initial support for device flow

Štěpán Schejbal · Štěpán Schejbal · commit 7bb59c36799a · 2020-04-06T16:00:25.000+02:00
diff --git a/scribejava-apis/src/main/java/com/github/scribejava/apis/microsoftazureactivedirectory/BaseMicrosoftAzureActiveDirectoryApi.java b/scribejava-apis/src/main/java/com/github/scribejava/apis/microsoftazureactivedirectory/BaseMicrosoftAzureActiveDirectoryApi.java
@@ -30,6 +30,11 @@ protected String getAuthorizationBaseUrl() {
         return MSFT_LOGIN_URL + tenant + OAUTH_2 + getEndpointVersionPath() + "/authorize";
     }
 
+    @Override
+    public String getDeviceAuthorizationUrl() {
+        return MSFT_LOGIN_URL + tenant + OAUTH_2 + getEndpointVersionPath() + "/devicecode";
+    }
+
     @Override
     public ClientAuthentication getClientAuthentication() {
         return RequestBodyAuthenticationScheme.instance();
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi20.java b/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi20.java
@@ -121,4 +121,8 @@ public BearerSignature getBearerSignature() {
     public ClientAuthentication getClientAuthentication() {
         return HttpBasicAuthenticationScheme.instance();
     }
+
+    public String getDeviceAuthorizationUrl() {
+        return null;
+    }
 }
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/extractors/OAuth2AccessTokenJsonExtractor.java b/scribejava-core/src/main/java/com/github/scribejava/core/extractors/OAuth2AccessTokenJsonExtractor.java
@@ -93,7 +93,7 @@ protected OAuth2AccessToken createToken(String accessToken, String tokenType, In
         return new OAuth2AccessToken(accessToken, tokenType, expiresIn, refreshToken, scope, rawResponse);
     }
 
-    protected static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)
+    public static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)
             throws OAuthException {
         final JsonNode value = errorNode.get(parameterName);
 
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceCode.java b/scribejava-core/src/main/java/com/github/scribejava/core/model/DeviceCode.java
@@ -0,0 +1,38 @@
+package com.github.scribejava.core.model;
+
+public class DeviceCode {
+    private String deviceCode;
+    private String userCode;
+    private String verificationUri;
+    private int intervalSeconds;
+    private long expiresAtMillis;
+
+    public DeviceCode(String deviceCode, String userCode, String verificationUri,
+            int intervalSeconds, int expiresInSeconds) {
+        this.deviceCode = deviceCode;
+        this.userCode = userCode;
+        this.verificationUri = verificationUri;
+        this.intervalSeconds = intervalSeconds;
+        expiresAtMillis = System.currentTimeMillis() + (expiresInSeconds * 1000);
+    }
+
+    public String getDeviceCode() {
+        return deviceCode;
+    }
+
+    public String getUserCode() {
+        return userCode;
+    }
+
+    public String getVerificationUri() {
+        return verificationUri;
+    }
+
+    public int getIntervalSeconds() {
+        return intervalSeconds;
+    }
+
+    public long getExpiresAtMillis() {
+        return expiresAtMillis;
+    }
+}
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java
@@ -1,27 +1,38 @@
 package com.github.scribejava.core.oauth;
 
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.concurrent.Future;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.scribejava.core.builder.api.DefaultApi20;
 import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
 import com.github.scribejava.core.httpclient.HttpClient;
 import com.github.scribejava.core.httpclient.HttpClientConfig;
+import com.github.scribejava.core.model.DeviceCode;
 import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse;
 import com.github.scribejava.core.model.OAuth2Authorization;
 import com.github.scribejava.core.model.OAuthAsyncRequestCallback;
 import com.github.scribejava.core.model.OAuthConstants;
 import com.github.scribejava.core.model.OAuthRequest;
 import com.github.scribejava.core.model.Response;
 import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.oauth2.OAuth2Error;
 import com.github.scribejava.core.pkce.PKCE;
-import java.util.Map;
-import java.util.concurrent.ExecutionException;
 import com.github.scribejava.core.revoke.TokenTypeHint;
+import java.io.IOException;
+import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
+import java.util.Map;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+import static com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extractRequiredParameter;
+import static com.github.scribejava.core.oauth2.OAuth2Error.AUTHORIZATION_PENDING;
+import static com.github.scribejava.core.oauth2.OAuth2Error.SLOW_DOWN;
+import static java.lang.Thread.sleep;
 
 public class OAuth20Service extends OAuthService {
+    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
 
     private static final String VERSION = "2.0";
     private final DefaultApi20 api;
@@ -490,4 +501,83 @@ public String getResponseType() {
     public String getDefaultScope() {
         return defaultScope;
     }
+
+    /**
+     * Requests a device code from a server.
+     *
+     * @see <a href="https://tools.ietf.org/html/rfc8628#section-3">rfc8628</a>
+     * @see <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code">
+     *     azure v2-oauth2-device-code</a>
+     */
+    public DeviceCode getDeviceCode() throws InterruptedException, ExecutionException, IOException {
+        final OAuthRequest request = new OAuthRequest(Verb.POST, api.getDeviceAuthorizationUrl());
+        request.addBodyParameter(OAuthConstants.CLIENT_ID, getApiKey());
+        request.addBodyParameter(OAuthConstants.SCOPE, getDefaultScope());
+        try (Response response = execute(request)) {
+            final String body = response.getBody();
+            if (response.getCode() == 200) {
+                final JsonNode n = OBJECT_MAPPER.readTree(body);
+                return new DeviceCode(
+                        extractRequiredParameter(n, "device_code", body).textValue(),
+                        extractRequiredParameter(n, "user_code", body).textValue(),
+                        extractRequiredParameter(n, "verification_uri", body).textValue(),
+                        n.path("interval").asInt(5),
+                        extractRequiredParameter(n, "expires_in", body).intValue());
+            } else {
+                OAuth2AccessTokenJsonExtractor.instance().generateError(body);
+                throw new IllegalStateException(); // generateError() always throws an exception
+            }
+        }
+    }
+
+    /**
+     * Attempts to get a token from a server.
+     * Function {@link #pollDeviceAccessToken(DeviceCode)} is usually used instead of this.
+     *
+     * @return token
+     * @throws OAuth2AccessTokenErrorResponse
+     *      If {@link OAuth2AccessTokenErrorResponse#getError()} is
+     *      {@link OAuth2Error#AUTHORIZATION_PENDING} or {@link OAuth2Error#SLOW_DOWN},
+     *      another attempt should be made after a while.
+     *
+     * @see #getDeviceCode()
+     */
+    public OAuth2AccessToken getAccessTokenDeviceCodeGrant(DeviceCode deviceCode)
+            throws IOException, InterruptedException, ExecutionException {
+        final OAuthRequest request = new OAuthRequest(Verb.POST, api.getAccessTokenEndpoint());
+        request.addParameter(OAuthConstants.GRANT_TYPE, "urn:ietf:params:oauth:grant-type:device_code");
+        request.addBodyParameter(OAuthConstants.CLIENT_ID, getApiKey());
+        request.addParameter("device_code", deviceCode.getDeviceCode());
+        try (Response response = execute(request)) {
+            return api.getAccessTokenExtractor().extract(response);
+        }
+    }
+
+    /**
+     * Periodically tries to get a token from a server (waiting for the user to give consent).
+     *
+     * @return token
+     * @throws OAuth2AccessTokenErrorResponse
+     *      Indicates OAuth error.
+     *
+     * @see #getDeviceCode()
+     */
+    public OAuth2AccessToken pollDeviceAccessToken(DeviceCode deviceCode)
+            throws InterruptedException, ExecutionException, IOException {
+        long intervalMillis = deviceCode.getIntervalSeconds() * 1000;
+        while (true) {
+            try {
+                return getAccessTokenDeviceCodeGrant(deviceCode);
+            } catch (OAuth2AccessTokenErrorResponse e) {
+                if (e.getError() != AUTHORIZATION_PENDING) {
+                    if (e.getError() == SLOW_DOWN) {
+                        intervalMillis += 5000;
+                    } else {
+                        throw e;
+                    }
+                }
+            }
+            sleep(intervalMillis);
+        }
+    }
 }
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java
@@ -1,5 +1,10 @@
 package com.github.scribejava.core.oauth2;
 
+import java.util.EnumSet;
+import java.util.Set;
+
+import static java.util.Collections.unmodifiableSet;
+
 public enum OAuth2Error {
     /**
      * @see <a href="https://tools.ietf.org/html/rfc6749#section-4.1.2.1">RFC 6749, 4.1.2.1 Error Response</a>
@@ -67,7 +72,29 @@ public enum OAuth2Error {
      * @see <a href="https://tools.ietf.org/html/rfc7009#section-4.1">RFC 7009, 4.1. OAuth Extensions Error
      * Registration</a>
      */
-    UNSUPPORTED_TOKEN_TYPE("unsupported_token_type");
+    UNSUPPORTED_TOKEN_TYPE("unsupported_token_type"),
+
+    /**
+     * @see <a href="https://tools.ietf.org/html/rfc8628#section-3.5">rfc8628#section-3.5</a>
+     */
+    AUTHORIZATION_PENDING("authorization_pending"),
+
+    /**
+     * @see <a href="https://tools.ietf.org/html/rfc8628#section-3.5">rfc8628#section-3.5</a>
+     */
+    SLOW_DOWN("slow_down"),
+
+    /**
+     * @see <a href="https://tools.ietf.org/html/rfc8628#section-3.5">rfc8628#section-3.5</a>
+     */
+    EXPIRED_TOKEN("expired_token"),
+    ;
+
+    /**
+     * Unlike {@link #values()} which creates a new array every time, this always
+     * returns the same immutable object.
+     */
+    public static final Set<OAuth2Error> VALUES = unmodifiableSet(EnumSet.allOf(OAuth2Error.class));
 
     private final String errorString;
 
@@ -76,7 +103,7 @@ public enum OAuth2Error {
     }
 
     public static OAuth2Error parseFrom(String errorString) {
-        for (OAuth2Error error : OAuth2Error.values()) {
+        for (OAuth2Error error : VALUES) {
             if (error.errorString.equals(errorString)) {
                 return error;
             }

Original file line number	Diff line number	Diff line change
`@@ -121,4 +121,8 @@ public BearerSignature getBearerSignature() {`
`121`	`121`	`public ClientAuthentication getClientAuthentication() {`
`122`	`122`	`return HttpBasicAuthenticationScheme.instance();`
`123`	`123`	`}`
	`124`	`+`
	`125`	`+ public String getDeviceAuthorizationUrl() {`
	`126`	`+ return null;`
	`127`	`+ }`
`124`	`128`	`}`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ protected OAuth2AccessToken createToken(String accessToken, String tokenType, In`
`93`	`93`	`return new OAuth2AccessToken(accessToken, tokenType, expiresIn, refreshToken, scope, rawResponse);`
`94`	`94`	`}`
`95`	`95`
`96`		`- protected static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)`
	`96`	`+ public static JsonNode extractRequiredParameter(JsonNode errorNode, String parameterName, String rawResponse)`
`97`	`97`	`throws OAuthException {`
`98`	`98`	`final JsonNode value = errorNode.get(parameterName);`
`99`	`99`