Merge branch 'release/0.7.0'

Author: overheadhunter

.github/workflows/build.yml

@@ -50,8 +50,6 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE
       - name: Deploy to OSSRH
         if: startsWith(github.ref, 'refs/tags/')
         run: mvn -B deploy -Psign,deploy-central -DskipTests --no-transfer-progress
@@ -68,4 +66,4 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         uses: softprops/action-gh-release@v1
         with:
-          generate_release_notes: true
+          generate_release_notes: true

.idea/misc.xml

@@ -27,6 +27,7 @@ Configure your authorization server to allow `http://127.0.0.1/*` as a redirect
 // this library will just perform the Authorization Flow:
 var httpResponse = TinyOAuth2.client("oauth-client-id")
 		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token"))
+        .withRequestTimeout(Duration.ofSeconds(10)) // optional
 		.authFlow(URI.create("https://login.example.com/oauth2/authorize"))
 		.authorize(uri -> System.out.println("Please login on " + uri));
 
@@ -38,6 +39,17 @@ if (httpResponse.statusCode() == 200) {
 }
 ```
 
+If you wish to use a proxy or your own set of root certificates, provide your own JDK [http client](https://docs.oracle.com/en/java/javase/11/docs/api/java.net.http/java/net/http/HttpClient.html):
+```java
+var httpClient = HttpClient.newBuilder()
+        .proxy(ProxySelector.of(InetSocketAddress.createUnresolved("https:\\example.com",1337)))
+        .build();
+var httpResponse = TinyOAuth2.client("oauth-client-id")
+		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token"))
+		.authFlow(URI.create("https://login.example.com/oauth2/authorize"))
+		.authorize(httpClient, uri -> System.out.println("Please login on " + uri));
+```
+
 If your authorization server doesn't allow wildcards, you can also configure a fixed path (and even port) via e.g. `setRedirectPath("/callback")` and `setRedirectPorts(8080)`.
 
 ## Why this library?

README.md

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>io.github.coffeelibs</groupId>
 	<artifactId>tiny-oauth2-client</artifactId>
-	<version>0.6.0</version>
+	<version>0.7.0</version>
 	<name>Tiny OAuth2 Client</name>
 	<description>Zero Dependency RFC 8252 Authorization Flow</description>
 	<inceptionYear>2022</inceptionYear>
@@ -48,13 +48,13 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.8.2</version>
+			<version>5.10.0</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>
-			<version>4.4.0</version>
+			<version>5.5.0</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
@@ -64,23 +64,20 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.10.1</version>
+				<version>3.11.0</version>
 				<configuration>
 					<release>11</release>
 				</configuration>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.0.0-M5</version>
-				<configuration>
-					<useModulePath>false</useModulePath> <!-- avoid problems with Mockito -->
-				</configuration>
+				<version>3.1.2</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.2.1</version>
+				<version>3.3.0</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -93,7 +90,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.3.2</version>
+				<version>3.6.0</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>

pom.xml

@@ -8,6 +8,7 @@
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
+import java.time.Duration;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
@@ -21,6 +22,8 @@
 @ApiStatus.Experimental
 public class TinyOAuth2Client {
 
+    private static final Duration DEFAULT_REQUEST_TIMEOUT = Duration.ofSeconds(30);
+
     /**
      * @see <a href="https://datatracker.ietf.org/doc/html/rfc6749#section-2.2">Client Identifier</a>
      */
@@ -31,9 +34,29 @@ public class TinyOAuth2Client {
      */
     final URI tokenEndpoint;
 
+    /**
+     * Timeout of HTTP requests
+     */
+    final Duration requestTimeout;
+
     TinyOAuth2Client(String clientId, URI tokenEndpoint) {
+        this(clientId, tokenEndpoint, DEFAULT_REQUEST_TIMEOUT);
+    }
+
+    private TinyOAuth2Client(String clientId, URI tokenEndpoint, Duration requestTimeout) {
         this.clientId = Objects.requireNonNull(clientId);
         this.tokenEndpoint = Objects.requireNonNull(tokenEndpoint);
+        this.requestTimeout = Objects.requireNonNull(requestTimeout);
+    }
+
+    /**
+     * Creates a new OAuth2 Client with the specified request timeout
+     * @param requestTimeout HTTP request timeout
+     * @return A new client
+     * @since 0.7.0
+     */
+    public TinyOAuth2Client withRequestTimeout(Duration requestTimeout) {
+        return new TinyOAuth2Client(this.clientId, this.tokenEndpoint, requestTimeout);
     }
 
     /**
@@ -130,6 +153,7 @@ HttpRequest buildTokenRequest(Map<String, String> parameters) {
         return HttpRequest.newBuilder(tokenEndpoint) //
                 .header("Content-Type", "application/x-www-form-urlencoded") //
                 .POST(HttpRequest.BodyPublishers.ofString(urlencodedParams)) //
+                .timeout(requestTimeout) //
                 .build();
     }
 

src/main/java/io/github/coffeelibs/tinyoauth2client/TinyOAuth2Client.java

@@ -201,7 +201,7 @@ public void setup() throws IOException {
             authFlow = new AuthFlow(client, authEndpoint, pkce);
             redirectTarget = Mockito.mock(RedirectTarget.class);
             redirectTargetClass = Mockito.mockStatic(RedirectTarget.class);
-            redirectTargetClass.when(() -> RedirectTarget.start(Mockito.any(), Mockito.any())).thenReturn(redirectTarget);
+            redirectTargetClass.when(() -> RedirectTarget.start(Mockito.any(), Mockito.any(int[].class))).thenReturn(redirectTarget);
             browser = Mockito.mock(Consumer.class);
 
             var redirected = new CountDownLatch(1);
@@ -351,7 +351,7 @@ public void testAuthorizeAsync() throws IOException, ExecutionException, Interru
         var authFlow = Mockito.spy(new AuthFlow(client, authEndpoint, pkce));
         var authFlowWithCode = Mockito.mock(AuthFlow.AuthFlowWithCode.class);
         var httpResponse = Mockito.mock(HttpResponse.class);
-        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any(), Mockito.any());
+        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any());
         Mockito.doReturn(CompletableFuture.completedFuture(httpResponse)).when(authFlowWithCode).getAccessTokenAsync((HttpClient) Mockito.any());
 
         var result = authFlow.authorizeAsync(httpClient, browser);
@@ -363,7 +363,7 @@ public void testAuthorizeAsync() throws IOException, ExecutionException, Interru
     @Test
     @DisplayName("authorizeAsync(executor, ...) delegates to authorizeAsync(httpClient,...) with executor set in httpClient")
     @SuppressWarnings("unchecked")
-    public void testAuthorizeAsync2() throws IOException, ExecutionException, InterruptedException {
+    public void testAuthorizeAsync2() {
         var executor = Mockito.mock(Executor.class);
         Consumer<URI> browser = Mockito.mock(Consumer.class);
         var authFlow = Mockito.spy(new AuthFlow(client, authEndpoint, pkce));
@@ -382,7 +382,7 @@ public void testAuthorizeAsyncWithError1() throws IOException {
         Consumer<URI> browser = Mockito.mock(Consumer.class);
         //var executor = Mockito.mock(Executor.class);
         var authFlow = Mockito.spy(new AuthFlow(client, authEndpoint, pkce));
-        Mockito.doThrow(new IOException("error")).when(authFlow).requestAuthCode(Mockito.any(), Mockito.any());
+        Mockito.doThrow(new IOException("error")).when(authFlow).requestAuthCode(Mockito.any());
 
         var result = authFlow.authorizeAsync(Runnable::run, browser);
 
@@ -397,7 +397,7 @@ public void testAuthorizeAsyncWithError2() throws IOException {
         //var executor = Mockito.mock(Executor.class);
         var authFlow = Mockito.spy(new AuthFlow(client, authEndpoint, pkce));
         var authFlowWithCode = Mockito.mock(AuthFlow.AuthFlowWithCode.class);
-        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any(), Mockito.any());
+        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any());
 
         var result = authFlow.authorizeAsync(Runnable::run, browser);
 
@@ -413,7 +413,7 @@ public void testAuthorize() throws IOException, InterruptedException {
         var authFlow = Mockito.spy(new AuthFlow(client, authEndpoint, pkce));
         var authFlowWithCode = Mockito.mock(AuthFlow.AuthFlowWithCode.class);
         var httpResponse = Mockito.mock(HttpResponse.class);
-        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any(), Mockito.any());
+        Mockito.doReturn(authFlowWithCode).when(authFlow).requestAuthCode(Mockito.any());
         Mockito.doReturn(httpResponse).when(authFlowWithCode).getAccessToken(httpClient);
 
         var result = authFlow.authorize(httpClient, browser);

src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java

@@ -11,6 +11,7 @@
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
+import java.time.Duration;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
@@ -31,9 +32,21 @@ public void testAuthFlow() {
         Assertions.assertNotNull(authFlow.pkce);
     }
 
+    @Test
+    @DisplayName("withRequestTimeout(...)")
+    public void testWithRequestTimeout() {
+        var client = new TinyOAuth2Client("my-client", URI.create("http://example.com/oauth2/token"));
+        var timeout = Duration.ofMillis(1337L);
+
+        var newClient = client.withRequestTimeout(timeout);
+
+        Assertions.assertNotSame(client, newClient);
+        Assertions.assertEquals(timeout, newClient.requestTimeout);
+    }
+
     @Test
     @DisplayName("refreshAsync(executor, \"r3fr3sh70k3n\") sends refresh token request")
-    public void testRefreshAsync() throws ExecutionException {
+    public void testRefreshAsync() {
         var tokenEndpoint = URI.create("http://example.com/oauth2/token");
         var client = Mockito.spy(new TinyOAuth2Client("my-client", tokenEndpoint));
         var executor = Mockito.mock(Executor.class);
@@ -59,7 +72,7 @@ public void testRefreshAsync() throws ExecutionException {
 
     @Test
     @DisplayName("refreshAsync(executor, \"r3fr3sh70k3n\", \"foo\", \"bar\") sends refresh token request")
-    public void testRefreshAsyncWithScopes() throws ExecutionException {
+    public void testRefreshAsyncWithScopes() {
         var tokenEndpoint = URI.create("http://example.com/oauth2/token");
         var client = Mockito.spy(new TinyOAuth2Client("my-client", tokenEndpoint));
         var executor = Mockito.mock(Executor.class);
@@ -71,7 +84,7 @@ public void testRefreshAsyncWithScopes() throws ExecutionException {
             httpClientClass.when(HttpClient::newBuilder).thenReturn(httpClientBuilder);
             Mockito.doReturn(httpClient).when(httpClientBuilder).build();
             Mockito.doReturn(httpClientBuilder).when(httpClientBuilder).executor(Mockito.any());
-            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest(Mockito.any(), Mockito.any());
+            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest("r3fr3sh70k3n", "foo", "bar");
             Mockito.doReturn(CompletableFuture.completedFuture(httpRespone)).when(httpClient).sendAsync(Mockito.any(), Mockito.any());
 
             var result = client.refreshAsync(executor, "r3fr3sh70k3n", "foo", "bar");
@@ -93,7 +106,7 @@ public void testRefresh() throws IOException, InterruptedException {
         var httpRespone = Mockito.mock(HttpResponse.class);
         try (var httpClientClass = Mockito.mockStatic(HttpClient.class)) {
             httpClientClass.when(HttpClient::newHttpClient).thenReturn(httpClient);
-            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest(Mockito.any());
+            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest("r3fr3sh70k3n");
             Mockito.doReturn(httpRespone).when(httpClient).send(Mockito.any(), Mockito.any());
 
             var result = client.refresh("r3fr3sh70k3n");
@@ -114,7 +127,7 @@ public void testRefreshWithScopes() throws IOException, InterruptedException {
         var httpRespone = Mockito.mock(HttpResponse.class);
         try (var httpClientClass = Mockito.mockStatic(HttpClient.class)) {
             httpClientClass.when(HttpClient::newHttpClient).thenReturn(httpClient);
-            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest(Mockito.any(), Mockito.any());
+            Mockito.doReturn(httpRequest).when(client).buildRefreshTokenRequest("r3fr3sh70k3n", "foo", "bar");
             Mockito.doReturn(httpRespone).when(httpClient).send(Mockito.any(), Mockito.any());
 
             var result = client.refresh("r3fr3sh70k3n", "foo", "bar");
@@ -181,6 +194,7 @@ public void testBuildTokenRequest() {
             bodyPublishersClass.verify(() -> HttpRequest.BodyPublishers.ofString("query=string&mock=true"));
             Assertions.assertEquals(tokenEndpoint, request.uri());
             Assertions.assertEquals("POST", request.method());
+            Assertions.assertEquals(client.requestTimeout, request.timeout().get());
             Assertions.assertEquals(bodyPublisher, request.bodyPublisher().get());
             Assertions.assertEquals("application/x-www-form-urlencoded", request.headers().firstValue("Content-Type").orElse(null));
         }