Skip to content

Update the Min SDK version for the Auth0.Android SDK 26#953

Open
utkrishtsahu wants to merge 2 commits intov4_developmentfrom
update-min-sdk-26
Open

Update the Min SDK version for the Auth0.Android SDK 26#953
utkrishtsahu wants to merge 2 commits intov4_developmentfrom
update-min-sdk-26

Conversation

@utkrishtsahu
Copy link
Copy Markdown
Contributor

@utkrishtsahu utkrishtsahu commented Apr 15, 2026

Changes

Updated the minimum SDK version from 21 (Android 5.0) to 26 (Android 8.0) and removed dead code paths that were only reachable on API < 23.

auth0/build.gradle

  • minSdkVersion 21 → 26

sample/build.gradle

  • minSdk 24 → 26

CryptoUtil.java

  • Removed the legacy KeyPairGeneratorSpec branch (API 18-22) for RSA key generation. Only the KeyGenParameterSpec path (API 23+) remains.
  • Removed unused imports: KeyguardManager, Intent, KeyPairGeneratorSpec
  • Note: getKeyEntryCompat API < P check is kept — still needed for API 26-27

DPoPKeyStore.kt

  • Removed dead if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) throw check — always false with minSdk 26

BrowserPicker.java

  • Simplified Build.VERSION.SDK_INT >= M ? MATCH_ALL : 0 to just MATCH_ALL
  • Removed unused Build import

CryptoUtilTest.java

  • Removed 3 legacy @config(sdk = 21) tests that tested the KeyPairGeneratorSpec path
  • Renamed shouldCreateRSAKeyPairIfMissingOnAPI23AndUp → shouldCreateRSAKeyPairIfMissing

Auth0UserAgentTest.java

  • Updated @config(sdk = 21/23) tests to use sdk = 28/30 (cached Robolectric jars)
  • Replaced brittle hardcoded base64 assertions with decoded JSON assertions

V4_MIGRATION_GUIDE.md

  • Added "Minimum SDK Version" section documenting the API 21 → 26 requirement change
  • No public API changes. No endpoints added, deleted, or changed.

References

SDK-8577

Testing

Verified manually on emulator (API 34) with the sample app:

  • ROPG login → Get Credentials → Get Credentials (Secure) → Delete Credentials

  • Web Auth login → Get Credentials → Web Auth logout

  • All flows use the simplified KeyGenParameterSpec and MATCH_ALL code paths

  • Existing CryptoUtilTest and Auth0UserAgentTest updated to reflect the new minSdk. Legacy API 21 tests removed. All 1235 tests pass.

  • Tested on API 34 emulator (Android 14), built with AGP 8.10.1, Gradle 8.11.1, Java 17

  • Checklist

  • I have read the Auth0 general contribution guidelines

  • I have read the Auth0 Code of Conduct

  • All existing and new tests complete without errors

@utkrishtsahu utkrishtsahu requested a review from a team as a code owner April 15, 2026 10:47
@utkrishtsahu utkrishtsahu changed the base branch from main to v4_development April 15, 2026 10:49
pmathew92
pmathew92 reviewed Apr 16, 2026
View reviewed changes
Comment thread auth0/src/main/java/com/auth0/android/dpop/DPoPKeyStore.kt

fun generateKeyPair(context: Context, useStrongBox: Boolean = true) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
throw DPoPException.UNSUPPORTED_ERROR
Copy link
Copy Markdown
Contributor

@pmathew92 pmathew92 Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can now remove the DPoPException.UNSUPPORTED_ERROR and related code

pmathew92
pmathew92 requested changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pmathew92 pmathew92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets remove the DPoP UnsupportedError and related code. Also update the migration guide if required for the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmathew92 pmathew92 pmathew92 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@utkrishtsahu @pmathew92