use of com.okta.oidc.storage.security.DefaultEncryptionManager in project okta-oidc-android by okta.
the class EncryptionTest method setUp.
@Before
public void setUp() {
mEncryptionManager = new DefaultEncryptionManager(activityRule.getActivity());
Context context = InstrumentationRegistry.getInstrumentation().getContext();
mConfiguration = Utils.getAsset(context, "configuration.json");
}
use of com.okta.oidc.storage.security.DefaultEncryptionManager in project okta-oidc-android by okta.
the class PlainActivity method onCreate.
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.plain_activity);
mCancel = findViewById(R.id.cancel);
mSignInBrowser = findViewById(R.id.sign_in);
mSocialLogin = findViewById(R.id.sign_in_social);
mCheckExpired = findViewById(R.id.check_expired);
mSignOutOfOkta = findViewById(R.id.sign_out_of_okta);
mSignOut = findViewById(R.id.sign_out);
mClearData = findViewById(R.id.clear_data);
mRevokeContainer = findViewById(R.id.revoke_token);
mRevokeAccess = findViewById(R.id.revoke_access);
mRevokeRefresh = findViewById(R.id.revoke_refresh);
mRefreshToken = findViewById(R.id.refresh_token);
mGetProfile = findViewById(R.id.get_profile);
mProgressBar = findViewById(R.id.progress_horizontal);
mTvStatus = findViewById(R.id.status);
mIntrospectRefresh = findViewById(R.id.introspect_refresh);
mIntrospectAccess = findViewById(R.id.introspect_access);
mIntrospectId = findViewById(R.id.introspect_id);
mBiometric = findViewById(R.id.biometric);
mSignInBrowser.setOnClickListener(v -> {
showNetworkProgress(true);
mWebAuth.signIn(this, mPayload);
});
mSocialLogin.setOnClickListener(v -> {
showNetworkProgress(true);
mPayload = new AuthenticationPayload.Builder().setIdp(BuildConfig.IDP).setIdpScope(BuildConfig.IDP_SCOPE).build();
mWebAuth.signIn(this, mPayload);
});
boolean checked = getSharedPreferences(PlainActivity.class.getName(), MODE_PRIVATE).getBoolean(PREF_FINGERPRINT, false);
mKeyguardEncryptionManager = new GuardedEncryptionManager(this, Integer.MAX_VALUE);
mDefaultEncryptionManager = new DefaultEncryptionManager(this);
mCurrentEncryptionManager = checked ? mKeyguardEncryptionManager : mDefaultEncryptionManager;
mBiometric.setChecked(checked);
mBiometric.setOnCheckedChangeListener((button, isChecked) -> {
if (!isKeyguardSecure()) {
button.setChecked(false);
mTvStatus.setText("Keyguard not secure. Set a PIN or enroll a fingerprint.");
return;
}
if (isChecked) {
try {
if (!mKeyguardEncryptionManager.isValidKeys()) {
mKeyguardEncryptionManager.recreateKeys(this);
}
mKeyguardEncryptionManager.recreateCipher();
mSessionClient.migrateTo(mKeyguardEncryptionManager);
mCurrentEncryptionManager = mKeyguardEncryptionManager;
} catch (AuthorizationException e) {
mTvStatus.setText("Error in data migration check logs for error");
Log.d(TAG, "Error migrateTo", e);
}
} else {
mCurrentEncryptionManager.removeKeys();
mSessionClient.clear();
mCurrentEncryptionManager = mDefaultEncryptionManager;
try {
// set the encryption manager back to default.
mSessionClient.migrateTo(mCurrentEncryptionManager);
} catch (AuthorizationException e) {
// NO-OP
}
showSignedOutMode();
}
getSharedPreferences(PlainActivity.class.getName(), MODE_PRIVATE).edit().putBoolean(PREF_FINGERPRINT, isChecked).apply();
});
mCheckExpired.setOnClickListener(v -> {
try {
mTvStatus.setText(mSessionClient.getTokens().isAccessTokenExpired() ? "token expired" : "token not expired");
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectRefresh.setOnClickListener(v -> {
showNetworkProgress(true);
String refreshToken;
try {
refreshToken = mSessionClient.getTokens().getRefreshToken();
mSessionClient.introspectToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("RefreshToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("RefreshToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectAccess.setOnClickListener(v -> {
showNetworkProgress(true);
try {
mSessionClient.introspectToken(mSessionClient.getTokens().getAccessToken(), TokenTypeHint.ACCESS_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("AccessToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("AccessToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectId.setOnClickListener(v -> {
showNetworkProgress(true);
try {
mSessionClient.introspectToken(mSessionClient.getTokens().getIdToken(), TokenTypeHint.ID_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("IdToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("IdToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mGetProfile.setOnClickListener(v -> {
getProfile();
});
mRefreshToken.setOnClickListener(v -> {
showNetworkProgress(true);
mSessionClient.refreshToken(new RequestCallback<Tokens, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Tokens result) {
mTvStatus.setText("token refreshed");
showNetworkProgress(false);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText(exception.errorDescription);
showNetworkProgress(false);
}
});
});
mRevokeRefresh.setOnClickListener(v -> {
try {
Tokens tokens = mSessionClient.getTokens();
if (tokens != null && tokens.getRefreshToken() != null) {
mProgressBar.setVisibility(View.VISIBLE);
mSessionClient.revokeToken(mSessionClient.getTokens().getRefreshToken(), new RequestCallback<Boolean, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Boolean result) {
String status = "Revoke refresh token : " + result;
Log.d(TAG, status);
mTvStatus.setText(status);
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
Log.d(TAG, exception.error + " revokeRefreshToken onError " + error, exception);
mTvStatus.setText(error);
mProgressBar.setVisibility(View.GONE);
}
});
}
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mRevokeAccess.setOnClickListener(v -> {
try {
Tokens tokens = mSessionClient.getTokens();
if (tokens != null && tokens.getAccessToken() != null) {
mProgressBar.setVisibility(View.VISIBLE);
mSessionClient.revokeToken(mSessionClient.getTokens().getAccessToken(), new RequestCallback<Boolean, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Boolean result) {
String status = "Revoke Access token : " + result;
Log.d(TAG, status);
mTvStatus.setText(status);
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
Log.d(TAG, exception.error + " revokeAccessToken onError " + error, exception);
mTvStatus.setText(error);
mProgressBar.setVisibility(View.GONE);
}
});
}
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mSignOutOfOkta.setOnClickListener(v -> {
mWebAuth.signOutOfOkta(this);
});
mSignOut.setOnClickListener(v -> {
showNetworkProgress(true);
mWebAuth.signOut(this, new RequestCallback<Integer, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Integer result) {
showNetworkProgress(false);
mTvStatus.setText("");
if (result == SUCCESS) {
mTvStatus.setText("Signed out all");
showSignedOutMode();
}
if ((result & FAILED_CLEAR_SESSION) == FAILED_CLEAR_SESSION) {
mTvStatus.append("FAILED_CLEAR_SESSION\n");
}
if ((result & FAILED_REVOKE_ACCESS_TOKEN) == FAILED_REVOKE_ACCESS_TOKEN) {
mTvStatus.append("FAILED_REVOKE_ACCESS_TOKEN\n");
}
if ((result & FAILED_REVOKE_REFRESH_TOKEN) == FAILED_REVOKE_REFRESH_TOKEN) {
mTvStatus.append("FAILED_REVOKE_REFRESH_TOKEN\n");
}
if ((result & FAILED_CLEAR_DATA) == FAILED_CLEAR_DATA) {
mTvStatus.append("FAILED_CLEAR_DATA\n");
}
}
@Override
public void onError(@Nullable String msg, @Nullable AuthorizationException exception) {
// NO-OP
}
});
});
mClearData.setOnClickListener(v -> {
mSessionClient.clear();
mTvStatus.setText("clear data");
showSignedOutMode();
});
// Example of config
mOidcConfig = new OIDCConfig.Builder().clientId(BuildConfig.CLIENT_ID).redirectUri(BuildConfig.REDIRECT_URI).endSessionRedirectUri(BuildConfig.END_SESSION_URI).scopes(BuildConfig.SCOPES).discoveryUri(BuildConfig.DISCOVERY_URI).create();
// use custom connection factory
MyConnectionFactory factory = new MyConnectionFactory();
factory.setClientType(MyConnectionFactory.USE_SYNC_OK_HTTP);
boolean isEmulator = isEmulator();
mWebAuth = new Okta.WebAuthBuilder().withConfig(mOidcConfig).withContext(getApplicationContext()).withCallbackExecutor(null).withEncryptionManager(mCurrentEncryptionManager).setRequireHardwareBackedKeyStore(!isEmulator).withTabColor(0).withStartAnimation(R.anim.pull_in_bottom, R.anim.push_out_bottom).withExitAnimation(R.anim.pull_in_bottom, R.anim.push_out_bottom).withOktaHttpClient(factory.build()).supportedBrowsers(FIRE_FOX).create();
mSessionClient = mWebAuth.getSessionClient();
if (mSessionClient.isAuthenticated()) {
showAuthenticatedMode();
}
mCancel.setOnClickListener(v -> {
mWebAuth.cancel();
mSessionClient.cancel();
showNetworkProgress(false);
});
setupCallback();
}
use of com.okta.oidc.storage.security.DefaultEncryptionManager in project okta-oidc-android by okta.
the class SampleActivity method onCreate.
@Override
protected void onCreate(Bundle savedInstanceState) {
Log.d(TAG, "onCreate");
super.onCreate(savedInstanceState);
setContentView(R.layout.sample_activity);
mCancel = findViewById(R.id.cancel);
mCheckExpired = findViewById(R.id.check_expired);
mSignInBrowser = findViewById(R.id.sign_in);
mSignInNative = findViewById(R.id.sign_in_native);
mSignOut = findViewById(R.id.sign_out);
mClearData = findViewById(R.id.clear_data);
mRevokeContainer = findViewById(R.id.revoke_token);
mRevokeAccess = findViewById(R.id.revoke_access);
mRevokeRefresh = findViewById(R.id.revoke_refresh);
mRefreshToken = findViewById(R.id.refresh_token);
mGetProfile = findViewById(R.id.get_profile);
mProgressBar = findViewById(R.id.progress_horizontal);
mTvStatus = findViewById(R.id.status);
mIntrospectRefresh = findViewById(R.id.introspect_refresh);
mIntrospectAccess = findViewById(R.id.introspect_access);
mIntrospectId = findViewById(R.id.introspect_id);
mSwitch = findViewById(R.id.switch1);
mEditText = findViewById(R.id.login_hint);
mStorageOidc = new SharedPreferenceStorage(this);
boolean checked = getSharedPreferences(SampleActivity.class.getName(), MODE_PRIVATE).getBoolean(PREF_SWITCH, true);
mIsSessionSignIn = getSharedPreferences(SampleActivity.class.getName(), MODE_PRIVATE).getBoolean(PREF_NON_WEB, true);
mSwitch.setChecked(checked);
mSwitch.setOnCheckedChangeListener((buttonView, isChecked) -> {
// reset callbacks
setupCallback();
if (getSessionClient().isAuthenticated()) {
showAuthenticatedMode();
} else {
showSignedOutMode();
}
mSwitch.setText(isChecked ? "OIDC" : "OAuth2");
});
mCheckExpired.setOnClickListener(v -> {
SessionClient client = getSessionClient();
try {
mTvStatus.setText(client.getTokens().isAccessTokenExpired() ? "token expired" : "token not expired");
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectRefresh.setOnClickListener(v -> {
showNetworkProgress(true);
SessionClient client = getSessionClient();
String refreshToken;
try {
refreshToken = client.getTokens().getRefreshToken();
client.introspectToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("RefreshToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("RefreshToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectAccess.setOnClickListener(v -> {
showNetworkProgress(true);
SessionClient client = getSessionClient();
try {
client.introspectToken(client.getTokens().getAccessToken(), TokenTypeHint.ACCESS_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("AccessToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("AccessToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mIntrospectId.setOnClickListener(v -> {
showNetworkProgress(true);
SessionClient client = getSessionClient();
try {
client.introspectToken(client.getTokens().getIdToken(), TokenTypeHint.ID_TOKEN, new RequestCallback<IntrospectInfo, AuthorizationException>() {
@Override
public void onSuccess(@NonNull IntrospectInfo result) {
mTvStatus.setText("IdToken active: " + result.isActive());
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText("IdToken Introspect error");
mProgressBar.setVisibility(View.GONE);
}
});
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mGetProfile.setOnClickListener(v -> getProfile());
mRefreshToken.setOnClickListener(v -> {
showNetworkProgress(true);
SessionClient client = getSessionClient();
client.refreshToken(new RequestCallback<Tokens, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Tokens result) {
mTvStatus.setText("token refreshed");
showNetworkProgress(false);
}
@Override
public void onError(String error, AuthorizationException exception) {
mTvStatus.setText(exception.errorDescription);
showNetworkProgress(false);
}
});
});
mRevokeRefresh.setOnClickListener(v -> {
SessionClient client = getSessionClient();
try {
Tokens tokens = client.getTokens();
if (tokens != null && tokens.getRefreshToken() != null) {
mProgressBar.setVisibility(View.VISIBLE);
client.revokeToken(client.getTokens().getRefreshToken(), new RequestCallback<Boolean, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Boolean result) {
String status = "Revoke refresh token : " + result;
Log.d(TAG, status);
mTvStatus.setText(status);
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
Log.d(TAG, exception.error + " revokeRefreshToken onError " + error, exception);
mTvStatus.setText(error);
mProgressBar.setVisibility(View.GONE);
}
});
}
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mRevokeAccess.setOnClickListener(v -> {
SessionClient client = getSessionClient();
try {
Tokens tokens = client.getTokens();
if (tokens != null && tokens.getAccessToken() != null) {
mProgressBar.setVisibility(View.VISIBLE);
client.revokeToken(client.getTokens().getAccessToken(), new RequestCallback<Boolean, AuthorizationException>() {
@Override
public void onSuccess(@NonNull Boolean result) {
String status = "Revoke Access token : " + result;
Log.d(TAG, status);
mTvStatus.setText(status);
mProgressBar.setVisibility(View.GONE);
}
@Override
public void onError(String error, AuthorizationException exception) {
Log.d(TAG, exception.error + " revokeAccessToken onError " + error, exception);
mTvStatus.setText(error);
mProgressBar.setVisibility(View.GONE);
}
});
}
} catch (AuthorizationException e) {
Log.d(TAG, "", e);
}
});
mSignOut.setOnClickListener(v -> {
showNetworkProgress(true);
WebAuthClient client = getWebAuthClient();
client.signOutOfOkta(this);
});
mClearData.setOnClickListener(v -> {
SessionClient client = getSessionClient();
client.clear();
mTvStatus.setText("clear data");
showSignedOutMode();
});
mSignInBrowser.setOnClickListener(v -> {
showNetworkProgress(true);
WebAuthClient client = getWebAuthClient();
String loginHint = mEditText.getEditableText().toString();
if (!TextUtils.isEmpty(loginHint)) {
mPayload = new AuthenticationPayload.Builder().setLoginHint(loginHint).build();
}
client.signIn(this, mPayload);
});
mSignInNative.setOnClickListener(v -> {
FragmentTransaction ft = getSupportFragmentManager().beginTransaction();
Fragment prev = getSupportFragmentManager().findFragmentByTag("signin");
if (prev != null) {
ft.remove(prev);
}
ft.addToBackStack(null);
mSignInDialog = new SignInDialog();
mSignInDialog.setListener(this);
mSignInDialog.show(ft, "signin");
});
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
mAuthenticationClient = AuthenticationClients.builder().setOrgUrl(BuildConfig.DISCOVERY_URI).build();
} else {
mSignInNative.setVisibility(View.GONE);
}
// Example of using JSON file to create config
mOidcConfig = new OIDCConfig.Builder().withJsonFile(this, R.raw.okta_oidc_config).create();
// Example of config
mOidcConfig = new OIDCConfig.Builder().clientId(BuildConfig.CLIENT_ID).redirectUri(BuildConfig.REDIRECT_URI).endSessionRedirectUri(BuildConfig.END_SESSION_URI).scopes(BuildConfig.SCOPES).discoveryUri(BuildConfig.DISCOVERY_URI).create();
mOAuth2Config = new OIDCConfig.Builder().clientId(BuildConfig.CLIENT_ID).redirectUri(BuildConfig.REDIRECT_URI).endSessionRedirectUri(BuildConfig.END_SESSION_URI).scopes(BuildConfig.SCOPES).discoveryUri(BuildConfig.DISCOVERY_URI + "/oauth2/default").create();
// use custom connection factory
MyConnectionFactory factory = new MyConnectionFactory();
factory.setClientType(MyConnectionFactory.USE_SYNC_OK_HTTP);
try {
mEncryptedSharedPref = new EncryptedSharedPreferenceStorage(this);
} catch (GeneralSecurityException | IOException ex) {
Log.d(TAG, "Unable to initialize EncryptedSharedPreferenceStorage", ex);
}
mWebOAuth2 = new Okta.WebAuthBuilder().withConfig(mOAuth2Config).withContext(getApplicationContext()).withStorage(mEncryptedSharedPref).withEncryptionManager(new NoEncryption()).setRequireHardwareBackedKeyStore(!isEmulator()).supportedBrowsers(// chrome is always supported by default
FIRE_FOX).create();
mSessionOAuth2Client = mWebOAuth2.getSessionClient();
Okta.WebAuthBuilder builder = new Okta.WebAuthBuilder().withConfig(mOidcConfig).withContext(getApplicationContext()).withStorage(mStorageOidc).withCallbackExecutor(null).withEncryptionManager(new DefaultEncryptionManager(this)).setRequireHardwareBackedKeyStore(!isEmulator()).withTabColor(0).withOktaHttpClient(factory.build()).supportedBrowsers(FIRE_FOX);
mWebAuth = builder.create();
mSessionClient = mWebAuth.getSessionClient();
mAuthClient = new Okta.AuthBuilder().withConfig(mOidcConfig).withContext(getApplicationContext()).withStorage(new SharedPreferenceStorage(this)).withEncryptionManager(new DefaultEncryptionManager(this)).setRequireHardwareBackedKeyStore(false).withCallbackExecutor(null).create();
mSessionNonWebClient = mAuthClient.getSessionClient();
if (getSessionClient().isAuthenticated()) {
showAuthenticatedMode();
}
mCancel.setOnClickListener(v -> {
// cancel web auth requests
getWebAuthClient().cancel();
// cancel session requests
getSessionClient().cancel();
showNetworkProgress(false);
});
setupCallback();
}
Aggregations