Feat: Updated Methods Signature

Author: tanya732

auth0-api-java/src/main/java/com/auth0/AbstractAuthentication.java

@@ -28,21 +28,21 @@ protected AbstractAuthentication(JWTValidator jwtValidator, TokenExtractor extra
     /**
      * Concrete method to validate Bearer token headers and JWT claims.
      */
-    protected DecodedJWT validateBearerToken(Map<String, String> headers, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
-        AuthToken authToken = extractor.extractBearer(headers);
-        return jwtValidator.validateToken(authToken.getAccessToken(), headers, httpRequestInfo);
+    protected DecodedJWT validateBearerToken(HttpRequestInfo httpRequestInfo) throws BaseAuthException {
+        AuthToken authToken = extractor.extractBearer(httpRequestInfo.getHeaders());
+        return jwtValidator.validateToken(authToken.getAccessToken(), httpRequestInfo);
     }
 
     /**
      * Concrete method to validate DPoP token headers, JWT claims, and proof.
      */
-    protected DecodedJWT validateDpopTokenAndProof(Map<String, String> headers, HttpRequestInfo requestInfo)
+    protected DecodedJWT validateDpopTokenAndProof(HttpRequestInfo requestInfo)
             throws BaseAuthException {
 
         AuthValidatorHelper.validateHttpMethodAndHttpUrl(requestInfo);
 
-        AuthToken authToken = extractor.extractDPoPProofAndDPoPToken(headers);
-        DecodedJWT decodedJwtToken = jwtValidator.validateToken(authToken.getAccessToken(), headers, requestInfo);
+        AuthToken authToken = extractor.extractDPoPProofAndDPoPToken(requestInfo.getHeaders());
+        DecodedJWT decodedJwtToken = jwtValidator.validateToken(authToken.getAccessToken(), requestInfo);
 
         dpopProofValidator.validate(authToken.getProof(), decodedJwtToken, requestInfo);
 
@@ -52,9 +52,7 @@ protected DecodedJWT validateDpopTokenAndProof(Map<String, String> headers, Http
     /**
      * Main abstract method for each concrete strategy.
      */
-    public abstract AuthenticationContext authenticate(
-            Map<String, String> headers,
-            HttpRequestInfo requestInfo
+    public abstract AuthenticationContext authenticate(HttpRequestInfo requestInfo
     ) throws BaseAuthException;
 
     /**

auth0-api-java/src/main/java/com/auth0/AllowedDPoPAuthentication.java

@@ -20,30 +20,27 @@ public AllowedDPoPAuthentication(JWTValidator jwtValidator,
 
     /**
      * Authenticates the request when DPoP Mode is Allowed (Accepts both DPoP and Bearer tokens) .
-     * @param headers request headers
      * @param requestInfo HTTP request info
      * @return AuthenticationContext with JWT claims
      * @throws BaseAuthException if validation fails
      */
     @Override
-    public AuthenticationContext authenticate(Map<String, String> headers, HttpRequestInfo requestInfo)
+    public AuthenticationContext authenticate(HttpRequestInfo requestInfo)
             throws BaseAuthException {
 
         String scheme = "";
 
         try{
-            Map<String, String> normalizedHeader = normalize(headers);
-
-            scheme = extractor.getScheme(normalizedHeader);
+            scheme = extractor.getScheme(requestInfo.getHeaders());
 
             if (scheme.equalsIgnoreCase(AuthConstants.BEARER_SCHEME)) {
-                DecodedJWT jwtToken = validateBearerToken(normalizedHeader, requestInfo);
-                AuthValidatorHelper.validateNoDpopPresence(normalizedHeader, jwtToken);
+                DecodedJWT jwtToken = validateBearerToken(requestInfo);
+                AuthValidatorHelper.validateNoDpopPresence(requestInfo.getHeaders(), jwtToken);
                 return buildContext(jwtToken);
             }
 
             if (scheme.equalsIgnoreCase(AuthConstants.DPOP_SCHEME)) {
-                DecodedJWT decodedJWT = validateDpopTokenAndProof(normalizedHeader, requestInfo);
+                DecodedJWT decodedJWT = validateDpopTokenAndProof(requestInfo);
                 return buildContext(decodedJWT);
             }
 

auth0-api-java/src/main/java/com/auth0/AuthClient.java

@@ -45,12 +45,11 @@ public static AuthClient from(AuthOptions options) {
 
     /**
      * Verifies the incoming request headers and HTTP request info.
-     * @param headers request headers
      * @param requestInfo HTTP request info
      * @return AuthenticationContext with JWT claims
      * @throws BaseAuthException if verification fails
      */
-    public AuthenticationContext verifyRequest(Map<String, String> headers, HttpRequestInfo requestInfo) throws BaseAuthException {
-        return orchestrator.process(headers, requestInfo);
+    public AuthenticationContext verifyRequest(HttpRequestInfo requestInfo) throws BaseAuthException {
+        return orchestrator.process(requestInfo);
     }
 }

auth0-api-java/src/main/java/com/auth0/AuthenticationOrchestrator.java

@@ -16,8 +16,8 @@ public AuthenticationOrchestrator(AbstractAuthentication authStrategy) {
         this.authStrategy = authStrategy;
     }
 
-    public AuthenticationContext process(Map<String, String> headers, HttpRequestInfo requestInfo)
+    public AuthenticationContext process(HttpRequestInfo requestInfo)
             throws BaseAuthException {
-        return authStrategy.authenticate(headers, requestInfo);
+        return authStrategy.authenticate(requestInfo);
     }
 }

auth0-api-java/src/main/java/com/auth0/DisabledDPoPAuthentication.java

@@ -17,18 +17,17 @@ public DisabledDPoPAuthentication(JWTValidator jwtValidator, TokenExtractor extr
 
     /**
      * Authenticates the request when DPoP Mode is Disabled (Accepts only Bearer tokens) .
-     * @param headers request headers
      * @param requestInfo HTTP request info
      * @return AuthenticationContext with JWT claims
      * @throws BaseAuthException if validation fails
      */
     @Override
-    public AuthenticationContext authenticate(Map<String, String> headers, HttpRequestInfo requestInfo)
+    public AuthenticationContext authenticate(HttpRequestInfo requestInfo)
             throws BaseAuthException {
 
-        Map<String, String> normalizedHeader = normalize(headers);
+//        Map<String, String> normalizedHeader = normalize(requestInfo.getHeaders());
         try {
-            DecodedJWT jwt = validateBearerToken(normalizedHeader, requestInfo);
+            DecodedJWT jwt = validateBearerToken(requestInfo);
 
             return buildContext(jwt);
         } catch (BaseAuthException ex){

auth0-api-java/src/main/java/com/auth0/RequiredDPoPAuthentication.java

@@ -20,19 +20,18 @@ public RequiredDPoPAuthentication(JWTValidator jwtValidator,
 
     /**
      * Authenticates the request when DPoP Mode is Allowed (Accepts only DPoP tokens) .
-     * @param headers request headers
      * @param requestInfo HTTP request info
      * @return AuthenticationContext with JWT claims
      * @throws BaseAuthException if validation fails
      */
     @Override
-    public AuthenticationContext authenticate(Map<String, String> headers, HttpRequestInfo requestInfo)
+    public AuthenticationContext authenticate(HttpRequestInfo requestInfo)
             throws BaseAuthException {
 
-        Map<String, String> normalizedHeader = normalize(headers);
+//        Map<String, String> normalizedHeader = normalize(requestInfo.getHeaders());
 
         try {
-            DecodedJWT decodedJWT = validateDpopTokenAndProof(normalizedHeader, requestInfo);
+            DecodedJWT decodedJWT = validateDpopTokenAndProof(requestInfo);
             return buildContext(decodedJWT);
         }
         catch (BaseAuthException ex){

auth0-api-java/src/main/java/com/auth0/examples/Auth0ApiExample.java

@@ -97,16 +97,21 @@ public void handle(HttpExchange exchange) throws IOException {
 
 
             // Build HttpRequestInfo (needed for DPoP htm + htu validation)
-            HttpRequestInfo requestInfo = new HttpRequestInfo(
-                    exchange.getRequestMethod(),
-                    "http://localhost:8000" + exchange.getRequestURI().toString(), null
-            );
+            HttpRequestInfo requestInfo = null;
+            try {
+                requestInfo = new HttpRequestInfo(
+                        exchange.getRequestMethod(),
+                        "http://localhost:8000" + exchange.getRequestURI().toString(), headers
+                );
+            } catch (BaseAuthException e) {
+                throw new RuntimeException(e);
+            }
 
             System.out.println("Incoming request to " + requestInfo.toString());
 
             try {
                 AuthenticationContext claims =
-                        authClient.verifyRequest(headers, requestInfo);
+                        authClient.verifyRequest(requestInfo);
 
                 String user = (String) claims.getClaims().get("sub");
 

auth0-api-java/src/main/java/com/auth0/models/HttpRequestInfo.java

@@ -1,17 +1,26 @@
 package com.auth0.models;
 
-import java.util.Collections;
+import com.auth0.exception.InvalidRequestException;
+import org.apache.http.util.Asserts;
+
+import java.util.HashMap;
 import java.util.Map;
 
 public class HttpRequestInfo {
     private final String httpMethod;
     private final String httpUrl;
-    private final Map<String, String> context;
+    private final Map<String, String> headers;
+
+    public HttpRequestInfo(String httpMethod, String httpUrl, Map<String, String> headers) throws InvalidRequestException {
+        Asserts.notNull(headers, "Headers map cannot be null");
 
-    public HttpRequestInfo(String httpMethod, String httpUrl, Map<String, String> context) {
-        this.httpMethod = httpMethod.toUpperCase();
+        this.httpMethod = httpMethod != null ? httpMethod.toUpperCase() : null;
         this.httpUrl = httpUrl;
-        this.context = context != null ? Collections.unmodifiableMap(context) : Collections.emptyMap();
+        this.headers = normalize(headers);
+    }
+
+    public HttpRequestInfo(Map<String, String> headers) throws InvalidRequestException {
+        this(null, null, headers);
     }
 
     public String getHttpMethod() {
@@ -22,7 +31,20 @@ public String getHttpUrl() {
         return httpUrl;
     }
 
-    public Map<String, String> getContext() {
-        return context;
+    public Map<String, String> getHeaders() {
+        return headers;
+    }
+
+    private static Map<String, String> normalize(Map<String, String> headers) throws InvalidRequestException {
+        Map<String, String> normalized = new HashMap<>(headers.size());
+
+        for (Map.Entry<String, String> entry : headers.entrySet()) {
+            String key = entry.getKey().toLowerCase();
+            if (normalized.containsKey(key)) {
+                throw new InvalidRequestException("Duplicate HTTP header detected");
+            }
+            normalized.put(key, entry.getValue());
+        }
+        return normalized;
     }
 }

auth0-api-java/src/main/java/com/auth0/validators/JWTValidator.java

@@ -67,7 +67,7 @@ public JWTValidator(AuthOptions authOptions, JwkProvider jwkProvider) {
      * @return the decoded and verified JWT
      * @throws BaseAuthException if validation fails
      */
-    public DecodedJWT validateToken(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
+    public DecodedJWT validateToken(String token, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
 
         if (token == null || token.trim().isEmpty()) {
             throw new MissingRequiredArgumentException("access_token");
@@ -92,9 +92,9 @@ public DecodedJWT validateToken(String token, Map<String, String> headers, HttpR
     /**
      * Validates a JWT and ensures all required scopes are present.
      */
-    public DecodedJWT validateTokenWithRequiredScopes(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String... requiredScopes)
+    public DecodedJWT validateTokenWithRequiredScopes(String token, HttpRequestInfo httpRequestInfo, String... requiredScopes)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token,httpRequestInfo);
         try {
             ClaimValidator.checkRequiredScopes(jwt, requiredScopes);
             return jwt;
@@ -106,9 +106,9 @@ public DecodedJWT validateTokenWithRequiredScopes(String token, Map<String, Stri
     /**
      * Validates a JWT and ensures it has *any* of the provided scopes.
      */
-    public DecodedJWT validateTokenWithAnyScope(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String... scopes)
+    public DecodedJWT validateTokenWithAnyScope(String token, HttpRequestInfo httpRequestInfo, String... scopes)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, httpRequestInfo);
         try {
             ClaimValidator.checkAnyScope(jwt, scopes);
             return jwt;
@@ -120,9 +120,9 @@ public DecodedJWT validateTokenWithAnyScope(String token, Map<String, String> he
     /**
      * Validates a JWT and ensures a claim equals the expected value.
      */
-    public DecodedJWT validateTokenWithClaimEquals(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo,  String claim, Object expected)
+    public DecodedJWT validateTokenWithClaimEquals(String token, HttpRequestInfo httpRequestInfo,  String claim, Object expected)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, httpRequestInfo);
         try {
             ClaimValidator.checkClaimEquals(jwt, claim, expected);
             return jwt;
@@ -134,9 +134,9 @@ public DecodedJWT validateTokenWithClaimEquals(String token, Map<String, String>
     /**
      * Validates a JWT and ensures a claim includes all expected values.
      */
-    public DecodedJWT validateTokenWithClaimIncludes(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
+    public DecodedJWT validateTokenWithClaimIncludes(String token, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, httpRequestInfo);
         try {
             ClaimValidator.checkClaimIncludes(jwt, claim, expectedValues);
             return jwt;
@@ -145,9 +145,9 @@ public DecodedJWT validateTokenWithClaimIncludes(String token, Map<String, Strin
         }
     }
 
-    public DecodedJWT validateTokenWithClaimIncludesAny(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
+    public DecodedJWT validateTokenWithClaimIncludesAny(String token, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, httpRequestInfo);
         try {
             ClaimValidator.checkClaimIncludesAny(jwt, claim, expectedValues);
             return jwt;

auth0-api-java/src/test/java/com/auth0/AbstractAuthenticationTest.java

@@ -17,7 +17,7 @@
 import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.anyMap;
+import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.*;
 
 public class AbstractAuthenticationTest {
@@ -38,7 +38,6 @@ private static class TestAuthImpl extends AbstractAuthentication {
 
         @Override
         public AuthenticationContext authenticate(
-                Map<String, String> headers,
                 HttpRequestInfo requestInfo) {
             return null;
         }
@@ -80,12 +79,12 @@ public void validateBearerToken_shouldExtractAndValidate() throws Exception {
         DecodedJWT jwt = mock(DecodedJWT.class);
 
         when(extractor.extractBearer(anyMap())).thenReturn(token);
-        when(jwtValidator.validateToken(eq("access"), anyMap(), any())).thenReturn(jwt);
+        when(jwtValidator.validateToken(eq("access"), any(HttpRequestInfo.class))).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "Bearer access");
 
-        DecodedJWT result = authSystem.validateBearerToken(headers, null);
+        DecodedJWT result = authSystem.validateBearerToken(new HttpRequestInfo("GET", "https://api.example.com", headers));
 
         assertThat(result).isSameAs(jwt);
     }
@@ -94,17 +93,17 @@ public void validateBearerToken_shouldExtractAndValidate() throws Exception {
     public void validateDpopTokenAndProof_shouldValidateEverything() throws Exception {
         AuthToken token = new AuthToken("access", "proof", null);
         DecodedJWT jwt = mock(DecodedJWT.class);
-        HttpRequestInfo request =
-                new HttpRequestInfo("GET", "https://api.example.com", null);
-
-        when(extractor.extractDPoPProofAndDPoPToken(anyMap())).thenReturn(token);
-        when(jwtValidator.validateToken(eq("access"), anyMap(), any())).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "DPoP access");
         headers.put("dpop", "proof");
 
-        DecodedJWT result = authSystem.validateDpopTokenAndProof(headers, request);
+        HttpRequestInfo request = new HttpRequestInfo("GET", "https://api.example.com", headers);
+
+        when(extractor.extractDPoPProofAndDPoPToken(anyMap())).thenReturn(token);
+        when(jwtValidator.validateToken(eq("access"), any(HttpRequestInfo.class))).thenReturn(jwt);
+
+        DecodedJWT result = authSystem.validateDpopTokenAndProof(request);
 
         verify(dpopProofValidator).validate("proof", jwt, request);
         assertThat(result).isSameAs(jwt);