fix: use new code exchange endpoint

Author: nicholasM95

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/StartAuthorization.java

@@ -4,11 +4,15 @@ public class StartAuthorization {
     private final String cookie;
     private final String relayState;
     private final String loginUrl;
+    private final String redirectUrl;
+    private final String codeVerifier;
 
-    public StartAuthorization(String cookie, String relayState, String loginUrl) {
+    public StartAuthorization(String cookie, String relayState, String loginUrl, String redirectUrl, String codeVerifier) {
         this.cookie = cookie;
         this.relayState = relayState;
         this.loginUrl = loginUrl;
+        this.redirectUrl = redirectUrl;
+        this.codeVerifier = codeVerifier;
     }
 
     public String getCookie() {
@@ -22,4 +26,12 @@ public String getRelayState() {
     public String getLoginUrl() {
         return loginUrl;
     }
+
+    public String getRedirectUrl() {
+        return redirectUrl;
+    }
+
+    public String getCodeVerifier() {
+        return codeVerifier;
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/TokenInfo.java

@@ -2,18 +2,24 @@
 
 public class TokenInfo {
     private final String authCode;
-    private final String idToken;
+    private final String redirectUri;
+    private final String verifier;
 
-    public TokenInfo(String authCode, String idToken) {
+    public TokenInfo(String authCode, String redirectUri, String verifier) {
         this.authCode = authCode;
-        this.idToken = idToken;
+        this.redirectUri = redirectUri;
+        this.verifier = verifier;
     }
 
     public String getAuthCode() {
         return authCode;
     }
 
-    public String getIdToken() {
-        return idToken;
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public String getVerifier() {
+        return verifier;
     }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/Tokens.java

@@ -3,10 +3,12 @@
 public class Tokens {
     private final String accessToken;
     private final String idToken;
+    private final String refreshToken;
 
-    public Tokens(String accessToken, String idToken) {
+    public Tokens(String accessToken, String idToken, String refreshToken) {
         this.accessToken = accessToken;
         this.idToken = idToken;
+        this.refreshToken = refreshToken;
     }
 
     public String getAccessToken() {
@@ -16,4 +18,8 @@ public String getAccessToken() {
     public String getIdToken() {
         return idToken;
     }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/service/ConnectorService.java

@@ -56,7 +56,7 @@ public Tokens getTokens(Client client, String email, String password) {
 
         if (Client.VWG.equals(client)) {
             String idToken = tokenService.getTokens(tokenInfo).getIdToken();
-            Tokens tokens = new Tokens(vwgService.getAccessToken(idToken), idToken);
+            Tokens tokens = new Tokens(vwgService.getAccessToken(idToken), idToken, "");
             cache.put(client, tokens);
             return tokens;
         } else {

src/main/java/be/nicholasmeyers/vwgroupconnector/utils/ClientUtils.java

@@ -17,12 +17,12 @@ public static Map<String, String> getClientConfig(String client) {
     private static Map<String, Map<String, String>> getClients() {
         Map<String, String> connect = new HashMap<>();
         connect.put("client_id", "7f045eee-7003-4379-9968-9355ed2adb06@apps_vw-dilab_com");
-        connect.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense dealers profession vin");
+        connect.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense nationalIdentifier dealers mileage profession vin");
         connect.put("token_types", "code id_token");
 
         Map<String, String> vwg = new HashMap<>();
         vwg.put("client_id", "7f045eee-7003-4379-9968-9355ed2adb06@apps_vw-dilab_com");
-        vwg.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense dealers profession vin");
+        vwg.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense nationalIdentifier dealers mileage profession vin");
         vwg.put("token_types", "code id_token");
 
         Map<String, String> skoda = new HashMap<>();

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/IdentityClientImpl.java

@@ -14,6 +14,10 @@
 import org.apache.commons.codec.binary.Base64;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -49,19 +53,32 @@ public OpenidConfiguration getConfiguration() {
 
     @Override
     public StartAuthorization getAuthorizationEndpoint(String redirectUri, String client, String scope, String responseType) {
+        String codeVerifier = generateCodeVerifier();
+        String codeChallenge = "";
+
+        try {
+            codeChallenge = generateCodeChallenge(codeVerifier);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+
         Map<String, String> query = new HashMap<>();
         query.put("redirect_uri", redirectUri);
         query.put("client_id", client);
         query.put("scope", scope);
         query.put("response_type", responseType);
         query.put("nonce", getNonce());
+        query.put("code_challenge", codeChallenge);
+        query.put("code_challenge_method", "s256");
+        query.put("prompt", "login");
+
         Response response = identityClient.getAuthorizationEndpoint(query);
         response.close();
         String location = getLocationHeader(response.headers());
         String cookie = getCookieHeader(response.headers());
         cookie = cookie.substring(0, cookie.indexOf(";"));
         String relayState = location.substring(location.indexOf("?relayState") + 12);
-        return new StartAuthorization(cookie, relayState, location);
+        return new StartAuthorization(cookie, relayState, location, redirectUri, codeVerifier);
     }
 
     @Override
@@ -208,7 +225,7 @@ public TokenInfo handleSuccess(String client, StartAuthorization startAuthorizat
 
         String idToken = location.substring(location.indexOf("id_token") + 9);
 
-        return new TokenInfo(authCode, idToken);
+        return new TokenInfo(authCode, startAuthorization.getRedirectUrl(), startAuthorization.getCodeVerifier());
     }
 
     private String getNonce() {
@@ -224,4 +241,21 @@ private String getResponseBody(Response.Body body) {
             throw new RuntimeException(e);
         }
     }
+
+    private static String generateCodeVerifier() {
+        SecureRandom random = new SecureRandom();
+        byte[] codeVerifier = new byte[32];
+        random.nextBytes(codeVerifier);
+        return base64UrlEncode(codeVerifier);
+    }
+
+    private static String generateCodeChallenge(String codeVerifier) throws NoSuchAlgorithmException {
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        byte[] hash = digest.digest(codeVerifier.getBytes(StandardCharsets.UTF_8));
+        return base64UrlEncode(hash);
+    }
+
+    private static String base64UrlEncode(byte[] input) {
+        return java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(input);
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/TokenClient.java

@@ -1,10 +1,12 @@
 package be.nicholasmeyers.vwgroupconnector.web.out;
 
+import be.nicholasmeyers.vwgroupconnector.web.out.resource.CodeExchangeWebRequestResource;
 import be.nicholasmeyers.vwgroupconnector.web.out.resource.TokenWebResponseResource;
-import feign.*;
+import feign.Headers;
+import feign.RequestLine;
 
 public interface TokenClient {
-    @RequestLine("POST /exchangeAuthCode")
-    @Headers("Content-Type: application/x-www-form-urlencoded")
-    TokenWebResponseResource getTokens(@Param("auth_code") String authCode, @Param("id_token") String idToken, @Param("brand") String brand);
+    @RequestLine("POST /api/v1/authentication/exchange-authorization-code?tokenType=CONNECT")
+    @Headers("Content-Type: application/json")
+    TokenWebResponseResource getTokens(CodeExchangeWebRequestResource codeExchangeWebRequestResource);
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/TokenClientImpl.java

@@ -3,9 +3,9 @@
 import be.nicholasmeyers.vwgroupconnector.resource.TokenInfo;
 import be.nicholasmeyers.vwgroupconnector.resource.Tokens;
 import be.nicholasmeyers.vwgroupconnector.service.TokenService;
+import be.nicholasmeyers.vwgroupconnector.web.out.resource.CodeExchangeWebRequestResource;
 import be.nicholasmeyers.vwgroupconnector.web.out.resource.TokenWebResponseResource;
 import feign.Feign;
-import feign.form.FormEncoder;
 import feign.jackson.JacksonDecoder;
 import feign.jackson.JacksonEncoder;
 
@@ -14,14 +14,18 @@ public class TokenClientImpl implements TokenService {
 
     public TokenClientImpl() {
         this.tokenClient = Feign.builder()
-                .encoder(new FormEncoder(new JacksonEncoder()))
+                .encoder(new JacksonEncoder())
                 .decoder(new JacksonDecoder())
-                .target(TokenClient.class, "https://tokenrefreshservice.apps.emea.vwapps.io");
+                .target(TokenClient.class, "https://mysmob.api.connect.skoda-auto.cz");
     }
 
     @Override
     public Tokens getTokens(TokenInfo tokenInfo) {
-        TokenWebResponseResource webResponseResource = tokenClient.getTokens(tokenInfo.getAuthCode(), tokenInfo.getIdToken(), "skoda");
-        return new Tokens(webResponseResource.getAccessToken(), webResponseResource.getIdToken());
+        CodeExchangeWebRequestResource codeExchangeWebRequestResource = new CodeExchangeWebRequestResource();
+        codeExchangeWebRequestResource.setCode(tokenInfo.getAuthCode());
+        codeExchangeWebRequestResource.setRedirectUri(tokenInfo.getRedirectUri());
+        codeExchangeWebRequestResource.setVerifier(tokenInfo.getVerifier());
+        TokenWebResponseResource webResponseResource = tokenClient.getTokens(codeExchangeWebRequestResource);
+        return new Tokens(webResponseResource.getAccessToken(), webResponseResource.getIdToken(), webResponseResource.getRefreshToken());
     }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/resource/CodeExchangeWebRequestResource.java

@@ -0,0 +1,31 @@
+package be.nicholasmeyers.vwgroupconnector.web.out.resource;
+
+public class CodeExchangeWebRequestResource {
+    private String code;
+    private String redirectUri;
+    private String verifier;
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getVerifier() {
+        return verifier;
+    }
+
+    public void setVerifier(String verifier) {
+        this.verifier = verifier;
+    }
+}

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/resource/TokenWebResponseResource.java

@@ -1,12 +1,9 @@
 package be.nicholasmeyers.vwgroupconnector.web.out.resource;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
-
 public class TokenWebResponseResource {
-    @JsonProperty("access_token")
     private String accessToken;
-    @JsonProperty("id_token")
     private String idToken;
+    private String refreshToken;
 
     public String getAccessToken() {
         return accessToken;
@@ -23,4 +20,12 @@ public String getIdToken() {
     public void setIdToken(String idToken) {
         this.idToken = idToken;
     }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
 }