Merge v2-dev branch to master (#516)

Author: jimmyjames

.circleci/config.yml

@@ -62,6 +62,6 @@ workflows:
     jobs:
       - build
 
-  api-diff:
-    jobs:
-      - api-diff
+#  api-diff:
+#    jobs:
+#      - api-diff

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Change Log
 
+## [2.0.0 Beta 2](https://github.com/auth0/auth0-java/tree/2.0.0-beta.2) (2023-02-13)
+[Full Changelog](https://github.com/auth0/auth0-java/compare/2.0.0-beta.1...2.0.0-beta.2)
+
+**Changed**
+- Update to latest java-jwt version [\#512](https://github.com/auth0/auth0-java/pull/512) ([jimmyjames](https://github.com/jimmyjames))
+
+## [2.0.0 Beta 1](https://github.com/auth0/auth0-java/tree/2.0.0-beta.1) (2023-01-26)
+[Full Changelog](https://github.com/auth0/auth0-java/compare/2.0.0-beta.0...2.0.0-beta.1)
+
+**Added**
+- Add support for MFA APIs [\#505](https://github.com/auth0/auth0-java/pull/505) ([poovamraj](https://github.com/poovamraj))
+- Add support MFA Methods API [\#506](https://github.com/auth0/auth0-java/pull/506) ([poovamraj](https://github.com/poovamraj))
+- Support JWT Client Authentication [\#507](https://github.com/auth0/auth0-java/pull/507) ([jimmyjames](https://github.com/jimmyjames))
+
+## [2.0.0 Beta 0](https://github.com/auth0/auth0-java/tree/2.0.0-beta.0) (2023-01-12)
+[Full Changelog](https://github.com/auth0/auth0-java/compare/1.44.2...2.0.0-beta.0)
+
+> **Warning** This SDK is in beta and is subject to breaking changes. It is not recommended for production use, but your feedback and help in testing is appreciated!
+
+This release introduces several enhancement, including:
+- HTTP response information returned from requests
+- Additional HTTP client configurability
+- Authentication API improvements to not require a client secret
+- ... and more!
+
+Please see the [Migration Guide](MIGRATION_GUIDE.md) for guidance on updating your application.
+
 ## [1.44.2](https://github.com/auth0/auth0-java/tree/1.44.2) (2023-01-11)
 [Full Changelog](https://github.com/auth0/auth0-java/compare/1.44.1...1.44.2)
 

EXAMPLES.md

@@ -15,7 +15,7 @@ An `APIException` will be thrown if the network request succeeded, but another e
 ```java
 Request<UsersPage> request = api.users().list(new UserFilter().withSearchEngine("v1"));
 try {
-    UsersPage usersPage = request.execute();
+    UsersPage usersPage = request.execute().getBody();
 } catch(APIException apiException) {
     apiException.getStatusCode(); // 400
     apiException.getError(); // "operation_not_supported"
@@ -25,24 +25,28 @@ try {
 
 ## HTTP Client configuration
 
-Both the Authentication and Management API clients use the OkHttp networking library. Certain configurations of the client are available via the `HttpOptions` object, which can passed to both API client constructors.
+By default, both the Authentication and Management API clients use the OkHttp networking library to make HTTP requests.
+The client can be configured by building a `DefaultHttpClient` and providing it to the API clients.
+If using both the Management and Authentication API clients, it is recommended to create one `Auth0HttpClient` to be used by both API clients to minimize resource usage.
 
 ```java
-HttpOptions options = new HttpOptions();
+Auth0HttpClient client = DefaultHttpClient.newBuilder()
+        // configure as needed
+        .build();
 
-// configure timeouts; default is ten seconds for both connect and read timeouts:
-options.setConnectTimeout(5);
-options.setReadTimeout(15);
+AuthAPI auth = AuthAPI.newBuilder("DOMAIN", "CLIENT-ID", "CLIENT-SECRET")
+        .withHttpClient(client)
+        .build();
 
-// configure proxy:
-Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("{IP-ADDRESS}", {PORT}));
-ProxyOptions proxyOptions = new ProxyOptions(proxy);
-options.setProxyOptions(proxyOptions);
-
-// create client
-AuthAPI authAPI = new AuthAPI("{CLIENT_ID}", "{CLIENT_SECRET}", options);
+ManagementAPI mgmt = ManagementAPI.newBuilder("DOMAIN", "API-TOKEN")
+        .withHttpClient(client)
+        .build();
 ```
 
+If the `DefaultHttpClient` does not support your required networking client configuration, you may choose to implement
+your own client by implementing the `Auth0HttpClient` interface and providing it to the API clients. This is an advanced
+use case and should be used only when necessary.
+
 ## Verifying an ID token
 
 This library also provides the ability to validate an OIDC-compliant ID Token, according to the [OIDC Specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation).
@@ -100,7 +104,7 @@ Note that Organizations is currently only available to customers on our Enterpri
 Log in to an organization by using `withOrganization()` when building the Authorization URL:
 
 ```java
-AuthAPI auth = new AuthAPI("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}");
+AuthAPI auth = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
 String url = auth.authorizeUrl("https://me.auth0.com/callback")
     .withOrganization("{YOUR_ORGANIZATION_ID")
     .build();
@@ -120,7 +124,7 @@ IdTokenVerifier.init("{ISSUER}", "{AUDIENCE}", signatureVerifier)
 Accept a user invitation by using `withInvitation()` when building the Authorization URL:
 
 ```
-AuthAPI auth = new AuthAPI("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}");
+AuthAPI auth = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
 String url = auth.authorizeUrl("https://me.auth0.com/callback")
     .withOrganization("{YOUR_ORGANIZATION_ID")
     .withInvitation("{YOUR_INVITATION_ID}")
@@ -132,6 +136,6 @@ String url = auth.authorizeUrl("https://me.auth0.com/callback")
 Requests can be executed asynchronously, using the `executeAsync()` method, which returns a `CompletableFuture<T>`.
 
 ```java
-CompletableFuture<User> userFuture = mgmt.users().getUser("auth0|123", new UserFilter()).executeAsync();
-User user = userFuture.get();
+CompletableFuture<Response<User>> userFuture = mgmt.users().getUser("auth0|123", new UserFilter()).executeAsync();
+User user = userFuture.get().getBody();
 ```

MIGRATION_GUIDE.md

@@ -0,0 +1,154 @@
+# Migration Guide
+
+## Migrating from v1 to v2
+
+The version 2 release includes several notable improvements, including:
+
+* Requests can now be configured with additional parameters and headers, without needing to downcast to `CustomRequest`.
+* Responses are now wrapped in a new `com.auth0.net.Response` type, which provides information about the HTTP response such as headers and status code.
+* The `AuthAPI` and `ManagementAPI` clients can now share the same HTTP client.
+* The `AuthAPI` client no longer requires a client secret, enabling support for APIs and scenarios where a secret is not required.
+
+Version 2 includes breaking changes. Please read this guide to learn how to update your application for v2.
+
+### Configuring `auth0-java` v2
+
+To create the API clients, use the new builders, and specify any HTTP-related configurations with the new `DefaultHttpClient`:
+
+```java
+Auth0HttpClient http = DefaultHttpClient.newBuilder()
+        .withConnectTimeout(10)
+        .withReadTimeout(10)
+        // additional configurations as needed
+        .build();
+
+AuthAPI auth = AuthAPI.newBuilder("{DOMAIN}", "{CLIENT-ID}", "{OPTIONAL-CLIENT-SECRET}")
+        .withHttpClient(http)
+        .build();
+
+ManagementAPI mgmt = ManagementAPI.newBuilder("{DOMAIN}", "{API-TOKEN}")
+        .withHttpClient(http)
+        .build();
+```
+
+### Response information
+
+Version 2 returns HTTP response information such as status code and headers in a new `com.auth0.net.Response` type. 
+Instead of simply returning the parsed JSON response body from requests, all API methods now return a `Response<T>`.
+If you have no need for the response information, replace any calls to `execute()` with `execute().getBody()` to get the returned response body as before:
+
+```java
+// Get response info
+Response<User> userResponse = api.users().get("{USER-ID}", null);
+int code = userResponse.getStatusCode();
+Map<String, String> headers = userResponse.getHeaders();
+
+// Just get the response body
+User user = api.users().get("{USER-ID}", null).execute().getBody();
+```
+
+### Request configuration
+
+Previously, only requests that returned a `CustomizableRequest` (or its implementation, `CustomRequest`) allowed for a request to be configured with additional parameters or headers.
+In v2, the `com.auth0.net.Request` interface defines the new methods:
+
+- `Request<T> addHeader(String name, String value)`
+- `Request<T> addParameter(String name, Object value)`
+- `Request<T> setBody(Object body)`
+
+This enables all requests to be configured, without the need to downcast to `CustomizableRequest` or `CustomRequest`. 
+If you were down-casting to these types, you will need to remove the cast and instead configure the request directly:
+
+```java
+Request<User> userRequest = api.users().get("{USER-ID}", null);
+userRequest.addHeader("some-header", "some-value");
+Response<User> userResponse = userRequest.execute();
+```
+
+### Detailed changes
+
+The following summarizes details of the changes in version 2, including types and methods removed, added, or deprecated. 
+
+#### Removed classes
+
+- `AuthRequest` has been removed. Use `TokenRequest` instead.
+- `CustomizableRequest` and `CustomRequest` have been removed. The `Request` interface now supports request customization directly without the need to downcast.
+- `FormDataRequest` has been removed. Use `MultipartRequest` instead.
+- `CreateUserRequest` has been removed. Use `SignUpRequest` instead.
+
+#### Moved classes
+
+- `com.auth0.json.mgmt.Token` moved to `com.auth0.json.mgmt.blacklists.Token`
+- `com.auth0.json.mgmt.ClientGrant` moved to `com.auth0.json.mgmt.clientgrants.ClientGrant` 
+- `com.auth0.json.mgmt.ClientGrantsPage` moved to `com.auth0.json.mgmt.clientgrants.ClientGrantsPage`
+- `com.auth0.json.mgmt.Connection` moved to `com.auth0.json.mgmt.connections.Connection`
+- `com.auth0.json.mgmt.ConnectionsPage` moved to `com.auth0.json.mgmt.connections.ConnectionsPage`
+- `com.auth0.json.mgmt.DeviceCredentials` moved to `com.auth0.json.mgmt.devicecredentials.DeviceCredentials`
+- `com.auth0.json.mgmt.EmailTemplate` moved to `com.auth0.json.mgmt.emailtemplates.EmailTemplate`
+- `com.auth0.json.mgmt.Grant` moved to `com.auth0.json.mgmt.grants.Grant`
+- `com.auth0.json.mgmt.GrantsPage` moved to `com.auth0.json.mgmt.grants.GrantsPage`
+- `com.auth0.json.mgmt.EmailVerificationIdentity` moved to `com.auth0.json.mgmt.tickets.EmailVerificationIdentity`
+- `com.auth0.json.mgmt.Key;` moved to `com.auth0.json.mgmt.keys.Key`
+- `com.auth0.json.mgmt.RolesPage` moved to `com.auth0.json.mgmt.roles.RolesPage`
+- `com.auth0.json.mgmt.ResourceServer` moved to `com.auth0.json.mgmt.resourceserver.ResourceServer`
+- `com.auth0.json.mgmt.ResourceServersPage` moved to `com.auth0.json.mgmt.resourceserver.ResourceServersPage`
+- `com.auth0.json.mgmt.Permission` moved to `com.auth0.json.mgmt.permissions.Permission`
+- `com.auth0.json.mgmt.PermissionsPage` moved to `com.auth0.json.mgmt.permissions.PermissionsPage`
+- `com.auth0.json.mgmt.Role` moved to `com.auth0.json.mgmt.roles.Role`
+- `com.auth0.json.mgmt.RolesPage` moved to `com.auth0.json.mgmt.roles.RolesPage`
+- `com.auth0.json.mgmt.RulesConfig` moved to `com.auth0.json.mgmt.rules.RulesConfig`
+- `com.auth0.json.mgmt.Rule` moved to `com.auth0.json.mgmt.rules.Rule`
+- `com.auth0.json.mgmt.RulesPage` moved to `com.auth0.json.mgmt.rules.RulesPage`
+- `com.auth0.json.mgmt.DailyStats` moved to `com.auth0.json.mgmt.stats.DailyStats`
+- `com.auth0.json.mgmt.Permission` moved to `com.auth0.json.mgmt.permissions.Permission`
+- `com.auth0.json.mgmt.PermissionsPage` moved to `com.auth0.json.mgmt.permissions.PermissionsPage`
+- `com.auth0.json.mgmt.RolesPage` moved to `com.auth0.json.mgmt.roles.RolesPage`
+
+#### Removed methods
+
+- `void com.auth0.client.mgmt.ManagementAPI#doNotSendTelemetry()` has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- `void com.auth0.client.auth.AuthAPI#doNotSendTelemetry()` has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- `void com.auth0.client.mgmt.ManagementAPI#setTelemetry(Telemetry telemetry)` has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- `void com.auth0.client.auth.AuthAP#setTelemetry(Telemetry telemetry)` has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- Deprecated `void com.auth0.client.mgmt.ManagementAPI#setLoggingEnabled(boolean enabled)`  has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- Deprecated `void com.auth0.client.auth.AuthAPI#setLoggingEnabled(boolean enabled)`  has been removed. Telemetry configuration can be done using the `DefaultHttpClient#Builder`
+- Deprecated `Request<List<ClientGrant>> com.auth0.client.mgmt.ClientGrantsEntity#list()` has been removed. Use `Request<ClientGrantsPage> list(ClientGrantsFilter filter) com.auth0.client.mgmt.ClientGrantsEntity#list(ClientGrantsFilter filter)` instead.
+- Deprecated `Request<List<Client>> com.auth0.client.mgmt.ClientsEntity#list()` has been removed. Use `Request<ClientsPage> com.auth0.client.mgmt.ClientsEntity#list(ClientFilter filter)` instead.
+- Deprecated `Request<List<Connection>> com.auth0.client.mgmt.ClientsEntity#list(ConnectionFilter filter)` has been removed. Use `Request<ConnectionsPage> com.auth0.client.mgmt.ClientsEntity#listAll(ConnectionFilter filter)` instead.
+- Deprecated `Request<List<Grant>> com.auth0.client.mgmt.GrantsEntity#list(String userId)` has been removed. Use `Request<GrantsPage> com.auth0.client.mgmt.GrantsEntity#list(String userId, GrantsFilter filter)` instead.
+- Deprecated `Request<List<ResourceServer>> com.auth0.client.mgmt.ResourceServerEntity#list()` has been removed. Use `Request<ResourceServersPage> com.auth0.client.mgmt.ResourceServersEntity#list(ResourceServersFilter)` instead.
+- Deprecated `Request<List<Rule>> com.auth0.client.mgmt.RulesEntity#list(RulesFilter filter)` has been removed. Use `Request<RulesPage> com.auth0.client.mgmt.RulesEntity#listAll(RulesFilter filter)` instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.EnrollmentTicket#setUserId(String id)` has been removed. Use the constructor instead.
+- Deprecated `com.auth0.json.mgmt.guardian.SNSFactorProvider` no-arg constructor has been removed. Use the full constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.SNSFactorProvider#setAWSAccessKeyId(String awsAccessKeyId)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.SNSFactorProvider#setAWSSecretAccessKey(String awsSecretAccessKey)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.SNSFactorProvider#setAWSRegion(String awsRegion)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.SNSFactorProvider#setSNSAPNSPlatformApplicationARN(String apnARN)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.SNSFactorProvider#setSNSGCMPlatformApplicationARN(String gcmARN)` has been removed. Use the constructor instead.
+- Deprecated `com.auth0.json.mgmt.guardian.TwilioFactorProvider` no-arg constructor has been removed. Use the full constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.TwilioFactorProvider#setFrom(String from)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.TwilioFactorProvider#setMessagingServiceSID(String messagingServiceSID)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.TwilioFactorProvider#setAuthToken(String authToken)` has been removed. Use the constructor instead.
+- Deprecated `void com.auth0.json.mgmt.guardian.TwilioFactorProvider#setSID(String SID)` has been removed. Use the constructor instead.
+- The default implementation of `com.auth0.net.Request#executeAsync()` has been removed; implementations must provide an implementation of `executeAsync`.
+
+### New classes and methods
+
+#### Refactored HTTP layer types
+
+Version 2 introduces a new abstraction, `com.auth0.net.client.Auth0HttpClient`, to handle the core HTTP responsibilities of sending HTTP requests.
+An implementation is provided in `DefaultHttpClient`, which supports all the configurations available in the now-deprecated `HttpOptions`.
+In addition to these configurations, it is also possible to implement the `Auth0HttpClient` for advanced use-cases where the default implementation or its configurations are not sufficient.
+Several new types have been added to support this:
+
+- `com.auth0.net.client.Auth0HttpClient` has been added to define the HTTP client interface.
+- `com.auth0.net.client.DefaultHttpClient` is the default HTTP implementation that should be used in the majority of cases. It supports the same configurations as `HttpOptions`, but can be reused across API clients. It uses `OkHttp` as the networking client internally.
+- `com.auth0.net.client.Auth0HttpRequest` is a lightweight representation of an HTTP request to execute. Internal API implementations will form the request.
+- `com.auth0.net.client.Auth0HttpResponse` is a lightweight representation of an HTTP response. Internal API implementations will parse the response.
+- `com.auth0.net.client.HttpMethod` is an `enum` representing the HTTP methods.
+
+### New deprecations
+
+- `com.auth0.client.HttpOptions` has been deprecated, in favor of configuring the `DefaultHttpClient` directly.
+- `com.auth0.client.mgmt.ManagementAPI` constructors have been deprecated in favor of `ManagementAPI#newBuilder(String domain, String apiToken)`.
+- `com.auth0.client.auth.AuthAPI` constructors have been deprecated in favor of `AuthAPI.newBuilder(String domain, String clientId)` and `AuthAPI.newBuilder(String domain, String clientId, String clientSecret)`.