-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CredentialsManager: Allow to pass scope and minTTL #363
Conversation
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
boolean willExpire = willExpire(nextCacheExpiresAt, minTtl); | ||
if (willExpire) { | ||
long tokenLifetime = (nextCacheExpiresAt - getCurrentTimeInMillis() - minTtl * 1000) / -1000; | ||
CredentialsManagerException wrongTtlException = new CredentialsManagerException(String.format("The lifetime of the renewed Access Token or Id Token (%d) is less than the minTTL requested (%d). Increase the 'Token Expiration' setting of your Auth0 API or the 'ID Token Expiration' of your Auth0 Application in the dashboard, or request a lower minTTL.", tokenLifetime, minTtl)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Idem, the use case that brought the TTL renewal feature to life was about making sure the AT would have enough lifetime before sending it to a backend server. Shouldn't only the AT be considered here? Specially considering the developer is not expected to send the ID Token anywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, that would break compatibility with the feature requested in the linked PR (see the other comment).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's possible to check the TTL of just the AT without breaking compatibility, if you also check that the ID Token has not expired yet. So:
- Check that the AT and the ID Token have not expired yet
- Check that the AT will not expire within the TTL
That will keep the logic consistent with Auth0.swift and will not break compatibility with that feature request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After all, the existing behavior (that needs to be preserved) is about checking if the credentials already expired, while the new behavior is about checking if they will expire. So the new, additive behavior can be limited to the AT, while keeping the existing behavior unchanged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Do you mind taking a look, please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also update the error message, it still references the ID Token.
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The logic differs from the Auth0.swift implementation.
Also I'd add another test case where the credentials have expired and the scope is different, to check that the refreshed credentials have the new scope. |
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
Outdated
Show resolved
Hide resolved
7b2d7d9
to
460a9dc
Compare
460a9dc
to
047f276
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good, just missing the minTtl
overload of hasValidCredentials
.
auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.java
Outdated
Show resolved
Hide resolved
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
9fd55e2
to
e36adc6
Compare
@Widcket ready! 🤞 |
Changes
This PR improves the feature parity with iOS' CredentialManager class. Now developers can specify a reduced scope for when the tokens expire and need to be refreshed. And also a minimum time to live that the received tokens must have.
In order to add support for this, a new method was introduced. The old functionality remains the same.
A following PR will add the same support for the
SecureCredentialsManager
.References
Relates to #349
Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors