Use password-realm grant for /oauth/token endpoint

auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.java

@@ -54,6 +54,7 @@
 
 import static com.auth0.android.authentication.ParameterBuilder.GRANT_TYPE_AUTHORIZATION_CODE;
 import static com.auth0.android.authentication.ParameterBuilder.GRANT_TYPE_PASSWORD;
+import static com.auth0.android.authentication.ParameterBuilder.GRANT_TYPE_PASSWORD_REALM;
 import static com.auth0.android.authentication.ParameterBuilder.ID_TOKEN_KEY;
 
 /**
@@ -223,7 +224,7 @@ public AuthenticationRequest login(@NonNull String usernameOrEmail, @NonNull Str
         Map<String, Object> requestParameters = ParameterBuilder.newBuilder()
                 .set(USERNAME_KEY, usernameOrEmail)
                 .set(PASSWORD_KEY, password)
-                .setGrantType(GRANT_TYPE_PASSWORD)
+                .setGrantType(GRANT_TYPE_PASSWORD_REALM)
                 .asDictionary();
 
         return loginWithToken(requestParameters);
@@ -496,7 +497,7 @@ public DatabaseConnectionRequest<DatabaseUser, AuthenticationException> createUs
 
     /**
      * Creates a user in a DB connection using <a href="https://auth0.com/docs/auth-api#!#post--dbconnections-signup">'/dbconnections/signup' endpoint</a>
-     * and then logs in
+     * and then logs in using the /oauth/ro endpoint.
      * Example usage:
      * <pre><code>
      * client.signUp("{email}", "{password}", "{username}", "{database connection name}")
@@ -524,7 +525,7 @@ public SignUpRequest signUp(@NonNull String email, @NonNull String password, @No
 
     /**
      * Creates a user in a DB connection using <a href="https://auth0.com/docs/auth-api#!#post--dbconnections-signup">'/dbconnections/signup' endpoint</a>
-     * and then logs in
+     * and then logs in using the /oauth/ro endpoint.
      * Example usage:
      * <pre><code>
      * client.signUp("{email}", "{password}", "{database connection name}")

auth0/src/main/java/com/auth0/android/authentication/ParameterBuilder.java

@@ -49,6 +49,7 @@ public class ParameterBuilder {
 
     public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
     public static final String GRANT_TYPE_PASSWORD = "password";
+    public static final String GRANT_TYPE_PASSWORD_REALM = "http://auth0.com/oauth/grant-type/password-realm";
     public static final String GRANT_TYPE_JWT = "urn:ietf:params:oauth:grant-type:jwt-bearer";
     public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
 
@@ -59,6 +60,7 @@ public class ParameterBuilder {
     public static final String SCOPE_KEY = "scope";
     public static final String REFRESH_TOKEN_KEY = "refresh_token";
     public static final String CONNECTION_KEY = "connection";
+    public static final String REALM_KEY = "realm";
     public static final String ACCESS_TOKEN_KEY = "access_token";
     public static final String SEND_KEY = "send";
     public static final String CLIENT_ID_KEY = "client_id";
@@ -103,6 +105,16 @@ public ParameterBuilder setConnection(String connection) {
         return set(CONNECTION_KEY, connection);
     }
 
+    /**
+     * Sets the 'realm' parameter
+     *
+     * @param realm name of the realm
+     * @return itself
+     */
+    public ParameterBuilder setRealm(String realm) {
+        return set(REALM_KEY, realm);
+    }
+
     /**
      * Sets the 'scope' parameter.
      *

auth0/src/main/java/com/auth0/android/authentication/request/SignUpRequest.java

@@ -83,25 +83,25 @@ public SignUpRequest setScope(String scope) {
     }
 
     @Override
-    public AuthenticationRequest setDevice(String device) {
+    public SignUpRequest setDevice(String device) {
         authenticationRequest.setDevice(device);
         return this;
     }
 
     @Override
-    public AuthenticationRequest setAudience(String audience) {
+    public SignUpRequest setAudience(String audience) {
         authenticationRequest.setAudience(audience);
         return this;
     }
 
     @Override
-    public AuthenticationRequest setAccessToken(String accessToken) {
+    public SignUpRequest setAccessToken(String accessToken) {
         authenticationRequest.setAccessToken(accessToken);
         return this;
     }
 
     @Override
-    public AuthenticationRequest setGrantType(String grantType) {
+    public SignUpRequest setGrantType(String grantType) {
         authenticationRequest.setGrantType(grantType);
         return this;
     }
@@ -118,6 +118,13 @@ public SignUpRequest setConnection(String connection) {
         return this;
     }
 
+    @Override
+    public SignUpRequest setRealm(String realm) {
+        signUpRequest.setConnection(realm);
+        authenticationRequest.setRealm(realm);
+        return this;
+    }
+
     /**
      * Starts to execute create user request and then logs the user in.
      *

auth0/src/main/java/com/auth0/android/request/AuthenticationRequest.java

@@ -26,6 +26,14 @@ public interface AuthenticationRequest extends Request<Credentials, Authenticati
      */
     AuthenticationRequest setConnection(String connection);
 
+    /**
+     * Sets the 'realm' parameter
+     *
+     * @param realm name of the realm to use.
+     * @return itself
+     */
+    AuthenticationRequest setRealm(String realm);
+
     /**
      * Sets the 'scope' parameter.
      *

auth0/src/main/java/com/auth0/android/request/internal/BaseAuthenticationRequest.java

@@ -14,6 +14,7 @@
 import static com.auth0.android.authentication.ParameterBuilder.CONNECTION_KEY;
 import static com.auth0.android.authentication.ParameterBuilder.DEVICE_KEY;
 import static com.auth0.android.authentication.ParameterBuilder.GRANT_TYPE_KEY;
+import static com.auth0.android.authentication.ParameterBuilder.REALM_KEY;
 import static com.auth0.android.authentication.ParameterBuilder.SCOPE_KEY;
 
 class BaseAuthenticationRequest extends SimpleRequest<Credentials, AuthenticationException> implements AuthenticationRequest {
@@ -46,6 +47,18 @@ public AuthenticationRequest setConnection(String connection) {
         return this;
     }
 
+    /**
+     * Sets the 'realm' parameter
+     *
+     * @param realm name of the realm
+     * @return itself
+     */
+    @Override
+    public AuthenticationRequest setRealm(String realm) {
+        addParameter(REALM_KEY, realm);
+        return this;
+    }
+
     /**
      * Sets the 'scope' parameter.
      *

auth0/src/test/java/com/auth0/android/authentication/AuthenticationAPIClientTest.java

@@ -287,7 +287,7 @@ public void shouldLoginWithUserAndPasswordUsingOAuthTokenEndpoint() throws Excep
         assertThat(request.getHeader("Accept-Language"), is(getDefaultLocale()));
         Map<String, String> body = bodyFromRequest(request);
         assertThat(body, hasEntry("client_id", CLIENT_ID));
-        assertThat(body, hasEntry("grant_type", "password"));
+        assertThat(body, hasEntry("grant_type", "http://auth0.com/oauth/grant-type/password-realm"));
         assertThat(body, hasEntry("username", SUPPORT_AUTH0_COM));
         assertThat(body, hasEntry("password", "some-password"));
         assertThat(body, not(hasKey("connection")));
@@ -308,7 +308,7 @@ public void shouldLoginWithUserAndPasswordSyncUsingOAuthTokenEndpoint() throws E
         assertThat(request.getHeader("Accept-Language"), is(getDefaultLocale()));
         Map<String, String> body = bodyFromRequest(request);
         assertThat(body, hasEntry("client_id", CLIENT_ID));
-        assertThat(body, hasEntry("grant_type", "password"));
+        assertThat(body, hasEntry("grant_type", "http://auth0.com/oauth/grant-type/password-realm"));
         assertThat(body, hasEntry("username", SUPPORT_AUTH0_COM));
         assertThat(body, hasEntry("password", "some-password"));
         assertThat(body, not(hasKey("connection")));

auth0/src/test/java/com/auth0/android/authentication/ParameterBuilderTest.java

@@ -48,6 +48,7 @@ public class ParameterBuilderTest {
     public static final String CLIENT_ID = "CLIENT ID";
     public static final String GRANT_TYPE = "password";
     public static final String CONNECTION = "AD";
+    public static final String REALM = "users";
     public static final String DEVICE = "ANDROID TEST DEVICE";
 
     @Rule
@@ -126,6 +127,11 @@ public void shouldSetConnection() throws Exception {
         assertThat(builder.setConnection(CONNECTION).asDictionary(), hasEntry("connection", CONNECTION));
     }
 
+    @Test
+    public void shouldSetRealm() throws Exception {
+        assertThat(builder.setRealm(REALM).asDictionary(), hasEntry("realm", REALM));
+    }
+
     @Test
     public void shouldAddArbitraryEntry() throws Exception {
         assertThat(builder.set("key", "value").asDictionary(), hasEntry("key", "value"));

auth0/src/test/java/com/auth0/android/authentication/request/AuthenticationRequestMock.java

@@ -43,6 +43,11 @@ public AuthenticationRequest setConnection(String connection) {
         return this;
     }
 
+    @Override
+    public AuthenticationRequest setRealm(String realm) {
+        return this;
+    }
+
     @Override
     public AuthenticationRequest setScope(String scope) {
         return this;

auth0/src/test/java/com/auth0/android/authentication/request/SignUpRequestTest.java

@@ -108,6 +108,15 @@ public void shouldSetConnection() throws Exception {
         Assert.assertThat(req, is(signUpRequest));
     }
 
+    @Test
+    public void shouldSetRealm() throws Exception {
+        final SignUpRequest req = signUpRequest.setRealm("users");
+        verify(dbMockRequest).setConnection("users");
+        verify(authenticationMockRequest).setRealm("users");
+        Assert.assertThat(req, is(notNullValue()));
+        Assert.assertThat(req, is(signUpRequest));
+    }
+
     @Test
     public void shouldReturnCredentialsAfterStartingTheRequest() throws Exception {
         final DatabaseUser user = mock(DatabaseUser.class);

auth0/src/test/java/com/auth0/android/request/internal/MockAuthenticationRequest.java

@@ -39,6 +39,11 @@ public AuthenticationRequest setConnection(String connection) {
         return null;
     }
 
+    @Override
+    public AuthenticationRequest setRealm(String realm) {
+        return null;
+    }
+
     @Override
     public AuthenticationRequest setScope(String scope) {
         return null;