updates to oauth

ckoegel · ckoegel · commit 49228d264055 · 2025-10-22T17:12:36.000-04:00
diff --git a/custom_templates/libraries/okhttp-gson/auth/OAuthOkHttpClient.mustache b/custom_templates/libraries/okhttp-gson/auth/OAuthOkHttpClient.mustache
@@ -0,0 +1,75 @@
+{{>licenseInfo}}
+
+{{#hasOAuthMethods}}
+package {{invokerPackage}}.auth;
+
+import okhttp3.OkHttpClient;
+import okhttp3.MediaType;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+
+import org.apache.oltu.oauth2.client.HttpClient;
+import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
+import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
+import org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory;
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+
+import java.io.IOException;
+import java.util.Map;
+import java.util.Map.Entry;
+
+public class OAuthOkHttpClient implements HttpClient {
+    private OkHttpClient client;
+
+    public OAuthOkHttpClient() {
+        this.client = new OkHttpClient();
+    }
+
+    public OAuthOkHttpClient(OkHttpClient client) {
+        this.client = client;
+    }
+
+    @Override
+    public <T extends OAuthClientResponse> T execute(OAuthClientRequest request, Map<String, String> headers,
+                                                     String requestMethod, Class<T> responseClass)
+            throws OAuthSystemException, OAuthProblemException {
+
+        MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
+        Request.Builder requestBuilder = new Request.Builder().url(request.getLocationUri());
+        
+        headers = request.getHeaders();
+
+        if(headers != null) {
+            for (Entry<String, String> entry : headers.entrySet()) {
+                if (entry.getKey().equalsIgnoreCase("Content-Type")) {
+                    mediaType = MediaType.parse(entry.getValue());
+                } else {
+                    requestBuilder.addHeader(entry.getKey(), entry.getValue());
+                }
+            }
+        }
+
+        RequestBody body = request.getBody() != null ? RequestBody.create(request.getBody(), mediaType) : null;
+        requestBuilder.method(requestMethod, body);
+
+        try {
+            Response response = client.newCall(requestBuilder.build()).execute();
+            return OAuthClientResponseFactory.createCustomResponse(
+                    response.body().string(),
+                    response.body().contentType().toString(),
+                    response.code(),
+                    response.headers().toMultimap(),
+                    responseClass);
+        } catch (IOException e) {
+            throw new OAuthSystemException(e);
+        }
+    }
+
+    @Override
+    public void shutdown() {
+        // Nothing to do here
+    }
+}
+{{/hasOAuthMethods}}
diff --git a/custom_templates/libraries/okhttp-gson/auth/RetryingOAuth.mustache b/custom_templates/libraries/okhttp-gson/auth/RetryingOAuth.mustache
@@ -0,0 +1,215 @@
+{{>licenseInfo}}
+
+{{#hasOAuthMethods}}
+package {{invokerPackage}}.auth;
+
+import {{invokerPackage}}.ApiException;
+import {{invokerPackage}}.Pair;
+
+import okhttp3.Interceptor;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
+
+import org.apache.oltu.oauth2.client.OAuthClient;
+import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
+import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
+import org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder;
+import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+import org.apache.oltu.oauth2.common.message.types.GrantType;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URI;
+import java.util.Map;
+import java.util.List;
+
+public class RetryingOAuth extends OAuth implements Interceptor {
+    private OAuthClient oAuthClient;
+
+    private TokenRequestBuilder tokenRequestBuilder;
+
+    /**
+     * @param client An OkHttp client
+     * @param tokenRequestBuilder A token request builder
+     */
+    public RetryingOAuth(OkHttpClient client, TokenRequestBuilder tokenRequestBuilder) {
+        this.oAuthClient = new OAuthClient(new OAuthOkHttpClient(client));
+        this.tokenRequestBuilder = tokenRequestBuilder;
+    }
+
+    /**
+     * @param tokenRequestBuilder A token request builder
+     */
+    public RetryingOAuth(TokenRequestBuilder tokenRequestBuilder) {
+        this(new OkHttpClient(), tokenRequestBuilder);
+    }
+
+    /**
+     * @param tokenUrl The token URL to be used for this OAuth2 flow.
+     *   Applicable to the following OAuth2 flows: "password", "clientCredentials" and "authorizationCode".
+     *   The value must be an absolute URL.
+     * @param clientId The OAuth2 client ID for the "clientCredentials" flow.
+     * @param flow OAuth flow.
+     * @param clientSecret The OAuth2 client secret for the "clientCredentials" flow.
+     * @param parameters A map of string.
+     */
+    public RetryingOAuth(
+            String tokenUrl,
+            String clientId,
+            OAuthFlow flow,
+            String clientSecret,
+            Map<String, String> parameters
+    ) {
+        this(OAuthClientRequest.tokenLocation(tokenUrl)
+                .setClientId(clientId)
+                .setClientSecret(clientSecret));
+        setFlow(flow);
+        if (parameters != null) {
+            for (Map.Entry<String, String> entry : parameters.entrySet()) {
+                tokenRequestBuilder.setParameter(entry.getKey(), entry.getValue());
+            }
+        }
+    }
+
+    /**
+     * Set the OAuth flow
+     *
+     * @param flow The OAuth flow.
+     */
+    public void setFlow(OAuthFlow flow) {
+        switch(flow) {
+            case ACCESS_CODE:
+                tokenRequestBuilder.setGrantType(GrantType.AUTHORIZATION_CODE);
+                break;
+            case IMPLICIT:
+                tokenRequestBuilder.setGrantType(GrantType.IMPLICIT);
+                break;
+            case PASSWORD:
+                tokenRequestBuilder.setGrantType(GrantType.PASSWORD);
+                break;
+            case APPLICATION:
+                tokenRequestBuilder.setGrantType(GrantType.CLIENT_CREDENTIALS);
+                break;
+            default:
+                break;
+        }
+    }
+
+    @Override
+    public Response intercept(Chain chain) throws IOException {
+        return retryingIntercept(chain, true);
+    }
+
+    private Response retryingIntercept(Chain chain, boolean updateTokenAndRetryOnAuthorizationFailure) throws IOException {
+        Request request = chain.request();
+
+        // If the request already has an authorization (e.g. Basic auth), proceed with the request as is
+        if (request.header("Authorization") != null) {
+            return chain.proceed(request);
+        }
+
+        // Get the token if it has not yet been acquired
+        if (getAccessToken() == null) {
+            updateAccessToken(null);
+        }
+
+        OAuthClientRequest oAuthRequest;
+        if (getAccessToken() != null) {
+            // Build the request
+            Request.Builder requestBuilder = request.newBuilder();
+
+            String requestAccessToken = getAccessToken();
+            try {
+                oAuthRequest =
+                        new OAuthBearerClientRequest(request.url().toString()).
+                                setAccessToken(requestAccessToken).
+                                buildHeaderMessage();
+            } catch (OAuthSystemException e) {
+                throw new IOException(e);
+            }
+
+            Map<String, String> headers = oAuthRequest.getHeaders();
+            for (Map.Entry<String, String> entry : headers.entrySet()) {
+                requestBuilder.addHeader(entry.getKey(), entry.getValue());
+            }
+            requestBuilder.url(oAuthRequest.getLocationUri());
+
+            // Execute the request
+            Response response = chain.proceed(requestBuilder.build());
+
+            // 401/403 response codes most likely indicate an expired access token, unless it happens two times in a row
+            if (
+                    response != null &&
+                            (   response.code() == HttpURLConnection.HTTP_UNAUTHORIZED ||
+                                    response.code() == HttpURLConnection.HTTP_FORBIDDEN     ) &&
+                            updateTokenAndRetryOnAuthorizationFailure
+            ) {
+                try {
+                    if (updateAccessToken(requestAccessToken)) {
+                        response.body().close();
+                        return retryingIntercept(chain, false);
+                    }
+                } catch (Exception e) {
+                    response.body().close();
+                    throw e;
+                }
+            }
+            return response;
+        }
+        else {
+            return chain.proceed(chain.request());
+        }
+    }
+
+    /**
+     * Returns true if the access token has been updated
+     *
+     * @param requestAccessToken the request access token
+     * @return True if the update is successful
+     * @throws java.io.IOException If fail to update the access token
+     */
+    public synchronized boolean updateAccessToken(String requestAccessToken) throws IOException {
+        if (getAccessToken() == null || getAccessToken().equals(requestAccessToken)) {
+            try {
+                OAuthClientRequest req = tokenRequestBuilder.buildBodyMessage();
+                req.setHeader("Authorization", "Basic ZGURuOTM=");
+                OAuthJSONAccessTokenResponse accessTokenResponse = oAuthClient.accessToken(req);
+                if (accessTokenResponse != null && accessTokenResponse.getAccessToken() != null) {
+                    setAccessToken(accessTokenResponse.getAccessToken());
+                }
+            } catch (OAuthSystemException | OAuthProblemException e) {
+                throw new IOException(e);
+            }
+        }
+        return getAccessToken() == null || !getAccessToken().equals(requestAccessToken);
+    }
+
+    /**
+     * Gets the token request builder
+     *
+     * @return A token request builder
+     */
+    public TokenRequestBuilder getTokenRequestBuilder() {
+        return tokenRequestBuilder;
+    }
+
+    /**
+     * Sets the token request builder
+     *
+     * @param tokenRequestBuilder Token request builder
+     */
+    public void setTokenRequestBuilder(TokenRequestBuilder tokenRequestBuilder) {
+        this.tokenRequestBuilder = tokenRequestBuilder;
+    }
+
+    // Applying authorization to parameters is performed in the retryingIntercept method
+    @Override
+    public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams,
+                             String payload, String method, URI uri) throws ApiException {
+        // No implementation necessary
+    }
+}
+{{/hasOAuthMethods}}
diff --git a/src/main/java/com/bandwidth/sdk/auth/OAuthOkHttpClient.java b/src/main/java/com/bandwidth/sdk/auth/OAuthOkHttpClient.java
@@ -46,8 +46,10 @@ public <T extends OAuthClientResponse> T execute(OAuthClientRequest request, Map
                                                      String requestMethod, Class<T> responseClass)
             throws OAuthSystemException, OAuthProblemException {
 
-        MediaType mediaType = MediaType.parse("application/json");
+        MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
         Request.Builder requestBuilder = new Request.Builder().url(request.getLocationUri());
+        
+        headers = request.getHeaders();
 
         if(headers != null) {
             for (Entry<String, String> entry : headers.entrySet()) {
diff --git a/src/main/java/com/bandwidth/sdk/auth/RetryingOAuth.java b/src/main/java/com/bandwidth/sdk/auth/RetryingOAuth.java
@@ -184,8 +184,9 @@ private Response retryingIntercept(Chain chain, boolean updateTokenAndRetryOnAut
     public synchronized boolean updateAccessToken(String requestAccessToken) throws IOException {
         if (getAccessToken() == null || getAccessToken().equals(requestAccessToken)) {
             try {
-                OAuthJSONAccessTokenResponse accessTokenResponse =
-                        oAuthClient.accessToken(tokenRequestBuilder.buildBodyMessage());
+                OAuthClientRequest req = tokenRequestBuilder.buildBodyMessage();
+                req.setHeader("Authorization", "Basic ZGURuOTM=");
+                OAuthJSONAccessTokenResponse accessTokenResponse = oAuthClient.accessToken(req);
                 if (accessTokenResponse != null && accessTokenResponse.getAccessToken() != null) {
                     setAccessToken(accessTokenResponse.getAccessToken());
                 }
