Merge branch '49-add-handler-for-redirect-scheme' into 'master'

Resolve "Add handler for redirect scheme"

Closes #49

See merge request pace/mobile/android/pace-cloud-sdk!44

Author: Martin Dinh

README.md

@@ -53,18 +53,6 @@ dependencies {
 }
 ```
 
-Because the PACE Cloud SDK uses [AppAuth for Android](https://github.com/openid/AppAuth-Android) for the *IDKit*, the AppAuth redirect scheme must be registered in your app's `build.gradle` file:
-```groovy
-android {
-    ...
-    defaultConfig {
-        ...
-        manifestPlaceholders = ['appAuthRedirectScheme': 'YOUR_REDIRECT_URI_SCHEME_OR_EMPTY']
-    }
-    ...
-}
-```
-
 ## Setup
 The `PACECloudSDK` needs to be setup before any of its `Kits` can be used. Therefore you *must* call `PACECloudSDK.setup(context: Context, configuration: Configuration)`. The best way to do this is inside your `Application` class. It will automatically authorize your application with the provided api key.
 
@@ -79,13 +67,28 @@ clientAppName: String
 clientAppVersion: String
 clientAppBuild: String
 apiKey: String
-clientId: String? // Default: null
 authenticationMode: AuthenticationMode // Default: AuthenticationMode.WEB
 environment: Environment // Default: Environment.PRODUCTION
 extensions: List<String> // Default: emptyList()
 locationAccuracy: Int? // Default: null
 ```
 
+PACE Cloud SDK uses [AppAuth for Android](https://github.com/openid/AppAuth-Android) for the native authentication in *IDKit*, which needs `appAuthRedirectScheme` manifest placeholder to be set. PACE Cloud SDK requires `pace_redirect_scheme` for [Deep Linking](#deep-linking) to be set. Both these manifest placeholder must be configured in your app's `build.gradle` file. In case you won't be using native login, you can set an empty string for `appAuthRedirectScheme`.
+
+For the `pace_redirect_scheme` we recommend to use the following pattern to prevent collisions with other apps that might be using PACE Cloud SDK: `pace.$UUID`, where `$UUID` can be any UUID of your choice:
+```groovy
+android {
+    ...
+    defaultConfig {
+        ...
+        manifestPlaceholders = [
+            'appAuthRedirectScheme': 'YOUR_REDIRECT_URI_SCHEME_OR_EMPTY', // e.g. reverse domain name notation: cloud.pace.app
+            'pace_redirect_scheme': 'YOUR_REDIRECT_SCHEME_OR_EMPTY'] // e.g. pace.ad50262a-9c88-4a5f-bc55-00dc31b81e5a
+    }
+    ...
+}
+```
+
 ## Migration
 ### From 2.x.x to 3.x.x
 In `3.0.0` we've introduced a universal setup method: `PACECloudSDK.setup(context: Context, configuration: Configuration)` and removed the setup for `AppKit` and `POIKit`.
@@ -102,7 +105,6 @@ val config = OIDConfiguration(
     authorizationEndpoint, 
     tokenEndpoint,
     userInfoEndpoint, // optional
-    clientId, 
     clientSecret, // optional
     scopes, // optional
     redirectUri,
@@ -489,32 +491,12 @@ AppKit.requestLocalApps { app ->
 }
 ```
 **Note**: For a more detailed example, where the apps are displayed in a `RecyclerView`, see the `PACECloudSDK` example app.
-  
+
 ### Deep Linking
 Some of our services (e.g. `PayPal`) do not open the URL in the WebView, but in a Chrome Custom Tab within the app, due to security reasons. After completion of the process the user is redirected back to the WebView via deep linking. In order to set the redirect URL correctly and to ensure that the client app intercepts the deep link, the following requirements must be met:
 
-* Set `clientId` in *PACECloudSDK's* configuration during the [setup](#setup), because it is needed for the redirect URL
-* Specify the [AppActivity](#appactivity) as deep link intent filter in your app manifest. **`pace.${clientId}` (same `clientId` as passed in the configuration) must be passed to `android:scheme`:**
-* If the scheme is not set, the *AppKit* calls the `onCustomSchemeError(context: Context?, scheme: String)` callback
-
-```xml
-<activity
-    android:name="cloud.pace.sdk.appkit.app.AppActivity"
-    android:launchMode="singleTop"
-    android:screenOrientation="portrait"
-    android:theme="@style/AppKitTheme">
-    <intent-filter>
-        <action android:name="android.intent.action.VIEW" />
-
-        <category android:name="android.intent.category.DEFAULT" />
-        <category android:name="android.intent.category.BROWSABLE" />
-
-        <data
-            android:host="redirect"
-            android:scheme="pace.$clientId" />
-    </intent-filter>
-</activity>
-```
+* Specify the `pace_redirect_scheme` as manifest placeholder in your app's `build.gradle` file (see [setup](#setup))
+* If the scheme is empty, the *AppKit* calls the `onCustomSchemeError(context: Context?, scheme: String)` callback
 
 ### Native login
 If the client app uses its own login and wants to pass an access token to the apps, follow these steps:

app/build.gradle

@@ -15,7 +15,7 @@ android {
 
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 
-        manifestPlaceholders = ['appAuthRedirectScheme': 'pace']
+        manifestPlaceholders = ['appAuthRedirectScheme': 'pace', 'pace_redirect_scheme': '']
     }
 
     buildTypes {

library/build.gradle

@@ -13,6 +13,7 @@ android {
         targetSdkVersion rootProject.ext.target_sdk_version
         versionCode rootProject.ext.build_number
         versionName rootProject.ext.version_name
+        manifestPlaceholders = [pace_redirect_scheme: "\${pace_redirect_scheme}"]
 
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 

library/src/main/AndroidManifest.xml

@@ -11,9 +11,23 @@
             android:name=".appkit.app.AppActivity"
             android:launchMode="singleTop"
             android:screenOrientation="portrait"
-            android:theme="@style/AppKitTheme" />
+            android:theme="@style/AppKitTheme">
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data
+                    android:host="redirect"
+                    android:scheme="${pace_redirect_scheme}" />
+            </intent-filter>
+        </activity>
 
         <receiver android:name=".appkit.geofences.GeofenceBroadcastReceiver" />
+        <meta-data
+            android:name="pace_redirect_scheme"
+            android:value="${pace_redirect_scheme}" />
     </application>
 
 </manifest>

library/src/main/java/cloud/pace/sdk/appkit/AppKit.kt

@@ -44,7 +44,6 @@ object AppKit : CloudSDKKoinComponent {
             "${config.clientAppName}/${config.clientAppVersion}_${config.clientAppBuild}",
             "(${DeviceUtils.getDeviceName()} Android/${DeviceUtils.getAndroidVersion()})",
             "PWA-SDK/${BuildConfig.VERSION_NAME}",
-            if (config.clientId != null) "(clientid:${config.clientId};)" else "",
             if (theme == Theme.LIGHT) "PWASDK-Theme/Light" else "PWASDK-Theme/Dark",
             "IdentityManagement/${config.authenticationMode.value}",
             config.extensions.joinToString(" ")

library/src/main/java/cloud/pace/sdk/appkit/app/webview/AppWebView.kt

@@ -111,6 +111,12 @@ class AppWebView(context: Context, attributeSet: AttributeSet) : RelativeLayout(
         }
     }
 
+    private val appInterceptableLinkObserver = Observer<Event<AppWebViewModel.AppInterceptableLinkResponse>> {
+        it.getContentIfNotHandled()?.let { appInterceptableLinkResponse ->
+            sendMessageCallback(gson.toJson(appInterceptableLinkResponse))
+        }
+    }
+
     init {
         addView(View.inflate(context, R.layout.app_web_view, null))
 
@@ -137,6 +143,7 @@ class AppWebView(context: Context, attributeSet: AttributeSet) : RelativeLayout(
         webView.addJavascriptInterface(GetSecureDataInterface(), "pace_getSecureData")
         webView.addJavascriptInterface(DisableInterface(), "pace_disable")
         webView.addJavascriptInterface(OpenURLInNewTabInterface(), "pace_openURLInNewTab")
+        webView.addJavascriptInterface(GetAppInterceptableLinkInterface(), "pace_getAppInterceptableLink")
 
         failureView.setButtonClickListener {
             webView.reload()
@@ -179,6 +186,7 @@ class AppWebView(context: Context, attributeSet: AttributeSet) : RelativeLayout(
         webViewModel.statusCode.observe(lifecycleOwner, statusCodeObserver)
         webViewModel.totpResponse.observe(lifecycleOwner, totpResponseObserver)
         webViewModel.secureData.observe(lifecycleOwner, secureDataObserver)
+        webViewModel.appInterceptableLink.observe(lifecycleOwner, appInterceptableLinkObserver)
     }
 
     private fun handleBack() {
@@ -276,4 +284,11 @@ class AppWebView(context: Context, attributeSet: AttributeSet) : RelativeLayout(
             onMainThread { webViewModel.handleOpenURLInNewTab(message) }
         }
     }
+
+    inner class GetAppInterceptableLinkInterface {
+        @JavascriptInterface
+        fun postMessage(message: String) {
+            onMainThread { webViewModel.handleGetAppInterceptableLink(message) }
+        }
+    }
 }

library/src/main/java/cloud/pace/sdk/appkit/app/webview/AppWebViewModel.kt

@@ -1,7 +1,6 @@
 package cloud.pace.sdk.appkit.app.webview
 
 import android.content.Context
-import android.content.Intent
 import android.content.pm.PackageManager
 import android.graphics.BitmapFactory
 import android.location.Location
@@ -11,7 +10,6 @@ import androidx.annotation.StringRes
 import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
-import cloud.pace.sdk.PACECloudSDK
 import cloud.pace.sdk.R
 import cloud.pace.sdk.appkit.communication.AppEventManager
 import cloud.pace.sdk.appkit.communication.AppModel
@@ -28,7 +26,6 @@ import com.google.gson.JsonSyntaxException
 import dev.turingcomplete.kotlinonetimepassword.HmacAlgorithm
 import dev.turingcomplete.kotlinonetimepassword.TimeBasedOneTimePasswordConfig
 import dev.turingcomplete.kotlinonetimepassword.TimeBasedOneTimePasswordGenerator
-import kotlinx.android.synthetic.main.app_web_view.view.*
 import org.apache.commons.codec.binary.Base32
 import java.util.*
 import java.util.concurrent.TimeUnit
@@ -45,6 +42,7 @@ abstract class AppWebViewModel : ViewModel(), AppWebViewClient.WebClientCallback
     abstract val statusCode: LiveData<Event<StatusCodeResponse>>
     abstract val totpResponse: LiveData<Event<TOTPResponse>>
     abstract val secureData: LiveData<Event<Map<String, String>>>
+    abstract val appInterceptableLink: LiveData<Event<AppInterceptableLinkResponse>>
 
     abstract fun init(url: String)
     abstract fun handleInvalidToken(message: String)
@@ -58,6 +56,7 @@ abstract class AppWebViewModel : ViewModel(), AppWebViewClient.WebClientCallback
     abstract fun handleGetSecureData(message: String)
     abstract fun handleDisable(message: String)
     abstract fun handleOpenURLInNewTab(message: String)
+    abstract fun handleGetAppInterceptableLink(message: String)
 
     class VerifyLocationRequest(val lat: Double, val lon: Double, val threshold: Double)
     class BiometricRequest(@StringRes val title: Int, val onSuccess: () -> Unit, val onFailure: (errorCode: Int, errString: CharSequence) -> Unit)
@@ -68,6 +67,7 @@ abstract class AppWebViewModel : ViewModel(), AppWebViewClient.WebClientCallback
     class DisableRequest(val until: Long)
     class OpenURLInNewTabRequest(val url: String, val cancelUrl: String)
     class TOTPResponse(val totp: String, val biometryMethod: String)
+    class AppInterceptableLinkResponse(val link: String)
 
     sealed class StatusCodeResponse(val statusCode: Int) {
         object Success : StatusCodeResponse(StatusCode.Ok.code)
@@ -106,6 +106,7 @@ class AppWebViewModelImpl(
     override val statusCode = MutableLiveData<Event<StatusCodeResponse>>()
     override val totpResponse = MutableLiveData<Event<TOTPResponse>>()
     override val secureData = MutableLiveData<Event<Map<String, String>>>()
+    override val appInterceptableLink = MutableLiveData<Event<AppInterceptableLinkResponse>>()
 
     private val gson = Gson()
 
@@ -334,23 +335,38 @@ class AppWebViewModelImpl(
 
     override fun handleOpenURLInNewTab(message: String) {
         try {
+            val redirectScheme = getRedirectScheme()
             val openURLInNewTabRequest = gson.fromJson(message, OpenURLInNewTabRequest::class.java)
-            val customScheme = "pace.${PACECloudSDK.configuration.clientId}://redirect"
-            val intent = Intent(Intent.ACTION_VIEW, Uri.parse(customScheme))
-            val resolveInfo = context.packageManager?.queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY)?.toList()
-
             url.value = Event(openURLInNewTabRequest.cancelUrl)
 
-            if (!resolveInfo.isNullOrEmpty()) {
+            if (!redirectScheme.isNullOrEmpty()) {
                 appModel.openUrlInNewTab(openURLInNewTabRequest.url)
             } else {
-                appModel.onCustomSchemeError(context, customScheme)
+                appModel.onCustomSchemeError(context, "${redirectScheme}://redirect")
             }
         } catch (e: JsonSyntaxException) {
             Log.e(e, "The openURLInNewTab JSON $message could not be deserialized.")
         }
     }
 
+    override fun handleGetAppInterceptableLink(message: String) {
+        try {
+            val redirectScheme = getRedirectScheme()
+            if (!redirectScheme.isNullOrEmpty()) {
+                appInterceptableLink.value = Event(AppInterceptableLinkResponse(redirectScheme))
+            } else {
+                statusCode.value = Event(StatusCodeResponse.Failure("Could not retrieve redirect scheme", StatusCode.NotFound.code))
+            }
+        } catch (e: Exception) {
+            statusCode.value = Event(StatusCodeResponse.Failure("Could not retrieve redirect scheme", StatusCode.NotFound.code))
+        }
+    }
+
+    private fun getRedirectScheme(): String? {
+        val applicationInfo = context.packageManager?.getApplicationInfo(context.packageName, PackageManager.GET_META_DATA)
+        return applicationInfo?.metaData?.get("pace_redirect_scheme")?.toString()
+    }
+
     private fun stringToAlgorithm(algorithm: String): HmacAlgorithm? {
         return when (algorithm) {
             "SHA1" -> HmacAlgorithm.SHA1

library/src/main/java/cloud/pace/sdk/utils/Configuration.kt

@@ -5,7 +5,6 @@ data class Configuration @JvmOverloads constructor(
     var clientAppVersion: String,
     var clientAppBuild: String,
     var apiKey: String,
-    var clientId: String? = null,
     var authenticationMode: AuthenticationMode = AuthenticationMode.WEB,
     var environment: Environment = Environment.PRODUCTION,
     var extensions: List<String> = emptyList(),

library/src/test/java/cloud/pace/sdk/appkit/AppWebViewModelTest.kt

@@ -40,7 +40,6 @@ class AppWebViewModelTest {
     private val sharedPreferencesModel = mock(SharedPreferencesModel::class.java)
     private val payManager = mock(PayAuthenticationManager::class.java)
     private var disabled = ""
-    private val clientId = "c4b48d7a-5b36-11eb-ae93-0242ac130002"
     private val host = "app.test.net"
     private val url = "https://$host"
     private val eventManager = object : TestAppEventManager() {
@@ -54,7 +53,7 @@ class AppWebViewModelTest {
 
     @Before
     fun init() {
-        PACECloudSDK.configuration = Configuration("", "", "", "", clientId = clientId, environment = Environment.DEVELOPMENT)
+        PACECloudSDK.configuration = Configuration("", "", "", "", environment = Environment.DEVELOPMENT)
 
         appModel.callback = appCallback
         disabled = ""
@@ -297,6 +296,5 @@ class AppWebViewModelTest {
         viewModel.handleOpenURLInNewTab(openURLInNewTabRequest)
 
         assertEquals(cancelUrl, viewModel.url.value?.getContentIfNotHandled())
-        verify(appCallback, times(1)).onCustomSchemeError(context, "pace.$clientId://redirect")
     }
 }