Skip to content

Add support for Multi-Resource Refresh Token (MRRT) #811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Add support for Multi-Resource Refresh Token (MRRT) #811

wants to merge 11 commits into from

Conversation

pmathew92
Copy link
Contributor

@pmathew92 pmathew92 commented Mar 18, 2025
edited
Loading

Changes

This PR moves the Credentials Manager from a single credentials model to a multiple credentials one, supporting:

1 set of app credentials (the existing functionality)
N sets of API-specific credentials
To this end, two new public methods were added to the Credentials Manager:

// And its coroutine counter part
public fun getApiCredentials(
        audience: String,
        scope: String? = null,
        minTtl: Int = 0,
        parameters: Map<String, String> = emptyMap(),
        headers: Map<String, String> = emptyMap(),
        callback: Callback<APICredentials, CredentialsManagerException>
    )
public fun clearApiCredentials(audience: String)

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage

  • This change adds integration test coverage

  • This change has been tested on the latest version of the platform/language or why not

Checklist

@pmathew92 pmathew92 requested a review from a team as a code owner March 18, 2025 09:01
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 19, 2025
View reviewed changes
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
val expiresAt = newCredentials.expiresAt.time
val willAccessTokenExpire = willExpire(expiresAt, minTtl.toLong())
if (willAccessTokenExpire) {
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000

Check warning

Code scanning / CodeQL

Result of multiplication cast to wider type Warning

Potential overflow in
int multiplication
Loading
before it is converted to long by use in a numeric context.

Copilot Autofix

AI 8 days ago

To fix the issue, one of the operands in the multiplication should be explicitly cast to long before the multiplication occurs. This ensures that the multiplication is performed using long arithmetic, avoiding the risk of integer overflow. Specifically, minTtl should be cast to long before multiplying it by 1000.

The change should be made on line 611, where the multiplication occurs. The updated code will cast minTtl to long before performing the multiplication.

Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
@@ -610,3 +610,3 @@
                 if (willAccessTokenExpire) {
-                    val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000
+                    val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000
                     val wrongTtlException = CredentialsManagerException(
EOF
@@ -610,3 +610,3 @@
if (willAccessTokenExpire) {
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000
val wrongTtlException = CredentialsManagerException(
Copilot is powered by AI and may make mistakes. Always verify output.
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
val expiresAt = newCredentials.expiresAt.time
val willAccessTokenExpire = willExpire(expiresAt, minTtl.toLong())
if (willAccessTokenExpire) {
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000

Check warning

Code scanning / CodeQL

Result of multiplication cast to wider type Warning

Potential overflow in
int multiplication
Loading
before it is converted to long by use in a numeric context.

Copilot Autofix

AI 8 days ago

To fix the issue, we need to ensure that the multiplication minTtl * 1000 is performed in a long context to prevent integer overflow. This can be achieved by explicitly casting one of the operands (minTtl or 1000) to long before the multiplication. This ensures that the multiplication is performed as a long operation, avoiding overflow.

The specific change will be made on line 944, where minTtl * 1000 is used. We will cast minTtl to long before multiplying it by 1000.

Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
@@ -943,3 +943,3 @@
                 if (willAccessTokenExpire) {
-                    val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000
+                    val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000
                     val wrongTtlException = CredentialsManagerException(
EOF
@@ -943,3 +943,3 @@
if (willAccessTokenExpire) {
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl * 1000) / -1000
val tokenLifetime = (expiresAt - currentTimeInMillis - minTtl.toLong() * 1000) / -1000
val wrongTtlException = CredentialsManagerException(
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pmathew92