Merge branch 'main' into SDK-5905

Author: pmathew92

.version

@@ -1 +1 @@
-3.5.0
+3.6.0

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## [3.6.0](https://github.com/auth0/Auth0.Android/tree/3.6.0) (2025-04-28)
+[Full Changelog](https://github.com/auth0/Auth0.Android/compare/3.5.0...3.6.0)
+
+**Added**
+- Added new error type to CredentialsManagerException class [\#821](https://github.com/auth0/Auth0.Android/pull/821) ([pmathew92](https://github.com/pmathew92))
+- Added  Native to Web support [\#803](https://github.com/auth0/Auth0.Android/pull/803) ([pmathew92](https://github.com/pmathew92))
+
+**Changed**
+- Removed experimental tag from TWA [\#818](https://github.com/auth0/Auth0.Android/pull/818) ([pmathew92](https://github.com/pmathew92))
+
 ## [3.5.0](https://github.com/auth0/Auth0.Android/tree/3.5.0) (2025-03-17)
 [Full Changelog](https://github.com/auth0/Auth0.Android/compare/3.4.0...3.5.0)
 

EXAMPLES.md

@@ -18,7 +18,7 @@
     - [Sign Up with a database connection](#sign-up-with-a-database-connection)
     - [Get user information](#get-user-information)
     - [Custom Token Exchange](#custom-token-exchange)
-    - [Native to Web SSO login](#native-to-web-sso-login)
+    - [Native to Web SSO login [EA]](#native-to-web-sso-login-ea)
   - [Credentials Manager](#credentials-manager)
     - [Secure Credentials Manager](#secure-credentials-manager)
       - [Usage](#usage)
@@ -541,7 +541,11 @@ authentication
 </details>
 
 
-## Native to Web SSO login
+## Native to Web SSO login [EA]
+
+> [!NOTE]  
+> This feature is currently available in [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access). Please reach out to Auth0 support to get it 
+> enabled for your tenant.
 
 This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again.
 

README.md

@@ -51,7 +51,7 @@ To install Auth0.Android with [Gradle](https://gradle.org/), simply add the foll
 
 ```gradle
 dependencies {
-    implementation 'com.auth0.android:auth0:3.5.0'
+    implementation 'com.auth0.android:auth0:3.6.0'
 }
 ```
 

auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt

@@ -930,6 +930,12 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * parameter with the session transfer token. For example,
      * `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ##Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      *
      * @param refreshToken A valid refresh token obtained as part of Auth0 authentication
      * @return a request to fetch a session transfer token

auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt

@@ -1,6 +1,7 @@
 package com.auth0.android.authentication.storage
 
 import android.text.TextUtils
+import android.util.Log
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
@@ -62,6 +63,12 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -77,6 +84,12 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -110,6 +123,17 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
                         error
                     )
                 )
+            } catch (exception: RuntimeException) {
+                Log.e(
+                    TAG,
+                    "Caught unexpected exceptions while fetching sso token ${exception.stackTraceToString()}"
+                )
+                callback.onFailure(
+                    CredentialsManagerException(
+                        CredentialsManagerException.Code.UNKNOWN_ERROR,
+                        exception
+                    )
+                )
             }
         }
     }
@@ -122,6 +146,12 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -139,6 +169,12 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -442,6 +478,20 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
                         exception, error
                     )
                 )
+            } catch (exception: RuntimeException) {
+                /**
+                 *  Catching any unexpected runtime errors in the token renewal flow
+                 */
+                Log.e(
+                    TAG,
+                    "Caught unexpected exceptions for token renewal ${exception.stackTraceToString()}"
+                )
+                callback.onFailure(
+                    CredentialsManagerException(
+                        CredentialsManagerException.Code.UNKNOWN_ERROR,
+                        exception
+                    )
+                )
             }
         }
     }
@@ -527,5 +577,6 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
         // This is no longer used as we get the credentials expiry from the access token only,
         // but we still store it so users can rollback to versions where it is required.
         private const val LEGACY_KEY_CACHE_EXPIRES_AT = "com.auth0.cache_expires_at"
+        private val TAG = CredentialsManager::class.java.simpleName
     }
 }

auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt

@@ -46,6 +46,7 @@ public class CredentialsManagerException :
         NO_NETWORK,
         API_ERROR,
         SSO_EXCHANGE_FAILED,
+        UNKNOWN_ERROR
     }
 
     private var code: Code?
@@ -146,6 +147,8 @@ public class CredentialsManagerException :
         public val SSO_EXCHANGE_FAILED: CredentialsManagerException =
             CredentialsManagerException(Code.SSO_EXCHANGE_FAILED)
 
+        public val UNKNOWN_ERROR: CredentialsManagerException = CredentialsManagerException(Code.UNKNOWN_ERROR)
+
 
         private fun getMessage(code: Code): String {
             return when (code) {
@@ -191,6 +194,7 @@ public class CredentialsManagerException :
                 Code.NO_NETWORK -> "Failed to execute the network request."
                 Code.API_ERROR -> "An error occurred while processing the request."
                 Code.SSO_EXCHANGE_FAILED ->"The exchange of the refresh token for SSO credentials failed."
+                Code.UNKNOWN_ERROR -> "An unknown error has occurred while fetching the token. Please check the error cause for more details."
             }
         }
     }

auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt

@@ -133,6 +133,12 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -148,6 +154,12 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -192,6 +204,17 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
                     CredentialsManagerException.Code.STORE_FAILED, error
                 )
                 callback.onFailure(exception)
+            } catch (exception: RuntimeException) {
+                Log.e(
+                    TAG,
+                    "Caught unexpected exceptions while fetching sso token ${exception.stackTraceToString()}"
+                )
+                callback.onFailure(
+                    CredentialsManagerException(
+                        CredentialsManagerException.Code.UNKNOWN_ERROR,
+                        exception
+                    )
+                )
             }
         }
     }
@@ -204,6 +227,12 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -221,6 +250,12 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
      * parameter with the session transfer token. For example,
      *  `https://example.com/login?session_transfer_token=THE_TOKEN`.
      *
+     * ## Availability
+     *
+     * This feature is currently available in
+     * [Early Access](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages#early-access).
+     * Please reach out to Auth0 support to get it enabled for your tenant.
+     *
      * It will fail with [CredentialsManagerException] if the existing refresh_token is null or no longer valid.
      * This method will handle saving the refresh_token, if a new one is issued.
      */
@@ -680,6 +715,21 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
                     )
                 )
                 return@execute
+            } catch (exception: RuntimeException) {
+                /**
+                 *  Catching any unexpected runtime errors in the token renewal flow
+                 */
+                Log.e(
+                    TAG,
+                    "Caught unexpected exceptions for token renewal ${exception.stackTraceToString()}"
+                )
+                callback.onFailure(
+                    CredentialsManagerException(
+                        CredentialsManagerException.Code.UNKNOWN_ERROR,
+                        exception
+                    )
+                )
+                return@execute
             }
 
             try {

auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.kt

@@ -328,6 +328,31 @@ public class CredentialsManagerTest {
         )
     }
 
+    @Test
+    public fun shouldFailOnGetNewSSOCredentialsWhenUnexpectedErrorOccurs() {
+        Mockito.`when`(storage.retrieveString("com.auth0.refresh_token")).thenReturn("refreshToken")
+        Mockito.`when`(
+            client.ssoExchange("refreshToken")
+        ).thenReturn(SSOCredentialsRequest)
+        //Trigger failure
+        val runtimeException = RuntimeException(
+            "unexpected_error"
+        )
+        Mockito.`when`(SSOCredentialsRequest.execute()).thenThrow(runtimeException)
+        manager.getSsoCredentials(ssoCallback)
+        verify(ssoCallback).onFailure(
+            exceptionCaptor.capture()
+        )
+        val exception = exceptionCaptor.firstValue
+        MatcherAssert.assertThat(exception, Is.`is`(Matchers.notNullValue()))
+        MatcherAssert.assertThat(exception, Is.`is`(CredentialsManagerException.UNKNOWN_ERROR))
+        MatcherAssert.assertThat(exception.cause, Is.`is`(runtimeException))
+        MatcherAssert.assertThat(
+            exception.message,
+            Is.`is`("An unknown error has occurred while fetching the token. Please check the error cause for more details.")
+        )
+    }
+
     @Test
     @ExperimentalCoroutinesApi
     public fun shouldFailOnAwaitSSOCredentialsWhenNoRefreshTokenWasSaved(): Unit = runTest {
@@ -1122,6 +1147,46 @@ public class CredentialsManagerTest {
         )
     }
 
+    @Test
+    public fun shouldGetAndFailToRenewExpiredCredentialsWhenAnyUnexpectedErrorOccurs() {
+        Mockito.`when`(storage.retrieveString("com.auth0.id_token")).thenReturn("idToken")
+        Mockito.`when`(storage.retrieveString("com.auth0.access_token")).thenReturn("accessToken")
+        Mockito.`when`(storage.retrieveString("com.auth0.refresh_token")).thenReturn("refreshToken")
+        Mockito.`when`(storage.retrieveString("com.auth0.token_type")).thenReturn("type")
+        val expirationTime = CredentialsMock.CURRENT_TIME_MS //Same as current time --> expired
+        Mockito.`when`(storage.retrieveLong("com.auth0.expires_at")).thenReturn(expirationTime)
+        Mockito.`when`(storage.retrieveLong("com.auth0.cache_expires_at"))
+            .thenReturn(expirationTime)
+        Mockito.`when`(storage.retrieveString("com.auth0.scope")).thenReturn("scope")
+        Mockito.`when`(
+            client.renewAuth("refreshToken")
+        ).thenReturn(request)
+        //Trigger failure
+        val runtimeException = NullPointerException("Something went wrong")
+        Mockito.`when`(request.execute()).thenThrow(runtimeException)
+        manager.getCredentials(callback)
+        verify(storage, never())
+            .store(ArgumentMatchers.anyString(), ArgumentMatchers.anyInt())
+        verify(storage, never())
+            .store(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong())
+        verify(storage, never())
+            .store(ArgumentMatchers.anyString(), ArgumentMatchers.anyString())
+        verify(storage, never())
+            .store(ArgumentMatchers.anyString(), ArgumentMatchers.anyBoolean())
+        verify(storage, never()).remove(ArgumentMatchers.anyString())
+        verify(callback).onFailure(
+            exceptionCaptor.capture()
+        )
+        val exception = exceptionCaptor.firstValue
+        MatcherAssert.assertThat(exception, Is.`is`(Matchers.notNullValue()))
+        MatcherAssert.assertThat(exception, Is.`is`(CredentialsManagerException.UNKNOWN_ERROR))
+        MatcherAssert.assertThat(exception.cause, Is.`is`(runtimeException))
+        MatcherAssert.assertThat(
+            exception.message,
+            Is.`is`("An unknown error has occurred while fetching the token. Please check the error cause for more details.")
+        )
+    }
+
     @Test
     public fun shouldClearCredentials() {
         manager.clearCredentials()