add client secret support for oidc

2026-04-17 12:58:28 +00:00 · 2026-03-19 15:54:38 +01:00 · 2026-03-19 15:54:38 +01:00 · 8db011ec86
commit 8db011ec86
parent 10b3801bca
1 changed files with 34 additions and 3 deletions
--- a/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt
+++ b/app/src/main/java/org/linphone/ui/main/sso/viewmodel/SingleSignOnViewModel.kt
@ -21,6 +21,7 @@ package org.linphone.ui.main.sso.viewmodel

 import android.content.Intent
 import androidx.annotation.UiThread
+import androidx.core.net.toUri
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.viewModelScope
 import java.io.File
@ -31,6 +32,9 @@ import net.openid.appauth.AuthorizationRequest
 import net.openid.appauth.AuthorizationResponse
 import net.openid.appauth.AuthorizationService
 import net.openid.appauth.AuthorizationServiceConfiguration
+import net.openid.appauth.ClientAuthentication
+import net.openid.appauth.ClientSecretBasic
+import net.openid.appauth.NoClientAuthentication
 import net.openid.appauth.ResponseTypeValues
 import org.json.JSONObject
 import org.linphone.LinphoneApplication.Companion.coreContext
@ -42,7 +46,6 @@ import org.linphone.ui.GenericViewModel
 import org.linphone.utils.Event
 import org.linphone.utils.FileUtils
 import org.linphone.utils.TimestampUtils
-import androidx.core.net.toUri

 class SingleSignOnViewModel
    @UiThread
@ -66,6 +69,7 @@ class SingleSignOnViewModel
    }

    private var clientId: String
+    private var clientSecret: String? = null
    private val redirectUri: String

    private var singleSignOnUrl = ""
@ -91,6 +95,20 @@ class SingleSignOnViewModel
            singleSignOnUrl = ssoUrl
            username = user

+            coreContext.postOnCoreThread { core ->
+                for (authInfo in core.authInfoList) {
+                    if (authInfo.clientId == clientId) {
+                        Log.i("$TAG Found matching auth info for issuer [$clientId]")
+                        val secret = authInfo.clientSecret
+                        if (!secret.isNullOrEmpty()) {
+                            Log.i("$TAG A client secret has been found in AuthInfo")
+                            clientSecret = secret
+                        }
+                        break
+                    }
+                }
+            }
+
            try {
                val parsedUrl = ssoUrl.toUri()
                val urlClientId = parsedUrl.getQueryParameter("client_id")
@ -130,6 +148,17 @@ class SingleSignOnViewModel
        }
    }

+    @UiThread
+    private fun getClientAuthentication(): ClientAuthentication {
+        return if (clientSecret != null) {
+            Log.i("$TAG Using ClientSecretBasic authentication")
+            ClientSecretBasic(clientSecret!!)
+        } else {
+            Log.i("$TAG Using NoClientAuthentication")
+            NoClientAuthentication.INSTANCE
+        }
+    }
+
    @UiThread
    private fun singleSignOn() {
        Log.i("$TAG Fetch from issuer [$singleSignOnUrl]")
@ -197,7 +226,8 @@ class SingleSignOnViewModel
            Log.i("$TAG Starting refresh token request")
            try {
                authService.performTokenRequest(
-                    authState.createTokenRefreshRequest()
+                    authState.createTokenRefreshRequest(),
+                    getClientAuthentication()
                ) { resp, ex ->
                    if (resp != null) {
                        Log.i("$TAG Token refresh succeeded!")
@ -243,7 +273,8 @@ class SingleSignOnViewModel
        if (::authService.isInitialized) {
            Log.i("$TAG Starting perform token request")
            authService.performTokenRequest(
-                response.createTokenExchangeRequest()
+                response.createTokenExchangeRequest(),
+                getClientAuthentication()
            ) { resp, ex ->
                if (resp != null) {
                    Log.i("$TAG Token exchange succeeded!")