Exposes UserProfile to return contents of id token without refreshing credentials (#840)

Author: NandanPrabhu

auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt

@@ -3,11 +3,16 @@ package com.auth0.android.authentication.storage
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.callback.Callback
+import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.util.Clock
 import java.util.*
+import kotlin.collections.component1
+import kotlin.collections.component2
 
 /**
  * Base class meant to abstract common logic across Credentials Manager implementations.
@@ -38,6 +43,7 @@ public abstract class BaseCredentialsManager internal constructor(
         callback: Callback<SSOCredentials, CredentialsManagerException>
     )
 
+
     public abstract fun getSsoCredentials(
         callback: Callback<SSOCredentials, CredentialsManagerException>
     )
@@ -136,6 +142,8 @@ public abstract class BaseCredentialsManager internal constructor(
         headers: Map<String, String> = emptyMap()
     ): APICredentials
 
+    public abstract val userProfile: UserProfile?
+
     public abstract fun clearCredentials()
     public abstract fun clearApiCredentials(audience: String)
     public abstract fun hasValidCredentials(): Boolean

auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt

@@ -1,21 +1,28 @@
 package com.auth0.android.authentication.storage
 
 import android.text.TextUtils
+import android.util.Base64
 import android.util.Log
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
+import com.auth0.android.authentication.storage.SecureCredentialsManager.Companion.KEY_CREDENTIALS
 import com.auth0.android.callback.Callback
 import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
+import com.auth0.android.result.OptionalCredentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.result.toAPICredentials
 import com.google.gson.Gson
 import kotlinx.coroutines.suspendCancellableCoroutine
 import java.util.*
 import java.util.concurrent.Executor
 import java.util.concurrent.Executors
+import kotlin.collections.component1
+import kotlin.collections.component2
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
 
@@ -44,6 +51,18 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
         Executors.newSingleThreadExecutor()
     )
 
+    public override val userProfile: UserProfile?
+        get() {
+            val idToken = storage.retrieveString(KEY_ID_TOKEN)
+
+            if (idToken.isNullOrBlank()) {
+                return null
+            }
+            val (_, payload) = Jwt.splitToken(idToken)
+            val gson = GsonProvider.gson
+            return gson.fromJson(Jwt.decodeBase64(payload), UserProfile::class.java)
+        }
+
     /**
      * Stores the given credentials in the storage. Must have an access_token or id_token and a expires_in value.
      *

auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt

@@ -11,16 +11,23 @@ import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.callback.Callback
 import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
 import com.auth0.android.result.OptionalCredentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.result.toAPICredentials
 import com.google.gson.Gson
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.launch
 import kotlinx.coroutines.suspendCancellableCoroutine
 import java.lang.ref.WeakReference
 import java.util.*
 import java.util.concurrent.Executor
+import kotlin.collections.component1
+import kotlin.collections.component2
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
 
@@ -250,6 +257,16 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
         }
     }
 
+    public override val userProfile: UserProfile?
+        get() {
+            val credentials: Credentials? = getExistingCredentials()
+            // Handle null credentials gracefully
+            if (credentials == null) {
+                return null
+            }
+           return credentials.user
+        }
+
     /**
      * Creates a new request to exchange a refresh token for a session transfer token that can be used to perform web single sign-on.
      *

auth0/src/test/java/com/auth0/android/authentication/storage/SecureCredentialsManagerTest.kt

@@ -173,8 +173,7 @@ public class SecureCredentialsManagerTest {
         )
         MatcherAssert.assertThat(manager, Is.`is`(Matchers.notNullValue()))
     }
-
-
+    
     /*
      * SAVE SSO credentials test
      */