[Help Needed] Configure client authentication strategy (#272)

* android: Add ClientAuthentication strategy flag

This patch introduces a `clientAuthMethod` flag in both `authroize` and
`refresh` methods that utilizes both ClientSecretBasic, a class used for
secret exchange with basic authentication (default), and
ClientSecretPost, which send authentication credentials via the HTTP
POST body.

* Update README.md

* Update tests

Author: kpelelis

README.md

@@ -97,6 +97,7 @@ with optional overrides.
 * **additionalParameters** - (`object`) additional parameters that will be passed in the authorization request.
   Must be string values! E.g. setting `additionalParameters: { hello: 'world', foo: 'bar' }` would add
   `hello=world&foo=bar` to the authorization request.
+* **clientAuthMethod** - (string) Client Authentication Method. Can be either `basic` (default) for [Basic Authentication](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/ClientSecretBasic.java) or `post` for [HTTP POST body Authentication](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/ClientSecretPost.java)
 * **dangerouslyAllowInsecureHttpRequests** - (`boolean`) _ANDROID_ whether to allow requests over plain HTTP or with self-signed SSL certificates. :warning: Can be useful for testing against local server, _should not be used in production._ This setting has no effect on iOS; to enable insecure HTTP requests, add a [NSExceptionAllowsInsecureHTTPLoads exception](https://cocoacasts.com/how-to-add-app-transport-security-exception-domains) to your App Transport Security settings.
 * **customHeaders** - (`object`) _ANDROID_ you can specify custom headers to pass during authorize request and/or token request.
   * **authorize** - (`{ [key: string]: value }`) headers to be passed during authorization request.

android/src/main/java/com/rnappauth/RNAppAuthModule.java

@@ -30,6 +30,7 @@
 import net.openid.appauth.AuthorizationServiceConfiguration;
 import net.openid.appauth.ClientAuthentication;
 import net.openid.appauth.ClientSecretBasic;
+import net.openid.appauth.ClientSecretPost;
 import net.openid.appauth.ResponseTypeValues;
 import net.openid.appauth.TokenResponse;
 import net.openid.appauth.TokenRequest;
@@ -44,6 +45,7 @@ public class RNAppAuthModule extends ReactContextBaseJavaModule implements Activ
     private final ReactApplicationContext reactContext;
     private Promise promise;
     private Boolean dangerouslyAllowInsecureHttpRequests;
+    private String clientAuthMethod = "basic";
     private Map<String, String> authorizationRequestHeaders = null;
     private Map<String, String> tokenRequestHeaders = null;
     private Map<String, String> additionalParametersMap;
@@ -64,6 +66,7 @@ public void authorize(
             final ReadableArray scopes,
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
+            final String clientAuthMethod,
             final Boolean dangerouslyAllowInsecureHttpRequests,
             final ReadableMap headers,
             final Promise promise
@@ -82,6 +85,7 @@ public void authorize(
         this.dangerouslyAllowInsecureHttpRequests = dangerouslyAllowInsecureHttpRequests;
         this.additionalParametersMap = additionalParametersMap;
         this.clientSecret = clientSecret;
+        this.clientAuthMethod = clientAuthMethod;
 
         // when serviceConfiguration is provided, we don't need to hit up the OpenID well-known id endpoint
         if (serviceConfiguration != null) {
@@ -139,6 +143,7 @@ public void refresh(
             final ReadableArray scopes,
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
+            final String clientAuthMethod,
             final Boolean dangerouslyAllowInsecureHttpRequests,
             final ReadableMap headers,
             final Promise promise
@@ -167,6 +172,7 @@ public void refresh(
                         scopes,
                         redirectUrl,
                         additionalParametersMap,
+                        clientAuthMethod,
                         clientSecret,
                         promise
                 );
@@ -195,6 +201,7 @@ public void onFetchConfigurationCompleted(
                                     scopes,
                                     redirectUrl,
                                     additionalParametersMap,
+                                    clientAuthMethod,
                                     clientSecret,
                                     promise
                             );
@@ -242,7 +249,7 @@ public void onTokenRequestCompleted(
             };
 
             if (this.clientSecret != null) {
-                ClientAuthentication clientAuth = new ClientSecretBasic(this.clientSecret);
+                ClientAuthentication clientAuth = this.getClientAuthentication(this.clientSecret, this.clientAuthMethod);
                 authService.performTokenRequest(tokenRequest, clientAuth, tokenResponseCallback);
 
             } else {
@@ -330,6 +337,7 @@ private void refreshWithConfiguration(
             final ReadableArray scopes,
             final String redirectUrl,
             final Map<String, String> additionalParametersMap,
+            final String clientAuthMethod,
             final String clientSecret,
             final Promise promise
     ) {
@@ -376,7 +384,7 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
 
 
         if (clientSecret != null) {
-            ClientAuthentication clientAuth = new ClientSecretBasic(clientSecret);
+            ClientAuthentication clientAuth = this.getClientAuthentication(clientSecret, clientAuthMethod);
             authService.performTokenRequest(tokenRequest, clientAuth, tokenResponseCallback);
 
         } else {
@@ -397,6 +405,14 @@ private void parseHeaderMap (ReadableMap headerMap) {
 
     }
 
+    private ClientAuthentication getClientAuthentication(String clientSecret, String clientAuthMethod) {
+        if (clientAuthMethod.equals("post")) {
+            return new ClientSecretPost(clientSecret);
+        }
+
+        return new ClientSecretBasic(clientSecret);
+    }
+
     /*
      * Create a space-delimited string from an array
      */

index.d.ts

@@ -33,6 +33,7 @@ export type AuthConfiguration = BaseAuthConfiguration & {
   scopes: string[];
   redirectUrl: string;
   additionalParameters?: BuiltInParameters & { [name: string]: string };
+  clientAuthMethod?: 'basic' | 'post';
   dangerouslyAllowInsecureHttpRequests?: boolean;
   customHeaders?: CustomHeaders;
   useNonce?: boolean;

index.js

@@ -58,6 +58,7 @@ export const authorize = ({
   usePKCE = true,
   additionalParameters,
   serviceConfiguration,
+  clientAuthMethod = 'basic',
   dangerouslyAllowInsecureHttpRequests = false,
   customHeaders,
 }) => {
@@ -78,6 +79,7 @@ export const authorize = ({
   ];
 
   if (Platform.OS === 'android') {
+    nativeMethodArguments.push(clientAuthMethod);
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
     nativeMethodArguments.push(customHeaders);
   }
@@ -99,6 +101,7 @@ export const refresh = (
     scopes,
     additionalParameters,
     serviceConfiguration,
+    clientAuthMethod = 'basic',
     dangerouslyAllowInsecureHttpRequests = false,
     customHeaders,
   },
@@ -123,6 +126,7 @@ export const refresh = (
   ];
 
   if (Platform.OS === 'android') {
+    nativeMethodArguments.push(clientAuthMethod);
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
     nativeMethodArguments.push(customHeaders);
   }

index.spec.js

@@ -30,6 +30,7 @@ describe('AppAuth', () => {
     clientId: 'test-clientId',
     clientSecret: 'test-clientSecret',
     additionalParameters: { hello: 'world' },
+    clientAuthMethod: 'post',
     serviceConfiguration: null,
     scopes: ['my-scope'],
     useNonce: true,
@@ -164,6 +165,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             config.customHeaders
           );
@@ -179,6 +181,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             config.customHeaders
           );
@@ -194,6 +197,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             true,
             config.customHeaders
           );
@@ -213,6 +217,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             customHeaders
           );
@@ -305,6 +310,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             config.customHeaders
           );
@@ -324,6 +330,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             config.customHeaders
           );
@@ -343,6 +350,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             true,
             config.customHeaders
           );
@@ -362,6 +370,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.clientAuthMethod,
             false,
             customHeaders
           );