Conversation
Fixing Tests Associated With AndroidX
Integrating PAR flow
added documentation for using profile prefill feature
Update README.md
upgrading minSdk version to 26
preparing for the next release
updated changelog file
bumping up the version to prepare for next release
Added failsafe null check when removing progress indicator
created login demo using applink
removes precommit version y which got committed due to an error in running release script
Preparing for next release
Preparing for next release
…out metadata Modified AuthProvider to allow authentication to continue when Pushed Authorization Request (PAR) fails. Previously, PAR failures would throw an exception and block the entire authentication flow. Now, if PAR fails (due to network errors or server issues), authentication proceeds without user metadata pre-fill, improving user experience and system resilience. Changes: - Wrapped PAR request in try-catch to handle errors gracefully - Return empty PARResponse on failure instead of throwing exception - Added comprehensive unit tests for PAR error scenarios - Verified existing tests still pass (regression testing) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Applied spotless formatting to resolve CI check failures: - Fixed elvis operator chain formatting in AuthActivity.onCreate() - Added newline at end of gradle.properties 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Handle Push Authorization Request failures gracefully to continue without name or phone
Adds a new UberEnvironment enum (PRODUCTION/SANDBOX) and threads it through the auth flow so 3P integrators can target sandbox-login.uber.com for testing without changing their production integration. - Add UberEnvironment enum to UriConfig with PRODUCTION and SANDBOX base URLs - Add optional environment field to AuthContext (defaults to PRODUCTION) - Thread environment into AuthService.create(), UniversalSsoLink, and SsoLinkFactory - Add unit tests covering both environments and backwards-compatibility default Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
- UniversalSsoLink: drop the duplicate environment field; read from authContext.environment directly so there's a single source of truth - UriConfig: remove the now-unused Environment enum (AUTH was replaced by UberEnvironment, API was the only remaining usage and is now inlined) - AuthContext: document the new environment parameter - AuthProviderTest: remove the redundant SANDBOX authenticate test — it could not actually verify the URL since both ssoLink and authService are mocked. SANDBOX URL generation is already covered by UriConfigTest
Add UberEnvironment to allow 3Ps to target sandbox vs production
…ntral Portal - authentication/core: 2.0.3-SNAPSHOT → 2.0.4-SNAPSHOT (released 2.0.3 to Maven Central today) - gradle/libs.versions.toml: mavenPublish 0.27.0 → 0.33.0 (Sonatype OSSRH was decommissioned 2025-06-30; vanniktech 0.33.0+ defaults to the new Central Portal, which is required for future releases — 0.27.0 only knows the legacy Nexus staging API which returns HTTP 402 now) - CHANGELOG.md: add v2.0.3 entry covering PR #268 (UberEnvironment for sandbox/production) and PR #265 (graceful PAR failure handling)
The v1 standalone action under gradle/wrapper-validation-action has been deprecated and now fails. The action moved to gradle/actions/wrapper-validation under the gradle/actions monorepo. Bumping to v4 unblocks CI on this PR (check job was failing on the deprecated action across all 3 jobs that used it: check, test matrix, upload-snapshots). Pre-existing failure on main, surfaced by this PR.
Bump to 2.0.4-SNAPSHOT, add 2.0.3 changelog, upgrade vanniktech for Central Portal
Fix missing ub__signin_margin dimen in :core that broke 3P authentication consumers
The auth server requires a nonce on /authorize when openid is in the requested scope, so it can echo it back as the nonce claim of the issued ID token for replay protection. The SDK previously had no way for developers to supply one. Add an optional nonce field on AuthContext that AuthProvider forwards to UniversalSsoLink (via the existing optionalQueryParams map), so it ends up as the nonce= query param on /authorize. The SDK does not generate, store, or validate the value — that stays with the caller's backend. Test Plan: unit tests covering nonce present and absent.
Forward optional nonce on /authorize request
Summary: - SDK auto-generates a cryptographically secure `state` parameter on every auth request (SecureRandom, 32 bytes, base64url-encoded) - `state` is always appended to the SSO query params - `handleAuthCode` validates the returned state; on mismatch calls `ssoLink.handleAuthError(INVALID_STATE)` instead of completing normally - Adds `SsoLink.handleAuthError()` to propagate errors through the coroutine-deferred flow - `@VisibleForTesting generatedState` field for unit-test assertions This is step 1/3 of iOS parity (PR #337 in uber-ios-sdk).
- Treat null state as a mismatch (a malicious callback omitting state should not bypass CSRF validation since the SDK always sends it) - Replace em dash with plain hyphen in INVALID_STATE message Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
[auth] Add state (CSRF) parameter to OAuth flow
Addresses review feedback from PR #271 — the growing list of nullable constructor parameters makes call sites confusing and error-prone. The new AuthContext.Builder provides a fluent API while preserving full backward compatibility with the existing data-class constructor. Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
- Add AuthOptions data class for optional auth params (prefillInfo, prompt, environment, nonce) - Add new AuthContext constructor taking AuthOptions - Deprecate old flat constructor with @deprecated annotation and ReplaceWith hint - Keep property accessors (prefillInfo, prompt, environment, nonce) on AuthContext for internal backward compatibility - Remove Builder class - Update tests to verify AuthOptions and deprecated constructor parity Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Add Builder pattern to AuthContext
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cutting the current main into 1.X branch to prepare main for the 2.X