Added overloaded siginPasskey method which takes the public credential json string

pmathew92 · pmathew92 · commit b51aca28d09d · 2024-11-14T14:37:45.000+05:30
diff --git a/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt b/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt
@@ -156,7 +156,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
 
     /**
      * Sign-in a user using passkeys.
-     * This should be called after the client has received the passkey challenge and auth-session from the server
+     * This should be called after the client has received the passkey challenge from the server and generated the public key response.
      * The default scope used is 'openid profile email'.
      *
      * Requires the client to have the **Passkey** Grant Type enabled. See [Client Grant Types](https://auth0.com/docs/clients/client-grant-types)
@@ -175,7 +175,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
      * ```
      *
      * @param authSession the auth session received from the server as part of the public key challenge request.
-     * @param authResponse the public key credential authentication response
+     * @param authResponse the [PublicKeyCredentials] authentication response
      * @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
      * @return a request to configure and start that will yield [Credentials]
      */
@@ -198,6 +198,44 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
     }
 
 
+    /**
+     * Sign-in a user using passkeys.
+     * This should be called after the client has received the passkey challenge from the server and generated the public key response.
+     * The default scope used is 'openid profile email'.
+     *
+     * Requires the client to have the **Passkey** Grant Type enabled. See [Client Grant Types](https://auth0.com/docs/clients/client-grant-types)
+     * to learn how to enable it.
+     *
+     * Example usage:
+     *
+     * ```
+     * client.signinWithPasskey("{authSession}", "{authResponse}","{realm}")
+     *       .validateClaims() //mandatory
+     *       .addParameter("scope","scope")
+     *       .start(object: Callback<Credentials, AuthenticationException> {
+     *           override fun onFailure(error: AuthenticationException) { }
+     *           override fun onSuccess(result: Credentials) { }
+     * })
+     * ```
+     *
+     * @param authSession the auth session received from the server as part of the public key challenge request.
+     * @param authResponse the public key credential authentication response in JSON string format that follows the standard webauthn json format
+     * @param realm the connection to use. If excluded, the application will use the default connection configured in the tenant
+     * @return a request to configure and start that will yield [Credentials]
+     */
+    public fun signinWithPasskey(
+        authSession: String,
+        authResponse: String,
+        realm: String? = null
+    ): AuthenticationRequest {
+        val publicKeyCredentials = gson.fromJson(
+            authResponse,
+            PublicKeyCredentials::class.java
+        )
+        return signinWithPasskey(authSession, publicKeyCredentials, realm)
+    }
+
+
     /**
      *  Sign-up a user and returns a challenge for private and public key generation.
      *  The default scope used is 'openid profile email'.
@@ -224,7 +262,7 @@ public class AuthenticationAPIClient @VisibleForTesting(otherwise = VisibleForTe
         userData: UserData,
         realm: String? = null
     ): Request<PasskeyRegistrationChallenge, AuthenticationException> {
-        val user = Gson().toJsonTree(userData)
+        val user = gson.toJsonTree(userData)
         val url = auth0.getDomainUrl().toHttpUrl().newBuilder()
             .addPathSegment(PASSKEY_PATH)
             .addPathSegment(REGISTER_PATH)
diff --git a/auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.kt b/auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.kt
@@ -7,6 +7,7 @@ import com.auth0.android.authentication.ParameterBuilder.Companion.newBuilder
 import com.auth0.android.provider.JwtTestUtils
 import com.auth0.android.request.HttpMethod
 import com.auth0.android.request.NetworkingClient
+import com.auth0.android.request.PublicKeyCredentials
 import com.auth0.android.request.RequestOptions
 import com.auth0.android.request.ServerResponse
 import com.auth0.android.request.internal.RequestFactory
@@ -191,7 +192,7 @@ public class AuthenticationAPIClientTest {
         val callback = MockAuthenticationCallback<Credentials>()
         val auth0 = auth0
         val client = AuthenticationAPIClient(auth0)
-        client.signinWithPasskey("auth-session", mock(), MY_CONNECTION)
+        client.signinWithPasskey("auth-session", mock<PublicKeyCredentials>(), MY_CONNECTION)
             .start(callback)
         ShadowLooper.idleMainLooper()
         assertThat(
diff --git a/auth0/src/test/java/com/auth0/android/provider/PasskeyManagerTest.kt b/auth0/src/test/java/com/auth0/android/provider/PasskeyManagerTest.kt
@@ -17,6 +17,7 @@ import com.auth0.android.authentication.AuthenticationException
 import com.auth0.android.authentication.request.AuthenticationRequestMock
 import com.auth0.android.authentication.request.RequestMock
 import com.auth0.android.callback.Callback
+import com.auth0.android.request.PublicKeyCredentials
 import com.auth0.android.request.UserData
 import com.auth0.android.result.AuthParamsPublicKey
 import com.auth0.android.result.AuthenticatorSelection
@@ -135,7 +136,13 @@ public class PasskeyManagerTest {
         `when`(authenticationAPIClient.signupWithPasskey(userMetadata, "testRealm")).thenReturn(
             RequestMock(passkeyRegistrationChallengeResponse, null)
         )
-        `when`(authenticationAPIClient.signinWithPasskey(any(), any(), any())).thenReturn(
+        `when`(
+            authenticationAPIClient.signinWithPasskey(
+                any(),
+                any<PublicKeyCredentials>(),
+                any()
+            )
+        ).thenReturn(
             AuthenticationRequestMock(
                 Credentials(
                     "expectedIdToken",
@@ -178,7 +185,7 @@ public class PasskeyManagerTest {
 
         verify(authenticationAPIClient).signupWithPasskey(userMetadata, "testRealm")
         verify(credentialManager).createCredentialAsync(eq(context), any(), any(), any(), any())
-        verify(authenticationAPIClient).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient).signinWithPasskey(any(), any<PublicKeyCredentials>(), any())
         verify(callback).onSuccess(credentialsCaptor.capture())
         Assert.assertEquals("codeAccess", credentialsCaptor.firstValue.accessToken)
         Assert.assertEquals("codeScope", credentialsCaptor.firstValue.scope)
@@ -205,7 +212,11 @@ public class PasskeyManagerTest {
             serialExecutor
         )
         verify(authenticationAPIClient).signupWithPasskey(userMetadata, "testRealm")
-        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient, never()).signinWithPasskey(
+            any(),
+            any<PublicKeyCredentials>(),
+            any()
+        )
         verify(credentialManager, never()).createCredentialAsync(
             any(),
             any(),
@@ -251,7 +262,11 @@ public class PasskeyManagerTest {
         )
         verify(authenticationAPIClient).signupWithPasskey(userMetadata, "testRealm")
         verify(credentialManager).createCredentialAsync(eq(context), any(), any(), any(), any())
-        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient, never()).signinWithPasskey(
+            any(),
+            any<PublicKeyCredentials>(),
+            any()
+        )
         verify(callback).onFailure(exceptionCaptor.capture())
         Assert.assertEquals(
             AuthenticationException::class.java,
@@ -277,7 +292,7 @@ public class PasskeyManagerTest {
             PublicKeyCredential(registrationResponseJSON)
         )
 
-        `when`(authenticationAPIClient.signinWithPasskey(any(), any(), any())).thenReturn(
+        `when`(authenticationAPIClient.signinWithPasskey(any(), any<PublicKeyCredentials>(), any())).thenReturn(
             AuthenticationRequestMock(
                 Credentials(
                     "expectedIdToken",
@@ -309,7 +324,7 @@ public class PasskeyManagerTest {
             any(),
             any()
         )
-        verify(authenticationAPIClient).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient).signinWithPasskey(any(), any<PublicKeyCredentials>(), any())
         verify(callback).onSuccess(credentialsCaptor.capture())
         Assert.assertEquals("codeAccess", credentialsCaptor.firstValue.accessToken)
         Assert.assertEquals("codeScope", credentialsCaptor.firstValue.scope)
@@ -335,7 +350,7 @@ public class PasskeyManagerTest {
             any(),
             any()
         )
-        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any<PublicKeyCredentials>(), any())
         verify(callback).onFailure(error)
     }
 
@@ -369,7 +384,7 @@ public class PasskeyManagerTest {
             any(),
             any()
         )
-        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any(), any())
+        verify(authenticationAPIClient, never()).signinWithPasskey(any(), any<PublicKeyCredentials>(), any())
         verify(callback).onFailure(exceptionCaptor.capture())
         Assert.assertEquals(
             AuthenticationException::class.java,
diff --git a/sample/src/main/res/values/strings.xml b/sample/src/main/res/values/strings.xml
@@ -1,6 +1,6 @@
 <resources>
     <string name="app_name">Auth0 SDK Sample</string>
-    <string name="com_auth0_domain">pmathew.acmetest.org</string>
+    <string name="com_auth0_domain">mathewp.acmetest.org</string>
     <string name="com_auth0_client_id">gkba7X6OJM2b0cdlUlTCqXD7AwT3FYVV</string>
     <string name="com_auth0_scheme">demo</string>
 </resources>
