TokenInfo and UserProfile updates

Author: arcseldon

auth0/src/main/java/com/auth0/authentication/AuthenticationAPIClient.java

@@ -73,6 +73,7 @@ public class AuthenticationAPIClient {
     private static final String TOKEN_INFO_PATH = "tokeninfo";
     private static final String OAUTH_CODE_KEY = "code";
     private static final String OAUTH_CODE_VERIFIER_KEY = "code_verifier";
+    private static final String OAUTH_CLIENT_SECRET_KEY = "client_secret";
     private static final String REDIRECT_URI_KEY = "redirect_uri";
 
     private final Auth0 auth0;
@@ -703,6 +704,19 @@ private ParameterizableRequest<UserProfile> profileRequest() {
         return factory.POST(url, client, gson, UserProfile.class);
     }
 
+    /**
+     * For backwards compatibility only
+     *
+     * @param authorizationCode
+     * @param codeVerifier
+     * @param redirectUri
+     * @return
+     */
+    @Deprecated
+    public AuthenticationRequest token(String authorizationCode, String codeVerifier, String redirectUri) {
+        return tokenUsingCodeVerifier(authorizationCode, codeVerifier, redirectUri);
+    }
+
     /**
      * Fetch the token information from Auth0, using the authorization_code grant type
      *
@@ -711,7 +725,7 @@ private ParameterizableRequest<UserProfile> profileRequest() {
      * @param redirectUri       the uri to redirect after a successful request.
      * @return a request to configure and start
      */
-    public AuthenticationRequest token(String authorizationCode, String codeVerifier, String redirectUri) {
+    public AuthenticationRequest tokenUsingCodeVerifier(String authorizationCode, String codeVerifier, String redirectUri) {
         Map<String, Object> parameters = ParameterBuilder.newBuilder()
                 .setClientId(getClientId())
                 .setGrantType(GRANT_TYPE_AUTHORIZATION_CODE)
@@ -728,4 +742,30 @@ public AuthenticationRequest token(String authorizationCode, String codeVerifier
         return factory.authenticationPOST(url, client, gson)
                 .addAuthenticationParameters(parameters);
     }
+
+    /**
+     * Fetch the token information from Auth0, using the authorization_code grant type
+     *
+     * @param authorizationCode the authorization code received from the /authorize call.
+     * @param clientSecret      the client secret used when requesting a code to /authorize.
+     * @param redirectUri       the uri to redirect after a successful request.
+     * @return a request to configure and start
+     */
+    public AuthenticationRequest tokenUsingClientSecret(final String authorizationCode, final String clientSecret, final String redirectUri) {
+        final Map<String, Object> parameters = ParameterBuilder.newBuilder()
+                .setClientId(getClientId())
+                .setGrantType(GRANT_TYPE_AUTHORIZATION_CODE)
+                .set(OAUTH_CODE_KEY, authorizationCode)
+                .set(OAUTH_CLIENT_SECRET_KEY, clientSecret)
+                .set(REDIRECT_URI_KEY, redirectUri)
+                .asDictionary();
+
+        final HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
+                .addPathSegment(OAUTH_PATH)
+                .addPathSegment(TOKEN_PATH)
+                .build();
+
+        return factory.authenticationPOST(url, client, gson)
+                .addAuthenticationParameters(parameters);
+    }
 }

auth0/src/test/java/com/auth0/authentication/AuthenticationAPIClientTest.java

@@ -31,6 +31,7 @@
 import com.auth0.authentication.result.DatabaseUser;
 import com.auth0.authentication.result.Delegation;
 import com.auth0.authentication.result.UserProfile;
+import com.auth0.request.ParameterizableRequest;
 import com.auth0.util.AuthenticationAPI;
 import com.auth0.util.MockBaseCallback;
 import com.google.gson.Gson;
@@ -1214,13 +1215,13 @@ public void shouldFetchProfileAfterLoginRequest() throws Exception {
     }
 
     @Test
-    public void shouldGetOAuthTokens() throws Exception {
+    public void shouldGetOAuthTokensUsingCodeVerifier() throws Exception {
         mockAPI
                 .willReturnTokens()
                 .willReturnTokenInfo();
 
         final MockBaseCallback<Credentials> callback = new MockBaseCallback<>();
-        client.token("code", "codeVerifier", "http://redirect.uri")
+        client.tokenUsingCodeVerifier("code", "codeVerifier", "http://redirect.uri")
                 .start(callback);
 
         final RecordedRequest request = mockAPI.takeRequest();
@@ -1236,6 +1237,29 @@ public void shouldGetOAuthTokens() throws Exception {
         assertThat(callback, hasPayloadOfType(Credentials.class));
     }
 
+    @Test
+    public void shouldGetOAuthTokensUsingClientSecret() throws Exception {
+        mockAPI
+                .willReturnTokens()
+                .willReturnTokenInfo();
+
+        final MockBaseCallback<Credentials> callback = new MockBaseCallback<>();
+        client.tokenUsingClientSecret("code", "clientSecret", "http://redirect.uri")
+                .start(callback);
+
+        final RecordedRequest request = mockAPI.takeRequest();
+        assertThat(request.getPath(), equalTo("/oauth/token"));
+
+        Map<String, String> body = bodyFromRequest(request);
+        assertThat(body, hasEntry("grant_type", ParameterBuilder.GRANT_TYPE_AUTHORIZATION_CODE));
+        assertThat(body, hasEntry("client_id", CLIENT_ID));
+        assertThat(body, hasEntry("code", "code"));
+        assertThat(body, hasEntry("client_secret", "clientSecret"));
+        assertThat(body, hasEntry("redirect_uri", "http://redirect.uri"));
+
+        assertThat(callback, hasPayloadOfType(Credentials.class));
+    }
+
     private Map<String, String> bodyFromRequest(RecordedRequest request) throws java.io.IOException {
         final Type mapType = new TypeToken<Map<String, String>>() {
         }.getType();