microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Android MSAL 6.0.0 + obfuscation issues

Open Niobij opened this issue 7 months ago • 0 comments

Using the MSAL library version 6.0.0 and building a release I've got the next error log:

> Task :app:minifyReleaseWithR8 FAILED
AGPBI: {"kind":"error","text":"Missing classes detected while running R8. Please add the missing classes or apply additional keep rules that are generated in %my path%\missing_rules.txt.","sources":[{}]}
AGPBI: {"kind":"error","text":"Missing class com.google.crypto.tink.subtle.Ed25519Sign$KeyPair (referenced from: com.nimbusds.jose.jwk.OctetKeyPair com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator.generate())\r\nMissing class com.google.crypto.tink.subtle.Ed25519Sign (referenced from: com.google.crypto.tink.subtle.Ed25519Sign com.nimbusds.jose.crypto.Ed25519Signer.tinkSigner and 2 other contexts)\r\nMissing class com.google.crypto.tink.subtle.Ed25519Verify (referenced from: com.google.crypto.tink.subtle.Ed25519Verify com.nimbusds.jose.crypto.Ed25519Verifier.tinkVerifier and 2 other contexts)\r\nMissing class com.google.crypto.tink.subtle.X25519 (referenced from: com.nimbusds.jose.JWECryptoParts com.nimbusds.jose.crypto.X25519Encrypter.encrypt(com.nimbusds.jose.JWEHeader, byte[], byte[]) and 2 other contexts)\r\nMissing class com.google.crypto.tink.subtle.XChaCha20Poly1305 (referenced from: byte[] com.nimbusds.jose.crypto.impl.XC20P.decryptAuthenticated(javax.crypto.SecretKey, byte[], byte[], byte[], byte[]) and 1 other context)\r\nMissing class edu.umd.cs.findbugs.annotations.NonNull (referenced from: void com.microsoft.identity.common.java.browser.Browser.<init>(java.lang.String, java.util.Set, java.lang.String, boolean) and 17 other contexts)\r\nMissing class edu.umd.cs.findbugs.annotations.Nullable (referenced from: android.app.Activity com.microsoft.identity.common.internal.platform.AndroidPlatformUtil.mActivity and 308 other contexts)\r\nMissing class edu.umd.cs.findbugs.annotations.SuppressFBWarnings (referenced from: boolean com.microsoft.identity.common.crypto.AndroidWrappedKeyLoader.sSkipKeyInvalidationCheck and 80 other contexts)","sources":[{}],"tool":"R8"}
Missing classes detected while running R8. Please add the missing classes or apply additional keep rules that are generated in %my path%\missing_rules.txt.

Missing class com.google.crypto.tink.subtle.Ed25519Sign$KeyPair (referenced from: com.nimbusds.jose.jwk.OctetKeyPair com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator.generate())
Missing class com.google.crypto.tink.subtle.Ed25519Sign (referenced from: com.google.crypto.tink.subtle.Ed25519Sign com.nimbusds.jose.crypto.Ed25519Signer.tinkSigner and 2 other contexts)
Missing class com.google.crypto.tink.subtle.Ed25519Verify (referenced from: com.google.crypto.tink.subtle.Ed25519Verify com.nimbusds.jose.crypto.Ed25519Verifier.tinkVerifier and 2 other contexts)
Missing class com.google.crypto.tink.subtle.X25519 (referenced from: com.nimbusds.jose.JWECryptoParts com.nimbusds.jose.crypto.X25519Encrypter.encrypt(com.nimbusds.jose.JWEHeader, byte[], byte[]) and 2 other contexts)
Missing class com.google.crypto.tink.subtle.XChaCha20Poly1305 (referenced from: byte[] com.nimbusds.jose.crypto.impl.XC20P.decryptAuthenticated(javax.crypto.SecretKey, byte[], byte[], byte[], byte[]) and 1 other context)
Missing class edu.umd.cs.findbugs.annotations.NonNull (referenced from: void com.microsoft.identity.common.java.browser.Browser.<init>(java.lang.String, java.util.Set, java.lang.String, boolean) and 17 other contexts)
Missing class edu.umd.cs.findbugs.annotations.Nullable (referenced from: android.app.Activity com.microsoft.identity.common.internal.platform.AndroidPlatformUtil.mActivity and 308 other contexts)
Missing class edu.umd.cs.findbugs.annotations.SuppressFBWarnings (referenced from: boolean com.microsoft.identity.common.crypto.AndroidWrappedKeyLoader.sSkipKeyInvalidationCheck and 80 other contexts)

The AGP suggested to add the next rules:

# Please add these rules to your existing keep rules in order to suppress warnings.
# This is generated automatically by the Android Gradle plugin.
-dontwarn com.google.crypto.tink.subtle.Ed25519Sign$KeyPair
-dontwarn com.google.crypto.tink.subtle.Ed25519Sign
-dontwarn com.google.crypto.tink.subtle.Ed25519Verify
-dontwarn com.google.crypto.tink.subtle.X25519
-dontwarn com.google.crypto.tink.subtle.XChaCha20Poly1305
-dontwarn edu.umd.cs.findbugs.annotations.NonNull
-dontwarn edu.umd.cs.findbugs.annotations.Nullable
-dontwarn edu.umd.cs.findbugs.annotations.SuppressFBWarnings

Fixed the issues by adding these libraries to my dependencies along with MSAL:

implementation 'com.microsoft.identity.client:msal:6.0.0'
implementation("com.google.crypto.tink:tink:1.17.0") {
    exclude group: 'com.google.protobuf'
}
implementation 'com.github.spotbugs:spotbugs-annotations:4.9.3'

Excluded the protobuf libraries because I got the next errors:

Duplicate class com.google.protobuf.AbstractMessageLite found in modules protobuf-java-4.28.2.jar -> protobuf-java-4.28.2 (com.google.protobuf:protobuf-java:4.28.2) and protobuf-javalite-3.25.5.jar -> protobuf-javalite-3.25.5 (com.google.protobuf:protobuf-javalite:3.25.5)

as the com.google.protobuf:protobuf-javalite was already added by the firebase libs.

My setup: Android Studio Meerkat | 2024.3.1 Patch 2 AGP 8.9.2 kotlin 2.1.20 android.enableR8.fullMode=false

Niobij avatar May 01 '25 13:05 Niobij