SecureCredentialsManager change in Auth0.Android 3.X

Hello,

Up until version 2.X of Auth0.Android you would create:

val authentication = AuthenticationAPIClient(auth0)
val secureCredentialsManager = SecureCredentialsManager(context, authentication, SharedPreferencesStorage(context))

From 3.X looks like we have to do:

val authentication = AuthenticationAPIClient(auth0)
val secureCredentialsManager = SecureCredentialsManager(context, auth0, SharedPreferencesStorage(context))

So not passing the ‘AuthenticationAPIClient’ you would use for authentication.login() to SecureCredentialsManager, while SecureCredentialsManager’s constructor creates another AuthenticationAPIClient.

Could having two 'AuthenticationAPIClient’s not lead to problems?
In the same time when using ‘CredentialsManager’ you are able to pass in the ‘AuthenticationAPIClient’ you create in the constructor.

1. Having two AuthenticationAPIClient instances shouldn’t cause functional problems because:

• They’re stateless clients
• They’re configured with the same Auth0 instance
• Each instance will make independent network calls using the same configuration

2. However, this change could potentially impact:

• Memory usage (marginally)
• Code clarity (harder to track which instance is being used where)
• Consistency with CredentialsManager behavior

To verify the behavior, Can you check if both clients are making separate token refresh calls or if there’s any synchronization between them.

@sumansaurav Thanks for the quick reply.

I’m only using the first AuthenticationAPIClient for authentication.login().
Other than that for token refresh, logout, etc. I use secureCredentialsManager, so it will use the second AuthenticationAPIClient for everything else.

So don’t think it’s an issue in my project.

• Consistency with CredentialsManager behavior - this could be improved for anyone else using it.