Skip to content

Upgrade OkHttp to 5.0.0 and Kotlin to 2.2.0 and removed @ignore testcases.(Re pushed)#913

Open
utkrishtsahu wants to merge 5 commits intov4_developmentfrom
upgrade-okhttp-5x-v2
Open

Upgrade OkHttp to 5.0.0 and Kotlin to 2.2.0 and removed @ignore testcases.(Re pushed)#913
utkrishtsahu wants to merge 5 commits intov4_developmentfrom
upgrade-okhttp-5x-v2

Conversation

@utkrishtsahu
Copy link
Contributor

@utkrishtsahu utkrishtsahu commented Feb 16, 2026

Changes

Internal dependency upgrade

This PR upgrades the SDK's internal HTTP client library OkHttp from 4.12.0 to 5.0.0 and the Kotlin compiler from 2.0.21 to 2.2.0 (required for OkHttp 5.x metadata compatibility).

Endpoints added, deleted, deprecated, or changed

None. All Auth0 API endpoints remain unchanged.

Classes and methods added, deleted, deprecated, or changed

  • No classes or methods added, deleted, deprecated, or changed in the public API.
  • OkHttp is declared as implementation scope — it is not exposed transitively to consumers.
  • Two internal call sites in WebAuthProvider.kt and OidcUtils.kt had toLowerCase(Locale.ROOT) replaced with lowercase(Locale.ROOT) due to Kotlin 2.2.0 promoting this deprecation to an error. These are private/internal methods with no public surface impact.

Test infrastructure migration

  • Migrated from okhttp3.mockwebserver → mockwebserver3 package (new artifact in OkHttp 5.x)
  • Adapted to MockResponse.Builder() pattern (immutable responses)
  • RecordedRequest.path → .target, getHeader() → headers[], shutdown() → close()
  • Null-safe body handling (ByteString? instead of Buffer)
  • Re-enabled 2 @ignore'd tests in WebAuthProviderTest.kt that now pass with OkHttp 5.x

References

SDK-7768

Testing

Build Passed
Unit Test Passed

Checklist

@utkrishtsahu utkrishtsahu requested a review from a team as a code owner February 16, 2026 06:40
@pmathew92 pmathew92 requested a review from Copilot February 16, 2026 06:59
Copilot AI reviewed Feb 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the SDK's internal dependencies to their latest major versions: OkHttp from 4.12.0 to 5.0.0 and Kotlin from 2.0.21 to 2.2.0. The upgrade is primarily internal and does not affect the SDK's public API surface, as OkHttp is used as an implementation dependency. The changes include comprehensive test infrastructure migration to OkHttp 5.x's new APIs, replacement of deprecated Kotlin string methods, and re-enabling of two previously ignored test cases that now pass with the updated dependencies.

Changes:

  • Upgraded Kotlin compiler from 2.0.21 to 2.2.0 and OkHttp from 4.12.0 to 5.0.0
  • Migrated test infrastructure from okhttp3.mockwebserver to mockwebserver3 package with corresponding API updates
  • Replaced deprecated toLowerCase(Locale.ROOT) with lowercase(Locale.ROOT) in production code
  • Re-enabled 2 previously ignored tests in WebAuthProviderTest with @ConscryptMode(OFF) annotation
  • Added mainThread() implementation to ThreadSwitcherShadow for test completeness
  • Updated V4_MIGRATION_GUIDE.md with Kotlin 2.2.0 and OkHttp 5.0.0 upgrade details

Reviewed changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
build.gradle Updated Kotlin version from 2.0.21 to 2.2.0
auth0/build.gradle Updated OkHttp version from 4.12.0 to 5.0.0 and test dependency to mockwebserver3
auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt Replaced deprecated toLowerCase() with lowercase() in scheme validation
auth0/src/main/java/com/auth0/android/request/internal/OidcUtils.kt Replaced deprecated toLowerCase() with lowercase() in scope normalization
auth0/src/test/java/com/auth0/android/util/SSLTestUtils.kt Updated MockWebServer import and removed second parameter from useHttps()
auth0/src/test/java/com/auth0/android/util/APIMockServer.kt Migrated to MockResponse.Builder pattern, RecordedRequest.target, and server.close()
auth0/src/test/java/com/auth0/android/util/AuthenticationAPIMockServer.kt Migrated to MockResponse.Builder pattern for empty and plain text responses
auth0/src/test/java/com/auth0/android/request/internal/ThreadSwitcherShadow.java Added mainThread() shadow implementation for test coverage
auth0/src/test/java/com/auth0/android/request/DefaultClientTest.kt Updated imports, MockResponse.Builder pattern, RecordedRequest.target, body?.utf8() null safety
auth0/src/test/java/com/auth0/android/provider/WebAuthProviderTest.kt Removed @ignore from 2 tests, added @ConscryptMode(OFF), replaced mock server with spy pattern
auth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.kt Updated RecordedRequest.target and headers[] access, body!!.utf8()
auth0/src/test/java/com/auth0/android/management/UsersAPIClientTest.kt Updated RecordedRequest.target and headers[] access, body!!.utf8()
auth0/src/test/java/com/auth0/android/authentication/MfaApiClientTest.kt Updated imports, MockResponse.Builder pattern, RecordedRequest.target, headers[], body!!.utf8()
auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.kt Updated imports, RecordedRequest.target, headers[], body!!.utf8() throughout all tests
V4_MIGRATION_GUIDE.md Added Kotlin 2.2.0 and OkHttp 5.0.0 upgrade notes with migration guidance

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

sanchitmehtagit
sanchitmehtagit reviewed Feb 16, 2026
View reviewed changes
V4_MIGRATION_GUIDE.md
}
```

> **Note:** Kotlin 2.2.0 promotes the deprecation of `String.toLowerCase()` / `String.toUpperCase()` without a `Locale` parameter to an error. If your project uses these methods, replace them with `lowercase(Locale.ROOT)` / `uppercase(Locale.ROOT)`.
Copy link

@sanchitmehtagit sanchitmehtagit Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: we can drop this message as there might be more changes that need to be incorporated by clients tp upgrade their code base to kotline 2..20 and instead we can add a kotlin official documentaion on how to upgrade from older to 2.2.x

@utkrishtsahu
Upgrade OkHttp to 5.0.0 and Kotlin to 2.2.0; migrate tests to mockweb…
2300b15 
…server3

T_EDITOR=true git rebase --continue 2>&1
TOR=true GIT_SEQUENCE_EDITOR=true git rebase --continue 2>&1
T_EDITOR="cat" git rebase --continue --no-edit 2>&1
@utkrishtsahu
Fix flaky JWKS tests with Mockito.timeout for async callback
1258b26
@utkrishtsahu
Fix flaky JWKS tests by mocking NetworkingClient instead of MockWebSe…
1843b00 
…rver
@utkrishtsahu
Fix flaky JWKS tests by shadowing mainThread in ThreadSwitcherShadow
2eea3b6
@utkrishtsahu
Robolectric 4.14+ uses Conscrypt as the crypto provider on Linux,
2a29eb5 
which causes NullPointerException at OpenSSLKey.java:242 when
handling RSA keys created from PEM/PKCS8 specs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sanchitmehtagit sanchitmehtagit sanchitmehtagit left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@utkrishtsahu @sanchitmehtagit