Merge branch 'main' of https://github.com/auth0/Auth0.Android into SDK-6075

Author: pmathew92

EXAMPLES.md

@@ -1032,7 +1032,8 @@ To sign up a user with passkey
 try {
     val challenge = authenticationApiClient.signupWithPasskey(
         "{user-data}",
-        "{realm}"
+        "{realm}",
+        "{organization-id}"
     ).await()
 
     //Use CredentialManager to create public key credentials
@@ -1048,7 +1049,7 @@ try {
     )
 
     val userCredential = authenticationApiClient.signinWithPasskey(
-        challenge.authSession, authRequest, "{realm}"
+        challenge.authSession, authRequest, "{realm}" , "{organization-id}"
     )
         .validateClaims()
         .await()
@@ -1060,7 +1061,7 @@ try {
   <summary>Using Java</summary>
 
 ```java
- authenticationAPIClient.signupWithPasskey("{user-data}", "{realm}")
+ authenticationAPIClient.signupWithPasskey("{user-data}", "{realm}","{organization-id}")
         .start(new Callback<PasskeyRegistrationChallenge, AuthenticationException>() {
     @Override
     public void onSuccess(PasskeyRegistrationChallenge result) {
@@ -1078,7 +1079,7 @@ try {
                                 PublicKeyCredentials.class);
 
                         authenticationAPIClient.signinWithPasskey(result.getAuthSession(),
-                                        credentials, "{realm}")
+                                        credentials, "{realm}","{organization-id}")
                                 .start(new Callback<Credentials, AuthenticationException>() {
                                     @Override
                                     public void onSuccess(Credentials result) {}
@@ -1104,7 +1105,7 @@ To sign in a user with passkey
 try {
 
     val challenge =
-        authenticationApiClient.passkeyChallenge("{realm}")
+        authenticationApiClient.passkeyChallenge("{realm}","{organization-id}")
             .await()
 
     //Use CredentialManager to create public key credentials
@@ -1122,7 +1123,8 @@ try {
             val userCredential = authenticationApiClient.signinWithPasskey(
                 challenge.authSession,
                 authRequest,
-                "{realm}"
+                "{realm}",
+                "{organization-id}"
             )
                 .validateClaims()
                 .await()
@@ -1138,7 +1140,7 @@ try {
   <summary>Using Java</summary>
 
 ```java
-authenticationAPIClient.passkeyChallenge("realm")
+authenticationAPIClient.passkeyChallenge("realm","{organization-id}")
                 .start(new Callback<PasskeyChallenge, AuthenticationException>() {
     @Override
     public void onSuccess(PasskeyChallenge result) {
@@ -1158,7 +1160,7 @@ authenticationAPIClient.passkeyChallenge("realm")
                                     responseJson,
                                     PublicKeyCredentials.class
                             );
-                            authenticationAPIClient.signinWithPasskey(result.getAuthSession(), publicKeyCredentials,"{realm}")
+                            authenticationAPIClient.signinWithPasskey(result.getAuthSession(), publicKeyCredentials,"{realm}","{organization-id}")
                                     .start(new Callback<Credentials, AuthenticationException>() {
                                         @Override
                                         public void onSuccess(Credentials result) {}

auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt

@@ -166,7 +166,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * Example usage:
      *
      * ```
-     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}")
+     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}","${organization}")
      *       .validateClaims() //mandatory
      *       .setScope("{scope}")
      *       .start(object: Callback<Credentials, AuthenticationException> {
@@ -178,17 +178,20 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * @param authSession the auth session received from the server as part of the public key challenge request.
      * @param authResponse the [PublicKeyCredentials] authentication response
      * @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
+     * @param organization id of the organization to be associated with the user while signing in
      * @return a request to configure and start that will yield [Credentials]
      */
     public fun signinWithPasskey(
         authSession: String,
         authResponse: PublicKeyCredentials,
-        realm: String? = null
+        realm: String? = null,
+        organization: String? = null,
     ): AuthenticationRequest {
         val params = ParameterBuilder.newBuilder().apply {
             setGrantType(ParameterBuilder.GRANT_TYPE_PASSKEY)
             set(AUTH_SESSION_KEY, authSession)
             realm?.let { setRealm(it) }
+            organization?.let { set(ORGANIZATION_KEY, organization) }
         }.asDictionary()
 
         return loginWithToken(params)
@@ -210,7 +213,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * Example usage:
      *
      * ```
-     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}")
+     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}","{organization}")
      *       .validateClaims() //mandatory
      *       .setScope("{scope}")
      *       .start(object: Callback<Credentials, AuthenticationException> {
@@ -222,18 +225,20 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * @param authSession the auth session received from the server as part of the public key challenge request.
      * @param authResponse the public key credential authentication response in JSON string format that follows the standard webauthn json format
      * @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
+     * @param organization id of the organization to be associated with the user while signing in
      * @return a request to configure and start that will yield [Credentials]
      */
     public fun signinWithPasskey(
         authSession: String,
         authResponse: String,
-        realm: String? = null
+        realm: String? = null,
+        organization: String? = null,
     ): AuthenticationRequest {
         val publicKeyCredentials = gson.fromJson(
             authResponse,
             PublicKeyCredentials::class.java
         )
-        return signinWithPasskey(authSession, publicKeyCredentials, realm)
+        return signinWithPasskey(authSession, publicKeyCredentials, realm, organization)
     }
 
 
@@ -247,7 +252,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      *
      *
      * ```
-     * client.signupWithPasskey("{userData}","{realm}")
+     * client.signupWithPasskey("{userData}","{realm}","{organization}")
      *      .addParameter("scope","scope")
      *      .start(object: Callback<PasskeyRegistration, AuthenticationException> {
      *          override fun onSuccess(result: PasskeyRegistration) { }
@@ -257,11 +262,13 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      *
      *  @param userData user information of the client
      *  @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
+     *  @param organization id of the organization to be associated with the user while signing up
      *  @return  a request to configure and start that will yield [PasskeyRegistrationChallenge]
      */
     public fun signupWithPasskey(
         userData: UserData,
-        realm: String? = null
+        realm: String? = null,
+        organization: String? = null
     ): Request<PasskeyRegistrationChallenge, AuthenticationException> {
         val user = gson.toJsonTree(userData)
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
@@ -272,6 +279,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
         val params = ParameterBuilder.newBuilder().apply {
             setClientId(clientId)
             realm?.let { setRealm(it) }
+            organization?.let { set(ORGANIZATION_KEY, it) }
         }.asDictionary()
 
         val passkeyRegistrationChallengeAdapter: JsonAdapter<PasskeyRegistrationChallenge> =
@@ -293,18 +301,20 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * Example usage:
      *
      * ```
-     * client.passkeyChallenge("{realm}")
+     * client.passkeyChallenge("{realm}", "{organization}")
      *    .start(object: Callback<PasskeyChallenge, AuthenticationException> {
      *        override fun onSuccess(result: PasskeyChallenge) { }
      *        override fun onFailure(error: AuthenticationException) { }
      * })
      * ```
      *
      * @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
+     * @param organization id of the organization to be associated with the user while signing in
      * @return a request to configure and start that will yield [PasskeyChallenge]
      */
     public fun passkeyChallenge(
-        realm: String? = null
+        realm: String? = null,
+        organization: String? = null
     ): Request<PasskeyChallenge, AuthenticationException> {
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
             .addPathSegment(PASSKEY_PATH)
@@ -314,6 +324,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
         val parameters = ParameterBuilder.newBuilder().apply {
             setClientId(clientId)
             realm?.let { setRealm(it) }
+            organization?.let { set(ORGANIZATION_KEY, organization) }
         }.asDictionary()
 
         val passkeyChallengeAdapter: JsonAdapter<PasskeyChallenge> = GsonAdapter(
@@ -1054,7 +1065,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
         private const val RECOVERY_CODE_KEY = "recovery_code"
         private const val SUBJECT_TOKEN_KEY = "subject_token"
         private const val SUBJECT_TOKEN_TYPE_KEY = "subject_token_type"
-        private const val REQUESTED_TOKEN_TYPE_KEY = "requested_token_type"
+        private const val ORGANIZATION_KEY = "organization"
         private const val USER_METADATA_KEY = "user_metadata"
         private const val AUTH_SESSION_KEY = "auth_session"
         private const val AUTH_RESPONSE_KEY = "authn_response"

auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt

@@ -3,11 +3,16 @@ package com.auth0.android.authentication.storage
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.callback.Callback
+import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.util.Clock
 import java.util.*
+import kotlin.collections.component1
+import kotlin.collections.component2
 
 /**
  * Base class meant to abstract common logic across Credentials Manager implementations.
@@ -38,6 +43,7 @@ public abstract class BaseCredentialsManager internal constructor(
         callback: Callback<SSOCredentials, CredentialsManagerException>
     )
 
+
     public abstract fun getSsoCredentials(
         callback: Callback<SSOCredentials, CredentialsManagerException>
     )
@@ -136,6 +142,8 @@ public abstract class BaseCredentialsManager internal constructor(
         headers: Map<String, String> = emptyMap()
     ): APICredentials
 
+    public abstract val userProfile: UserProfile?
+
     public abstract fun clearCredentials()
     public abstract fun clearApiCredentials(audience: String)
     public abstract fun hasValidCredentials(): Boolean

auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt

@@ -1,21 +1,28 @@
 package com.auth0.android.authentication.storage
 
 import android.text.TextUtils
+import android.util.Base64
 import android.util.Log
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
+import com.auth0.android.authentication.storage.SecureCredentialsManager.Companion.KEY_CREDENTIALS
 import com.auth0.android.callback.Callback
 import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
+import com.auth0.android.result.OptionalCredentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.result.toAPICredentials
 import com.google.gson.Gson
 import kotlinx.coroutines.suspendCancellableCoroutine
 import java.util.*
 import java.util.concurrent.Executor
 import java.util.concurrent.Executors
+import kotlin.collections.component1
+import kotlin.collections.component2
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
 
@@ -44,6 +51,18 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
         Executors.newSingleThreadExecutor()
     )
 
+    public override val userProfile: UserProfile?
+        get() {
+            val idToken = storage.retrieveString(KEY_ID_TOKEN)
+
+            if (idToken.isNullOrBlank()) {
+                return null
+            }
+            val (_, payload) = Jwt.splitToken(idToken)
+            val gson = GsonProvider.gson
+            return gson.fromJson(Jwt.decodeBase64(payload), UserProfile::class.java)
+        }
+
     /**
      * Stores the given credentials in the storage. Must have an access_token or id_token and a expires_in value.
      *

auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt

@@ -11,16 +11,23 @@ import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.callback.Callback
 import com.auth0.android.request.internal.GsonProvider
+import com.auth0.android.request.internal.Jwt
 import com.auth0.android.result.APICredentials
 import com.auth0.android.result.Credentials
 import com.auth0.android.result.OptionalCredentials
 import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.UserProfile
 import com.auth0.android.result.toAPICredentials
 import com.google.gson.Gson
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.launch
 import kotlinx.coroutines.suspendCancellableCoroutine
 import java.lang.ref.WeakReference
 import java.util.*
 import java.util.concurrent.Executor
+import kotlin.collections.component1
+import kotlin.collections.component2
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
 
@@ -250,6 +257,16 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
         }
     }
 
+    public override val userProfile: UserProfile?
+        get() {
+            val credentials: Credentials? = getExistingCredentials()
+            // Handle null credentials gracefully
+            if (credentials == null) {
+                return null
+            }
+           return credentials.user
+        }
+
     /**
      * Creates a new request to exchange a refresh token for a session transfer token that can be used to perform web single sign-on.
      *

auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.kt

@@ -193,7 +193,8 @@ public class AuthenticationAPIClientTest {
         val callback = MockAuthenticationCallback<Credentials>()
         val auth0 = auth0
         val client = AuthenticationAPIClient(auth0)
-        client.signinWithPasskey("auth-session", mock<PublicKeyCredentials>(), MY_CONNECTION)
+        client.signinWithPasskey("auth-session", mock<PublicKeyCredentials>(), MY_CONNECTION,
+            "testOrganisation")
             .start(callback)
         ShadowLooper.idleMainLooper()
         assertThat(
@@ -216,6 +217,7 @@ public class AuthenticationAPIClientTest {
         )
         assertThat(body, Matchers.hasKey("authn_response"))
         assertThat(body, Matchers.hasEntry("auth_session", "auth-session"))
+        assertThat(body, Matchers.hasEntry("organization", "testOrganisation"))
     }
 
     @Test
@@ -225,7 +227,8 @@ public class AuthenticationAPIClientTest {
         val client = AuthenticationAPIClient(auth0)
         val registrationResponse = client.signupWithPasskey(
             mock(),
-            MY_CONNECTION
+            MY_CONNECTION,
+            "testOrganization"
         )
             .execute()
         val request = mockAPI.takeRequest()
@@ -238,6 +241,7 @@ public class AuthenticationAPIClientTest {
         assertThat(request.path, Matchers.equalTo("/passkey/register"))
         assertThat(body, Matchers.hasEntry("client_id", CLIENT_ID))
         assertThat(body, Matchers.hasEntry("realm", MY_CONNECTION))
+        assertThat(body, Matchers.hasEntry("organization", "testOrganization"))
         assertThat(body, Matchers.hasKey("user_profile"))
         assertThat(registrationResponse, Matchers.`is`(Matchers.notNullValue()))
         assertThat(registrationResponse.authSession, Matchers.comparesEqualTo(SESSION_ID))
@@ -248,7 +252,7 @@ public class AuthenticationAPIClientTest {
         mockAPI.willReturnSuccessfulPasskeyChallenge()
         val auth0 = auth0
         val client = AuthenticationAPIClient(auth0)
-        val challengeResponse = client.passkeyChallenge(MY_CONNECTION)
+        val challengeResponse = client.passkeyChallenge(MY_CONNECTION, "testOrganization")
             .execute()
         val request = mockAPI.takeRequest()
         assertThat(
@@ -260,6 +264,7 @@ public class AuthenticationAPIClientTest {
         assertThat(request.path, Matchers.equalTo("/passkey/challenge"))
         assertThat(body, Matchers.hasEntry("client_id", CLIENT_ID))
         assertThat(body, Matchers.hasEntry("realm", MY_CONNECTION))
+        assertThat(body, Matchers.hasEntry("organization", "testOrganization"))
         assertThat(challengeResponse, Matchers.`is`(Matchers.notNullValue()))
         assertThat(challengeResponse.authSession, Matchers.comparesEqualTo(SESSION_ID))
 
@@ -2749,7 +2754,6 @@ public class AuthenticationAPIClientTest {
         private const val FIRST_NAME = "John"
         private const val LAST_NAME = "Doe"
         private const val COMPANY = "Auth0"
-        private const val OPENID = "openid"
         private const val DEFAULT_LOCALE_IF_MISSING = "en_US"
     }
 }