Merge pull request #278 from okta/state_parameter

Add state parameter to AuthorizationCodeFlow.start
okta · Jan 31, 2024 · a0a1562 · a0a1562
2 parents 4a2b6e0 + 8876a8b
commit a0a1562
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 15 deletions.
diff --git a/auth-foundation/src/main/java/com/okta/authfoundation/client/DeviceTokenCookieJar.kt b/auth-foundation/src/main/java/com/okta/authfoundation/client/DeviceTokenCookieJar.kt
@@ -23,10 +23,12 @@ import kotlin.time.Duration.Companion.seconds
 class DeviceTokenCookieJar(private val oidcClock: OidcClock) : CookieJar {
     private val savedCookiesCache = mutableMapOf<String, List<Cookie>>()
 
-    private val deviceTokenCookieBuilder = Cookie.Builder()
-        .name("DT")
-        .value(DeviceTokenProvider.deviceToken)
-        .secure()
+    private val deviceTokenCookieBuilder by lazy {
+        Cookie.Builder()
+            .name("DT")
+            .value(DeviceTokenProvider.deviceToken)
+            .secure()
+    }
 
     override fun loadForRequest(url: HttpUrl): List<Cookie> {
         val deviceTokenCookie = deviceTokenCookieBuilder.domain(url.host).build()

diff --git a/auth-foundation/src/main/java/com/okta/authfoundation/client/DeviceTokenProvider.kt b/auth-foundation/src/main/java/com/okta/authfoundation/client/DeviceTokenProvider.kt
@@ -16,12 +16,13 @@
 package com.okta.authfoundation.client
 
 import android.content.Context
+import android.content.SharedPreferences
 import androidx.annotation.VisibleForTesting
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKeys
 import java.util.UUID
 
-class DeviceTokenProvider private constructor(appContext: Context) {
+class DeviceTokenProvider private constructor(private val appContext: Context) {
     internal companion object {
         private const val FILE_NAME = "com.okta.authfoundation.device_token_storage"
         @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
@@ -43,14 +44,26 @@ class DeviceTokenProvider private constructor(appContext: Context) {
 
     private val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
 
+    private fun createSharedPreferences(): SharedPreferences {
+        return EncryptedSharedPreferences.create(
+            FILE_NAME,
+            masterKeyAlias,
+            appContext,
+            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+        )
+    }
+
     @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
-    internal val sharedPrefs = EncryptedSharedPreferences.create(
-        FILE_NAME,
-        masterKeyAlias,
-        appContext,
-        EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-        EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
-    )
+    internal val sharedPrefs: SharedPreferences by lazy {
+        try {
+            createSharedPreferences()
+        } catch (e: Exception) {
+            val sharedPreferences = appContext.getSharedPreferences(FILE_NAME, Context.MODE_PRIVATE)
+            sharedPreferences.edit().clear().commit()
+            createSharedPreferences()
+        }
+    }
 
     private val sharedPrefsEditor = sharedPrefs.edit()
 

diff --git a/oauth2/api/oauth2.api b/oauth2/api/oauth2.api
@@ -2,8 +2,8 @@ public final class com/okta/oauth2/AuthorizationCodeFlow {
 	public static final field Companion Lcom/okta/oauth2/AuthorizationCodeFlow$Companion;
 	public synthetic fun <init> (Lcom/okta/authfoundation/client/OidcClient;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public final fun resume (Landroid/net/Uri;Lcom/okta/oauth2/AuthorizationCodeFlow$Context;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
-	public final fun start (Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
-	public static synthetic fun start$default (Lcom/okta/oauth2/AuthorizationCodeFlow;Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;Lkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
+	public final fun start (Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public static synthetic fun start$default (Lcom/okta/oauth2/AuthorizationCodeFlow;Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;Ljava/lang/String;Lkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
 }
 
 public final class com/okta/oauth2/AuthorizationCodeFlow$Companion {

diff --git a/oauth2/src/main/java/com/okta/oauth2/AuthorizationCodeFlow.kt b/oauth2/src/main/java/com/okta/oauth2/AuthorizationCodeFlow.kt
@@ -107,11 +107,12 @@ class AuthorizationCodeFlow private constructor(
         redirectUrl: String,
         extraRequestParameters: Map<String, String> = emptyMap(),
         scope: String = oidcClient.configuration.defaultScope,
+        state: String = UUID.randomUUID().toString()
     ): OidcClientResult<Context> {
         return start(
             redirectUrl = redirectUrl,
             codeVerifier = PkceGenerator.codeVerifier(),
-            state = UUID.randomUUID().toString(),
+            state = state,
             nonce = UUID.randomUUID().toString(),
             extraRequestParameters = extraRequestParameters,
             scope = scope