add support for OAuth 2.0 Device Authorization Grant (RFC 8628) (thanks to https://github.com/rebarbora-mckvak)

kullfar · kullfar · commit 08d6ecb0bc14 · 2020-11-09T10:17:28.000+03:00
diff --git a/README.md b/README.md
@@ -50,6 +50,7 @@ ScribeJava support out-of-box several HTTP clients:
   * [RFC 6750](https://tools.ietf.org/html/rfc6750) The OAuth 2.0 Authorization Framework: Bearer Token Usage
   * [RFC 7636](https://tools.ietf.org/html/rfc7636) Proof Key for Code Exchange by OAuth Public Clients (PKCE), [example](https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20WithPKCEExample.java)
   * [RFC 7009](https://tools.ietf.org/html/rfc7009) OAuth 2.0 Token Revocation, [example](https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20RevokeExample.java)
+  * [RFC 8628](https://tools.ietf.org/html/rfc8628) OAuth 2.0 Device Authorization Grant [example](https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20DeviceAuthorizationGrantExample.java)
   * [RFC 5849](https://tools.ietf.org/html/rfc5849) The OAuth 1.0 Protocol, [example](https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/TwitterExample.java)
 
 ### Supports all (50+) major 1.0a and 2.0 OAuth APIs out-of-the-box
diff --git a/changelog b/changelog
@@ -1,6 +1,7 @@
 [SNAPSHOT]
  * add Kakao API (https://kakao.com/) (thanks to https://github.com/v0o0v)
  * support chunks in JDKHttpClient's Multipart (thanks to https://github.com/eos1d3)
+ * add support for OAuth 2.0 Device Authorization Grant (RFC 8628) (thanks to https://github.com/rebarbora-mckvak)
 
 [7.1.1]
  * add Proxy support (via config's option) to internal JDKHttpClient (thanks to https://github.com/bjournaud)
diff --git a/scribejava-apis/src/main/java/com/github/scribejava/apis/GoogleApi20.java b/scribejava-apis/src/main/java/com/github/scribejava/apis/GoogleApi20.java
@@ -1,7 +1,9 @@
 package com.github.scribejava.apis;
 
+import com.github.scribejava.apis.google.GoogleDeviceAuthorizationJsonExtractor;
 import com.github.scribejava.apis.openid.OpenIdJsonTokenExtractor;
 import com.github.scribejava.core.builder.api.DefaultApi20;
+import com.github.scribejava.core.extractors.DeviceAuthorizationJsonExtractor;
 import com.github.scribejava.core.extractors.TokenExtractor;
 import com.github.scribejava.core.model.OAuth2AccessToken;
 
@@ -11,6 +13,7 @@ protected GoogleApi20() {
     }
 
     private static class InstanceHolder {
+
         private static final GoogleApi20 INSTANCE = new GoogleApi20();
     }
 
@@ -20,12 +23,12 @@ public static GoogleApi20 instance() {
 
     @Override
     public String getAccessTokenEndpoint() {
-        return "https://www.googleapis.com/oauth2/v4/token";
+        return "https://oauth2.googleapis.com/token";
     }
 
     @Override
     protected String getAuthorizationBaseUrl() {
-        return "https://accounts.google.com/o/oauth2/auth";
+        return "https://accounts.google.com/o/oauth2/v2/auth";
     }
 
     @Override
@@ -35,6 +38,16 @@ public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
 
     @Override
     public String getRevokeTokenEndpoint() {
-        return "https://accounts.google.com/o/oauth2/revoke";
+        return "https://oauth2.googleapis.com/revoke";
+    }
+
+    @Override
+    public String getDeviceAuthorizationEndpoint() {
+        return "https://oauth2.googleapis.com/device/code";
+    }
+
+    @Override
+    public DeviceAuthorizationJsonExtractor getDeviceAuthorizationExtractor() {
+        return GoogleDeviceAuthorizationJsonExtractor.instance();
     }
 }
diff --git a/scribejava-apis/src/main/java/com/github/scribejava/apis/google/GoogleDeviceAuthorizationJsonExtractor.java b/scribejava-apis/src/main/java/com/github/scribejava/apis/google/GoogleDeviceAuthorizationJsonExtractor.java
@@ -0,0 +1,25 @@
+package com.github.scribejava.apis.google;
+
+import com.github.scribejava.core.extractors.DeviceAuthorizationJsonExtractor;
+
+public class GoogleDeviceAuthorizationJsonExtractor extends DeviceAuthorizationJsonExtractor {
+
+    protected GoogleDeviceAuthorizationJsonExtractor() {
+    }
+
+    private static class InstanceHolder {
+
+        private static final GoogleDeviceAuthorizationJsonExtractor INSTANCE
+                = new GoogleDeviceAuthorizationJsonExtractor();
+    }
+
+    public static GoogleDeviceAuthorizationJsonExtractor instance() {
+        return GoogleDeviceAuthorizationJsonExtractor.InstanceHolder.INSTANCE;
+    }
+
+    @Override
+    protected String getVerificationUriParamName() {
+        return "verification_url";
+    }
+
+}
diff --git a/scribejava-apis/src/main/java/com/github/scribejava/apis/microsoftazureactivedirectory/BaseMicrosoftAzureActiveDirectoryApi.java b/scribejava-apis/src/main/java/com/github/scribejava/apis/microsoftazureactivedirectory/BaseMicrosoftAzureActiveDirectoryApi.java
@@ -30,11 +30,6 @@ protected String getAuthorizationBaseUrl() {
         return MSFT_LOGIN_URL + tenant + OAUTH_2 + getEndpointVersionPath() + "/authorize";
     }
 
-    @Override
-    public String getDeviceAuthorizationUrl() {
-        return MSFT_LOGIN_URL + tenant + OAUTH_2 + getEndpointVersionPath() + "/devicecode";
-    }
-
     @Override
     public ClientAuthentication getClientAuthentication() {
         return RequestBodyAuthenticationScheme.instance();
diff --git a/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20DeviceAuthorizationGrantExample.java b/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20DeviceAuthorizationGrantExample.java
@@ -0,0 +1,82 @@
+package com.github.scribejava.apis.examples;
+
+import com.github.scribejava.core.builder.ServiceBuilder;
+import com.github.scribejava.apis.GoogleApi20;
+import com.github.scribejava.core.model.DeviceAuthorization;
+import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuthRequest;
+import com.github.scribejava.core.model.Response;
+import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.oauth.OAuth20Service;
+import java.io.IOException;
+import java.util.Scanner;
+import java.util.concurrent.ExecutionException;
+
+public class Google20DeviceAuthorizationGrantExample {
+
+    private static final String NETWORK_NAME = "Google";
+    private static final String PROTECTED_RESOURCE_URL = "https://www.googleapis.com/oauth2/v3/userinfo";
+
+    private Google20DeviceAuthorizationGrantExample() {
+    }
+
+    @SuppressWarnings("PMD.SystemPrintln")
+    public static void main(String... args) throws IOException, InterruptedException, ExecutionException {
+        // Replace these with your client id and secret
+        final String clientId = "your client id";
+        final String clientSecret = "your_client_secret";
+
+        final OAuth20Service service = new ServiceBuilder(clientId)
+                .debug()
+                .apiSecret(clientSecret)
+                .defaultScope("profile") // replace with desired scope
+                .build(GoogleApi20.instance());
+        final Scanner in = new Scanner(System.in, "UTF-8");
+
+        System.out.println("=== " + NETWORK_NAME + "'s OAuth Workflow ===");
+        System.out.println();
+
+        System.out.println("Requesting a set of verification codes...");
+
+        final DeviceAuthorization deviceAuthorization = service.getDeviceAuthorizationCodes();
+        System.out.println("Got the Device Authorization Codes!");
+        System.out.println(deviceAuthorization);
+
+        System.out.println("Now go and authorize ScribeJava. Visit: " + deviceAuthorization.getVerificationUri()
+                + " and enter the code: " + deviceAuthorization.getUserCode());
+        if (deviceAuthorization.getVerificationUriComplete() != null) {
+            System.out.println("Or visit " + deviceAuthorization.getVerificationUriComplete());
+        }
+
+        System.out.println("Polling for an Access Token...");
+        final OAuth2AccessToken accessToken = service.pollAccessTokenDeviceAuthorizationGrant(deviceAuthorization);
+
+        System.out.println("Got the Access Token!");
+        System.out.println("(The raw response looks like this: " + accessToken.getRawResponse() + "')");
+
+        // Now let's go and ask for a protected resource!
+        System.out.println("Now we're going to access a protected resource...");
+        while (true) {
+            System.out.println("Paste fieldnames to fetch (leave empty to get profile, 'exit' to stop the example)");
+            System.out.print(">>");
+            final String query = in.nextLine();
+            System.out.println();
+            final String requestUrl;
+            if ("exit".equals(query)) {
+                break;
+            } else if (query == null || query.isEmpty()) {
+                requestUrl = PROTECTED_RESOURCE_URL;
+            } else {
+                requestUrl = PROTECTED_RESOURCE_URL + "?fields=" + query;
+            }
+            final OAuthRequest request = new OAuthRequest(Verb.GET, requestUrl);
+            service.signRequest(accessToken, request);
+            System.out.println();
+            try (Response response = service.execute(request)) {
+                System.out.println(response.getCode());
+                System.out.println(response.getBody());
+            }
+            System.out.println();
+        }
+    }
+}
diff --git a/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20Example.java b/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20Example.java
@@ -25,8 +25,8 @@ private Google20Example() {
     @SuppressWarnings("PMD.SystemPrintln")
     public static void main(String... args) throws IOException, InterruptedException, ExecutionException {
         // Replace these with your client id and secret
-        final String clientId = "your client id";
-        final String clientSecret = "your client secret";
+        final String clientId = "your_client_id";
+        final String clientSecret = "your_client_secret";
         final String secretState = "secret" + new Random().nextInt(999_999);
         final OAuth20Service service = new ServiceBuilder(clientId)
                 .apiSecret(clientSecret)
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi20.java b/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi20.java
@@ -1,5 +1,6 @@
 package com.github.scribejava.core.builder.api;
 
+import com.github.scribejava.core.extractors.DeviceAuthorizationJsonExtractor;
 import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
 import com.github.scribejava.core.extractors.TokenExtractor;
 import com.github.scribejava.core.httpclient.HttpClient;
@@ -122,7 +123,18 @@ public ClientAuthentication getClientAuthentication() {
         return HttpBasicAuthenticationScheme.instance();
     }
 
-    public String getDeviceAuthorizationUrl() {
-        return null;
+    /**
+     * RFC 8628 OAuth 2.0 Device Authorization Grant
+     *
+     * @see <a href="https://tools.ietf.org/html/rfc8628">RFC 8628</a>
+     * @return the device authorization endpoint
+     */
+    public String getDeviceAuthorizationEndpoint() {
+        throw new UnsupportedOperationException(
+                "This API doesn't support Device Authorization Grant or we have no info about this");
+    }
+
+    public DeviceAuthorizationJsonExtractor getDeviceAuthorizationExtractor() {
+        return DeviceAuthorizationJsonExtractor.instance();
     }
 }
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/extractors/AbstractJsonExtractor.java b/scribejava-core/src/main/java/com/github/scribejava/core/extractors/AbstractJsonExtractor.java
@@ -0,0 +1,22 @@
+package com.github.scribejava.core.extractors;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.scribejava.core.exceptions.OAuthException;
+
+public abstract class AbstractJsonExtractor {
+
+    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
+    protected static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)
+            throws OAuthException {
+        final JsonNode value = errorNode.get(parameterName);
+
+        if (value == null) {
+            throw new OAuthException("Response body is incorrect. Can't extract a '" + parameterName
+                    + "' from this: '" + rawResponse + "'", null);
+        }
+
+        return value;
+    }
+}
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/extractors/DeviceAuthorizationJsonExtractor.java b/scribejava-core/src/main/java/com/github/scribejava/core/extractors/DeviceAuthorizationJsonExtractor.java
@@ -0,0 +1,64 @@
+package com.github.scribejava.core.extractors;
+
+import static com.github.scribejava.core.extractors.AbstractJsonExtractor.OBJECT_MAPPER;
+import static com.github.scribejava.core.extractors.AbstractJsonExtractor.extractRequiredParameter;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.github.scribejava.core.model.DeviceAuthorization;
+import java.io.IOException;
+import com.github.scribejava.core.model.Response;
+
+public class DeviceAuthorizationJsonExtractor extends AbstractJsonExtractor {
+
+    protected DeviceAuthorizationJsonExtractor() {
+    }
+
+    private static class InstanceHolder {
+
+        private static final DeviceAuthorizationJsonExtractor INSTANCE = new DeviceAuthorizationJsonExtractor();
+    }
+
+    public static DeviceAuthorizationJsonExtractor instance() {
+        return InstanceHolder.INSTANCE;
+    }
+
+    public DeviceAuthorization extract(Response response) throws IOException {
+
+        final String body = response.getBody();
+
+        if (response.getCode() != 200) {
+            generateError(body);
+        }
+        return createDeviceAuthorization(body);
+    }
+
+    public void generateError(String rawResponse) throws IOException {
+        OAuth2AccessTokenJsonExtractor.instance().generateError(rawResponse);
+    }
+
+    private DeviceAuthorization createDeviceAuthorization(String rawResponse) throws IOException {
+
+        final JsonNode response = OBJECT_MAPPER.readTree(rawResponse);
+
+        final DeviceAuthorization deviceAuthorization = new DeviceAuthorization(
+                extractRequiredParameter(response, "device_code", rawResponse).textValue(),
+                extractRequiredParameter(response, "user_code", rawResponse).textValue(),
+                extractRequiredParameter(response, getVerificationUriParamName(), rawResponse).textValue(),
+                extractRequiredParameter(response, "expires_in", rawResponse).intValue());
+
+        final JsonNode intervalSeconds = response.get("interval");
+        if (intervalSeconds != null) {
+            deviceAuthorization.setIntervalSeconds(intervalSeconds.asInt(5));
+        }
+
+        final JsonNode verificationUriComplete = response.get("verification_uri_complete");
+        if (verificationUriComplete != null) {
+            deviceAuthorization.setVerificationUriComplete(verificationUriComplete.asText());
+        }
+
+        return deviceAuthorization;
+    }
+
+    protected String getVerificationUriParamName() {
+        return "verification_uri";
+    }
+}
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/extractors/OAuth2AccessTokenJsonExtractor.java b/scribejava-core/src/main/java/com/github/scribejava/core/extractors/OAuth2AccessTokenJsonExtractor.java
@@ -1,10 +1,8 @@
 package com.github.scribejava.core.extractors;
 
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import java.io.IOException;
 import java.net.URI;
-import com.github.scribejava.core.exceptions.OAuthException;
 import com.github.scribejava.core.model.OAuth2AccessToken;
 import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse;
 import com.github.scribejava.core.model.OAuthConstants;
@@ -15,9 +13,7 @@
 /**
  * JSON (default) implementation of {@link TokenExtractor} for OAuth 2.0
  */
-public class OAuth2AccessTokenJsonExtractor implements TokenExtractor<OAuth2AccessToken> {
-
-    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+public class OAuth2AccessTokenJsonExtractor extends AbstractJsonExtractor implements TokenExtractor<OAuth2AccessToken> {
 
     protected OAuth2AccessTokenJsonExtractor() {
     }
@@ -92,16 +88,4 @@ protected OAuth2AccessToken createToken(String accessToken, String tokenType, In
             String refreshToken, String scope, JsonNode response, String rawResponse) {
         return new OAuth2AccessToken(accessToken, tokenType, expiresIn, refreshToken, scope, rawResponse);
     }
-
-    public static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)
-            throws OAuthException {
-        final JsonNode value = errorNode.get(parameterName);
-
-        if (value == null) {
-            throw new OAuthException("Response body is incorrect. Can't extract a '" + parameterName
-                    + "' from this: '" + rawResponse + "'", null);
-        }
-
-        return value;
-    }
 }
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceAuthorization.java b/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceAuthorization.java
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceCode.java b/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceCode.java
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java
