sync: allow adding multiple credentials for auth objectbox-java#252

add new CredentialsType for JWT tokens
add addLoginCredentials to SyncClientImpl.java

Author: Shubham

objectbox-java/src/main/java/io/objectbox/sync/CredentialsType.java

@@ -54,5 +54,21 @@ private CredentialsType() { }
    * Generic credential type suitable for ObjectBox admin (and possibly others in the future)
    */
   public static final int UserPassword = 6;
+  /**
+   * JSON Web Token (JWT): an ID token that typically provides identity information about the authenticated user.
+   */
+  public static final int JwtId = 7;
+  /**
+   * JSON Web Token (JWT): an access token that is used to access resources.
+   */
+  public static final int JwtAccess = 8;
+  /**
+   * JSON Web Token (JWT): a refresh token that is used to obtain a new access token.
+   */
+  public static final int JwtRefresh = 9;
+  /**
+   * JSON Web Token (JWT): a token that is neither an ID, access, nor refresh token.
+   */
+  public static final int JwtCustom = 10;
 }
 

objectbox-java/src/main/java/io/objectbox/sync/Sync.java

@@ -63,6 +63,19 @@ public static SyncBuilder client(BoxStore boxStore, String url, SyncCredentials
         return new SyncBuilder(boxStore, url, credentials);
     }
 
+    /**
+     * Starts building a {@link SyncClient}. Once done, complete with {@link SyncBuilder#build() build()}.
+     *
+     * @param boxStore The {@link BoxStore} the client should use.
+     * @param url The URL of the Sync server on which the Sync protocol is exposed. This is typically a WebSockets URL
+     * starting with {@code ws://} or {@code wss://} (for encrypted connections), for example
+     * {@code ws://127.0.0.1:9999}.
+     * @param multipleCredentials An array of {@link SyncCredentials} to be used to authenticate the user.
+     */
+    public static SyncBuilder client(BoxStore boxStore, String url, SyncCredentials[] multipleCredentials) {
+        return new SyncBuilder(boxStore, url, multipleCredentials);
+    }
+
     /**
      * Starts building a {@link SyncServer}. Once done, complete with {@link SyncServerBuilder#build() build()}.
      * <p>

objectbox-java/src/main/java/io/objectbox/sync/SyncBuilder.java

@@ -17,6 +17,8 @@
 package io.objectbox.sync;
 
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
 import javax.annotation.Nullable;
 
@@ -40,7 +42,7 @@ public final class SyncBuilder {
     final Platform platform;
     final BoxStore boxStore;
     String url;
-    final SyncCredentials credentials;
+    final List<SyncCredentials> credentials;
 
     @Nullable SyncLoginListener loginListener;
     @Nullable SyncCompletedListener completedListener;
@@ -94,7 +96,23 @@ public SyncBuilder(BoxStore boxStore, SyncCredentials credentials) {
         }
         this.platform = Platform.findPlatform();
         this.boxStore = boxStore;
-        this.credentials = credentials;
+        this.credentials = Collections.singletonList(credentials);
+    }
+
+    @Internal
+    public SyncBuilder(BoxStore boxStore, SyncCredentials[] multipleCredentials) {
+        checkNotNull(boxStore, "BoxStore is required.");
+        if (multipleCredentials.length == 0) {
+            throw new IllegalArgumentException("At least one Sync credential is required.");
+        }
+        if (!BoxStore.isSyncAvailable()) {
+            throw new IllegalStateException(
+                    "This library does not include ObjectBox Sync. " +
+                            "Please visit https://objectbox.io/sync/ for options.");
+        }
+        this.platform = Platform.findPlatform();
+        this.boxStore = boxStore;
+        this.credentials = Arrays.asList(multipleCredentials);
     }
 
     @Internal
@@ -104,6 +122,13 @@ public SyncBuilder(BoxStore boxStore, String url, SyncCredentials credentials) {
         this.url = url;
     }
 
+    @Internal
+    public SyncBuilder(BoxStore boxStore, String url, SyncCredentials[] multipleCredentials) {
+        this(boxStore, multipleCredentials);
+        checkNotNull(url, "Sync server URL is required.");
+        this.url = url;
+    }
+
     /**
      * Allows internal code to set the Sync server URL after creating this builder.
      */

objectbox-java/src/main/java/io/objectbox/sync/SyncClient.java

@@ -133,6 +133,8 @@ public interface SyncClient extends Closeable {
      */
     void setLoginCredentials(SyncCredentials credentials);
 
+    void setLoginCredentials(SyncCredentials[] multipleCredentials);
+
     /**
      * Waits until the sync client receives a response to its first (connection and) login attempt
      * or until the given time has expired.

objectbox-java/src/main/java/io/objectbox/sync/SyncClientImpl.java

@@ -96,7 +96,13 @@ public final class SyncClientImpl implements SyncClient {
         this.internalListener = new InternalSyncClientListener();
         nativeSetListener(handle, internalListener);
 
-        setLoginCredentials(builder.credentials);
+        if (builder.credentials.size() == 1) {
+            setLoginCredentials(builder.credentials.get(0));
+        } else if (builder.credentials.size() > 1) {
+            setLoginCredentials(builder.credentials.toArray(new SyncCredentials[0]));
+        } else {
+            throw new IllegalArgumentException("No credentials provided");
+        }
 
         // If created successfully, let store keep a reference so the caller does not have to.
         InternalAccess.setSyncClient(builder.boxStore, this);
@@ -196,6 +202,26 @@ public void setLoginCredentials(SyncCredentials credentials) {
         }
     }
 
+    @Override
+    public void setLoginCredentials(SyncCredentials[] multipleCredentials) {
+        for (int i = 0; i < multipleCredentials.length; i++) {
+            SyncCredentials credentials = multipleCredentials[i];
+            boolean isLast = i == multipleCredentials.length - 1;
+            if (credentials instanceof SyncCredentialsToken) {
+                SyncCredentialsToken credToken = (SyncCredentialsToken) credentials;
+                nativeAddLoginCredentials(getHandle(), credToken.getTypeId(), credToken.getTokenBytes(), isLast);
+                credToken.clear(); // Clear immediately, not needed anymore.
+            } else if (credentials instanceof SyncCredentialsUserPassword) {
+                SyncCredentialsUserPassword credUserPassword = (SyncCredentialsUserPassword) credentials;
+                nativeAddLoginCredentialsUserPassword(getHandle(), credUserPassword.getTypeId(), credUserPassword.getUsername(),
+                        credUserPassword.getPassword(), isLast);
+            } else {
+                throw new IllegalArgumentException("credentials is not a supported type");
+            }
+        }
+    }
+
+
     @Override
     public boolean awaitFirstLogin(long millisToWait) {
         if (!started) {
@@ -322,6 +348,10 @@ public ObjectsMessageBuilder startObjectsMessage(long flags, @Nullable String to
 
     private native void nativeSetLoginInfoUserPassword(long handle, long credentialsType, String username, String password);
 
+    private native void nativeAddLoginCredentials(long handle, long credentialsType, @Nullable byte[] credentials, boolean complete);
+
+    private native void nativeAddLoginCredentialsUserPassword(long handle, long credentialsType, String username, String password, boolean complete);
+
     private native void nativeSetListener(long handle, @Nullable InternalSyncClientListener listener);
 
     private native void nativeSetSyncChangesListener(long handle, @Nullable SyncChangeListener advancedListener);

objectbox-java/src/main/java/io/objectbox/sync/SyncCredentials.java

@@ -52,6 +52,22 @@ public static SyncCredentials userAndPassword(String user, String password) {
         return new SyncCredentialsUserPassword(user, password);
     }
 
+    public static SyncCredentials jwtIdToken(String jwtIdToken) {
+        return new SyncCredentialsToken(CredentialsType.JWT_ID_TOKEN, jwtIdToken);
+    }
+
+    public static SyncCredentials jwtAccessToken(String jwtAccessToken) {
+        return new SyncCredentialsToken(CredentialsType.JWT_ACCESS_TOKEN, jwtAccessToken);
+    }
+
+    public static SyncCredentials jwtRefreshToken(String jwtRefreshToken) {
+        return new SyncCredentialsToken(CredentialsType.JWT_REFRESH_TOKEN, jwtRefreshToken);
+    }
+
+    public static SyncCredentials jwtCustomToken(String jwtCustomToken) {
+        return new SyncCredentialsToken(CredentialsType.JWT_CUSTOM_TOKEN, jwtCustomToken);
+    }
+
     /**
      * No authentication, unsecured. Use only for development and testing purposes.
      */
@@ -65,7 +81,11 @@ public enum CredentialsType {
         GOOGLE(io.objectbox.sync.CredentialsType.GoogleAuth),
         SHARED_SECRET_SIPPED(io.objectbox.sync.CredentialsType.SharedSecretSipped),
         OBX_ADMIN_USER(io.objectbox.sync.CredentialsType.ObxAdminUser),
-        USER_PASSWORD(io.objectbox.sync.CredentialsType.UserPassword);
+        USER_PASSWORD(io.objectbox.sync.CredentialsType.UserPassword),
+        JWT_ID_TOKEN(io.objectbox.sync.CredentialsType.JwtId),
+        JWT_ACCESS_TOKEN(io.objectbox.sync.CredentialsType.JwtAccess),
+        JWT_REFRESH_TOKEN(io.objectbox.sync.CredentialsType.JwtRefresh),
+        JWT_CUSTOM_TOKEN(io.objectbox.sync.CredentialsType.JwtCustom);
 
         public final long id;
 

objectbox-java/src/main/java/io/objectbox/sync/server/JwtConfig.java

@@ -0,0 +1,93 @@
+// automatically generated by the FlatBuffers compiler, do not modify
+
+package io.objectbox.sync.server;
+
+import io.objectbox.flatbuffers.BaseVector;
+import io.objectbox.flatbuffers.BooleanVector;
+import io.objectbox.flatbuffers.ByteVector;
+import io.objectbox.flatbuffers.Constants;
+import io.objectbox.flatbuffers.DoubleVector;
+import io.objectbox.flatbuffers.FlatBufferBuilder;
+import io.objectbox.flatbuffers.FloatVector;
+import io.objectbox.flatbuffers.IntVector;
+import io.objectbox.flatbuffers.LongVector;
+import io.objectbox.flatbuffers.ShortVector;
+import io.objectbox.flatbuffers.StringVector;
+import io.objectbox.flatbuffers.Struct;
+import io.objectbox.flatbuffers.Table;
+import io.objectbox.flatbuffers.UnionVector;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+
+@SuppressWarnings("unused")
+public final class JwtConfig extends Table {
+    public static void ValidateVersion() { Constants.FLATBUFFERS_23_5_26(); }
+    public static JwtConfig getRootAsJwtConfig(ByteBuffer _bb) { return getRootAsJwtConfig(_bb, new JwtConfig()); }
+    public static JwtConfig getRootAsJwtConfig(ByteBuffer _bb, JwtConfig obj) { _bb.order(ByteOrder.LITTLE_ENDIAN); return (obj.__assign(_bb.getInt(_bb.position()) + _bb.position(), _bb)); }
+    public void __init(int _i, ByteBuffer _bb) { __reset(_i, _bb); }
+    public JwtConfig __assign(int _i, ByteBuffer _bb) { __init(_i, _bb); return this; }
+
+    /**
+     * URL to fetch the current public key used to verify JWT signatures.
+     */
+    public String publicKeyUrl() { int o = __offset(4); return o != 0 ? __string(o + bb_pos) : null; }
+    public ByteBuffer publicKeyUrlAsByteBuffer() { return __vector_as_bytebuffer(4, 1); }
+    public ByteBuffer publicKeyUrlInByteBuffer(ByteBuffer _bb) { return __vector_in_bytebuffer(_bb, 4, 1); }
+    /**
+     * Fixed public key used to sign JWT tokens; e.g. for development purposes.
+     * Supply either publicKey or publicKeyUrl, but not both.
+     */
+    public String publicKey() { int o = __offset(6); return o != 0 ? __string(o + bb_pos) : null; }
+    public ByteBuffer publicKeyAsByteBuffer() { return __vector_as_bytebuffer(6, 1); }
+    public ByteBuffer publicKeyInByteBuffer(ByteBuffer _bb) { return __vector_in_bytebuffer(_bb, 6, 1); }
+    /**
+     * Cache expiration time in seconds for the public key(s) fetched from publicKeyUrl.
+     * If absent or zero, the default is used.
+     */
+    public long publicKeyCacheExpirationSeconds() { int o = __offset(8); return o != 0 ? (long)bb.getInt(o + bb_pos) & 0xFFFFFFFFL : 0L; }
+    /**
+     * JWT claim "aud" (audience) used to verify JWT tokens.
+     */
+    public String claimAud() { int o = __offset(10); return o != 0 ? __string(o + bb_pos) : null; }
+    public ByteBuffer claimAudAsByteBuffer() { return __vector_as_bytebuffer(10, 1); }
+    public ByteBuffer claimAudInByteBuffer(ByteBuffer _bb) { return __vector_in_bytebuffer(_bb, 10, 1); }
+    /**
+     * JWT claim "iss" (issuer) used to verify JWT tokens.
+     */
+    public String claimIss() { int o = __offset(12); return o != 0 ? __string(o + bb_pos) : null; }
+    public ByteBuffer claimIssAsByteBuffer() { return __vector_as_bytebuffer(12, 1); }
+    public ByteBuffer claimIssInByteBuffer(ByteBuffer _bb) { return __vector_in_bytebuffer(_bb, 12, 1); }
+
+    public static int createJwtConfig(FlatBufferBuilder builder,
+                                      int publicKeyUrlOffset,
+                                      int publicKeyOffset,
+                                      long publicKeyCacheExpirationSeconds,
+                                      int claimAudOffset,
+                                      int claimIssOffset) {
+        builder.startTable(5);
+        JwtConfig.addClaimIss(builder, claimIssOffset);
+        JwtConfig.addClaimAud(builder, claimAudOffset);
+        JwtConfig.addPublicKeyCacheExpirationSeconds(builder, publicKeyCacheExpirationSeconds);
+        JwtConfig.addPublicKey(builder, publicKeyOffset);
+        JwtConfig.addPublicKeyUrl(builder, publicKeyUrlOffset);
+        return JwtConfig.endJwtConfig(builder);
+    }
+
+    public static void startJwtConfig(FlatBufferBuilder builder) { builder.startTable(5); }
+    public static void addPublicKeyUrl(FlatBufferBuilder builder, int publicKeyUrlOffset) { builder.addOffset(0, publicKeyUrlOffset, 0); }
+    public static void addPublicKey(FlatBufferBuilder builder, int publicKeyOffset) { builder.addOffset(1, publicKeyOffset, 0); }
+    public static void addPublicKeyCacheExpirationSeconds(FlatBufferBuilder builder, long publicKeyCacheExpirationSeconds) { builder.addInt(2, (int) publicKeyCacheExpirationSeconds, (int) 0L); }
+    public static void addClaimAud(FlatBufferBuilder builder, int claimAudOffset) { builder.addOffset(3, claimAudOffset, 0); }
+    public static void addClaimIss(FlatBufferBuilder builder, int claimIssOffset) { builder.addOffset(4, claimIssOffset, 0); }
+    public static int endJwtConfig(FlatBufferBuilder builder) {
+        int o = builder.endTable();
+        return o;
+    }
+
+    public static final class Vector extends BaseVector {
+        public Vector __assign(int _vector, int _element_size, ByteBuffer _bb) { __reset(_vector, _element_size, _bb); return this; }
+
+        public JwtConfig get(int j) { return get(new JwtConfig(), j); }
+        public JwtConfig get(JwtConfig obj, int j) {  return obj.__assign(__indirect(__element(j), bb), bb); }
+    }
+}