/* * Copyright 2016 The AppAuth for Android Authors. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except * in compliance with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software distributed under the * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing permissions and * limitations under the License. */ package net.openid.appauth; import androidx.annotation.NonNull; import net.openid.appauth.browser.AnyBrowserMatcher; import net.openid.appauth.browser.BrowserMatcher; import net.openid.appauth.connectivity.ConnectionBuilder; import net.openid.appauth.connectivity.DefaultConnectionBuilder; /** * Defines configuration properties that control the behavior of the AppAuth library, independent * of the OAuth2 specific details that are described. */ public class AppAuthConfiguration { /** * The default configuration that is used if no configuration is explicitly specified * when constructing an {@link AuthorizationService}. */ public static final AppAuthConfiguration DEFAULT = new AppAuthConfiguration.Builder().build(); @NonNull private final BrowserMatcher mBrowserMatcher; @NonNull private final ConnectionBuilder mConnectionBuilder; private final boolean mSkipIssuerHttpsCheck; private AppAuthConfiguration( @NonNull BrowserMatcher browserMatcher, @NonNull ConnectionBuilder connectionBuilder, Boolean skipIssuerHttpsCheck) { mBrowserMatcher = browserMatcher; mConnectionBuilder = connectionBuilder; mSkipIssuerHttpsCheck = skipIssuerHttpsCheck; } /** * Controls which browsers can be used for the authorization flow. */ @NonNull public BrowserMatcher getBrowserMatcher() { return mBrowserMatcher; } /** * Creates {@link java.net.HttpURLConnection} instances for use in token requests and related * interactions with the authorization service. */ @NonNull public ConnectionBuilder getConnectionBuilder() { return mConnectionBuilder; } /** * Returns true if issuer https validation is disabled, otherwise * false. * * @see Builder#setSkipIssuerHttpsCheck(Boolean) */ public boolean getSkipIssuerHttpsCheck() { return mSkipIssuerHttpsCheck; } /** * Creates {@link AppAuthConfiguration} instances. */ public static class Builder { private BrowserMatcher mBrowserMatcher = AnyBrowserMatcher.INSTANCE; private ConnectionBuilder mConnectionBuilder = DefaultConnectionBuilder.INSTANCE; private boolean mSkipIssuerHttpsCheck; private boolean mSkipNonceVerification; /** * Specify the browser matcher to use, which controls the browsers that can be used * for authorization. */ @NonNull public Builder setBrowserMatcher(@NonNull BrowserMatcher browserMatcher) { Preconditions.checkNotNull(browserMatcher, "browserMatcher cannot be null"); mBrowserMatcher = browserMatcher; return this; } /** * Specify the connection builder to use, which creates {@link java.net.HttpURLConnection} * instances for use in direct communication with the authorization service. */ @NonNull public Builder setConnectionBuilder(@NonNull ConnectionBuilder connectionBuilder) { Preconditions.checkNotNull(connectionBuilder, "connectionBuilder cannot be null"); mConnectionBuilder = connectionBuilder; return this; } /** * Disables https validation for the issuer identifier. * *

NOTE: Disabling issuer https validation implies the app is running against an * insecure environment. Enabling this option is only recommended for testing purposes. */ public Builder setSkipIssuerHttpsCheck(Boolean skipIssuerHttpsCheck) { mSkipIssuerHttpsCheck = skipIssuerHttpsCheck; return this; } /** * Creates the instance from the configured properties. */ @NonNull public AppAuthConfiguration build() { return new AppAuthConfiguration( mBrowserMatcher, mConnectionBuilder, mSkipIssuerHttpsCheck ); } } }