Miguel avatar image
Miguel asked ·

Notice: Changes to Android SDK Auth Token Generation

Starting mid-April app auth tokens will be generated the first time an Android app requests it, instead of upon app installation. The reason for this change is to certify auth tokens are currently valid. Therefore, any app developers using the Android SDK to generate auth tokens should ensure your app:

  • Handles the CloverAuth.authenticate() method which can take up to 60 seconds to respond. In the meantime, your app should remain responsive and show ongoing progress.
  • Handles the edge case of AuthResult or AuthResult.authToken returned as null – indicating a failed call.
  • Does not store auth tokens on the Clover device. If your app needs an auth token, you should call CloverAuth.authenticate() to avoid issues with token expiration.
  • Requests auth tokens as early as possible to minimize the likelihood of issues.

Refer to the sample code below:

protected CloverAuth.AuthResult doInBackground(Void... params) {
    try {
        CloverAuth.AuthResult authResult = 
            CloverAuth.authenticate(MainActivity.this, mAccount);
        if (authResult == null)
            Log.e(TAG, "Null AuthResult");
        else if (authResult.authToken == null)
            Log.e(TAG, "No auth token in AuthResult");
        return authResult;
    } catch (OperationCanceledException e) {
        Log.e(TAG, "Authentication cancelled", e);
    } catch (Exception e) {
        Log.e(TAG, "Error retrieving authentication", e);
    return null;

App developers who retrieve auth tokens using OAuth are not impacted by this change.

For assistance, please use DevAsk or contact us at

10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I see that the method authenticate(Activity activity, Account account, boolean forceValidateToken) has been deprecated. Would this change also stop supporting the forceValidateToken flag ?

0 Likes 0 · ·

We do not guarantee support for deprecated methods.

0 Likes 0 · ·

As indicated in the deprecation text, it's deprecated in favor of using the version that accepts a timeout parameter. It is recommended you use this timeout so your app can control how long it expects to wait for a response and obviously gracefully handle the case where no response is received. Force validation is not deprecated and is available on the non-deprecated version of the method that accepts a timeout.

0 Likes 0 · ·

Will the sandbox environment implement this change ahead of the production environment so we can verify our apps work correctly ahead of time?

0 Likes 0 · ·

@jeremyinvoiceasap Right now updates do not roll out to sandbox first. However, we have received that feedback and we are looking at options for allowing developers a way to preview upcoming changes before they hit Prod.

0 Likes 0 · ·

0 Answers

Welcome to the
Clover Developer Community