Store the Dpop thumbprint to local storage#940
Open
pmathew92 wants to merge 7 commits intodpop_thumbprint_fixfrom
Open
Store the Dpop thumbprint to local storage#940pmathew92 wants to merge 7 commits intodpop_thumbprint_fixfrom
pmathew92 wants to merge 7 commits intodpop_thumbprint_fixfrom
Conversation
…CredentialsManager class
auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Adds persistence of the DPoP key thumbprint into credentials storage so the SDK can later detect/handle DPoP-bound credentials across app/device lifecycle events.
Changes:
- Adds a public
AuthenticationAPIClient.isDPoPEnabledflag and a publicDPoP.hasKeyPair()helper. - Introduces shared thumbprint persistence logic in
BaseCredentialsManager.saveDPoPThumbprint(...), and invokes it during credential saves/clears in both credentials manager implementations. - Extends
CredentialsManagerExceptionwith DPoP-related error codes/messages (as referenced by PR #939).
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| auth0/src/main/java/com/auth0/android/dpop/DPoP.kt | Adds public hasKeyPair() API to check KeyStore presence. |
| auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt | Exposes isDPoPEnabled to let storage logic infer DPoP usage. |
| auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt | Implements thumbprint persistence/removal logic and introduces the storage key constant. |
| auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt | Calls thumbprint persistence on save and removes it on clear. |
| auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt | Calls thumbprint persistence on save and removes it on clear; also stores token type. |
| auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt | Adds DPoP-related exception codes and user-facing messages. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
Outdated
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
Outdated
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManagerException.kt
Outdated
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
Show resolved
Hide resolved
| internal const val KEY_ALIAS = "com.auth0.key" | ||
|
|
||
| @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) | ||
| internal const val KEY_TOKEN_TYPE = "com.auth0.token_type" |
Contributor
There was a problem hiding this comment.
Nit: KEY_TOKEN_TYPE with the same value "com.auth0.token_type" already exists as a private const in CredentialsManager (line 764). Now we have it in two places — might drift. Since KEY_DPOP_THUMBPRINT was placed in BaseCredentialsManager for sharing, can we do the same for KEY_TOKEN_TYPE?
utkrishtsahu
requested changes
Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
This PR adds support to store the Dpop thumbprint to local storage if DPoP was used while Authenticating the user
References
Should be merged after #939
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors