From 58582b7ac27e2b165c0c523aca5333759485ee23 Mon Sep 17 00:00:00 2001 From: Prince Mathew Date: Fri, 6 Mar 2026 17:06:52 +0530 Subject: [PATCH 1/3] deprecate : Deprecate the existing MFA APIs in favor of the new MfaApiClient --- .../authentication/AuthenticationAPIClient.kt | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt b/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt index 31237730..c35855f1 100755 --- a/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt +++ b/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt @@ -174,6 +174,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe return loginWithToken(requestParameters) } + /** * Log in a user using the One Time Password code after they have received the 'mfa_required' error. * The MFA token tells the server the username or email, password, and realm values sent on the first request. @@ -196,6 +197,11 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * MFA application such as Google Authenticator or Guardian. * @return a request to configure and start that will yield [Credentials] */ + @Deprecated( + message = """loginWithOTP method is deprecated and will be removed in the next major version of the SDK. + "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + level = DeprecationLevel.WARNING + ) public fun loginWithOTP(mfaToken: String, otp: String): AuthenticationRequest { val parameters = ParameterBuilder.newBuilder() .setGrantType(ParameterBuilder.GRANT_TYPE_MFA_OTP) @@ -409,6 +415,11 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * This is usually an OTP-like code delivered as part of the challenge message. * @return a request to configure and start that will yield [Credentials] */ + @Deprecated( + message = """loginWithOOB is deprecated and will be removed in the next major version of the SDK. + "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + level = DeprecationLevel.WARNING + ) public fun loginWithOOB( mfaToken: String, oobCode: String, @@ -445,6 +456,11 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * @return a request to configure and start that will yield [Credentials]. It might also include a [recoveryCode] field, * which your application must display to the end-user to be stored securely for future use. */ + @Deprecated( + message = """loginWithRecoveryCode is deprecated and will be removed in the next major version of the SDK. + "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + level = DeprecationLevel.WARNING + ) public fun loginWithRecoveryCode( mfaToken: String, recoveryCode: String @@ -478,6 +494,11 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * @param authenticatorId The ID of the authenticator to challenge. * @return a request to configure and start that will yield [Challenge] */ + @Deprecated( + message = """multifactorChallenge is deprecated and will be removed in the next major version of the SDK. + "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + level = DeprecationLevel.WARNING + ) public fun multifactorChallenge( mfaToken: String, challengeType: String? = null, From b2c4106be0dc8c611596e4908ec0bb4b4e7c34ea Mon Sep 17 00:00:00 2001 From: Prince Mathew Date: Fri, 6 Mar 2026 17:21:03 +0530 Subject: [PATCH 2/3] Updated the comments to a single line --- .../authentication/AuthenticationAPIClient.kt | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt b/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt index c35855f1..572ecc51 100755 --- a/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt +++ b/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt @@ -198,8 +198,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * @return a request to configure and start that will yield [Credentials] */ @Deprecated( - message = """loginWithOTP method is deprecated and will be removed in the next major version of the SDK. - "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + message = "loginWithOTP is deprecated and will be removed in the next major version of the SDK. Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.", level = DeprecationLevel.WARNING ) public fun loginWithOTP(mfaToken: String, otp: String): AuthenticationRequest { @@ -416,8 +415,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * @return a request to configure and start that will yield [Credentials] */ @Deprecated( - message = """loginWithOOB is deprecated and will be removed in the next major version of the SDK. - "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + message = "loginWithOOB is deprecated and will be removed in the next major version of the SDK. Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.", level = DeprecationLevel.WARNING ) public fun loginWithOOB( @@ -457,8 +455,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * which your application must display to the end-user to be stored securely for future use. */ @Deprecated( - message = """loginWithRecoveryCode is deprecated and will be removed in the next major version of the SDK. - "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + message = "loginWithRecoveryCode is deprecated and will be removed in the next major version of the SDK. Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.", level = DeprecationLevel.WARNING ) public fun loginWithRecoveryCode( @@ -495,8 +492,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe * @return a request to configure and start that will yield [Challenge] */ @Deprecated( - message = """multifactorChallenge is deprecated and will be removed in the next major version of the SDK. - "Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.""", + message = "multifactorChallenge is deprecated and will be removed in the next major version of the SDK. Use the APIs in the [com.auth0.android.authentication.mfa.MfaApiClient] class instead.", level = DeprecationLevel.WARNING ) public fun multifactorChallenge( From 347a57dfae92e921db15f66cf90ee3461d8b189b Mon Sep 17 00:00:00 2001 From: Prince Mathew Date: Fri, 6 Mar 2026 17:37:55 +0530 Subject: [PATCH 3/3] Updated the examples file --- EXAMPLES.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/EXAMPLES.md b/EXAMPLES.md index 1ad204be..0d3647cb 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -426,6 +426,8 @@ authentication > The default scope used is `openid profile email`. Regardless of the scopes set to the request, the `openid` scope is always enforced. +> **Note** : The MFA APIs in Authentication client has been deprecated. Use the new MFA Flexible Factors APIs + ### MFA Flexible Factors Grant > [!IMPORTANT]