openid / AppAuth-Android

Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
https://openid.github.io/AppAuth-Android
Apache License 2.0
2.89k stars 892 forks source link

Adding an AuthState#onUpdateListener-Method #871

Open NWuensche opened 2 years ago

NWuensche commented 2 years ago

Feature Request

Motivation

When using the AuthState class, persistence is essential after updating the AuthState-Object as explained in the README.md. However, it is not that easy to keep track of when the AuthState was explizitly or implicitly updated (e.g. with AuthState#performActionWithFreshTokens) .

Description

A new method, called AuthState.onUpdateListener(listener: AuthStateUpdateListener), will be added to the AuthState class. Everytime the authState.update-Method gets executed, the installed listeners will be called. For example

authState.onUpdateListener(new AuthStateUpdateListener() {
   @Override public void execute(
        AuthState newAuthState) {
       PersistenceStore.store(newAuthState);
  })
}
...
authState.performActionWithFreshTokens(service, new AuthStateAction() {
  @Override public void execute(
      String accessToken,
      String idToken,
      AuthorizationException ex) {
   //Will automatically call authState.onUpdate
  ...
  }
});

Alternatives or Workarounds

Currently, I have to take a lot of care of when the authState object has been updated to not forget to persist it.

bhavnamulani commented 1 year ago

Hi @NWuensche , How you are persisting authstate can you please add some examples for reference?

Thanks in advance

NWuensche commented 1 year ago

Hello,

I'm coming from the Android-Site, so I would probably store it in an SharedPreferences-Manager (a key-value storage):

authState.onUpdateListener(new AuthStateUpdateListener() {
    @Override public void execute(
         AuthState newAuthState) {
        sharedPreferences.putString("authState" newAuthState.toJson());
   })
}

On Di, 07. Mär 22:48, GitHub Notifications wrote:

Hi @NWuensche , How you are persisting authstate can you please add some examples for reference?

Thanks in advance

-- Reply to this email directly or view it on GitHub: https://github.com/openid/AppAuth-Android/issues/871#issuecomment-1459625133 You are receiving this because you were mentioned.

Message ID: @.***>

bhavnamulani commented 1 year ago

Thanks, @NWuensche. As you have worked on AppAuth can you please help me with the issue where I need to intercept app auth calls and retrieve all the request header, response header, and cookies from API calls so that I can pass that to the further call for session maintenance? I am not able to capture all the data from API can you pls help me with this issue?

NWuensche commented 1 year ago

Sorry, unfortunately I cannot.

agologan commented 1 year ago

@bhavnamulani see https://github.com/openid/AppAuth-Android#customizing-the-connection-builder-for-http-requests

Back on topic: As a maintainer I've always viewed performActionWithFreshTokens() as a convenience method for prototyping rather than the way to do authenticated calls long term. I've seen apps use this successfully in production but when needing more control, devs should take hold of the refresh process.

fpaaske commented 1 year ago

Possibly a duplicate of #287?