src/main/AndroidManifest.xml | Removes manifest package in favor of Gradle namespace. |
| sample/build.gradle | Sets namespace, updates SDK DSL, and moves sample to Java/Kotlin 17. |
| gradle/wrapper/gradle-wrapper.properties | Upgrades Gradle wrapper to 8.10.2. |
| gradle/jacoco.gradle | Upgrades JaCoCo and updates report DSL properties. |
| gradle.properties | Removes temporary build workaround and simplifies properties. |
| build.gradle | Updates Kotlin/AGP versions and central buildscript deps. |
| auth0/src/test/java/com/auth0/android/request/internal/TLS12SocketFactoryTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/request/internal/CommonThreadSwitcherDelegateTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/request/internal/BaseRequestTest.kt | Updates Mockito interaction verification API usage. |
| auth0/src/test/java/com/auth0/android/request/internal/BaseAuthenticationRequestTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/request/RetryInterceptorTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/request/DefaultClientTest.kt | Adds tests for retryable vs non-retryable OkHttp clients. |
| auth0/src/test/java/com/auth0/android/provider/WebAuthProviderTest.kt | Migrates Mockito Kotlin package and temporarily ignores failing tests. |
| auth0/src/test/java/com/auth0/android/provider/PermissionHandlerTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/provider/PasskeyManagerTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/provider/PKCETest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/provider/OAuthManagerStateTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/provider/CustomTabsOptionsTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/provider/CustomTabsControllerTest.java | Refactors test setup away from PowerMock toward Mockito-only strategy. |
| auth0/src/test/java/com/auth0/android/provider/BrowserPickerTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/provider/AuthenticationActivityTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/management/UsersAPIClientTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/dpop/DPoPUtilTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/dpop/DPoPTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/dpop/DPoPKeyStoreTest.kt | Removes PowerMock usage; uses Mockito static mocking + Robolectric config. |
| auth0/src/test/java/com/auth0/android/authentication/storage/SharedPreferencesStorageTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/authentication/storage/SecureCredentialsManagerTest.kt | Adds MFA-required renewal tests and migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/authentication/storage/SecureCredentialsManagerBiometricPolicyTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/authentication/storage/LocalAuthenticationManagerTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.kt | Adds MFA-required renewal tests and migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/authentication/request/SignUpRequestTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/authentication/request/ProfileRequestTest.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/test/java/com/auth0/android/authentication/MfaExceptionTest.kt | Adds unit tests for MFA exception hierarchy. |
| auth0/src/test/java/com/auth0/android/authentication/MfaApiClientTest.kt | Adds extensive tests for MFA API client flows. |
| auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.kt | Migrates Mockito Kotlin package. |
| auth0/src/test/java/com/auth0/android/Auth0Test.java | Migrates Mockito matchers to ArgumentMatchers. |
| auth0/src/main/java/com/auth0/android/result/MfaRequirements.kt | Adds structured models for MFA-required payload/requirements/factors. |
| auth0/src/main/java/com/auth0/android/result/EnrollmentChallenge.kt | Adds OOB enrollment challenge support and exposes oobCode. |
| auth0/src/main/java/com/auth0/android/result/Authenticator.kt | Adds model for enrolled MFA authenticators. |
| auth0/src/main/java/com/auth0/android/request/DefaultClient.kt | Adds non-retryable OkHttp client selection for DPoP requests. |
| auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt | Adds MFA-required error mapping into CredentialsManagerException. |
| auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt | Adds MFA_REQUIRED code and exposes MFA payload/token accessors. |
| auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt | Adds MFA-required error mapping into CredentialsManagerException. |
| auth0/src/main/java/com/auth0/android/authentication/mfa/MfaTypes.kt | Adds enrollment/verification sealed types for MFA flows. |
| auth0/src/main/java/com/auth0/android/authentication/mfa/MfaException.kt | Adds MFA-specific exception types with codes/descriptions/status. |
| auth0/src/main/java/com/auth0/android/authentication/mfa/MfaApiClient.kt | Adds MFA API client (authenticators/enroll/challenge/verify) + error adapters. |
| auth0/src/main/java/com/auth0/android/authentication/AuthenticationException.kt | Adds parsing for structured MFA-required payload from error values. |
| auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt | Adds factory method to create an MFA API client from MFA token. |
| auth0/src/main/AndroidManifest.xml | Removes manifest package in favor of Gradle namespace. |
| auth0/build.gradle | Moves module to namespace, Java 17, updates deps, removes PowerMock deps. |
| V4_MIGRATION_GUIDE.md | Adds v3→v4 migration guide focused on toolchain changes. |
| README.md | Updates requirements (Java 17+) and modernizes configuration guidance. |
| EXAMPLES.md | Adds MFA Flexible Factors Grant docs and end-to-end examples. |
| CHANGELOG.md | Adds release notes entry for 3.13.0. |
| AGP_UPGRADE_PLAN.md | Adds detailed internal plan for AGP/Gradle upgrade. |
| .version | Bumps SDK version to 3.13.0. |
| .github/workflows/test.yml | Runs CI for v4_development PRs in addition to main. |
| .github/workflows/release.yml | Updates release workflows to Java 17. |
| .github/workflows/codeql.yml | Updates CodeQL workflow Java version to 17. |
| .github/actions/setup/action.yml | Updates default toolchain versions used in CI setup action. |
| .github/actions/maven-publish/action.yml | Updates Maven publish action to Java 17. |
Comments suppressed due to low confidence (2)
auth0/src/test/java/com/auth0/android/authentication/storage/SecureCredentialsManagerTest.kt:36
- There are repeated
import org.mockito.kotlin.verifyNoMoreInteractionsimports here (same symbol imported multiple times). Please dedupe the imports to a single line.
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.kt:31
- This file contains multiple duplicate
import org.mockito.kotlin.verifyNoMoreInteractionslines. Please remove the duplicates to avoid redundant imports / potential lint failures.
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| ```java | ||
| mfaClient | ||
| .verify(MfaVerificationType.Otp.INSTANCE.invoke("123456")) |
There was a problem hiding this comment.
MfaVerificationType.Otp is a Kotlin data class, so the Java sample MfaVerificationType.Otp.INSTANCE.invoke(...) is incorrect and won’t compile. Use new MfaVerificationType.Otp("123456") instead.
Suggested change
| .verify(MfaVerificationType.Otp.INSTANCE.invoke("123456")) | |
| .verify(new MfaVerificationType.Otp("123456")) |
|
|
||
| ```java | ||
| mfaClient | ||
| .verify(MfaVerificationType.Otp.INSTANCE.invoke("123456")) |
There was a problem hiding this comment.
Same issue as above: MfaVerificationType.Otp.INSTANCE.invoke(...) won’t compile from Java because Otp is a Kotlin data class. Update this example to construct the type with new MfaVerificationType.Otp("123456").
Suggested change
| .verify(MfaVerificationType.Otp.INSTANCE.invoke("123456")) | |
| .verify(new MfaVerificationType.Otp("123456")) |
| "otp", "totp" -> effectiveType == "otp" || effectiveType == "totp" | ||
| "oob" -> authenticator.authenticatorType == "oob" || authenticator.type == "oob" | ||
| "recovery-code" -> effectiveType == "recovery-code" | ||
| "push-notification" -> effectiveType == "push-notification" |
There was a problem hiding this comment.
push-notification factor matching is currently based on effectiveType == "push-notification", but for push OOB authenticators effectiveType will be the oobChannel (e.g., "auth0"). This prevents getAuthenticators(listOf("push-notification")) from returning push authenticators. Consider mapping push-notification to the appropriate OOB channel ("auth0") and/or matching on authenticatorType == "oob" && oobChannel == "auth0".
Suggested change
| "push-notification" -> effectiveType == "push-notification" | |
| "push-notification" -> | |
| (authenticator.authenticatorType == "oob" || authenticator.type == "oob") && | |
| (effectiveType == "auth0" || authenticator.oobChannel == "auth0") |
|
|
||
| ```java | ||
| mfaClient | ||
| .enroll(MfaEnrollmentType.Phone.INSTANCE.invoke("+11234567890")) |
There was a problem hiding this comment.
This Java snippet uses MfaEnrollmentType.Phone.INSTANCE.invoke(...), which won’t compile for a Kotlin data class. In Java, this should be instantiated with new MfaEnrollmentType.Phone("...") (while Kotlin objects use .INSTANCE).
Suggested change
| .enroll(MfaEnrollmentType.Phone.INSTANCE.invoke("+11234567890")) | |
| .enroll(new MfaEnrollmentType.Phone("+11234567890")) |
|
|
||
| ```java | ||
| mfaClient | ||
| .verify(MfaVerificationType.Oob.INSTANCE.invoke(oobCode, "123456")) // bindingCode is optional for push |
There was a problem hiding this comment.
MfaVerificationType.Oob is a Kotlin data class, so MfaVerificationType.Oob.INSTANCE.invoke(...) in this Java example is incorrect. It should use new MfaVerificationType.Oob(oobCode, "123456") (or new ...Oob(oobCode, null) for push).
Suggested change
| .verify(MfaVerificationType.Oob.INSTANCE.invoke(oobCode, "123456")) // bindingCode is optional for push | |
| .verify(new MfaVerificationType.Oob(oobCode, "123456")) // bindingCode is optional for push |
| * Example usage: | ||
| * ``` | ||
| * try { | ||
| * val authenticators = mfaClient.getAvailableAuthenticators(listOf("otp", "oob")).await() |
There was a problem hiding this comment.
The example refers to mfaClient.getAvailableAuthenticators(...), but the client API added in this PR is named getAuthenticators(...). Please update the example to use the correct method name.
Suggested change
| * val authenticators = mfaClient.getAvailableAuthenticators(listOf("otp", "oob")).await() | |
| * val authenticators = mfaClient.getAuthenticators(listOf("otp", "oob")).await() |
utkrishtsahu
approved these changes
Feb 9, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
PR to rebase the latest main branch changes with the V4_development branch changes