Initial direct-auth project structure

.circleci/config.yml

@@ -7,12 +7,13 @@ orbs:
 
 jobs:
   unit-test:
-    executor:
+    executor: &android_executor
       name: android/android_docker
-      tag: 2025.04.1
-    environment:
+      tag: 2025.09.1
+      resource_class: xlarge
+    environment: &gradle_opts_environment
       GRADLE_OPTS: '
-      -Dorg.gradle.jvmargs="-Xmx3g -XX:+HeapDumpOnOutOfMemoryError"
+      -Dorg.gradle.jvmargs="-Xmx6g -XX:+HeapDumpOnOutOfMemoryError"
       -Dorg.gradle.daemon=false
       -Dorg.gradle.workers.max=3
       -Dkotlin.incremental=false'
@@ -33,9 +34,7 @@ jobs:
       - store_artifacts:
           path: ~/test-results/junit
   snyk-scan:
-    executor:
-      name: android/android_docker
-      tag: 2025.04.1
+    executor: *android_executor
     steps:
       - attach_workspace:
           at: ~/project
@@ -48,9 +47,8 @@ jobs:
           additional-arguments: "--configuration-matching=implementation"
 
   build:
-    executor:
-      name: android/android_docker
-      tag: 2025.04.1
+    executor: *android_executor
+    environment: *gradle_opts_environment
     steps:
       - checkout
       - android/restore_gradle_cache
@@ -71,9 +69,7 @@ jobs:
           destination: apks
 
   spotless-check:
-    executor:
-      name: android/android_docker
-      tag: 2025.04.1
+    executor: *android_executor
     steps:
       - checkout
       - android/restore_gradle_cache
@@ -83,9 +79,7 @@ jobs:
       - android/save_gradle_cache
 
   api-check:
-    executor:
-      name: android/android_docker
-      tag: 2025.04.1
+    executor: *android_executor
     steps:
       - checkout
       - android/restore_gradle_cache

auth-foundation/api/auth-foundation.api

@@ -72,6 +72,70 @@ public final class com/okta/authfoundation/BiometricExceptionDetails$OnAuthentic
 	public fun toString ()Ljava/lang/String;
 }
 
+public abstract class com/okta/authfoundation/GrantType {
+	public synthetic fun <init> (Ljava/lang/String;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public final fun getValue ()Ljava/lang/String;
+}
+
+public final class com/okta/authfoundation/GrantType$AuthorizationCode : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$AuthorizationCode;
+}
+
+public final class com/okta/authfoundation/GrantType$DeviceCode : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$DeviceCode;
+}
+
+public final class com/okta/authfoundation/GrantType$JwtBearer : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$JwtBearer;
+}
+
+public final class com/okta/authfoundation/GrantType$Oob : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$Oob;
+}
+
+public final class com/okta/authfoundation/GrantType$OobMfa : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$OobMfa;
+}
+
+public final class com/okta/authfoundation/GrantType$Other : com/okta/authfoundation/GrantType {
+	public fun <init> (Ljava/lang/String;)V
+	public final fun component1 ()Ljava/lang/String;
+	public final fun copy (Ljava/lang/String;)Lcom/okta/authfoundation/GrantType$Other;
+	public static synthetic fun copy$default (Lcom/okta/authfoundation/GrantType$Other;Ljava/lang/String;ILjava/lang/Object;)Lcom/okta/authfoundation/GrantType$Other;
+	public fun equals (Ljava/lang/Object;)Z
+	public final fun getType ()Ljava/lang/String;
+	public fun hashCode ()I
+	public fun toString ()Ljava/lang/String;
+}
+
+public final class com/okta/authfoundation/GrantType$Otp : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$Otp;
+}
+
+public final class com/okta/authfoundation/GrantType$OtpMfa : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$OtpMfa;
+}
+
+public final class com/okta/authfoundation/GrantType$Password : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$Password;
+}
+
+public final class com/okta/authfoundation/GrantType$RefreshToken : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$RefreshToken;
+}
+
+public final class com/okta/authfoundation/GrantType$TokenExchange : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$TokenExchange;
+}
+
+public final class com/okta/authfoundation/GrantType$WebAuthn : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$WebAuthn;
+}
+
+public final class com/okta/authfoundation/GrantType$WebAuthnMfa : com/okta/authfoundation/GrantType {
+	public static final field INSTANCE Lcom/okta/authfoundation/GrantType$WebAuthnMfa;
+}
+
 public abstract interface annotation class com/okta/authfoundation/InternalAuthFoundationApi : java/lang/annotation/Annotation {
 }
 
@@ -105,6 +169,78 @@ public final class com/okta/authfoundation/SdkDefaults {
 	public final fun setGetTokenStorageFactory (Lkotlin/jvm/functions/Function0;)V
 }
 
+public abstract interface class com/okta/authfoundation/api/http/ApiExecutor {
+	public abstract fun execute-gIAlu-s (Lcom/okta/authfoundation/api/http/ApiRequest;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+}
+
+public abstract interface class com/okta/authfoundation/api/http/ApiFormRequest : com/okta/authfoundation/api/http/ApiRequest {
+	public abstract fun contentType ()Ljava/lang/String;
+	public abstract fun formParameters ()Ljava/util/Map;
+}
+
+public final class com/okta/authfoundation/api/http/ApiFormRequest$DefaultImpls {
+	public static fun query (Lcom/okta/authfoundation/api/http/ApiFormRequest;)Ljava/util/Map;
+}
+
+public abstract interface class com/okta/authfoundation/api/http/ApiRequest {
+	public abstract fun headers ()Ljava/util/Map;
+	public abstract fun method ()Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public fun query ()Ljava/util/Map;
+	public abstract fun url ()Ljava/lang/String;
+}
+
+public final class com/okta/authfoundation/api/http/ApiRequest$DefaultImpls {
+	public static fun query (Lcom/okta/authfoundation/api/http/ApiRequest;)Ljava/util/Map;
+}
+
+public abstract interface class com/okta/authfoundation/api/http/ApiRequestBody : com/okta/authfoundation/api/http/ApiRequest {
+	public abstract fun body ()[B
+	public abstract fun contentType ()Ljava/lang/String;
+}
+
+public final class com/okta/authfoundation/api/http/ApiRequestBody$DefaultImpls {
+	public static fun query (Lcom/okta/authfoundation/api/http/ApiRequestBody;)Ljava/util/Map;
+}
+
+public final class com/okta/authfoundation/api/http/ApiRequestMethod : java/lang/Enum {
+	public static final field DELETE Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static final field GET Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static final field HEAD Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static final field PATCH Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static final field POST Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static final field PUT Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static fun getEntries ()Lkotlin/enums/EnumEntries;
+	public static fun valueOf (Ljava/lang/String;)Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+	public static fun values ()[Lcom/okta/authfoundation/api/http/ApiRequestMethod;
+}
+
+public abstract interface class com/okta/authfoundation/api/http/ApiResponse {
+	public abstract fun getBody ()[B
+	public abstract fun getContentLength ()J
+	public abstract fun getContentType ()Ljava/lang/String;
+	public abstract fun getHeaders ()Ljava/util/Map;
+	public abstract fun getStatusCode ()I
+}
+
+public abstract interface class com/okta/authfoundation/api/http/log/AuthFoundationLogger {
+	public abstract fun write (Ljava/lang/String;Ljava/lang/Throwable;Lcom/okta/authfoundation/api/http/log/LogLevel;)V
+	public static synthetic fun write$default (Lcom/okta/authfoundation/api/http/log/AuthFoundationLogger;Ljava/lang/String;Ljava/lang/Throwable;Lcom/okta/authfoundation/api/http/log/LogLevel;ILjava/lang/Object;)V
+}
+
+public final class com/okta/authfoundation/api/http/log/AuthFoundationLogger$DefaultImpls {
+	public static synthetic fun write$default (Lcom/okta/authfoundation/api/http/log/AuthFoundationLogger;Ljava/lang/String;Ljava/lang/Throwable;Lcom/okta/authfoundation/api/http/log/LogLevel;ILjava/lang/Object;)V
+}
+
+public final class com/okta/authfoundation/api/http/log/LogLevel : java/lang/Enum {
+	public static final field DEBUG Lcom/okta/authfoundation/api/http/log/LogLevel;
+	public static final field ERROR Lcom/okta/authfoundation/api/http/log/LogLevel;
+	public static final field INFO Lcom/okta/authfoundation/api/http/log/LogLevel;
+	public static final field WARN Lcom/okta/authfoundation/api/http/log/LogLevel;
+	public static fun getEntries ()Lkotlin/enums/EnumEntries;
+	public static fun valueOf (Ljava/lang/String;)Lcom/okta/authfoundation/api/http/log/LogLevel;
+	public static fun values ()[Lcom/okta/authfoundation/api/http/log/LogLevel;
+}
+
 public abstract interface class com/okta/authfoundation/claims/ClaimsProvider {
 	public abstract fun availableClaims ()Ljava/util/Set;
 	public abstract fun deserializeClaim (Ljava/lang/String;Lkotlinx/serialization/DeserializationStrategy;)Ljava/lang/Object;

auth-foundation/src/main/java/com/okta/authfoundation/GrantType.kt

@@ -0,0 +1,125 @@
+/*
+ * Copyright 2022-Present Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.authfoundation
+
+/**
+ * Represents the OAuth 2.0 grant type. Determines the mechanism Okta uses to authorize the creation of the tokens.
+ *
+ * This sealed class allows for a fixed set of standard grant types as well as custom ones.
+ *
+ * @see [RFC 6749, Section 4](https://tools.ietf.org/html/rfc6749#section-4)
+ * @see [Okta Direct Authentication Grant Types](https://developer.okta.com/docs/reference/direct-auth/grant-types/)
+ */
+sealed class GrantType(
+    val value: String,
+) {
+    /**
+     * The authorization code grant type is used to obtain both access tokens and refresh tokens
+     * and is optimized for confidential clients.
+     *
+     * @see [RFC 6749, Section 4.1](https://tools.ietf.org/html/rfc6749#section-4.1)
+     */
+    object AuthorizationCode : GrantType("authorization_code")
+
+    /**
+     * The refresh token grant type is used by clients to exchange a refresh token for a new
+     * access token when the current access token becomes invalid or expires.
+     *
+     * @see [RFC 6749, Section 6](https://tools.ietf.org/html/rfc6749#section-6)
+     */
+    object RefreshToken : GrantType("refresh_token")
+
+    /**
+     * The resource owner password credentials grant type is suitable in cases where the resource
+     * owner has a trust relationship with the client.
+     *
+     * @see [RFC 6749, Section 4.3](https://tools.ietf.org/html/rfc6749#section-4.3)
+     */
+    object Password : GrantType("password")
+
+    /**
+     * The device authorization grant is used by browserless or input-constrained devices
+     * in the device flow to obtain an access token.
+     *
+     * @see [RFC 8628](https://tools.ietf.org/html/rfc8628)
+     */
+    object DeviceCode : GrantType("urn:ietf:params:oauth:grant-type:device_code")
+
+    /**
+     * A grant type for exchanging a token of one type for a token of another type.
+     *
+     * @see [RFC 8693](https://tools.ietf.org/html/rfc8693)
+     */
+    object TokenExchange : GrantType("urn:ietf:params:oauth:grant-type:token-exchange")
+
+    /**
+     * A grant type that uses a JWT as an authorization grant.
+     *
+     * @see [RFC 7523](https://tools.ietf.org/html/rfc7523)
+     */
+    object JwtBearer : GrantType("urn:ietf:params:oauth:grant-type:jwt-bearer")
+
+    /**
+     * A grant type for One-Time Passcode (OTP) authentication, often used as a second factor.
+     *
+     * @see [Okta Direct Authentication OTP](https://developer.okta.com/docs/reference/direct-auth/grant-types/#otp)
+     */
+    object Otp : GrantType("urn:okta:params:oauth:grant-type:otp")
+
+    /**
+     * A grant type for Multi-Factor Authentication (MFA) using One-Time Passcodes (OTP).
+     *
+     * @see [Okta MFA OTP](https://developer.okta.com/docs/guides/configure-direct-auth-grants/bmfaotp/main/#about-the-direct-authentication-grant)
+     */
+    object OtpMfa : GrantType("http://auth0.com/oauth/grant-type/mfa-otp")
+
+    /**
+     * A grant type for Out-of-Band (OOB) authentication, such as push notifications.
+     *
+     * @see [Okta Direct Authentication OOB](https://developer.okta.com/docs/reference/direct-auth/grant-types/#oob)
+     */
+    object Oob : GrantType("urn:okta:params:oauth:grant-type:oob")
+
+    /**
+     * A grant type for Multi-Factor Authentication (MFA) using Out-of-Band (OOB) methods.
+     *
+     * @see [Okta MFA OOB](https://developer.okta.com/docs/guides/configure-direct-auth-grants/dmfaoobov/main/#direct-authentication-mfa-oob-okta-verify-push-flow)
+     */
+    object OobMfa : GrantType("http://auth0.com/oauth/grant-type/mfa-oob")
+
+    /**
+     * A grant type for WebAuthn authentication.
+     *
+     * @see [Okta Direct Authentication WebAuthn](https://developer.okta.com/docs/reference/direct-auth/grant-types/#webauthn)
+     */
+    object WebAuthn : GrantType("urn:okta:params:oauth:grant-type:webauthn")
+
+    /**
+     * A grant type for Multi-Factor Authentication (MFA) using WebAuthn.
+     *
+     * @see [Okta MFA WebAuthn](https://developer.okta.com/docs/guides/configure-direct-auth-grants/bmfawebauthn/main/#about-the-direct-authentication-grant)
+     */
+    object WebAuthnMfa : GrantType("urn:okta:params:oauth:grant-type:mfa-webauthn")
+
+    /**
+     * A custom grant type not defined in the standard set.
+     *
+     * @param type The string representation of the custom grant type.
+     */
+    data class Other(
+        val type: String,
+    ) : GrantType(type)
+}

auth-foundation/src/main/java/com/okta/authfoundation/api/http/ApiExecutor.kt

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2022-Present Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.authfoundation.api.http
+
+/**
+ * A simple abstraction for executing network requests defined by [ApiRequest] and returning [ApiResponse].
+ *
+ * Implementations of this interface are responsible for performing the actual network operations,
+ * handling responses, retries, and error handling.
+ */
+interface ApiExecutor {
+    /**
+     * Executes the given network request asynchronously.
+     *
+     * Implementations of this method should be thread-safe, and should not block the calling thread.
+     * All exceptions thrown during the execution of the request should be caught and returned as a [Result.Failure].
+     *
+     * @param request The [ApiRequest] to be executed.
+     * @return A [Result] containing either the successful [ApiResponse] or an [Exception].
+     */
+    suspend fun execute(request: ApiRequest): Result<ApiResponse>
+}