Rework /oauth/token methods

hzalaz · hzalaz · commit 458e613a7d1b · 2016-06-05T23:52:07.000-07:00
diff --git a/auth0/src/main/java/com/auth0/authentication/AuthenticationAPIClient.java b/auth0/src/main/java/com/auth0/authentication/AuthenticationAPIClient.java
@@ -46,6 +46,10 @@
 /**
  * API client for Auth0 Authentication API.
  *
+ * <pre><code>
+ * Auth0 auth0 = new Auth0("your_client_id", "your_domain");
+ * AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
+ * </code></pre>
  * @see <a href="https://auth0.com/docs/auth-api">Auth API docs</a>
  */
 public class AuthenticationAPIClient {
@@ -72,8 +76,6 @@ public class AuthenticationAPIClient {
     private static final String RESOURCE_OWNER_PATH = "ro";
     private static final String TOKEN_INFO_PATH = "tokeninfo";
     private static final String OAUTH_CODE_KEY = "code";
-    private static final String OAUTH_CODE_VERIFIER_KEY = "code_verifier";
-    private static final String OAUTH_CLIENT_SECRET_KEY = "client_secret";
     private static final String REDIRECT_URI_KEY = "redirect_uri";
 
     private final Auth0 auth0;
@@ -681,56 +683,40 @@ public ProfileRequest getProfileAfter(AuthenticationRequest authenticationReques
         return new ProfileRequest(authenticationRequest, profileRequest);
     }
 
-    private AuthenticationRequest loginWithResourceOwner(Map<String, Object> parameters) {
-        HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
-                .addPathSegment(OAUTH_PATH)
-                .addPathSegment(RESOURCE_OWNER_PATH)
-                .build();
-
-        final Map<String, Object> requestParameters = ParameterBuilder.newBuilder()
-                .setClientId(getClientId())
-                .setConnection(defaultDatabaseConnection)
-                .addAll(parameters)
-                .asDictionary();
-        return factory.authenticationPOST(url, client, gson)
-                .addAuthenticationParameters(requestParameters);
-    }
-
-    private ParameterizableRequest<UserProfile> profileRequest() {
-        HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
-                .addPathSegment(TOKEN_INFO_PATH)
-                .build();
-
-        return factory.POST(url, client, gson, UserProfile.class);
-    }
-
-    /**
-     * For backwards compatibility only
-     *
-     * @param authorizationCode
-     * @param codeVerifier
-     * @param redirectUri
-     * @return
-     */
-    @Deprecated
-    public AuthenticationRequest token(String authorizationCode, String codeVerifier, String redirectUri) {
-        return tokenUsingCodeVerifier(authorizationCode, codeVerifier, redirectUri);
-    }
-
     /**
      * Fetch the token information from Auth0, using the authorization_code grant type
      *
+     * For Public Client, e.g. Android apps ,you need to provide the code_verifier
+     * used to generate the challenge sent to Auth0 {@literal /authorize} method like:
+     *
+     * <pre>{@code
+     * AuthenticationAPIClient client = new AuthenticationAPIClient(new Auth0("clientId", "domain"));
+     * client
+     *     .token("code", "redirect_uri")
+     *     .setCodeVerifier("code_verifier")
+     *     .start(new Callback<Credentials> {...});
+     * }</pre>
+     *
+     * For the rest of clients, clients who can safely keep a {@literal client_secret}, you need to provide it instead like:
+     *
+     * <pre>{@code
+     * AuthenticationAPIClient client = new AuthenticationAPIClient(new Auth0("clientId", "domain"));
+     * client
+     *     .token("code", "redirect_uri")
+     *     .setClientSecret("client_secret")
+     *     .start(new Callback<Credentials> {...});
+     * }</pre>
+     *
      * @param authorizationCode the authorization code received from the /authorize call.
-     * @param codeVerifier      the code verifier used when requesting a code to /authorize.
-     * @param redirectUri       the uri to redirect after a successful request.
-     * @return a request to configure and start
+     * @param redirectUri       the uri sent to /authorize as the 'redirect_uri'.
+     * @return a request to obtain access_token by exchanging a authorization code.
      */
-    public AuthenticationRequest tokenUsingCodeVerifier(String authorizationCode, String codeVerifier, String redirectUri) {
+    @SuppressWarnings("WeakerAccess")
+    public TokenRequest token(String authorizationCode, String redirectUri) {
         Map<String, Object> parameters = ParameterBuilder.newBuilder()
                 .setClientId(getClientId())
                 .setGrantType(GRANT_TYPE_AUTHORIZATION_CODE)
                 .set(OAUTH_CODE_KEY, authorizationCode)
-                .set(OAUTH_CODE_VERIFIER_KEY, codeVerifier)
                 .set(REDIRECT_URI_KEY, redirectUri)
                 .asDictionary();
 
@@ -739,33 +725,31 @@ public AuthenticationRequest tokenUsingCodeVerifier(String authorizationCode, St
                 .addPathSegment(TOKEN_PATH)
                 .build();
 
-        return factory.authenticationPOST(url, client, gson)
-                .addAuthenticationParameters(parameters);
+        ParameterizableRequest<Credentials> request = factory.POST(url, client, gson, Credentials.class).addParameters(parameters);
+        return new TokenRequest(request);
     }
 
-    /**
-     * Fetch the token information from Auth0, using the authorization_code grant type
-     *
-     * @param authorizationCode the authorization code received from the /authorize call.
-     * @param clientSecret      the client secret used when requesting a code to /authorize.
-     * @param redirectUri       the uri to redirect after a successful request.
-     * @return a request to configure and start
-     */
-    public AuthenticationRequest tokenUsingClientSecret(final String authorizationCode, final String clientSecret, final String redirectUri) {
-        final Map<String, Object> parameters = ParameterBuilder.newBuilder()
+    private AuthenticationRequest loginWithResourceOwner(Map<String, Object> parameters) {
+        HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
+                .addPathSegment(OAUTH_PATH)
+                .addPathSegment(RESOURCE_OWNER_PATH)
+                .build();
+
+        final Map<String, Object> requestParameters = ParameterBuilder.newBuilder()
                 .setClientId(getClientId())
-                .setGrantType(GRANT_TYPE_AUTHORIZATION_CODE)
-                .set(OAUTH_CODE_KEY, authorizationCode)
-                .set(OAUTH_CLIENT_SECRET_KEY, clientSecret)
-                .set(REDIRECT_URI_KEY, redirectUri)
+                .setConnection(defaultDatabaseConnection)
+                .addAll(parameters)
                 .asDictionary();
+        return factory.authenticationPOST(url, client, gson)
+                .addAuthenticationParameters(requestParameters);
+    }
 
-        final HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
-                .addPathSegment(OAUTH_PATH)
-                .addPathSegment(TOKEN_PATH)
+    private ParameterizableRequest<UserProfile> profileRequest() {
+        HttpUrl url = HttpUrl.parse(auth0.getDomainUrl()).newBuilder()
+                .addPathSegment(TOKEN_INFO_PATH)
                 .build();
 
-        return factory.authenticationPOST(url, client, gson)
-                .addAuthenticationParameters(parameters);
+        return factory.POST(url, client, gson, UserProfile.class);
     }
+
 }
diff --git a/auth0/src/main/java/com/auth0/authentication/TokenRequest.java b/auth0/src/main/java/com/auth0/authentication/TokenRequest.java
@@ -0,0 +1,55 @@
+package com.auth0.authentication;
+
+import com.auth0.Auth0Exception;
+import com.auth0.authentication.result.Credentials;
+import com.auth0.callback.BaseCallback;
+import com.auth0.request.ParameterizableRequest;
+import com.auth0.request.Request;
+
+/**
+ * Auth Request to obtain tokens using OAuth2 {@literal /oauth/token} method
+ */
+@SuppressWarnings("WeakerAccess")
+public class TokenRequest implements Request<Credentials> {
+
+    private static final String OAUTH_CODE_VERIFIER_KEY = "code_verifier";
+    private static final String OAUTH_CLIENT_SECRET_KEY = "client_secret";
+
+    private final ParameterizableRequest<Credentials> request;
+
+    TokenRequest(ParameterizableRequest<Credentials> request) {
+        this.request = request;
+    }
+
+    /**
+     * Adds the code verifier to the request (Public Clients)
+     * @param codeVerifier the code verifier used to generate the challenge sent to /authorize.
+     * @return itself
+     */
+    @SuppressWarnings("WeakerAccess")
+    public TokenRequest setCodeVerifier(String codeVerifier) {
+        this.request.addParameter(OAUTH_CODE_VERIFIER_KEY, codeVerifier);
+        return this;
+    }
+
+    /**
+     * Adds the client secret to the request (Private Clients)
+     * @param clientSecret the secret of the client used when making a request to /authorize
+     * @return iself
+     */
+    @SuppressWarnings("WeakerAccess")
+    public TokenRequest setClientSecret(String clientSecret) {
+        this.request.addParameter(OAUTH_CLIENT_SECRET_KEY, clientSecret);
+        return this;
+    }
+
+    @Override
+    public void start(BaseCallback<Credentials> callback) {
+        request.start(callback);
+    }
+
+    @Override
+    public Credentials execute() throws Auth0Exception {
+        return request.execute();
+    }
+}
diff --git a/auth0/src/main/java/com/auth0/authentication/UserProfileDeserializer.java b/auth0/src/main/java/com/auth0/authentication/UserProfileDeserializer.java
@@ -4,7 +4,6 @@
 import com.auth0.authentication.result.UserProfile;
 import com.google.gson.*;
 import com.google.gson.reflect.TypeToken;
-import com.sun.org.apache.xpath.internal.operations.Bool;
 
 import java.lang.reflect.Type;
 import java.util.Date;
diff --git a/auth0/src/test/java/com/auth0/authentication/AuthenticationAPIClientTest.java b/auth0/src/test/java/com/auth0/authentication/AuthenticationAPIClientTest.java
@@ -1221,7 +1221,8 @@ public void shouldGetOAuthTokensUsingCodeVerifier() throws Exception {
                 .willReturnTokenInfo();
 
         final MockBaseCallback<Credentials> callback = new MockBaseCallback<>();
-        client.tokenUsingCodeVerifier("code", "codeVerifier", "http://redirect.uri")
+        client.token("code", "http://redirect.uri")
+                .setCodeVerifier("codeVerifier")
                 .start(callback);
 
         final RecordedRequest request = mockAPI.takeRequest();
@@ -1244,7 +1245,8 @@ public void shouldGetOAuthTokensUsingClientSecret() throws Exception {
                 .willReturnTokenInfo();
 
         final MockBaseCallback<Credentials> callback = new MockBaseCallback<>();
-        client.tokenUsingClientSecret("code", "clientSecret", "http://redirect.uri")
+        client.token("code", "http://redirect.uri")
+                .setClientSecret("clientSecret")
                 .start(callback);
 
         final RecordedRequest request = mockAPI.takeRequest();
diff --git a/auth0/src/test/java/com/auth0/util/UserProfileMatcher.java b/auth0/src/test/java/com/auth0/util/UserProfileMatcher.java
@@ -38,6 +38,6 @@ public void describeTo(Description description) {
     }
 
     public static Matcher<UserProfile> isNormalizedProfile(String id, String name, String nickname) {
-        return new UserProfileMatcher(equalTo(id), equalTo(name), equalTo(nickname), not(isEmptyOrNullString()));
+        return new UserProfileMatcher(equalTo(id), equalTo(name), equalTo(nickname), not(emptyOrNullString()));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,6 @@ public void describeTo(Description description) {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`public static Matcher<UserProfile> isNormalizedProfile(String id, String name, String nickname) {`
`41`		`- return new UserProfileMatcher(equalTo(id), equalTo(name), equalTo(nickname), not(isEmptyOrNullString()));`
	`41`	`+ return new UserProfileMatcher(equalTo(id), equalTo(name), equalTo(nickname), not(emptyOrNullString()));`
`42`	`42`	`}`
`43`	`43`	`}`