Add sign in with google to Shrine (#151)

* Add sign in with google to Shrine

* Minor changes

* Updated javadocs

* Fix rebase conflicts

Author: cy245

Shrine/README.md

@@ -216,11 +216,11 @@ This section describes how to implement restore credentials
 
 2. Once on a new device, check if there is any restore key present on the device or not (brought to the new device in the process of Backup and Restore)
 
-   1. Call `AuthRepository`'s `signInWithPasskeysRequest` method 
+   1. Call `AuthRepository`'s `signInWithPasskeyOrPasswordRequest` method 
 
    2. With the PasskeyCreationRequest recieved from the above method, call `CredentialManagerUtils`'s `getRestoreKey` method 
 
-   3. If there is a RestoreKey present this will return a `GenericCredentialManagerResponse.GetPasskeySuccess` else this will return a `GenericCredentialManagerResponse.Error`
+   3. If there is a RestoreKey present this will return a `GenericCredentialManagerResponse.GetCredentialSuccess` else this will return a `GenericCredentialManagerResponse.Error`
 
 
 3. Sign in using the found Restore Key

Shrine/app/build.gradle.kts

@@ -158,6 +158,7 @@ dependencies {
     // Retrofit
     implementation(libs.retrofit)
     implementation(libs.converter.gson)
+    implementation(libs.androidx.foundation)
 
     // Testing
     testImplementation(libs.junit)

Shrine/app/src/main/java/com/authentication/shrine/CredentialManagerUtils.kt

@@ -36,6 +36,8 @@ import androidx.credentials.GetRestoreCredentialOption
 import androidx.credentials.exceptions.CreateCredentialException
 import androidx.credentials.exceptions.GetCredentialCancellationException
 import androidx.credentials.exceptions.publickeycredential.GetPublicKeyCredentialDomException
+import com.authentication.shrine.repository.SERVER_CLIENT_ID
+import com.google.android.libraries.identity.googleid.GetGoogleIdOption
 import org.json.JSONObject
 import javax.inject.Inject
 
@@ -49,14 +51,14 @@ class CredentialManagerUtils @Inject constructor(
 ) {
 
     /**
-     * Retrieves a passkey or password from the credential manager.
+     * Retrieves a passkey or password credential from the credential manager.
      *
      * @param publicKeyCredentialRequestOptions The public key credential request options.
      * @param context The activity context from the Composable, to be used in Credential Manager APIs
-     * @return The [GetCredentialResponse] object containing the passkey or password, or null if an
-     * error occurred.
+     * @return The [GenericCredentialManagerResponse] object containing the passkey or password, or
+     * null if an error occurred.
      */
-    suspend fun getPasskeyOrPassword(
+    suspend fun getPasskeyOrPasswordCredential(
         publicKeyCredentialRequestOptions: JSONObject,
         context: Context,
     ): GenericCredentialManagerResponse {
@@ -86,7 +88,39 @@ class CredentialManagerUtils @Inject constructor(
         } catch (e: Exception) {
             return GenericCredentialManagerResponse.Error(errorMessage = e.message ?: "")
         }
-        return GenericCredentialManagerResponse.GetPasskeySuccess(getPasskeyResponse = result)
+        return GenericCredentialManagerResponse.GetCredentialSuccess(getCredentialResponse = result)
+    }
+
+    /**
+     * Retrieves a Sign in with Google credential from the credential manager.
+     *
+     * @param context The activity context from the Composable, to be used in Credential Manager
+     * APIs
+     * @return The [GenericCredentialManagerResponse] object containing the passkey or password, or
+     * null if an error occurred.
+     */
+    suspend fun getSignInWithGoogleCredential(context: Context): GenericCredentialManagerResponse {
+        val result: GetCredentialResponse?
+        try {
+            val credentialRequest = GetCredentialRequest(
+                listOf(
+                    GetGoogleIdOption.Builder()
+                        .setServerClientId(SERVER_CLIENT_ID)
+                        .setFilterByAuthorizedAccounts(false)
+                        .build(),
+                )
+            )
+            result = credentialManager.getCredential(context, credentialRequest)
+        } catch (e: GetCredentialCancellationException) {
+            // When credential selector bottom-sheet is cancelled
+            return GenericCredentialManagerResponse.CancellationError
+        } catch (e: GetPublicKeyCredentialDomException) {
+            // When the user verification / biometric bottom sheet is cancelled
+            return GenericCredentialManagerResponse.CancellationError
+        } catch (e: Exception) {
+            return GenericCredentialManagerResponse.Error(errorMessage = e.message ?: "")
+        }
+        return GenericCredentialManagerResponse.GetCredentialSuccess(getCredentialResponse = result)
     }
 
     /**
@@ -205,7 +239,7 @@ class CredentialManagerUtils @Inject constructor(
         } catch (e: Exception) {
             return GenericCredentialManagerResponse.Error(errorMessage = e.message ?: "")
         }
-        return GenericCredentialManagerResponse.GetPasskeySuccess(result)
+        return GenericCredentialManagerResponse.GetCredentialSuccess(result)
     }
 
     /**
@@ -218,8 +252,8 @@ class CredentialManagerUtils @Inject constructor(
 }
 
 sealed class GenericCredentialManagerResponse {
-    data class GetPasskeySuccess(
-        val getPasskeyResponse: GetCredentialResponse,
+    data class GetCredentialSuccess(
+        val getCredentialResponse: GetCredentialResponse,
     ) : GenericCredentialManagerResponse()
 
     data class CreatePasskeySuccess(

Shrine/app/src/main/java/com/authentication/shrine/api/AuthApiService.kt

@@ -15,6 +15,7 @@
  */
 package com.authentication.shrine.api
 
+import com.authentication.shrine.model.FederationOptionsRequest
 import com.authentication.shrine.model.GenericAuthResponse
 import com.authentication.shrine.model.PasskeysList
 import com.authentication.shrine.model.PasswordRequest
@@ -23,6 +24,7 @@ import com.authentication.shrine.model.RegisterRequestResponse
 import com.authentication.shrine.model.RegisterResponseRequestBody
 import com.authentication.shrine.model.SignInRequestResponse
 import com.authentication.shrine.model.SignInResponseRequest
+import com.authentication.shrine.model.SignInWithGoogleRequest
 import com.authentication.shrine.model.UsernameRequest
 import retrofit2.Response
 import retrofit2.http.Body
@@ -155,4 +157,26 @@ interface AuthApiService {
         @Header("Cookie") cookie: String,
         @Query("credId") credentialId: String,
     ): Response<GenericAuthResponse>
+
+    /**
+     * Send a request to the server with urls parameter that contains a list of IdPs in an array.
+     * e.g. urls=["https://accounts.google.com"]. The response will contain a nonce and IdP details.
+     * @param urls a list of urls to send for federated requests.
+     */
+    @POST("federation/options")
+    suspend fun getFederationOptions(
+        @Body urls: FederationOptionsRequest
+    ): Response<GenericAuthResponse>
+
+    /**
+     * Verifies a session ID token and Credential Manager credentials with the backend server.
+     * @param cookie The session cookie for authentication containing the session ID.
+     * @param requestParams The parameters to send to the server, including Credential Manager
+     * credentials.
+     */
+    @POST("federation/verifyIdToken")
+    suspend fun verifyIdToken(
+        @Header("Cookie") cookie: String,
+        @Body requestParams: SignInWithGoogleRequest,
+    ): Response<GenericAuthResponse>
 }

Shrine/app/src/main/java/com/authentication/shrine/model/FederationOptionsRequest.kt

@@ -0,0 +1,9 @@
+package com.authentication.shrine.model
+
+/**
+ * Represents the request body for getting federation options from the server.
+ * @param urls a list of urls to send for federated requests.
+ */
+data class FederationOptionsRequest(
+    val urls: List<String> = listOf("https://accounts.google.com")
+)

Shrine/app/src/main/java/com/authentication/shrine/model/SignInWithGoogleRequest.kt

@@ -0,0 +1,11 @@
+package com.authentication.shrine.model
+
+/**
+ * Represents the request body for signing in with Google.
+ * @param token the auth token retrieved from Credential Manager.
+ * @param url a fixed url to send for Sign in with Google requests.
+ */
+data class SignInWithGoogleRequest(
+    val token: String,
+    val url: String = "https://accounts.google.com"
+)