I have been searching for the proper way to refresh token after the token generated by the AWS as Federated Identity has expired. My application uses cognito to log, and sign up users and then take the Access Token and then hit the apis using RetroFit.
Retrofit call
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(interceptor).build();
//end
OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
httpClient.readTimeout(45, TimeUnit.SECONDS);
httpClient.connectTimeout(120, TimeUnit.SECONDS);
httpClient.interceptors().add(new AuthInterceptor());
httpClient.addInterceptor(interceptor); //debugging
httpClient.addInterceptor(new Interceptor() {
#Override
public Response intercept(Chain chain) throws IOException {
Request original = chain.request();
// Customize the request
Request request = original.newBuilder()
.header("Content-type", "application/json")
.header("Authorization", "auth-token")
.header("Accept", "application/json")
.header("deviceType", "android") //experimental
.header("Version", "v1")
.method(original.method(), original.body())
.build();
Response response = chain.proceed(request);
return response;
}
});
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(BuildConfig.BASE_URL)
.client(httpClient.build())
.addConverterFactory(ToStringConverterFactory.create())
.addConverterFactory(GsonConverterFactory.create())
.build();
return retrofit.create(RetroInterface.class);
AuthInterceptor
...
if (jsonObject.getInt("status") == 0 && jsonObject.getJSONObject("data").getInt
("code")
== 99) {
IS_TOKEN_EXIPRED = true;
// HashMap<String, String> logins = new HashMap<String, String>();
logins.put("cognito-idp.us-east-1.amazonaws.com/" + BuildConfig.USERPOOLID,
Cognito.getInstance().getCurrSession().getIdToken().getJWTToken());
CognitoLogin.credentialsProvider.setLogins(logins);
String newtoken = Cognito.getInstance().getCurrSession().getAccessToken().getJWTToken();
Log.e("refy", newtoken);
BaseApplication.getApp().doSaveSharedString(AppConstants.USER_ACCESS_TOKEN, newtoken);
BaseApplication.getApp().doWriteLog("AuthInterceptor Here: ");
}
} catch (JSONException e) {
BaseApplication.getApp().redirectToLoginActivity();
e.printStackTrace();
}
...
I am stuck this problem., The token expires in 1 hour and then I cant do anything. There is not information available to refresh token in Android. All I can see is that Android AWS SDK refreshes the token by itself as long as Refresh Token as validity.
So after searching online for three days, I got the answer.
All you have to do is call the getSession(..) to get the refreshed tokens.
Here how it is done:
Cognito.getPool().getUser().getSession(new CognitoLogin(BaseApplication.getApp().getApplicationContext(), Cognito.getCurrUser(), Cognito.getPasswordForFirstTimeLogin()));
String newtoken = Cognito.getInstance().getCurrSession().getAccessToken().getJWTToken();
Reference
Cognito User Pool: How to refresh Access Token Android
Related
I'm trying to add Token to my Header using Retrofit as below:
public static Retrofit getRetrofitInstanceForAPIGateway(String token) {
Log.e("RetrofitClient", "Token: " + token);
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(chain -> {
Request newRequest = chain.request().newBuilder()
.addHeader("Authorization", token) //Token passed from view controller
.build();
return chain.proceed(newRequest);
}).build();
if (retrofit_api == null) {
retrofit_api = new Retrofit.Builder()
.client(client)
.baseUrl(API_GATEWAY_BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.build();
}
return retrofit_api;
}
I am getting 403 error however if I hard code token with existing token string as below, it is working as expected.
.addHeader("Authorization", "eyJW********") // Hard coded the token
Please help what should I do?
You need to specify the token type on the header, change your code as below
OkHttpClient client = new OkHttpClient.Builder().addInterceptor(chain -> {
Request newRequest = chain.request().newBuilder()
.addHeader("Authorization", "Bearer $token") //Token passed from view controller
.build();
return chain.proceed(newRequest);
}).build();
without the token type retrofit will not be able to identify the header.
I want to add Basic Authentication header to my request done with OkHttp3.
Here is my code:
// Adding Authentication Header
OkHttpClient.Builder client = new OkHttpClient.Builder();
client.authenticator(new Authenticator() {
#Override
public Request authenticate(Route route, Response response) throws IOException {
String credential = Credentials.basic(username, password);
return response.request().newBuilder().header("Authorization", credential).build();
}
});
//
client.connectTimeout(10, TimeUnit.SECONDS);
client.writeTimeout(10, TimeUnit.SECONDS);
client.readTimeout(10, TimeUnit.MINUTES);
RequestBody body = RequestBody.create(null, new byte[]{});
if( json != null) {
body = RequestBody.create(MediaType.parse(
"application/json"),
json.toString()
);
}
Request request = new Request.Builder()
.url(url)
.post(body)
.build();
client.build().newCall(request).enqueue(callback);
Unfortunately no Authentication header is added and I really can't find the mistake.
Authenticator is primarily intended for "reactive" authentication, i.e. it is not called automatically and every time. The main scenario for its automatic invocation is a 401 "Unauthorized" server response.
You should probably use a regular Interceptor instead for your case, just register it using your client builder like this:
client.addInterceptor(
object : Interceptor { chain ->
val request = chain.request().newBuilder()
.addHeader(...)
.build()
return chain.proceed(request)
}
)
In order to do that, you need to use Interceptors offered by OkHttp Builder. Interceptors, as the name suggests, can intercept and requests sent through the client or any response received by the client before it passes them to your application.
In your case, you need to add this custom interceptor by intercepting the request, and attaching a new header to it before it leaves your client.
Adding a custom header to every request
return OkHttpClient.Builder()
.addInterceptor { chain ->
var request = chain.request()
var url = request.url()
request = request.newBuilder()
.removeHeader("needAuthToken")
.addHeader("Content-Type", "application/json")
// Feel free to add any other headers
.url(url)
.build()
chain.proceed(request)
}
Feel free to wrap this in any control flow conditions in case attachment of these headers matter on a predicate.
I've tried sending the token with a HeaderMap but get a 401 code response. The way my project is setup is that I have a separate file for my ApiClient and I have a OkHttpClient Interceptor and a HttpLoggingInterceptor to see whats going on, however I can't get the Bearer Token to work. I've seen solutions that add it to the interceptor as a header in the interceptor and I've tried this but since my token is saved in SharedPreferences I can't get it to work in the ApiClient class I have.
This is the ApiClient
HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
Gson gson = new GsonBuilder().serializeNulls().setLenient().create();
OkHttpClient okHttpClient = new OkHttpClient.Builder()
.addInterceptor(new Interceptor() {
#NotNull
#Override
public okhttp3.Response intercept(#NotNull Chain chain) throws IOException {
Request originalRequest = chain.request();
Request newRequest = originalRequest.newBuilder()
//I would add the header here
//I tried this but it says on "ApiClient.this" cannot be referenced from static context
// .header("Authorization" , SharedPreferencesHelper.getUserToken(ApiClient.this));
.build();
return chain.proceed(newRequest);
}
})
.addInterceptor(interceptor)
.build();
retrofit = new Retrofit.Builder()
.baseUrl("http://192.168.0.6:8000/api/")
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();
This is the method from SharedPreferencesHelper.getUserToken(MainActivity.this)
public static String getUserToken(Context context) {
SharedPreferences sp = getSharedPreferences(context);
return sp.getString(USER_TOKEN, null);
}
This is the current call where the response is 401, If I don't add the Accept => application/json the response url is incorrect and also returns a html page when I need a simple response return response("LoggedOut", 200); //this is the response in the api
Map<String, String> headers = new HashMap<>();
headers.put("Accept", "application/json");
headers.put("Token", SharedPreferencesHelper.getUserToken(MainActivity.this));
Call<Void> call = apiInterface.LogoutUser(headers);
call.enqueue(new Callback<Void>() {
// onResponse and onFailure here
}
For example without the Accept header this is the response in the Logcat
D/OkHttp: --> GET http://192.168.0.6:8000/api/logout
D/OkHttp: Token: wE1Y8IxJpwyXtvw0fYoXZAlQ6qCx24YtzonQIeJBQSHmNppe0Sn1kLYDgZKCw4MKbpab4Vspf61Nzer1
D/OkHttp: --> END GET
D/OkHttp: <-- 200 OK http://192.168.0.6:8000/login
//a bunch of html that's the web page at this route, notice the /api is missing
How can I send this correctly?
EDIT:
I"m using a Laravel project for the backend and this is the relevant route
Route::middleware('auth:sanctum')
->get('/logoutApi', function (Request $request) {
$request->user()->tokens()->delete();
return response("LoggedOut", 202);
});
create class Authenticator, like:
const val HEADER_TOKEN_FIELD = "Authorization"
class ClassAuthenticator(
private val pref: SharedPref
) : Authenticator {
override fun authenticate(route: Route?, response: Response): Request? {
return response.request().newBuilder()
.header(HEADER_TOKEN_FIELD, pref.getToken())
.build()
}
}
then add interceptor in your client with:
val httpClient = OkHttpClient.Builder()
.authenticator(ClassAuthenticator(pref))
.addInterceptor { chain ->
val request = chain.request()
val httpRequest = request.newBuilder()
.addHeader(HEADER_TOKEN_FIELD,
"Bearer ${pref.getToken()}")
.build()
val response = chain.proceed(httpRequest)
response
}
.build()
im trying to consume an api that has that authorization header, i can get a 200 response in Postman with all data but cant get it to work in retrofit
May be you need add the Token using OkHttp Interceptor.
OkHttpClient client = new OkHttpClient.Builder()
.addNetworkInterceptor(mTokenInterceptor)
.build();
then add it to Retrofit:
Retrofit retrofit = new Retrofit.Builder()
.client(client)
.baseUrl(base_url)
.build();
the mTokenInterceptor:
Interceptor mTokenInterceptor = new Interceptor() {
#Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request();
if (mToken != null) {
Request.Builder requestBuilder = request.newBuilder()
.addHeader("Authorization", mToken);
Request newRequest = requestBuilder.build();
return chain.proceed(newRequest);
}
return chain.proceed(request);
}
};
when you get the Token, just assign the mToken,
You can try something like below, just a crude example
#GET("your server url goes here")
Call<Your_Model_Class> getServerData(#Header("Authorization") String token);
Pass your token to getServerData method.
I successfully consume a json without password protected but admin set a password and I cannot get data via Retrofit2. How can I fix this? Please share your ideas. Thanks.
Configure your OkHttpClient with a new Authenticator to handle Basic Auth as follows:
OkHttpClient client = new OkHttpClient.Builder()
.authenticator(new Authenticator() {
#Override
public Request authenticate(Route route, Response response) throws IOException {
String credential = Credentials.basic("username", "password");
return response.request().newBuilder()
.header("Authorization", credential)
.build();
}
}).build();
Then use the OkHttpClient in Retrofit as follows:
new Retrofit.Builder()
.baseUrl("url")
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();