Skip to content

Added Native to Web support #803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pmathew92 merged 11 commits into from
Apr 17, 2025
Merged

Added Native to Web support #803

pmathew92 merged 11 commits into from
Apr 17, 2025

Conversation

@pmathew92
Copy link
Contributor

@pmathew92 pmathew92 commented Feb 27, 2025

@pmathew92 pmathew92 requested a review from a team as a code owner February 27, 2025 09:38
@pmathew92 pmathew92 changed the title Updated documentation for N2W Updated N2W API and documentation Mar 18, 2025
Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
EXAMPLES.md Outdated

This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again.

Call the api to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Call the api to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point.
Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated

/**
* Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated
}

/**
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated
* Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated
* @param ssoCredentials the credentials to save in the storage.
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt Outdated

/**
* Helper method to store the given [SessionTransferCredentials] refresh token in the storage.
* Method will silently return ,if the passed credentials has no refresh token.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Method will silently return ,if the passed credentials has no refresh token.
* Method will silently return if the passed credentials have no refresh token.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
* the client. Method will silently return ,if the passed credentials has no refresh token.
*
* @param ssoCredentials the credentials to save in the storage.
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
* @param ssoCredentials the credentials to save in the storage.
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated

/**
* Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
val exception = when {
error.isRefreshTokenDeleted ||
error.isInvalidRefreshToken -> CredentialsManagerException.Code.RENEW_FAILED
error.isRefreshTokenDeleted || error.isInvalidRefreshToken -> CredentialsManagerException.Code.RENEW_FAILED
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we throw a distinct error here?

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated

/**
* Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
* Fetches a new [SSOCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
}

/**
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* Fetches a new [SessionTransferCredentials]. It will fail with [CredentialsManagerException]

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
* Fetches a new [SessionTransferCredentials] . It will fail with [CredentialsManagerException]
* if the existing refresh_token is null or no longer valid. This method will handle saving the refresh_token,
* if a new one is issued
* if a new one is issued.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* if a new one is issued.
* if a new one is issued.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated

/**
* Helper method to stores the given [SessionTransferCredentials] refresh token in the storage.
* Method will silently return ,if the passed credentials has no refresh token.
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Method will silently return ,if the passed credentials has no refresh token.
* Method will silently return if the passed credentials have no refresh token.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt Outdated
return
}
// Checking if the existing one needs to be replaced with the new one
if (existingCredentials.refreshToken == sessionTransferCredentials.refreshToken && existingCredentials.idToken == sessionTransferCredentials.idToken) return
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no need to check the ID token for equality, as the newer one will have a different iat (issued at) claim value, so the token values will always be different.

Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we can always replace the old ID token with the new one.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt Outdated

/**
* Holds the session token credentials required for web SSO .
* Holds the token credentials required for web SSO .
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Holds the token credentials required for web SSO .
* Holds the token credentials required for web SSO.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt Outdated
public data class SessionTransferCredentials(
/**
* The Session Token used for web SSO .
* The token used for web SSO .
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* The token used for web SSO .
* The token used for web SSO.

Widcket
Widcket reviewed Apr 15, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SessionTransferCredentials.kt Outdated
@field:SerializedName("id_token") public val idToken: String,

/**
* Type of the token issued.In this case, an Auth0 web sso token
Copy link
Contributor

@Widcket Widcket Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Type of the token issued.In this case, an Auth0 web sso token
* Type of the token issued. In this case, an Auth0 web sso token.

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
EXAMPLES.md Outdated

This feature allows you to authenticate a user in a web session using the refresh token obtained from the native session without requiring the user to log in again.

Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point by passing as a query parameter or a cookie value.
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` end point by passing as a query parameter or a cookie value.
Call the API to fetch a webSessionTransferToken in exchange for a refresh token. Use the obtained token to authenticate the user by calling the `/authorize` endpoint, passing the token as a query parameter or a cookie value.

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/provider/WebClientProvider.kt Outdated
cookieManager.setAcceptCookie(true)
cookieManager.setCookie(
url,
"session_token=$sessionToken; path=/"
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should session_token=$sessionToken; path=/ be auth0_session_transfer_token=$sessionToken; path=/?

Copy link
Contributor Author

@pmathew92 pmathew92 Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is not required anymore. Missed deleting it. Thanks for bringing this to notice

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SSOCredentials.kt Outdated
* * *expiresIn*: The token expiration duration.
* * *issuedTokenType*: Type of the token issued.
*
* Holds the token credentials required for web SSO .
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Holds the token credentials required for web SSO .
* Holds the token credentials required for web SSO.

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SSOCredentials.kt Outdated
public data class SSOCredentials(
/**
* The Session Token used for web SSO .
* The token used for web SSO .
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* The token used for web SSO .
* The token used for web SSO.

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SSOCredentials.kt Outdated
* Expiration duration of the session token in seconds. Session tokens are short-lived and expire after a few minutes.
* Once expired, the Session Token can no longer be used for SSO.
* Expiration duration of the session transfer token in seconds. Session transfer tokens are short-lived and expire after a few minutes.
* Once expired, the session transfer tokens can no longer be used for web SSO.
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Once expired, the session transfer tokens can no longer be used for web SSO.
* Once expired, the session transfer tokens can no longer be used for web SSO.

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/provider/WebClientProvider.kt Outdated
import com.auth0.android.Auth0

/**
* Provider class to handle native to web sso
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Provider class to handle native to web sso
* Provider class to handle native to web SSO.

Copy link
Contributor Author

@pmathew92 pmathew92 Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Class is removed

Widcket
Widcket reviewed Apr 16, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/result/SSOCredentials.kt Outdated
@field:SerializedName("id_token") public val idToken: String,

/**
* Type of the token issued.In this case, an Auth0 session transfer token
Copy link
Contributor

@Widcket Widcket Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Type of the token issued.In this case, an Auth0 session transfer token
* Type of the token issued. In this case, an Auth0 session transfer token.

@pmathew92 pmathew92 changed the title Updated N2W API and documentation Added Native to Web API and documentation Apr 17, 2025
@pmathew92 pmathew92 changed the title Added Native to Web API and documentation Added Native to Web support Apr 17, 2025
@pmathew92 pmathew92 merged commit 3c9aa2c into main Apr 17, 2025
7 checks passed
@pmathew92 pmathew92 deleted the SDK-5712 branch April 17, 2025 10:47
@pmathew92 pmathew92 mentioned this pull request Apr 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Widcket Widcket Widcket approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pmathew92 @Widcket