What's New in Mobile SDK 13.2

Mobile SDK 13.2 is a minor release that enhances authentication flexibility, enabling developers to seamlessly support multiple environments, roll out new scopes, and dynamically manage OAuth configurations.

In interim releases, we often deprecate items in native libraries for removal in an upcoming major release. Be sure to check your compiler logs for deprecation warnings so that you can address any changes before they go into effect.

Mobile SDK 13.2.1 is a minor patch release that features these changes.

Starting in June 2026, Salesforce prompts users to enter only their username as the first login step. Based on the username, Salesforce then prompts the user to enter their password or to use a passkey. This two-step flow works with existing Mobile SDK apps and doesn't require code changes. However, if your automated tests assume the previous login flow, update those tests to support the new sequence.

We added a Login for Admin menu item that forces advanced, browser-based authentication, which is a requirement for phishing-resistant multi-factor authentication (MFA). After forcing advanced authentication, the Login for Admin flow prompts the user to register or log in with a passkey. In Mobile SDK 13.2.0 and earlier, admin users can be blocked from logging in unless their org preconfigures advanced authentication in their My Domain settings and uses the My Domain URL to log in. See Using Advanced Authentication.

For some Android apps that don’t have an intent filter configured, the Login for Admin button doesn’t automatically enable advanced authentication. To add an intent filter, follow the steps in Configuring Advanced Authentication in Android Apps.

We added passkey and identity verification support for enhanced authentication security. If configured to enable passkeys, the app automatically prompts the user to verify their identity and save a passkey when logging in. If not enabled by default, passkeys can be configured on the server-side. See Salesforce Help: Enable Passwordless Login with Passkeys.

We added Android support for refresh token migration, which now works on both platforms (Android and iOS). See Refresh Token Migration.

These changes apply to more than one platform.

We no longer require apps to statically define OAuth scopes in their boot config file. If you don't specify a list of scopes, the client automatically uses server-defined scopes, and users are granted all configured scopes from the external client app or connected app. See Scope Parameter Values.

You can now dynamically override the consumer key, redirect URI, and scopes at runtime based on the login host the user selects. See Runtime Consumer Key.

Apps can now seamlessly migrate an active user's refresh token to a new OAuth configuration without requiring logout and login. This mechanism supports the controlled and incremental adoption of new OAuth settings, such as migrating from standard opaque tokens to JWT-based access tokens or transitioning from a connected app to an external client app. See Refresh Token Migration.

We created a sample app called AuthFlowTester, which you can use to test the authentication APIs added in Mobile SDK 13.2.

Cordova command line: 13.0.0
npm: 10.0 to latest
Node.js: 20.0 to latest LTS
React Native: 0.81.5
React: 19.1.0

You can now clear the WebView cache from the login screen’s settings menu on iOS.

Our iOS repo on GitHub now uses DocC to format source-code docs, which improves our Swift API coverage and matches the format of Apple’s official developer docs. DocC replaces appledoc, our prior tool for source-code docs.

Check your compiler warnings, or see iOS Current Deprecations.

You can now use biometric authentication with native login on Android.

Gradle: 8.14.3
Android Gradle Plugin: 8.12.0

In Mobile SDK 14.0, our minimum supported Kotlin version is changing from Kotlin 1.6 to Kotlin 2.0. To keep your apps working as expected, upgrade to Kotlin 2.0 before Mobile SDK 14.0 is released in 2026.

Check your compiler warnings, or see Android Current Deprecations.