Okta 972482 idx language issue (#521)

* adding support for locale preferred language

* Add accept language in proceed requests

---------

Co-authored-by: Prachi Pandey <[email protected]>

Author: FeiChen-okta

api/src/main/java/com/okta/idx/sdk/api/client/BaseIDXClient.java

@@ -63,9 +63,11 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
 import java.util.UUID;
 import java.util.stream.Collectors;
 
+import static com.okta.idx.sdk.api.client.ProceedContext.ACCEPT_LANGUAGE;
 import static com.okta.idx.sdk.api.util.ClientUtil.normalizedIssuerUri;
 
 final class BaseIDXClient implements IDXClient {
@@ -280,17 +282,28 @@ public IDXResponse enroll(EnrollRequest enrollRequest, String href) throws Proce
 
     @Override
     public IDXResponse challenge(ChallengeRequest challengeRequest, String href) throws ProcessingException {
+        return challenge(challengeRequest, href, null);
+    }
 
+    @Override
+    public IDXResponse challenge(ChallengeRequest challengeRequest, String href, String acceptLanguage) throws ProcessingException {
         IDXResponse idxResponse;
 
         try {
+            HttpHeaders headers = getHttpHeaders(false);
+
+            if (acceptLanguage != null) {
+                headers.put(ACCEPT_LANGUAGE, Collections.singletonList(acceptLanguage));
+            }
+
             Request request = new DefaultRequest(
-                HttpMethod.POST,
-                href,
-                null,
-                getHttpHeaders(false),
-                new ByteArrayInputStream(objectMapper.writeValueAsBytes(challengeRequest)),
-                -1L);
+                    HttpMethod.POST,
+                    href,
+                    null,
+                    headers,
+                    new ByteArrayInputStream(objectMapper.writeValueAsBytes(challengeRequest)),
+                    -1L
+            );
 
             Response response = requestExecutor.executeRequest(request);
 
@@ -299,7 +312,6 @@ public IDXResponse challenge(ChallengeRequest challengeRequest, String href) thr
             }
 
             JsonNode responseJsonNode = objectMapper.readTree(response.getBody());
-
             idxResponse = objectMapper.convertValue(responseJsonNode, IDXResponse.class);
 
         } catch (IOException | HttpException e) {

api/src/main/java/com/okta/idx/sdk/api/client/IDXAuthenticationWrapper.java

@@ -161,7 +161,7 @@ public AuthenticationResponse authenticate(AuthenticationOptions authenticationO
                 return identifyResponse;
             }
 
-            AuthenticationTransaction passwordTransaction = selectPasswordOrEmailAuthenticatorIfNeeded(identifyTransaction);
+            AuthenticationTransaction passwordTransaction = selectPasswordOrEmailAuthenticatorIfNeeded(identifyTransaction, proceedContext.getAcceptLanguage());
             if (Strings.isEmpty(authenticationOptions.getPassword())) {
                 return passwordTransaction.asAuthenticationResponse(AuthenticationStatus.AWAITING_AUTHENTICATOR_VERIFICATION);
             }
@@ -178,7 +178,7 @@ public AuthenticationResponse authenticate(AuthenticationOptions authenticationO
                                 .build();
 
                 return passwordTransaction.getRemediationOption(RemediationType.CHALLENGE_AUTHENTICATOR)
-                        .proceed(client, passwordAuthenticatorAnswerChallengeRequest);
+                        .proceed(client, passwordAuthenticatorAnswerChallengeRequest, proceedContext.getAcceptLanguage());
             });
             return answerTransaction.asAuthenticationResponse();
         } catch (ProcessingException e) {
@@ -218,7 +218,7 @@ public AuthenticationResponse recoverPassword(String username, ProceedContext pr
 
                 // identify user
                 return recoverTransaction.proceed(() ->
-                        remediationOption.proceed(client, identifyRequest)
+                        remediationOption.proceed(client, identifyRequest, proceedContext.getAcceptLanguage())
                 ).asAuthenticationResponse(AuthenticationStatus.AWAITING_AUTHENTICATOR_SELECTION);
             } else {
                 // identify user
@@ -237,7 +237,7 @@ public AuthenticationResponse recoverPassword(String username, ProceedContext pr
 
                 // Check if instead of password, user is being prompted for list of authenticators to select
                 if (identifyResponse.getCurrentAuthenticatorEnrollment() == null) {
-                    identifyTransaction = selectPasswordOrEmailAuthenticatorIfNeeded(identifyTransaction);
+                    identifyTransaction = selectPasswordOrEmailAuthenticatorIfNeeded(identifyTransaction, proceedContext.getAcceptLanguage());
                 }
 
                 Recover recover = identifyTransaction.getResponse()
@@ -349,7 +349,7 @@ public AuthenticationResponse selectFactor(ProceedContext proceedContext,
                         .withStateHandle(proceedContext.getStateHandle())
                         .withAuthenticator(authenticator)
                         .build();
-                return client.challenge(request, proceedContext.getHref());
+                return client.challenge(request, proceedContext.getHref(), proceedContext.getAcceptLanguage());
             }).asAuthenticationResponse();
         } catch (ProcessingException e) {
             return handleProcessingException(e);
@@ -734,7 +734,7 @@ public AuthenticationResponse fetchSignUpFormValues(ProceedContext proceedContex
     // If app sign-on policy is set to "any 1 factor", the next remediation after identify is
     // select-authenticator-authenticate
     // Check if that's the case, and proceed to select password authenticator
-    private AuthenticationTransaction selectPasswordOrEmailAuthenticatorIfNeeded(AuthenticationTransaction authenticationTransaction)
+    private AuthenticationTransaction selectPasswordOrEmailAuthenticatorIfNeeded(AuthenticationTransaction authenticationTransaction, String acceptLanguage)
             throws ProcessingException {
         // If remediation contains challenge-authenticator for passcode, we don't need to check SELECT_AUTHENTICATOR_AUTHENTICATE
         Optional<RemediationOption> challengeRemediationOptionOptional =
@@ -769,7 +769,7 @@ else if (authenticatorOptions.get("email") != null) {
                 .build();
 
         return authenticationTransaction.proceed(() ->
-                remediationOptionOptional.get().proceed(client, selectAuthenticatorRequest)
+                remediationOptionOptional.get().proceed(client, selectAuthenticatorRequest, acceptLanguage)
         );
     }
 

api/src/main/java/com/okta/idx/sdk/api/client/IDXClient.java

@@ -48,6 +48,8 @@ public interface IDXClient {
 
     IDXResponse challenge(ChallengeRequest challengeRequest, String href) throws ProcessingException;
 
+    IDXResponse challenge(ChallengeRequest challengeRequest, String href, String acceptLanguage) throws ProcessingException;
+
     IDXResponse answerChallenge(AnswerChallengeRequest answerChallengeRequest, String href) throws ProcessingException;
 
     IDXResponse cancel(String stateHandle) throws ProcessingException;

api/src/main/java/com/okta/idx/sdk/api/client/ProceedContext.java

@@ -23,6 +23,8 @@
 
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 /**
  * An opaque to the developer object that's expected to be given back on the next request.
@@ -39,6 +41,12 @@ public final class ProceedContext {
     private final PollInfo pollInfo;
     private final Duration refresh;
     private final IDXResponse idxResponse;
+    public static final String ACCEPT_LANGUAGE = "Accept-Language";
+
+    /**
+     * store key value pairs of header name -> header value
+     */
+    private final Map<String, String> headers = new LinkedHashMap<>();
 
     ProceedContext(IDXClientContext clientContext, String stateHandle, String href, String skipHref, boolean isIdentifyInOneStep,
                    String selectProfileEnrollHref, String resendHref, PollInfo pollInfo, Duration refresh, IDXResponse idxResponse) {
@@ -104,6 +112,7 @@ public Duration getRefresh() {
     /**
      * Identifier first flow is one where just the identifier (email) is sufficient to start
      * the flow (i.e. password is not required at the start of flow).
+     *
      * @return true if identifier first flow, false otherwise
      */
     public boolean isIdentifierFirstFlow() {
@@ -113,4 +122,12 @@ public boolean isIdentifierFirstFlow() {
     IDXResponse getIdxResponse() {
         return idxResponse;
     }
+
+    public String getAcceptLanguage() {
+        return headers.get(ACCEPT_LANGUAGE);
+    }
+
+    public void setAcceptLanguage(String acceptLanguage) {
+        headers.put(ACCEPT_LANGUAGE, acceptLanguage);
+    }
 }

api/src/main/java/com/okta/idx/sdk/api/model/RemediationOption.java

@@ -86,10 +86,26 @@ public class RemediationOption implements Serializable {
      * @throws ProcessingException when the proceed operation encountered an execution/processing error.
      */
     public IDXResponse proceed(IDXClient client, Object request) throws IllegalStateException, IllegalArgumentException, ProcessingException {
+        return proceed(client, request, null);
+    }
+
+    /**
+     * Allow you to continue the remediation with this option.
+     *
+     * @param client the {@link IDXClient} instance
+     * @param request the request to Okta Identity Engine
+     * @param acceptLanguage the {@code Accept-Language} header value to be sent to the Okta Identity Engine. This is used for localization.
+     * @return IDXResponse the response from Okta Identity Engine
+     *
+     * @throws IllegalArgumentException MUST throw this exception when provided data does not contain all required data for the proceed call.
+     * @throws IllegalStateException MUST throw this exception when proceed is called with an invalid/unsupported request type.
+     * @throws ProcessingException when the proceed operation encountered an execution/processing error.
+     */
+    public IDXResponse proceed(IDXClient client, Object request, String acceptLanguage) throws IllegalStateException, IllegalArgumentException, ProcessingException {
         Assert.notNull(request, "request cannot be null");
 
         if (request instanceof IdentifyRequest) return client.identify((IdentifyRequest) request, href);
-        else if (request instanceof ChallengeRequest) return client.challenge((ChallengeRequest) request, href);
+        else if (request instanceof ChallengeRequest) return client.challenge((ChallengeRequest) request, href, acceptLanguage);
         else if (request instanceof AnswerChallengeRequest)
             return client.answerChallenge((AnswerChallengeRequest) request, href);
         else if (request instanceof EnrollRequest) return client.enroll((EnrollRequest) request, href);

integration-tests/src/test/groovy/com/okta/idx/sdk/tests/it/EndToEndIT.groovy

@@ -488,6 +488,88 @@ class EndToEndIT {
         wireMockServer.resetAll()
     }
 
+    @Test
+    void testChallengeWithAcceptLanguageHeader() {
+
+        // interact
+        wireMockServer.stubFor(post(urlPathEqualTo("/oauth2/v1/interact"))
+                .withHeader("Content-Type", containing(MediaType.APPLICATION_FORM_URLENCODED_VALUE))
+                .willReturn(aResponse()
+                        .withStatus(HttpStatus.SC_OK)
+                        .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
+                        .withBodyFile("interact-response.json")))
+
+        IDXClientContext idxClientContext = idxClient.interact()
+        wireMockServer.resetAll()
+
+        // introspect
+        wireMockServer.stubFor(post(urlPathEqualTo("/idp/idx/introspect"))
+                .withHeader("Content-Type", containing("application/ion+json;okta-version=1.0.0"))
+                .willReturn(aResponse()
+                        .withStatus(HttpStatus.SC_OK)
+                        .withHeader("Content-Type", "application/ion+json;okta-version=1.0.0")
+                        .withBodyFile("introspect-response.json")))
+
+        IDXResponse idxResponse = idxClient.introspect(idxClientContext)
+        wireMockServer.resetAll()
+
+        // identify
+        wireMockServer.stubFor(post(urlPathEqualTo("/idp/idx/identify"))
+                .withHeader("Content-Type", containing("application/ion+json;okta-version=1.0.0"))
+                .willReturn(aResponse()
+                        .withStatus(HttpStatus.SC_OK)
+                        .withHeader("Content-Type", "application/ion+json;okta-version=1.0.0")
+                        .withBodyFile("identify-response.json")))
+
+        IdentifyRequest identifyRequest = IdentifyRequestBuilder.builder()
+                .withIdentifier("[email protected]")
+                .withRememberMe(false)
+                .withStateHandle("stateHandle")
+                .build()
+        idxResponse = idxResponse.remediation().remediationOptions().first().proceed(idxClient, identifyRequest)
+        wireMockServer.verify(postRequestedFor(urlEqualTo("/idp/idx/identify"))
+                .withHeader("Content-Type", equalTo("application/ion+json;okta-version=1.0.0"))
+                .withoutHeader("Accept-Language"))
+        wireMockServer.resetAll()
+
+        // get remediation options to go to the next step
+        RemediationOption[] remediationOptions = idxResponse.remediation().remediationOptions()
+        Optional<RemediationOption> remediationOptionsOptional = Arrays.stream(remediationOptions)
+                .filter({ x -> ("select-authenticator-authenticate" == x.getName()) })
+                .findFirst()
+        RemediationOption remediationOption = remediationOptionsOptional.get()
+
+        // get authenticator options
+        Map<String, String> authenticatorOptionsMap = remediationOption.getAuthenticatorOptions()
+
+        // select password authenticator challenge
+        wireMockServer.stubFor(post(urlPathEqualTo("/idp/idx/challenge"))
+                .withHeader("Content-Type", containing("application/ion+json;okta-version=1.0.0"))
+                .willReturn(aResponse()
+                        .withStatus(HttpStatus.SC_OK)
+                        .withHeader("Content-Type", "application/ion+json;okta-version=1.0.0")
+                        .withBodyFile("password-authenticator-challenge-response.json")))
+
+        Authenticator passwordAuthenticator = new Authenticator()
+        passwordAuthenticator.setId(authenticatorOptionsMap.get("password"))
+        passwordAuthenticator.setMethodType("password")
+
+        ChallengeRequest passwordAuthenticatorChallengeRequest = ChallengeRequestBuilder.builder()
+                .withStateHandle("stateHandle")
+                .withAuthenticator(passwordAuthenticator)
+                .build()
+
+        String acceptLanguage = "fr-FR"
+        idxResponse = remediationOption.proceed(idxClient, passwordAuthenticatorChallengeRequest, acceptLanguage)
+
+        assertThat(idxResponse, notNullValue())
+
+        wireMockServer.verify(postRequestedFor(urlEqualTo("/idp/idx/challenge"))
+                .withHeader("Content-Type", equalTo("application/ion+json;okta-version=1.0.0"))
+                .withHeader("Accept-Language", equalTo(acceptLanguage)))
+        wireMockServer.resetAll()
+    }
+
     @AfterClass
     void cleanUp() {
         wireMockServer.shutdown()

samples/embedded-auth-with-sdk/src/main/java/com/okta/spring/example/controllers/LoginController.java

@@ -48,6 +48,7 @@
 
 import jakarta.servlet.http.HttpSession;
 import java.util.List;
+import java.util.Locale;
 import java.util.Optional;
 import java.util.stream.Collectors;
 
@@ -202,7 +203,7 @@ public ModelAndView selectAuthenticator(final @RequestParam("authenticator-type"
 
         if ("okta_verify".equals(authenticatorType)) {
             ModelAndView modelAndView;
-
+            String systemLocale = Locale.getDefault().toLanguageTag();
             Optional<Authenticator> authenticatorOptional = authenticators.stream()
                     .filter(auth -> auth.getType().equals(authenticatorType)).findFirst();
             Assert.isTrue(authenticatorOptional.isPresent(), "Authenticator not found");
@@ -212,6 +213,8 @@ public ModelAndView selectAuthenticator(final @RequestParam("authenticator-type"
                     .filter(x -> "QRCODE".equals(x.getLabel())).findFirst();
             Assert.isTrue(factorOptional.isPresent(), "Authenticator not found");
 
+
+            proceedContext.setAcceptLanguage(systemLocale);
             authenticationResponse = idxAuthenticationWrapper.selectFactor(proceedContext, factorOptional.get());
             Util.setProceedContextForPoll(session, authenticationResponse.getProceedContext());