Flush out the implementation for limited use tokens

Author: AustinBenoit

app_check/integration_test/src/integration_test.cc

@@ -516,6 +516,27 @@ TEST_F(FirebaseAppCheckTest, TestGetTokenLastResult) {
             future2.result()->expire_time_millis);
 }
 
+TEST_F(FirebaseAppCheckTest, TestGetLimitedUseAppCheckToken) {
+  InitializeAppCheckWithDebug();
+  InitializeApp();
+  ::firebase::app_check::AppCheck* app_check =
+      ::firebase::app_check::AppCheck::GetInstance(app_);
+  ASSERT_NE(app_check, nullptr);
+
+  firebase::Future<::firebase::app_check::AppCheckToken> future =
+      app_check->GetLimitedUseAppCheckToken();
+  EXPECT_TRUE(WaitForCompletion(future, "GetLimitedUseAppCheckToken"));
+  ::firebase::app_check::AppCheckToken token = *future.result();
+  EXPECT_NE(token.token, "");
+  EXPECT_NE(token.expire_time_millis, 0);
+
+  firebase::Future<::firebase::app_check::AppCheckToken> future2 =
+      app_check->GetLimitedUseAppCheckTokenLastResult();
+  EXPECT_TRUE(WaitForCompletion(future2, "GetLimitedUseAppCheckTokenLastResult"));
+  EXPECT_EQ(future.result()->expire_time_millis,
+            future2.result()->expire_time_millis);
+}
+
 TEST_F(FirebaseAppCheckTest, TestAddTokenChangedListener) {
   InitializeAppCheckWithDebug();
   InitializeApp();

app_check/src/android/app_check_android.cc

@@ -47,6 +47,8 @@ namespace internal {
     "(Z)V"),                                                                   \
   X(GetToken, "getAppCheckToken",                                              \
     "(Z)Lcom/google/android/gms/tasks/Task;"),                                 \
+  X(GetLimitedUseToken, "getLimitedUseAppCheckToken",                          \
+    "()Lcom/google/android/gms/tasks/Task;"),                                  \
   X(AddAppCheckListener, "addAppCheckListener",                                \
     "(Lcom/google/firebase/appcheck/FirebaseAppCheck$AppCheckListener;)V"),    \
   X(RemoveAppCheckListener, "removeAppCheckListener",                          \
@@ -486,6 +488,33 @@ Future<AppCheckToken> AppCheckInternal::GetAppCheckTokenLastResult() {
       future()->LastResult(kAppCheckFnGetAppCheckToken));
 }
 
+Future<AppCheckToken> AppCheckInternal::GetLimitedUseAppCheckToken() {
+  JNIEnv* env = app_->GetJNIEnv();
+  auto handle =
+      future()->SafeAlloc<AppCheckToken>(kAppCheckFnGetLimitedUseAppCheckToken);
+  jobject j_task = env->CallObjectMethod(
+      app_check_impl_, app_check::GetMethodId(app_check::kGetLimitedUseToken));
+
+  std::string error = util::GetAndClearExceptionMessage(env);
+  if (error.empty()) {
+    auto data_handle = new FutureDataHandle(future(), handle);
+    util::RegisterCallbackOnTask(env, j_task, TokenResultCallback,
+                                 reinterpret_cast<void*>(data_handle),
+                                 jni_task_id_.c_str());
+  } else {
+    AppCheckToken empty_token;
+    future()->CompleteWithResult(handle, kAppCheckErrorUnknown, error.c_str(),
+                                 empty_token);
+  }
+  env->DeleteLocalRef(j_task);
+  return MakeFuture(future(), handle);
+}
+
+Future<AppCheckToken> AppCheckInternal::GetLimitedUseAppCheckTokenLastResult() {
+  return static_cast<const Future<AppCheckToken>&>(
+      future()->LastResult(kAppCheckFnGetLimitedUseAppCheckToken));
+}
+
 void AppCheckInternal::AddAppCheckListener(AppCheckListener* listener) {
   MutexLock lock(listeners_mutex_);
   auto it = std::find(listeners_.begin(), listeners_.end(), listener);

app_check/src/android/app_check_android.h

@@ -45,6 +45,10 @@ class AppCheckInternal {
 
   Future<AppCheckToken> GetAppCheckTokenLastResult();
 
+  Future<AppCheckToken> GetLimitedUseAppCheckToken();
+
+  Future<AppCheckToken> GetLimitedUseAppCheckTokenLastResult();
+
   void AddAppCheckListener(AppCheckListener* listener);
 
   void RemoveAppCheckListener(AppCheckListener* listener);

app_check/src/android/common_android.cc

@@ -161,6 +161,30 @@ void AndroidAppCheckProvider::GetToken(
   env->DeleteLocalRef(j_task);
 }
 
+void AndroidAppCheckProvider::GetLimitedUseToken(
+    std::function<void(AppCheckToken, int, const std::string&)>
+        completion_callback) {
+  JNIEnv* env = GetJniEnv();
+
+  jobject j_task = env->CallObjectMethod(
+      android_provider_, app_check_provider::GetMethodId(
+                             app_check_provider::kGetLimitedUseToken));
+  std::string error = util::GetAndClearExceptionMessage(env);
+  if (error.empty()) {
+    // Create an object to wrap the callback function
+    TokenResultCallbackData* completion_callback_data =
+        new TokenResultCallbackData(completion_callback);
+    util::RegisterCallbackOnTask(
+        env, j_task, TokenResultCallback,
+        reinterpret_cast<void*>(completion_callback_data),
+        jni_task_id_.c_str());
+  } else {
+    AppCheckToken empty_token;
+    completion_callback(empty_token, kAppCheckErrorUnknown, error.c_str());
+  }
+  env->DeleteLocalRef(j_task);
+}
+
 }  // namespace internal
 }  // namespace app_check
 }  // namespace firebase

app_check/src/android/common_android.h

@@ -33,6 +33,8 @@ namespace internal {
 // clang-format off
 #define APP_CHECK_PROVIDER_METHODS(X)                                                        \
   X(GetToken, "getToken",                                                          \
+    "()Lcom/google/android/gms/tasks/Task;"),                                      \
+  X(GetLimitedUseToken, "getLimitedUseToken",                                      \
     "()Lcom/google/android/gms/tasks/Task;")
 // clang-format on
 
@@ -59,6 +61,13 @@ class AndroidAppCheckProvider : public AppCheckProvider {
   void GetToken(std::function<void(AppCheckToken, int, const std::string&)>
                     completion_callback) override;
 
+  /// Fetches an AppCheckToken suitable for consumption in limited-use scenarios
+  /// and then calls the provided callback function with the token or with an
+  /// error code and error message.
+  void GetLimitedUseToken(
+      std::function<void(AppCheckToken, int, const std::string&)>
+          completion_callback) override;
+
  private:
   jobject android_provider_;
 

app_check/src/common/app_check.cc

@@ -161,6 +161,16 @@ Future<AppCheckToken> AppCheck::GetAppCheckTokenLastResult() {
                    : Future<AppCheckToken>();
 }
 
+Future<AppCheckToken> AppCheck::GetLimitedUseAppCheckToken() {
+  return internal_ ? internal_->GetLimitedUseAppCheckToken()
+                   : Future<AppCheckToken>();
+}
+
+Future<AppCheckToken> AppCheck::GetLimitedUseAppCheckTokenLastResult() {
+  return internal_ ? internal_->GetLimitedUseAppCheckTokenLastResult()
+                   : Future<AppCheckToken>();
+}
+
 void AppCheck::AddAppCheckListener(AppCheckListener* listener) {
   if (!internal_) return;
   internal_->AddAppCheckListener(listener);

app_check/src/common/common.h

@@ -23,6 +23,7 @@ namespace internal {
 enum AppCheckFn {
   kAppCheckFnGetAppCheckToken = 0,
   kAppCheckFnGetAppCheckStringInternal,
+  kAppCheckFnGetLimitedUseAppCheckToken,
   kAppCheckFnCount,
 };
 

app_check/src/desktop/app_check_desktop.cc

@@ -120,6 +120,36 @@ Future<AppCheckToken> AppCheckInternal::GetAppCheckTokenLastResult() {
       future()->LastResult(kAppCheckFnGetAppCheckToken));
 }
 
+Future<AppCheckToken> AppCheckInternal::GetLimitedUseAppCheckToken() {
+  auto handle =
+      future()->SafeAlloc<AppCheckToken>(kAppCheckFnGetLimitedUseAppCheckToken);
+  // Get a new token, and pass the result into the future.
+  AppCheckProvider* provider = GetProvider();
+  if (provider != nullptr) {
+    auto token_callback{
+        [this, handle](firebase::app_check::AppCheckToken token, int error_code,
+                       const std::string& error_message) {
+          if (error_code == firebase::app_check::kAppCheckErrorNone) {
+            // Note that we do NOT update the cached token for limited-use tokens.
+            future()->CompleteWithResult(handle, 0, token);
+          } else {
+            future()->Complete(handle, error_code, error_message.c_str());
+          }
+        }};
+    provider->GetLimitedUseToken(token_callback);
+  } else {
+    future()->Complete(
+        handle, firebase::app_check::kAppCheckErrorInvalidConfiguration,
+        "No AppCheckProvider installed.");
+  }
+  return MakeFuture(future(), handle);
+}
+
+Future<AppCheckToken> AppCheckInternal::GetLimitedUseAppCheckTokenLastResult() {
+  return static_cast<const Future<AppCheckToken>&>(
+      future()->LastResult(kAppCheckFnGetLimitedUseAppCheckToken));
+}
+
 Future<std::string> AppCheckInternal::GetAppCheckTokenStringInternal() {
   auto handle =
       future()->SafeAlloc<std::string>(kAppCheckFnGetAppCheckStringInternal);

app_check/src/desktop/app_check_desktop.h

@@ -62,6 +62,10 @@ class AppCheckInternal {
 
   Future<AppCheckToken> GetAppCheckTokenLastResult();
 
+  Future<AppCheckToken> GetLimitedUseAppCheckToken();
+
+  Future<AppCheckToken> GetLimitedUseAppCheckTokenLastResult();
+
   // Gets the App Check token as just the string, to be used by
   // internal methods to not conflict with the publicly returned future.
   Future<std::string> GetAppCheckTokenStringInternal();

app_check/src/include/firebase/app_check.h

@@ -153,6 +153,14 @@ class AppCheck {
   /// Returns the result of the most recent call to GetAppCheckToken();
   Future<AppCheckToken> GetAppCheckTokenLastResult();
 
+  /// Requests a limited-use Firebase App Check token. This method should be used
+  /// ONLY if you need to authorize requests to a non-Firebase backend. Requests
+  /// to Firebase backends are authorized automatically if configured.
+  Future<AppCheckToken> GetLimitedUseAppCheckToken();
+
+  /// Returns the result of the most recent call to GetLimitedUseAppCheckToken();
+  Future<AppCheckToken> GetLimitedUseAppCheckTokenLastResult();
+
   /// Registers an {@link AppCheckListener} to changes in the token state. This
   /// method should be used ONLY if you need to authorize requests to a
   /// non-Firebase backend. Requests to Firebase backends are authorized