Changes to align the api with the new server contract

Author: pmathew92

EXAMPLES.md

@@ -541,20 +541,17 @@ authentication
 </details>
 
 
-## Native to Web SSO login (Experimental)
-> **Warning**
-> 
-> Native to Web SSO login support in Auth0.Android is still experimental and can change in the future.
+## Native to Web SSO login
 
 This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again.
 
-Call the api to fetch a webSsoToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point.
+Call the api to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point.
 
 ```kotlin
     authentication
-    .fetchWebSsoToken("refresh_token")
-    .start(object : Callback<SSOCredentials, AuthenticationException> {
-        override fun onSuccess(result: SSOCredentials) {
+    .fetchSessionTransferToken("refresh_token")
+    .start(object : Callback<SessionTransferCredentials, AuthenticationException> {
+        override fun onSuccess(result: SessionTransferCredentials) {
             // Use the web_sso token to authenticate the user in a web session in your app
         }
 
@@ -570,8 +567,8 @@ Call the api to fetch a webSsoToken in exchange for a refresh token. Use the obt
 
 ``` kotlin 
 try {
-    val ssoCredentials = authentication
-        .fetchWebSsoToken("refresh_token")
+    val sessionTransferCredentials = authentication
+        .fetchSessionTransferToken("refresh_token")
         .await()
 } catch (e: AuthenticationException) {
     e.printStacktrace()
@@ -584,10 +581,10 @@ try {
 
 ```java
 authentication
-    .fetchWebSsoToken("refresh_token")
-    .start(new Callback<SSOCredentials, AuthenticationException>() {
+    .fetchSessionTransferToken("refresh_token")
+    .start(new Callback<SessionTransferCredentials, AuthenticationException>() {
         @Override
-        public void onSuccess(@Nullable SSOCredentials payload) {
+        public void onSuccess(@Nullable SessionTransferCredentials result) {
             // Handle success
         }
         @Override

auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt

@@ -4,7 +4,6 @@ import androidx.annotation.VisibleForTesting
 import com.auth0.android.Auth0
 import com.auth0.android.Auth0Exception
 import com.auth0.android.NetworkErrorException
-import com.auth0.android.annotation.ExperimentalAuth0Api
 import com.auth0.android.request.*
 import com.auth0.android.request.internal.*
 import com.auth0.android.request.internal.GsonAdapter.Companion.forMap
@@ -15,7 +14,7 @@ import com.auth0.android.result.Credentials
 import com.auth0.android.result.DatabaseUser
 import com.auth0.android.result.PasskeyChallenge
 import com.auth0.android.result.PasskeyRegistrationChallenge
-import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.SessionTransferCredentials
 import com.auth0.android.result.UserProfile
 import com.google.gson.Gson
 import okhttp3.HttpUrl.Companion.toHttpUrl
@@ -925,28 +924,24 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
 
     /**
      * Creates a new request to fetch a web sso token in exchange for a refresh token.
-     * This is still an experimental feature, test it thoroughly in the targeted devices and OS variants and let us know your feedback.
      *
      * @param refreshToken A valid refresh token obtained as part of Auth0 authentication
      * @return a request to fetch a web sso token
      *
      */
-    @ExperimentalAuth0Api
-    public fun fetchWebSsoToken(refreshToken: String): Request<SSOCredentials, AuthenticationException> {
+    public fun fetchSessionTransferToken(refreshToken: String): Request<SessionTransferCredentials, AuthenticationException> {
         val params = ParameterBuilder.newBuilder()
-            .setClientId(clientId)
-            .setGrantType(ParameterBuilder.GRANT_TYPE_TOKEN_EXCHANGE)
-            .set(SUBJECT_TOKEN_KEY, refreshToken)
-            .set(SUBJECT_TOKEN_TYPE_KEY, ParameterBuilder.TOKEN_TYPE_REFRESH_TOKEN)
-            .set(REQUESTED_TOKEN_TYPE_KEY, ParameterBuilder.TOKEN_TYPE_SESSION_TRANSFER_TOKEN)
+            .setGrantType(ParameterBuilder.REFRESH_TOKEN_KEY)
+            .setAudience("urn:${auth0.domain}:session_transfer")
+            .set(ParameterBuilder.REFRESH_TOKEN_KEY, refreshToken)
             .asDictionary()
-        return loginWithTokenGeneric<SSOCredentials>(params)
+        return loginWithTokenGeneric<SessionTransferCredentials>(params)
     }
 
     /**
      * Helper function to make a request to the /oauth/token endpoint with a custom response type.
      */
-    private inline fun <reified T> loginWithTokenGeneric(parameters: Map<String, String>): Request<T,AuthenticationException> {
+    private inline fun <reified T> loginWithTokenGeneric(parameters: Map<String, String>): Request<T, AuthenticationException> {
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
             .addPathSegment(OAUTH_PATH)
             .addPathSegment(TOKEN_PATH)

auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt

@@ -4,7 +4,7 @@ import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.callback.Callback
 import com.auth0.android.result.Credentials
-import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.SessionTransferCredentials
 import com.auth0.android.util.Clock
 import java.util.*
 
@@ -31,13 +31,13 @@ public abstract class BaseCredentialsManager internal constructor(
     @Throws(CredentialsManagerException::class)
     public abstract fun saveCredentials(credentials: Credentials)
     public abstract fun getCredentials(callback: Callback<Credentials, CredentialsManagerException>)
-    public abstract fun getSsoCredentials(
+    public abstract fun getSessionTransferCredentials(
         parameters: Map<String, String>,
-        callback: Callback<SSOCredentials, CredentialsManagerException>
+        callback: Callback<SessionTransferCredentials, CredentialsManagerException>
     )
 
-    public abstract fun getSsoCredentials(
-        callback: Callback<SSOCredentials, CredentialsManagerException>
+    public abstract fun getSessionTransferCredentials(
+        callback: Callback<SessionTransferCredentials, CredentialsManagerException>
     )
 
     public abstract fun getCredentials(
@@ -72,13 +72,13 @@ public abstract class BaseCredentialsManager internal constructor(
 
     @JvmSynthetic
     @Throws(CredentialsManagerException::class)
-    public abstract suspend fun awaitSsoCredentials(parameters: Map<String, String>)
-            : SSOCredentials
+    public abstract suspend fun awaitSessionTransferCredentials(parameters: Map<String, String>)
+            : SessionTransferCredentials
 
     @JvmSynthetic
     @Throws(CredentialsManagerException::class)
-    public abstract suspend fun awaitSsoCredentials()
-            : SSOCredentials
+    public abstract suspend fun awaitSessionTransferCredentials()
+            : SessionTransferCredentials
 
     @JvmSynthetic
     @Throws(CredentialsManagerException::class)

auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt

@@ -2,12 +2,11 @@ package com.auth0.android.authentication.storage
 
 import android.text.TextUtils
 import androidx.annotation.VisibleForTesting
-import com.auth0.android.annotation.ExperimentalAuth0Api
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.callback.Callback
 import com.auth0.android.result.Credentials
-import com.auth0.android.result.SSOCredentials
+import com.auth0.android.result.SessionTransferCredentials
 import kotlinx.coroutines.suspendCancellableCoroutine
 import java.util.*
 import java.util.concurrent.Executor
@@ -56,26 +55,22 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
     }
 
     /**
-     * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
+     * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
      * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
      * if  a new one is issued.
-     * This is still an experimental feature, test it thoroughly and let us know your feedback.
      */
-    @ExperimentalAuth0Api
-    override fun getSsoCredentials(callback: Callback<SSOCredentials, CredentialsManagerException>) {
-        getSsoCredentials(emptyMap(), callback)
+    override fun getSessionTransferCredentials(callback: Callback<SessionTransferCredentials, CredentialsManagerException>) {
+        getSessionTransferCredentials(emptyMap(), callback)
     }
 
     /**
-     * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
+     * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
      * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
      * if  a new one is issued.
-     * This is still an experimental feature, test it thoroughly and let us know your feedback.
      */
-    @ExperimentalAuth0Api
-    override fun getSsoCredentials(
+    override fun getSessionTransferCredentials(
         parameters: Map<String, String>,
-        callback: Callback<SSOCredentials, CredentialsManagerException>
+        callback: Callback<SessionTransferCredentials, CredentialsManagerException>
     ) {
         serialExecutor.execute {
             val refreshToken = storage.retrieveString(KEY_REFRESH_TOKEN)
@@ -84,14 +79,14 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
                 return@execute
             }
 
-            val request = authenticationClient.fetchWebSsoToken(refreshToken)
+            val request = authenticationClient.fetchSessionTransferToken(refreshToken)
             try {
                 if (parameters.isNotEmpty()) {
                     request.addParameters(parameters)
                 }
-                val sessionCredentials = request.execute()
-                saveSsoCredentials(sessionCredentials)
-                callback.onSuccess(sessionCredentials)
+                val sessionTransferCredentials = request.execute()
+                saveSessionTransferCredentials(sessionTransferCredentials)
+                callback.onSuccess(sessionTransferCredentials)
             } catch (error: AuthenticationException) {
                 val exception = when {
                     error.isRefreshTokenDeleted ||
@@ -111,32 +106,29 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
     }
 
     /**
-     * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
+     * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
      * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
      * if  a new one is issued.
-     * This is still an experimental feature, test it thoroughly  and OS variants and let us know your feedback.
      */
     @JvmSynthetic
     @Throws(CredentialsManagerException::class)
-    @ExperimentalAuth0Api
-    override suspend fun awaitSsoCredentials(): SSOCredentials {
-        return awaitSsoCredentials(emptyMap())
+    override suspend fun awaitSessionTransferCredentials(): SessionTransferCredentials {
+        return awaitSessionTransferCredentials(emptyMap())
     }
 
     /**
-     * Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
+     * Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
      * if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
      * if  a new one is issued.
-     * This is still an experimental feature, test it thoroughly and OS variants and let us know your feedback.
      */
     @JvmSynthetic
     @Throws(CredentialsManagerException::class)
-    @ExperimentalAuth0Api
-    override suspend fun awaitSsoCredentials(parameters: Map<String, String>): SSOCredentials {
+    override suspend fun awaitSessionTransferCredentials(parameters: Map<String, String>): SessionTransferCredentials {
         return suspendCancellableCoroutine { continuation ->
-            getSsoCredentials(parameters,
-                object : Callback<SSOCredentials, CredentialsManagerException> {
-                    override fun onSuccess(result: SSOCredentials) {
+            getSessionTransferCredentials(
+                parameters,
+                object : Callback<SessionTransferCredentials, CredentialsManagerException> {
+                    override fun onSuccess(result: SessionTransferCredentials) {
                         continuation.resume(result)
                     }
 
@@ -238,7 +230,8 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
         forceRefresh: Boolean
     ): Credentials {
         return suspendCancellableCoroutine { continuation ->
-            getCredentials(scope,
+            getCredentials(
+                scope,
                 minTtl,
                 parameters,
                 headers,
@@ -473,20 +466,21 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
     }
 
     /**
-     * Helper method to store the given [SSOCredentials] refresh token in the storage.
+     * Helper method to store the given [SessionTransferCredentials] refresh token in the storage.
      * Method will silently return ,if the passed credentials has no refresh token.
      *
-     * @param ssoCredentials the credentials to save in the storage.
+     * @param sessionTransferCredentials the credentials to save in the storage.
      */
     @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
-    internal fun saveSsoCredentials(ssoCredentials: SSOCredentials) {
-        if (ssoCredentials.refreshToken.isNullOrEmpty())
-            return // No refresh token to save
+    internal fun saveSessionTransferCredentials(sessionTransferCredentials: SessionTransferCredentials) {
+        storage.store(KEY_ID_TOKEN, sessionTransferCredentials.idToken)
         val existingRefreshToken = storage.retrieveString(KEY_REFRESH_TOKEN)
         // Checking if the existing one needs to be replaced with the new one
-        if (ssoCredentials.refreshToken == existingRefreshToken)
+        if (sessionTransferCredentials.refreshToken.isNullOrEmpty())
+            return // No refresh token to save
+        if (sessionTransferCredentials.refreshToken == existingRefreshToken)
             return // Same refresh token, no need to save
-        storage.store(KEY_REFRESH_TOKEN, ssoCredentials.refreshToken)
+        storage.store(KEY_REFRESH_TOKEN, sessionTransferCredentials.refreshToken)
     }
 
     @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)