Add support for Multi-Resource Refresh Token (MRRT) #811
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| val expiresAt = newCredentials.expiresAt.time | ||
| val willAccessTokenExpire = willExpire(expiresAt, minTtl.toLong()) | ||
| if (willAccessTokenExpire) { | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000 |
Check warning
Code scanning / CodeQL
Result of multiplication cast to wider type Warning
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 20 days ago
To fix the problem, we need to ensure that the multiplication is performed using long arithmetic to prevent overflow. This can be achieved by casting one of the operands to long before performing the multiplication. Specifically, we should cast minTtl to long before multiplying it by 1000.
- Change the multiplication
minTtl * 1000tominTtl.toLong() * 1000. - This change should be made on line 532 of the file
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt.
| @@ -531,3 +531,3 @@ | ||
| if (willAccessTokenExpire) { | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000 | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000 | ||
| val wrongTtlException = CredentialsManagerException( |
| val expiresAt = newCredentials.expiresAt.time | ||
| val willAccessTokenExpire = willExpire(expiresAt, minTtl.toLong()) | ||
| if (willAccessTokenExpire) { | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000 |
Check warning
Code scanning / CodeQL
Result of multiplication cast to wider type Warning
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 20 days ago
To fix the problem, we need to cast one of the operands to long before performing the multiplication. This ensures that the multiplication is done using long arithmetic, which prevents overflow.
- In general terms, the problem can be fixed by casting one of the operands to
longbefore the multiplication. - Specifically, we will cast
minTtltolongbefore multiplying it by 1000. - The change will be made on line 891 of the file
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt. - No additional methods, imports, or definitions are needed to implement this change.
| @@ -890,3 +890,3 @@ | ||
| if (willAccessTokenExpire) { | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000 | ||
| val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000 | ||
| val wrongTtlException = CredentialsManagerException( |
Changes
This PR moves the Credentials Manager from a single credentials model to a multiple credentials one, supporting:
1 set of app credentials (the existing functionality)
N sets of API-specific credentials
To this end, two new public methods were added to the Credentials Manager:
Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors