Conversation
Migrate to AndroidX
Change how the auth data is published into the config yaml
Fixing Tests Associated With AndroidX
Integrating PAR flow
added documentation for using profile prefill feature
Update README.md
upgrading minSdk version to 26
preparing for the next release
updated changelog file
bumping up the version to prepare for next release
changed copyright header
replaced sdk with sdk2 for the authentication package
Switching to use startActivity with flags instead of startActivityForResult
Preparing for next release
Preparing for next release
…out metadata Modified AuthProvider to allow authentication to continue when Pushed Authorization Request (PAR) fails. Previously, PAR failures would throw an exception and block the entire authentication flow. Now, if PAR fails (due to network errors or server issues), authentication proceeds without user metadata pre-fill, improving user experience and system resilience. Changes: - Wrapped PAR request in try-catch to handle errors gracefully - Return empty PARResponse on failure instead of throwing exception - Added comprehensive unit tests for PAR error scenarios - Verified existing tests still pass (regression testing) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Applied spotless formatting to resolve CI check failures: - Fixed elvis operator chain formatting in AuthActivity.onCreate() - Added newline at end of gradle.properties 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Handle Push Authorization Request failures gracefully to continue without name or phone
Adds a new UberEnvironment enum (PRODUCTION/SANDBOX) and threads it through the auth flow so 3P integrators can target sandbox-login.uber.com for testing without changing their production integration. - Add UberEnvironment enum to UriConfig with PRODUCTION and SANDBOX base URLs - Add optional environment field to AuthContext (defaults to PRODUCTION) - Thread environment into AuthService.create(), UniversalSsoLink, and SsoLinkFactory - Add unit tests covering both environments and backwards-compatibility default Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
- UniversalSsoLink: drop the duplicate environment field; read from authContext.environment directly so there's a single source of truth - UriConfig: remove the now-unused Environment enum (AUTH was replaced by UberEnvironment, API was the only remaining usage and is now inlined) - AuthContext: document the new environment parameter - AuthProviderTest: remove the redundant SANDBOX authenticate test — it could not actually verify the URL since both ssoLink and authService are mocked. SANDBOX URL generation is already covered by UriConfigTest
Add UberEnvironment to allow 3Ps to target sandbox vs production
…ntral Portal - authentication/core: 2.0.3-SNAPSHOT → 2.0.4-SNAPSHOT (released 2.0.3 to Maven Central today) - gradle/libs.versions.toml: mavenPublish 0.27.0 → 0.33.0 (Sonatype OSSRH was decommissioned 2025-06-30; vanniktech 0.33.0+ defaults to the new Central Portal, which is required for future releases — 0.27.0 only knows the legacy Nexus staging API which returns HTTP 402 now) - CHANGELOG.md: add v2.0.3 entry covering PR #268 (UberEnvironment for sandbox/production) and PR #265 (graceful PAR failure handling)
The v1 standalone action under gradle/wrapper-validation-action has been deprecated and now fails. The action moved to gradle/actions/wrapper-validation under the gradle/actions monorepo. Bumping to v4 unblocks CI on this PR (check job was failing on the deprecated action across all 3 jobs that used it: check, test matrix, upload-snapshots). Pre-existing failure on main, surfaced by this PR.
Bump to 2.0.4-SNAPSHOT, add 2.0.3 changelog, upgrade vanniktech for Central Portal
Fix missing ub__signin_margin dimen in :core that broke 3P authentication consumers
The auth server requires a nonce on /authorize when openid is in the requested scope, so it can echo it back as the nonce claim of the issued ID token for replay protection. The SDK previously had no way for developers to supply one. Add an optional nonce field on AuthContext that AuthProvider forwards to UniversalSsoLink (via the existing optionalQueryParams map), so it ends up as the nonce= query param on /authorize. The SDK does not generate, store, or validate the value — that stays with the caller's backend. Test Plan: unit tests covering nonce present and absent.
Forward optional nonce on /authorize request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cutting the current main into 1.X branch to prepare main for the 2.X