kalinjul
diff --git a/‎docs/ios/README.md‎
Lines changed: 5 additions & 3 deletions b/‎docs/ios/README.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎docs/setup-android.md‎
Lines changed: 19 additions & 0 deletions b/‎docs/setup-android.md‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎gradle/libs.versions.toml‎
Lines changed: 1 addition & 0 deletions b/‎gradle/libs.versions.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎oidc-appsupport/build.gradle.kts‎
Lines changed: 3 additions & 0 deletions b/‎oidc-appsupport/build.gradle.kts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/AndroidCodeAuthFlowFactory.kt‎
Lines changed: 7 additions & 2 deletions b/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/AndroidCodeAuthFlowFactory.kt‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/DataStore.kt‎
Lines changed: 9 additions & 0 deletions b/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/DataStore.kt‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/HandleRedirectActivity.kt‎
Lines changed: 14 additions & 3 deletions b/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/HandleRedirectActivity.kt‎
Lines changed: 14 additions & 3 deletions
diff --git a/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/PlatformCodeAuthFlow.android.kt‎
Lines changed: 6 additions & 37 deletions b/‎oidc-appsupport/src/androidMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/PlatformCodeAuthFlow.android.kt‎
Lines changed: 6 additions & 37 deletions
diff --git a/‎oidc-appsupport/src/commonMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/CodeAuthFlowFactory.kt‎
Lines changed: 0 additions & 1 deletion b/‎oidc-appsupport/src/commonMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/CodeAuthFlowFactory.kt‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎oidc-appsupport/src/commonMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/PlatformCodeAuthFlow.kt‎
Lines changed: 16 additions & 5 deletions b/‎oidc-appsupport/src/commonMain/kotlin/org/publicvalue/multiplatform/oidc/appsupport/PlatformCodeAuthFlow.kt‎
Lines changed: 16 additions & 5 deletions
@@ -69,7 +69,8 @@ let client = OpenIdConnectClient(
 
 Request access token using code auth flow:
 ```swift 
-let flow = CodeAuthFlow(client: client)
+let factory = CodeAuthFlowFactory_(ephemeralBrowserSession: false)
+let flow = factory.createAuthFlow(client: client)
 do {
     let tokens = try await flow.getAccessToken()
 } catch {
@@ -93,8 +94,9 @@ try await client.endSession(idToken: idToken) { requestBuilder in
     requestBuilder.url.parameters.append(name: "custom_parameter", value: "value")
 }
 // endSession with Web flow (opens browser and handles post_logout_redirect_uri redirect)
-let flow = CodeAuthFlow(client: client)
-    try await flow.endSession(idToken: "<idToken>", configureEndSessionUrl: { urlBuilder in
+let factory = CodeAuthFlowFactory_(ephemeralBrowserSession: false)
+let flow = factory.createAuthFlow(client: client)
+try await flow.endSession(idToken: "<idToken>", configureEndSessionUrl: { urlBuilder in
 })
 ```
 
 
@@ -38,6 +38,25 @@ class MainActivity : ComponentActivity() {
 > will attach to the ComponentActivity's lifecycle.
 > If you don't use ComponentActivity, you'll need to implement your own Factory.
 
+## Login/Logout continuation
+As the actual authentication is performed in a Web Browser, it is possible, especially on low-end devices, that your application is terminated while in background.
+This behaviour can be forced by using ```adb shell am kill <app id>```.
+To continue the login flow on application restart, call ```authFlow.continueLogin()``` on startup:
+```
+if (authFlow.canContinueLogin()) {
+    val tokens = authFlow.continueLogin(configureTokenExchange = null)
+    // save tokens
+}
+```
+
+To continue a logout flow on application restart:
+```
+if (endSessionFlow.canContinueLogout()) {
+    endSessionFlow.continueLogout()
+    // clear tokens
+}
+```
+
 ## Verified App-Links as Redirect Url
 If you want to use [https redirect links instead of custom schemes](https://github.com/kalinjul/kotlin-multiplatform-oidc/issues/46), you can do so by replacing the original intent filter in your AndroidManifest.xml:
 
 
@@ -63,6 +63,7 @@ androidx-datastore = { module = "androidx.datastore:datastore-preferences", vers
 androidx-browser = { module = "androidx.browser:browser", version = "1.9.0" }
 androidx-security-crypto-ktx = { module = "androidx.security:security-crypto-ktx", version.ref = "securityCryptoKtx" }
 androidx-security-crypto = { module = "androidx.security:security-crypto", version.ref = "securityCryptoKtx" }
+androidx-datastore-core = { module = "androidx.datastore:datastore-preferences-core", version.ref = "androidxDataStore" }
 material-icons-core = { module = "org.jetbrains.compose.material:material-icons-core", version.ref = "material-icons" }
 
 kotlinx-coroutines-core = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-core", version.ref = "kotlinxCoroutines" }
 
@@ -32,6 +32,8 @@ kotlin {
             dependencies {
                 api(projects.oidcCore)
                 api(projects.oidcTokenstore)
+
+                implementation(projects.oidcPreferences)
             }
         }
 
@@ -45,6 +47,7 @@ kotlin {
                 implementation(libs.androidx.activity.compose)
                 implementation(libs.androidx.core.ktx)
                 implementation(libs.androidx.browser)
+                implementation(libs.androidx.datastore)
             }
         }
 
 
@@ -14,6 +14,8 @@ import org.publicvalue.multiplatform.oidc.appsupport.customtab.CustomTabFlow
 import org.publicvalue.multiplatform.oidc.appsupport.customtab.getCustomTabProviders
 import org.publicvalue.multiplatform.oidc.appsupport.webview.WebViewFlow
 import org.publicvalue.multiplatform.oidc.flows.EndSessionFlow
+import org.publicvalue.multiplatform.oidc.preferences.Preferences
+import org.publicvalue.multiplatform.oidc.preferences.org.publicvalue.multiplatform.oidc.preferences.PreferencesDataStore
 
 /**
  * Factory to create an Auth Flow on Android.
@@ -41,11 +43,12 @@ class AndroidCodeAuthFlowFactory(
      */
     private val ephemeralSession: Boolean = false,
     /** preferred custom tab providers, list of package names in order of priority. Check [Browser][org.publicvalue.multiplatform.oidc.appsupport.customtab.Browser] for example values. **/
-    private val customTabProviderPriority: List<String> = listOf()
+    private val customTabProviderPriority: List<String> = listOf(),
 ): CodeAuthFlowFactory {
 
     private lateinit var activityResultLauncher: ActivityResultLauncherSuspend<Intent, ActivityResult>
     private lateinit var context: Context
+    private lateinit var preferences: Preferences
 
     private val resultFlow: MutableStateFlow<ActivityResult?> = MutableStateFlow(null)
 
@@ -80,6 +83,7 @@ class AndroidCodeAuthFlowFactory(
             }
         )
         this.context = activity.applicationContext
+        this.preferences = PreferencesDataStore(context.dataStore)
     }
 
     override fun createAuthFlow(client: OpenIdConnectClient): PlatformCodeAuthFlow {
@@ -106,7 +110,8 @@ class AndroidCodeAuthFlowFactory(
         }
         return PlatformCodeAuthFlow(
             client = client,
-            webFlow = webFlow
+            webFlow = webFlow,
+            preferences = preferences
         )
     }
 
 
@@ -0,0 +1,9 @@
+package org.publicvalue.multiplatform.oidc.appsupport
+
+import android.content.Context
+import androidx.datastore.preferences.preferencesDataStore
+import org.publicvalue.multiplatform.oidc.preferences.PREFERENCES_FILENAME
+
+internal val Context.dataStore by preferencesDataStore(
+    name = PREFERENCES_FILENAME
+)
@@ -17,7 +17,11 @@ import androidx.core.net.toUri
 import androidx.core.view.ViewCompat
 import androidx.core.view.WindowInsetsCompat
 import androidx.core.view.updateLayoutParams
+import io.ktor.http.Url
+import kotlinx.coroutines.runBlocking
 import org.publicvalue.multiplatform.oidc.ExperimentalOpenIdConnect
+import org.publicvalue.multiplatform.oidc.preferences.org.publicvalue.multiplatform.oidc.preferences.PreferencesDataStore
+import org.publicvalue.multiplatform.oidc.preferences.setResponseUri
 
 internal const val EXTRA_KEY_USEWEBVIEW = "usewebview"
 internal const val EXTRA_KEY_EPHEMERAL_SESSION = "ephemeral_session"
@@ -48,7 +52,8 @@ class HandleRedirectActivity : ComponentActivity() {
 
         @ExperimentalOpenIdConnect
         var createWebView: ComponentActivity.(redirectUrl: String?) -> WebView = { redirectUrl ->
-            WebView(this).apply {
+            val context = this
+            WebView(context).apply {
                 configureWebView(this)
                 webChromeClient = WebChromeClient()
                 webViewClient = object : WebViewClient() {
@@ -58,8 +63,10 @@ class HandleRedirectActivity : ComponentActivity() {
                     ): Boolean {
                         val requestedUrl = request?.url
                         return if (requestedUrl != null && redirectUrl != null && requestedUrl.toString().startsWith(redirectUrl)) {
-                            intent.data = request.url
-                            setResult(RESULT_OK, intent)
+                            val preferences = PreferencesDataStore(context.dataStore)
+                            runBlocking {
+                                preferences.setResponseUri(Url(requestedUrl.toString()))
+                            }
                             finish()
                             true
                         } else {
@@ -115,6 +122,10 @@ class HandleRedirectActivity : ComponentActivity() {
 
         if (intent?.data != null) {
             // we're called by custom tab
+            runBlocking {
+                val preferences = PreferencesDataStore(this@HandleRedirectActivity.dataStore)
+                preferences.setResponseUri(Url(intent?.data.toString()))
+            }
             // create new intent for result to mitigate intent redirection vulnerability
             setResult(RESULT_OK, Intent().setData(intent?.data))
             finish()
 
@@ -1,56 +1,25 @@
 package org.publicvalue.multiplatform.oidc.appsupport
 
 import org.publicvalue.multiplatform.oidc.OpenIdConnectClient
-import org.publicvalue.multiplatform.oidc.OpenIdConnectException
-import org.publicvalue.multiplatform.oidc.flows.AuthCodeResponse
-import org.publicvalue.multiplatform.oidc.flows.AuthCodeResult
 import org.publicvalue.multiplatform.oidc.flows.CodeAuthFlow
 import org.publicvalue.multiplatform.oidc.flows.EndSessionFlow
-import org.publicvalue.multiplatform.oidc.flows.EndSessionResponse
+import org.publicvalue.multiplatform.oidc.preferences.Preferences
 import org.publicvalue.multiplatform.oidc.types.AuthCodeRequest
 import org.publicvalue.multiplatform.oidc.types.EndSessionRequest
 
 actual class PlatformCodeAuthFlow internal constructor(
     private val webFlow: WebAuthenticationFlow,
     actual override val client: OpenIdConnectClient,
+    actual override val preferences: Preferences
 ) : CodeAuthFlow, EndSessionFlow {
 
-    // TODO extract common code
-    actual override suspend fun getAuthorizationCode(request: AuthCodeRequest): AuthCodeResponse {
+    actual override suspend fun startLoginFlow(request: AuthCodeRequest) {
         val result = webFlow.startWebFlow(request.url, request.url.parameters.get("redirect_uri").orEmpty())
-
-        return if (result is WebAuthenticationFlowResult.Success) {
-            when (val error = getErrorResult<AuthCodeResult>(result.responseUri)) {
-                null -> {
-                    val state = result.responseUri.parameters.get("state")
-                    val code = result.responseUri.parameters.get("code")
-                    Result.success(AuthCodeResult(code, state))
-                }
-                else -> {
-                    return error
-                }
-            }
-        } else {
-            // browser closed, no redirect
-            Result.failure(OpenIdConnectException.AuthenticationCancelled())
-        }
+        throwAuthenticationIfCancelled(result)
     }
 
-    actual override suspend fun endSession(request: EndSessionRequest): EndSessionResponse {
+    actual override suspend fun startLogoutFlow(request: EndSessionRequest) {
         val result = webFlow.startWebFlow(request.url, request.url.parameters.get("post_logout_redirect_uri").orEmpty())
-
-        return if (result is WebAuthenticationFlowResult.Success) {
-            when (val error = getErrorResult<Unit>(result.responseUri)) {
-                null -> {
-                    return EndSessionResponse.success(Unit)
-                }
-                else -> {
-                    return error
-                }
-            }
-        } else {
-            // browser closed, no redirect
-            EndSessionResponse.failure(OpenIdConnectException.AuthenticationCancelled("Logout cancelled"))
-        }
+        throwEndsessionIfCancelled(result)
     }
 }
@@ -7,7 +7,6 @@ import kotlin.experimental.ExperimentalObjCRefinement
 import kotlin.native.HiddenFromObjC
 
 @OptIn(ExperimentalObjCRefinement::class)
-@HiddenFromObjC
 interface CodeAuthFlowFactory {
     fun createAuthFlow(client: OpenIdConnectClient): CodeAuthFlow
     fun createEndSessionFlow(client: OpenIdConnectClient): EndSessionFlow
 
@@ -3,20 +3,19 @@ package org.publicvalue.multiplatform.oidc.appsupport
 import io.ktor.http.Url
 import org.publicvalue.multiplatform.oidc.OpenIdConnectClient
 import org.publicvalue.multiplatform.oidc.OpenIdConnectException
-import org.publicvalue.multiplatform.oidc.flows.AuthCodeResponse
 import org.publicvalue.multiplatform.oidc.flows.CodeAuthFlow
 import org.publicvalue.multiplatform.oidc.flows.EndSessionFlow
-import org.publicvalue.multiplatform.oidc.flows.EndSessionResponse
+import org.publicvalue.multiplatform.oidc.preferences.Preferences
 import org.publicvalue.multiplatform.oidc.types.AuthCodeRequest
 import org.publicvalue.multiplatform.oidc.types.EndSessionRequest
 import kotlin.contracts.ExperimentalContracts
 import kotlin.contracts.contract
 
 expect class PlatformCodeAuthFlow: CodeAuthFlow, EndSessionFlow {
-    // in kotlin 2.0, we need to implement methods in expect classes
-    override suspend fun getAuthorizationCode(request: AuthCodeRequest): AuthCodeResponse
-    override suspend fun endSession(request: EndSessionRequest): EndSessionResponse
+    override suspend fun startLoginFlow(request: AuthCodeRequest)
+    override suspend fun startLogoutFlow(request: EndSessionRequest)
     override val client: OpenIdConnectClient
+    override val preferences: Preferences
 }
 
 @OptIn(ExperimentalContracts::class)
@@ -37,4 +36,16 @@ internal fun <T> getErrorResult(responseUri: Url?): Result<T>? {
         return Result.failure(OpenIdConnectException.AuthenticationFailure(message = "No Uri in callback from browser (was ${responseUri})."))
     }
     return null
+}
+
+internal fun throwAuthenticationIfCancelled(result: WebAuthenticationFlowResult) {
+    if (result is WebAuthenticationFlowResult.Cancelled) {
+        throw OpenIdConnectException.AuthenticationCancelled()
+    }
+}
+
+internal fun throwEndsessionIfCancelled(result: WebAuthenticationFlowResult) {
+    if (result is WebAuthenticationFlowResult.Cancelled) {
+        throw OpenIdConnectException.AuthenticationCancelled("Logout Cancelled")
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,8 @@ kotlin {`
`32`	`32`	`dependencies {`
`33`	`33`	`api(projects.oidcCore)`
`34`	`34`	`api(projects.oidcTokenstore)`
	`35`	`+`
	`36`	`+ implementation(projects.oidcPreferences)`
`35`	`37`	`}`
`36`	`38`	`}`
`37`	`39`
`@@ -45,6 +47,7 @@ kotlin {`
`45`	`47`	`implementation(libs.androidx.activity.compose)`
`46`	`48`	`implementation(libs.androidx.core.ktx)`
`47`	`49`	`implementation(libs.androidx.browser)`
	`50`	`+ implementation(libs.androidx.datastore)`
`48`	`51`	`}`
`49`	`52`	`}`
`50`	`53`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ import org.publicvalue.multiplatform.oidc.appsupport.customtab.CustomTabFlow`
`14`	`14`	`import org.publicvalue.multiplatform.oidc.appsupport.customtab.getCustomTabProviders`
`15`	`15`	`import org.publicvalue.multiplatform.oidc.appsupport.webview.WebViewFlow`
`16`	`16`	`import org.publicvalue.multiplatform.oidc.flows.EndSessionFlow`
	`17`	`+import org.publicvalue.multiplatform.oidc.preferences.Preferences`
	`18`	`+import org.publicvalue.multiplatform.oidc.preferences.org.publicvalue.multiplatform.oidc.preferences.PreferencesDataStore`
`17`	`19`
`18`	`20`	`/**`
`19`	`21`	`* Factory to create an Auth Flow on Android.`
`@@ -41,11 +43,12 @@ class AndroidCodeAuthFlowFactory(`
`41`	`43`	`*/`
`42`	`44`	`private val ephemeralSession: Boolean = false,`
`43`	`45`	`/ preferred custom tab providers, list of package names in order of priority. Check [Browser][org.publicvalue.multiplatform.oidc.appsupport.customtab.Browser] for example values. /`
`44`		`- private val customTabProviderPriority: List<String> = listOf()`
	`46`	`+ private val customTabProviderPriority: List<String> = listOf(),`
`45`	`47`	`): CodeAuthFlowFactory {`
`46`	`48`
`47`	`49`	`private lateinit var activityResultLauncher: ActivityResultLauncherSuspend<Intent, ActivityResult>`
`48`	`50`	`private lateinit var context: Context`
	`51`	`+ private lateinit var preferences: Preferences`
`49`	`52`
`50`	`53`	`private val resultFlow: MutableStateFlow<ActivityResult?> = MutableStateFlow(null)`
`51`	`54`
`@@ -80,6 +83,7 @@ class AndroidCodeAuthFlowFactory(`
`80`	`83`	`}`
`81`	`84`	`)`
`82`	`85`	`this.context = activity.applicationContext`
	`86`	`+ this.preferences = PreferencesDataStore(context.dataStore)`
`83`	`87`	`}`
`84`	`88`
`85`	`89`	`override fun createAuthFlow(client: OpenIdConnectClient): PlatformCodeAuthFlow {`
`@@ -106,7 +110,8 @@ class AndroidCodeAuthFlowFactory(`
`106`	`110`	`}`
`107`	`111`	`return PlatformCodeAuthFlow(`
`108`	`112`	`client = client,`
`109`		`- webFlow = webFlow`
	`113`	`+ webFlow = webFlow,`
	`114`	`+ preferences = preferences`
`110`	`115`	`)`
`111`	`116`	`}`
`112`	`117`