Make Credential Managers save the refreshed value #118
Conversation
|
@lbalmaceda is it possible to improve your code-coverage, is this an issue due to the test env only covering a specific API version so other tests can't be executed? I guess question is, what's not being covered? |
|
Regarding your question on date storage, I think ~1 second is fine, given that the expiry time is say 12 or 24 hours? |
README.md
Outdated
| 1. **Instantiate the manager** | ||
| You'll need an `AuthenticationAPIClient` instance used to renew the credentials when they expire and a `Storage`. The Storage implementation is up to you. We provide a `SharedPreferencesStorage` that uses `SharedPreferences` to create a file in the application's directory with Context.MODE_PRIVATE mode. This implementation is thread safe and can either be obtained through a Singleton like method or be created every time it's needed. | ||
| 1. **Instantiate the manager:** | ||
| You'll need an `AuthenticationAPIClient` instance to renew the credentials when they expire and a `Storage`. We provide a `SharedPreferencesStorage` that uses `SharedPreferences` to create a file in the application's directory with **Context.MODE_PRIVATE** mode. This implementation is thread safe and can either be obtained through a shared method or on demand. |
There was a problem hiding this comment.
and a -> and a StorageStorage object.
We provide a -> We provide a SharedPreferencesStorage that uses SharedPreferencesSharedPreferencesStorage class that implements SharedPreferences
There was a problem hiding this comment.
Hmm. But SharedPreferences is a KeyValue store class rather than an interface that you could implement.
There was a problem hiding this comment.
I wasn't sure tbh just mentioned it
README.md
Outdated
| When you want to log the user out: | ||
|
|
||
| ```java | ||
| manager.clearCredentials(); | ||
| ``` | ||
|
|
||
|
|
||
| ### Encryption enforced (Min API 21) |
There was a problem hiding this comment.
Is the language used typically min API X or API X+ ?
There was a problem hiding this comment.
real example: Retrofit requires at minimum Java 7 or Android 2.3.
README.md
Outdated
|
|
||
| #### Requiring Authentication | ||
|
|
||
| You can require the user authentication to obtain credentials. This will make the manager prompt the user with the device's configured LockScreen, which they must pass correctly in order to obtain the credentials. **This feature is only available on devices where the user has setup a secured LockScreen** (PIN, Pattern, Password or Fingerprint). |
There was a problem hiding this comment.
Seems wordy, do we need to explain what a user has to do to pass a LockScreen?
There was a problem hiding this comment.
I think the interesting point here is letting them know that no extra PIN/Pwd needs to bet setup/remembered by them, as we use the one they already use for their phone. And of course, if the phone didn't have any secure lockscreen setup, this won't work.
| @@ -65,7 +65,7 @@ public void saveCredentials(@NonNull Credentials credentials) { | |||
| */ | |||
| public void getCredentials(@NonNull final BaseCallback<Credentials, CredentialsManagerException> callback) { | |||
| String accessToken = storage.retrieveString(KEY_ACCESS_TOKEN); | |||
| String refreshToken = storage.retrieveString(KEY_REFRESH_TOKEN); | |||
| final String refreshToken = storage.retrieveString(KEY_REFRESH_TOKEN); | |||
There was a problem hiding this comment.
How come this one is now final?
There was a problem hiding this comment.
Because I use it on an anonymous function right below and needs any variable accessed from outside its scope to be final. -> https://github.com/auth0/Auth0.Android/pull/118/files#diff-2651976c12b43b2192543b92b10ed2e4R91
| } | ||
| KeyguardManager kManager = (KeyguardManager) activity.getSystemService(Context.KEYGUARD_SERVICE); | ||
| this.authIntent = Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP ? kManager.createConfirmDeviceCredentialIntent(title, description) : null; | ||
| this.authenticateBeforeDecrypt = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M && kManager.isDeviceSecure() |
There was a problem hiding this comment.
Readability would be better with parenthesis. Think of parentheses like comments in code: they aren't strictly necessary, and in theory a competent developer should be able to figure out code without them. And yet, these cues are exceedingly helpful.
There was a problem hiding this comment.
I will add them but TBH it would almost look the same, as the new line is already doing that thing you mention 😛
lbalmaceda
force-pushed
the
save-refreshed-credentials
branch
4 times, most recently
from
78f33ab
to
79642f2
Compare
README.md
Outdated
| @@ -434,20 +434,26 @@ users | |||
| > In all the cases, the `User ID` parameter is the unique identifier of the auth0 account instance. i.e. in `google-oauth2|123456789081523216417` it would be the part after the '|' pipe: `123456789081523216417`. | |||
|
|
|||
|
|
|||
| ### Credentials Manager | |||
| This library ships with a `CredentialsManager` class to easily store and retrieve fresh Credentials from a given `Storage`. | |||
There was a problem hiding this comment.
🤔 I think you're commenting on the deleted line.
lbalmaceda
force-pushed
the
save-refreshed-credentials
branch
from
9b0da89
to
348ba26
Compare
My only concern in this PR is that when serializing theCredentialsobject, Gson (our Json library) will serialize Java Dates to a string value (not long timestamps), thus losing the precision (milis). Should I make the serializer serialize Longs instead? (I've to code that logic) or is it an edge case and we're ok having a 1 second expiredCredentials?EDIT: Fixed. Now Gson serializes dates in a correct format including Timezone and Millis.
Depends on this PR getting merged: #115. Once merged, a rebase will make diff clearer here.
Closes #109