feat: Added Auth tab support

[pmathew92]

Changes

This PT adds support for Android Auth TabIntent to the WebAuthentication login and logout flow.

References

https://developer.android.com/reference/androidx/browser/auth/AuthTabIntent

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds unit test coverage

• This change adds integration test coverage

• This change has been tested on the latest version of the platform/language or why not

Checklist

• I have read the Auth0 general contribution guidelines

• I have read the Auth0 Code of Conduct

• All existing and new tests complete without errors

[utkrishtsahu]

remove this generated comment

[pmathew92]

This is added intentionally to highlight why this if check is needed

[utkrishtsahu]

remove this generated comment

[pmathew92]

This is added intentionally to highlight why this if check is needed

[utkrishtsahu]

missing .withAuthTab() — test never enters the auth tab code path, passes for the wrong reason

[pmathew92]

Good catch. Fixed

[utkrishtsahu]

the test now has .withAuthTab() but still uses the default BrowserPicker (no mock returning a package). This means preferredPackage will be null, so the method falls back at the first guard (preferredPackage == null) — not at the scheme check it's supposed to test. The test still passes for the wrong reason, just at a different fallback point.

[utkrishtsahu]

visibility reduced from public to package-private without callout; this is a breaking API change

[pmathew92]

No.. this is inside the CustomTabsOptions class. Not the public API

[utkrishtsahu]

ComponentActivity() — base class change from Activity is public API-breaking for subclassers;
Can we document in V4 migration guide

[pmathew92]

this is within the SDK. Not for public APIs. It is open for testing purpose. Do you see scenario where this can fail for users updating to V4 ?

[utkrishtsahu]

since this targets v4 and subclassing AuthenticationActivity isn't a documented use case, this is fine. No action needed.

[utkrishtsahu]

signature changed from nullable to non-null; subclass overrides of the old signature will break

[pmathew92]

Again an internal implementation. No effect for consuming clients

[utkrishtsahu]

else if (customTabsOptions.isAuthTab()) — TWA silently takes priority over Auth Tab; consider logging a warning or documenting this precedence

[pmathew92]

Added comments and document to highlight this

[utkrishtsahu]

internal val authTabResultHandler — internal exposes to entire module, not just tests; consider private + @VisibleForTesting(PRIVATE)

[pmathew92]

We intentionally chose internal over private + @VisibleForTesting as part of the collaborator pattern

• AuthTabResultHandler is internal itself, so the combination is module-scoped regardless
• The collaborator pattern was specifically chosen to avoid @VisibleForTesting on the activity — adding it back would contradict the design
• Tests in the same module access it cleanly without annotation

[utkrishtsahu]

bindService() called before scheme null-check at line 198; if scheme is null, this work is wasted before falling back to launchAsDefault which calls bindService again

[pmathew92]

Good point. Moved scheme check above bindService()

[utkrishtsahu]

the test now has .withAuthTab() but still uses the default BrowserPicker (no mock returning a package). This means preferredPackage will be null, so the method falls back at the first guard (preferredPackage == null) — not at the scheme check it's supposed to test. The test still passes for the wrong reason, just at a different fallback point.