Feat/issue FormidableLabs#262 - allow to pass custom headers to oauth requests (FormidableLabs#263)

* fix error: need to upgrade gradle on build.

* fix error: 404 for dependencies on build

* custom connection builder. Allow to pass custom headers to oauth requests.

* custom connection builder. Allow to pass custom headers to oauth requests.

* sync prettier conf with eslint

* call refresh with custom headers

* user tokenRequestHeaders for refresh

* update typescript defs

* update readme

* update typescript defs

* simplify validateHeaders

* remove Headers obj

Author: nihaux

.prettierrc

@@ -1,5 +1,6 @@
 {
   "printWidth": 100,
   "singleQuote": true,
-  "semi": true
+  "semi": true,
+  "trailingComma": "es5"
 }

README.md

@@ -97,6 +97,9 @@ with optional overrides.
   Must be string values! E.g. setting `additionalParameters: { hello: 'world', foo: 'bar' }` would add
   `hello=world&foo=bar` to the authorization request.
 * **dangerouslyAllowInsecureHttpRequests** - (`boolean`) _ANDROID_ whether to allow requests over plain HTTP or with self-signed SSL certificates. :warning: Can be useful for testing against local server, _should not be used in production._ This setting has no effect on iOS; to enable insecure HTTP requests, add a [NSExceptionAllowsInsecureHTTPLoads exception](https://cocoacasts.com/how-to-add-app-transport-security-exception-domains) to your App Transport Security settings.
+* **customHeaders** - (`object`) _ANDROID_ you can specify custom headers to pass during authorize request and/or token request.
+  * **authorize** - (`{ [key: string]: value }`) headers to be passed during authorization request.
+  * **token** - (`{ [key: string]: value }`) headers to be passed during token retrieval request.
 * **useNonce** - (`boolean`) _IOS_ (default: true) optionally allows not sending the nonce parameter, to support non-compliant providers
 * **usePKCE** - (`boolean`) _IOS_ (default: true) optionally allows not sending the code_challenge parameter and skipping PKCE code verification, to support non-compliant providers.
 

android/build.gradle

@@ -37,7 +37,11 @@ android {
 }
 
 repositories {
-    mavenCentral()
+    maven {
+        url 'https://maven.google.com/'
+        name 'Google'
+    }
+    jcenter()
 }
 
 dependencies {

android/gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Thu Jan 31 18:04:04 GMT 2019
+#Tue Mar 05 21:11:49 CET 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.6-all.zip

android/gradlew

@@ -15,9 +15,12 @@
 import com.facebook.react.bridge.ReadableArray;
 import com.facebook.react.bridge.ReadableMap;
 import com.facebook.react.bridge.WritableMap;
+import com.facebook.react.bridge.ReadableType;
+
 import com.rnappauth.utils.MapUtil;
 import com.rnappauth.utils.UnsafeConnectionBuilder;
 import com.rnappauth.utils.TokenResponseFactory;
+import com.rnappauth.utils.CustomConnectionBuilder;
 
 import net.openid.appauth.AppAuthConfiguration;
 import net.openid.appauth.AuthorizationException;
@@ -41,6 +44,8 @@ public class RNAppAuthModule extends ReactContextBaseJavaModule implements Activ
     private final ReactApplicationContext reactContext;
     private Promise promise;
     private Boolean dangerouslyAllowInsecureHttpRequests;
+    private Map<String, String> authorizationRequestHeaders = null;
+    private Map<String, String> tokenRequestHeaders = null;
     private Map<String, String> additionalParametersMap;
     private String clientSecret;
 
@@ -60,9 +65,11 @@ public void authorize(
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
             final Boolean dangerouslyAllowInsecureHttpRequests,
+            final ReadableMap headers,
             final Promise promise
     ) {
-        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests);
+        this.parseHeaderMap(headers);
+        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests, this.authorizationRequestHeaders);
         final AppAuthConfiguration appAuthConfiguration = this.createAppAuthConfiguration(builder);
         final HashMap<String, String> additionalParametersMap = MapUtil.readableMapToHashMap(additionalParameters);
 
@@ -133,9 +140,11 @@ public void refresh(
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
             final Boolean dangerouslyAllowInsecureHttpRequests,
+            final ReadableMap headers,
             final Promise promise
     ) {
-        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests);
+        this.parseHeaderMap(headers);
+        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests, this.tokenRequestHeaders);
         final AppAuthConfiguration appAuthConfiguration = createAppAuthConfiguration(builder);
         final HashMap<String, String> additionalParametersMap = MapUtil.readableMapToHashMap(additionalParameters);
 
@@ -211,7 +220,7 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,
 
             final Promise authorizePromise = this.promise;
             final AppAuthConfiguration configuration = createAppAuthConfiguration(
-                    createConnectionBuilder(this.dangerouslyAllowInsecureHttpRequests)
+                    createConnectionBuilder(this.dangerouslyAllowInsecureHttpRequests, this.tokenRequestHeaders)
             );
 
             AuthorizationService authService = new AuthorizationService(this.reactContext, configuration);
@@ -375,6 +384,19 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
         }
     }
 
+    private void parseHeaderMap (ReadableMap headerMap) {
+        if (headerMap == null) {
+            return;
+        }
+        if (headerMap.hasKey("authorize") && headerMap.getType("authorize") == ReadableType.Map) {
+            this.authorizationRequestHeaders = MapUtil.readableMapToHashMap(headerMap.getMap("authorize"));
+        }
+        if (headerMap.hasKey("token") && headerMap.getType("token") == ReadableType.Map) {
+            this.tokenRequestHeaders = MapUtil.readableMapToHashMap(headerMap.getMap("token"));
+        }
+
+    }
+
     /*
      * Create a space-delimited string from an array
      */
@@ -402,12 +424,21 @@ private AppAuthConfiguration createAppAuthConfiguration(ConnectionBuilder connec
     /*
      *  Create appropriate connection builder based on provided settings
      */
-    private ConnectionBuilder createConnectionBuilder(Boolean allowInsecureConnections) {
+    private ConnectionBuilder createConnectionBuilder(Boolean allowInsecureConnections, Map<String, String> headers) {
+        ConnectionBuilder proxiedBuilder;
+
         if (allowInsecureConnections.equals(true)) {
-            return UnsafeConnectionBuilder.INSTANCE;
+            proxiedBuilder =UnsafeConnectionBuilder.INSTANCE;
+        } else {
+            proxiedBuilder = DefaultConnectionBuilder.INSTANCE;
+        }
+
+        CustomConnectionBuilder customConnection = new CustomConnectionBuilder(proxiedBuilder);
+        if (headers != null) {
+            customConnection.setHeaders(headers);
         }
 
-        return DefaultConnectionBuilder.INSTANCE;
+        return customConnection;
     }
 
     /*

android/src/main/java/com/rnappauth/RNAppAuthModule.java

@@ -0,0 +1,58 @@
+package com.rnappauth.utils;
+
+/*
+ * Copyright 2016 The AppAuth for Android Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+import android.net.Uri;
+import android.support.annotation.NonNull;
+
+import net.openid.appauth.connectivity.ConnectionBuilder;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.util.Map;
+
+
+/**
+ * An implementation of {@link ConnectionBuilder} that permits
+ * to set custom headers on connection use to request endpoints.
+ * Useful for non-spec compliant oauth providers.
+ */
+public final class CustomConnectionBuilder implements ConnectionBuilder {
+
+    private Map<String, String> headers = null;
+    private ConnectionBuilder connectionBuilder;
+
+    public CustomConnectionBuilder(ConnectionBuilder connectionBuilderToUse) {
+        connectionBuilder = connectionBuilderToUse;
+    }
+
+    public void setHeaders (Map<String, String> headersToSet) {
+        headers = headersToSet;
+    }
+
+    @NonNull
+    @Override
+    public HttpURLConnection openConnection(@NonNull Uri uri) throws IOException {
+        HttpURLConnection conn = connectionBuilder.openConnection(uri);
+        if (headers != null) {
+            for (Map.Entry<String, String> header: headers.entrySet()) {
+                conn.setRequestProperty(header.getKey(), header.getValue());
+            }
+        }
+
+        return conn;
+    }
+}

android/src/main/java/com/rnappauth/utils/CustomConnectionBuilder.java

@@ -23,12 +23,18 @@ interface BuiltInParameters {
   prompt?: 'consent' | 'login' | 'none' | 'select_account';
 }
 
+type CustomHeaders = {
+  authorize?: Record<string, string>;
+  token?: Record<string, string>;
+};
+
 export type AuthConfiguration = BaseAuthConfiguration & {
   clientSecret?: string;
   scopes: string[];
   redirectUrl: string;
   additionalParameters?: BuiltInParameters & { [name: string]: string };
   dangerouslyAllowInsecureHttpRequests?: boolean;
+  customHeaders?: CustomHeaders;
   useNonce?: boolean;
   usePKCE?: boolean;
 };

index.d.ts

@@ -22,6 +22,32 @@ const validateClientId = clientId =>
 const validateRedirectUrl = redirectUrl =>
   invariant(typeof redirectUrl === 'string', 'Config error: redirectUrl must be a string');
 
+const validateHeaders = headers => {
+  if (!headers) {
+    return;
+  }
+  const customHeaderTypeErrorMessage =
+    'Config error: customHeaders type must be { token?: { [key: string]: string }, authorize?: { [key: string]: string }}';
+
+  const authorizedKeys = ['token', 'authorize'];
+  const keys = Object.keys(headers);
+  const correctKeys = keys.filter(key => authorizedKeys.includes(key));
+  invariant(
+    keys.length <= authorizedKeys.length &&
+      correctKeys.length > 0 &&
+      correctKeys.length === keys.length,
+    customHeaderTypeErrorMessage
+  );
+
+  Object.values(headers).forEach(value => {
+    invariant(typeof value === 'object', customHeaderTypeErrorMessage);
+    invariant(
+      Object.values(value).filter(key => typeof key !== 'string').length === 0,
+      customHeaderTypeErrorMessage
+    );
+  });
+};
+
 export const authorize = ({
   issuer,
   redirectUrl,
@@ -33,10 +59,12 @@ export const authorize = ({
   additionalParameters,
   serviceConfiguration,
   dangerouslyAllowInsecureHttpRequests = false,
+  customHeaders,
 }) => {
   validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
   validateClientId(clientId);
   validateRedirectUrl(redirectUrl);
+  validateHeaders(customHeaders);
   // TODO: validateAdditionalParameters
 
   const nativeMethodArguments = [
@@ -51,6 +79,7 @@ export const authorize = ({
 
   if (Platform.OS === 'android') {
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
+    nativeMethodArguments.push(customHeaders);
   }
 
   if (Platform.OS === 'ios') {
@@ -71,12 +100,14 @@ export const refresh = (
     additionalParameters,
     serviceConfiguration,
     dangerouslyAllowInsecureHttpRequests = false,
+    customHeaders,
   },
   { refreshToken }
 ) => {
   validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
   validateClientId(clientId);
   validateRedirectUrl(redirectUrl);
+  validateHeaders(customHeaders);
   invariant(refreshToken, 'Please pass in a refresh token');
   // TODO: validateAdditionalParameters
 
@@ -93,6 +124,7 @@ export const refresh = (
 
   if (Platform.OS === 'android') {
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
+    nativeMethodArguments.push(customHeaders);
   }
 
   return RNAppAuth.refresh(...nativeMethodArguments);