├── settings.gradle
├── .gitignore
├── gradle
    └── wrapper
    │   ├── gradle-wrapper.jar
    │   └── gradle-wrapper.properties
├── auth-sample
    ├── keystore
    │   └── example.keystore
    ├── src
    │   └── main
    │   │   ├── res
    │   │       ├── mipmap-hdpi
    │   │       │   └── ic_launcher.png
    │   │       ├── mipmap-mdpi
    │   │       │   └── ic_launcher.png
    │   │       ├── mipmap-xhdpi
    │   │       │   └── ic_launcher.png
    │   │       ├── mipmap-xxhdpi
    │   │       │   └── ic_launcher.png
    │   │       ├── mipmap-xxxhdpi
    │   │       │   └── ic_launcher.png
    │   │       ├── values
    │   │       │   ├── strings.xml
    │   │       │   ├── colors.xml
    │   │       │   └── styles.xml
    │   │       └── layout
    │   │       │   └── activity_main.xml
    │   │   ├── AndroidManifest.xml
    │   │   └── java
    │   │       └── com
    │   │           └── spotify
    │   │               └── sdk
    │   │                   └── android
    │   │                       └── auth
    │   │                           └── sample
    │   │                               └── MainActivity.java
    └── build.gradle
├── catalog-info.yaml
├── config
    ├── lint.xml
    ├── findbugs-filter.xml
    └── checkstyle.xml
├── auth-lib
    ├── src
    │   ├── test
    │   │   └── java
    │   │   │   └── com
    │   │   │       └── spotify
    │   │   │           └── sdk
    │   │   │               └── android
    │   │   │                   └── auth
    │   │   │                       ├── app
    │   │   │                           └── FakeSha1HashUtil.java
    │   │   │                       ├── LoginActivityTest.java
    │   │   │                       ├── PKCEInformationFactoryTest.java
    │   │   │                       ├── TokenExchangeRequestTest.java
    │   │   │                       ├── AuthorizationResponseTest.java
    │   │   │                       ├── TokenExchangeResponseTest.java
    │   │   │                       └── AuthorizationClientTest.java
    │   ├── main
    │   │   ├── java
    │   │   │   └── com
    │   │   │   │   └── spotify
    │   │   │   │       └── sdk
    │   │   │   │           └── android
    │   │   │   │               └── auth
    │   │   │   │                   ├── AccountsQueryParameters.java
    │   │   │   │                   ├── IntentExtras.java
    │   │   │   │                   ├── app
    │   │   │   │                       ├── Sha1HashUtil.java
    │   │   │   │                       ├── SpotifyAuthHandler.java
    │   │   │   │                       └── SpotifyNativeAuthUtil.java
    │   │   │   │                   ├── AuthorizationHandler.java
    │   │   │   │                   ├── PKCEInformationFactory.java
    │   │   │   │                   ├── PKCEInformation.java
    │   │   │   │                   ├── TokenExchangeResponse.java
    │   │   │   │                   ├── TokenExchangeRequest.java
    │   │   │   │                   ├── AuthorizationResponse.java
    │   │   │   │                   └── AuthorizationRequest.java
    │   │   ├── res
    │   │   │   ├── values
    │   │   │   │   └── strings.xml
    │   │   │   └── layout
    │   │   │   │   ├── com_spotify_sdk_login_activity.xml
    │   │   │   │   └── com_spotify_sdk_login_dialog.xml
    │   │   └── AndroidManifest.xml
    │   ├── auth
    │   │   ├── java
    │   │   │   └── com
    │   │   │   │   └── spotify
    │   │   │   │       └── sdk
    │   │   │   │           └── android
    │   │   │   │               └── auth
    │   │   │   │                   ├── browser
    │   │   │   │                       ├── RedirectUriReceiverActivity.java
    │   │   │   │                       ├── CustomTabsSupportChecker.java
    │   │   │   │                       └── BrowserAuthHandler.java
    │   │   │   │                   └── FallbackHandlerProvider.java
    │   │   └── AndroidManifest.xml
    │   ├── store
    │   │   └── java
    │   │   │   └── com
    │   │   │       └── spotify
    │   │   │           └── sdk
    │   │   │               └── android
    │   │   │                   └── auth
    │   │   │                       ├── FallbackHandlerProvider.java
    │   │   │                       └── store
    │   │   │                           └── PlayStoreHandler.java
    │   ├── testStore
    │   │   └── java
    │   │   │   └── com
    │   │   │       └── spotify
    │   │   │           └── sdk
    │   │   │               └── android
    │   │   │                   └── auth
    │   │   │                       └── LoginActivityStoreTest.java
    │   └── testAuth
    │   │   └── java
    │   │       └── com
    │   │           └── spotify
    │   │               └── sdk
    │   │                   └── android
    │   │                       └── auth
    │   │                           └── LoginActivityAuthTest.java
    └── build.gradle
├── .editorconfig
├── gradle.properties
├── .travis.yml
├── gradlew.bat
├── CHANGELOG.md
├── README.md
├── .github
    └── workflows
    │   └── publish-javadoc.yml
├── gradlew
└── LICENSE


/settings.gradle:
--------------------------------------------------------------------------------
1 | include ':auth-lib', ':auth-sample'
2 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .gradle
3 | /local.properties
4 | .idea/
5 | .DS_Store
6 | build/
7 | doc/
8 | doc-store/
9 | 


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/gradle/wrapper/gradle-wrapper.jar


--------------------------------------------------------------------------------
/auth-sample/keystore/example.keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/keystore/example.keystore


--------------------------------------------------------------------------------
/auth-sample/src/main/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/src/main/res/mipmap-hdpi/ic_launcher.png


--------------------------------------------------------------------------------
/auth-sample/src/main/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/src/main/res/mipmap-mdpi/ic_launcher.png


--------------------------------------------------------------------------------
/auth-sample/src/main/res/mipmap-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/src/main/res/mipmap-xhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/auth-sample/src/main/res/mipmap-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/src/main/res/mipmap-xxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/auth-sample/src/main/res/mipmap-xxxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spotify/android-auth/HEAD/auth-sample/src/main/res/mipmap-xxxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/catalog-info.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: backstage.io/v1alpha1
2 | kind: Component
3 | metadata:
4 |   name: android-auth
5 | spec:
6 |   type: library
7 |   owner: opx-partner-activation
8 | 


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionBase=GRADLE_USER_HOME
2 | distributionPath=wrapper/dists
3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | 


--------------------------------------------------------------------------------
/config/lint.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <lint>
 3 |     <issue id="InvalidPackage" severity="error">
 4 |         <ignore regexp="okio.*jar"/>
 5 |     </issue>
 6 |     <issue id="GradleDependency" severity="ignore"/>
 7 |     <issue id="AllowBackup" severity="ignore"/>
 8 |     <issue id="GoogleAppIndexingWarning" severity="ignore"/>
 9 | </lint>
10 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 |     <string name="app_name">Spotify Android Auth</string>
 3 |     <string name="warning_need_token">You need to request an access token first</string>
 4 |     <string name="code">Code: %1$s</string>
 5 |     <string name="token">Access Token: %1$s</string>
 6 |     <string name="btn_get_profile">Get User Profile</string>
 7 |     <string name="btn_req_code">Request Code</string>
 8 |     <string name="btn_req_token">Request Token</string>
 9 | </resources>
10 | 


--------------------------------------------------------------------------------
/config/findbugs-filter.xml:
--------------------------------------------------------------------------------
 1 | <FindBugsFilter>
 2 |     <!-- http://stackoverflow.com/questions/7568579/eclipsefindbugs-exclude-filter-files-doesnt-work -->
 3 |     <Match>
 4 |         <Class name="~.*\.R\$.*"/>
 5 |     </Match>
 6 |     <Match>
 7 |         <Class name="~.*\.Manifest\$.*"/>
 8 |     </Match>
 9 |     <!-- All bugs in test classes, except for JUnit-specific bugs -->
10 |     <Match>
11 |         <Class name="~.*\.*Test" />
12 |         <Not>
13 |             <Bug code="IJU" />
14 |         </Not>
15 |     </Match>
16 | </FindBugsFilter>


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/app/FakeSha1HashUtil.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth.app;
 2 | 
 3 | import android.util.Pair;
 4 | 
 5 | import java.util.Map;
 6 | 
 7 | public class FakeSha1HashUtil implements Sha1HashUtil {
 8 | 
 9 |     private final Map<String, String> mSignatureHashMap;
10 | 
11 |     public FakeSha1HashUtil(Map<String, String> signatureHashMap) {
12 |         mSignatureHashMap = signatureHashMap;
13 |     }
14 | 
15 |     @Override
16 |     public String sha1Hash(String signature) {
17 |         return mSignatureHashMap.get(signature);
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # EditorConfig helps developers define and maintain consistent
 2 | # coding styles between different editors and IDEs
 3 | # editorconfig.org
 4 | #
 5 | # Install IntelliJ plugin: https://github.com/editorconfig/editorconfig-jetbrains#readme
 6 | 
 7 | root = true
 8 | 
 9 | [*]
10 | 
11 | indent_style = space
12 | indent_size = 4
13 | continuation_indent_size = 8
14 | end_of_line = lf
15 | charset = utf-8
16 | trim_trailing_whitespace = true
17 | insert_final_newline = true
18 | 
19 | [*.xml]
20 | continuation_indent_size = 4
21 | 
22 | [*.{cpp,h,hpp}]
23 | indent_style = space
24 | indent_size = 2
25 | continuation_indent_size = 4
26 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/AccountsQueryParameters.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth;
 2 | 
 3 | public interface AccountsQueryParameters {
 4 |   String CLIENT_ID = "client_id";
 5 |   String RESPONSE_TYPE = "response_type";
 6 |   String REDIRECT_URI = "redirect_uri";
 7 |   String STATE = "state";
 8 |   String SCOPE = "scope";
 9 |   String SHOW_DIALOG = "show_dialog";
10 |   String UTM_SOURCE = "utm_source";
11 |   String UTM_MEDIUM = "utm_medium";
12 |   String UTM_CAMPAIGN = "utm_campaign";
13 |   String ERROR = "error";
14 |   String CODE = "code";
15 |   String ACCESS_TOKEN = "access_token";
16 |   String EXPIRES_IN = "expires_in";
17 |   String CODE_CHALLENGE = "code_challenge";
18 |   String CODE_CHALLENGE_METHOD = "code_challenge_method";
19 | }
20 | 


--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
 1 | # Project-wide Gradle settings.
 2 | 
 3 | # IDE (e.g. Android Studio) users:
 4 | # Gradle settings configured through the IDE *will override*
 5 | # any settings specified in this file.
 6 | 
 7 | # For more details on how to configure your build environment visit
 8 | # http://www.gradle.org/docs/current/userguide/build_environment.html
 9 | 
10 | # Specifies the JVM arguments used for the daemon process.
11 | # The setting is particularly useful for tweaking memory settings.
12 | android.enableJetifier=true
13 | android.useAndroidX=true
14 | org.gradle.jvmargs=-Xmx1536m
15 | signingEnabled=false
16 | 
17 | # When configured, Gradle will run in incubating parallel mode.
18 | # This option should only be used with decoupled projects. More details, visit
19 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
20 | # org.gradle.parallel=true
21 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: android
 2 | 
 3 | jdk:
 4 |   - oraclejdk8
 5 | 
 6 | android:
 7 |   components:
 8 |     - tools
 9 |     - tools
10 |     - platform-tools
11 |     # Note that the tools section appears twice on purpose as it’s required
12 |     # to get the newest Android SDK tools. Source: Travis CI docs.
13 |     - build-tools-30.0.2
14 |     - extra-android-m2repository
15 | 
16 | before_install:
17 |   - echo yes | sdkmanager "platforms;android-30"
18 |   - echo yes | sdkmanager "build-tools;30.0.2"
19 |   - mkdir "$ANDROID_HOME/licenses" || true
20 |   - echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55" > "$ANDROID_HOME/licenses/android-sdk-license"
21 |   - echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"
22 | 
23 | script:
24 |   - ./gradlew clean build
25 | 
26 | before_cache:
27 |   - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
28 | cache:
29 |   directories:
30 |     - $HOME/.gradle/caches/
31 |     - $HOME/.gradle/wrapper/
32 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |     Copyright (c) 2015-2016 Spotify AB
 4 | 
 5 |     Licensed to the Apache Software Foundation (ASF) under one
 6 |     or more contributor license agreements.  See the NOTICE file
 7 |     distributed with this work for additional information
 8 |     regarding copyright ownership.  The ASF licenses this file
 9 |     to you under the Apache License, Version 2.0 (the
10 |     "License"); you may not use this file except in compliance
11 |     with the License.  You may obtain a copy of the License at
12 | 
13 |     http://www.apache.org/licenses/LICENSE-2.0
14 | 
15 |     Unless required by applicable law or agreed to in writing,
16 |     software distributed under the License is distributed on an
17 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 |     KIND, either express or implied.  See the License for the
19 |     specific language governing permissions and limitations
20 |     under the License.
21 | -->
22 | <resources>
23 |     <string name="com_spotify_sdk_login_progress">Loading…</string>
24 | </resources>
25 | 


--------------------------------------------------------------------------------
/auth-lib/src/auth/java/com/spotify/sdk/android/auth/browser/RedirectUriReceiverActivity.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth.browser;
 2 | 
 3 | import android.app.Activity;
 4 | import android.content.Intent;
 5 | import android.os.Bundle;
 6 | 
 7 | import androidx.annotation.Nullable;
 8 | 
 9 | import com.spotify.sdk.android.auth.LoginActivity;
10 | 
11 | /**
12 |  * Activity that receives the auth response sent by the browser's Custom Tab via deeplink.
13 |  * The sole purpose of this activity is to forward the response back to {@link LoginActivity}.
14 |  * This activity is used only during browser based auth flow - when the Spotify app is not
15 |  * installed on the device.
16 |  */
17 | public class RedirectUriReceiverActivity extends Activity {
18 | 
19 |     @Override
20 |     protected void onCreate(@Nullable Bundle savedInstanceState) {
21 |         super.onCreate(savedInstanceState);
22 |         Intent intent = new Intent(this, LoginActivity.class);
23 |         intent.setData(getIntent().getData());
24 |         intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP | Intent.FLAG_ACTIVITY_SINGLE_TOP);
25 |         startActivity(intent);
26 |         finish();
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |     Copyright (c) 2015-2016 Spotify AB
 4 | 
 5 |     Licensed to the Apache Software Foundation (ASF) under one
 6 |     or more contributor license agreements.  See the NOTICE file
 7 |     distributed with this work for additional information
 8 |     regarding copyright ownership.  The ASF licenses this file
 9 |     to you under the Apache License, Version 2.0 (the
10 |     "License"); you may not use this file except in compliance
11 |     with the License.  You may obtain a copy of the License at
12 | 
13 |     http://www.apache.org/licenses/LICENSE-2.0
14 | 
15 |     Unless required by applicable law or agreed to in writing,
16 |     software distributed under the License is distributed on an
17 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 |     KIND, either express or implied.  See the License for the
19 |     specific language governing permissions and limitations
20 |     under the License.
21 | -->
22 | <resources>
23 |     <color name="colorPrimary">#3F51B5</color>
24 |     <color name="colorPrimaryDark">#303F9F</color>
25 |     <color name="colorAccent">#FF4081</color>
26 | </resources>
27 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/res/layout/com_spotify_sdk_login_activity.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |     Copyright (c) 2015-2016 Spotify AB
 4 | 
 5 |     Licensed to the Apache Software Foundation (ASF) under one
 6 |     or more contributor license agreements.  See the NOTICE file
 7 |     distributed with this work for additional information
 8 |     regarding copyright ownership.  The ASF licenses this file
 9 |     to you under the Apache License, Version 2.0 (the
10 |     "License"); you may not use this file except in compliance
11 |     with the License.  You may obtain a copy of the License at
12 | 
13 |     http://www.apache.org/licenses/LICENSE-2.0
14 | 
15 |     Unless required by applicable law or agreed to in writing,
16 |     software distributed under the License is distributed on an
17 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 |     KIND, either express or implied.  See the License for the
19 |     specific language governing permissions and limitations
20 |     under the License.
21 | -->
22 | <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
23 |                 android:layout_width="match_parent"
24 |                 android:layout_height="match_parent">
25 | </LinearLayout>
26 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/res/layout/com_spotify_sdk_login_dialog.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |     Copyright (c) 2015-2016 Spotify AB
 4 | 
 5 |     Licensed to the Apache Software Foundation (ASF) under one
 6 |     or more contributor license agreements.  See the NOTICE file
 7 |     distributed with this work for additional information
 8 |     regarding copyright ownership.  The ASF licenses this file
 9 |     to you under the Apache License, Version 2.0 (the
10 |     "License"); you may not use this file except in compliance
11 |     with the License.  You may obtain a copy of the License at
12 | 
13 |     http://www.apache.org/licenses/LICENSE-2.0
14 | 
15 |     Unless required by applicable law or agreed to in writing,
16 |     software distributed under the License is distributed on an
17 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 |     KIND, either express or implied.  See the License for the
19 |     specific language governing permissions and limitations
20 |     under the License.
21 | -->
22 | <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
23 |     android:layout_width="match_parent"
24 |     android:layout_height="match_parent"
25 |     android:background="@android:drawable/dialog_frame"
26 |     android:visibility="invisible"/>
27 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/res/values/styles.xml:
--------------------------------------------------------------------------------
 1 | <!--
 2 |     Copyright (c) 2015-2016 Spotify AB
 3 | 
 4 |     Licensed to the Apache Software Foundation (ASF) under one
 5 |     or more contributor license agreements.  See the NOTICE file
 6 |     distributed with this work for additional information
 7 |     regarding copyright ownership.  The ASF licenses this file
 8 |     to you under the Apache License, Version 2.0 (the
 9 |     "License"); you may not use this file except in compliance
10 |     with the License.  You may obtain a copy of the License at
11 | 
12 |     http://www.apache.org/licenses/LICENSE-2.0
13 | 
14 |     Unless required by applicable law or agreed to in writing,
15 |     software distributed under the License is distributed on an
16 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |     KIND, either express or implied.  See the License for the
18 |     specific language governing permissions and limitations
19 |     under the License.
20 | -->
21 | <resources>
22 |     <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
23 |         <item name="colorPrimary">@color/colorPrimary</item>
24 |         <item name="colorPrimaryDark">@color/colorPrimaryDark</item>
25 |         <item name="colorAccent">@color/colorAccent</item>
26 |     </style>
27 | </resources>
28 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/IntentExtras.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth;
 2 | 
 3 | /*
 4 |  * Constants below have their counterparts in Spotify app where
 5 |  * they're used to parse messages received from SDK.
 6 |  * If any of these values needs to be changed, a new protocol version needs to be created on both
 7 |  * sides (auth-lib and Spotify app) and bumped accordingly.
 8 |  */
 9 | public interface IntentExtras {
10 |     String KEY_CLIENT_ID = "CLIENT_ID";
11 |     String KEY_REQUESTED_SCOPES = "SCOPES";
12 |     String KEY_STATE = "STATE";
13 |     String KEY_UTM_SOURCE = "UTM_SOURCE";
14 |     String KEY_UTM_MEDIUM = "UTM_MEDIUM";
15 |     String KEY_UTM_CAMPAIGN = "UTM_CAMPAIGN";
16 |     String KEY_REDIRECT_URI = "REDIRECT_URI";
17 |     String KEY_RESPONSE_TYPE = "RESPONSE_TYPE";
18 |     String KEY_ACCESS_TOKEN = "ACCESS_TOKEN";
19 |     String KEY_AUTHORIZATION_CODE = "AUTHORIZATION_CODE";
20 |     String KEY_EXPIRES_IN = "EXPIRES_IN";
21 |     String KEY_CODE_CHALLENGE = "CODE_CHALLENGE";
22 |     String KEY_CODE_CHALLENGE_METHOD = "CODE_CHALLENGE_METHOD";
23 |     /*
24 |      * This is used to pass information about the protocol version
25 |      * to the AuthorizationActivity.
26 |      * DO NOT CHANGE THIS.
27 |      */
28 |     String KEY_VERSION = "VERSION";
29 | }
30 | 


--------------------------------------------------------------------------------
/auth-lib/src/auth/java/com/spotify/sdk/android/auth/FallbackHandlerProvider.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import androidx.annotation.NonNull;
25 | import com.spotify.sdk.android.auth.browser.BrowserAuthHandler;
26 | 
27 | /**
28 |  * Provides an AuthorizationHandler that opens a browser when the Spotify application is not installed
29 |  */
30 | public class FallbackHandlerProvider {
31 | 
32 |     @NonNull
33 |     public AuthorizationHandler provideFallback() {
34 |         return new BrowserAuthHandler();
35 |     }
36 | 
37 | }
38 | 


--------------------------------------------------------------------------------
/auth-lib/src/store/java/com/spotify/sdk/android/auth/FallbackHandlerProvider.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import androidx.annotation.NonNull;
25 | import com.spotify.sdk.android.auth.store.PlayStoreHandler;
26 | 
27 | /**
28 |  * Provides an AuthorizationHandler that opens the play store when the Spotify application is not installed
29 |  */
30 | public class FallbackHandlerProvider {
31 | 
32 |     @NonNull
33 |     public AuthorizationHandler provideFallback() {
34 |         return new PlayStoreHandler();
35 |     }
36 | 
37 | }
38 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/app/Sha1HashUtil.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth.app;
 2 | 
 3 | import androidx.annotation.NonNull;
 4 | import androidx.annotation.Nullable;
 5 | 
 6 | import java.io.UnsupportedEncodingException;
 7 | import java.security.MessageDigest;
 8 | import java.security.NoSuchAlgorithmException;
 9 | 
10 | 
11 | interface Sha1HashUtil {
12 |     @Nullable
13 |     String sha1Hash(@NonNull String toHash);
14 | }
15 | final class Sha1HashUtilImpl implements Sha1HashUtil {
16 | 
17 |     @Override
18 |     @Nullable
19 |     public String sha1Hash(@NonNull String toHash) {
20 |         String hash = null;
21 |         try {
22 |             MessageDigest digest = MessageDigest.getInstance("SHA-1");
23 |             byte[] bytes = toHash.getBytes("UTF-8");
24 |             digest.update(bytes, 0, bytes.length);
25 |             bytes = digest.digest();
26 | 
27 |             hash = bytesToHex(bytes);
28 |         } catch (NoSuchAlgorithmException ignored) {
29 |         } catch (UnsupportedEncodingException ignored) {
30 |         }
31 |         return hash;
32 |     }
33 | 
34 |     private final char[] HEX_ARRAY = "0123456789abcdef".toCharArray();
35 | 
36 |     @NonNull
37 |     private String bytesToHex(@NonNull byte[] bytes) {
38 |         char[] hexChars = new char[bytes.length * 2];
39 |         for (int j = 0; j < bytes.length; j++) {
40 |             int v = bytes[j] & 0xFF;
41 |             hexChars[j * 2] = HEX_ARRAY[v >>> 4];
42 |             hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
43 |         }
44 |         return new String(hexChars);
45 |     }
46 | 
47 | }
48 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/AuthorizationHandler.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import android.app.Activity;
25 | 
26 | import androidx.annotation.NonNull;
27 | import androidx.annotation.Nullable;
28 | 
29 | public interface AuthorizationHandler {
30 | 
31 |     interface OnCompleteListener {
32 |         void onComplete(@NonNull AuthorizationResponse response);
33 | 
34 |         void onCancel();
35 | 
36 |         void onError(@NonNull Throwable error);
37 | 
38 |     }
39 | 
40 |     boolean start(@NonNull Activity contextActivity, @NonNull AuthorizationRequest request);
41 | 
42 |     void stop();
43 | 
44 |     void setOnCompleteListener(@Nullable OnCompleteListener listener);
45 | 
46 |     boolean isAuthInProgress();
47 | }
48 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |     Copyright (c) 2015-2016 Spotify AB
 4 | 
 5 |     Licensed to the Apache Software Foundation (ASF) under one
 6 |     or more contributor license agreements.  See the NOTICE file
 7 |     distributed with this work for additional information
 8 |     regarding copyright ownership.  The ASF licenses this file
 9 |     to you under the Apache License, Version 2.0 (the
10 |     "License"); you may not use this file except in compliance
11 |     with the License.  You may obtain a copy of the License at
12 | 
13 |     http://www.apache.org/licenses/LICENSE-2.0
14 | 
15 |     Unless required by applicable law or agreed to in writing,
16 |     software distributed under the License is distributed on an
17 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 |     KIND, either express or implied.  See the License for the
19 |     specific language governing permissions and limitations
20 |     under the License.
21 | -->
22 | <manifest xmlns:android="http://schemas.android.com/apk/res/android">
23 | 
24 |     <application
25 |         android:allowBackup="true"
26 |         android:icon="@mipmap/ic_launcher"
27 |         android:label="@string/app_name"
28 |         android:supportsRtl="true"
29 |         android:theme="@style/AppTheme">
30 |         <activity
31 |             android:name="com.spotify.sdk.android.auth.sample.MainActivity"
32 |             android:configChanges="keyboardHidden|keyboard|orientation|screenSize"
33 |             android:exported="true">
34 |             <intent-filter>
35 |                 <action android:name="android.intent.action.MAIN"/>
36 |                 <category android:name="android.intent.category.LAUNCHER"/>
37 |             </intent-filter>
38 |         </activity>
39 |     </application>
40 | 
41 | </manifest>
42 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | 
 3 | <!--
 4 |     Copyright (c) 2015-2016 Spotify AB
 5 | 
 6 |     Licensed to the Apache Software Foundation (ASF) under one
 7 |     or more contributor license agreements.  See the NOTICE file
 8 |     distributed with this work for additional information
 9 |     regarding copyright ownership.  The ASF licenses this file
10 |     to you under the Apache License, Version 2.0 (the
11 |     "License"); you may not use this file except in compliance
12 |     with the License.  You may obtain a copy of the License at
13 | 
14 |     http://www.apache.org/licenses/LICENSE-2.0
15 | 
16 |     Unless required by applicable law or agreed to in writing,
17 |     software distributed under the License is distributed on an
18 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19 |     KIND, either express or implied.  See the License for the
20 |     specific language governing permissions and limitations
21 |     under the License.
22 | -->
23 | 
24 | <manifest xmlns:android="http://schemas.android.com/apk/res/android">
25 | 
26 |     <uses-permission android:name="android.permission.INTERNET"/>
27 | 
28 |     <queries>
29 |         <package android:name="com.spotify.music" />
30 |         <package android:name="com.spotify.music.debug" />
31 |         <package android:name="com.spotify.music.canary" />
32 |         <package android:name="com.spotify.music.partners" />
33 | 
34 |         <intent>
35 |             <action android:name="com.spotify.sso.action.START_AUTH_FLOW" />
36 |             <data android:mimeType="text/plain" />
37 |         </intent>
38 |     </queries>
39 | 
40 |     <application>
41 | 
42 |         <activity
43 |             android:name="com.spotify.sdk.android.auth.LoginActivity"
44 |             android:theme="@android:style/Theme.Translucent.NoTitleBar"
45 |             android:launchMode="singleTask"
46 |             android:configChanges="screenSize|smallestScreenSize|screenLayout|orientation|keyboard|keyboardHidden"
47 |             android:exported="false"/>
48 | 
49 |     </application>
50 | 
51 | </manifest>
52 | 


--------------------------------------------------------------------------------
/auth-lib/src/auth/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | 
 3 | <!--
 4 |     Copyright (c) 2015-2016 Spotify AB
 5 | 
 6 |     Licensed to the Apache Software Foundation (ASF) under one
 7 |     or more contributor license agreements.  See the NOTICE file
 8 |     distributed with this work for additional information
 9 |     regarding copyright ownership.  The ASF licenses this file
10 |     to you under the Apache License, Version 2.0 (the
11 |     "License"); you may not use this file except in compliance
12 |     with the License.  You may obtain a copy of the License at
13 | 
14 |     http://www.apache.org/licenses/LICENSE-2.0
15 | 
16 |     Unless required by applicable law or agreed to in writing,
17 |     software distributed under the License is distributed on an
18 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19 |     KIND, either express or implied.  See the License for the
20 |     specific language governing permissions and limitations
21 |     under the License.
22 | -->
23 | 
24 | <manifest xmlns:android="http://schemas.android.com/apk/res/android">
25 | 
26 |     <queries>
27 |         <intent>
28 |             <action android:name="android.support.customtabs.action.CustomTabsService" />
29 |         </intent>
30 |     </queries>
31 | 
32 |     <application>
33 | 
34 |         <activity
35 |             android:name="com.spotify.sdk.android.auth.browser.RedirectUriReceiverActivity"
36 |             android:theme="@android:style/Theme.Translucent.NoTitleBar"
37 |             android:exported="true">
38 |             <intent-filter android:autoVerify="true">
39 |                 <action android:name="android.intent.action.VIEW"/>
40 |                 <category android:name="android.intent.category.DEFAULT"/>
41 |                 <category android:name="android.intent.category.BROWSABLE"/>
42 |                 <data
43 |                     android:host="${redirectHostName}"
44 |                     android:scheme="${redirectSchemeName}"
45 |                     android:pathPattern="${redirectPathPattern}"/>
46 |             </intent-filter>
47 |         </activity>
48 | 
49 |     </application>
50 | 
51 | </manifest>
52 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/LoginActivityTest.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import android.app.Activity;
25 | import android.content.Intent;
26 | import android.os.Bundle;
27 | 
28 | import org.junit.Test;
29 | import org.junit.runner.RunWith;
30 | import org.robolectric.Robolectric;
31 | import org.robolectric.RobolectricTestRunner;
32 | import org.robolectric.android.controller.ActivityController;
33 | import org.robolectric.shadows.ShadowActivity;
34 | 
35 | import static org.junit.Assert.assertEquals;
36 | import static org.junit.Assert.assertFalse;
37 | import static org.junit.Assert.assertTrue;
38 | import static org.robolectric.Robolectric.buildActivity;
39 | import static org.robolectric.Shadows.shadowOf;
40 | 
41 | @RunWith(RobolectricTestRunner.class)
42 | public class LoginActivityTest {
43 | 
44 |     @Test
45 |     public void shouldFinishLoginActivityIfNoAuthRequest() {
46 |         Activity context = buildActivity(Activity.class).create().get();
47 |         Intent intent = new Intent(context, LoginActivity.class);
48 | 
49 |         Activity activity = buildActivity(LoginActivity.class, intent).create().get();
50 | 
51 |         assertTrue(activity.isFinishing());
52 |         assertEquals(Activity.RESULT_CANCELED, shadowOf(activity).getResultCode());
53 |     }
54 | 
55 | }
56 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/app/SpotifyAuthHandler.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth.app;
23 | 
24 | import android.app.Activity;
25 | 
26 | import androidx.annotation.Nullable;
27 | 
28 | import com.spotify.sdk.android.auth.AuthorizationHandler;
29 | import com.spotify.sdk.android.auth.AuthorizationRequest;
30 | 
31 | public class SpotifyAuthHandler implements AuthorizationHandler {
32 | 
33 |     private SpotifyNativeAuthUtil mSpotifyNativeAuthUtil;
34 | 
35 |     @Override
36 |     public boolean start(Activity contextActivity, AuthorizationRequest request) {
37 |         mSpotifyNativeAuthUtil = new SpotifyNativeAuthUtil(
38 |                 contextActivity,
39 |                 request,
40 |                 new Sha1HashUtilImpl()
41 |         );
42 |         return mSpotifyNativeAuthUtil.startAuthActivity();
43 |     }
44 | 
45 |     @Override
46 |     public void stop() {
47 |         if (mSpotifyNativeAuthUtil != null) {
48 |             mSpotifyNativeAuthUtil.stopAuthActivity();
49 |         }
50 |     }
51 | 
52 |     @Override
53 |     public void setOnCompleteListener(@Nullable OnCompleteListener listener) {
54 |         // no-op
55 |     }
56 | 
57 |     @Override
58 |     public boolean isAuthInProgress() {
59 |         // not supported, always return false
60 |         return false;
61 |     }
62 | }
63 | 


--------------------------------------------------------------------------------
/auth-sample/build.gradle:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | apply plugin: 'com.android.application'
23 | 
24 | android {
25 |     compileSdk 33
26 |     buildToolsVersion = "33.0.0"
27 | 
28 |     signingConfigs {
29 |         debug {
30 |             storeFile file('keystore/example.keystore')
31 |             storePassword 'example'
32 |             keyAlias 'example_alias'
33 |             keyPassword 'example'
34 |         }
35 |     }
36 | 
37 |     defaultConfig {
38 |         applicationId "com.spotify.sdk.android.authentication.sample"
39 |         minSdkVersion 16
40 |         targetSdkVersion 33
41 |         versionCode 1
42 |         versionName "1.0"
43 | 
44 |         manifestPlaceholders = [
45 |             redirectSchemeName: "spotify-sdk",
46 |             redirectHostName: "auth",
47 |             redirectPathPattern: ".*"
48 |         ]
49 | 
50 |         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
51 |     }
52 |     buildTypes {
53 |         debug {
54 |             debuggable true
55 |             signingConfig signingConfigs.debug
56 |         }
57 |         release {
58 |             minifyEnabled false
59 |             proguardFiles getDefaultProguardFile('proguard-android.txt')
60 |         }
61 |     }
62 | 
63 |     lintOptions {
64 |         lintConfig file("${project.rootDir}/config/lint.xml")
65 |         quiet false
66 |         warningsAsErrors false
67 |         textReport true
68 |         textOutput 'stdout'
69 |         xmlReport false
70 |     }
71 |     namespace 'com.spotify.sdk.android.authentication.sample'
72 | }
73 | 
74 | dependencies {
75 |     implementation files('../auth-lib/build/outputs/aar/auth-release.aar')
76 | //    implementation 'com.spotify.android:auth:2.1.1'
77 | 
78 |     implementation 'androidx.browser:browser:1.4.0'
79 |     implementation 'androidx.appcompat:appcompat:1.1.0'
80 |     implementation 'com.google.android.material:material:1.0.0'
81 |     implementation 'com.squareup.okhttp3:okhttp:4.9.3'
82 | }
83 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/PKCEInformationFactory.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import android.util.Base64;
25 | 
26 | import androidx.annotation.NonNull;
27 | 
28 | import java.security.MessageDigest;
29 | import java.security.NoSuchAlgorithmException;
30 | import java.security.SecureRandom;
31 | 
32 | public class PKCEInformationFactory {
33 | 
34 |     private static final int CODE_VERIFIER_LENGTH = 128;
35 |     private static final String CODE_VERIFIER_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
36 | 
37 |     @NonNull
38 |     public static PKCEInformation create() throws NoSuchAlgorithmException {
39 |         String codeVerifier = generateCodeVerifier();
40 |         String codeChallenge = generateCodeChallenge(codeVerifier);
41 |         return PKCEInformation.sha256(codeVerifier, codeChallenge);
42 |     }
43 | 
44 |     @NonNull
45 |     private static String generateCodeVerifier() {
46 |         SecureRandom secureRandom = new SecureRandom();
47 |         StringBuilder codeVerifier = new StringBuilder();
48 | 
49 |         for (int i = 0; i < CODE_VERIFIER_LENGTH; i++) {
50 |             int randomIndex = secureRandom.nextInt(CODE_VERIFIER_CHARSET.length());
51 |             codeVerifier.append(CODE_VERIFIER_CHARSET.charAt(randomIndex));
52 |         }
53 | 
54 |         return codeVerifier.toString();
55 |     }
56 | 
57 |     @NonNull
58 |     private static String generateCodeChallenge(@NonNull String codeVerifier) throws NoSuchAlgorithmException {
59 |         try {
60 |             MessageDigest digest = MessageDigest.getInstance("SHA-256");
61 |             byte[] hash = digest.digest(codeVerifier.getBytes("US-ASCII"));
62 |             return Base64.encodeToString(hash, Base64.URL_SAFE | Base64.NO_PADDING | Base64.NO_WRAP);
63 |         } catch (final java.io.UnsupportedEncodingException e) {
64 |             // US-ASCII is guaranteed to be supported on all platforms
65 |             throw new RuntimeException("US-ASCII encoding not supported", e);
66 |         }
67 |     }
68 | }
69 | 
70 | 


--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
 1 | @rem
 2 | @rem Copyright 2015 the original author or authors.
 3 | @rem
 4 | @rem Licensed under the Apache License, Version 2.0 (the "License");
 5 | @rem you may not use this file except in compliance with the License.
 6 | @rem You may obtain a copy of the License at
 7 | @rem
 8 | @rem      https://www.apache.org/licenses/LICENSE-2.0
 9 | @rem
10 | @rem Unless required by applicable law or agreed to in writing, software
11 | @rem distributed under the License is distributed on an "AS IS" BASIS,
12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | @rem See the License for the specific language governing permissions and
14 | @rem limitations under the License.
15 | @rem
16 | 
17 | @if "%DEBUG%" == "" @echo off
18 | @rem ##########################################################################
19 | @rem
20 | @rem  Gradle startup script for Windows
21 | @rem
22 | @rem ##########################################################################
23 | 
24 | @rem Set local scope for the variables with windows NT shell
25 | if "%OS%"=="Windows_NT" setlocal
26 | 
27 | set DIRNAME=%~dp0
28 | if "%DIRNAME%" == "" set DIRNAME=.
29 | set APP_BASE_NAME=%~n0
30 | set APP_HOME=%DIRNAME%
31 | 
32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter.
33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
34 | 
35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
37 | 
38 | @rem Find java.exe
39 | if defined JAVA_HOME goto findJavaFromJavaHome
40 | 
41 | set JAVA_EXE=java.exe
42 | %JAVA_EXE% -version >NUL 2>&1
43 | if "%ERRORLEVEL%" == "0" goto execute
44 | 
45 | echo.
46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
47 | echo.
48 | echo Please set the JAVA_HOME variable in your environment to match the
49 | echo location of your Java installation.
50 | 
51 | goto fail
52 | 
53 | :findJavaFromJavaHome
54 | set JAVA_HOME=%JAVA_HOME:"=%
55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
56 | 
57 | if exist "%JAVA_EXE%" goto execute
58 | 
59 | echo.
60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
61 | echo.
62 | echo Please set the JAVA_HOME variable in your environment to match the
63 | echo location of your Java installation.
64 | 
65 | goto fail
66 | 
67 | :execute
68 | @rem Setup the command line
69 | 
70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
71 | 
72 | 
73 | @rem Execute Gradle
74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
75 | 
76 | :end
77 | @rem End local scope for the variables with windows NT shell
78 | if "%ERRORLEVEL%"=="0" goto mainEnd
79 | 
80 | :fail
81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
82 | rem the _cmd.exe /c_ return code!
83 | if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
84 | exit /b 1
85 | 
86 | :mainEnd
87 | if "%OS%"=="Windows_NT" endlocal
88 | 
89 | :omega
90 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/PKCEInformationFactoryTest.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import org.junit.Test;
25 | import org.junit.runner.RunWith;
26 | import org.robolectric.RobolectricTestRunner;
27 | 
28 | import java.security.NoSuchAlgorithmException;
29 | 
30 | import static org.junit.Assert.assertEquals;
31 | import static org.junit.Assert.assertNotNull;
32 | import static org.junit.Assert.assertTrue;
33 | 
34 | @RunWith(RobolectricTestRunner.class)
35 | public class PKCEInformationFactoryTest {
36 | 
37 |     @Test
38 |     public void shouldCreatePKCEInformation() throws NoSuchAlgorithmException {
39 |         PKCEInformation pkceInfo = PKCEInformationFactory.create();
40 | 
41 |         assertNotNull(pkceInfo);
42 |         assertNotNull(pkceInfo.getVerifier());
43 |         assertNotNull(pkceInfo.getChallenge());
44 |         assertEquals("S256", pkceInfo.getCodeChallengeMethod());
45 |     }
46 | 
47 |     @Test
48 |     public void shouldGenerateCodeVerifierWithCorrectLength() throws NoSuchAlgorithmException {
49 |         PKCEInformation pkceInfo = PKCEInformationFactory.create();
50 | 
51 |         assertEquals(128, pkceInfo.getVerifier().length());
52 |     }
53 | 
54 |     @Test
55 |     public void shouldGenerateUniqueCodeVerifiers() throws NoSuchAlgorithmException {
56 |         PKCEInformation pkceInfo1 = PKCEInformationFactory.create();
57 |         PKCEInformation pkceInfo2 = PKCEInformationFactory.create();
58 | 
59 |         assertTrue(!pkceInfo1.getVerifier().equals(pkceInfo2.getVerifier()));
60 |         assertTrue(!pkceInfo1.getChallenge().equals(pkceInfo2.getChallenge()));
61 |     }
62 | 
63 |     @Test
64 |     public void shouldGenerateValidBase64UrlEncodedChallenge() throws NoSuchAlgorithmException {
65 |         PKCEInformation pkceInfo = PKCEInformationFactory.create();
66 | 
67 |         String challenge = pkceInfo.getChallenge();
68 |         assertTrue(challenge.matches("^[A-Za-z0-9_-]+$"));
69 |         assertTrue(!challenge.contains("="));
70 |         assertTrue(!challenge.contains("+"));
71 |         assertTrue(!challenge.contains("/"));
72 |     }
73 | }
74 | 
75 | 


--------------------------------------------------------------------------------
/auth-lib/src/testStore/java/com/spotify/sdk/android/auth/LoginActivityStoreTest.java:
--------------------------------------------------------------------------------
 1 | package com.spotify.sdk.android.auth;/*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | import static org.junit.Assert.assertEquals;
23 | import static org.junit.Assert.assertNotNull;
24 | import static org.junit.Assert.assertTrue;
25 | import static org.robolectric.Robolectric.buildActivity;
26 | import static org.robolectric.Shadows.shadowOf;
27 | 
28 | import android.app.Activity;
29 | import android.content.Intent;
30 | import android.os.Bundle;
31 | 
32 | import org.junit.Test;
33 | import org.junit.runner.RunWith;
34 | import org.robolectric.Robolectric;
35 | import org.robolectric.RobolectricTestRunner;
36 | import org.robolectric.android.controller.ActivityController;
37 | import org.robolectric.shadows.ShadowActivity;
38 | 
39 | @RunWith(RobolectricTestRunner.class)
40 | public class LoginActivityStoreTest {
41 | 
42 |     @Test
43 |     public void shouldFinishLoginActivityWithErrorIfPlayStoreIsNotInstalled() {
44 |         Activity context = Robolectric
45 |                 .buildActivity(Activity.class)
46 |                 .create()
47 |                 .get();
48 | 
49 |         AuthorizationRequest request = new AuthorizationRequest.Builder("test", AuthorizationResponse.Type.TOKEN, "test://test").build();
50 | 
51 |         Bundle bundle = new Bundle();
52 |         bundle.putParcelable(LoginActivity.REQUEST_KEY, request);
53 | 
54 |         Intent intent = new Intent(context, LoginActivity.class);
55 |         intent.putExtra(LoginActivity.EXTRA_AUTH_REQUEST, bundle);
56 | 
57 |         ActivityController<LoginActivity> loginActivityActivityController = buildActivity(LoginActivity.class, intent);
58 | 
59 |         final LoginActivity loginActivity = loginActivityActivityController.get();
60 | 
61 |         final ShadowActivity shadowLoginActivity = shadowOf(loginActivity);
62 |         shadowLoginActivity.setCallingActivity(context.getComponentName());
63 | 
64 |         loginActivityActivityController.create();
65 | 
66 |         assertTrue(loginActivity.isFinishing());
67 |         assertEquals(Activity.RESULT_OK, shadowLoginActivity.getResultCode());
68 |         AuthorizationResponse response = LoginActivity.getResponseFromIntent(shadowLoginActivity.getResultIntent());
69 |         assertNotNull(response);
70 |         assertEquals(AuthorizationResponse.Type.ERROR, response.getType());
71 |     }
72 | 
73 | }
74 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | Change Log
 2 | ==========
 3 | 
 4 | ## Version 3.0.0
 5 | - Add mandatory redirect path pattern.
 6 | 
 7 | You can now define the path pattern in your app's build.gradle file as follows:
 8 | ```gradle
 9 | defaultConfig {
10 |     manifestPlaceholders = [
11 |         redirectSchemeName: "your-redirect-scheme",
12 |         redirectHostName: "your-redirect-host",
13 |         redirectPathPattern: "your/redirect/path/pattern" // New mandatory field
14 |     ]
15 |     ...
16 | }
17 | ```
18 | 
19 | If you want to retain the previous behavior (accepting any path), use .* as the path pattern.
20 | For more details, see the [Google documentation](https://developer.android.com/guide/topics/manifest/data-element#path).
21 | 
22 | ## Version 2.2.0
23 | - Requesting token now uses PKCE when:
24 |     - There is an installed Spotify app that supports PKCE.
25 |     - When web fallback is used.
26 | - Token requests may return a refresh token if PKCE was used.
27 | 
28 | ## Version 2.1.2
29 | * Propagate tracking parameters when opening the native login flow
30 | 
31 | ## Version 2.1.1
32 | * Introduced RedirectUriReceiverActivity for web based auth flow
33 | * Restructured web based flow, removed LoginDialog class
34 | * Made AuthorizationClient final
35 | * Bumped to Gradle 7.5, AGP 7.4.2
36 | * Bumped targetSdkVersion to 33
37 | * Bumped androidx.browser to 1.5.0 and test dependencies
38 | 
39 | ## Version 2.1.0
40 | * Introduce a new flavour store to generate a library called auth-store that default to the play store instead of CustomTabsIntent
41 | * Expose method to check if the Spotify application is installed
42 | 
43 | ## Version 2.0.2
44 | * Fixed StackOverflowError at com.spotify.sdk.android.auth.browser.LoginDialog.onServiceDisconnected
45 | * Fixed NullPointerException when creating CustomTabsIntent in LoginDialog
46 | * Set LoginActivity launch mode to singleTask to avoid launching CustomTabs in a separate task
47 | 
48 | ## Version 2.0.1
49 | * Removed unused code related to WebView
50 | 
51 | ## Version 2.0.0
52 | * Replaced WebView usage with Custom Tabs since Google and Facebook Login no longer support WebViews for authenticating users.
53 | * Removed AuthorizationClient#clearCookies method from the API. Custom Tabs use the cookies from the browser.
54 | * Bumped targetSdkVersion to 31
55 | 
56 | ## Version 1.2.6
57 | * Fixes an issue related to package visibility changes in API 30
58 | 
59 | ## Version 1.2.5
60 | * Updated targetSdkVersion (API 30), buildTools and Gradle plugin
61 | * Removed unused jcenter repository
62 | * Conform to package visibility restrictions when targeting Android 11 (API 30)
63 | 
64 | ## Version 1.2.3
65 | * Fixed a few issues with the webview based redirect
66 | 
67 | ## Version 1.2.2
68 | * Remove custom-tabs handling due to issues
69 | 
70 | ## Version 1.2.1
71 | * Fixes an issue that produced a redirect error when the redirect uri contains CAPS.
72 | 
73 | ## Version 1.2.0
74 | 
75 | * Breaking changes: Rename classes from AuthenticationClassName to AuthorizationClassName
76 | * Pass state parameter in AuthorizationResponse
77 | 
78 | 2019-08-12
79 | 
80 | * Add  method to clear Spotify and Facebook cookies to AuthenticationClient
81 | * Upgrade buildToolsVersion to 27.0.3
82 | * Replace deprecated compile keyword in gradle files
83 | 
84 | ## Version 1.1.0
85 | 
86 | _2018-02-28_
87 | 
88 | * Upgrade target and compile SDKs to 27
89 | * Upgrade android support libraries to 27.0.2
90 | 


--------------------------------------------------------------------------------
/auth-lib/src/store/java/com/spotify/sdk/android/auth/store/PlayStoreHandler.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth.store;
23 | 
24 | import android.app.Activity;
25 | import android.content.ComponentName;
26 | import android.content.Intent;
27 | import android.net.Uri;
28 | import android.util.Log;
29 | 
30 | import androidx.annotation.Nullable;
31 | 
32 | import com.spotify.sdk.android.auth.AuthorizationHandler;
33 | import com.spotify.sdk.android.auth.AuthorizationRequest;
34 | 
35 | /**
36 |  * An AuthorizationHandler that opens the play store to download the main Spotify application
37 |  */
38 | public class PlayStoreHandler implements AuthorizationHandler {
39 | 
40 |     private static final String TAG = PlayStoreHandler.class.getSimpleName();
41 |     private static final String APP_PACKAGE_NAME = "com.spotify.music";
42 | 
43 |     @Nullable
44 |     private OnCompleteListener mListener;
45 | 
46 |     @Override
47 |     public boolean start(Activity contextActivity, AuthorizationRequest request) {
48 |         Log.d(TAG, "start");
49 |         Intent intent = new Intent(Intent.ACTION_VIEW);
50 |         intent.setData(Uri.parse(
51 |             "https://play.google.com/store/apps/details?id=" + APP_PACKAGE_NAME
52 |         ));
53 |         intent.setPackage("com.android.vending");
54 | 
55 |         ComponentName componentName = intent.resolveActivity(contextActivity.getPackageManager());
56 | 
57 |         OnCompleteListener listener = mListener;
58 |         if (componentName == null) {
59 |             if (listener != null) {
60 |                 listener.onError(
61 |                     new ClassNotFoundException("Couldn't find an activity to handle a play store link")
62 |                 );
63 |             }
64 |             return false;
65 |         }
66 | 
67 |         contextActivity.startActivity(intent);
68 | 
69 |         if (listener != null) {
70 |             listener.onCancel();
71 |         }
72 |         return true;
73 |     }
74 | 
75 |     @Override
76 |     public void stop() {
77 |         Log.d(TAG, "stop");
78 |     }
79 | 
80 |     /**
81 |      * {@link OnCompleteListener#onError(Throwable)} will be called if no play store application is installed
82 |      * {@link OnCompleteListener#onCancel()} will be called if the play store is launched
83 |      */
84 |     @Override
85 |     public void setOnCompleteListener(@Nullable OnCompleteListener listener) {
86 |         mListener = listener;
87 |     }
88 | 
89 |     @Override
90 |     public boolean isAuthInProgress() {
91 |         // not supported, always return false
92 |         return false;
93 |     }
94 | }
95 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?><!--
 2 |     Copyright (c) 2015-2016 Spotify AB
 3 | 
 4 |     Licensed to the Apache Software Foundation (ASF) under one
 5 |     or more contributor license agreements.  See the NOTICE file
 6 |     distributed with this work for additional information
 7 |     regarding copyright ownership.  The ASF licenses this file
 8 |     to you under the Apache License, Version 2.0 (the
 9 |     "License"); you may not use this file except in compliance
10 |     with the License.  You may obtain a copy of the License at
11 | 
12 |     http://www.apache.org/licenses/LICENSE-2.0
13 | 
14 |     Unless required by applicable law or agreed to in writing,
15 |     software distributed under the License is distributed on an
16 |     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |     KIND, either express or implied.  See the License for the
18 |     specific language governing permissions and limitations
19 |     under the License.
20 | -->
21 | <androidx.coordinatorlayout.widget.CoordinatorLayout xmlns:android="http://schemas.android.com/apk/res/android"
22 |     xmlns:tools="http://schemas.android.com/tools"
23 |     android:id="@+id/activity_main"
24 |     android:layout_width="match_parent"
25 |     android:layout_height="match_parent"
26 |     tools:context="com.spotify.sdk.android.auth.sample.MainActivity">
27 | 
28 |     <LinearLayout
29 |         android:layout_width="match_parent"
30 |         android:layout_height="match_parent"
31 |         android:orientation="vertical">
32 | 
33 |         <TextView
34 |             android:id="@+id/token_text_view"
35 |             android:layout_width="match_parent"
36 |             android:layout_height="wrap_content"
37 |             android:layout_margin="8dp"
38 |             tools:text="Token: 089d841ccc194c10a77afad9e1c11d54" />
39 | 
40 |         <Button
41 |             android:layout_width="match_parent"
42 |             android:layout_height="wrap_content"
43 |             android:layout_margin="8dp"
44 |             android:onClick="onRequestTokenClicked"
45 |             android:text="@string/btn_req_token" />
46 | 
47 |         <TextView
48 |             android:id="@+id/code_text_view"
49 |             android:layout_width="match_parent"
50 |             android:layout_height="wrap_content"
51 |             android:layout_margin="8dp"
52 |             tools:text="Code: 089d841ccc194c10a77afad9e1c11d54" />
53 | 
54 |         <Button
55 |             android:layout_width="match_parent"
56 |             android:layout_height="wrap_content"
57 |             android:layout_margin="8dp"
58 |             android:onClick="onRequestCodeClicked"
59 |             android:text="@string/btn_req_code" />
60 | 
61 |         <TextView
62 |             android:id="@+id/response_text_view"
63 |             android:layout_width="match_parent"
64 |             android:layout_height="wrap_content"
65 |             android:textSize="11sp"
66 |             tools:text="Line 1\nLine 2\nLine 3" />
67 | 
68 |         <LinearLayout
69 |             android:layout_width="match_parent"
70 |             android:layout_height="wrap_content">
71 | 
72 |             <Button
73 |                 android:id="@+id/btn_get_profile"
74 |                 android:layout_width="0dp"
75 |                 android:layout_height="wrap_content"
76 |                 android:layout_margin="8dp"
77 |                 android:layout_weight="1"
78 |                 android:layout_gravity="center_vertical"
79 |                 android:onClick="onGetUserProfileClicked"
80 |                 android:text="@string/btn_get_profile" />
81 |         </LinearLayout>
82 |     </LinearLayout>
83 | </androidx.coordinatorlayout.widget.CoordinatorLayout>
84 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Spotify Auth Library
 2 | 
 3 | [![Maven Central](https://img.shields.io/maven-central/v/com.spotify.android/auth.svg)](https://search.maven.org/search?q=g:com.spotify.android)
 4 | 
 5 | # Breaking changes in Spotify Auth library version 2.0.0
 6 | 
 7 | In this version we replaced use of WebView with [Custom Tabs](https://developer.chrome.com/docs/android/custom-tabs/) since Google and Facebook Login no longer support WebViews for authenticating users.
 8 | 
 9 | As part of this change the library API does not contain `AuthorizationClient#clearCookies` method anymore. Custom Tabs use the cookies from the browser.
10 | 
11 | # Integrating the library into your project
12 | 
13 | To add this library to your project add following dependency to your app `build.gradle` file:
14 | 
15 | ```gradle
16 | implementation "com.spotify.android:auth:<version>"
17 | ```
18 | 
19 | Since April 2021 we're publishing the library on MavenCentral instead of JCenter. Therefore to be able to get the library dependency, you should add MavenCentral into repositories block:
20 | ```gradle
21 | repositories {
22 |     mavenCentral()
23 |     ...
24 | }
25 | ```
26 | 
27 | Since Spotify Auth library version 2.0.0 you also need to provide the scheme and host of the redirect URI that your app is using for authorizing in your app `build.gradle` file.
28 | Below is an example of how this looks for [the auth sample project](auth-sample) using `spotify-sdk://auth` redirect URI:
29 | 
30 | ```gradle
31 |     defaultConfig {
32 |         manifestPlaceholders = [redirectSchemeName: "spotify-sdk", redirectHostName: "auth"]
33 |         ...
34 |     }
35 | ```
36 | 
37 | Since Spotify Auth library version 3.0.0 you also need to provide the path pattern of your redirect URI
38 | 
39 | ```gradle
40 | defaultConfig {
41 |     manifestPlaceholders = [
42 |         redirectSchemeName: "your-redirect-scheme",
43 |         redirectHostName: "your-redirect-host",
44 |         redirectPathPattern: "your/redirect/path/pattern" // New mandatory field
45 |     ]
46 |     ...
47 | }
48 | ```
49 | 
50 | If you want to retain the previous behavior (accepting any path), use .* as the path pattern.
51 | For more details, see the [Google documentation](https://developer.android.com/guide/topics/manifest/data-element#path).
52 | 
53 | To learn more see the [Authentication Guide](https://developer.spotify.com/technologies/spotify-android-sdk/android-sdk-authentication-guide/)
54 | and the [API reference](https://spotify.github.io/android-auth/auth-lib/docs/index.html).
55 | 
56 | # Flavors
57 | 
58 | Since Spotify Auth library version 2.1.0, two versions of the library are provided that differs in
59 | their behaviour if the Spotify application cannot be used to login:
60 | * `auth` - Opens the web browser to login to Spotify
61 | * `store` - Redirects to the Android Play store to download the Spotify application
62 | 
63 | # Documentation
64 | 
65 | Complete API documentation is available for both library flavors:
66 | * [Auth Flavor Javadoc](https://spotify.github.io/android-auth/auth-lib/docs/index.html) - Opens web browser for login
67 | * [Store Flavor Javadoc](https://spotify.github.io/android-auth/auth-lib/docs-store/index.html) - Play Store fallback variant
68 | 
69 | # Sample Code
70 | 
71 | Checkout [the sample project](auth-sample).
72 | 
73 | # Contributing
74 | 
75 | You are welcome to contribute to this project. Please make sure that:
76 | * New code is test covered
77 | * Features and APIs are well documented
78 | * `./gradlew check` must succeed
79 | 
80 | ## Code of conduct
81 | This project adheres to the [Open Code of Conduct][code-of-conduct]. By participating, you are expected to honor this code.
82 | 
83 | [code-of-conduct]: https://github.com/spotify/code-of-conduct/blob/master/code-of-conduct.md
84 | 
85 | 


--------------------------------------------------------------------------------
/auth-lib/src/testAuth/java/com/spotify/sdk/android/auth/LoginActivityAuthTest.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2015-2016 Spotify AB
 3 |  *
 4 |  * Licensed to the Apache Software Foundation (ASF) under one
 5 |  * or more contributor license agreements.  See the NOTICE file
 6 |  * distributed with this work for additional information
 7 |  * regarding copyright ownership.  The ASF licenses this file
 8 |  * to you under the Apache License, Version 2.0 (the
 9 |  * "License"); you may not use this file except in compliance
10 |  * with the License.  You may obtain a copy of the License at
11 |  *
12 |  * http://www.apache.org/licenses/LICENSE-2.0
13 |  *
14 |  * Unless required by applicable law or agreed to in writing,
15 |  * software distributed under the License is distributed on an
16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 |  * KIND, either express or implied.  See the License for the
18 |  * specific language governing permissions and limitations
19 |  * under the License.
20 |  */
21 | 
22 | package com.spotify.sdk.android.auth;
23 | 
24 | import static org.junit.Assert.assertEquals;
25 | import static org.junit.Assert.assertFalse;
26 | import static org.junit.Assert.assertTrue;
27 | import static org.robolectric.Robolectric.buildActivity;
28 | import static org.robolectric.Shadows.shadowOf;
29 | 
30 | import android.app.Activity;
31 | import android.content.Intent;
32 | import android.os.Bundle;
33 | 
34 | import com.spotify.sdk.android.auth.AuthorizationRequest;
35 | import com.spotify.sdk.android.auth.AuthorizationResponse;
36 | import com.spotify.sdk.android.auth.LoginActivity;
37 | 
38 | import org.junit.Test;
39 | import org.junit.runner.RunWith;
40 | import org.robolectric.Robolectric;
41 | import org.robolectric.RobolectricTestRunner;
42 | import org.robolectric.android.controller.ActivityController;
43 | import org.robolectric.shadows.ShadowActivity;
44 | 
45 | @RunWith(RobolectricTestRunner.class)
46 | public class LoginActivityAuthTest {
47 | 
48 |     @Test
49 |     public void shouldFinishLoginActivityWhenCompleted() {
50 | 
51 |         Activity context = Robolectric
52 |                 .buildActivity(Activity.class)
53 |                 .create()
54 |                 .get();
55 | 
56 |         PKCEInformation pkceInfo = PKCEInformation.sha256("test_verifier", "test_challenge");
57 |         AuthorizationRequest request = new AuthorizationRequest.Builder("test", AuthorizationResponse.Type.TOKEN, "test://test")
58 |                 .setPkceInformation(pkceInfo)
59 |                 .build();
60 |         AuthorizationResponse response = new AuthorizationResponse.Builder()
61 |                 .setType(AuthorizationResponse.Type.TOKEN)
62 |                 .setAccessToken("test_token")
63 |                 .setExpiresIn(3600)
64 |                 .build();
65 | 
66 |         Bundle bundle = new Bundle();
67 |         bundle.putParcelable(LoginActivity.REQUEST_KEY, request);
68 | 
69 |         Intent intent = new Intent(context, LoginActivity.class);
70 |         intent.putExtra(LoginActivity.EXTRA_AUTH_REQUEST, bundle);
71 | 
72 |         ActivityController<LoginActivity> loginActivityActivityController = buildActivity(LoginActivity.class, intent);
73 | 
74 |         final LoginActivity loginActivity = loginActivityActivityController.get();
75 | 
76 |         final ShadowActivity shadowLoginActivity = shadowOf(loginActivity);
77 |         shadowLoginActivity.setCallingActivity(context.getComponentName());
78 | 
79 |         loginActivityActivityController.create();
80 | 
81 |         assertFalse(loginActivity.isFinishing());
82 | 
83 |         loginActivity.onClientComplete(response);
84 | 
85 |         assertTrue(loginActivity.isFinishing());
86 |         assertEquals(Activity.RESULT_OK, shadowLoginActivity.getResultCode());
87 |         assertEquals(response, shadowLoginActivity.getResultIntent().getBundleExtra(LoginActivity.EXTRA_AUTH_RESPONSE).get(LoginActivity.RESPONSE_KEY));
88 |     }
89 | 
90 | }
91 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/PKCEInformation.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import android.os.Parcel;
 25 | import android.os.Parcelable;
 26 | 
 27 | import androidx.annotation.NonNull;
 28 | import androidx.annotation.Nullable;
 29 | 
 30 | import java.util.Objects;
 31 | 
 32 | public class PKCEInformation implements Parcelable {
 33 | 
 34 |     private final String mVerifier;
 35 |     private final String mChallenge;
 36 |     private final String mCodeChallengeMethod;
 37 | 
 38 |     private PKCEInformation(@NonNull String verifier, @NonNull String challenge, @NonNull String challengeMethod) {
 39 |         mVerifier = verifier;
 40 |         mChallenge = challenge;
 41 |         mCodeChallengeMethod = challengeMethod;
 42 |     }
 43 | 
 44 |     @NonNull
 45 |     public static PKCEInformation sha256(@NonNull String verifier, @NonNull String challenge) {
 46 |         return new PKCEInformation(verifier, challenge, "S256");
 47 |     }
 48 | 
 49 |     @NonNull
 50 |     public String getVerifier() {
 51 |         return mVerifier;
 52 |     }
 53 | 
 54 |     @NonNull
 55 |     public String getChallenge() {
 56 |         return mChallenge;
 57 |     }
 58 | 
 59 |     @NonNull
 60 |     public String getCodeChallengeMethod() {
 61 |         return mCodeChallengeMethod;
 62 |     }
 63 | 
 64 |     private PKCEInformation(@NonNull Parcel in) {
 65 |         mVerifier = in.readString();
 66 |         mChallenge = in.readString();
 67 |         mCodeChallengeMethod = in.readString();
 68 |     }
 69 | 
 70 |     @Override
 71 |     public void writeToParcel(@NonNull Parcel dest, int flags) {
 72 |         dest.writeString(mVerifier);
 73 |         dest.writeString(mChallenge);
 74 |         dest.writeString(mCodeChallengeMethod);
 75 |     }
 76 | 
 77 |     @Override
 78 |     public int describeContents() {
 79 |         return 0;
 80 |     }
 81 | 
 82 |     public static final Creator<PKCEInformation> CREATOR = new Creator<PKCEInformation>() {
 83 |         @Override
 84 |         @NonNull
 85 |         public PKCEInformation createFromParcel(@NonNull Parcel in) {
 86 |             return new PKCEInformation(in);
 87 |         }
 88 | 
 89 |         @Override
 90 |         @NonNull
 91 |         public PKCEInformation[] newArray(int size) {
 92 |             return new PKCEInformation[size];
 93 |         }
 94 |     };
 95 | 
 96 |     @Override
 97 |     public boolean equals(@Nullable Object o) {
 98 |         if (this == o) return true;
 99 |         if (o == null || getClass() != o.getClass()) return false;
100 |         PKCEInformation that = (PKCEInformation) o;
101 |         return Objects.equals(mVerifier, that.mVerifier) &&
102 |                 Objects.equals(mChallenge, that.mChallenge) &&
103 |                 Objects.equals(mCodeChallengeMethod, that.mCodeChallengeMethod);
104 |     }
105 | 
106 |     @Override
107 |     public int hashCode() {
108 |         return Objects.hash(mVerifier, mChallenge, mCodeChallengeMethod);
109 |     }
110 | }
111 | 


--------------------------------------------------------------------------------
/.github/workflows/publish-javadoc.yml:
--------------------------------------------------------------------------------
  1 | name: Publish Javadoc
  2 | 
  3 | on:
  4 |   push:
  5 |     branches:
  6 |       - master
  7 |   workflow_dispatch:
  8 | 
  9 | permissions:
 10 |   contents: write
 11 |   pages: write
 12 |   id-token: write
 13 | 
 14 | jobs:
 15 |   publish-javadoc:
 16 |     runs-on: ubuntu-latest
 17 | 
 18 |     steps:
 19 |       - name: Checkout repository
 20 |         uses: actions/checkout@v4
 21 | 
 22 |       - name: Set up JDK 17
 23 |         uses: actions/setup-java@v4
 24 |         with:
 25 |           distribution: 'temurin'
 26 |           java-version: '17'
 27 |           cache: 'gradle'
 28 | 
 29 |       - name: Setup Android SDK
 30 |         uses: android-actions/setup-android@v3
 31 | 
 32 |       - name: Grant execute permission for gradlew
 33 |         run: chmod +x gradlew
 34 | 
 35 |       - name: Generate Auth Javadoc
 36 |         run: ./gradlew auth-lib:authReleaseJavadoc
 37 | 
 38 |       - name: Generate Store Javadoc
 39 |         run: ./gradlew auth-lib:storeReleaseJavadoc
 40 | 
 41 |       - name: Prepare gh-pages directory structure
 42 |         run: |
 43 |           mkdir -p gh-pages-temp/auth-lib/docs
 44 |           mkdir -p gh-pages-temp/auth-lib/docs-store
 45 |           cp -r docs/* gh-pages-temp/auth-lib/docs/ || echo "Auth docs generated"
 46 |           cp -r docs-store/* gh-pages-temp/auth-lib/docs-store/ || echo "Store docs generated"
 47 | 
 48 |       - name: Create index page
 49 |         run: |
 50 |           cat > gh-pages-temp/index.html << 'EOF'
 51 |           <!DOCTYPE html>
 52 |           <html>
 53 |           <head>
 54 |               <title>Spotify Android Auth SDK Documentation</title>
 55 |               <meta charset="UTF-8">
 56 |               <meta name="viewport" content="width=device-width, initial-scale=1.0">
 57 |               <style>
 58 |                   body {
 59 |                       font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
 60 |                       max-width: 800px;
 61 |                       margin: 50px auto;
 62 |                       padding: 20px;
 63 |                       line-height: 1.6;
 64 |                   }
 65 |                   h1 {
 66 |                       color: #1DB954;
 67 |                       border-bottom: 2px solid #1DB954;
 68 |                       padding-bottom: 10px;
 69 |                   }
 70 |                   .flavor {
 71 |                       margin: 20px 0;
 72 |                       padding: 20px;
 73 |                       border: 1px solid #ddd;
 74 |                       border-radius: 8px;
 75 |                       background-color: #f9f9f9;
 76 |                   }
 77 |                   .flavor h2 {
 78 |                       margin-top: 0;
 79 |                       color: #333;
 80 |                   }
 81 |                   .flavor p {
 82 |                       color: #666;
 83 |                       margin: 10px 0;
 84 |                   }
 85 |                   a {
 86 |                       color: #1DB954;
 87 |                       text-decoration: none;
 88 |                       font-weight: 500;
 89 |                   }
 90 |                   a:hover {
 91 |                       text-decoration: underline;
 92 |                   }
 93 |                   .footer {
 94 |                       margin-top: 40px;
 95 |                       padding-top: 20px;
 96 |                       border-top: 1px solid #ddd;
 97 |                       text-align: center;
 98 |                       color: #999;
 99 |                       font-size: 0.9em;
100 |                   }
101 |               </style>
102 |           </head>
103 |           <body>
104 |               <h1>Spotify Android Auth SDK Documentation</h1>
105 | 
106 |               <div class="flavor">
107 |                   <h2>Auth Flavor</h2>
108 |                   <p>Standard authentication flavor - opens web browser for login</p>
109 |                   <a href="auth-lib/docs/index.html">View Auth Javadoc →</a>
110 |               </div>
111 | 
112 |               <div class="flavor">
113 |                   <h2>Store Flavor</h2>
114 |                   <p>Play Store fallback flavor - redirects to Play Store if Spotify app unavailable</p>
115 |                   <a href="auth-lib/docs-store/index.html">View Store Javadoc →</a>
116 |               </div>
117 | 
118 |               <div class="footer">
119 |                   <p>Generated from <a href="https://github.com/spotify/android-auth">spotify/android-auth</a></p>
120 |               </div>
121 |           </body>
122 |           </html>
123 |           EOF
124 | 
125 |       - name: Deploy to GitHub Pages
126 |         uses: peaceiris/actions-gh-pages@v3
127 |         with:
128 |           github_token: ${{ secrets.GITHUB_TOKEN }}
129 |           publish_dir: ./gh-pages-temp
130 |           publish_branch: gh-pages
131 |           user_name: 'github-actions[bot]'
132 |           user_email: 'github-actions[bot]@users.noreply.github.com'
133 |           commit_message: 'Update javadoc from ${{ github.sha }}'
134 | 


--------------------------------------------------------------------------------
/auth-lib/src/auth/java/com/spotify/sdk/android/auth/browser/CustomTabsSupportChecker.java:
--------------------------------------------------------------------------------
  1 | package com.spotify.sdk.android.auth.browser;
  2 | 
  3 | import static androidx.browser.customtabs.CustomTabsService.ACTION_CUSTOM_TABS_CONNECTION;
  4 | 
  5 | import android.content.Context;
  6 | import android.content.Intent;
  7 | import android.content.pm.PackageManager;
  8 | import android.content.pm.ResolveInfo;
  9 | import android.net.Uri;
 10 | import android.text.TextUtils;
 11 | import android.util.Log;
 12 | 
 13 | import com.spotify.sdk.android.auth.AuthorizationRequest;
 14 | 
 15 | import java.util.ArrayList;
 16 | import java.util.List;
 17 | 
 18 | /**
 19 |  * Class that checks if auth can be done in a Custom Tab and returns a package name of the app
 20 |  * that supports Custom Tabs. If auth flow cannot be done using a Custom Tab, it returns
 21 |  * an empty string.
 22 |  */
 23 | public final class CustomTabsSupportChecker {
 24 |     private static final String TAG = CustomTabsSupportChecker.class.getSimpleName();
 25 | 
 26 |     static String getPackageSupportingCustomTabs(Context context, AuthorizationRequest request) {
 27 |         String redirectUri = request.getRedirectUri();
 28 |         final String packageSupportingCustomTabs = getPackageNameSupportingCustomTabs(
 29 |                 context.getPackageManager(), request.toUri()
 30 |         );
 31 |         // CustomTabs seems to have problem with redirecting back the app after auth when URI has http/https scheme
 32 |         if (!redirectUri.startsWith("http") && !redirectUri.startsWith("https") &&
 33 |                 hasBrowserSupportForCustomTabs(packageSupportingCustomTabs) &&
 34 |                 hasRedirectUriActivity(context.getPackageManager(), redirectUri)) {
 35 |             return packageSupportingCustomTabs;
 36 |         } else {
 37 |             return "";
 38 |         }
 39 |     }
 40 | 
 41 |     private static String getPackageNameSupportingCustomTabs(PackageManager pm, Uri uri) {
 42 |         Intent activityIntent = new Intent(Intent.ACTION_VIEW, uri).addCategory(Intent.CATEGORY_BROWSABLE);
 43 |         // Check for default handler
 44 |         ResolveInfo defaultViewHandlerInfo = pm.resolveActivity(activityIntent, 0);
 45 |         String defaultViewHandlerPackageName = null;
 46 |         if (defaultViewHandlerInfo != null) {
 47 |             defaultViewHandlerPackageName = defaultViewHandlerInfo.activityInfo.packageName;
 48 |         }
 49 |         Log.d(TAG, "Found default package name for handling VIEW intents: " + defaultViewHandlerPackageName);
 50 | 
 51 |         // Get all apps that can handle the intent
 52 |         List<ResolveInfo> resolvedActivityList = pm.queryIntentActivities(activityIntent, 0);
 53 |         ArrayList<String> packagesSupportingCustomTabs = new ArrayList<>();
 54 |         for (ResolveInfo info : resolvedActivityList) {
 55 |             Intent serviceIntent = new Intent();
 56 |             serviceIntent.setAction(ACTION_CUSTOM_TABS_CONNECTION);
 57 |             serviceIntent.setPackage(info.activityInfo.packageName);
 58 |             // Check if this package also resolves the Custom Tabs service.
 59 |             if (pm.resolveService(serviceIntent, 0) != null) {
 60 |                 Log.d(TAG, "Adding " + info.activityInfo.packageName + " to supported packages");
 61 |                 packagesSupportingCustomTabs.add(info.activityInfo.packageName);
 62 |             }
 63 |         }
 64 | 
 65 |         String packageNameToUse = null;
 66 |         if (packagesSupportingCustomTabs.size() == 1) {
 67 |             packageNameToUse = packagesSupportingCustomTabs.get(0);
 68 |         } else if (packagesSupportingCustomTabs.size() > 1) {
 69 |             if (!TextUtils.isEmpty(defaultViewHandlerPackageName)
 70 |                     && packagesSupportingCustomTabs.contains(defaultViewHandlerPackageName)) {
 71 |                 packageNameToUse = defaultViewHandlerPackageName;
 72 |             } else {
 73 |                 packageNameToUse = packagesSupportingCustomTabs.get(0);
 74 |             }
 75 |         }
 76 |         return packageNameToUse;
 77 |     }
 78 | 
 79 |     private static boolean hasBrowserSupportForCustomTabs(String packageSupportingCustomTabs) {
 80 |         if (TextUtils.isEmpty(packageSupportingCustomTabs)) {
 81 |             Log.d(TAG, "No package supporting CustomTabs found.");
 82 |             return false;
 83 |         } else {
 84 |             return true;
 85 |         }
 86 |     }
 87 | 
 88 |     private static boolean hasRedirectUriActivity(PackageManager pm, String redirectUri) {
 89 |         if (pm == null) {
 90 |             return false;
 91 |         }
 92 |         Intent intent = new Intent();
 93 |         intent.setAction(Intent.ACTION_VIEW);
 94 |         intent.addCategory(Intent.CATEGORY_DEFAULT);
 95 |         intent.addCategory(Intent.CATEGORY_BROWSABLE);
 96 |         intent.setData(Uri.parse(redirectUri));
 97 |         List<ResolveInfo> infoList = pm.queryIntentActivities(intent, PackageManager.GET_RESOLVED_FILTER);
 98 | 
 99 |         for (ResolveInfo info : infoList) {
100 |             if (RedirectUriReceiverActivity.class.getName().equals(info.activityInfo.name)) {
101 |                 return true;
102 |             }
103 |         }
104 |         return false;
105 |     }
106 | }
107 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/TokenExchangeRequestTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import org.junit.Test;
 25 | import org.junit.runner.RunWith;
 26 | import org.robolectric.RobolectricTestRunner;
 27 | 
 28 | import static org.junit.Assert.assertEquals;
 29 | import static org.junit.Assert.assertNotNull;
 30 | import static org.junit.Assert.assertTrue;
 31 | import static org.junit.Assert.assertFalse;
 32 | 
 33 | @RunWith(RobolectricTestRunner.class)
 34 | public class TokenExchangeRequestTest {
 35 | 
 36 |     private static final String TEST_CLIENT_ID = "test_client_id";
 37 |     private static final String TEST_CODE = "test_authorization_code";
 38 |     private static final String TEST_REDIRECT_URI = "redirect://uri";
 39 |     private static final String TEST_CODE_VERIFIER = "test_code_verifier_1234567890";
 40 | 
 41 |     @Test
 42 |     public void shouldCreateRequestWithValidParameters() {
 43 |         final TokenExchangeRequest request = new TokenExchangeRequest(
 44 |                 TEST_CLIENT_ID,
 45 |                 TEST_CODE,
 46 |                 TEST_REDIRECT_URI,
 47 |                 TEST_CODE_VERIFIER
 48 |         );
 49 | 
 50 |         assertNotNull(request);
 51 |     }
 52 | 
 53 |     @Test
 54 |     public void shouldCreateRequestUsingBuilder() {
 55 |         final TokenExchangeRequest request = new TokenExchangeRequest.Builder()
 56 |                 .setClientId(TEST_CLIENT_ID)
 57 |                 .setCode(TEST_CODE)
 58 |                 .setRedirectUri(TEST_REDIRECT_URI)
 59 |                 .setCodeVerifier(TEST_CODE_VERIFIER)
 60 |                 .build();
 61 | 
 62 |         assertNotNull(request);
 63 |     }
 64 | 
 65 |     @Test(expected = IllegalArgumentException.class)
 66 |     public void shouldThrowWithNullClientId() {
 67 |         new TokenExchangeRequest(null, TEST_CODE, TEST_REDIRECT_URI, TEST_CODE_VERIFIER);
 68 |     }
 69 | 
 70 |     @Test(expected = IllegalArgumentException.class)
 71 |     public void shouldThrowWithEmptyClientId() {
 72 |         new TokenExchangeRequest("", TEST_CODE, TEST_REDIRECT_URI, TEST_CODE_VERIFIER);
 73 |     }
 74 | 
 75 |     @Test(expected = IllegalArgumentException.class)
 76 |     public void shouldThrowWithNullCode() {
 77 |         new TokenExchangeRequest(TEST_CLIENT_ID, null, TEST_REDIRECT_URI, TEST_CODE_VERIFIER);
 78 |     }
 79 | 
 80 |     @Test(expected = IllegalArgumentException.class)
 81 |     public void shouldThrowWithEmptyCode() {
 82 |         new TokenExchangeRequest(TEST_CLIENT_ID, "", TEST_REDIRECT_URI, TEST_CODE_VERIFIER);
 83 |     }
 84 | 
 85 |     @Test(expected = IllegalArgumentException.class)
 86 |     public void shouldThrowWithNullRedirectUri() {
 87 |         new TokenExchangeRequest(TEST_CLIENT_ID, TEST_CODE, null, TEST_CODE_VERIFIER);
 88 |     }
 89 | 
 90 |     @Test(expected = IllegalArgumentException.class)
 91 |     public void shouldThrowWithEmptyRedirectUri() {
 92 |         new TokenExchangeRequest(TEST_CLIENT_ID, TEST_CODE, "", TEST_CODE_VERIFIER);
 93 |     }
 94 | 
 95 |     @Test(expected = IllegalArgumentException.class)
 96 |     public void shouldThrowWithNullCodeVerifier() {
 97 |         new TokenExchangeRequest(TEST_CLIENT_ID, TEST_CODE, TEST_REDIRECT_URI, null);
 98 |     }
 99 | 
100 |     @Test(expected = IllegalArgumentException.class)
101 |     public void shouldThrowWithEmptyCodeVerifier() {
102 |         new TokenExchangeRequest(TEST_CLIENT_ID, TEST_CODE, TEST_REDIRECT_URI, "");
103 |     }
104 | 
105 |     @Test(expected = IllegalArgumentException.class)
106 |     public void shouldThrowWhenBuilderMissingClientId() {
107 |         new TokenExchangeRequest.Builder()
108 |                 .setCode(TEST_CODE)
109 |                 .setRedirectUri(TEST_REDIRECT_URI)
110 |                 .setCodeVerifier(TEST_CODE_VERIFIER)
111 |                 .build();
112 |     }
113 | 
114 |     @Test(expected = IllegalArgumentException.class)
115 |     public void shouldThrowWhenBuilderMissingCode() {
116 |         new TokenExchangeRequest.Builder()
117 |                 .setClientId(TEST_CLIENT_ID)
118 |                 .setRedirectUri(TEST_REDIRECT_URI)
119 |                 .setCodeVerifier(TEST_CODE_VERIFIER)
120 |                 .build();
121 |     }
122 | 
123 |     @Test(expected = IllegalArgumentException.class)
124 |     public void shouldThrowWhenBuilderMissingRedirectUri() {
125 |         new TokenExchangeRequest.Builder()
126 |                 .setClientId(TEST_CLIENT_ID)
127 |                 .setCode(TEST_CODE)
128 |                 .setCodeVerifier(TEST_CODE_VERIFIER)
129 |                 .build();
130 |     }
131 | 
132 |     @Test(expected = IllegalArgumentException.class)
133 |     public void shouldThrowWhenBuilderMissingCodeVerifier() {
134 |         new TokenExchangeRequest.Builder()
135 |                 .setClientId(TEST_CLIENT_ID)
136 |                 .setCode(TEST_CODE)
137 |                 .setRedirectUri(TEST_REDIRECT_URI)
138 |                 .build();
139 |     }
140 | }


--------------------------------------------------------------------------------
/auth-lib/src/auth/java/com/spotify/sdk/android/auth/browser/BrowserAuthHandler.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth.browser;
 23 | 
 24 | import static com.spotify.sdk.android.auth.browser.CustomTabsSupportChecker.getPackageSupportingCustomTabs;
 25 | 
 26 | import android.Manifest;
 27 | import android.app.Activity;
 28 | import android.content.ComponentName;
 29 | import android.content.Context;
 30 | import android.content.Intent;
 31 | import android.content.pm.PackageManager;
 32 | import android.net.Uri;
 33 | import android.text.TextUtils;
 34 | import android.util.Log;
 35 | 
 36 | import androidx.annotation.NonNull;
 37 | import androidx.annotation.Nullable;
 38 | import androidx.browser.customtabs.CustomTabsCallback;
 39 | import androidx.browser.customtabs.CustomTabsClient;
 40 | import androidx.browser.customtabs.CustomTabsIntent;
 41 | import androidx.browser.customtabs.CustomTabsServiceConnection;
 42 | import androidx.browser.customtabs.CustomTabsSession;
 43 | 
 44 | import com.spotify.sdk.android.auth.AuthorizationHandler;
 45 | import com.spotify.sdk.android.auth.AuthorizationRequest;
 46 | 
 47 | /**
 48 |  * An AuthorizationHandler that opens the Spotify web auth page in a Custom Tab or users default web browser.
 49 |  */
 50 | public class BrowserAuthHandler implements AuthorizationHandler {
 51 | 
 52 |     private static final String TAG = BrowserAuthHandler.class.getSimpleName();
 53 | 
 54 |     private CustomTabsSession mTabsSession;
 55 |     private CustomTabsServiceConnection mTabConnection;
 56 |     private boolean mIsAuthInProgress = false;
 57 |     private Context mContext;
 58 |     private Uri mUri;
 59 | 
 60 |     @Override
 61 |     public boolean start(Activity contextActivity, AuthorizationRequest request) {
 62 |         Log.d(TAG, "start");
 63 |         mContext = contextActivity;
 64 |         mUri = request.toUri();
 65 |         String packageSupportingCustomTabs = getPackageSupportingCustomTabs(mContext, request);
 66 |         boolean shouldLaunchCustomTab = !TextUtils.isEmpty(packageSupportingCustomTabs);
 67 | 
 68 |         if (internetPermissionNotGranted(mContext)) {
 69 |             Log.e(TAG, "Missing INTERNET permission");
 70 |         }
 71 | 
 72 |         if (shouldLaunchCustomTab) {
 73 |             Log.d(TAG, "Launching auth in a Custom Tab using package:" + packageSupportingCustomTabs);
 74 |             mTabConnection = new CustomTabsServiceConnection() {
 75 |                 @Override
 76 |                 public void onCustomTabsServiceConnected(@NonNull ComponentName name, @NonNull CustomTabsClient client) {
 77 |                     client.warmup(0L);
 78 |                     mTabsSession = client.newSession(new CustomTabsCallback());
 79 |                     if (mTabsSession != null) {
 80 |                         CustomTabsIntent customTabsIntent = new CustomTabsIntent.Builder().setSession(mTabsSession).build();
 81 |                         customTabsIntent.launchUrl(mContext, request.toUri());
 82 |                         mIsAuthInProgress = true;
 83 |                     } else {
 84 |                         unbindCustomTabsService();
 85 |                         Log.i(TAG, "Auth using CustomTabs aborted, reason: CustomTabsSession is null.");
 86 |                         launchAuthInBrowserFallback();
 87 |                     }
 88 |                 }
 89 | 
 90 |                 @Override
 91 |                 public void onServiceDisconnected(ComponentName name) {
 92 |                     Log.i(TAG, "Auth using CustomTabs aborted, reason: CustomTabsService disconnected.");
 93 |                     mTabsSession = null;
 94 |                     mTabConnection = null;
 95 |                 }
 96 |             };
 97 |             CustomTabsClient.bindCustomTabsService(mContext, packageSupportingCustomTabs, mTabConnection);
 98 |         } else {
 99 |             Log.d(TAG, "Launching auth inside a web browser");
100 |             launchAuthInBrowserFallback();
101 |         }
102 |         return true;
103 |     }
104 | 
105 |     @Override
106 |     public void stop() {
107 |         Log.d(TAG, "stop");
108 |         unbindCustomTabsService();
109 |         mContext = null;
110 |         mIsAuthInProgress = false;
111 |     }
112 | 
113 |     @Override
114 |     public void setOnCompleteListener(@Nullable OnCompleteListener listener) {
115 |         // no-op
116 |     }
117 | 
118 |     @Override
119 |     public boolean isAuthInProgress() {
120 |         return mIsAuthInProgress;
121 |     }
122 | 
123 |     private void launchAuthInBrowserFallback() {
124 |         if (internetPermissionNotGranted(mContext)) {
125 |             Log.e(TAG, "Missing INTERNET permission");
126 |         }
127 |         mContext.startActivity(new Intent(Intent.ACTION_VIEW, mUri));
128 |         mIsAuthInProgress = true;
129 |     }
130 | 
131 |     private boolean internetPermissionNotGranted(Context context) {
132 |         PackageManager pm = context.getPackageManager();
133 |         String packageName = context.getPackageName();
134 |         return pm.checkPermission(Manifest.permission.INTERNET, packageName) != PackageManager.PERMISSION_GRANTED;
135 |     }
136 | 
137 |     /**
138 |      * Unbinds from the Custom Tabs Service.
139 |      */
140 |     public void unbindCustomTabsService() {
141 |         if (mTabConnection == null) return;
142 |         mContext.unbindService(mTabConnection);
143 |         mTabsSession = null;
144 |         mTabConnection = null;
145 |     }
146 | }
147 | 


--------------------------------------------------------------------------------
/auth-sample/src/main/java/com/spotify/sdk/android/auth/sample/MainActivity.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth.sample;
 23 | 
 24 | import android.content.Intent;
 25 | import android.net.Uri;
 26 | import android.os.Bundle;
 27 | import android.view.View;
 28 | import android.widget.TextView;
 29 | 
 30 | import androidx.appcompat.app.AppCompatActivity;
 31 | import androidx.core.content.ContextCompat;
 32 | 
 33 | import com.google.android.material.snackbar.Snackbar;
 34 | import com.spotify.sdk.android.auth.AuthorizationClient;
 35 | import com.spotify.sdk.android.auth.AuthorizationRequest;
 36 | import com.spotify.sdk.android.auth.AuthorizationResponse;
 37 | import com.spotify.sdk.android.auth.BuildConfig;
 38 | import com.spotify.sdk.android.authentication.sample.R;
 39 | 
 40 | import org.json.JSONException;
 41 | import org.json.JSONObject;
 42 | 
 43 | import java.io.IOException;
 44 | import java.util.Locale;
 45 | 
 46 | import okhttp3.Call;
 47 | import okhttp3.Callback;
 48 | import okhttp3.OkHttpClient;
 49 | import okhttp3.Request;
 50 | import okhttp3.Response;
 51 | 
 52 | public class MainActivity extends AppCompatActivity {
 53 | 
 54 |     public static final String CLIENT_ID = "089d841ccc194c10a77afad9e1c11d54";
 55 |     public static final String REDIRECT_URI = "spotify-sdk://auth";
 56 |     public static final int AUTH_TOKEN_REQUEST_CODE = 0x10;
 57 |     public static final int AUTH_CODE_REQUEST_CODE = 0x11;
 58 | 
 59 |     private final OkHttpClient mOkHttpClient = new OkHttpClient();
 60 |     private String mAccessToken;
 61 |     private String mAccessCode;
 62 |     private Call mCall;
 63 | 
 64 |     @Override
 65 |     protected void onCreate(Bundle savedInstanceState) {
 66 |         super.onCreate(savedInstanceState);
 67 |         setContentView(R.layout.activity_main);
 68 |         getSupportActionBar().setTitle(String.format(
 69 |                 Locale.US, "Spotify Auth Sample %s", BuildConfig.LIB_VERSION_NAME));
 70 |     }
 71 | 
 72 |     @Override
 73 |     protected void onDestroy() {
 74 |         cancelCall();
 75 |         super.onDestroy();
 76 |     }
 77 | 
 78 |     public void onGetUserProfileClicked(View view) {
 79 |         if (mAccessToken == null) {
 80 |             final Snackbar snackbar = Snackbar.make(findViewById(R.id.activity_main), R.string.warning_need_token, Snackbar.LENGTH_SHORT);
 81 |             snackbar.getView().setBackgroundColor(ContextCompat.getColor(this, R.color.colorAccent));
 82 |             snackbar.show();
 83 |             return;
 84 |         }
 85 | 
 86 |         final Request request = new Request.Builder()
 87 |                 .url("https://api.spotify.com/v1/me")
 88 |                 .addHeader("Authorization", "Bearer " + mAccessToken)
 89 |                 .build();
 90 | 
 91 |         cancelCall();
 92 |         mCall = mOkHttpClient.newCall(request);
 93 | 
 94 |         mCall.enqueue(new Callback() {
 95 |             @Override
 96 |             public void onFailure(Call call, IOException e) {
 97 |                 setResponse("Failed to fetch data: " + e);
 98 |             }
 99 | 
100 |             @Override
101 |             public void onResponse(Call call, Response response) throws IOException {
102 |                 try {
103 |                     final JSONObject jsonObject = new JSONObject(response.body().string());
104 |                     setResponse(jsonObject.toString(3));
105 |                 } catch (JSONException e) {
106 |                     setResponse("Failed to parse data: " + e);
107 |                 }
108 |             }
109 |         });
110 |     }
111 | 
112 |     public void onRequestCodeClicked(View view) {
113 |         final AuthorizationRequest request = getAuthenticationRequest(AuthorizationResponse.Type.CODE);
114 |         AuthorizationClient.openLoginActivity(this, AUTH_CODE_REQUEST_CODE, request);
115 |     }
116 | 
117 |     public void onRequestTokenClicked(View view) {
118 |         final AuthorizationRequest request = getAuthenticationRequest(AuthorizationResponse.Type.TOKEN);
119 |         AuthorizationClient.openLoginActivity(this, AUTH_TOKEN_REQUEST_CODE, request);
120 |     }
121 | 
122 |     private AuthorizationRequest getAuthenticationRequest(AuthorizationResponse.Type type) {
123 |         return new AuthorizationRequest.Builder(CLIENT_ID, type, getRedirectUri().toString())
124 |                 .setShowDialog(false)
125 |                 .setScopes(new String[]{"user-read-email"})
126 |                 .setCampaign("your-campaign-token")
127 |                 .build();
128 |     }
129 | 
130 |     @Override
131 |     protected void onActivityResult(int requestCode, int resultCode, Intent data) {
132 |         super.onActivityResult(requestCode, resultCode, data);
133 |         final AuthorizationResponse response = AuthorizationClient.getResponse(resultCode, data);
134 | 
135 |         if (AUTH_TOKEN_REQUEST_CODE == requestCode) {
136 |             mAccessToken = response.getAccessToken();
137 |             updateTokenView();
138 |         } else if (AUTH_CODE_REQUEST_CODE == requestCode) {
139 |             mAccessCode = response.getCode();
140 |             updateCodeView();
141 |         }
142 |     }
143 | 
144 |     private void setResponse(final String text) {
145 |         runOnUiThread(new Runnable() {
146 |             @Override
147 |             public void run() {
148 |                 final TextView responseView = findViewById(R.id.response_text_view);
149 |                 responseView.setText(text);
150 |             }
151 |         });
152 |     }
153 | 
154 |     private void updateTokenView() {
155 |         final TextView tokenView = findViewById(R.id.token_text_view);
156 |         tokenView.setText(getString(R.string.token, mAccessToken));
157 |     }
158 | 
159 |     private void updateCodeView() {
160 |         final TextView codeView = findViewById(R.id.code_text_view);
161 |         codeView.setText(getString(R.string.code, mAccessCode));
162 |     }
163 | 
164 |     private void cancelCall() {
165 |         if (mCall != null) {
166 |             mCall.cancel();
167 |         }
168 |     }
169 | 
170 |     private Uri getRedirectUri() {
171 |         return Uri.parse(REDIRECT_URI);
172 |     }
173 | }
174 | 


--------------------------------------------------------------------------------
/config/checkstyle.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <!DOCTYPE module PUBLIC
  3 |     "-//Puppy Crawl//DTD Check Configuration 1.2//EN"
  4 |     "http://www.puppycrawl.com/dtds/configuration_1_2.dtd">
  5 | 
  6 | <module name="Checker">
  7 |     <module name="NewlineAtEndOfFile"/>
  8 |     <module name="FileLength"/>
  9 |     <module name="FileTabCharacter"/>
 10 | 
 11 |     <!-- Trailing spaces -->
 12 |     <module name="RegexpSingleline">
 13 |         <property name="format" value="\s+$"/>
 14 |         <property name="message" value="Line has trailing spaces."/>
 15 |     </module>
 16 | 
 17 |     <!-- Space after 'for' and 'if' -->
 18 |     <module name="RegexpSingleline">
 19 |         <property name="format" value="^\s*(for|if)\b[^ ]"/>
 20 |         <property name="message" value="Space needed before opening parenthesis."/>
 21 |     </module>
 22 | 
 23 |     <!-- For each spacing -->
 24 |     <module name="RegexpSingleline">
 25 |         <property name="format" value="^\s*for \(.*?([^ ]:|:[^ ])"/>
 26 |         <property name="message" value="Space needed around ':' character."/>
 27 |     </module>
 28 | 
 29 |     <!-- Checks for Size Violations.                    -->
 30 |     <!-- See http://checkstyle.sf.net/config_sizes.html -->
 31 |     <module name="LineLength">
 32 |         <property name="max" value="120"/>
 33 |     </module>
 34 | 
 35 |     <module name="TreeWalker">
 36 |         <!-- Checks for Javadoc comments.                     -->
 37 |         <!-- See http://checkstyle.sf.net/config_javadoc.html -->
 38 |         <!--module name="JavadocMethod"/-->
 39 |         <!--module name="JavadocVariable"/-->
 40 |         <module name="JavadocType">
 41 |             <property name="scope" value="package"/>
 42 |             <property name="allowMissingParamTags" value="false"/>
 43 |             <property name="allowUnknownTags" value="true"/>
 44 |             <property name="tokens" value="INTERFACE_DEF, CLASS_DEF"/>
 45 |         </module>
 46 |         <module name="JavadocStyle">
 47 |             <property name="scope" value="private"/>
 48 |             <property name="checkFirstSentence" value="false"/>
 49 |             <property name="endOfSentenceFormat" value="([.?!][ \t\n\r\f&lt;])|([.?!]$)"/>
 50 |             <property name="checkEmptyJavadoc" value="false"/>
 51 |             <property name="checkHtml" value="false"/>
 52 |             <property name="tokens"
 53 |                       value="INTERFACE_DEF, CLASS_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
 54 |         </module>
 55 | 
 56 |         <!-- Checks for Naming Conventions.                  -->
 57 |         <!-- See http://checkstyle.sf.net/config_naming.html -->
 58 |         <!--<module name="ConstantName"/>-->
 59 |         <module name="LocalFinalVariableName"/>
 60 |         <module name="LocalVariableName"/>
 61 |         <module name="MemberName"/>
 62 |         <module name="MethodName"/>
 63 |         <!--<module name="PackageName"/>-->
 64 |         <module name="ParameterName"/>
 65 |         <module name="StaticVariableName"/>
 66 |         <module name="TypeName"/>
 67 | 
 68 | 
 69 |         <!-- Checks for imports                              -->
 70 |         <!-- See http://checkstyle.sf.net/config_import.html -->
 71 |         <module name="AvoidStarImport"/>
 72 |         <module name="IllegalImport"/>
 73 |         <!-- defaults to sun.* packages -->
 74 |         <module name="RedundantImport"/>
 75 |         <module name="UnusedImports">
 76 |             <property name="processJavadoc" value="true"/>
 77 |         </module>
 78 | 
 79 |         <module name="MethodLength">
 80 |             <property name="max" value="200"/>
 81 |         </module>
 82 | 
 83 | 
 84 |         <!-- Checks for whitespace                               -->
 85 |         <!-- See http://checkstyle.sf.net/config_whitespace.html -->
 86 |         <module name="GenericWhitespace"/>
 87 |         <!--<module name="EmptyForIteratorPad"/>-->
 88 |         <module name="MethodParamPad"/>
 89 |         <!--<module name="NoWhitespaceAfter"/>-->
 90 |         <!--<module name="NoWhitespaceBefore"/>-->
 91 |         <module name="OperatorWrap"/>
 92 |         <module name="ParenPad"/>
 93 |         <module name="TypecastParenPad"/>
 94 |         <module name="WhitespaceAfter"/>
 95 |         <module name="WhitespaceAround">
 96 |             <property name="tokens"
 97 |                       value="ASSIGN, BAND, BAND_ASSIGN, BOR, BOR_ASSIGN, BSR, BSR_ASSIGN, BXOR, BXOR_ASSIGN,
 98 |           COLON, DIV, DIV_ASSIGN, DO_WHILE, EQUAL, GE, GT, LAND, LCURLY, LE, LITERAL_CATCH,
 99 |           LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_FOR, LITERAL_IF, LITERAL_RETURN,
100 |           LITERAL_SWITCH, LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE, LOR, LT, MINUS,
101 |           MINUS_ASSIGN, MOD, MOD_ASSIGN, NOT_EQUAL, PLUS, PLUS_ASSIGN, QUESTION, SL, SLIST,
102 |           SL_ASSIGN, SR, SR_ASSIGN, STAR, STAR_ASSIGN, LITERAL_ASSERT, TYPE_EXTENSION_AND"/>
103 |         </module>
104 | 
105 | 
106 |         <!-- Modifier Checks                                    -->
107 |         <!-- See http://checkstyle.sf.net/config_modifiers.html -->
108 |         <module name="ModifierOrder"/>
109 |         <module name="RedundantModifier"/>
110 | 
111 | 
112 |         <!-- Checks for blocks. You know, those {}'s         -->
113 |         <!-- See http://checkstyle.sf.net/config_blocks.html -->
114 |         <module name="AvoidNestedBlocks"/>
115 |         <!--module name="EmptyBlock"/-->
116 |         <module name="LeftCurly"/>
117 |         <!--<module name="NeedBraces"/>-->
118 |         <module name="RightCurly"/>
119 | 
120 | 
121 |         <!-- Checks for common coding problems               -->
122 |         <!-- See http://checkstyle.sf.net/config_coding.html -->
123 |         <!--module name="AvoidInlineConditionals"/-->
124 |         <module name="CovariantEquals"/>
125 |         <module name="EmptyStatement"/>
126 |         <!--<module name="EqualsAvoidNull"/>-->
127 |         <module name="EqualsHashCode"/>
128 |         <!--module name="HiddenField"/-->
129 |         <module name="IllegalInstantiation"/>
130 |         <!--module name="InnerAssignment"/-->
131 |         <!--module name="MagicNumber"/-->
132 |         <!--module name="MissingSwitchDefault"/-->
133 |         <module name="SimplifyBooleanExpression"/>
134 |         <module name="SimplifyBooleanReturn"/>
135 | 
136 |         <!-- Checks for class design                         -->
137 |         <!-- See http://checkstyle.sf.net/config_design.html -->
138 |         <!--module name="DesignForExtension"/-->
139 |         <!--<module name="FinalClass"/>-->
140 |         <module name="HideUtilityClassConstructor"/>
141 |         <module name="InterfaceIsType"/>
142 |         <!--module name="VisibilityModifier"/-->
143 | 
144 | 
145 |         <!-- Miscellaneous other checks.                   -->
146 |         <!-- See http://checkstyle.sf.net/config_misc.html -->
147 |         <module name="ArrayTypeStyle"/>
148 |         <!--module name="FinalParameters"/-->
149 |         <!--module name="TodoComment"/-->
150 |         <module name="UpperEll"/>
151 |     </module>
152 | </module>
153 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/AuthorizationResponseTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import android.net.Uri;
 25 | import android.os.Parcel;
 26 | 
 27 | import org.junit.Test;
 28 | import org.junit.runner.RunWith;
 29 | import org.robolectric.RobolectricTestRunner;
 30 | 
 31 | import static junit.framework.Assert.assertEquals;
 32 | import static junit.framework.Assert.assertNull;
 33 | 
 34 | @RunWith(RobolectricTestRunner.class)
 35 | public class AuthorizationResponseTest {
 36 |     @Test
 37 |     public void shouldCreateFromImplicitGrantFlow() {
 38 |         String responseUrl = "testschema://callback/#access_token=test_access_token&token_type=Bearer&expires_in=3600&state=test_state";
 39 |         Uri responseUri = Uri.parse(responseUrl);
 40 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
 41 | 
 42 |         assertEquals(AuthorizationResponse.Type.TOKEN, response.getType());
 43 |         assertEquals("test_state", response.getState());
 44 |         assertNull(response.getError());
 45 |         assertNull(response.getCode());
 46 |         assertEquals(3600, response.getExpiresIn());
 47 |         assertEquals("test_access_token", response.getAccessToken());
 48 |     }
 49 | 
 50 |     @Test
 51 |     public void shouldCreateFromAuthorizationCodeFlow() {
 52 |         String responseUrl = "testschema://callback/?code=test_authorization_code&state=test_state";
 53 |         Uri responseUri = Uri.parse(responseUrl);
 54 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
 55 | 
 56 |         assertEquals(AuthorizationResponse.Type.CODE, response.getType());
 57 |         assertEquals("test_state", response.getState());
 58 |         assertNull(response.getError());
 59 |         assertEquals("test_authorization_code", response.getCode());
 60 |         assertEquals(0, response.getExpiresIn());
 61 |         assertNull(response.getAccessToken());
 62 |     }
 63 | 
 64 |     @Test
 65 |     public void shouldCreateFromImplicitGrantFlowWithSpecialChars() {
 66 |         String testState = "! * ' ( ) ; : @ & = + $ , / ? % # [ ]";
 67 |         String responseUrl = "testschema://callback/#access_token=test_access_token&token_type=Bearer&expires_in=3600&state=" + Uri.encode(testState);
 68 | 
 69 |         Uri responseUri = Uri.parse(responseUrl);
 70 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
 71 | 
 72 |         assertEquals(testState, response.getState());
 73 |     }
 74 | 
 75 |     @Test
 76 |     public void shouldCreateFromAuthorizationCodeFlowWithSpecialChars() {
 77 |         String testState = "! * ' ( ) ; : @ & = + $ , / ? % # [ ]";
 78 |         String responseUrl = "testschema://callback/?code=test_authorization_code&state=" + Uri.encode(testState);
 79 | 
 80 |         Uri responseUri = Uri.parse(responseUrl);
 81 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
 82 | 
 83 |         assertEquals(testState, response.getState());
 84 |     }
 85 | 
 86 | 
 87 |     @Test
 88 |     public void shouldCreateFromErrorUrl() {
 89 |         Uri responseUri = Uri.parse("testschema://callback/?error=access_denied");
 90 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
 91 | 
 92 |         assertEquals(AuthorizationResponse.Type.ERROR, response.getType());
 93 |         assertNull(response.getState());
 94 |         assertEquals("access_denied", response.getError());
 95 |         assertNull(response.getCode());
 96 |         assertEquals(0, response.getExpiresIn());
 97 |         assertNull(response.getAccessToken());
 98 |     }
 99 | 
100 |     @Test
101 |     public void shouldCreateFromNullUrl() {
102 |         AuthorizationResponse response = AuthorizationResponse.fromUri(null);
103 | 
104 |         assertEquals(AuthorizationResponse.Type.EMPTY, response.getType());
105 |         assertNull(response.getState());
106 |         assertNull(response.getError());
107 |         assertNull(response.getCode());
108 |         assertEquals(0, response.getExpiresIn());
109 |         assertNull(response.getAccessToken());
110 |     }
111 | 
112 |     @Test
113 |     public void shouldCreateFromMalformedUrl() {
114 |         String responseUrl = "testschema://callback/#access_token=test_access_token&token_type=Bearer&expires_in=glenn&state=test_state";
115 |         Uri responseUri = Uri.parse(responseUrl);
116 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
117 | 
118 |         assertEquals(AuthorizationResponse.Type.TOKEN, response.getType());
119 |         assertEquals("test_state", response.getState());
120 |         assertNull(response.getError());
121 |         assertNull(response.getCode());
122 |         assertEquals(0, response.getExpiresIn());
123 |         assertEquals("test_access_token", response.getAccessToken());
124 |     }
125 | 
126 |     @Test
127 |     public void shouldCreateFromIncompleteUrl() {
128 |         String responseUrl = "testschema://callback/";
129 |         Uri responseUri = Uri.parse(responseUrl);
130 |         AuthorizationResponse response = AuthorizationResponse.fromUri(responseUri);
131 | 
132 |         assertEquals(AuthorizationResponse.Type.UNKNOWN, response.getType());
133 |         assertNull(response.getState());
134 |         assertNull(response.getError());
135 |         assertNull(response.getCode());
136 |         assertEquals(0, response.getExpiresIn());
137 |         assertNull(response.getAccessToken());
138 |     }
139 | 
140 |     @Test
141 |     public void shouldMarshallCorrectly() {
142 |         AuthorizationResponse response = new AuthorizationResponse.Builder()
143 |                 .setState("testState")
144 |                 .setType(AuthorizationResponse.Type.TOKEN)
145 |                 .setCode("testCode")
146 |                 .setAccessToken("testToken")
147 |                 .setError("testError")
148 |                 .setExpiresIn(3600)
149 |                 .build();
150 | 
151 |         Parcel parcel = Parcel.obtain();
152 |         response.writeToParcel(parcel, 0);
153 |         parcel.setDataPosition(0);
154 | 
155 |         AuthorizationResponse responseFromParcel = AuthorizationResponse.CREATOR.createFromParcel(parcel);
156 | 
157 |         assertEquals(response.getAccessToken(), responseFromParcel.getAccessToken());
158 |         assertEquals(response.getState(), responseFromParcel.getState());
159 |         assertEquals(response.getCode(), responseFromParcel.getCode());
160 |         assertEquals(response.getError(), responseFromParcel.getError());
161 |         assertEquals(response.getExpiresIn(), responseFromParcel.getExpiresIn());
162 |         assertEquals(response.getType(), responseFromParcel.getType());
163 |     }
164 | }
165 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/TokenExchangeResponse.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import androidx.annotation.NonNull;
 25 | import androidx.annotation.Nullable;
 26 | 
 27 | import org.json.JSONException;
 28 | import org.json.JSONObject;
 29 | 
 30 | /**
 31 |  * Response from a token exchange request.
 32 |  * Contains either the access token information or error details.
 33 |  */
 34 | public class TokenExchangeResponse {
 35 | 
 36 |     private final boolean mIsSuccess;
 37 |     private final String mAccessToken;
 38 |     private final String mTokenType;
 39 |     private final int mExpiresIn;
 40 |     private final String mScope;
 41 |     private final String mRefreshToken;
 42 |     private final String mError;
 43 |     private final String mErrorDescription;
 44 | 
 45 |     private TokenExchangeResponse(final boolean isSuccess,
 46 |                                  @Nullable final String accessToken,
 47 |                                  @Nullable final String tokenType,
 48 |                                  final int expiresIn,
 49 |                                  @Nullable final String scope,
 50 |                                  @Nullable final String refreshToken,
 51 |                                  @Nullable final String error,
 52 |                                  @Nullable final String errorDescription) {
 53 |         mIsSuccess = isSuccess;
 54 |         mAccessToken = accessToken;
 55 |         mTokenType = tokenType;
 56 |         mExpiresIn = expiresIn;
 57 |         mScope = scope;
 58 |         mRefreshToken = refreshToken;
 59 |         mError = error;
 60 |         mErrorDescription = errorDescription;
 61 |     }
 62 | 
 63 |     /**
 64 |      * @return true if the token exchange was successful, false otherwise
 65 |      */
 66 |     public boolean isSuccess() {
 67 |         return mIsSuccess;
 68 |     }
 69 | 
 70 |     /**
 71 |      * @return the access token if successful, null otherwise
 72 |      */
 73 |     @Nullable
 74 |     public String getAccessToken() {
 75 |         return mAccessToken;
 76 |     }
 77 | 
 78 |     /**
 79 |      * @return the token type (usually "Bearer") if successful, null otherwise
 80 |      */
 81 |     @Nullable
 82 |     public String getTokenType() {
 83 |         return mTokenType;
 84 |     }
 85 | 
 86 |     /**
 87 |      * @return the number of seconds the access token is valid for, 0 if not provided or on error
 88 |      */
 89 |     public int getExpiresIn() {
 90 |         return mExpiresIn;
 91 |     }
 92 | 
 93 |     /**
 94 |      * @return the scope of the access token if provided, null otherwise
 95 |      */
 96 |     @Nullable
 97 |     public String getScope() {
 98 |         return mScope;
 99 |     }
100 | 
101 |     /**
102 |      * @return the refresh token if provided, null otherwise
103 |      */
104 |     @Nullable
105 |     public String getRefreshToken() {
106 |         return mRefreshToken;
107 |     }
108 | 
109 |     /**
110 |      * @return the error code if the request failed, null if successful
111 |      */
112 |     @Nullable
113 |     public String getError() {
114 |         return mError;
115 |     }
116 | 
117 |     /**
118 |      * @return the error description if the request failed, null if successful
119 |      */
120 |     @Nullable
121 |     public String getErrorDescription() {
122 |         return mErrorDescription;
123 |     }
124 | 
125 |     /**
126 |      * Creates a TokenExchangeResponse from an HTTP response.
127 |      *
128 |      * @param responseCode The HTTP response code
129 |      * @param responseBody The response body as JSON string
130 |      * @return A TokenExchangeResponse instance
131 |      */
132 |     @NonNull
133 |     static TokenExchangeResponse fromHttpResponse(final int responseCode, @Nullable final String responseBody) {
134 |         if (responseBody == null || responseBody.trim().isEmpty()) {
135 |             return fromError("invalid_response", "Empty response body");
136 |         }
137 | 
138 |         try {
139 |             final JSONObject json = new JSONObject(responseBody);
140 | 
141 |             if (responseCode == 200) {
142 |                 // Success response
143 |                 final String accessToken = json.optString("access_token", null);
144 |                 final String tokenType = json.optString("token_type", null);
145 |                 final int expiresIn = json.optInt("expires_in", 0);
146 |                 final String scope = json.optString("scope", null);
147 |                 final String refreshToken = json.optString("refresh_token", null);
148 | 
149 |                 if (accessToken == null || accessToken.isEmpty()) {
150 |                     return fromError("invalid_response", "Missing access_token in response");
151 |                 }
152 | 
153 |                 return fromSuccess(accessToken, tokenType, expiresIn, scope, refreshToken);
154 |             } else {
155 |                 // Error response
156 |                 final String error = json.optString("error", "unknown_error");
157 |                 final String errorDescription = json.optString("error_description", null);
158 |                 return fromError(error, errorDescription);
159 |             }
160 |         } catch (final JSONException e) {
161 |             return fromError("invalid_response", "Invalid JSON response: " + e.getMessage());
162 |         }
163 |     }
164 | 
165 |     /**
166 |      * Creates a successful TokenExchangeResponse.
167 |      *
168 |      * @param accessToken The access token
169 |      * @param tokenType The token type
170 |      * @param expiresIn The expiration time in seconds
171 |      * @param scope The token scope
172 |      * @param refreshToken The refresh token (optional)
173 |      * @return A successful TokenExchangeResponse
174 |      */
175 |     @NonNull
176 |     static TokenExchangeResponse fromSuccess(@NonNull final String accessToken,
177 |                                            @Nullable final String tokenType,
178 |                                            final int expiresIn,
179 |                                            @Nullable final String scope,
180 |                                            @Nullable final String refreshToken) {
181 |         return new TokenExchangeResponse(true, accessToken, tokenType, expiresIn, scope, refreshToken, null, null);
182 |     }
183 | 
184 |     /**
185 |      * Creates an error TokenExchangeResponse.
186 |      *
187 |      * @param error The error code
188 |      * @param errorDescription The error description (optional)
189 |      * @return An error TokenExchangeResponse
190 |      */
191 |     @NonNull
192 |     static TokenExchangeResponse fromError(@NonNull final String error, @Nullable final String errorDescription) {
193 |         return new TokenExchangeResponse(false, null, null, 0, null, null, error, errorDescription);
194 |     }
195 | }
196 | 
197 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/TokenExchangeResponseTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import org.junit.Test;
 25 | import org.junit.runner.RunWith;
 26 | import org.robolectric.RobolectricTestRunner;
 27 | 
 28 | import static org.junit.Assert.assertEquals;
 29 | import static org.junit.Assert.assertNotNull;
 30 | import static org.junit.Assert.assertNull;
 31 | import static org.junit.Assert.assertTrue;
 32 | import static org.junit.Assert.assertFalse;
 33 | 
 34 | @RunWith(RobolectricTestRunner.class)
 35 | public class TokenExchangeResponseTest {
 36 | 
 37 |     @Test
 38 |     public void shouldParseSuccessfulResponse() {
 39 |         final String responseBody = "{\"access_token\":\"test_access_token\"," +
 40 |                 "\"token_type\":\"Bearer\"," +
 41 |                 "\"expires_in\":3600," +
 42 |                 "\"scope\":\"user-read-private playlist-read\"," +
 43 |                 "\"refresh_token\":\"test_refresh_token\"}";
 44 | 
 45 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, responseBody);
 46 | 
 47 |         assertTrue(response.isSuccess());
 48 |         assertEquals("test_access_token", response.getAccessToken());
 49 |         assertEquals("Bearer", response.getTokenType());
 50 |         assertEquals(3600, response.getExpiresIn());
 51 |         assertEquals("user-read-private playlist-read", response.getScope());
 52 |         assertEquals("test_refresh_token", response.getRefreshToken());
 53 |         assertNull(response.getError());
 54 |         assertNull(response.getErrorDescription());
 55 |     }
 56 | 
 57 |     @Test
 58 |     public void shouldParseSuccessfulResponseWithMinimalFields() {
 59 |         final String responseBody = "{\"access_token\":\"test_access_token\"}";
 60 | 
 61 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, responseBody);
 62 | 
 63 |         assertTrue(response.isSuccess());
 64 |         assertEquals("test_access_token", response.getAccessToken());
 65 |         assertNull(response.getTokenType());
 66 |         assertEquals(0, response.getExpiresIn());
 67 |         assertNull(response.getScope());
 68 |         assertNull(response.getRefreshToken());
 69 |         assertNull(response.getError());
 70 |         assertNull(response.getErrorDescription());
 71 |     }
 72 | 
 73 |     @Test
 74 |     public void shouldParseErrorResponse() {
 75 |         final String responseBody = "{\"error\":\"invalid_grant\"," +
 76 |                 "\"error_description\":\"The provided authorization grant is invalid\"}";
 77 | 
 78 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(400, responseBody);
 79 | 
 80 |         assertFalse(response.isSuccess());
 81 |         assertNull(response.getAccessToken());
 82 |         assertNull(response.getTokenType());
 83 |         assertEquals(0, response.getExpiresIn());
 84 |         assertNull(response.getScope());
 85 |         assertNull(response.getRefreshToken());
 86 |         assertEquals("invalid_grant", response.getError());
 87 |         assertEquals("The provided authorization grant is invalid", response.getErrorDescription());
 88 |     }
 89 | 
 90 |     @Test
 91 |     public void shouldParseErrorResponseWithMinimalFields() {
 92 |         final String responseBody = "{\"error\":\"invalid_request\"}";
 93 | 
 94 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(400, responseBody);
 95 | 
 96 |         assertFalse(response.isSuccess());
 97 |         assertNull(response.getAccessToken());
 98 |         assertEquals("invalid_request", response.getError());
 99 |         assertNull(response.getErrorDescription());
100 |     }
101 | 
102 |     @Test
103 |     public void shouldHandleEmptyResponseBody() {
104 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, "");
105 | 
106 |         assertFalse(response.isSuccess());
107 |         assertEquals("invalid_response", response.getError());
108 |         assertEquals("Empty response body", response.getErrorDescription());
109 |     }
110 | 
111 |     @Test
112 |     public void shouldHandleNullResponseBody() {
113 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, null);
114 | 
115 |         assertFalse(response.isSuccess());
116 |         assertEquals("invalid_response", response.getError());
117 |         assertEquals("Empty response body", response.getErrorDescription());
118 |     }
119 | 
120 |     @Test
121 |     public void shouldHandleInvalidJson() {
122 |         final String responseBody = "invalid json response";
123 | 
124 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, responseBody);
125 | 
126 |         assertFalse(response.isSuccess());
127 |         assertEquals("invalid_response", response.getError());
128 |         assertTrue(response.getErrorDescription().startsWith("Invalid JSON response:"));
129 |     }
130 | 
131 |     @Test
132 |     public void shouldHandleMissingAccessTokenInSuccessResponse() {
133 |         final String responseBody = "{\"token_type\":\"Bearer\",\"expires_in\":3600}";
134 | 
135 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, responseBody);
136 | 
137 |         assertFalse(response.isSuccess());
138 |         assertEquals("invalid_response", response.getError());
139 |         assertEquals("Missing access_token in response", response.getErrorDescription());
140 |     }
141 | 
142 |     @Test
143 |     public void shouldHandleEmptyAccessTokenInSuccessResponse() {
144 |         final String responseBody = "{\"access_token\":\"\",\"token_type\":\"Bearer\"}";
145 | 
146 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(200, responseBody);
147 | 
148 |         assertFalse(response.isSuccess());
149 |         assertEquals("invalid_response", response.getError());
150 |         assertEquals("Missing access_token in response", response.getErrorDescription());
151 |     }
152 | 
153 |     @Test
154 |     public void shouldHandleErrorResponseWithoutErrorField() {
155 |         final String responseBody = "{\"some_other_field\":\"value\"}";
156 | 
157 |         final TokenExchangeResponse response = TokenExchangeResponse.fromHttpResponse(400, responseBody);
158 | 
159 |         assertFalse(response.isSuccess());
160 |         assertEquals("unknown_error", response.getError());
161 |         assertNull(response.getErrorDescription());
162 |     }
163 | 
164 |     @Test
165 |     public void shouldCreateSuccessResponseUsingFactoryMethod() {
166 |         final TokenExchangeResponse response = TokenExchangeResponse.fromSuccess(
167 |                 "test_token", "Bearer", 3600, "user-read-private", "refresh_token");
168 | 
169 |         assertTrue(response.isSuccess());
170 |         assertEquals("test_token", response.getAccessToken());
171 |         assertEquals("Bearer", response.getTokenType());
172 |         assertEquals(3600, response.getExpiresIn());
173 |         assertEquals("user-read-private", response.getScope());
174 |         assertEquals("refresh_token", response.getRefreshToken());
175 |         assertNull(response.getError());
176 |         assertNull(response.getErrorDescription());
177 |     }
178 | 
179 |     @Test
180 |     public void shouldCreateErrorResponseUsingFactoryMethod() {
181 |         final TokenExchangeResponse response = TokenExchangeResponse.fromError(
182 |                 "invalid_grant", "Grant is invalid");
183 | 
184 |         assertFalse(response.isSuccess());
185 |         assertNull(response.getAccessToken());
186 |         assertEquals("invalid_grant", response.getError());
187 |         assertEquals("Grant is invalid", response.getErrorDescription());
188 |     }
189 | }
190 | 
191 | 


--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | 
  3 | #
  4 | # Copyright © 2015-2021 the original authors.
  5 | #
  6 | # Licensed under the Apache License, Version 2.0 (the "License");
  7 | # you may not use this file except in compliance with the License.
  8 | # You may obtain a copy of the License at
  9 | #
 10 | #      https://www.apache.org/licenses/LICENSE-2.0
 11 | #
 12 | # Unless required by applicable law or agreed to in writing, software
 13 | # distributed under the License is distributed on an "AS IS" BASIS,
 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 | # See the License for the specific language governing permissions and
 16 | # limitations under the License.
 17 | #
 18 | 
 19 | ##############################################################################
 20 | #
 21 | #   Gradle start up script for POSIX generated by Gradle.
 22 | #
 23 | #   Important for running:
 24 | #
 25 | #   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
 26 | #       noncompliant, but you have some other compliant shell such as ksh or
 27 | #       bash, then to run this script, type that shell name before the whole
 28 | #       command line, like:
 29 | #
 30 | #           ksh Gradle
 31 | #
 32 | #       Busybox and similar reduced shells will NOT work, because this script
 33 | #       requires all of these POSIX shell features:
 34 | #         * functions;
 35 | #         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
 36 | #           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
 37 | #         * compound commands having a testable exit status, especially «case»;
 38 | #         * various built-in commands including «command», «set», and «ulimit».
 39 | #
 40 | #   Important for patching:
 41 | #
 42 | #   (2) This script targets any POSIX shell, so it avoids extensions provided
 43 | #       by Bash, Ksh, etc; in particular arrays are avoided.
 44 | #
 45 | #       The "traditional" practice of packing multiple parameters into a
 46 | #       space-separated string is a well documented source of bugs and security
 47 | #       problems, so this is (mostly) avoided, by progressively accumulating
 48 | #       options in "$@", and eventually passing that to Java.
 49 | #
 50 | #       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
 51 | #       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
 52 | #       see the in-line comments for details.
 53 | #
 54 | #       There are tweaks for specific operating systems such as AIX, CygWin,
 55 | #       Darwin, MinGW, and NonStop.
 56 | #
 57 | #   (3) This script is generated from the Groovy template
 58 | #       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 59 | #       within the Gradle project.
 60 | #
 61 | #       You can find Gradle at https://github.com/gradle/gradle/.
 62 | #
 63 | ##############################################################################
 64 | 
 65 | # Attempt to set APP_HOME
 66 | 
 67 | # Resolve links: $0 may be a link
 68 | app_path=$0
 69 | 
 70 | # Need this for daisy-chained symlinks.
 71 | while
 72 |     APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
 73 |     [ -h "$app_path" ]
 74 | do
 75 |     ls=$( ls -ld "$app_path" )
 76 |     link=${ls#*' -> '}
 77 |     case $link in             #(
 78 |       /*)   app_path=$link ;; #(
 79 |       *)    app_path=$APP_HOME$link ;;
 80 |     esac
 81 | done
 82 | 
 83 | APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
 84 | 
 85 | APP_NAME="Gradle"
 86 | APP_BASE_NAME=${0##*/}
 87 | 
 88 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 89 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 90 | 
 91 | # Use the maximum available, or set MAX_FD != -1 to use that value.
 92 | MAX_FD=maximum
 93 | 
 94 | warn () {
 95 |     echo "$*"
 96 | } >&2
 97 | 
 98 | die () {
 99 |     echo
100 |     echo "$*"
101 |     echo
102 |     exit 1
103 | } >&2
104 | 
105 | # OS specific support (must be 'true' or 'false').
106 | cygwin=false
107 | msys=false
108 | darwin=false
109 | nonstop=false
110 | case "$( uname )" in                #(
111 |   CYGWIN* )         cygwin=true  ;; #(
112 |   Darwin* )         darwin=true  ;; #(
113 |   MSYS* | MINGW* )  msys=true    ;; #(
114 |   NONSTOP* )        nonstop=true ;;
115 | esac
116 | 
117 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
118 | 
119 | 
120 | # Determine the Java command to use to start the JVM.
121 | if [ -n "$JAVA_HOME" ] ; then
122 |     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
123 |         # IBM's JDK on AIX uses strange locations for the executables
124 |         JAVACMD=$JAVA_HOME/jre/sh/java
125 |     else
126 |         JAVACMD=$JAVA_HOME/bin/java
127 |     fi
128 |     if [ ! -x "$JAVACMD" ] ; then
129 |         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
130 | 
131 | Please set the JAVA_HOME variable in your environment to match the
132 | location of your Java installation."
133 |     fi
134 | else
135 |     JAVACMD=java
136 |     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
137 | 
138 | Please set the JAVA_HOME variable in your environment to match the
139 | location of your Java installation."
140 | fi
141 | 
142 | # Increase the maximum file descriptors if we can.
143 | if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
144 |     case $MAX_FD in #(
145 |       max*)
146 |         MAX_FD=$( ulimit -H -n ) ||
147 |             warn "Could not query maximum file descriptor limit"
148 |     esac
149 |     case $MAX_FD in  #(
150 |       '' | soft) :;; #(
151 |       *)
152 |         ulimit -n "$MAX_FD" ||
153 |             warn "Could not set maximum file descriptor limit to $MAX_FD"
154 |     esac
155 | fi
156 | 
157 | # Collect all arguments for the java command, stacking in reverse order:
158 | #   * args from the command line
159 | #   * the main class name
160 | #   * -classpath
161 | #   * -D...appname settings
162 | #   * --module-path (only if needed)
163 | #   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
164 | 
165 | # For Cygwin or MSYS, switch paths to Windows format before running java
166 | if "$cygwin" || "$msys" ; then
167 |     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
168 |     CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
169 | 
170 |     JAVACMD=$( cygpath --unix "$JAVACMD" )
171 | 
172 |     # Now convert the arguments - kludge to limit ourselves to /bin/sh
173 |     for arg do
174 |         if
175 |             case $arg in                                #(
176 |               -*)   false ;;                            # don't mess with options #(
177 |               /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
178 |                     [ -e "$t" ] ;;                      #(
179 |               *)    false ;;
180 |             esac
181 |         then
182 |             arg=$( cygpath --path --ignore --mixed "$arg" )
183 |         fi
184 |         # Roll the args list around exactly as many times as the number of
185 |         # args, so each arg winds up back in the position where it started, but
186 |         # possibly modified.
187 |         #
188 |         # NB: a `for` loop captures its iteration list before it begins, so
189 |         # changing the positional parameters here affects neither the number of
190 |         # iterations, nor the values presented in `arg`.
191 |         shift                   # remove old arg
192 |         set -- "$@" "$arg"      # push replacement arg
193 |     done
194 | fi
195 | 
196 | # Collect all arguments for the java command;
197 | #   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
198 | #     shell script including quotes and variable substitutions, so put them in
199 | #     double quotes to make sure that they get re-expanded; and
200 | #   * put everything else in single quotes, so that it's not re-expanded.
201 | 
202 | set -- \
203 |         "-Dorg.gradle.appname=$APP_BASE_NAME" \
204 |         -classpath "$CLASSPATH" \
205 |         org.gradle.wrapper.GradleWrapperMain \
206 |         "$@"
207 | 
208 | # Use "xargs" to parse quoted args.
209 | #
210 | # With -n1 it outputs one arg per line, with the quotes and backslashes removed.
211 | #
212 | # In Bash we could simply go:
213 | #
214 | #   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
215 | #   set -- "${ARGS[@]}" "$@"
216 | #
217 | # but POSIX shell has neither arrays nor command substitution, so instead we
218 | # post-process each arg (as a line of input to sed) to backslash-escape any
219 | # character that might be a shell metacharacter, then use eval to reverse
220 | # that process (while maintaining the separation between arguments), and wrap
221 | # the whole thing up as a single "set" statement.
222 | #
223 | # This will of course break if any of these variables contains a newline or
224 | # an unmatched quote.
225 | #
226 | 
227 | eval "set -- $(
228 |         printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
229 |         xargs -n1 |
230 |         sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
231 |         tr '\n' ' '
232 |     )" '"$@"'
233 | 
234 | exec "$JAVACMD" "$@"
235 | 


--------------------------------------------------------------------------------
/auth-lib/build.gradle:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | apply plugin: 'com.android.library'
 23 | 
 24 | project.group = 'com.spotify.android'
 25 | project.archivesBaseName = 'auth'
 26 | project.version = '3.0.0'
 27 | 
 28 | android {
 29 |     compileSdk 33
 30 |     buildToolsVersion = '33.0.0'
 31 | 
 32 |     buildFeatures {
 33 |         buildConfig = true
 34 |     }
 35 | 
 36 |     defaultConfig {
 37 |         minSdkVersion 16
 38 |         targetSdkVersion 33
 39 |         buildConfigField 'String', 'LIB_VERSION_NAME', "\"$project.version\""
 40 |     }
 41 | 
 42 |     buildTypes {
 43 |         release {
 44 |             minifyEnabled false
 45 |             proguardFiles getDefaultProguardFile('proguard-android.txt')
 46 |         }
 47 |     }
 48 | 
 49 |     flavorDimensions.add("auth")
 50 |     productFlavors {
 51 |         store {
 52 |             dimension "auth"
 53 |             versionNameSuffix "-store"
 54 |         }
 55 |         auth {
 56 |             getIsDefault().set(true)
 57 |             dimension "auth"
 58 |         }
 59 |     }
 60 | 
 61 |     libraryVariants.configureEach { libraryVariant ->
 62 |         libraryVariant.outputs.all { output ->
 63 |             // Rename auth-auth-[buildtype].aar to auth-[buildtype].aar
 64 |             if (libraryVariant.name.startsWith("auth")) {
 65 |                 outputFileName = "auth-${libraryVariant.buildType.name}.aar"
 66 |             }
 67 |         }
 68 |     }
 69 | 
 70 |     lintOptions {
 71 |         lintConfig file("${project.rootDir}/config/lint.xml")
 72 |         quiet false
 73 |         warningsAsErrors false
 74 |         textReport true
 75 |         textOutput 'stdout'
 76 |         xmlReport false
 77 |     }
 78 | 
 79 |     testOptions {
 80 |         unitTests {
 81 |             includeAndroidResources = true
 82 |         }
 83 |     }
 84 | 
 85 |     def manifestPlaceholdersForTests = [redirectSchemeName: "spotify-sdk", redirectHostName: "auth"]
 86 |     namespace 'com.spotify.sdk.android.auth'
 87 |     unitTestVariants.configureEach {
 88 |         it.mergedFlavor.manifestPlaceholders += manifestPlaceholdersForTests
 89 |     }
 90 |     testVariants.configureEach {
 91 |         it.mergedFlavor.manifestPlaceholders += manifestPlaceholdersForTests
 92 |     }
 93 | }
 94 | 
 95 | dependencies {
 96 |     implementation 'androidx.browser:browser:1.5.0'
 97 | 
 98 |     testImplementation 'junit:junit:4.13.2'
 99 |     testImplementation 'org.mockito:mockito-core:2.28.2'
100 |     testImplementation 'org.robolectric:robolectric:4.11.1'
101 | }
102 | 
103 | /*
104 |     Static analysis section
105 |     run: ./gradlew auth-lib:checkstyle auth-lib:findbugs
106 |  */
107 | 
108 | apply plugin: 'checkstyle'
109 | 
110 | tasks.register('checkstyle', Checkstyle) {
111 |     configFile file("${project.rootDir}/config/checkstyle.xml")
112 |     source 'src'
113 |     include '**/*.java'
114 |     exclude '**/gen/**'
115 |     classpath = files()
116 | }
117 | 
118 | apply plugin: 'maven-publish'
119 | apply plugin: 'signing'
120 | 
121 | ext.isReleaseVersion = !version.endsWith("SNAPSHOT")
122 | 
123 | signing {
124 |     sign publishing.publications
125 | }
126 | 
127 | project.ext["ossrhUsername"] = ''
128 | project.ext["ossrhPassword"] = ''
129 | 
130 | def getSigningVariables() {
131 |     // Try to fetch the values from local.properties, otherwise look in the environment variables
132 |     // More info here: https://central.sonatype.org/publish/requirements/gpg/
133 |     File secretPropsFile = project.rootProject.file('local.properties')
134 |     if (secretPropsFile.exists()) {
135 |         Properties p = new Properties()
136 |         new FileInputStream(secretPropsFile).withCloseable { is ->
137 |             p.load(is)
138 |         }
139 |         p.each { name, value ->
140 |             project.ext[name] = value
141 |         }
142 |     } else {
143 |         project.ext["ossrhUsername"] = System.getenv('OSSRH_USERNAME')
144 |         project.ext["ossrhPassword"] = System.getenv('OSSRH_PASSWORD')
145 |     }
146 | }
147 | 
148 | /*
149 |  * Publishing is done through ossrh and can onky be done by people with access.
150 |  * reach out to the foss channel to get access.
151 |  * https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/
152 |  */
153 | afterEvaluate {
154 |     publishing {
155 |         repositories {
156 |             maven {
157 |                 getSigningVariables()
158 | 
159 |                 name = 'ossrh-staging-api'
160 |                 url = "https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/"
161 |                 credentials {
162 |                     username = project.ext["ossrhUsername"]
163 |                     password = project.ext["ossrhPassword"]
164 |                 }
165 |             }
166 |         }
167 | 
168 |         android.libraryVariants.configureEach { variant ->
169 |             if (variant.buildType.name == "debug") return
170 | 
171 |             def flavored = variant.flavorName != "auth"
172 | 
173 |             def javaDocDir = "../docs/"
174 |             if (flavored) {
175 |                 javaDocDir = "../docs-${variant.flavorName}/"
176 |             }
177 | 
178 |             def sourceDirs = variant.sourceSets.collect {
179 |                 it.javaDirectories + it.resourcesDirectories
180 |             }
181 | 
182 |             def javadoc = task("${variant.name}Javadoc", type: Javadoc) {
183 |                 description "Generates Javadoc for ${variant.name}."
184 |                 source = variant.javaCompile.source
185 |                 destinationDir = file(javaDocDir)
186 |                 classpath += variant.javaCompileProvider.get().classpath
187 |                 classpath += project.files(android.getBootClasspath().join(File.pathSeparator))
188 |                 classpath += files("build/generated/source/r/debug")
189 |                 options.links("http://docs.oracle.com/javase/7/docs/api/")
190 |                 options.links("http://d.android.com/reference/")
191 |                 failOnError false
192 |             }
193 | 
194 |             def javadocJar = task("${variant.name}JavadocJar", type: Jar, dependsOn: javadoc) {
195 |                 archiveClassifier.set('javadoc')
196 |                 from javadoc.destinationDir
197 |             }
198 | 
199 |             def sourcesJar = task("${variant.name}SourcesJar", type: Jar) {
200 |                 from sourceDirs
201 |                 archiveClassifier.set('sources')
202 |             }
203 | 
204 |             publications {
205 |                 "${variant.flavorName}Release"(MavenPublication) {
206 |                     from components."${variant.flavorName}Release"
207 |                     String suffix = "${flavored ? "-" + variant.flavorName : ""}"
208 |                     artifact javadocJar
209 |                     artifact sourcesJar
210 |                     groupId = project.group
211 |                     version = project.version
212 |                     artifactId = project.archivesBaseName + suffix
213 | 
214 |                     pom {
215 |                         name = project.group + ':' + project.archivesBaseName + suffix
216 |                         def descriptionSuffix = ""
217 |                         if (variant.flavorName == "store") {
218 |                             descriptionSuffix = " with the Play Store Fallback"
219 |                         }
220 |                         description = 'Spotify authorization library for Android' + descriptionSuffix
221 |                         with configurePom()
222 |                     }
223 |                 }
224 |             }
225 |         }
226 |     }
227 | }
228 | 
229 | def configurePom() {
230 |     return {
231 |         packaging = 'aar'
232 |         url = 'https://github.com/spotify/android-auth'
233 | 
234 |         licenses {
235 |             license {
236 |                 name = 'The Apache Software License, Version 2.0'
237 |                 url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
238 |             }
239 |         }
240 | 
241 |         scm {
242 |             connection = 'scm:git:https://github.com/spotify/android-auth.git'
243 |             developerConnection = 'scm:git:git@github.com:spotify/android-auth.git'
244 |             url = 'https://github.com/spotify/android-auth'
245 |         }
246 | 
247 |         developers {
248 |             developer {
249 |                 id = 'erikg'
250 |                 name = 'Erik Ghonyan'
251 |                 email = 'erikg@spotify.com'
252 |             }
253 |         }
254 |     }
255 | }
256 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/TokenExchangeRequest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import androidx.annotation.NonNull;
 25 | import androidx.annotation.Nullable;
 26 | 
 27 | import java.io.BufferedReader;
 28 | import java.io.IOException;
 29 | import java.io.InputStreamReader;
 30 | import java.io.OutputStream;
 31 | import java.net.HttpURLConnection;
 32 | import java.net.URL;
 33 | import java.net.URLEncoder;
 34 | 
 35 | /**
 36 |  * A utility class for exchanging an authorization code for an access token using PKCE verifier.
 37 |  * This implements the OAuth 2.0 Authorization Code Grant with PKCE as specified in RFC 7636.
 38 |  */
 39 | public class TokenExchangeRequest {
 40 | 
 41 |     private static final String TOKEN_ENDPOINT = "https://accounts.spotify.com/api/token";
 42 |     private static final String CONTENT_TYPE_FORM = "application/x-www-form-urlencoded";
 43 |     private static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
 44 |     private static final int TIMEOUT_MS = 10000; // 10 seconds
 45 | 
 46 |     private final String mClientId;
 47 |     private final String mCode;
 48 |     private final String mRedirectUri;
 49 |     private final String mCodeVerifier;
 50 | 
 51 |     /**
 52 |      * Creates a new token exchange request.
 53 |      *
 54 |      * @param clientId The client ID of the application
 55 |      * @param code The authorization code received from the authorization server
 56 |      * @param redirectUri The redirect URI used in the authorization request
 57 |      * @param codeVerifier The PKCE code verifier that was used to generate the code challenge
 58 |      */
 59 |     public TokenExchangeRequest(@NonNull final String clientId,
 60 |                                @NonNull final String code,
 61 |                                @NonNull final String redirectUri,
 62 |                                @NonNull final String codeVerifier) {
 63 |         if (clientId == null || clientId.isEmpty()) {
 64 |             throw new IllegalArgumentException("Client ID cannot be null or empty");
 65 |         }
 66 |         if (code == null || code.isEmpty()) {
 67 |             throw new IllegalArgumentException("Authorization code cannot be null or empty");
 68 |         }
 69 |         if (redirectUri == null || redirectUri.isEmpty()) {
 70 |             throw new IllegalArgumentException("Redirect URI cannot be null or empty");
 71 |         }
 72 |         if (codeVerifier == null || codeVerifier.isEmpty()) {
 73 |             throw new IllegalArgumentException("Code verifier cannot be null or empty");
 74 |         }
 75 | 
 76 |         mClientId = clientId;
 77 |         mCode = code;
 78 |         mRedirectUri = redirectUri;
 79 |         mCodeVerifier = codeVerifier;
 80 |     }
 81 | 
 82 |     /**
 83 |      * Executes the token exchange request synchronously.
 84 |      * This method performs a blocking HTTP request and should not be called on the main thread.
 85 |      *
 86 |      * @return TokenExchangeResponse containing the access token or error information
 87 |      */
 88 |     @NonNull
 89 |     public TokenExchangeResponse execute() {
 90 |         HttpURLConnection connection = null;
 91 |         try {
 92 |             final URL url = new URL(TOKEN_ENDPOINT);
 93 |             connection = (HttpURLConnection) url.openConnection();
 94 | 
 95 |             connection.setRequestMethod("POST");
 96 |             connection.setRequestProperty("Content-Type", CONTENT_TYPE_FORM);
 97 |             connection.setDoOutput(true);
 98 |             connection.setConnectTimeout(TIMEOUT_MS);
 99 |             connection.setReadTimeout(TIMEOUT_MS);
100 | 
101 |             final String requestBody = buildRequestBody();
102 | 
103 |             try (final OutputStream outputStream = connection.getOutputStream()) {
104 |                 try {
105 |                     outputStream.write(requestBody.getBytes("UTF-8"));
106 |                 } catch (final java.io.UnsupportedEncodingException e) {
107 |                     // UTF-8 is guaranteed to be supported on all platforms
108 |                     throw new RuntimeException("UTF-8 encoding not supported", e);
109 |                 }
110 |                 outputStream.flush();
111 |             }
112 | 
113 |             final int responseCode = connection.getResponseCode();
114 |             final String responseBody = readResponse(connection, responseCode >= 400);
115 | 
116 |             return TokenExchangeResponse.fromHttpResponse(responseCode, responseBody);
117 | 
118 |         } catch (final IOException e) {
119 |             return TokenExchangeResponse.fromError("network_error", "Network error: " + e.getMessage());
120 |         } finally {
121 |             if (connection != null) {
122 |                 connection.disconnect();
123 |             }
124 |         }
125 |     }
126 | 
127 |     @NonNull
128 |     private String buildRequestBody() {
129 |         try {
130 |             return "grant_type=" + URLEncoder.encode(GRANT_TYPE_AUTHORIZATION_CODE, "UTF-8") +
131 |                    "&client_id=" + URLEncoder.encode(mClientId, "UTF-8") +
132 |                    "&code=" + URLEncoder.encode(mCode, "UTF-8") +
133 |                    "&redirect_uri=" + URLEncoder.encode(mRedirectUri, "UTF-8") +
134 |                    "&code_verifier=" + URLEncoder.encode(mCodeVerifier, "UTF-8");
135 |         } catch (final Exception e) {
136 |             // This should never happen with UTF-8
137 |             throw new RuntimeException("Failed to encode request parameters", e);
138 |         }
139 |     }
140 | 
141 |     @NonNull
142 |     private String readResponse(@NonNull final HttpURLConnection connection, final boolean isError) throws IOException {
143 |         try (final BufferedReader reader = new BufferedReader(new InputStreamReader(
144 |                 isError ? connection.getErrorStream() : connection.getInputStream(),
145 |                 "UTF-8"))) {
146 | 
147 |             final StringBuilder response = new StringBuilder();
148 |             String line;
149 |             while ((line = reader.readLine()) != null) {
150 |                 response.append(line);
151 |             }
152 | 
153 |             return response.toString();
154 |         }
155 |     }
156 | 
157 |     /**
158 |      * Builder class for creating TokenExchangeRequest instances.
159 |      */
160 |     public static class Builder {
161 |         private String mClientId;
162 |         private String mCode;
163 |         private String mRedirectUri;
164 |         private String mCodeVerifier;
165 | 
166 |         /**
167 |          * Sets the client ID.
168 |          *
169 |          * @param clientId The client ID
170 |          * @return This builder instance for method chaining
171 |          */
172 |         @NonNull
173 |         public Builder setClientId(@NonNull final String clientId) {
174 |             mClientId = clientId;
175 |             return this;
176 |         }
177 | 
178 |         /**
179 |          * Sets the authorization code.
180 |          *
181 |          * @param code The authorization code
182 |          * @return This builder instance for method chaining
183 |          */
184 |         @NonNull
185 |         public Builder setCode(@NonNull final String code) {
186 |             mCode = code;
187 |             return this;
188 |         }
189 | 
190 |         /**
191 |          * Sets the redirect URI.
192 |          *
193 |          * @param redirectUri The redirect URI
194 |          * @return This builder instance for method chaining
195 |          */
196 |         @NonNull
197 |         public Builder setRedirectUri(@NonNull final String redirectUri) {
198 |             mRedirectUri = redirectUri;
199 |             return this;
200 |         }
201 | 
202 |         /**
203 |          * Sets the PKCE code verifier.
204 |          *
205 |          * @param codeVerifier The code verifier
206 |          * @return This builder instance for method chaining
207 |          */
208 |         @NonNull
209 |         public Builder setCodeVerifier(@NonNull final String codeVerifier) {
210 |             mCodeVerifier = codeVerifier;
211 |             return this;
212 |         }
213 | 
214 |         /**
215 |          * Builds the TokenExchangeRequest.
216 |          *
217 |          * @return A new TokenExchangeRequest instance
218 |          * @throws IllegalArgumentException if any required field is null or empty
219 |          */
220 |         @NonNull
221 |         public TokenExchangeRequest build() {
222 |             return new TokenExchangeRequest(mClientId, mCode, mRedirectUri, mCodeVerifier);
223 |         }
224 |     }
225 | }
226 | 
227 | 


--------------------------------------------------------------------------------
/auth-lib/src/test/java/com/spotify/sdk/android/auth/AuthorizationClientTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | package com.spotify.sdk.android.auth;
 22 | 
 23 | import android.app.Activity;
 24 | import android.content.Intent;
 25 | import android.content.pm.PackageManager;
 26 | import android.net.Uri;
 27 | import android.os.Bundle;
 28 | 
 29 | import org.junit.Test;
 30 | import org.junit.runner.RunWith;
 31 | import org.mockito.ArgumentCaptor;
 32 | import org.mockito.Mockito;
 33 | import org.robolectric.Robolectric;
 34 | import org.robolectric.RobolectricTestRunner;
 35 | 
 36 | import static junit.framework.Assert.assertEquals;
 37 | import static junit.framework.Assert.assertNotNull;
 38 | import static junit.framework.Assert.assertNull;
 39 | import static org.mockito.Matchers.any;
 40 | import static org.mockito.Matchers.eq;
 41 | import static org.mockito.Mockito.mock;
 42 | import static org.mockito.Mockito.times;
 43 | import static org.mockito.Mockito.verify;
 44 | import static org.mockito.Mockito.when;
 45 | 
 46 | @RunWith(RobolectricTestRunner.class)
 47 | public class AuthorizationClientTest {
 48 | 
 49 |     @Test
 50 |     public void shouldLaunchIntentForPassedActivity() {
 51 |         AuthorizationRequest authorizationRequest = mock(AuthorizationRequest.class);
 52 |         Activity activity = mock(Activity.class);
 53 | 
 54 |         when(authorizationRequest.toUri()).thenReturn(Uri.parse("to://me"));
 55 |         Mockito.doNothing().when(activity).startActivity(any(Intent.class));
 56 |         ArgumentCaptor<Intent> captor = ArgumentCaptor.forClass(Intent.class);
 57 | 
 58 |         AuthorizationClient.openLoginInBrowser(activity, authorizationRequest);
 59 | 
 60 |         verify(activity, times(1)).startActivity(captor.capture());
 61 |         assertEquals(Intent.ACTION_VIEW, captor.getValue().getAction());
 62 |         assertEquals("to://me", captor.getValue().getData().toString());
 63 |     }
 64 | 
 65 |     @Test(expected = IllegalArgumentException.class)
 66 |     public void createLoginActivityIntentShouldThrowExceptionWhenBothPassedIsNull() {
 67 |         AuthorizationClient.createLoginActivityIntent(null, null);
 68 |     }
 69 | 
 70 |     @Test(expected = IllegalArgumentException.class)
 71 |     public void createLoginActivityIntentShouldThrowExceptionWhenFirstPassedIsNull() {
 72 |         AuthorizationRequest authorizationRequest = mock(AuthorizationRequest.class);
 73 |         AuthorizationClient.createLoginActivityIntent(null, authorizationRequest);
 74 |     }
 75 | 
 76 |     @Test(expected = IllegalArgumentException.class)
 77 |     public void createLoginActivityIntentShouldThrowExceptionWhenSecondPassedIsNull() {
 78 |         Activity activity = mock(Activity.class);
 79 |         AuthorizationClient.createLoginActivityIntent(activity, null);
 80 |     }
 81 | 
 82 |     @Test
 83 |     public void createLoginActivityIntentShouldReturnAnIntentWithExtrasInIt() throws Exception {
 84 |         String campaign = "campaign";
 85 |         AuthorizationRequest authorizationRequest =
 86 |                 new AuthorizationRequest
 87 |                         .Builder("test", AuthorizationResponse.Type.TOKEN, "to://me")
 88 |                         .setScopes(new String[]{"testa", "toppen"})
 89 |                         .setCampaign(campaign)
 90 |                         .build();
 91 | 
 92 |         Activity activity = mock(Activity.class);
 93 |         PackageManager packageManager = mock(PackageManager.class);
 94 |         when(activity.getPackageManager()).thenReturn(packageManager);
 95 |         // Mock getPackageInfo to throw NameNotFoundException (Spotify not installed)
 96 |         when(packageManager.getPackageInfo(any(String.class), eq(0)))
 97 |             .thenThrow(new PackageManager.NameNotFoundException());
 98 | 
 99 |         Intent intent =
100 |                 AuthorizationClient.createLoginActivityIntent(activity, authorizationRequest);
101 | 
102 |         AuthorizationRequest extra = intent
103 |                 .getBundleExtra(LoginActivity.EXTRA_AUTH_REQUEST).getParcelable(LoginActivity.REQUEST_KEY);
104 | 
105 |         assertNotNull(extra);
106 |         assertEquals("test", extra.getClientId());
107 |         assertEquals("token", extra.getResponseType());
108 |         assertEquals("to://me", extra.getRedirectUri());
109 |         assertEquals(campaign, extra.getCampaign());
110 |         assertEquals(2, extra.getScopes().length);
111 |     }
112 | 
113 |     @Test
114 |     public void getResponseShouldReturnAParcableIfEverythingIsOk() {
115 |         String responseUrl = "testschema://callback/#access_token=test_access_token" +
116 |                 "&token_type=Bearer&expires_in=3600&state=test_state";
117 |         Uri responseUri = Uri.parse(responseUrl);
118 |         AuthorizationResponse result = AuthorizationResponse.fromUri(responseUri);
119 |         Intent intent = mock(Intent.class);
120 |         Bundle bundle = new Bundle();
121 |         bundle.putParcelable(LoginActivity.RESPONSE_KEY, result);
122 |         when(intent.getBundleExtra(eq(LoginActivity.EXTRA_AUTH_RESPONSE)))
123 |                 .thenReturn(bundle);
124 |         AuthorizationResponse response =
125 |                 AuthorizationClient.getResponse(Activity.RESULT_OK, intent);
126 | 
127 |         assertEquals(result.getType(), response.getType());
128 |         assertEquals(result.getAccessToken(), response.getAccessToken());
129 |     }
130 | 
131 |     @Test
132 |     public void getResponseShouldReturnEmptyWhenSomethingWentWrong() {
133 |         Intent intent = mock(Intent.class);
134 |         AuthorizationResponse response =
135 |                 AuthorizationClient.getResponse(Activity.RESULT_CANCELED, intent);
136 |         assertEquals(AuthorizationResponse.Type.EMPTY, response.getType());
137 |         assertNull(response.getAccessToken());
138 |     }
139 | 
140 |     @Test
141 |     public void shouldCreateAnInstanceOfAuthorizationClientAndSendEvents() {
142 |         Activity mContext = Robolectric.buildActivity(Activity.class).create().get();
143 |         AuthorizationClient client = new AuthorizationClient(mContext);
144 |         PKCEInformation pkceInfo = PKCEInformation.sha256("test_verifier", "test_challenge");
145 |         AuthorizationRequest authorizationRequest =
146 |                 new AuthorizationRequest
147 |                         .Builder("test", AuthorizationResponse.Type.TOKEN, "to://me")
148 |                         .setScopes(new String[]{"testa", "toppen"})
149 |                         .setPkceInformation(pkceInfo)
150 |                         .build();
151 | 
152 |         client.authorize(authorizationRequest);
153 | 
154 |         AuthorizationClient.AuthorizationClientListener mockListener
155 |                 = mock(AuthorizationClient.AuthorizationClientListener.class);
156 |         client.setOnCompleteListener(mockListener);
157 | 
158 |         AuthorizationResponse response = new AuthorizationResponse.Builder()
159 |                 .setType(AuthorizationResponse.Type.ERROR)
160 |                 .setError("Authorization failed")
161 |                 .build();
162 |         client.complete(response);
163 | 
164 |         ArgumentCaptor<AuthorizationResponse> captor = ArgumentCaptor.forClass(AuthorizationResponse.class);
165 |         verify(mockListener, times(1)).onClientComplete(captor.capture());
166 |         assertEquals(AuthorizationResponse.Type.ERROR, captor.getValue().getType());
167 |     }
168 | 
169 |     @Test
170 |     public void shouldCreateLoginActivityIntentWithPkceForTokenRequest() throws Exception {
171 |         // Create a TOKEN request (PKCE should be automatically added)
172 |         AuthorizationRequest tokenRequest = new AuthorizationRequest.Builder(
173 |                 "test_client_id", 
174 |                 AuthorizationResponse.Type.TOKEN, 
175 |                 "redirect://uri")
176 |                 .setScopes(new String[]{"user-read-private", "playlist-read"})
177 |                 .setState("test_state")
178 |                 .setCampaign("test_campaign")
179 |                 .build();
180 | 
181 |         Activity activity = mock(Activity.class);
182 |         PackageManager packageManager = mock(PackageManager.class);
183 |         when(activity.getPackageManager()).thenReturn(packageManager);
184 |         // Mock getPackageInfo to throw NameNotFoundException (Spotify not installed)
185 |         when(packageManager.getPackageInfo(any(String.class), eq(0)))
186 |             .thenThrow(new PackageManager.NameNotFoundException());
187 | 
188 |         Intent intent = AuthorizationClient.createLoginActivityIntent(activity, tokenRequest);
189 | 
190 |         // Extract the request from the intent
191 |         AuthorizationRequest extractedRequest = intent
192 |                 .getBundleExtra(LoginActivity.EXTRA_AUTH_REQUEST)
193 |                 .getParcelable(LoginActivity.REQUEST_KEY);
194 | 
195 |         assertNotNull(extractedRequest);
196 |         
197 |         // Verify TOKEN request now has PKCE information
198 |         assertEquals("test_client_id", extractedRequest.getClientId());
199 |         assertEquals("token", extractedRequest.getResponseType());
200 |         assertEquals("redirect://uri", extractedRequest.getRedirectUri());
201 |         assertEquals("test_state", extractedRequest.getState());
202 |         assertEquals("test_campaign", extractedRequest.getCampaign());
203 |         assertEquals(2, extractedRequest.getScopes().length);
204 |         assertEquals("user-read-private", extractedRequest.getScopes()[0]);
205 |         assertEquals("playlist-read", extractedRequest.getScopes()[1]);
206 |         
207 |         // Verify PKCE was automatically added
208 |         assertNotNull(extractedRequest.getPkceInformation());
209 |         assertNotNull(extractedRequest.getPkceInformation().getVerifier());
210 |         assertNotNull(extractedRequest.getPkceInformation().getChallenge());
211 |         assertEquals("S256", extractedRequest.getPkceInformation().getCodeChallengeMethod());
212 |     }
213 | }
214 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/AuthorizationResponse.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import android.net.Uri;
 25 | import android.os.Parcel;
 26 | import android.os.Parcelable;
 27 | 
 28 | import androidx.annotation.NonNull;
 29 | import androidx.annotation.Nullable;
 30 | 
 31 | /**
 32 |  * An object that contains the parsed response from the Spotify authorization service.
 33 |  * To create one use {@link AuthorizationResponse.Builder} or
 34 |  * parse from {@link android.net.Uri} with {@link #fromUri(android.net.Uri)}
 35 |  *
 36 |  * @see <a href="https://developer.spotify.com/web-api/authorization-guide">Web API Authorization guide</a>
 37 |  */
 38 | public class AuthorizationResponse implements Parcelable {
 39 | 
 40 |     /**
 41 |      * The type of the authorization response.
 42 |      */
 43 |     public enum Type {
 44 |         /**
 45 |          * The response is a code reply.
 46 |          *
 47 |          * @see <a href="https://developer.spotify.com/documentation/web-api/tutorials/code-flow">Authorization code flow</a>
 48 |          */
 49 |         CODE("code"),
 50 | 
 51 |         /**
 52 |          * The response is an implicit grant with access token.
 53 |          *
 54 |          * @see <a href="https://developer.spotify.com/documentation/web-api/tutorials/implicit-flow">Implicit grant flow</a>
 55 |          */
 56 |         TOKEN("token"),
 57 | 
 58 |         /**
 59 |          * The response is an error response.
 60 |          *
 61 |          * @see <a href="https://developer.spotify.com/documentation/web-api/concepts/authorization">Web API Authorization guide</a>
 62 |          */
 63 |         ERROR("error"),
 64 | 
 65 |         /**
 66 |          * Response doesn't contain data because auth flow was cancelled or LoginActivity killed.
 67 |          */
 68 |         EMPTY("empty"),
 69 | 
 70 |         /**
 71 |          * The response is unknown.
 72 |          */
 73 |         UNKNOWN("unknown");
 74 | 
 75 |         private final String mType;
 76 | 
 77 |         Type(String type) {
 78 |             mType = type;
 79 |         }
 80 | 
 81 |         @Override
 82 |         public String toString() {
 83 |             return mType;
 84 |         }
 85 |     }
 86 | 
 87 |     private final Type mType;
 88 |     private final String mCode;
 89 |     private final String mAccessToken;
 90 |     private final String mState;
 91 |     private final String mError;
 92 |     private final int mExpiresIn;
 93 |     @Nullable
 94 |     private final String mRefreshToken;
 95 | 
 96 |     /**
 97 |      * Use this builder to create an {@link AuthorizationResponse}
 98 |      *
 99 |      * @see AuthorizationResponse
100 |      */
101 |     public static class Builder {
102 | 
103 |         private Type mType;
104 |         private String mCode;
105 |         private String mAccessToken;
106 |         private String mState;
107 |         private String mError;
108 |         private int mExpiresIn;
109 |         @Nullable
110 |         private String mRefreshToken;
111 | 
112 |         Builder setType(Type type) {
113 |             mType = type;
114 |             return this;
115 |         }
116 | 
117 |         Builder setCode(String code) {
118 |             mCode = code;
119 |             return this;
120 |         }
121 | 
122 |         Builder setAccessToken(String accessToken) {
123 |             mAccessToken = accessToken;
124 |             return this;
125 |         }
126 | 
127 |         Builder setState(String state) {
128 |             mState = state;
129 |             return this;
130 |         }
131 | 
132 |         Builder setError(String error) {
133 |             mError = error;
134 |             return this;
135 |         }
136 | 
137 |         Builder setExpiresIn(int expiresIn) {
138 |             mExpiresIn = expiresIn;
139 |             return this;
140 |         }
141 | 
142 |         Builder setRefreshToken(@Nullable String refreshToken) {
143 |             mRefreshToken = refreshToken;
144 |             return this;
145 |         }
146 | 
147 |         AuthorizationResponse build() {
148 |             return new AuthorizationResponse(mType, mCode, mAccessToken, mState, mError, mExpiresIn, mRefreshToken);
149 |         }
150 |     }
151 | 
152 |     private AuthorizationResponse(Type type,
153 |                                   String code,
154 |                                   String accessToken,
155 |                                   String state,
156 |                                   String error,
157 |                                   int expiresIn,
158 |                                   String refreshToken) {
159 |         mType = type != null ? type : Type.UNKNOWN;
160 |         mCode = code;
161 |         mAccessToken = accessToken;
162 |         mState = state;
163 |         mError = error;
164 |         mExpiresIn = expiresIn;
165 |         mRefreshToken = refreshToken;
166 |     }
167 | 
168 |     public AuthorizationResponse(@NonNull Parcel source) {
169 |         mExpiresIn = source.readInt();
170 |         mError = source.readString();
171 |         mState = source.readString();
172 |         mAccessToken = source.readString();
173 |         mCode = source.readString();
174 |         mType = Type.values()[source.readInt()];
175 |         mRefreshToken = source.readString();
176 |     }
177 | 
178 |     /**
179 |      * Parses the URI returned from the Spotify accounts service.
180 |      *
181 |      * @param uri URI
182 |      * @return Authorization response. If parsing failed, this object will be populated with
183 |      * the given error codes.
184 |      */
185 |     @NonNull
186 |     public static AuthorizationResponse fromUri(@Nullable Uri uri) {
187 |         AuthorizationResponse.Builder builder = new AuthorizationResponse.Builder();
188 |         if (uri == null) {
189 |             builder.setType(Type.EMPTY);
190 |             return builder.build();
191 |         }
192 | 
193 |         String possibleError = uri.getQueryParameter(AccountsQueryParameters.ERROR);
194 |         if (possibleError != null) {
195 |             String state = uri.getQueryParameter(AccountsQueryParameters.STATE);
196 |             builder.setError(possibleError);
197 |             builder.setState(state);
198 |             builder.setType(Type.ERROR);
199 |             return builder.build();
200 |         }
201 | 
202 |         String possibleCode = uri.getQueryParameter(AccountsQueryParameters.CODE);
203 |         if (possibleCode != null) {
204 |             String state = uri.getQueryParameter(AccountsQueryParameters.STATE);
205 |             builder.setCode(possibleCode);
206 |             builder.setState(state);
207 |             builder.setType(Type.CODE);
208 |             return builder.build();
209 |         }
210 | 
211 |         String possibleImplicit = uri.getEncodedFragment();
212 |         if (possibleImplicit != null && possibleImplicit.length() > 0) {
213 |             String[] parts = possibleImplicit.split("&");
214 |             String accessToken = null;
215 |             String state = null;
216 |             String expiresIn = null;
217 |             for (String part : parts) {
218 |                 String[] partSplit = part.split("=");
219 |                 if (partSplit.length == 2) {
220 |                     if (partSplit[0].startsWith(AccountsQueryParameters.ACCESS_TOKEN)) {
221 |                         accessToken = Uri.decode(partSplit[1]);
222 |                     }
223 |                     if (partSplit[0].startsWith(AccountsQueryParameters.STATE)) {
224 |                         state = Uri.decode(partSplit[1]);
225 |                     }
226 |                     if (partSplit[0].startsWith(AccountsQueryParameters.EXPIRES_IN)) {
227 |                         expiresIn = Uri.decode(partSplit[1]);
228 |                     }
229 |                 }
230 |             }
231 |             builder.setAccessToken(accessToken);
232 |             builder.setState(state);
233 |             if (expiresIn != null) {
234 |                 try {
235 |                     builder.setExpiresIn(Integer.parseInt(expiresIn));
236 |                 } catch (NumberFormatException e) {
237 |                     // Ignore
238 |                 }
239 |             }
240 |             builder.setType(Type.TOKEN);
241 |             return builder.build();
242 |         }
243 | 
244 |         builder.setType(Type.UNKNOWN);
245 |         return builder.build();
246 |     }
247 | 
248 |     @NonNull
249 |     public Type getType() {
250 |         return mType;
251 |     }
252 | 
253 |     @Nullable
254 |     public String getCode() {
255 |         return mCode;
256 |     }
257 | 
258 |     @Nullable
259 |     public String getAccessToken() {
260 |         return mAccessToken;
261 |     }
262 | 
263 |     @Nullable
264 |     public String getState() {
265 |         return mState;
266 |     }
267 | 
268 |     @Nullable
269 |     public String getError() {
270 |         return mError;
271 |     }
272 | 
273 |     public int getExpiresIn() {
274 |         return mExpiresIn;
275 |     }
276 | 
277 |     @Nullable
278 |     public String getRefreshToken() {
279 |         return mRefreshToken;
280 |     }
281 | 
282 |     @Override
283 |     public int describeContents() {
284 |         return 0;
285 |     }
286 | 
287 |     @Override
288 |     public void writeToParcel(@NonNull Parcel dest, int flags) {
289 |         dest.writeInt(mExpiresIn);
290 |         dest.writeString(mError);
291 |         dest.writeString(mState);
292 |         dest.writeString(mAccessToken);
293 |         dest.writeString(mCode);
294 |         dest.writeInt(mType.ordinal());
295 |         dest.writeString(mRefreshToken);
296 |     }
297 | 
298 |     public static final Parcelable.Creator<AuthorizationResponse> CREATOR = new Parcelable.Creator<AuthorizationResponse>() {
299 |         @Override
300 |         @NonNull
301 |         public AuthorizationResponse createFromParcel(@NonNull Parcel source) {
302 |             return new AuthorizationResponse(source);
303 |         }
304 | 
305 |         @Override
306 |         @NonNull
307 |         public AuthorizationResponse[] newArray(int size) {
308 |             return new AuthorizationResponse[size];
309 |         }
310 |     };
311 | }
312 | 


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/AuthorizationRequest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth;
 23 | 
 24 | import android.net.Uri;
 25 | import android.os.Bundle;
 26 | import android.os.Parcel;
 27 | import android.os.Parcelable;
 28 | import android.text.TextUtils;
 29 | 
 30 | import androidx.annotation.NonNull;
 31 | import androidx.annotation.Nullable;
 32 | import androidx.annotation.VisibleForTesting;
 33 | 
 34 | import java.util.HashMap;
 35 | import java.util.Map;
 36 | 
 37 | /**
 38 |  * An object that helps construct the request that is sent to Spotify authorization service.
 39 |  * To create one use {@link AuthorizationRequest.Builder}
 40 |  *
 41 |  * @see <a href="https://developer.spotify.com/web-api/authorization-guide">Web API Authorization guide</a>
 42 |  */
 43 | public class AuthorizationRequest implements Parcelable {
 44 | 
 45 |     static final String ACCOUNTS_SCHEME = "https";
 46 |     static final String ACCOUNTS_AUTHORITY = "accounts.spotify.com";
 47 |     static final String ACCOUNTS_PATH = "authorize";
 48 |     static final String SCOPES_SEPARATOR = " ";
 49 |     @VisibleForTesting
 50 |     public static final String SPOTIFY_SDK = "spotify-sdk";
 51 |     @VisibleForTesting
 52 |     public static final String ANDROID_SDK = "android-sdk";
 53 | 
 54 |     private final String mClientId;
 55 |     private final String mResponseType;
 56 |     private final String mRedirectUri;
 57 |     private final String mState;
 58 |     private final String[] mScopes;
 59 |     private final boolean mShowDialog;
 60 |     private final Map<String, String> mCustomParams;
 61 |     private final String mCampaign;
 62 |     private final PKCEInformation mPkceInformation;
 63 | 
 64 |     /**
 65 |      * Use this builder to create an {@link AuthorizationRequest}
 66 |      *
 67 |      * @see AuthorizationRequest
 68 |      */
 69 |     public static class Builder {
 70 | 
 71 |         private final String mClientId;
 72 |         private final AuthorizationResponse.Type mResponseType;
 73 |         private final String mRedirectUri;
 74 | 
 75 |         private String mState;
 76 |         private String[] mScopes;
 77 |         private boolean mShowDialog;
 78 |         private String mCampaign;
 79 |         private PKCEInformation mPkceInformation;
 80 |         private final Map<String, String> mCustomParams = new HashMap<>();
 81 | 
 82 |         public Builder(String clientId, AuthorizationResponse.Type responseType, String redirectUri) {
 83 |             if (clientId == null) {
 84 |                 throw new IllegalArgumentException("Client ID can't be null");
 85 |             }
 86 |             if (responseType == null) {
 87 |                 throw new IllegalArgumentException("Response type can't be null");
 88 |             }
 89 |             if (redirectUri == null || redirectUri.length() == 0) {
 90 |                 throw new IllegalArgumentException("Redirect URI can't be null or empty");
 91 |             }
 92 | 
 93 |             mClientId = clientId;
 94 |             mResponseType = responseType;
 95 |             mRedirectUri = redirectUri;
 96 |         }
 97 | 
 98 |         public Builder setState(String state) {
 99 |             mState = state;
100 |             return this;
101 |         }
102 | 
103 |         public Builder setScopes(String[] scopes) {
104 |             mScopes = scopes;
105 |             return this;
106 |         }
107 | 
108 |         public Builder setShowDialog(boolean showDialog) {
109 |             mShowDialog = showDialog;
110 |             return this;
111 |         }
112 | 
113 |         public Builder setCustomParam(String key, String value) {
114 |             if (key == null || key.isEmpty()) {
115 |                 throw new IllegalArgumentException("Custom parameter key can't be null or empty");
116 |             }
117 |             if (value == null || value.isEmpty()) {
118 |                 throw new IllegalArgumentException("Custom parameter value can't be null or empty");
119 |             }
120 |             mCustomParams.put(key, value);
121 |             return this;
122 |         }
123 | 
124 |         public Builder setCampaign(String campaign) {
125 |             mCampaign = campaign;
126 |             return this;
127 |         }
128 | 
129 |         public Builder setPkceInformation(PKCEInformation pkceInformation) {
130 |             mPkceInformation = pkceInformation;
131 |             return this;
132 |         }
133 | 
134 |         public AuthorizationRequest build() {
135 |             return new AuthorizationRequest(mClientId, mResponseType, mRedirectUri,
136 |                     mState, mScopes, mShowDialog, mCustomParams, mCampaign, mPkceInformation);
137 |         }
138 |     }
139 | 
140 |     public AuthorizationRequest(Parcel source) {
141 |         mClientId = source.readString();
142 |         mResponseType = source.readString();
143 |         mRedirectUri = source.readString();
144 |         mState = source.readString();
145 |         mScopes = source.createStringArray();
146 |         mShowDialog = source.readByte() == 1;
147 |         mCustomParams = new HashMap<>();
148 |         mCampaign = source.readString();
149 |         mPkceInformation = source.readParcelable(PKCEInformation.class.getClassLoader());
150 |         Bundle bundle = source.readBundle(getClass().getClassLoader());
151 |         for (String key : bundle.keySet()) {
152 |             mCustomParams.put(key, bundle.getString(key));
153 |         }
154 |     }
155 | 
156 |     public String getClientId() {
157 |         return mClientId;
158 |     }
159 | 
160 |     public String getResponseType() {
161 |         return mResponseType;
162 |     }
163 | 
164 |     public String getRedirectUri() {
165 |         return mRedirectUri;
166 |     }
167 | 
168 |     public String getState() {
169 |         return mState;
170 |     }
171 | 
172 |     public String[] getScopes() {
173 |         return mScopes;
174 |     }
175 | 
176 |     public String getCustomParam(String key) {
177 |         return mCustomParams.get(key);
178 |     }
179 | 
180 |     @NonNull
181 |     public String getCampaign() { return TextUtils.isEmpty(mCampaign) ? ANDROID_SDK : mCampaign; }
182 | 
183 |     @NonNull
184 |     public String getSource() { return SPOTIFY_SDK; }
185 | 
186 |     @NonNull
187 |     public String getMedium() { return ANDROID_SDK; }
188 | 
189 |     public PKCEInformation getPkceInformation() {
190 |         return mPkceInformation;
191 |     }
192 | 
193 |     private AuthorizationRequest(String clientId,
194 |                                  AuthorizationResponse.Type responseType,
195 |                                  String redirectUri,
196 |                                  String state,
197 |                                  String[] scopes,
198 |                                  boolean showDialog,
199 |                                  Map<String, String> customParams,
200 |                                  String campaign,
201 |                                  PKCEInformation pkceInformation) {
202 | 
203 |         mClientId = clientId;
204 |         mResponseType = responseType.toString();
205 |         mRedirectUri = redirectUri;
206 |         mState = state;
207 |         mScopes = scopes;
208 |         mShowDialog = showDialog;
209 |         mCustomParams = customParams;
210 |         mCampaign = campaign;
211 |         mPkceInformation = pkceInformation;
212 |     }
213 | 
214 |     public Uri toUri() {
215 |         Uri.Builder uriBuilder = new Uri.Builder();
216 |         uriBuilder.scheme(ACCOUNTS_SCHEME)
217 |                 .authority(ACCOUNTS_AUTHORITY)
218 |                 .appendPath(ACCOUNTS_PATH)
219 |                 .appendQueryParameter(AccountsQueryParameters.CLIENT_ID, mClientId)
220 |                 .appendQueryParameter(AccountsQueryParameters.RESPONSE_TYPE, mResponseType)
221 |                 .appendQueryParameter(AccountsQueryParameters.REDIRECT_URI, mRedirectUri)
222 |                 .appendQueryParameter(AccountsQueryParameters.SHOW_DIALOG, String.valueOf(mShowDialog))
223 |                 .appendQueryParameter(AccountsQueryParameters.UTM_SOURCE, getSource())
224 |                 .appendQueryParameter(AccountsQueryParameters.UTM_MEDIUM, getMedium())
225 |                 .appendQueryParameter(AccountsQueryParameters.UTM_CAMPAIGN, getCampaign());
226 | 
227 |         if (mScopes != null && mScopes.length > 0) {
228 |             uriBuilder.appendQueryParameter(AccountsQueryParameters.SCOPE, scopesToString());
229 |         }
230 | 
231 |         if (mState != null) {
232 |             uriBuilder.appendQueryParameter(AccountsQueryParameters.STATE, mState);
233 |         }
234 | 
235 |         if (mCustomParams.size() > 0) {
236 |             for (Map.Entry<String, String> entry : mCustomParams.entrySet()) {
237 |                 uriBuilder.appendQueryParameter(entry.getKey(), entry.getValue());
238 |             }
239 |         }
240 | 
241 |         if (mPkceInformation != null) {
242 |             uriBuilder.appendQueryParameter(AccountsQueryParameters.CODE_CHALLENGE, mPkceInformation.getChallenge());
243 |             uriBuilder.appendQueryParameter(AccountsQueryParameters.CODE_CHALLENGE_METHOD, mPkceInformation.getCodeChallengeMethod());
244 |         }
245 | 
246 |         return uriBuilder.build();
247 |     }
248 | 
249 |     private String scopesToString() {
250 |         StringBuilder concatScopes = new StringBuilder();
251 |         for (String scope : mScopes) {
252 |             concatScopes.append(scope);
253 |             concatScopes.append(SCOPES_SEPARATOR);
254 |         }
255 |         return concatScopes.toString().trim();
256 |     }
257 | 
258 |     @Override
259 |     public int describeContents() {
260 |         return 0;
261 |     }
262 | 
263 |     @Override
264 |     public void writeToParcel(Parcel dest, int flags) {
265 |         dest.writeString(mClientId);
266 |         dest.writeString(mResponseType);
267 |         dest.writeString(mRedirectUri);
268 |         dest.writeString(mState);
269 |         dest.writeStringArray(mScopes);
270 |         dest.writeByte((byte) (mShowDialog ? 1 : 0));
271 |         dest.writeString(mCampaign);
272 |         dest.writeParcelable(mPkceInformation, flags);
273 | 
274 |         Bundle bundle = new Bundle();
275 |         for (Map.Entry<String, String> entry : mCustomParams.entrySet()) {
276 |             bundle.putString(entry.getKey(), entry.getValue());
277 |         }
278 |         dest.writeBundle(bundle);
279 |     }
280 | 
281 |     public static final Parcelable.Creator<AuthorizationRequest> CREATOR = new Parcelable.Creator<AuthorizationRequest>() {
282 | 
283 |         @Override
284 |         public AuthorizationRequest createFromParcel(Parcel source) {
285 |             return new AuthorizationRequest(source);
286 |         }
287 | 
288 |         @Override
289 |         public AuthorizationRequest[] newArray(int size) {
290 |             return new AuthorizationRequest[size];
291 |         }
292 |     };
293 | }
294 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright 2016 Spotify AB
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.


--------------------------------------------------------------------------------
/auth-lib/src/main/java/com/spotify/sdk/android/auth/app/SpotifyNativeAuthUtil.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2015-2016 Spotify AB
  3 |  *
  4 |  * Licensed to the Apache Software Foundation (ASF) under one
  5 |  * or more contributor license agreements.  See the NOTICE file
  6 |  * distributed with this work for additional information
  7 |  * regarding copyright ownership.  The ASF licenses this file
  8 |  * to you under the Apache License, Version 2.0 (the
  9 |  * "License"); you may not use this file except in compliance
 10 |  * with the License.  You may obtain a copy of the License at
 11 |  *
 12 |  * http://www.apache.org/licenses/LICENSE-2.0
 13 |  *
 14 |  * Unless required by applicable law or agreed to in writing,
 15 |  * software distributed under the License is distributed on an
 16 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17 |  * KIND, either express or implied.  See the License for the
 18 |  * specific language governing permissions and limitations
 19 |  * under the License.
 20 |  */
 21 | 
 22 | package com.spotify.sdk.android.auth.app;
 23 | 
 24 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_CLIENT_ID;
 25 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_CODE_CHALLENGE;
 26 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_CODE_CHALLENGE_METHOD;
 27 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_REDIRECT_URI;
 28 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_REQUESTED_SCOPES;
 29 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_RESPONSE_TYPE;
 30 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_STATE;
 31 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_UTM_CAMPAIGN;
 32 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_UTM_MEDIUM;
 33 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_UTM_SOURCE;
 34 | import static com.spotify.sdk.android.auth.IntentExtras.KEY_VERSION;
 35 | 
 36 | import android.annotation.SuppressLint;
 37 | import android.app.Activity;
 38 | import android.content.ActivityNotFoundException;
 39 | import android.content.ComponentName;
 40 | import android.content.Context;
 41 | import android.content.Intent;
 42 | import android.content.pm.PackageInfo;
 43 | import android.content.pm.PackageManager;
 44 | import android.content.pm.Signature;
 45 | import android.os.Build;
 46 | 
 47 | import androidx.annotation.NonNull;
 48 | import androidx.annotation.Nullable;
 49 | import androidx.annotation.VisibleForTesting;
 50 | 
 51 | import com.spotify.sdk.android.auth.AuthorizationRequest;
 52 | import com.spotify.sdk.android.auth.LoginActivity;
 53 | import com.spotify.sdk.android.auth.PKCEInformation;
 54 | 
 55 | public class SpotifyNativeAuthUtil {
 56 | 
 57 |     /*
 58 |      * The version of the auth protocol. More info about this protocol in
 59 |      * {@link com.spotify.sdk.android.auth.IntentExtras}.
 60 |      */
 61 |     private static final int PROTOCOL_VERSION = 1;
 62 | 
 63 |     private static final String SPOTIFY_AUTH_ACTIVITY_ACTION = "com.spotify.sso.action.START_AUTH_FLOW";
 64 |     private static final String SPOTIFY_PACKAGE_NAME = "com.spotify.music";
 65 |     private static final String[] SPOTIFY_PACKAGE_SUFFIXES = new String[]{
 66 |             ".debug",
 67 |             ".canary",
 68 |             ".partners",
 69 |             ""
 70 |     };
 71 | 
 72 |     private static final String[] SPOTIFY_SIGNATURE_HASH = new String[]{
 73 |             "25a9b2d2745c098361edaa3b87936dc29a28e7f1",
 74 |             "80abdd17dcc4cb3a33815d354355bf87c9378624",
 75 |             "88df4d670ed5e01fc7b3eff13b63258628ff5a00",
 76 |             "d834ae340d1e854c5f4092722f9788216d9221e5",
 77 |             "1cbedd9e7345f64649bad2b493a20d9eea955352",
 78 |             "4b3d76a2de89033ea830f476a1f815692938e33b",
 79 |     };
 80 | 
 81 |     private final Activity mContextActivity;
 82 |     private final AuthorizationRequest mRequest;
 83 |     @NonNull
 84 |     private final Sha1HashUtil mSha1HashUtil;
 85 | 
 86 |     public SpotifyNativeAuthUtil(@NonNull Activity contextActivity,
 87 |                                  @NonNull AuthorizationRequest request,
 88 |                                  @NonNull Sha1HashUtil sha1HashUtil) {
 89 |         mContextActivity = contextActivity;
 90 |         mRequest = request;
 91 |         mSha1HashUtil = sha1HashUtil;
 92 |     }
 93 | 
 94 |     public boolean startAuthActivity() {
 95 |         Intent intent = createAuthActivityIntent(mContextActivity, mSha1HashUtil);
 96 |         if (intent == null) {
 97 |             return false;
 98 |         }
 99 |         intent.putExtra(KEY_VERSION, PROTOCOL_VERSION);
100 | 
101 |         intent.putExtra(KEY_CLIENT_ID, mRequest.getClientId());
102 |         intent.putExtra(KEY_REDIRECT_URI, mRequest.getRedirectUri());
103 |         intent.putExtra(KEY_RESPONSE_TYPE, mRequest.getResponseType());
104 |         intent.putExtra(KEY_REQUESTED_SCOPES, mRequest.getScopes());
105 |         intent.putExtra(KEY_STATE, mRequest.getState());
106 |         intent.putExtra(KEY_UTM_SOURCE, mRequest.getSource());
107 |         intent.putExtra(KEY_UTM_CAMPAIGN, mRequest.getCampaign());
108 |         intent.putExtra(KEY_UTM_MEDIUM, mRequest.getMedium());
109 | 
110 |         final PKCEInformation pkceInfo = mRequest.getPkceInformation();
111 |         if (pkceInfo != null) {
112 |             intent.putExtra(KEY_CODE_CHALLENGE, pkceInfo.getChallenge());
113 |             intent.putExtra(KEY_CODE_CHALLENGE_METHOD, pkceInfo.getCodeChallengeMethod());
114 |         }
115 | 
116 |         try {
117 |             mContextActivity.startActivityForResult(intent, LoginActivity.REQUEST_CODE);
118 |         } catch (ActivityNotFoundException e) {
119 |             return false;
120 |         }
121 |         return true;
122 |     }
123 | 
124 |     /**
125 |      * Creates an intent that will launch the auth flow on the currently installed Spotify application
126 |      * @param context The context of the caller
127 |      * @return The auth Intent or null if the Spotify application couldn't be found
128 |      */
129 |     @Nullable
130 |     public static Intent createAuthActivityIntent(@NonNull Context context) {
131 |         return createAuthActivityIntent(context, new Sha1HashUtilImpl());
132 |     }
133 | 
134 |     @VisibleForTesting
135 |     @Nullable
136 |     static Intent createAuthActivityIntent(@NonNull Context context, @NonNull Sha1HashUtil sha1HashUtil) {
137 |         Intent intent = null;
138 |         for (String suffix : SPOTIFY_PACKAGE_SUFFIXES) {
139 |             intent = tryResolveActivity(context,
140 |                     SPOTIFY_PACKAGE_NAME + suffix,
141 |                     sha1HashUtil);
142 |             if (intent != null) {
143 |                 break;
144 |             }
145 |         }
146 |         return intent;
147 |     }
148 | 
149 |     /**
150 |      * Check if a version of the Spotify main application is installed
151 |      *
152 |      * @param context The context of the caller, used to check if the app is installed
153 |      * @return True if a Spotify app is installed, false otherwise
154 |      */
155 |     public static boolean isSpotifyInstalled(@NonNull Context context) {
156 |         return isSpotifyInstalled(context, new Sha1HashUtilImpl());
157 |     }
158 | 
159 |     @VisibleForTesting
160 |     static boolean isSpotifyInstalled(@NonNull Context context, @NonNull Sha1HashUtil sha1HashUtil) {
161 |         return createAuthActivityIntent(context, sha1HashUtil) != null;
162 |     }
163 | 
164 |     /**
165 |      * Get the version code of the installed Spotify app
166 |      *
167 |      * @param context The context of the caller, used to check package info
168 |      * @return Version code of Spotify app, or -1 if not installed or signature validation fails
169 |      */
170 |     public static int getSpotifyAppVersionCode(@NonNull Context context) {
171 |         return getSpotifyAppVersionCode(context, new Sha1HashUtilImpl());
172 |     }
173 | 
174 |     @VisibleForTesting
175 |     static int getSpotifyAppVersionCode(@NonNull Context context, @NonNull Sha1HashUtil sha1HashUtil) {
176 |         for (String suffix : SPOTIFY_PACKAGE_SUFFIXES) {
177 |             String packageName = SPOTIFY_PACKAGE_NAME + suffix;
178 |             try {
179 |                 PackageInfo packageInfo = context.getPackageManager()
180 |                         .getPackageInfo(packageName, 0);
181 | 
182 |                 // Validate signature before returning version info
183 |                 if (validateSignature(context, packageName, sha1HashUtil)) {
184 |                     return packageInfo.versionCode;
185 |                 }
186 |             } catch (PackageManager.NameNotFoundException ignored) {
187 |                 // Try next package variant
188 |             }
189 |         }
190 |         return -1; // Not found or signature validation failed
191 |     }
192 | 
193 |     /**
194 |      * Check if Spotify app version meets minimum requirement
195 |      *
196 |      * @param context The context of the caller, used to check package info
197 |      * @param minVersionCode Minimum required version code
198 |      * @return true if installed {@code version >= minVersionCode}, false otherwise
199 |      */
200 |     public static boolean isSpotifyVersionAtLeast(@NonNull Context context, int minVersionCode) {
201 |         return isSpotifyVersionAtLeast(context, minVersionCode, new Sha1HashUtilImpl());
202 |     }
203 | 
204 |     @VisibleForTesting
205 |     static boolean isSpotifyVersionAtLeast(@NonNull Context context, int minVersionCode, @NonNull Sha1HashUtil sha1HashUtil) {
206 |         int currentVersion = getSpotifyAppVersionCode(context, sha1HashUtil);
207 |         return currentVersion >= minVersionCode;
208 |     }
209 | 
210 |     @Nullable
211 |     private static Intent tryResolveActivity(@NonNull Context context,
212 |                                              @NonNull String packageName,
213 |                                              @NonNull Sha1HashUtil sha1HashUtil) {
214 |         Intent intent = new Intent(SPOTIFY_AUTH_ACTIVITY_ACTION);
215 |         intent.setPackage(packageName);
216 | 
217 |         ComponentName componentName = intent.resolveActivity(context.getPackageManager());
218 | 
219 |         if (componentName == null) {
220 |             return null;
221 |         }
222 | 
223 |         if (!validateSignature(context, componentName.getPackageName(), sha1HashUtil)) {
224 |             return null;
225 |         }
226 | 
227 |         return intent;
228 |     }
229 | 
230 |     @SuppressLint("PackageManagerGetSignatures")
231 |     private static boolean validateSignature(@NonNull Context context,
232 |                                              @NonNull String spotifyPackageName,
233 |                                              @NonNull Sha1HashUtil sha1HashUtil) {
234 |         try {
235 |             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
236 |                 final PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
237 |                         spotifyPackageName,
238 |                         PackageManager.GET_SIGNING_CERTIFICATES);
239 | 
240 |                 if (packageInfo.signingInfo == null) {
241 |                     return false;
242 |                 }
243 |                 if(packageInfo.signingInfo.hasMultipleSigners()){
244 |                     return validateSignatures(sha1HashUtil, packageInfo.signingInfo.getApkContentsSigners());
245 |                 }
246 |                 else{
247 |                     return validateSignatures(sha1HashUtil, packageInfo.signingInfo.getSigningCertificateHistory());
248 |                 }
249 |             } else {
250 |                 final PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
251 |                         spotifyPackageName,
252 |                         PackageManager.GET_SIGNATURES);
253 | 
254 |                 return validateSignatures(sha1HashUtil, packageInfo.signatures);
255 |             }
256 |         } catch (PackageManager.NameNotFoundException ignored) {
257 |         }
258 |         return false;
259 |     }
260 | 
261 |     private static boolean validateSignatures(@NonNull Sha1HashUtil sha1HashUtil,
262 |                                               @Nullable Signature[] apkSignatures) {
263 |         if (apkSignatures == null || apkSignatures.length == 0) {
264 |             return false;
265 |         }
266 | 
267 |         for (Signature actualApkSignature : apkSignatures) {
268 |             final String signatureString = actualApkSignature.toCharsString();
269 |             final String sha1Signature = sha1HashUtil.sha1Hash(signatureString);
270 |             boolean matchesSignature = false;
271 |             for (String knownSpotifyHash : SPOTIFY_SIGNATURE_HASH) {
272 |                 if (knownSpotifyHash.equalsIgnoreCase(sha1Signature)) {
273 |                     matchesSignature = true;
274 |                     break;
275 |                 }
276 |             }
277 | 
278 |             // Abort upon finding a non matching signature
279 |             if (!matchesSignature) {
280 |                 return false;
281 |             }
282 |         }
283 |         return true;
284 |     }
285 | 
286 |     public void stopAuthActivity() {
287 |         mContextActivity.finishActivity(LoginActivity.REQUEST_CODE);
288 |     }
289 | }
290 | 


--------------------------------------------------------------------------------