feat(auth): OIDC/Lambda Support (#777)

* OIDC/Lambda support

* Clean up

* Fix iOS test

* Add unit tests

* Fix Android test

* Fix Android tests

* Refactor and remove AuthToken from the public API

* Remove concurrent guards

* Clean up

Author: dnys1

packages/amplify_analytics_pinpoint/example/.gitignore

@@ -44,3 +44,24 @@ app.*.map.json
 !**/.idea/
 !**/.idea/codeStyles/
 !**/.idea/codeStyles/*
+
+#amplify-do-not-edit-begin
+amplify/\#current-cloud-backend
+amplify/.config/local-*
+amplify/logs
+amplify/mock-data
+amplify/backend/amplify-meta.json
+amplify/backend/awscloudformation
+amplify/backend/.temp
+build/
+dist/
+node_modules/
+aws-exports.js
+awsconfiguration.json
+amplifyconfiguration.json
+amplifyconfiguration.dart
+amplify-build-config.json
+amplify-gradle-config.json
+amplifytools.xcconfig
+.secret-*
+#amplify-do-not-edit-end

packages/amplify_analytics_pinpoint/ios/amplify_analytics_pinpoint.podspec

@@ -15,8 +15,8 @@ This code is the iOS part of the Amplify Flutter Pinpoint Analytics Plugin.  The
   s.source           = { :path => '.' }
   s.source_files = 'Classes/**/*'
   s.dependency 'Flutter'
-  s.dependency 'Amplify', '~> 1.11.0'
-  s.dependency 'AmplifyPlugins/AWSPinpointAnalyticsPlugin', '~> 1.11.0'
+  s.dependency 'Amplify', '~> 1.13.0'
+  s.dependency 'AmplifyPlugins/AWSPinpointAnalyticsPlugin', '~> 1.13.0'
   s.dependency 'amplify_core'
   s.platform = :ios, '11.0'
 

packages/amplify_api/android/build.gradle

@@ -49,6 +49,9 @@ android {
             testCoverageEnabled = true
         }
     }
+    testOptions {
+        unitTests.includeAndroidResources = true
+    }
 }
 
 dependencies {
@@ -57,10 +60,12 @@ dependencies {
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
     implementation "com.amplifyframework:aws-api:1.24.0"
     implementation "com.amplifyframework:aws-api-appsync:1.24.0"
+    implementation 'androidx.test.ext:junit-ktx:1.1.3'
 
     testImplementation 'junit:junit:4.13'
     testImplementation 'org.mockito:mockito-core:3.10.0'
     testImplementation 'org.mockito:mockito-inline:3.1.0'
     testImplementation 'androidx.test:core:1.2.0'
     testImplementation 'org.robolectric:robolectric:4.3.1'
+    testImplementation 'org.jetbrains.kotlinx:kotlinx-coroutines-test:1.3.9'
 }

packages/amplify_api/android/src/main/kotlin/com/amazonaws/amplify/amplify_api/AmplifyApiPlugin.kt

@@ -20,21 +20,33 @@ import android.os.Handler
 import android.os.Looper
 import androidx.annotation.NonNull
 import androidx.annotation.VisibleForTesting
+import com.amazonaws.amplify.amplify_api.auth.FlutterAuthProviders
 import com.amazonaws.amplify.amplify_api.rest_api.FlutterRestApi
+import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.createSerializedUnrecognizedError
+import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.handleAddPluginException
+import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.postExceptionToFlutterChannel
+import com.amplifyframework.api.ApiException
 import com.amplifyframework.api.aws.AWSApiPlugin
+import com.amplifyframework.api.aws.AuthorizationType
 import com.amplifyframework.core.Amplify
 import io.flutter.embedding.engine.plugins.FlutterPlugin
 import io.flutter.plugin.common.EventChannel
 import io.flutter.plugin.common.MethodCall
 import io.flutter.plugin.common.MethodChannel
 import io.flutter.plugin.common.MethodChannel.MethodCallHandler
 import io.flutter.plugin.common.MethodChannel.Result
-import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.createSerializedUnrecognizedError
-import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.handleAddPluginException
-import com.amazonaws.amplify.amplify_core.exception.ExceptionUtil.Companion.postExceptionToFlutterChannel
 
 /** AmplifyApiPlugin */
 class AmplifyApiPlugin : FlutterPlugin, MethodCallHandler {
+    companion object {
+        /**
+         * Thrown when [tokenType] is used but is not a valid [AuthorizationType].
+         */
+        private fun invalidTokenType(tokenType: String? = null) = ApiException.ApiAuthException(
+            "Invalid arguments",
+            "Invalid token type: $tokenType"
+        )
+    }
 
     private lateinit var channel: MethodChannel
     private lateinit var eventchannel: EventChannel
@@ -50,26 +62,35 @@ class AmplifyApiPlugin : FlutterPlugin, MethodCallHandler {
     constructor(eventHandler: GraphQLSubscriptionStreamHandler) {
         graphqlSubscriptionStreamHandler = eventHandler
     }
+
     private val handler = Handler(Looper.getMainLooper())
 
     override fun onAttachedToEngine(@NonNull flutterPluginBinding: FlutterPlugin.FlutterPluginBinding) {
         channel = MethodChannel(flutterPluginBinding.binaryMessenger, "com.amazonaws.amplify/api")
         channel.setMethodCallHandler(this)
-        eventchannel = EventChannel(flutterPluginBinding.binaryMessenger, "com.amazonaws.amplify/api_observe_events")
+        eventchannel = EventChannel(
+            flutterPluginBinding.binaryMessenger,
+            "com.amazonaws.amplify/api_observe_events"
+        )
         eventchannel.setStreamHandler(graphqlSubscriptionStreamHandler)
         context = flutterPluginBinding.applicationContext
     }
 
+    @Suppress("UNCHECKED_CAST")
     override fun onMethodCall(call: MethodCall, result: Result) {
-        var methodName = call.method
+        val methodName = call.method
 
-        if(methodName == "cancel"){
+        if (methodName == "cancel") {
             onCancel(result, (call.arguments as String))
             return
-        }
-        else if(methodName == "addPlugin"){
+        } else if (methodName == "addPlugin") {
             try {
-                Amplify.addPlugin(AWSApiPlugin())
+                Amplify.addPlugin(
+                    AWSApiPlugin
+                        .builder()
+                        .apiAuthProviders(FlutterAuthProviders.factory)
+                        .build()
+                )
                 LOG.info("Added API plugin")
                 result.success(null)
             } catch (e: Exception) {
@@ -79,7 +100,22 @@ class AmplifyApiPlugin : FlutterPlugin, MethodCallHandler {
         }
 
         try {
-            var arguments : Map<String, Any> = call.arguments as Map<String,Any>
+            val arguments: Map<String, Any> = call.arguments as Map<String, Any>
+
+            // Update tokens if included with request
+            val tokens = arguments["tokens"] as? List<*>
+            if (tokens != null && tokens.isNotEmpty()) {
+                for (authToken in tokens as List<Map<*, *>>) {
+                    val token = authToken["token"] as? String?
+                    val tokenType = authToken["type"] as? String ?: throw invalidTokenType()
+                    val authType: AuthorizationType = try {
+                        AuthorizationType.from(tokenType)
+                    } catch (e: Exception) {
+                        throw invalidTokenType(tokenType)
+                    }
+                    FlutterAuthProviders.setToken(authType, token)
+                }
+            }
 
             when (call.method) {
                 "get" -> FlutterRestApi.get(result, arguments)
@@ -90,28 +126,36 @@ class AmplifyApiPlugin : FlutterPlugin, MethodCallHandler {
                 "patch" -> FlutterRestApi.patch(result, arguments)
                 "query" -> FlutterGraphQLApi.query(result, arguments)
                 "mutate" -> FlutterGraphQLApi.mutate(result, arguments)
-                "subscribe" -> FlutterGraphQLApi.subscribe(result, arguments, graphqlSubscriptionStreamHandler)
+                "subscribe" -> FlutterGraphQLApi.subscribe(
+                    result,
+                    arguments,
+                    graphqlSubscriptionStreamHandler
+                )
                 else -> result.notImplemented()
             }
         } catch (e: Exception) {
             handler.post {
-                postExceptionToFlutterChannel(result, "ApiException",
-                        createSerializedUnrecognizedError(e))
+                postExceptionToFlutterChannel(
+                    result, "ApiException",
+                    createSerializedUnrecognizedError(e)
+                )
             }
         }
     }
 
     fun onCancel(
-            flutterResult: Result,
-            cancelToken: String) {
-        if(OperationsManager.containsOperation(cancelToken)) {
+        flutterResult: Result,
+        cancelToken: String
+    ) {
+        if (OperationsManager.containsOperation(cancelToken)) {
             OperationsManager.cancelOperation(cancelToken)
             flutterResult.success("Operation Canceled")
         } else {
             flutterResult.error(
-                    "AmplifyAPI-CancelError",
-                    "The Operation may have already been completed or expired and cannot be canceled anymore",
-                    "Operation does not exist")
+                "AmplifyAPI-CancelError",
+                "The Operation may have already been completed or expired and cannot be canceled anymore",
+                "Operation does not exist"
+            )
         }
     }
 

packages/amplify_api/android/src/main/kotlin/com/amazonaws/amplify/amplify_api/auth/FlutterAuthProvider.kt

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.amplify.amplify_api.auth
+
+import com.amplifyframework.api.ApiException
+import com.amplifyframework.api.aws.ApiAuthProviders
+import com.amplifyframework.api.aws.AuthorizationType
+import com.amplifyframework.api.aws.sigv4.FunctionAuthProvider
+import com.amplifyframework.api.aws.sigv4.OidcAuthProvider
+
+/**
+ * Manages the shared state of all [FlutterAuthProvider] instances.
+ */
+object FlutterAuthProviders {
+    /**
+     * A factory of [FlutterAuthProvider] instances.
+     */
+    val factory: ApiAuthProviders by lazy {
+        ApiAuthProviders
+            .Builder()
+            .functionAuthProvider(FlutterAuthProvider(AuthorizationType.AWS_LAMBDA))
+            .oidcAuthProvider(FlutterAuthProvider(AuthorizationType.OPENID_CONNECT))
+            .build()
+    }
+
+    /**
+     * Token cache for all [FlutterAuthProvider] instances.
+     */
+    private var tokens: MutableMap<AuthorizationType, String?> = mutableMapOf()
+
+    /**
+     * Retrieves the token for [authType] or `null`, if unavailable.
+     */
+    fun getToken(authType: AuthorizationType): String? = tokens[authType]
+
+    /**
+     * Sets the token for [authType] to [value].
+     */
+    fun setToken(authType: AuthorizationType, value: String?) {
+        tokens[authType] = value
+    }
+}
+
+/**
+ * A provider which manages token retrieval for its [AuthorizationType].
+ */
+class FlutterAuthProvider(private val type: AuthorizationType) : FunctionAuthProvider,
+    OidcAuthProvider {
+    private companion object {
+        /**
+         * Thrown when there is no token available for [type].
+         */
+        fun noTokenAvailable(type: AuthorizationType) = ApiException.ApiAuthException(
+            "No $type token available",
+            "Ensure that `getLatestAuthToken` returns a value"
+        )
+    }
+
+    override fun getLatestAuthToken(): String =
+        FlutterAuthProviders.getToken(type) ?: throw noTokenAvailable(type)
+}