Merge branch 'main' of https://github.com/auth0/Auth0.Android into SDK-5712

Author: pmathew92

EXAMPLES.md

@@ -1347,12 +1347,9 @@ account.networkingClient = netClient
   <summary>Using Java</summary>
 
 ```java
-DefaultClient netClient = new DefaultClient(
-   connectTimeout = 30,
-   readTimeout = 30
-);
+DefaultClient netClient = new DefaultClient(30, 30);
 Auth0 account = Auth0.getInstance("client id", "domain");
-account.networkingClient = netClient;
+account.setNetworkingClient(netClient);
 ```
 </details>
 
@@ -1371,11 +1368,13 @@ account.networkingClient = netClient
   <summary>Using Java</summary>
 
 ```java
+import java.util.HashMap;
+
 DefaultClient netClient = new DefaultClient(
-    enableLogging = true
+        10, 10, new HashMap<>() ,true
 );
 Auth0 account = Auth0.getInstance("client id", "domain");
-account.networkingClient = netClient;
+account.setNetworkingClient(netClient);
 ```
 </details>
 
@@ -1398,10 +1397,10 @@ Map<String, String> defaultHeaders = new HashMap<>();
 defaultHeaders.put("{HEADER-NAME}", "{HEADER-VALUE}");
 
 DefaultClient netClient = new DefaultClient(
-    defaultHeaders = defaultHeaders
+        10,10 , defaultHeaders
 );
 Auth0 account = Auth0.getInstance("client id", "domain");
-account.networkingClient = netClient;
+account.setNetworkingClient(netClient);
 ```
 </details>
 
@@ -1435,7 +1434,7 @@ class CustomNetClient extends NetworkingClient {
       ServerResponse response = // ...
 
       // Return a ServerResponse from the received response data
-      return ServerResponse(responseCode, responseBody, responseHeaders)
+      return new ServerResponse(responseCode, responseBody, responseHeaders);
    }  
 };
 

README.md

@@ -197,6 +197,8 @@ The callback will get invoked when the user returns to your application. There a
 
 ##### A note about App Deep Linking:
 
+> Whenever possible, Auth0 recommends using [Android App Links](https://auth0.com/docs/applications/enable-android-app-links) as a secure way to link directly to content within your app. Custom URL schemes can be subject to [client impersonation attacks](https://datatracker.ietf.org/doc/html/rfc8252#section-8.6).
+
 If you followed the configuration steps documented here, you may have noticed the default scheme used for the Callback URI is `https`. This works best for Android API 23 or newer if you're using [Android App Links](https://auth0.com/docs/applications/enable-android-app-links), but in previous Android versions this _may_ show the intent chooser dialog prompting the user to choose either your application or the browser. You can change this behaviour by using a custom unique scheme so that the OS opens directly the link with your app.
 
 1. Update the `auth0Scheme` Manifest Placeholder on the `app/build.gradle` file or update the intent-filter declaration in the `AndroidManifest.xml` to use the new scheme.

auth0/src/main/java/com/auth0/android/provider/CustomTabsOptions.java

@@ -7,18 +7,20 @@
 import android.net.Uri;
 import android.os.Parcel;
 import android.os.Parcelable;
+
 import androidx.annotation.ColorRes;
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.browser.customtabs.CustomTabColorSchemeParams;
 import androidx.browser.customtabs.CustomTabsIntent;
 import androidx.browser.customtabs.CustomTabsSession;
-import androidx.browser.trusted.TrustedWebActivityIntent;
 import androidx.browser.trusted.TrustedWebActivityIntentBuilder;
 import androidx.core.content.ContextCompat;
 
 import com.auth0.android.authentication.AuthenticationException;
 
+import java.util.List;
+
 /**
  * Holder for Custom Tabs customization options. Use {@link CustomTabsOptions#newBuilder()} to begin.
  */
@@ -29,10 +31,14 @@ public class CustomTabsOptions implements Parcelable {
     private final int toolbarColor;
     private final BrowserPicker browserPicker;
 
-    private CustomTabsOptions(boolean showTitle, @ColorRes int toolbarColor, @NonNull BrowserPicker browserPicker) {
+    @Nullable
+    private final List<String> disabledCustomTabsPackages;
+
+    private CustomTabsOptions(boolean showTitle, @ColorRes int toolbarColor, @NonNull BrowserPicker browserPicker, @Nullable List<String> disabledCustomTabsPackages) {
         this.showTitle = showTitle;
         this.toolbarColor = toolbarColor;
         this.browserPicker = browserPicker;
+        this.disabledCustomTabsPackages = disabledCustomTabsPackages;
     }
 
     @Nullable
@@ -44,6 +50,16 @@ boolean hasCompatibleBrowser(@NonNull PackageManager pm) {
         return getPreferredPackage(pm) != null;
     }
 
+    /**
+     * Returns whether the browser preferred package has custom tab disabled or not.
+     *
+     * @param preferredPackage the preferred browser package name.
+     * @return whether the browser preferred package has custom tab disabled or not.
+     */
+    boolean isDisabledCustomTabBrowser(@NonNull String preferredPackage) {
+        return disabledCustomTabsPackages != null && disabledCustomTabsPackages.contains(preferredPackage);
+    }
+
     /**
      * Create a new CustomTabsOptions.Builder instance.
      *
@@ -57,6 +73,12 @@ public static Builder newBuilder() {
 
     @SuppressLint("ResourceType")
     Intent toIntent(@NonNull Context context, @Nullable CustomTabsSession session) {
+        String preferredPackage = this.getPreferredPackage(context.getPackageManager());
+
+        if (preferredPackage != null && this.isDisabledCustomTabBrowser(preferredPackage)) {
+            return new Intent(Intent.ACTION_VIEW);
+        }
+
         final CustomTabsIntent.Builder builder = new CustomTabsIntent.Builder(session)
                 .setShowTitle(showTitle)
                 .setShareState(CustomTabsIntent.SHARE_STATE_OFF);
@@ -85,13 +107,15 @@ protected CustomTabsOptions(@NonNull Parcel in) {
         showTitle = in.readByte() != 0;
         toolbarColor = in.readInt();
         browserPicker = in.readParcelable(BrowserPicker.class.getClassLoader());
+        disabledCustomTabsPackages = in.createStringArrayList();
     }
 
     @Override
     public void writeToParcel(@NonNull Parcel dest, int flags) {
         dest.writeByte((byte) (showTitle ? 1 : 0));
         dest.writeInt(toolbarColor);
         dest.writeParcelable(browserPicker, flags);
+        dest.writeStringList(disabledCustomTabsPackages);
     }
 
     @Override
@@ -120,10 +144,14 @@ public static class Builder {
         @NonNull
         private BrowserPicker browserPicker;
 
+        @Nullable
+        private List<String> disabledCustomTabsPackages;
+
         Builder() {
             this.showTitle = false;
             this.toolbarColor = 0;
             this.browserPicker = BrowserPicker.newBuilder().build();
+            this.disabledCustomTabsPackages = null;
         }
 
         /**
@@ -171,14 +199,27 @@ public Builder withBrowserPicker(@NonNull BrowserPicker browserPicker) {
             return this;
         }
 
+        /**
+         * Define a list of browser packages that disables the launching of authentication on custom tabs.
+         * The authentication url will launch on the preferred package external browser.
+         *
+         * @param disabledCustomTabsPackages list of browser packages.
+         * @return the current builder instance
+         */
+        @NonNull
+        public Builder withDisabledCustomTabsPackages(List<String> disabledCustomTabsPackages) {
+            this.disabledCustomTabsPackages = disabledCustomTabsPackages;
+            return this;
+        }
+
         /**
          * Create a new CustomTabsOptions instance with the customization settings.
          *
          * @return an instance of CustomTabsOptions with the customization settings.
          */
         @NonNull
         public CustomTabsOptions build() {
-            return new CustomTabsOptions(showTitle, toolbarColor, browserPicker);
+            return new CustomTabsOptions(showTitle, toolbarColor, browserPicker, disabledCustomTabsPackages);
         }
     }
 

auth0/src/main/java/com/auth0/android/provider/WebAuthProvider.kt

@@ -223,7 +223,7 @@ public object WebAuthProvider {
          * An error is raised if there are no browser applications installed in the device or if
          * the user closed the browser before completing the logout.
          *
-         * @param context  to run the log out
+         * @param context  An activity context to run the log out. Passing any other context can cause a crash while starting the [AuthenticationActivity]
          * @param callback to invoke when log out is successful
          * @see AuthenticationException.isBrowserAppNotAvailable
          * @see AuthenticationException.isAuthenticationCanceled
@@ -524,7 +524,7 @@ public object WebAuthProvider {
          * device does not support the necessary algorithms to support Proof of Key Exchange (PKCE)
          * (this is not expected), or if the user closed the browser before completing the authentication.
          *
-         * @param context context to run the authentication
+         * @param context  An Activity context to run the authentication. Passing any other context can cause a crash while starting the [AuthenticationActivity]
          * @param callback to receive the parsed results
          * @see AuthenticationException.isBrowserAppNotAvailable
          * @see AuthenticationException.isPKCENotAvailable
@@ -574,6 +574,13 @@ public object WebAuthProvider {
             manager.startAuthentication(context, redirectUri!!, 110)
         }
 
+        /**
+         * Request user Authentication. An error is thrown if there are no browser applications installed in the device, or if
+         * device does not support the necessary algorithms to support Proof of Key Exchange (PKCE)
+         * (this is not expected), or if the user closed the browser before completing the authentication.
+         *
+         * @param context An Activity context to run the authentication. Passing any other context can cause a crash while starting the [AuthenticationActivity]
+         */
         @JvmSynthetic
         @Throws(AuthenticationException::class)
         public suspend fun await(context: Context): Credentials {

auth0/src/main/java/com/auth0/android/request/DefaultClient.kt

@@ -37,6 +37,7 @@ public class DefaultClient @VisibleForTesting(otherwise = VisibleForTesting.PRIV
      * @param defaultHeaders any headers that should be sent on all requests. If a specific request specifies a header with the same key as any header in the default headers, the header specified on the request will take precedence. Default is an empty map.
      * @param enableLogging whether HTTP request and response info should be logged. This should only be set to `true` for debugging purposes in non-production environments, as sensitive information is included in the logs. Defaults to `false`.
      */
+    @JvmOverloads
     public constructor(
         connectTimeout: Int = DEFAULT_TIMEOUT_SECONDS,
         readTimeout: Int = DEFAULT_TIMEOUT_SECONDS,

auth0/src/test/java/com/auth0/android/provider/CustomTabsOptionsTest.java

@@ -14,12 +14,16 @@
 import org.robolectric.Robolectric;
 import org.robolectric.RobolectricTestRunner;
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
+import java.util.List;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.core.Is.is;
 import static org.hamcrest.core.IsNull.notNullValue;
 import static org.hamcrest.core.IsNull.nullValue;
+import static org.junit.Assert.assertEquals;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
@@ -174,4 +178,50 @@ public void shouldSetBrowserPicker() {
         String preferredPackageNow = parceledOptions.getPreferredPackage(activity.getPackageManager());
         assertThat(preferredPackageNow, is("com.auth0.browser"));
     }
+
+    @Test
+    public void shouldSetDisabledCustomTabPackages() {
+        Activity activity = spy(Robolectric.setupActivity(Activity.class));
+        BrowserPickerTest.setupBrowserContext(activity, Collections.singletonList("com.auth0.browser"), null, null);
+        BrowserPicker browserPicker = BrowserPicker.newBuilder().build();
+
+        CustomTabsOptions options = CustomTabsOptions.newBuilder()
+                .withBrowserPicker(browserPicker)
+                .withDisabledCustomTabsPackages(List.of("com.auth0.browser"))
+                .withToolbarColor(android.R.color.black)
+                .build();
+        assertThat(options, is(notNullValue()));
+
+        Intent intentNoExtras = options.toIntent(activity, null);
+
+        assertThat(intentNoExtras, is(notNullValue()));
+        assertThat(intentNoExtras.getExtras(), is(nullValue()));
+        assertEquals(intentNoExtras.getAction(), "android.intent.action.VIEW");
+
+        Parcel parcel = Parcel.obtain();
+        options.writeToParcel(parcel, 0);
+        parcel.setDataPosition(0);
+        CustomTabsOptions parceledOptions = CustomTabsOptions.CREATOR.createFromParcel(parcel);
+        assertThat(parceledOptions, is(notNullValue()));
+
+        Intent parceledIntent = parceledOptions.toIntent(activity, null);
+        assertThat(parceledIntent, is(notNullValue()));
+        assertThat(parceledIntent.getExtras(), is(nullValue()));
+        assertEquals(parceledIntent.getAction(), "android.intent.action.VIEW");
+
+        BrowserPickerTest.setupBrowserContext(activity, Collections.singletonList("com.another.browser"), null, null);
+        BrowserPicker browserPicker2 = BrowserPicker.newBuilder().build();
+
+        CustomTabsOptions options2 = CustomTabsOptions.newBuilder()
+                .withBrowserPicker(browserPicker2)
+                .withDisabledCustomTabsPackages(List.of("com.auth0.browser"))
+                .withToolbarColor(android.R.color.black)
+                .build();
+
+        Intent intentWithToolbarExtra = options2.toIntent(activity, null);
+        assertThat(intentWithToolbarExtra, is(notNullValue()));
+        assertThat(intentWithToolbarExtra.hasExtra(CustomTabsIntent.EXTRA_TOOLBAR_COLOR), is(true));
+        int resolvedColor = ContextCompat.getColor(activity, android.R.color.black);
+        assertThat(intentWithToolbarExtra.getIntExtra(CustomTabsIntent.EXTRA_TOOLBAR_COLOR, 0), is(resolvedColor));
+    }
 }