useNonce android support (#640)

* useNonce android support

* Update tests with useNonce

Author: SleipRecx

README.md

@@ -132,7 +132,7 @@ with optional overrides.
   - **token** - (`{ [key: string]: value }`) headers to be passed during token retrieval request.
   - **register** - (`{ [key: string]: value }`) headers to be passed during registration request.
 - **additionalHeaders** - (`{ [key: string]: value }`) _IOS_ you can specify additional headers to be passed for all authorize, refresh, and register requests.
-- **useNonce** - (`boolean`) _IOS_ (default: true) optionally allows not sending the nonce parameter, to support non-compliant providers
+- **useNonce** - (`boolean`) (default: true) optionally allows not sending the nonce parameter, to support non-compliant providers
 - **usePKCE** - (`boolean`) (default: true) optionally allows not sending the code_challenge parameter and skipping PKCE code verification, to support non-compliant providers.
 - **skipCodeExchange** - (`boolean`) (default: false) just return the authorization response, instead of automatically exchanging the authorization code. This is useful if this exchange needs to be done manually (not client-side)
 

android/src/main/java/com/rnappauth/RNAppAuthModule.java

@@ -65,6 +65,7 @@ public class RNAppAuthModule extends ReactContextBaseJavaModule implements Activ
     private boolean dangerouslyAllowInsecureHttpRequests;
     private Boolean skipCodeExchange;
     private Boolean usePKCE;
+    private Boolean useNonce;
     private String codeVerifier;
     private String clientAuthMethod = "basic";
     private Map<String, String> registrationRequestHeaders = null;
@@ -221,6 +222,7 @@ public void authorize(
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
             final Boolean skipCodeExchange,
+            final Boolean useNonce,
             final Boolean usePKCE,
             final String clientAuthMethod,
             final boolean dangerouslyAllowInsecureHttpRequests,
@@ -239,6 +241,7 @@ public void authorize(
         this.clientSecret = clientSecret;
         this.clientAuthMethod = clientAuthMethod;
         this.skipCodeExchange = skipCodeExchange;
+        this.useNonce = useNonce;
         this.usePKCE = usePKCE;
 
         // when serviceConfiguration is provided, we don't need to hit up the OpenID well-known id endpoint
@@ -251,6 +254,7 @@ public void authorize(
                         clientId,
                         scopes,
                         redirectUrl,
+                        useNonce,
                         usePKCE,
                         additionalParametersMap
                 );
@@ -281,6 +285,7 @@ public void onFetchConfigurationCompleted(
                                         clientId,
                                         scopes,
                                         redirectUrl,
+                                        useNonce,
                                         usePKCE,
                                         additionalParametersMap
                                 );
@@ -532,6 +537,7 @@ private void authorizeWithConfiguration(
             final String clientId,
             final ReadableArray scopes,
             final String redirectUrl,
+            final Boolean useNonce,
             final Boolean usePKCE,
             final Map<String, String> additionalParametersMap
     ) {
@@ -557,7 +563,6 @@ private void authorizeWithConfiguration(
             authRequestBuilder.setScope(scopesString);
         }
 
-
         if (additionalParametersMap != null) {
             // handle additional parameters separately to avoid exceptions from AppAuth
             if (additionalParametersMap.containsKey("display")) {
@@ -587,6 +592,10 @@ private void authorizeWithConfiguration(
             authRequestBuilder.setCodeVerifier(this.codeVerifier);
         }
 
+        if(!useNonce) {
+            authRequestBuilder.setNonce(null);
+        }
+
         AuthorizationRequest authRequest = authRequestBuilder.build();
 
         if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.LOLLIPOP) {

index.js

@@ -198,6 +198,7 @@ export const authorize = ({
   ];
 
   if (Platform.OS === 'android') {
+    nativeMethodArguments.push(useNonce);
     nativeMethodArguments.push(usePKCE);
     nativeMethodArguments.push(clientAuthMethod);
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);

index.spec.js

@@ -582,6 +582,7 @@ describe('AppAuth', () => {
             config.additionalParameters,
             config.serviceConfiguration,
             config.skipCodeExchange,
+            config.useNonce,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -600,6 +601,7 @@ describe('AppAuth', () => {
             config.additionalParameters,
             config.serviceConfiguration,
             false,
+            config.useNonce,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -618,6 +620,7 @@ describe('AppAuth', () => {
             config.additionalParameters,
             config.serviceConfiguration,
             false,
+            config.useNonce,
             config.usePKCE,
             config.clientAuthMethod,
             true,
@@ -645,6 +648,7 @@ describe('AppAuth', () => {
             config.additionalParameters,
             config.serviceConfiguration,
             false,
+            config.useNonce,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -838,6 +842,7 @@ describe('AppAuth', () => {
             config.additionalParameters,
             config.serviceConfiguration,
             false,
+            config.useNonce,
             config.usePKCE,
             config.clientAuthMethod,
             false,