Merge pull request #4260 from owncloud/fix/scope_in_token_requests

[FIX] Add "scope" parameter to /token endpoint HTTP requests

CHANGELOG.md

@@ -29,6 +29,7 @@ ownCloud admins and users.
 
 * Bugfix - Some Null Pointer Exceptions in MainFileListViewModel: [#4065](https://github.com/owncloud/android/issues/4065)
 * Bugfix - Some Null Pointer Exceptions fixed from Google Play: [#4207](https://github.com/owncloud/android/issues/4207)
+* Bugfix - Add "scope" parameter to /token endpoint HTTP requests: [#4260](https://github.com/owncloud/android/pull/4260)
 * Change - Android library as a module instead of submodule: [#3962](https://github.com/owncloud/android/issues/3962)
 * Enhancement - Koin DSL: [#3966](https://github.com/owncloud/android/pull/3966)
 * Enhancement - Unit tests for datasources classes - Part 1 & Fixes: [#4063](https://github.com/owncloud/android/issues/4063)
@@ -65,6 +66,13 @@ ownCloud admins and users.
    https://github.com/owncloud/android/issues/4207
    https://github.com/owncloud/android/pull/4238
 
+* Bugfix - Add "scope" parameter to /token endpoint HTTP requests: [#4260](https://github.com/owncloud/android/pull/4260)
+
+   The "scope" parameter is now always sent in the body of HTTP requests to the
+   /token endpoint, which is optional in v1 but required in v2.
+
+   https://github.com/owncloud/android/pull/4260
+
 * Change - Android library as a module instead of submodule: [#3962](https://github.com/owncloud/android/issues/3962)
 
    Android library, containing all networking stuff, is now the 5th module in the

changelog/unreleased/4260

@@ -0,0 +1,6 @@
+Bugfix: Add "scope" parameter to /token endpoint HTTP requests
+
+The "scope" parameter is now always sent in the body of HTTP requests to the /token endpoint,
+which is optional in v1 but required in v2.
+
+https://github.com/owncloud/android/pull/4260

owncloudApp/src/main/java/com/owncloud/android/presentation/authentication/AccountAuthenticator.java

@@ -44,8 +44,6 @@
 import com.owncloud.android.domain.authentication.oauth.model.TokenResponse;
 import com.owncloud.android.lib.common.accounts.AccountTypeUtils;
 import com.owncloud.android.lib.common.accounts.AccountUtils;
-import com.owncloud.android.presentation.authentication.AuthenticatorConstants;
-import com.owncloud.android.presentation.authentication.LoginActivity;
 import kotlin.Lazy;
 import org.jetbrains.annotations.NotNull;
 import timber.log.Timber;
@@ -370,10 +368,13 @@ private String refreshToken(
 
         String clientAuth = OAuthUtils.Companion.getClientAuth(clientSecret, clientId);
 
+        String scope = mContext.getResources().getString(R.string.oauth2_openid_scope);
+
         TokenRequest oauthTokenRequest = new TokenRequest.RefreshToken(
                 baseUrl,
                 tokenEndpoint,
                 clientAuth,
+                scope,
                 refreshToken
         );
 

owncloudApp/src/main/java/com/owncloud/android/presentation/authentication/LoginActivity.kt

@@ -591,12 +591,15 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
             else -> "$serverBaseUrl${File.separator}${contextProvider.getString(R.string.oauth2_url_endpoint_access)}"
         }
 
+        val scope = resources.getString(R.string.oauth2_openid_scope)
+
         val requestToken = TokenRequest.AccessToken(
             baseUrl = serverBaseUrl,
             tokenEndpoint = tokenEndPoint,
             authorizationCode = authorizationCode,
             redirectUri = OAuthUtils.buildRedirectUri(applicationContext).toString(),
             clientAuth = clientAuth,
+            scope = scope,
             codeVerifier = authenticationViewModel.codeVerifier
         )
 

owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/http/HttpConstants.java

@@ -58,6 +58,7 @@ public class HttpConstants {
     public static final String OAUTH_HEADER_REDIRECT_URI = "redirect_uri";
     public static final String OAUTH_HEADER_REFRESH_TOKEN = "refresh_token";
     public static final String OAUTH_HEADER_CODE_VERIFIER = "code_verifier";
+    public static final String OAUTH_HEADER_SCOPE = "scope";
 
     /***********************************************************************************************************
      ************************************************ CONTENT TYPES ********************************************

owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/oauth/params/TokenRequestParams.kt

@@ -30,38 +30,43 @@ import okhttp3.RequestBody
 sealed class TokenRequestParams(
     val tokenEndpoint: String,
     val clientAuth: String,
-    val grantType: String
+    val grantType: String,
+    val scope: String,
 ) {
     abstract fun toRequestBody(): RequestBody
 
     class Authorization(
         tokenEndpoint: String,
         clientAuth: String,
         grantType: String,
+        scope: String,
         val authorizationCode: String,
         val redirectUri: String,
         val codeVerifier: String,
-    ) : TokenRequestParams(tokenEndpoint, clientAuth, grantType) {
+    ) : TokenRequestParams(tokenEndpoint, clientAuth, grantType, scope) {
 
         override fun toRequestBody(): RequestBody =
             FormBody.Builder()
                 .add(HttpConstants.OAUTH_HEADER_AUTHORIZATION_CODE, authorizationCode)
                 .add(HttpConstants.OAUTH_HEADER_GRANT_TYPE, grantType)
                 .add(HttpConstants.OAUTH_HEADER_REDIRECT_URI, redirectUri)
                 .add(HttpConstants.OAUTH_HEADER_CODE_VERIFIER, codeVerifier)
+                .add(HttpConstants.OAUTH_HEADER_SCOPE, scope)
                 .build()
     }
 
     class RefreshToken(
         tokenEndpoint: String,
         clientAuth: String,
         grantType: String,
+        scope: String,
         val refreshToken: String? = null
-    ) : TokenRequestParams(tokenEndpoint, clientAuth, grantType) {
+    ) : TokenRequestParams(tokenEndpoint, clientAuth, grantType, scope) {
 
         override fun toRequestBody(): RequestBody =
             FormBody.Builder().apply {
                 add(HttpConstants.OAUTH_HEADER_GRANT_TYPE, grantType)
+                add(HttpConstants.OAUTH_HEADER_SCOPE, scope)
                 if (!refreshToken.isNullOrBlank()) {
                     add(HttpConstants.OAUTH_HEADER_REFRESH_TOKEN, refreshToken)
                 }

owncloudData/src/main/java/com/owncloud/android/data/oauth/datasources/implementation/OCRemoteOAuthDataSource.kt

@@ -102,6 +102,7 @@ class OCRemoteOAuthDataSource(
                     tokenEndpoint = this.tokenEndpoint,
                     authorizationCode = this.authorizationCode,
                     grantType = this.grantType,
+                    scope = this.scope,
                     redirectUri = this.redirectUri,
                     clientAuth = this.clientAuth,
                     codeVerifier = this.codeVerifier
@@ -110,6 +111,7 @@ class OCRemoteOAuthDataSource(
                 TokenRequestParams.RefreshToken(
                     tokenEndpoint = this.tokenEndpoint,
                     grantType = this.grantType,
+                    scope = this.scope,
                     clientAuth = this.clientAuth,
                     refreshToken = this.refreshToken
                 )

owncloudData/src/test/java/com/owncloud/android/data/oauth/RemoteOAuthUtils.kt

@@ -47,6 +47,7 @@ val OC_REMOTE_TOKEN_REQUEST_PARAMS_ACCESS = TokenRequestParams.Authorization(
     tokenEndpoint = OC_TOKEN_REQUEST_ACCESS.tokenEndpoint,
     clientAuth = OC_TOKEN_REQUEST_ACCESS.clientAuth,
     grantType = OC_TOKEN_REQUEST_ACCESS.grantType,
+    scope = OC_TOKEN_REQUEST_ACCESS.scope,
     authorizationCode = OC_TOKEN_REQUEST_ACCESS.authorizationCode,
     redirectUri = OC_TOKEN_REQUEST_ACCESS.redirectUri,
     codeVerifier = OC_TOKEN_REQUEST_ACCESS.codeVerifier
@@ -56,6 +57,7 @@ val OC_REMOTE_TOKEN_REQUEST_PARAMS_REFRESH = TokenRequestParams.RefreshToken(
     tokenEndpoint = OC_TOKEN_REQUEST_REFRESH.tokenEndpoint,
     clientAuth = OC_TOKEN_REQUEST_REFRESH.clientAuth,
     grantType = OC_TOKEN_REQUEST_REFRESH.grantType,
+    scope = OC_TOKEN_REQUEST_REFRESH.scope,
     refreshToken = OC_TOKEN_REQUEST_REFRESH.refreshToken
 )
 

owncloudDomain/src/main/java/com/owncloud/android/domain/authentication/oauth/model/TokenRequest.kt

@@ -22,23 +22,26 @@ sealed class TokenRequest(
     val baseUrl: String,
     val tokenEndpoint: String,
     val clientAuth: String,
-    val grantType: String
+    val grantType: String,
+    val scope: String,
 ) {
     class AccessToken(
         baseUrl: String,
         tokenEndpoint: String,
         clientAuth: String,
+        scope: String,
         val authorizationCode: String,
         val redirectUri: String,
         val codeVerifier: String
-    ) : TokenRequest(baseUrl, tokenEndpoint, clientAuth, GrantType.ACCESS_TOKEN.string)
+    ) : TokenRequest(baseUrl, tokenEndpoint, clientAuth, GrantType.ACCESS_TOKEN.string, scope)
 
     class RefreshToken(
         baseUrl: String,
         tokenEndpoint: String,
         clientAuth: String,
+        scope: String,
         val refreshToken: String? = null
-    ) : TokenRequest(baseUrl, tokenEndpoint, clientAuth, GrantType.REFRESH_TOKEN.string)
+    ) : TokenRequest(baseUrl, tokenEndpoint, clientAuth, GrantType.REFRESH_TOKEN.string, scope)
 
     enum class GrantType(val string: String) {
         /** Request access token. [More info](https://tools.ietf.org/html/rfc6749#section-4.1.3) */

owncloudTestUtil/src/main/java/com/owncloud/android/testutil/oauth/TokenRequest.kt

@@ -23,19 +23,22 @@ import com.owncloud.android.testutil.OC_SECURE_BASE_URL
 import com.owncloud.android.testutil.OC_CLIENT_AUTH
 import com.owncloud.android.testutil.OC_REDIRECT_URI
 import com.owncloud.android.testutil.OC_REFRESH_TOKEN
+import com.owncloud.android.testutil.OC_SCOPE
 import com.owncloud.android.testutil.OC_TOKEN_ENDPOINT
 
 val OC_TOKEN_REQUEST_REFRESH = TokenRequest.RefreshToken(
     baseUrl = OC_SECURE_BASE_URL,
     tokenEndpoint = OC_TOKEN_ENDPOINT,
     clientAuth = OC_CLIENT_AUTH,
+    scope = OC_SCOPE,
     refreshToken = OC_REFRESH_TOKEN
 )
 
 val OC_TOKEN_REQUEST_ACCESS = TokenRequest.AccessToken(
     baseUrl = OC_SECURE_BASE_URL,
     tokenEndpoint = OC_TOKEN_ENDPOINT,
     clientAuth = OC_CLIENT_AUTH,
+    scope = OC_SCOPE,
     authorizationCode = "4uth0r1z4t10nC0d3",
     redirectUri = OC_REDIRECT_URI,
     codeVerifier = "A high-entropy cryptographic random STRING using the unreserved characters"