Support TLSv1.2 on older Android API

[carlyonj]

Auth0 supports down to API 15 but as detailed here TLSv1.1 and v1.2 are not used by default on older APIs. Potential solutions are detailed here, here and here.

Currently by using the Auth0 API you are unable to support devices using APIs lower than 21 with a backend that enforced TLSv1.2. Because of this the Auth0 android library is not very useful to any apps that plan on supporting older devices in a secure manner.

[dj-mal]

Facing the same problem here. The token endpoint is using TLS v1.2 so the authentication flow doesn't work with Androids with API 16-20.

Is it possible to create a new constructor in UsersAPIClient and AuthenticationAPIClient with OkHttpClient so that TLSv1.2 could be enabled via a custom OkHttpClient?

If that's not preferable, a new method that would modify the OkHttpClient to support TLSv1.2 could also be added to those API client classes to extend support to those older Android devices.

[lbalmaceda]

I would prefer a method that sets a flag rather than exposing the OkHttp client. Maybe in the Auth0 class, or in both API client classes. We have other priorities at the moment, and I don't think we'll be able to get into this in the next 2 months. Feel free to fork the repo and add the required changes or propose a PR and we'll review it.

[dj-mal]

PR Submitted as #128

[lbalmaceda]

This has been released on version 1.12.0. Thanks