Skip to content

Fix oauth implementation #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 15, 2025
Merged

Fix oauth implementation #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
87317f0
refactor: Simplify OAuth configuration methods and enhance PKCE flow …
reeshika-h Sep 15, 2025
3d91e99
refactor: Update OAuth configuration methods to enhance clarity and s…
reeshika-h Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 16 additions & 37 deletions src/main/java/com/contentstack/cms/Contentstack.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -740,14 +740,6 @@ public Builder setOAuthConfig(OAuthConfig config) {
return this;
}

/**
* Configures OAuth with client credentials (traditional flow)
* @param appId Application ID
* @param clientId Client ID
* @param clientSecret Client secret
* @param redirectUri Redirect URI
* @return Builder instance
*/
private TokenCallback tokenCallback;

/**
Expand All @@ -760,64 +752,51 @@ public Builder setTokenCallback(TokenCallback callback) {
return this;
}

public Builder setOAuth(String appId, String clientId, String clientSecret, String redirectUri) {
// Use the builder's hostname (which defaults to Util.HOST if not set)
return setOAuth(appId, clientId, clientSecret, redirectUri, this.hostname);
}

/**
* Configures OAuth with client credentials and specific host
* Configures OAuth authentication with PKCE flow (no client secret)
* @param appId Application ID
* @param clientId Client ID
* @param clientSecret Client secret
* @param redirectUri Redirect URI
* @param host API host (e.g. "api.contentstack.io", "eu-api.contentstack.com")
* @return Builder instance
*/
public Builder setOAuth(String appId, String clientId, String clientSecret, String redirectUri, String host) {
OAuthConfig.OAuthConfigBuilder builder = OAuthConfig.builder()
.appId(appId)
.clientId(clientId)
.clientSecret(clientSecret)
.redirectUri(redirectUri)
.host(host);

// Add token callback if set
if (this.tokenCallback != null) {
builder.tokenCallback(this.tokenCallback);
}

this.oauthConfig = builder.build();
return this;
public Builder setOAuth(String appId, String clientId, String redirectUri) {
// Use the builder's hostname (which defaults to Util.HOST if not set)
return setOAuth(appId, clientId, redirectUri, this.hostname);
}

/**
* Configures OAuth with PKCE (no client secret)
* Configures OAuth authentication with PKCE flow (no client secret) and specific host
* @param appId Application ID
* @param clientId Client ID
* @param redirectUri Redirect URI
* @param host API host (e.g. "api.contentstack.io", "eu-api.contentstack.com")
* @return Builder instance
*/
public Builder setOAuthWithPKCE(String appId, String clientId, String redirectUri) {
// Use the builder's hostname (which defaults to Util.HOST if not set)
return setOAuthWithPKCE(appId, clientId, redirectUri, this.hostname);
public Builder setOAuth(String appId, String clientId, String redirectUri, String host) {
return setOAuth(appId, clientId, redirectUri, host, null);
}

/**
* Configures OAuth with PKCE (no client secret) and specific host
* Configures OAuth authentication with optional client secret. PKCE flow is used when clientSecret is not provided.
* @param appId Application ID
* @param clientId Client ID
* @param redirectUri Redirect URI
* @param host API host (e.g. "api.contentstack.io", "eu-api.contentstack.com")
* @param clientSecret Optional client secret. If not provided, PKCE flow will be used
* @return Builder instance
*/
public Builder setOAuthWithPKCE(String appId, String clientId, String redirectUri, String host) {
public Builder setOAuth(String appId, String clientId, String redirectUri, String host, String clientSecret) {
OAuthConfig.OAuthConfigBuilder builder = OAuthConfig.builder()
.appId(appId)
.clientId(clientId)
.redirectUri(redirectUri)
.host(host);

// Only set clientSecret if provided (otherwise PKCE flow will be used)
if (clientSecret != null && !clientSecret.trim().isEmpty()) {
builder.clientSecret(clientSecret);
}

// Add token callback if set
if (this.tokenCallback != null) {
builder.tokenCallback(this.tokenCallback);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/contentstack/cms/core/Util.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public class Util {
public static final String OAUTH_NO_TOKENS = "No OAuth tokens available. Please authenticate first.";
public static final String OAUTH_NO_REFRESH_TOKEN = "No refresh token available";
public static final String OAUTH_EMPTY_CODE = "Authorization code cannot be null or empty";
public static final String OAUTH_CONFIG_MISSING = "OAuth is not configured. Use Builder.setOAuth() or Builder.setOAuthWithPKCE()";
public static final String OAUTH_CONFIG_MISSING = "OAuth is not configured. Use Builder.setOAuth() with or without clientSecret for PKCE flow";
public static final String OAUTH_REFRESH_FAILED = "Failed to refresh access token";
public static final String OAUTH_REVOKE_FAILED = "Failed to revoke authorization";
public static final String OAUTH_STATUS_FAILED = "Failed to get authorization status";
Expand Down
10 changes: 5 additions & 5 deletions src/test/java/com/contentstack/cms/oauth/OAuthTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,11 @@ public void setup() {

// Create Contentstack clients
pkceClient = new Contentstack.Builder()
.setOAuthWithPKCE(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI)
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI)
.build();

clientSecretClient = new Contentstack.Builder()
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_CLIENT_SECRET, TEST_REDIRECT_URI)
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI, Util.HOST, TEST_CLIENT_SECRET)
.build();
}

Expand Down Expand Up @@ -113,7 +113,7 @@ public void testInvalidConfigurations() {
// Test invalid app ID
try {
new Contentstack.Builder()
.setOAuthWithPKCE("", TEST_CLIENT_ID, TEST_REDIRECT_URI)
.setOAuth("", TEST_CLIENT_ID, TEST_REDIRECT_URI)
.build();
fail("Should throw exception for empty app ID");
} catch (IllegalArgumentException e) {
Expand Down Expand Up @@ -282,7 +282,7 @@ public void testHostStorage() {

// Test host storage via Contentstack.Builder
Contentstack client = new Contentstack.Builder()
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_CLIENT_SECRET, TEST_REDIRECT_URI, testHost)
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI, testHost, TEST_CLIENT_SECRET)
.build();

String authUrl = client.getOAuthAuthorizationUrl();
Expand All @@ -291,7 +291,7 @@ public void testHostStorage() {

// Test host storage via PKCE builder
client = new Contentstack.Builder()
.setOAuthWithPKCE(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI, testHost)
.setOAuth(TEST_APP_ID, TEST_CLIENT_ID, TEST_REDIRECT_URI, testHost)
.build();

authUrl = client.getOAuthAuthorizationUrl();
Expand Down
Loading