Conversation
pmathew92
changed the title
Widcket
reviewed
Apr 15, 2025
EXAMPLES.md
Outdated
|
|
||
| This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again. | ||
|
|
||
| Call the api to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point. |
Contributor
There was a problem hiding this comment.
Suggested change
| Call the api to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point. | |
| Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point. |
Widcket
reviewed
Apr 15, 2025
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException] | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| } | ||
|
|
||
| /** | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException] | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
| * @param ssoCredentials the credentials to save in the storage. | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Helper method to store the given [SessionTransferCredentials] refresh token in the storage. | ||
| * Method will silently return ,if the passed credentials has no refresh token. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Method will silently return ,if the passed credentials has no refresh token. | |
| * Method will silently return if the passed credentials have no refresh token. |
Widcket
reviewed
Apr 15, 2025
| * the client. Method will silently return ,if the passed credentials has no refresh token. | ||
| * | ||
| * @param ssoCredentials the credentials to save in the storage. | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| * @param ssoCredentials the credentials to save in the storage. | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException] | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
| val exception = when { | ||
| error.isRefreshTokenDeleted || | ||
| error.isInvalidRefreshToken -> CredentialsManagerException.Code.RENEW_FAILED | ||
| error.isRefreshTokenDeleted || error.isInvalidRefreshToken -> CredentialsManagerException.Code.RENEW_FAILED |
Contributor
There was a problem hiding this comment.
Should we throw a distinct error here?
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException] | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException] | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
| } | ||
|
|
||
| /** | ||
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | |
| * Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException] |
Widcket
reviewed
Apr 15, 2025
| * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException] | ||
| * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token, | ||
| * if a new one is issued | ||
| * if a new one is issued. |
Contributor
There was a problem hiding this comment.
Suggested change
| * if a new one is issued. | |
| * if a new one is issued. |
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Helper method to stores the given [SessionTransferCredentials] refresh token in the storage. | ||
| * Method will silently return ,if the passed credentials has no refresh token. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Method will silently return ,if the passed credentials has no refresh token. | |
| * Method will silently return if the passed credentials have no refresh token. |
Widcket
reviewed
Apr 15, 2025
| return | ||
| } | ||
| // Checking if the existing one needs to be replaced with the new one | ||
| if (existingCredentials.refreshToken == sessionTransferCredentials.refreshToken && existingCredentials.idToken == sessionTransferCredentials.idToken) return |
Contributor
There was a problem hiding this comment.
There's no need to check the ID token for equality, as the newer one will have a different iat (issued at) claim value, so the token values will always be different.
Contributor
There was a problem hiding this comment.
So we can always replace the old ID token with the new one.
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
|
|
||
| /** | ||
| * Holds the session token credentials required for web SSO . | ||
| * Holds the token credentials required for web SSO . |
Contributor
There was a problem hiding this comment.
Suggested change
| * Holds the token credentials required for web SSO . | |
| * Holds the token credentials required for web SSO. |
Widcket
reviewed
Apr 15, 2025
| public data class SessionTransferCredentials( | ||
| /** | ||
| * The Session Token used for web SSO . | ||
| * The token used for web SSO . |
Contributor
There was a problem hiding this comment.
Suggested change
| * The token used for web SSO . | |
| * The token used for web SSO. |
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 15, 2025
| @field:SerializedName("id_token") public val idToken: String, | ||
|
|
||
| /** | ||
| * Type of the token issued.In this case, an Auth0 web sso token |
Contributor
There was a problem hiding this comment.
Suggested change
| * Type of the token issued.In this case, an Auth0 web sso token | |
| * Type of the token issued. In this case, an Auth0 web sso token. |
Widcket
reviewed
Apr 15, 2025
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt
Outdated
Show resolved
Hide resolved
Widcket
reviewed
Apr 16, 2025
EXAMPLES.md
Outdated
|
|
||
| This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again. | ||
|
|
||
| Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point by passing as a query parameter or a cookie value. |
Contributor
There was a problem hiding this comment.
Suggested change
| Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point by passing as a query parameter or a cookie value. | |
| Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` endpoint, passing the token as a query parameter or a cookie value. |
Widcket
reviewed
Apr 16, 2025
| cookieManager.setAcceptCookie(true) | ||
| cookieManager.setCookie( | ||
| url, | ||
| "session_token=$sessionToken; path=/" |
Contributor
There was a problem hiding this comment.
Should session_token=$sessionToken; path=/ be auth0_session_transfer_token=$sessionToken; path=/?
Contributor
Author
There was a problem hiding this comment.
This file is not required anymore. Missed deleting it. Thanks for bringing this to notice
Widcket
reviewed
Apr 16, 2025
| * * *expiresIn*: The token expiration duration. | ||
| * * *issuedTokenType*: Type of the token issued. | ||
| * | ||
| * Holds the token credentials required for web SSO . |
Contributor
There was a problem hiding this comment.
Suggested change
| * Holds the token credentials required for web SSO . | |
| * Holds the token credentials required for web SSO. |
Widcket
reviewed
Apr 16, 2025
| public data class SSOCredentials( | ||
| /** | ||
| * The Session Token used for web SSO . | ||
| * The token used for web SSO . |
Contributor
There was a problem hiding this comment.
Suggested change
| * The token used for web SSO . | |
| * The token used for web SSO. |
Widcket
reviewed
Apr 16, 2025
| * Expiration duration of the session token in seconds. Session tokens are short-lived and expire after a few minutes. | ||
| * Once expired, the Session Token can no longer be used for SSO. | ||
| * Expiration duration of the session transfer token in seconds. Session transfer tokens are short-lived and expire after a few minutes. | ||
| * Once expired, the session transfer tokens can no longer be used for web SSO. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Once expired, the session transfer tokens can no longer be used for web SSO. | |
| * Once expired, the session transfer tokens can no longer be used for web SSO. |
Widcket
reviewed
Apr 16, 2025
| import com.auth0.android.Auth0 | ||
|
|
||
| /** | ||
| * Provider class to handle native to web sso |
Contributor
There was a problem hiding this comment.
Suggested change
| * Provider class to handle native to web sso | |
| * Provider class to handle native to web SSO. |
Widcket
reviewed
Apr 16, 2025
| @field:SerializedName("id_token") public val idToken: String, | ||
|
|
||
| /** | ||
| * Type of the token issued.In this case, an Auth0 session transfer token |
Contributor
There was a problem hiding this comment.
Suggested change
| * Type of the token issued.In this case, an Auth0 session transfer token | |
| * Type of the token issued. In this case, an Auth0 session transfer token. |
pmathew92
changed the title
pmathew92
changed the title
Widcket
approved these changes
Apr 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors