Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh auth using /oauth/token refresh_token grant (OIDC mode) #68

Merged
merged 2 commits into from
Jan 17, 2017
Merged

Refresh auth using /oauth/token refresh_token grant (OIDC mode) #68

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6dff03e
use oidc flag to chose which endpoint to call to refresh credentials
lbalmaceda Jan 9, 2017
e712875
update renewAuth method javadoc
lbalmaceda Jan 10, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions auth0/src/main/java/com/auth0/android/Auth0.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ public void doNotSendTelemetry() {
* <li>{@link AuthenticationAPIClient#login(String, String, String)}</li>
* <li>{@link AuthenticationAPIClient#signUp(String, String, String)}</li>
* <li>{@link AuthenticationAPIClient#signUp(String, String, String, String)}</li>
* <li>{@link AuthenticationAPIClient#renewAuth(String)}</li>
* </ul>
*
* @param enabled if Lock will use the Legacy Auth API or the new OIDC Conformant Auth API.
Expand Down
24 changes: 17 additions & 7 deletions auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ private AuthenticationAPIClient(Auth0 auth0, RequestFactory factory, OkHttpClien
factory.setClientInfo(telemetry.getValue());
}
}

public String getClientId() {
return auth0.getClientId();
}
Expand Down Expand Up @@ -592,7 +592,10 @@ public DatabaseConnectionRequest<Void, AuthenticationException> resetPassword(@N
}

/**
* Requests new Credentials using a valid Refresh Token.
* Requests new Credentials using a valid Refresh Token. The received token will have the same audience and scope as first requested. How the new Credentials are requested depends on the {@link Auth0#isOIDCConformant()} flag.
* - If the instance is OIDC Conformant the endpoint will be /oauth/token with 'refresh_token' grant, and the response will include an id_token and an access_token if 'openid' scope was requested when the refresh_token was obtained.
* - If the instance is not OIDC Conformant the endpoint will be /delegation with 'urn:ietf:params:oauth:grant-type:jwt-bearer' grant, and the response will include an id_token.
* <p>
* Example usage:
* <pre><code>
* client.renewAuth("{refresh_token}")
Expand All @@ -614,13 +617,20 @@ public ParameterizableRequest<Credentials, AuthenticationException> renewAuth(@N
final Map<String, Object> parameters = ParameterBuilder.newBuilder()
.setClientId(getClientId())
.setRefreshToken(refreshToken)
.setGrantType(ParameterBuilder.GRANT_TYPE_REFRESH_TOKEN)
.setGrantType(auth0.isOIDCConformant() ? ParameterBuilder.GRANT_TYPE_REFRESH_TOKEN : ParameterBuilder.GRANT_TYPE_JWT)
.asDictionary();

HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
.addPathSegment(OAUTH_PATH)
.addPathSegment(TOKEN_PATH)
.build();
HttpUrl url;
if (auth0.isOIDCConformant()) {
url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
.addPathSegment(OAUTH_PATH)
.addPathSegment(TOKEN_PATH)
.build();
} else {
url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
.addPathSegment(DELEGATION_PATH)
.build();
}

return factory.POST(url, client, gson, Credentials.class, authErrorBuilder)
.addParameters(parameters);
Expand Down
60 changes: 56 additions & 4 deletions auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1574,9 +1574,12 @@ public void shouldFetchProfileAfterLoginRequest() throws Exception {
}

@Test
public void shouldRenewAuth() throws Exception {
mockAPI.willReturnSuccessfulLogin();
public void shouldRenewAuthWithOAuthTokenIfOIDCConformant() throws Exception {
Auth0 auth0 = new Auth0(CLIENT_ID, mockAPI.getDomain(), mockAPI.getDomain());
auth0.setOIDCConformant(true);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);

mockAPI.willReturnSuccessfulLogin();
final MockAuthenticationCallback<Credentials> callback = new MockAuthenticationCallback<>();
client.renewAuth("refreshToken")
.start(callback);
Expand All @@ -1594,9 +1597,12 @@ public void shouldRenewAuth() throws Exception {
}

@Test
public void shouldRenewAuthSync() throws Exception {
mockAPI.willReturnSuccessfulLogin();
public void shouldRenewAuthWithOAuthTokenIfOIDCConformantSync() throws Exception {
Auth0 auth0 = new Auth0(CLIENT_ID, mockAPI.getDomain(), mockAPI.getDomain());
auth0.setOIDCConformant(true);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);

mockAPI.willReturnSuccessfulLogin();
Credentials credentials = client.renewAuth("refreshToken")
.execute();

Expand All @@ -1612,6 +1618,52 @@ public void shouldRenewAuthSync() throws Exception {
assertThat(credentials, is(notNullValue()));
}

@Test
public void shouldRenewAuthWithDelegationIfNotOIDCConformant() throws Exception {
Auth0 auth0 = new Auth0(CLIENT_ID, mockAPI.getDomain(), mockAPI.getDomain());
auth0.setOIDCConformant(false);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);

mockAPI.willReturnSuccessfulLogin();
final MockAuthenticationCallback<Credentials> callback = new MockAuthenticationCallback<>();
client.renewAuth("refreshToken")
.start(callback);

final RecordedRequest request = mockAPI.takeRequest();
assertThat(request.getHeader("Accept-Language"), is(getDefaultLocale()));
assertThat(request.getPath(), equalTo("/delegation"));

Map<String, String> body = bodyFromRequest(request);
assertThat(body, hasEntry("client_id", CLIENT_ID));
assertThat(body, hasEntry("refresh_token", "refreshToken"));
assertThat(body, hasEntry("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"));

assertThat(callback, hasPayloadOfType(Credentials.class));
}

@Test
public void shouldRenewAuthWithDelegationIfNotOIDCConformantSync() throws Exception {
Auth0 auth0 = new Auth0(CLIENT_ID, mockAPI.getDomain(), mockAPI.getDomain());
auth0.setOIDCConformant(false);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);

mockAPI.willReturnSuccessfulLogin();
Credentials credentials = client.renewAuth("refreshToken")
.execute();

final RecordedRequest request = mockAPI.takeRequest();
assertThat(request.getHeader("Accept-Language"), is(getDefaultLocale()));
assertThat(request.getPath(), equalTo("/delegation"));

Map<String, String> body = bodyFromRequest(request);
assertThat(body, hasEntry("client_id", CLIENT_ID));
assertThat(body, hasEntry("refresh_token", "refreshToken"));
assertThat(body, hasEntry("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"));

assertThat(credentials, is(notNullValue()));
}


@Test
public void shouldFetchProfileSyncAfterLoginRequest() throws Exception {
mockAPI.willReturnSuccessfulLogin()
Expand Down