OE-215: Implement support for OAuth Client Credentials

simplified-accounts-api/build.gradle

@@ -11,6 +11,7 @@ dependencies {
   api libs.joda.time
   api libs.nypl.drm.core
   api libs.nypl.http.api
+  api libs.nypl.http.oauth.client.credentials
 
   implementation project(':simplified-opds-core')
 

simplified-accounts-api/src/main/java/org/nypl/simplified/accounts/api/AccountAuthenticationHelpers.kt

@@ -0,0 +1,57 @@
+package org.nypl.simplified.accounts.api
+
+import org.librarysimplified.http.api.LSHTTPAuthorizationBasic
+import org.librarysimplified.http.api.LSHTTPAuthorizationBearerToken
+import org.librarysimplified.http.api.LSHTTPRequestBuilderType
+import org.librarysimplified.http.oauth_client_credentials.setOAuthAuthenticateURI
+
+/**
+ * Authenticate a request in the best way, which means that OAuth Client Credentials will be used
+ * if possible.
+ *
+ * This must not be used outside of the LoggedIn state when credentials are not available.
+ */
+
+fun LSHTTPRequestBuilderType.setAuthentication(account: AccountReadableType): LSHTTPRequestBuilderType {
+  val credentials = (account.loginState as? AccountLoginState.AccountLoggedIn)?.credentials
+  setAuthorization(credentials)
+
+  val oauthAuthenticationDescription =
+    account.provider.authenticationAlternatives
+      .filterIsInstance(AccountProviderAuthenticationDescription.OAuthClientCredentials::class.java)
+      .firstOrNull()
+
+  oauthAuthenticationDescription?.let {
+    setOAuthAuthenticateURI(it.authenticate)
+  }
+
+  return this
+}
+
+/**
+ * Authorize a request on the basis of the given credentials.
+ *
+ * This is intended to be used outside of the LoggedIn state, when the account doesn't
+ * own credentials yet.
+ */
+
+fun LSHTTPRequestBuilderType.setAuthorization(credentials: AccountAuthenticationCredentials?): LSHTTPRequestBuilderType {
+  val authorization = when (credentials) {
+    null -> null
+    is AccountAuthenticationCredentials.Basic ->
+      LSHTTPAuthorizationBasic.ofUsernamePassword(
+        userName = credentials.userName.value,
+        password = credentials.password.value
+      )
+    is AccountAuthenticationCredentials.OAuthWithIntermediary ->
+      LSHTTPAuthorizationBearerToken.ofToken(
+        token = credentials.accessToken
+      )
+    is AccountAuthenticationCredentials.SAML2_0 ->
+      LSHTTPAuthorizationBearerToken.ofToken(
+        token = credentials.accessToken
+      )
+  }
+  setAuthorization(authorization)
+  return this
+}

simplified-accounts-api/src/main/java/org/nypl/simplified/accounts/api/AccountProviderAuthenticationDescription.kt

@@ -33,6 +33,15 @@ sealed class AccountProviderAuthenticationDescription : Serializable {
     const val ANONYMOUS_TYPE =
       "http://librarysimplified.org/rel/auth/anonymous"
 
+    /**
+     * The type used to identify the authentication type where we provide the server with
+     * basic auth credentials to get a temporary token. This authentication is used by projects
+     * such as Open eBooks.
+     */
+
+    const val OAUTH_CLIENT_CREDENTIALS =
+      "http://librarysimplified.org/authtype/OAuth-Client-Credentials"
+
     /**
      * The type used to identify OAuth with an intermediary. This is the authentication used
      * by projects such as Open eBooks.
@@ -128,12 +137,10 @@ sealed class AccountProviderAuthenticationDescription : Serializable {
   }
 
   /**
-   * Basic authentication is required.
+   * Information about how an authentication form should look like and behave.
    */
 
-  data class Basic(
-    override val description: String,
-
+  data class FormDescription(
     /**
      * The barcode format, if specified, such as "CODABAR". If this is unspecified, then
      * barcode scanning and displaying is not supported.
@@ -173,6 +180,27 @@ sealed class AccountProviderAuthenticationDescription : Serializable {
      */
 
     val labels: Map<String, String>,
+  ) {
+    init {
+      Preconditions.checkArgument(
+        this.barcodeFormat?.all { c -> c.isUpperCase() || c.isWhitespace() } ?: true,
+        "Barcode format ${this.barcodeFormat} must be uppercase"
+      )
+    }
+  }
+
+  /**
+   * Basic authentication is required.
+   */
+
+  data class Basic(
+    override val description: String,
+
+    /**
+     * Information about how the authentication form should look like and behave.
+     */
+
+    val formDescription: FormDescription,
 
     /**
      * The URI of the authentication logo.
@@ -183,13 +211,32 @@ sealed class AccountProviderAuthenticationDescription : Serializable {
 
     override val isLoginPossible: Boolean =
       true
+  }
 
-    init {
-      Preconditions.checkArgument(
-        this.barcodeFormat?.all { c -> c.isUpperCase() || c.isWhitespace() } ?: true,
-        "Barcode format ${this.barcodeFormat} must be uppercase"
-      )
-    }
+  data class OAuthClientCredentials(
+    override val description: String,
+
+    /**
+     * Information about how the authentication form should look like and behave.
+     */
+
+    val formDescription: FormDescription,
+
+    /**
+     * The URI used to perform authentication.
+     */
+
+    val authenticate: URI,
+
+    /**
+     * The URI of the authentication logo.
+     */
+
+    val logoURI: URI?
+  ) : AccountProviderAuthenticationDescription() {
+
+    override val isLoginPossible: Boolean =
+      true
   }
 
   /**

simplified-accounts-api/src/main/java/org/nypl/simplified/accounts/api/AccountProviderType.kt

@@ -158,7 +158,8 @@ interface AccountProviderType : Comparable<AccountProviderType> {
       is AccountProviderAuthenticationDescription.SAML2_0,
       AccountProviderAuthenticationDescription.Anonymous,
       is AccountProviderAuthenticationDescription.Basic,
-      is AccountProviderAuthenticationDescription.OAuthWithIntermediary ->
+      is AccountProviderAuthenticationDescription.OAuthWithIntermediary,
+      is AccountProviderAuthenticationDescription.OAuthClientCredentials ->
         this.catalogURI
     }
   }
@@ -181,7 +182,13 @@ interface AccountProviderType : Comparable<AccountProviderType> {
       is AccountProviderAuthenticationDescription.COPPAAgeGate ->
         false
       is AccountProviderAuthenticationDescription.Basic -> {
-        when (auth.barcodeFormat) {
+        when (auth.formDescription.barcodeFormat) {
+          "Codabar" -> true
+          else -> false
+        }
+      }
+      is AccountProviderAuthenticationDescription.OAuthClientCredentials -> {
+        when (auth.formDescription.barcodeFormat) {
           "Codabar" -> true
           else -> false
         }

simplified-accounts-api/src/main/java/org/nypl/simplified/accounts/api/AccountReadableType.kt

@@ -37,7 +37,8 @@ interface AccountReadableType {
       is AccountProviderAuthenticationDescription.SAML2_0,
       AccountProviderAuthenticationDescription.Anonymous,
       is AccountProviderAuthenticationDescription.Basic,
-      is AccountProviderAuthenticationDescription.OAuthWithIntermediary ->
+      is AccountProviderAuthenticationDescription.OAuthWithIntermediary,
+      is AccountProviderAuthenticationDescription.OAuthClientCredentials ->
         this.provider.catalogURI == feedURI || this.preferences.catalogURIOverride == feedURI
     }
   }
@@ -80,6 +81,7 @@ interface AccountReadableType {
     get() = when (this.provider.authentication) {
       is AccountProviderAuthenticationDescription.COPPAAgeGate -> false
       is AccountProviderAuthenticationDescription.Basic -> true
+      is AccountProviderAuthenticationDescription.OAuthClientCredentials -> true
       is AccountProviderAuthenticationDescription.OAuthWithIntermediary -> true
       is AccountProviderAuthenticationDescription.SAML2_0 -> true
       is AccountProviderAuthenticationDescription.Anonymous -> false