Minor bug fixes:

- Synchronizes multiple actions when requiring token refresh (openid#332)
- Make handling of non-standard expires_at more tolerant (openid#336)
- Changes related to Android tool changes between v25 and v27 (openid#341, openid#363)
- Fix encoding of client ids and secrets for auth (openid#345)
- Handle CustomTabsSession.newSession failures (openid#362)
- Do not automatically pass scope on token exchange request (openid#364)
- Do not override tab title setting (openid#365)
- Respect default browser of the user correctly (openid#379)
- Updated custom tab definitions, including Firefox (openid#378, openid#383)

AppAuth 0.7.0 release

- Adds startActivityForResult based authorization flow
- Minor bug fixes

AppAuth 0.6.1 release

- Fixes exponential growth of AuthState objects
- README.md documentation overhaul

0.6.0 release

- ClientAuthentication can be specified explicitly for performActionWithFreshTokens
- client_id is only passed on a token request if no other client authentication
  method is in use
- CustomTabManager is now easier to use, enabling:
  - Priming a custom tab session for multiple URLs
  - Adding event listeners for the tab
- Fixed leak of browser connection for custom tabs
- Javadoc is now built and bundled with releases

Additionally, the demo app has been mostly rewritten to focus on the single IDP
use case, and should be much easier to read as a result. All Google specific
code has been removed.

Fixes parsing of authorization errors which do not contain a description

- Fixes token request error response handling

- The full response URI for authorization responses is now provided
  as part of the response intent.

Bug fix release:

- BrowserSelector now passes the correct flag on M+ devices to
  list all available browsers (see openid#124, $125).

Version 0.4.0, with the following fixes and new features:

- Direct support for login_hint in authorization requests
- Introduction of AppAuthConfiguration, with allows an app to:
    - Control which browser(s) can be used for the authorization flow, through the use of a `BrowserMatcher`. A variety of generally useful browser matcher implementations are provided in the "browser" package.
    - Control over the creation of HttpURLConnection, through the use of a `ConnectionBuilder`. This allows for the use of alternative HTTP stacks (e.g. okhttp), disabling of certificate checks (for testing), and certificate pinning.
- The library will work without a browser, for use cases that only require token exchange, such as when the token is bootstrapped through some other means. Authorization requests still require a browser.
- Better handling of the back stack and authorization request state - switching apps during the authorization flow will no longer kill the flow.
- Apps can provide a "cancel" intent in addition to a completion intent, in order to better handle cancelation of the authorization flow.

- Support for dynamic client registration (thanks to rebeckag)

- Support for some additional OpenID request params (ongoing work)
- Minor bug fixes

0.2.0 release:

- Token endpoint is now used verbatim (openid#36)
- Support for OpenID Connect display and prompt params
- Error handling in AuthState for failed authorization and token requests