Merge pull request #76 from frontegg/webautn

FR-18209 - Add support for Webauthn passkeys
frontegg · Oct 31, 2024 · 56730e8 · 56730e8
2 parents 5bb540b + 126dd5e
commit 56730e8
Show file tree

Hide file tree

Showing 35 changed files with 605 additions and 196 deletions.
diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
@@ -20,19 +20,19 @@ runs:
       env:
         GITHUB_TOKEN: ${{ inputs.github_token }}
 
-    - name: Setup JDK 11
+    - name: Setup JDK 17
       uses: actions/setup-java@v3
       if: ${{ inputs.gpg_signing_key == '' }}
       with:
-        java-version: 11
+        java-version: 17
         settings-path: ${{ github.workspace }} # location for the settings.xml file
         distribution: temurin
 
-    - name: Setup JDK 11 with Credentials
+    - name: Setup JDK 17 with Credentials
       if: ${{ inputs.gpg_signing_key != '' }}
       uses: actions/setup-java@v3
       with:
-        java-version: 11
+        java-version: 17
         settings-path: ${{ github.workspace }} # location for the settings.xml file
         server-id: ossrh
         server-username: NEXUS_USERNAME

diff --git a/.github/old/build.yml b/.github/old/build.yml
diff --git a/.github/test-jks/debug.keystore b/.github/test-jks/debug.keystore
diff --git a/.github/test-jks/release.keystore b/.github/test-jks/release.keystore
diff --git a/.github/workflows/onPublishAlpha.yml b/.github/workflows/onPublishAlpha.yml
@@ -5,7 +5,7 @@ on:
 env:
   CI: true
   LANG: en_US.UTF-8
-  API_LEVEL: 29
+  API_LEVEL: 34
 
 concurrency:
   group: ci-publish-alpha-${{ github.ref }}
@@ -17,7 +17,7 @@ jobs:
     runs-on: macos-latest-xl
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.2.0
         with:
           fetch-depth: "0"
 

diff --git a/.github/workflows/onPullRequestMerged.yaml b/.github/workflows/onPullRequestMerged.yaml
@@ -7,7 +7,7 @@ on:
 env:
   CI: true
   LANG: en_US.UTF-8
-  API_LEVEL: 29
+  API_LEVEL: 34
 
 jobs:
   createReleasePullRequest:
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.2.0
 
       - name: Setup
         uses: ./.github/actions/setup

diff --git a/.github/workflows/onPush.yml b/.github/workflows/onPush.yml
@@ -8,7 +8,7 @@ on:
 env:
   CI: true
   LANG: en_US.UTF-8
-  API_LEVEL: 29
+  API_LEVEL: 34
 
 concurrency:
   group: ci-push-${{ github.ref }}
@@ -20,7 +20,7 @@ jobs:
     runs-on: macos-latest-xl
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.2.0
 
       - name: Setup
         uses: ./.github/actions/setup
@@ -30,19 +30,3 @@ jobs:
       - name: Build Libraries
         shell: bash
         run: ./gradlew :app:build --no-daemon
-
-      - name: Set Alpha Version
-        id: incremented-alpha-version
-        uses: ./.github/actions/update-gradle-version
-        with:
-          type: alpha
-
-      - name: prepare release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
-          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_SIGNING_KEY }}
-        run: ./gradlew publish --no-daemon --no-parallel
-
diff --git a/.github/workflows/onReleaseMerged.yaml b/.github/workflows/onReleaseMerged.yaml
@@ -16,7 +16,7 @@ jobs:
     runs-on: macos-12
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.2.0
 
       - name: Setup
         uses: ./.github/actions/setup
@@ -93,7 +93,7 @@ jobs:
 
 
 
-      - uses: actions/github-script@0.8.0
+      - uses: actions/github-script@v7
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

diff --git a/.github/workflows/onTestWorkflow.yml b/.github/workflows/onTestWorkflow.yml
@@ -0,0 +1,75 @@
+name: "(▶) E2E Test"
+on:
+  push:
+
+env:
+  CI: true
+  LANG: en_US.UTF-8
+  API_LEVEL: 34
+
+concurrency:
+  group: ci-e2e-test-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  uploadApk:
+    name: 'Upload apk'
+    runs-on: macos-latest-xl
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+        with:
+          fetch-depth: "0"
+
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Config root certificate for testing
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const securityConfig = `<network-security-config>\n    <base-config>\n        <trust-anchors>\n            <!-- Trust preinstalled CAs -->\n            <certificates src="system" />\n            <!-- Additionally trust user added CAs -->\n            <certificates src="user" />\n        </trust-anchors>\n    </base-config>\n</network-security-config>`
+            fs.mkdirSync(path.join(process.env.GITHUB_WORKSPACE, 'embedded/src/main/res/xml'),  { recursive: true });
+            fs.writeFileSync(path.join(process.env.GITHUB_WORKSPACE, 'embedded/src/main/res/xml/network_security_config.xml'), securityConfig, 'utf8');
+            
+            let manifest = fs.readFileSync(path.join(process.env.GITHUB_WORKSPACE, 'embedded/src/main/AndroidManifest.xml'), 'utf8');
+            manifest = manifest.replace(/<application/g, '<application android:networkSecurityConfig="@xml/network_security_config"');
+            fs.writeFileSync(path.join(process.env.GITHUB_WORKSPACE, 'embedded/src/main/AndroidManifest.xml'), manifest, 'utf8');
+
+      - name: Clean build
+        run: ./gradlew clean
+      - name: Build debug test apk
+        run: ./gradlew :embedded:assembleDebug
+
+      - name: Build release test apk
+        run: ./gradlew :embedded:assembleRelease
+
+      - name: Upload a Assemble Debug Artifact
+        uses: actions/[email protected]
+        with:
+          name: test-debug.apk
+          path: embedded/build/outputs/apk/debug/embedded-debug.apk
+
+      - name: Upload a Assemble Release Artifact
+        uses: actions/[email protected]
+        with:
+          name: test-release.apk
+          path: embedded/build/outputs/apk/release/embedded-release.apk
+
+      - name: Trigger Private Repo Workflow
+        run: |
+          # Retrieve artifact URLs
+          artifacts=$(curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+                             -H "Accept: application/vnd.github.v3+json" \
+                             https://api.github.com/repos/${{ github.repository }}/actions/artifacts \
+                             | jq -r '.artifacts[] | select(.name | startswith("android-apk")) | .archive_download_url')
+
+          # Convert the artifact URLs to a JSON list
+          apk_urls=$(echo "$artifacts" | jq -Rsc 'split("\n") | map(select(length > 0))')
+
+          echo "artifact urls: $apk_urls"
diff --git a/README.md b/README.md
@@ -486,13 +486,13 @@ class App : Application() {
             listOf(
                 RegionConfig(
                     "eu",
-                    "auth.davidantoon.me",
+                    "autheu.davidantoon.me",
                     "b6adfe4c-d695-4c04-b95f-3ec9fd0c6cca"
                 ),
                 RegionConfig(
                     "us",
-                    "davidprod.frontegg.com",
-                    "d7d07347-2c57-4450-8418-0ec7ee6e096b"
+                    "authus.frontegg.com",
+                    "6903cab0-9809-4a2e-97dd-b8c0f966c813"
                 )
             ),
             this

diff --git a/android/build.gradle b/android/build.gradle
@@ -35,7 +35,7 @@ android {
     kotlinOptions {
         jvmTarget = '1.8'
     }
-    buildToolsVersion '30.0.3'
+    buildToolsVersion '34.0.0'
 
     publishing {
         singleVariant("release") {
@@ -51,16 +51,20 @@ dependencies {
     implementation 'io.reactivex.rxjava3:rxkotlin:3.0.1'
     implementation 'com.squareup.okhttp3:okhttp:4.12.0'
     implementation 'com.google.code.gson:gson:2.10.1'
-    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3"
-    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3"
-    implementation "androidx.browser:browser:1.8.0"
-    implementation("androidx.security:security-crypto:1.1.0-alpha06") {
+    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3'
+    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3'
+    implementation 'androidx.browser:browser:1.8.0'
+    implementation ('androidx.security:security-crypto:1.1.0-alpha06') {
         exclude group: 'com.google.crypto.tink', module: 'tink-android'
     }
-    implementation "com.google.crypto.tink:tink-android:1.9.0"
+    implementation 'com.google.crypto.tink:tink-android:1.9.0'
     implementation 'com.google.androidbrowserhelper:androidbrowserhelper:2.5.0'
-    implementation "androidx.lifecycle:lifecycle-extensions:2.2.0"
-    implementation 'androidx.lifecycle:lifecycle-process:2.6.2'
+    implementation 'androidx.lifecycle:lifecycle-extensions:2.2.0'
+    implementation 'androidx.webkit:webkit:1.12.1'
+    implementation 'androidx.lifecycle:lifecycle-process:2.8.6'
+    // optional - needed for credentials support from play services, for devices running Android 13 and below.
+    implementation "androidx.credentials:credentials-play-services-auth:1.3.0"
+    implementation 'androidx.credentials:credentials:1.3.0'
 }
 
 afterEvaluate {

diff --git a/android/consumer-rules.pro b/android/consumer-rules.pro
@@ -20,4 +20,12 @@
 -keep class com.frontegg.android.models.** { *; }
 
 # Retain Tink classes used for shared preferences encryption
--keep class com.google.crypto.tink.** { *; }
+-keep class com.google.crypto.tink.** { *; }
+
+-if class androidx.credentials.CredentialManager
+-keep class androidx.credentials.playservices.** {
+  *;
+}
+
+-keep public class android.net.http.SslError
+-keep public class android.webkit.WebViewClient
diff --git a/android/src/main/AndroidManifest.xml b/android/src/main/AndroidManifest.xml
@@ -4,6 +4,8 @@
 
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.CREDENTIAL_MANAGER_SET_ORIGIN" />
 
     <application>
 

diff --git a/android/src/main/java/com/frontegg/android/EmbeddedAuthActivity.kt b/android/src/main/java/com/frontegg/android/EmbeddedAuthActivity.kt
@@ -186,12 +186,17 @@ class EmbeddedAuthActivity : Activity() {
         var onAuthFinishedCallback: (() -> Unit)? = null // Store callback
 
 
-        fun authenticate(activity: Activity, loginHint: String? = null) {
+        fun authenticate(
+            activity: Activity,
+            loginHint: String? = null,
+            callback: (() -> Unit)? = null
+        ) {
             val intent = Intent(activity, EmbeddedAuthActivity::class.java)
 
-            val authorizeUri = AuthorizeUrlGenerator().generate(loginHint=loginHint)
+            val authorizeUri = AuthorizeUrlGenerator().generate(loginHint = loginHint)
             intent.putExtra(AUTH_LAUNCHED, true)
             intent.putExtra(AUTHORIZE_URI, authorizeUri.first)
+            onAuthFinishedCallback = callback
             activity.startActivityForResult(intent, OAUTH_LOGIN_REQUEST)
         }