logto-io
diff --git a/‎android-sdk/android/src/main/kotlin/io/logto/sdk/android/LogtoClient.kt
Lines changed: 33 additions & 0 deletions b/‎android-sdk/android/src/main/kotlin/io/logto/sdk/android/LogtoClient.kt
Lines changed: 33 additions & 0 deletions
diff --git a/‎android-sdk/android/src/main/kotlin/io/logto/sdk/android/type/LogtoConfig.kt
Lines changed: 1 addition & 1 deletion b/‎android-sdk/android/src/main/kotlin/io/logto/sdk/android/type/LogtoConfig.kt
Lines changed: 1 addition & 1 deletion
diff --git a/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/LogtoClientTest.kt
Lines changed: 105 additions & 0 deletions b/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/LogtoClientTest.kt
Lines changed: 105 additions & 0 deletions
diff --git a/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/auth/logto/LogtoAuthSessionTest.kt
Lines changed: 1 addition & 0 deletions b/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/auth/logto/LogtoAuthSessionTest.kt
Lines changed: 1 addition & 0 deletions
diff --git a/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/type/LogtoConfigTest.kt
Lines changed: 3 additions & 2 deletions b/‎android-sdk/android/src/test/kotlin/io/logto/sdk/android/type/LogtoConfigTest.kt
Lines changed: 3 additions & 2 deletions
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/Core.kt
Lines changed: 12 additions & 1 deletion b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/Core.kt
Lines changed: 12 additions & 1 deletion
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/ClaimName.kt
Lines changed: 7 additions & 1 deletion b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/ClaimName.kt
Lines changed: 7 additions & 1 deletion
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/ReservedScope.kt
Lines changed: 0 additions & 1 deletion b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/ReservedScope.kt
Lines changed: 0 additions & 1 deletion
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/UserScope.kt
Lines changed: 9 additions & 0 deletions b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/constant/UserScope.kt
Lines changed: 9 additions & 0 deletions
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/extension/JwtClaimsExt.kt
Lines changed: 5 additions & 1 deletion b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/extension/JwtClaimsExt.kt
Lines changed: 5 additions & 1 deletion
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/IdTokenClaims.kt
Lines changed: 9 additions & 1 deletion b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/IdTokenClaims.kt
Lines changed: 9 additions & 1 deletion
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/OidcConfigResponse.kt
Lines changed: 1 addition & 0 deletions b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/OidcConfigResponse.kt
Lines changed: 1 addition & 0 deletions
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/UserInfoResponse.kt
Lines changed: 27 additions & 0 deletions b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/type/UserInfoResponse.kt
Lines changed: 27 additions & 0 deletions
diff --git a/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/util/ScopeUtils.kt
Lines changed: 5 additions & 4 deletions b/‎kotlin-sdk/kotlin/src/main/kotlin/io/logto/sdk/core/util/ScopeUtils.kt
Lines changed: 5 additions & 4 deletions
@@ -18,6 +18,7 @@ import io.logto.sdk.core.Core
 import io.logto.sdk.core.constant.ReservedScope
 import io.logto.sdk.core.type.IdTokenClaims
 import io.logto.sdk.core.type.OidcConfigResponse
+import io.logto.sdk.core.type.UserInfoResponse
 import io.logto.sdk.core.util.TokenUtils
 import org.jetbrains.annotations.TestOnly
 import org.jose4j.jwk.JsonWebKeySet
@@ -308,6 +309,38 @@ open class LogtoClient(
         }
     }
 
+    /**
+     * Fetch user info
+     * @param[completion] the completion which handles the retrieved result
+     */
+    fun fetchUserInfo(completion: Completion<LogtoException, UserInfoResponse>) {
+        getOidcConfig { getOidcConfigException, oidcConfig ->
+            getOidcConfigException?.let {
+                completion.onComplete(it, null)
+                return@getOidcConfig
+            }
+            getAccessToken { getAccessTokenException, accessToken ->
+                getAccessTokenException?.let {
+                    completion.onComplete(it, null)
+                    return@getAccessToken
+                }
+                Core.fetchUserInfo(
+                    userInfoEndpoint = requireNotNull(oidcConfig).userinfoEndpoint,
+                    accessToken = requireNotNull(accessToken).token,
+                ) fetchUserInfoInCore@{ fetchUserInfoException, userInfoResponse ->
+                    fetchUserInfoException?.let {
+                        completion.onComplete(
+                            LogtoException(LogtoException.Type.UNABLE_TO_FETCH_USER_INFO, it),
+                            null,
+                        )
+                        return@fetchUserInfoInCore
+                    }
+                    completion.onComplete(null, userInfoResponse)
+                }
+            }
+        }
+    }
+
     private fun verifyAndSaveTokenResponse(
         issuer: String,
         responseIdToken: String?,
 
@@ -11,5 +11,5 @@ class LogtoConfig(
     val usingPersistStorage: Boolean = true,
     val prompt: String = PromptValue.CONSENT,
 ) {
-    val scopes = ScopeUtils.withReservedScopes(scopes)
+    val scopes = ScopeUtils.withDefaultScopes(scopes)
 }
@@ -14,6 +14,7 @@ import io.logto.sdk.core.http.HttpEmptyCompletion
 import io.logto.sdk.core.type.IdTokenClaims
 import io.logto.sdk.core.type.OidcConfigResponse
 import io.logto.sdk.core.type.RefreshTokenTokenResponse
+import io.logto.sdk.core.type.UserInfoResponse
 import io.logto.sdk.core.util.TokenUtils
 import io.mockk.Runs
 import io.mockk.clearAllMocks
@@ -50,6 +51,7 @@ class LogtoClientTest {
         private const val TEST_APP_ID = "app_id"
         private const val TEST_REFRESH_TOKEN = "refreshToken"
         private const val TEST_TOKEN_ENDPOINT = "tokenEndpoint"
+        private const val TEST_USERINFO_ENDPOINT = "userinfoEndpoint"
         private const val TEST_REVOCATION_ENDPOINT = "endSessionEndpoint"
         private const val TEST_ISSUER = "issuer"
         private const val TEST_ACCESS_TOKEN = "accessToken"
@@ -439,6 +441,109 @@ class LogtoClientTest {
         }
     }
 
+    @Test
+    fun `fetchUserInfo should complete with user info`() {
+        logtoClient = LogtoClient(logtoConfigMock, mockk())
+
+        every { oidcConfigResponseMock.userinfoEndpoint } returns TEST_USERINFO_ENDPOINT
+
+        mockkObject(logtoClient)
+        every { logtoClient.getOidcConfig(any()) } answers {
+            firstArg<Completion<LogtoException, OidcConfigResponse>>().onComplete(null, oidcConfigResponseMock)
+        }
+        val accessTokenMock: AccessToken = mockk()
+        every { accessTokenMock.token } returns TEST_ACCESS_TOKEN
+        every { logtoClient.getAccessToken(any(), any()) } answers {
+            lastArg<Completion<LogtoException, AccessToken>>().onComplete(null, accessTokenMock)
+        }
+
+        val userInfoResponseMock: UserInfoResponse = mockk()
+
+        mockkObject(Core)
+        every { Core.fetchUserInfo(any(), any(), any()) } answers {
+            lastArg<HttpCompletion<UserInfoResponse>>().onComplete(null, userInfoResponseMock)
+        }
+
+        logtoClient.fetchUserInfo { logtoException, result ->
+            assertThat(logtoException).isNull()
+            assertThat(result).isEqualTo(userInfoResponseMock)
+        }
+    }
+
+    @Test
+    fun `fetchUserInfo should complete with exception if cannot get oidc config`() {
+        logtoClient = LogtoClient(logtoConfigMock, mockk())
+
+        mockkObject(logtoClient)
+        every { logtoClient.getOidcConfig(any()) } answers {
+            firstArg<Completion<LogtoException, OidcConfigResponse>>().onComplete(
+                LogtoException(LogtoException.Type.UNABLE_TO_FETCH_OIDC_CONFIG),
+                null,
+            )
+        }
+
+        logtoClient.fetchUserInfo { logtoException, result ->
+            assertThat(logtoException)
+                .hasMessageThat()
+                .isEqualTo(LogtoException.Type.UNABLE_TO_FETCH_OIDC_CONFIG.name)
+            assertThat(result).isNull()
+        }
+    }
+
+    @Test
+    fun `fetchUserInfo should complete with exception if cannot get access token`() {
+        logtoClient = LogtoClient(logtoConfigMock, mockk())
+
+        every { oidcConfigResponseMock.userinfoEndpoint } returns TEST_USERINFO_ENDPOINT
+
+        mockkObject(logtoClient)
+        every { logtoClient.getOidcConfig(any()) } answers {
+            firstArg<Completion<LogtoException, OidcConfigResponse>>().onComplete(null, oidcConfigResponseMock)
+        }
+
+        val mockGetAccessTokenException: LogtoException = mockk()
+        every { logtoClient.getAccessToken(any(), any()) } answers {
+            lastArg<Completion<LogtoException, AccessToken>>().onComplete(mockGetAccessTokenException, null)
+        }
+
+        logtoClient.fetchUserInfo { logtoException, result ->
+            assertThat(logtoException).isEqualTo(mockGetAccessTokenException)
+            assertThat(result).isNull()
+        }
+    }
+
+    @Test
+    fun `fetchUserInfo should complete with exception if fetchUserInfo failed`() {
+        logtoClient = LogtoClient(logtoConfigMock, mockk())
+
+        every { oidcConfigResponseMock.userinfoEndpoint } returns TEST_USERINFO_ENDPOINT
+
+        mockkObject(logtoClient)
+        every { logtoClient.getOidcConfig(any()) } answers {
+            firstArg<Completion<LogtoException, OidcConfigResponse>>().onComplete(null, oidcConfigResponseMock)
+        }
+        val accessTokenMock: AccessToken = mockk()
+        every { accessTokenMock.token } returns TEST_ACCESS_TOKEN
+        every { logtoClient.getAccessToken(any(), any()) } answers {
+            lastArg<Completion<LogtoException, AccessToken>>().onComplete(null, accessTokenMock)
+        }
+
+        mockkObject(Core)
+        every { Core.fetchUserInfo(any(), any(), any()) } answers {
+            lastArg<HttpCompletion<UserInfoResponse>>().onComplete(
+                LogtoException(LogtoException.Type.UNABLE_TO_FETCH_USER_INFO),
+                null,
+            )
+        }
+
+        logtoClient.fetchUserInfo { logtoException, result ->
+            assertThat(logtoException)
+                .hasMessageThat()
+                .isEqualTo(LogtoException.Type.UNABLE_TO_FETCH_USER_INFO.name)
+            assertThat(result).isNull()
+        }
+    }
+
     @Test
     fun `getJwks should complete with jwks`() {
         every { oidcConfigResponseMock.jwksUri } returns "https://logto.dev/oidc/jwks"
 
@@ -31,6 +31,7 @@ class LogtoAuthSessionTest {
         authorizationEndpoint = "authorizationEndpoint",
         tokenEndpoint = "tokenEndpoint",
         endSessionEndpoint = "endSessionEndpoint",
+        userinfoEndpoint = "userinfoEndpoint",
         jwksUri = "jwksUri",
         issuer = "issuer",
         revocationEndpoint = "revocationEndpoint",
 
@@ -2,6 +2,7 @@ package io.logto.sdk.android.type
 
 import com.google.common.truth.Truth.assertThat
 import io.logto.sdk.core.constant.ReservedScope
+import io.logto.sdk.core.constant.UserScope
 import org.junit.Test
 
 class LogtoConfigTest {
@@ -15,7 +16,7 @@ class LogtoConfigTest {
         assertThat(logtoConfigWithoutScope.scopes).apply {
             contains(ReservedScope.OPENID)
             contains(ReservedScope.OFFLINE_ACCESS)
-            contains(ReservedScope.PROFILE)
+            contains(UserScope.PROFILE)
         }
 
         val logtoConfigWithOtherScope = LogtoConfig(
@@ -27,7 +28,7 @@ class LogtoConfigTest {
         assertThat(logtoConfigWithOtherScope.scopes).apply {
             contains(ReservedScope.OPENID)
             contains(ReservedScope.OFFLINE_ACCESS)
-            contains(ReservedScope.PROFILE)
+            contains(UserScope.PROFILE)
             contains("other_scope")
         }
     }
 
@@ -13,6 +13,7 @@ import io.logto.sdk.core.http.httpPost
 import io.logto.sdk.core.type.CodeTokenResponse
 import io.logto.sdk.core.type.OidcConfigResponse
 import io.logto.sdk.core.type.RefreshTokenTokenResponse
+import io.logto.sdk.core.type.UserInfoResponse
 import io.logto.sdk.core.util.ScopeUtils
 import okhttp3.FormBody
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
@@ -38,7 +39,7 @@ object Core {
             addQueryParameter(QueryKey.STATE, state)
             addQueryParameter(QueryKey.REDIRECT_URI, redirectUri)
             addQueryParameter(QueryKey.RESPONSE_TYPE, ResponseType.CODE)
-            addQueryParameter(QueryKey.SCOPE, ScopeUtils.withReservedScopes(scopes).joinToString(" "))
+            addQueryParameter(QueryKey.SCOPE, ScopeUtils.withDefaultScopes(scopes).joinToString(" "))
             resources?.let { for (value in it) { addQueryParameter(QueryKey.RESOURCE, value) } }
             addQueryParameter(QueryKey.PROMPT, prompt ?: PromptValue.CONSENT)
         }.build().toString()
@@ -104,6 +105,16 @@ object Core {
         httpPost(tokenEndpoint, formBody, completion)
     }
 
+    fun fetchUserInfo(
+        userInfoEndpoint: String,
+        accessToken: String,
+        completion: HttpCompletion<UserInfoResponse>,
+    ) = httpGet(
+        userInfoEndpoint,
+        headers = mapOf("Authorization" to "Bearer $accessToken"),
+        completion,
+    )
+
     fun revoke(
         revocationEndpoint: String,
         clientId: String,
 
@@ -4,6 +4,12 @@ object ClaimName {
     const val AT_HASH = "at_hash"
     const val NAME = "name"
     const val USERNAME = "username"
-    const val AVATAR = "avatar"
+    const val PICTURE = "picture"
     const val ROLE_NAMES = "roleNames"
+    const val EMAIL = "email"
+    const val EMAIL_VERIFIED = "email_verified"
+    const val PHONE_NUMBER = "phone_number"
+    const val PHONE_NUMBER_VERIFIED = "phone_number_verified"
+    const val CUSTOM_DATA = "custom_data"
+    const val IDENTITIES = "identities"
 }
@@ -3,5 +3,4 @@ package io.logto.sdk.core.constant
 object ReservedScope {
     const val OPENID = "openid"
     const val OFFLINE_ACCESS = "offline_access"
-    const val PROFILE = "profile"
 }
@@ -0,0 +1,9 @@
+package io.logto.sdk.core.constant
+
+object UserScope {
+    const val PROFILE = "profile"
+    const val EMAIL = "email"
+    const val PHONE = "phone"
+    const val CUSTOM_DATA = "custom_data"
+    const val IDENTITIES = "identities"
+}
@@ -13,6 +13,10 @@ fun JwtClaims.toIdTokenClaims(): IdTokenClaims = IdTokenClaims(
     atHash = this.getClaimValueAsString(ClaimName.AT_HASH),
     name = this.getClaimValueAsString(ClaimName.NAME),
     username = this.getClaimValueAsString(ClaimName.USERNAME),
-    avatar = this.getClaimValueAsString(ClaimName.AVATAR),
+    picture = this.getClaimValueAsString(ClaimName.PICTURE),
     roleNames = this.getStringListClaimValue(ClaimName.ROLE_NAMES),
+    email = this.getClaimValueAsString(ClaimName.EMAIL),
+    emailVerified = this.getClaimValue(ClaimName.EMAIL_VERIFIED) as Boolean?,
+    phoneNumber = this.getClaimValueAsString(ClaimName.PHONE_NUMBER),
+    phoneNumberVerified = this.getClaimValue(ClaimName.PHONE_NUMBER_VERIFIED) as Boolean?,
 )
@@ -11,6 +11,14 @@ data class IdTokenClaims(
     // Scope `profile`
     val name: String?,
     val username: String?,
-    val avatar: String?,
+    val picture: String?,
     val roleNames: List<String>?,
+
+    // Scope `email`
+    val email: String?,
+    val emailVerified: Boolean?,
+
+    // Scope `phone`
+    val phoneNumber: String?,
+    val phoneNumberVerified: Boolean?,
 )
@@ -4,6 +4,7 @@ data class OidcConfigResponse(
     val authorizationEndpoint: String,
     val tokenEndpoint: String,
     val endSessionEndpoint: String,
+    val userinfoEndpoint: String,
     val jwksUri: String,
     val issuer: String,
     val revocationEndpoint: String,
 
@@ -0,0 +1,27 @@
+package io.logto.sdk.core.type
+
+import com.google.gson.JsonObject
+
+data class UserInfoResponse(
+    val sub: String,
+
+    // Scope `profile`
+    val name: String?,
+    val username: String?,
+    val picture: String?,
+    val roleNames: List<String>?,
+
+    // Scope `email`
+    val email: String?,
+    val emailVerified: Boolean?,
+
+    // Scope `phone`
+    val phoneNumber: String?,
+    val phoneNumberVerified: Boolean?,
+
+    // Scope `custom_data`
+    val customData: JsonObject?,
+
+    // Scope `identities`
+    val identities: JsonObject?,
+)
@@ -1,18 +1,19 @@
 package io.logto.sdk.core.util
 
 import io.logto.sdk.core.constant.ReservedScope
+import io.logto.sdk.core.constant.UserScope
 
 object ScopeUtils {
     /**
-     * Ensure the scope list contains `open_id` and `offline_access`
+     * Ensure the scope list contains `open_id`, `offline_access` and `profile`
      * @param[scopes] The origin scope list
-     * @return The scope list which contains `open_id` and `offline_access`
+     * @return The scope list which contains `open_id`, `offline_access` and `profile`
      */
-    fun withReservedScopes(scopes: List<String>?): List<String> = (
+    fun withDefaultScopes(scopes: List<String>?): List<String> = (
         (scopes ?: listOf()) + listOf(
             ReservedScope.OPENID,
             ReservedScope.OFFLINE_ACCESS,
-            ReservedScope.PROFILE,
+            UserScope.PROFILE,
         )
         ).distinct()
 }
Original file line number	Diff line number	Diff line change
`@@ -11,5 +11,5 @@ class LogtoConfig(`
`11`	`11`	`val usingPersistStorage: Boolean = true,`
`12`	`12`	`val prompt: String = PromptValue.CONSENT,`
`13`	`13`	`) {`
`14`		`- val scopes = ScopeUtils.withReservedScopes(scopes)`
	`14`	`+ val scopes = ScopeUtils.withDefaultScopes(scopes)`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,4 @@ package io.logto.sdk.core.constant`
`3`	`3`	`object ReservedScope {`
`4`	`4`	`const val OPENID = "openid"`
`5`	`5`	`const val OFFLINE_ACCESS = "offline_access"`
`6`		`- const val PROFILE = "profile"`
`7`	`6`	`}`