CredentialsManager: Allow to pass scope and minTTL #363
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Widcket
reviewed
Oct 21, 2020
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
| boolean willExpire = willExpire(nextCacheExpiresAt, minTtl); | ||
| if (willExpire) { | ||
| long tokenLifetime = (nextCacheExpiresAt - getCurrentTimeInMillis() - minTtl * 1000) / -1000; | ||
| CredentialsManagerException wrongTtlException = new CredentialsManagerException(String.format("The lifetime of the renewed Access Token or Id Token (%d) is less than the minTTL requested (%d). Increase the 'Token Expiration' setting of your Auth0 API or the 'ID Token Expiration' of your Auth0 Application in the dashboard, or request a lower minTTL.", tokenLifetime, minTtl)); |
There was a problem hiding this comment.
Idem, the use case that brought the TTL renewal feature to life was about making sure the AT would have enough lifetime before sending it to a backend server. Shouldn't only the AT be considered here? Specially considering the developer is not expected to send the ID Token anywhere.
There was a problem hiding this comment.
No, that would break compatibility with the feature requested in the linked PR (see the other comment).
There was a problem hiding this comment.
It's possible to check the TTL of just the AT without breaking compatibility, if you also check that the ID Token has not expired yet. So:
- Check that the AT and the ID Token have not expired yet
- Check that the AT will not expire within the TTL
That will keep the logic consistent with Auth0.swift and will not break compatibility with that feature request.
There was a problem hiding this comment.
After all, the existing behavior (that needs to be preserved) is about checking if the credentials already expired, while the new behavior is about checking if they will expire. So the new, additive behavior can be limited to the AT, while keeping the existing behavior unchanged.
There was a problem hiding this comment.
Fixed. Do you mind taking a look, please?
There was a problem hiding this comment.
Please also update the error message, it still references the ID Token.
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Oct 21, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Widcket
requested changes
Oct 21, 2020
|
Also I'd add another test case where the credentials have expired and the scope is different, to check that the refreshed credentials have the new scope. |
Widcket
reviewed
Oct 21, 2020
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Outdated
Show resolved
Hide resolved
lbalmaceda
force-pushed
the
feat-cm-ttl
branch
from
7b2d7d9
to
460a9dc
Compare
lbalmaceda
force-pushed
the
feat-cm-ttl
branch
from
460a9dc
to
047f276
Compare
Widcket
requested changes
Oct 30, 2020
Widcket
reviewed
Oct 30, 2020
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
lbalmaceda
force-pushed
the
feat-cm-ttl
branch
from
9fd55e2
to
e36adc6
Compare
|
@Widcket ready! 🤞 |
Widcket
previously approved these changes
Oct 30, 2020
Widcket
approved these changes
Oct 30, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
This PR improves the feature parity with iOS' CredentialManager class. Now developers can specify a reduced scope for when the tokens expire and need to be refreshed. And also a minimum time to live that the received tokens must have.
In order to add support for this, a new method was introduced. The old functionality remains the same.
A following PR will add the same support for the
SecureCredentialsManager.References
Relates to #349
Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors