Support Short Live Token in DAuth state flow.

Author: jiuyangzhao

examples/android/src/main/java/com/dropbox/core/examples/android/DbxRequestConfigFactory.java

@@ -0,0 +1,17 @@
+package com.dropbox.core.examples.android;
+
+import com.dropbox.core.DbxRequestConfig;
+import com.dropbox.core.http.OkHttp3Requestor;
+
+public class DbxRequestConfigFactory {
+    private static DbxRequestConfig sDbxRequestConfig;
+
+    public static DbxRequestConfig getRequestConfig() {
+        if (sDbxRequestConfig == null) {
+            sDbxRequestConfig = DbxRequestConfig.newBuilder("examples-v2-demo")
+                    .withHttpRequestor(new OkHttp3Requestor(OkHttp3Requestor.defaultOkHttpClient()))
+                    .build();
+        }
+        return sDbxRequestConfig;
+    }
+}

examples/android/src/main/java/com/dropbox/core/examples/android/DropboxActivity.java

@@ -3,29 +3,54 @@
 import android.content.SharedPreferences;
 import android.support.v7.app.AppCompatActivity;
 
+import android.util.Log;
 import com.dropbox.core.android.Auth;
+import com.dropbox.core.json.JsonReadException;
+import com.dropbox.core.oauth.DbxCredential;
 
 
 /**
  * Base class for Activities that require auth tokens
  * Will redirect to auth flow if needed
  */
 public abstract class DropboxActivity extends AppCompatActivity {
+    public final static boolean USE_SLT = true;
 
     @Override
     protected void onResume() {
         super.onResume();
 
         SharedPreferences prefs = getSharedPreferences("dropbox-sample", MODE_PRIVATE);
-        String accessToken = prefs.getString("access-token", null);
-        if (accessToken == null) {
-            accessToken = Auth.getOAuth2Token();
-            if (accessToken != null) {
-                prefs.edit().putString("access-token", accessToken).apply();
-                initAndLoadData(accessToken);
+
+        if (USE_SLT) {
+            String serailizedCredental = prefs.getString("credential", null);
+
+            if (serailizedCredental == null) {
+                DbxCredential credential = Auth.getDbxCredential();
+
+                if (credential != null) {
+                    prefs.edit().putString("credential", credential.toString()).apply();
+                    initAndLoadData(credential);
+                }
+            } else {
+                try {
+                    DbxCredential credential = DbxCredential.Reader.readFully(serailizedCredental);
+                    initAndLoadData(credential);
+                } catch (JsonReadException e) {
+                    throw new IllegalStateException("Credential data corrupted: " + e.getMessage());
+                }
             }
         } else {
-            initAndLoadData(accessToken);
+            String accessToken = prefs.getString("access-token", null);
+            if (accessToken == null) {
+                accessToken = Auth.getOAuth2Token();
+                if (accessToken != null) {
+                    prefs.edit().putString("access-token", accessToken).apply();
+                    initAndLoadData(accessToken);
+                }
+            } else {
+                initAndLoadData(accessToken);
+            }
         }
 
         String uid = Auth.getUid();
@@ -41,11 +66,21 @@ private void initAndLoadData(String accessToken) {
         loadData();
     }
 
+    private void initAndLoadData(DbxCredential dbxCredential) {
+        DropboxClientFactory.init(dbxCredential);
+        PicassoClient.init(getApplicationContext(), DropboxClientFactory.getClient());
+        loadData();
+    }
+
     protected abstract void loadData();
 
     protected boolean hasToken() {
         SharedPreferences prefs = getSharedPreferences("dropbox-sample", MODE_PRIVATE);
-        String accessToken = prefs.getString("access-token", null);
-        return accessToken != null;
+        if (USE_SLT) {
+            return prefs.getString("credential", null) != null;
+        } else {
+            String accessToken = prefs.getString("access-token", null);
+            return accessToken != null;
+        }
     }
 }

examples/android/src/main/java/com/dropbox/core/examples/android/DropboxClientFactory.java

@@ -1,8 +1,6 @@
 package com.dropbox.core.examples.android;
 
-import com.dropbox.core.DbxHost;
-import com.dropbox.core.DbxRequestConfig;
-import com.dropbox.core.http.OkHttp3Requestor;
+import com.dropbox.core.oauth.DbxCredential;
 import com.dropbox.core.v2.DbxClientV2;
 
 /**
@@ -14,11 +12,14 @@ public class DropboxClientFactory {
 
     public static void init(String accessToken) {
         if (sDbxClient == null) {
-            DbxRequestConfig requestConfig = DbxRequestConfig.newBuilder("examples-v2-demo")
-                .withHttpRequestor(new OkHttp3Requestor(OkHttp3Requestor.defaultOkHttpClient()))
-                .build();
+            sDbxClient = new DbxClientV2(DbxRequestConfigFactory.getRequestConfig(), accessToken);
+        }
+    }
 
-            sDbxClient = new DbxClientV2(requestConfig, accessToken);
+    public static void init(DbxCredential credential) {
+        credential = new DbxCredential(credential.getAccessToken(), -1L, credential.getRefreshToken(), credential.getAppKey());
+        if (sDbxClient == null) {
+            sDbxClient = new DbxClientV2(DbxRequestConfigFactory.getRequestConfig(), credential);
         }
     }
 

examples/android/src/main/java/com/dropbox/core/examples/android/UserActivity.java

@@ -32,7 +32,11 @@ protected void onCreate(Bundle savedInstanceState) {
         loginButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
-                Auth.startOAuth2Authentication(UserActivity.this, getString(R.string.app_key));
+                if (DropboxActivity.USE_SLT) {
+                    Auth.startOAuth2PKCE(UserActivity.this, getString(R.string.app_key), DbxRequestConfigFactory.getRequestConfig());
+                } else {
+                    Auth.startOAuth2Authentication(UserActivity.this, getString(R.string.app_key));
+                }
             }
         });
 

src/main/java/com/dropbox/core/DbxPKCEManager.java

@@ -0,0 +1,135 @@
+package com.dropbox.core;
+
+import com.dropbox.core.http.HttpRequestor;
+import com.dropbox.core.util.LangUtil;
+import com.dropbox.core.v2.DbxRawClientV2;
+
+import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.dropbox.core.util.StringUtil.urlSafeBase64Encode;
+
+/**
+ * This class should be lib/jar private. We make it public so that Android related code can use it.
+ *
+ * <b>Beta</b>: This feature is not available to all developers. Please do NOT use it unless you are
+ * early access partner of this feature. The function signature is subjected to change
+ * in next minor version release.
+ *
+ * This class does code verifier and code challenge generation in Proof Key for Code Exchange(PKCE).
+ * @see <a href="https://tools.ietf.org/html/rfc7636">https://tools.ietf.org/html/rfc7636</a>
+ */
+public class DbxPKCEManager implements Serializable {
+    public static final long serialVersionUID = 0;
+    public static final String CODE_CHALLENGE_METHODS = "S256";
+    public static final int CODE_VERIFIER_SIZE = 128;
+
+    private static final SecureRandom RAND = new SecureRandom();
+    private static final String CODE_VERIFIER_CHAR_SET =
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
+
+    private String codeVerifier;
+    private String codeChallenge;
+
+    /**
+     *  This class has state. Each instance has a randomly generated codeVerifier in it. Just
+     *  like we shouldn't re-use the same code verifier in PKCE, we shouldn't re-use the same
+     *  DbxPKCEManager instance in different OAuth flow.
+     */
+    public DbxPKCEManager() {
+        this.codeVerifier = generateCodeVerifier();
+        this.codeChallenge = generateCodeChallenge();
+    }
+
+    String generateCodeVerifier() {
+        StringBuilder sb = new StringBuilder();
+
+        for (int i = 0; i < CODE_VERIFIER_SIZE; i++) {
+            sb.append(CODE_VERIFIER_CHAR_SET.charAt(RAND.nextInt(CODE_VERIFIER_CHAR_SET.length())));
+        }
+
+        return sb.toString();
+    }
+
+    String generateCodeChallenge() {
+        return generateCodeChallenge(this.codeVerifier);
+    }
+
+    static String generateCodeChallenge(String codeVerifier) {
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            byte[] signiture = digest.digest(codeVerifier.getBytes("US-ASCII"));
+            return urlSafeBase64Encode(signiture).replaceAll("=+$", ""); // remove trailing equal
+        } catch (NoSuchAlgorithmException e) {
+            throw LangUtil.mkAssert("Impossible", e);
+        } catch (UnsupportedEncodingException e) {
+            throw LangUtil.mkAssert("Impossible", e);
+        }
+    }
+
+    /**
+     * @return The randomly generate code verifier in this instance.
+     */
+    public String getCodeVerifier() {
+        return this.codeVerifier;
+    }
+
+    /**
+     * @return The code challenge, which is a hashed code verifier.
+     */
+    public String getCodeChallenge() {
+        return this.codeChallenge;
+    }
+
+    /**
+     * Make oauth2/token request to exchange code for oauth2 access token. Client secret is not
+     * requried.
+     * @param requestConfig Default attributes to use for each request.
+     * @param oauth2Code OAuth2 code defined in OAuth2 code flow.
+     * @param appKey Client Key
+     * @param redirectUri The same redirect_uri that's used in preivous oauth2/authorize call.
+     * @param host Only used for testing when you don't want to make request against production.
+     * @return OAuth2 result, including oauth2 access token, and optionally expiration time and
+     * refresh token.
+     * @throws DbxException If reqeust is invalid, or code expired, or server error.
+     */
+    public DbxAuthFinish makeTokenRequest(DbxRequestConfig requestConfig,
+                                   String oauth2Code,
+                                   String appKey,
+                                   String redirectUri,
+                                   DbxHost host) throws DbxException {
+        Map<String, String> params = new HashMap<String, String>();
+        params.put("grant_type", "authorization_code");
+        params.put("code", oauth2Code);
+        params.put("locale", requestConfig.getUserLocale());
+        params.put("client_id", appKey);
+        params.put("code_verifier", this.codeVerifier);
+
+        if (redirectUri != null) {
+            params.put("redirect_uri", redirectUri);
+        }
+
+        return DbxRequestUtil.doPostNoAuth(
+            requestConfig,
+            DbxRawClientV2.USER_AGENT_ID,
+            host.getApi(),
+            "oauth2/token",
+            DbxRequestUtil.toParamsArray(params),
+            null,
+            new DbxRequestUtil.ResponseHandler<DbxAuthFinish>() {
+                @Override
+                public DbxAuthFinish handle(HttpRequestor.Response response) throws DbxException {
+                    if (response.getStatusCode() != 200) {
+                        throw DbxRequestUtil.unexpectedStatus(response);
+                    }
+                    return DbxRequestUtil.readJsonFromResponse(DbxAuthFinish.Reader, response);
+                }
+            }
+        );
+    }
+}