Merge pull request #57 from nicholasM95/develop

Develop

Author: nicholasM95

.github/workflows/release.yaml

@@ -26,14 +26,14 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up JDK
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
         with:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: 'liberica'
           cache: 'maven'
 
       - name: Setup Node.js environment
-        uses: actions/setup-node@v4.1.0
+        uses: actions/setup-node@v4.3.0
         with:
           node-version: 20
 

README.md

@@ -17,7 +17,7 @@ Add the Maven Dependency to your `pom.xml`
 <dependency>
     <groupId>be.nicholasmeyers.vwgroup-connector</groupId>
     <artifactId>vwgroup-connector</artifactId>
-    <version>1.2.2</version>
+    <version>1.3.3</version>
 </dependency>
 ```
 

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>be.nicholasmeyers.vwgroup-connector</groupId>
     <artifactId>vwgroup-connector</artifactId>
-    <version>1.3.2</version>
+    <version>1.3.3-SNAPSHOT</version>
 
     <name>vwgroup-connector</name>
     <description>vwgroup-connector</description>
@@ -74,7 +74,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.11.3</version>
+            <version>5.12.1</version>
             <scope>test</scope>
         </dependency>
 
@@ -119,7 +119,7 @@
             <plugin>
                 <groupId>org.sonatype.central</groupId>
                 <artifactId>central-publishing-maven-plugin</artifactId>
-                <version>0.6.0</version>
+                <version>0.7.0</version>
                 <extensions>true</extensions>
                 <configuration>
                     <publishingServerId>central</publishingServerId>

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/StartAuthorization.java

@@ -4,11 +4,15 @@ public class StartAuthorization {
     private final String cookie;
     private final String relayState;
     private final String loginUrl;
+    private final String redirectUrl;
+    private final String codeVerifier;
 
-    public StartAuthorization(String cookie, String relayState, String loginUrl) {
+    public StartAuthorization(String cookie, String relayState, String loginUrl, String redirectUrl, String codeVerifier) {
         this.cookie = cookie;
         this.relayState = relayState;
         this.loginUrl = loginUrl;
+        this.redirectUrl = redirectUrl;
+        this.codeVerifier = codeVerifier;
     }
 
     public String getCookie() {
@@ -22,4 +26,12 @@ public String getRelayState() {
     public String getLoginUrl() {
         return loginUrl;
     }
+
+    public String getRedirectUrl() {
+        return redirectUrl;
+    }
+
+    public String getCodeVerifier() {
+        return codeVerifier;
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/TokenInfo.java

@@ -2,18 +2,24 @@
 
 public class TokenInfo {
     private final String authCode;
-    private final String idToken;
+    private final String redirectUri;
+    private final String verifier;
 
-    public TokenInfo(String authCode, String idToken) {
+    public TokenInfo(String authCode, String redirectUri, String verifier) {
         this.authCode = authCode;
-        this.idToken = idToken;
+        this.redirectUri = redirectUri;
+        this.verifier = verifier;
     }
 
     public String getAuthCode() {
         return authCode;
     }
 
-    public String getIdToken() {
-        return idToken;
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public String getVerifier() {
+        return verifier;
     }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/resource/Tokens.java

@@ -3,10 +3,12 @@
 public class Tokens {
     private final String accessToken;
     private final String idToken;
+    private final String refreshToken;
 
-    public Tokens(String accessToken, String idToken) {
+    public Tokens(String accessToken, String idToken, String refreshToken) {
         this.accessToken = accessToken;
         this.idToken = idToken;
+        this.refreshToken = refreshToken;
     }
 
     public String getAccessToken() {
@@ -16,4 +18,8 @@ public String getAccessToken() {
     public String getIdToken() {
         return idToken;
     }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/service/ConnectorService.java

@@ -56,7 +56,7 @@ public Tokens getTokens(Client client, String email, String password) {
 
         if (Client.VWG.equals(client)) {
             String idToken = tokenService.getTokens(tokenInfo).getIdToken();
-            Tokens tokens = new Tokens(vwgService.getAccessToken(idToken), idToken);
+            Tokens tokens = new Tokens(vwgService.getAccessToken(idToken), idToken, "");
             cache.put(client, tokens);
             return tokens;
         } else {

src/main/java/be/nicholasmeyers/vwgroupconnector/utils/ClientUtils.java

@@ -17,12 +17,12 @@ public static Map<String, String> getClientConfig(String client) {
     private static Map<String, Map<String, String>> getClients() {
         Map<String, String> connect = new HashMap<>();
         connect.put("client_id", "7f045eee-7003-4379-9968-9355ed2adb06@apps_vw-dilab_com");
-        connect.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense dealers profession vin");
+        connect.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense nationalIdentifier dealers mileage profession vin");
         connect.put("token_types", "code id_token");
 
         Map<String, String> vwg = new HashMap<>();
         vwg.put("client_id", "7f045eee-7003-4379-9968-9355ed2adb06@apps_vw-dilab_com");
-        vwg.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense dealers profession vin");
+        vwg.put("scope", "openid profile address cars email birthdate badge mbb phone driversLicense nationalIdentifier dealers mileage profession vin");
         vwg.put("token_types", "code id_token");
 
         Map<String, String> skoda = new HashMap<>();

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/IdentityClientImpl.java

@@ -14,6 +14,10 @@
 import org.apache.commons.codec.binary.Base64;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -49,19 +53,32 @@ public OpenidConfiguration getConfiguration() {
 
     @Override
     public StartAuthorization getAuthorizationEndpoint(String redirectUri, String client, String scope, String responseType) {
+        String codeVerifier = generateCodeVerifier();
+        String codeChallenge = "";
+
+        try {
+            codeChallenge = generateCodeChallenge(codeVerifier);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+
         Map<String, String> query = new HashMap<>();
         query.put("redirect_uri", redirectUri);
         query.put("client_id", client);
         query.put("scope", scope);
         query.put("response_type", responseType);
         query.put("nonce", getNonce());
+        query.put("code_challenge", codeChallenge);
+        query.put("code_challenge_method", "s256");
+        query.put("prompt", "login");
+
         Response response = identityClient.getAuthorizationEndpoint(query);
         response.close();
         String location = getLocationHeader(response.headers());
         String cookie = getCookieHeader(response.headers());
         cookie = cookie.substring(0, cookie.indexOf(";"));
         String relayState = location.substring(location.indexOf("?relayState") + 12);
-        return new StartAuthorization(cookie, relayState, location);
+        return new StartAuthorization(cookie, relayState, location, redirectUri, codeVerifier);
     }
 
     @Override
@@ -208,7 +225,7 @@ public TokenInfo handleSuccess(String client, StartAuthorization startAuthorizat
 
         String idToken = location.substring(location.indexOf("id_token") + 9);
 
-        return new TokenInfo(authCode, idToken);
+        return new TokenInfo(authCode, startAuthorization.getRedirectUrl(), startAuthorization.getCodeVerifier());
     }
 
     private String getNonce() {
@@ -224,4 +241,21 @@ private String getResponseBody(Response.Body body) {
             throw new RuntimeException(e);
         }
     }
+
+    private static String generateCodeVerifier() {
+        SecureRandom random = new SecureRandom();
+        byte[] codeVerifier = new byte[32];
+        random.nextBytes(codeVerifier);
+        return base64UrlEncode(codeVerifier);
+    }
+
+    private static String generateCodeChallenge(String codeVerifier) throws NoSuchAlgorithmException {
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        byte[] hash = digest.digest(codeVerifier.getBytes(StandardCharsets.UTF_8));
+        return base64UrlEncode(hash);
+    }
+
+    private static String base64UrlEncode(byte[] input) {
+        return java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(input);
+    }
 }

src/main/java/be/nicholasmeyers/vwgroupconnector/web/out/TokenClient.java

@@ -1,10 +1,12 @@
 package be.nicholasmeyers.vwgroupconnector.web.out;
 
+import be.nicholasmeyers.vwgroupconnector.web.out.resource.CodeExchangeWebRequestResource;
 import be.nicholasmeyers.vwgroupconnector.web.out.resource.TokenWebResponseResource;
-import feign.*;
+import feign.Headers;
+import feign.RequestLine;
 
 public interface TokenClient {
-    @RequestLine("POST /exchangeAuthCode")
-    @Headers("Content-Type: application/x-www-form-urlencoded")
-    TokenWebResponseResource getTokens(@Param("auth_code") String authCode, @Param("id_token") String idToken, @Param("brand") String brand);
+    @RequestLine("POST /api/v1/authentication/exchange-authorization-code?tokenType=CONNECT")
+    @Headers("Content-Type: application/json")
+    TokenWebResponseResource getTokens(CodeExchangeWebRequestResource codeExchangeWebRequestResource);
 }