Supporting passkey via AuthenticationAPIClient

Author: pmathew92

auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt

@@ -12,8 +12,8 @@ import com.auth0.android.request.internal.ResponseUtils.isNetworkError
 import com.auth0.android.result.Challenge
 import com.auth0.android.result.Credentials
 import com.auth0.android.result.DatabaseUser
-import com.auth0.android.result.PasskeyChallengeResponse
-import com.auth0.android.result.PasskeyRegistrationResponse
+import com.auth0.android.result.PasskeyChallenge
+import com.auth0.android.result.PasskeyRegistrationChallenge
 import com.auth0.android.result.UserProfile
 import com.google.gson.Gson
 import okhttp3.HttpUrl.Companion.toHttpUrl
@@ -155,25 +155,39 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
 
 
     /**
-     * Log in a user using passkeys.
-     * This should be called after the client has received the Passkey challenge and Auth-session from the server .
+     * Sign-in a user using passkeys.
+     * This should be called after the client has received the passkey challenge and auth-session from the server
+     * The default scope used is 'openid profile email'.
+     *
      * Requires the client to have the **Passkey** Grant Type enabled. See [Client Grant Types](https://auth0.com/docs/clients/client-grant-types)
      * to learn how to enable it.
      *
-     * @param authSession the auth session received from the server as part of the public challenge request.
-     * @param authResponse the public key credential response to be sent to the server
-     * @param parameters additional parameters to be sent as part of the request
+     * Example usage:
+     *
+     * ```
+     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}")
+     *       .validateClaims() //mandatory
+     *       .addParameter("scope","scope")
+     *       .start(object: Callback<Credentials, AuthenticationException> {
+     *           override fun onFailure(error: AuthenticationException) { }
+     *           override fun onSuccess(result: Credentials) { }
+     * })
+     * ```
+     *
+     * @param authSession the auth session received from the server as part of the public key challenge request.
+     * @param authResponse the public key credential authentication response
+     * @param realm the default connection to use
      * @return a request to configure and start that will yield [Credentials]
      */
-    internal fun signinWithPasskey(
+    public fun signinWithPasskey(
         authSession: String,
-        authResponse: PublicKeyCredentialResponse,
-        parameters: Map<String, String>
+        authResponse: PublicKeyCredentials,
+        realm: String
     ): AuthenticationRequest {
         val params = ParameterBuilder.newBuilder().apply {
             setGrantType(ParameterBuilder.GRANT_TYPE_PASSKEY)
             set(AUTH_SESSION_KEY, authSession)
-            addAll(parameters)
+            setRealm(realm)
         }.asDictionary()
 
         return loginWithToken(params)
@@ -185,64 +199,86 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
 
 
     /**
-     *  Register a user and returns a challenge.
+     *  Sign-up a user and returns a challenge for private and public key generation.
+     *  The default scope used is 'openid profile email'.
      *  Requires the client to have the **Passkey** Grant Type enabled. See [Client Grant Types](https://auth0.com/docs/clients/client-grant-types)
      *  to learn how to enable it.
      *
-     *  @param userMetadata user information of the client
-     *  @param parameters additional parameter to be sent as part of the request
-     *  @return  a request to configure and start that will yield [PasskeyRegistrationResponse]
+     * Example usage:
+     *
+     *
+     * ```
+     * client.signupWithPasskey("{userData}","{realm}")
+     *      .addParameter("scope","scope")
+     *      .start(object: Callback<PasskeyRegistration, AuthenticationException> {
+     *          override fun onSuccess(result: PasskeyRegistration) { }
+     *          override fun onFailure(error: AuthenticationException) { }
+     * })
+     * ```
+     *
+     *  @param userData user information of the client
+     *  @param realm default connection to use
+     *  @return  a request to configure and start that will yield [PasskeyRegistrationChallenge]
      */
-    internal fun signupWithPasskey(
-        userMetadata: UserMetadataRequest,
-        parameters: Map<String, String>,
-    ): Request<PasskeyRegistrationResponse, AuthenticationException> {
-        val user = Gson().toJsonTree(userMetadata)
+    public fun signupWithPasskey(
+        userData: UserData,
+        realm: String
+    ): Request<PasskeyRegistrationChallenge, AuthenticationException> {
+        val user = Gson().toJsonTree(userData)
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
             .addPathSegment(PASSKEY_PATH)
             .addPathSegment(REGISTER_PATH)
             .build()
 
         val params = ParameterBuilder.newBuilder().apply {
             setClientId(clientId)
-            parameters[ParameterBuilder.REALM_KEY]?.let {
-                setRealm(it)
-            }
+            setRealm(realm)
         }.asDictionary()
 
-        val passkeyRegistrationAdapter: JsonAdapter<PasskeyRegistrationResponse> = GsonAdapter(
-            PasskeyRegistrationResponse::class.java, gson
-        )
-        val post = factory.post(url.toString(), passkeyRegistrationAdapter)
-            .addParameters(params) as BaseRequest<PasskeyRegistrationResponse, AuthenticationException>
+        val passkeyRegistrationChallengeAdapter: JsonAdapter<PasskeyRegistrationChallenge> =
+            GsonAdapter(
+                PasskeyRegistrationChallenge::class.java, gson
+            )
+        val post = factory.post(url.toString(), passkeyRegistrationChallengeAdapter)
+            .addParameters(params) as BaseRequest<PasskeyRegistrationChallenge, AuthenticationException>
         post.addParameter(USER_PROFILE_KEY, user)
         return post
     }
 
 
     /**
-     * Request for a challenge to initiate a passkey login flow
+     * Request for a challenge to initiate passkey login flow
      * Requires the client to have the **Passkey** Grant Type enabled. See [Client Grant Types](https://auth0.com/docs/clients/client-grant-types)
      * to learn how to enable it.
      *
-     * @param realm An optional connection name
-     * @return a request to configure and start that will yield [PasskeyChallengeResponse]
+     * Example usage:
+     *
+     * ```
+     * client.passkeyChallenge("{realm}")
+     *    .start(object: Callback<PasskeyChallenge, AuthenticationException> {
+     *        override fun onSuccess(result: PasskeyChallenge) { }
+     *        override fun onFailure(error: AuthenticationException) { }
+     * })
+     * ```
+     *
+     * @param realm A default connection name
+     * @return a request to configure and start that will yield [PasskeyChallenge]
      */
-    internal fun passkeyChallenge(
-        realm: String?
-    ): Request<PasskeyChallengeResponse, AuthenticationException> {
+    public fun passkeyChallenge(
+        realm: String
+    ): Request<PasskeyChallenge, AuthenticationException> {
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
             .addPathSegment(PASSKEY_PATH)
             .addPathSegment(CHALLENGE_PATH)
             .build()
 
         val parameters = ParameterBuilder.newBuilder().apply {
             setClientId(clientId)
-            realm?.let { setRealm(it) }
+            setRealm(realm)
         }.asDictionary()
 
-        val passkeyChallengeAdapter: JsonAdapter<PasskeyChallengeResponse> = GsonAdapter(
-            PasskeyChallengeResponse::class.java, gson
+        val passkeyChallengeAdapter: JsonAdapter<PasskeyChallenge> = GsonAdapter(
+            PasskeyChallenge::class.java, gson
         )
 
         return factory.post(url.toString(), passkeyChallengeAdapter)

auth0/src/main/java/com/auth0/android/provider/PasskeyAuthProvider.kt

@@ -9,7 +9,7 @@ import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.authentication.ParameterBuilder
 import com.auth0.android.callback.Callback
-import com.auth0.android.request.UserMetadataRequest
+import com.auth0.android.request.UserData
 import com.auth0.android.result.Credentials
 import java.util.concurrent.Executor
 import java.util.concurrent.Executors
@@ -99,12 +99,12 @@ public object PasskeyAuthProvider {
                 callback.onFailure(ex)
                 return
             }
-            val passkeyManager =
-                PasskeyManager(
-                    AuthenticationAPIClient(auth0),
-                    CredentialManager.create(context)
-                )
-            passkeyManager.signin(context, parameters, callback, executor)
+            val passkeyManager = PasskeyManager(
+                AuthenticationAPIClient(auth0), CredentialManager.create(context)
+            )
+            passkeyManager.signin(
+                context, parameters[ParameterBuilder.REALM_KEY]!!, parameters, callback, executor
+            )
         }
     }
 
@@ -211,14 +211,17 @@ public object PasskeyAuthProvider {
                 callback.onFailure(ex)
                 return
             }
-            val passkeyManager =
-                PasskeyManager(
-                    AuthenticationAPIClient(auth0),
-                    CredentialManager.create(context)
-                )
-            val userMetadata = UserMetadataRequest(email, phoneNumber, username, name)
+            val passkeyManager = PasskeyManager(
+                AuthenticationAPIClient(auth0), CredentialManager.create(context)
+            )
+            val userData = UserData(email, phoneNumber, username, name)
             passkeyManager.signup(
-                context, userMetadata, parameters, callback, executor
+                context,
+                userData,
+                parameters[ParameterBuilder.REALM_KEY]!!,
+                parameters,
+                callback,
+                executor
             )
         }
     }

auth0/src/main/java/com/auth0/android/provider/PasskeyManager.kt

@@ -28,11 +28,11 @@ import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.authentication.ParameterBuilder
 import com.auth0.android.callback.Callback
-import com.auth0.android.request.PublicKeyCredentialResponse
-import com.auth0.android.request.UserMetadataRequest
+import com.auth0.android.request.PublicKeyCredentials
+import com.auth0.android.request.UserData
 import com.auth0.android.result.Credentials
-import com.auth0.android.result.PasskeyChallengeResponse
-import com.auth0.android.result.PasskeyRegistrationResponse
+import com.auth0.android.result.PasskeyChallenge
+import com.auth0.android.result.PasskeyRegistrationChallenge
 import com.google.gson.Gson
 import java.util.concurrent.Executor
 import java.util.concurrent.Executors
@@ -49,15 +49,17 @@ internal class PasskeyManager(
     @SuppressLint("PublicKeyCredential")
     fun signup(
         context: Context,
-        userMetadata: UserMetadataRequest,
+        userData: UserData,
+        realm: String,
         parameters: Map<String, String>,
         callback: Callback<Credentials, AuthenticationException>,
         executor: Executor = Executors.newSingleThreadExecutor()
     ) {
 
-        authenticationAPIClient.signupWithPasskey(userMetadata, parameters)
-            .start(object : Callback<PasskeyRegistrationResponse, AuthenticationException> {
-                override fun onSuccess(result: PasskeyRegistrationResponse) {
+        authenticationAPIClient.signupWithPasskey(userData, realm)
+            .addParameters(parameters)
+            .start(object : Callback<PasskeyRegistrationChallenge, AuthenticationException> {
+                override fun onSuccess(result: PasskeyRegistrationChallenge) {
                     val pasKeyRegistrationResponse = result
                     val request = CreatePublicKeyCredentialRequest(
                         Gson().toJson(
@@ -83,12 +85,16 @@ internal class PasskeyManager(
                                 response = result as CreatePublicKeyCredentialResponse
                                 val authRequest = Gson().fromJson(
                                     response?.registrationResponseJson,
-                                    PublicKeyCredentialResponse::class.java
+                                    PublicKeyCredentials::class.java
                                 )
+
                                 authenticationAPIClient.signinWithPasskey(
-                                    pasKeyRegistrationResponse.authSession, authRequest, parameters
+                                    pasKeyRegistrationResponse.authSession,
+                                    authRequest,
+                                    realm
                                 )
                                     .validateClaims()
+                                    .addParameters(parameters)
                                     .start(callback)
                             }
                         })
@@ -106,13 +112,14 @@ internal class PasskeyManager(
     @RequiresApi(api = Build.VERSION_CODES.P)
     fun signin(
         context: Context,
+        realm: String,
         parameters: Map<String, String>,
         callback: Callback<Credentials, AuthenticationException>,
         executor: Executor = Executors.newSingleThreadExecutor()
     ) {
-        authenticationAPIClient.passkeyChallenge(parameters[ParameterBuilder.REALM_KEY])
-            .start(object : Callback<PasskeyChallengeResponse, AuthenticationException> {
-                override fun onSuccess(result: PasskeyChallengeResponse) {
+        authenticationAPIClient.passkeyChallenge(realm)
+            .start(object : Callback<PasskeyChallenge, AuthenticationException> {
+                override fun onSuccess(result: PasskeyChallenge) {
                     val passkeyChallengeResponse = result
                     val request =
                         GetPublicKeyCredentialOption(Gson().toJson(passkeyChallengeResponse.authParamsPublicKey))
@@ -135,14 +142,15 @@ internal class PasskeyManager(
                                     is PublicKeyCredential -> {
                                         val authRequest = Gson().fromJson(
                                             credential.authenticationResponseJson,
-                                            PublicKeyCredentialResponse::class.java
+                                            PublicKeyCredentials::class.java
                                         )
                                         authenticationAPIClient.signinWithPasskey(
                                             passkeyChallengeResponse.authSession,
                                             authRequest,
-                                            parameters
+                                            realm
                                         )
                                             .validateClaims()
+                                            .addParameters(parameters)
                                             .start(callback)
                                     }
 

…id/request/PublicKeyCredentialRequest.kt …/android/request/PublicKeyCredentials.ktauth0/src/main/java/com/auth0/android/request/PublicKeyCredentialRequest.kt renamed to auth0/src/main/java/com/auth0/android/request/PublicKeyCredentials.kt auth0/src/main/java/com/auth0/android/request/PublicKeyCredentialRequest.kt renamed to auth0/src/main/java/com/auth0/android/request/PublicKeyCredentials.kt

@@ -3,7 +3,7 @@ package com.auth0.android.request
 
 import com.google.gson.annotations.SerializedName
 
-internal data class PublicKeyCredentialResponse(
+public data class PublicKeyCredentials(
     @SerializedName("authenticatorAttachment")
     val authenticatorAttachment: String,
     @SerializedName("clientExtensionResults")

auth0/src/main/java/com/auth0/android/request/UserData.kt

@@ -0,0 +1,17 @@
+package com.auth0.android.request
+
+import com.google.gson.annotations.SerializedName
+
+/**
+ *  User information for registering user when signing up using passkey.
+ *  @param email the email of the user. email can be optional, required, or forbidden depending on the attribute configuration for the database
+ *  @param phoneNumber the phone number of the user. phone number can be optional, required, or forbidden depending on the attribute configuration for the database
+ *  @param userName the username of the user. username can be optional, required, or forbidden depending on the attribute configuration for the database
+ *  @param name optional display name
+ */
+public data class UserData(
+    @field:SerializedName("email") val email: String? = null,
+    @field:SerializedName("phone_number") val phoneNumber: String? = null,
+    @field:SerializedName("username") val userName: String? = null,
+    @field:SerializedName("name") val name: String? = null,
+)

auth0/src/main/java/com/auth0/android/request/UserMetadataRequest.kt

@@ -3,14 +3,17 @@ package com.auth0.android.result
 
 import com.google.gson.annotations.SerializedName
 
-internal data class PasskeyChallengeResponse(
+/**
+ * Represents a challenge when user tries to login via passkeys.
+ */
+public data class PasskeyChallenge(
     @SerializedName("auth_session")
     val authSession: String,
     @SerializedName("authn_params_public_key")
     val authParamsPublicKey: AuthParamsPublicKey
 )
 
-internal data class AuthParamsPublicKey(
+public data class AuthParamsPublicKey(
     @SerializedName("challenge")
     val challenge: String,
     @SerializedName("rpId")