Update: SDK to support Jitpack (#7)

* upgrade gradle wrapper to v8.6

* add jitpack config

* updated versions and cleanup build.gradle

* Idtoken time skew (#3)

* Skip issue time validation or change the allowed time skew

Allows to completely disable ID tokens issue time validation, or change the default of 10 minutes to a custom allowed time skew in seconds.

* Update documentation to change the allowed id token time skew

---------

Co-authored-by: Tim Klingeleers <[email protected]>

* Fix NullPointerException for issuer without scheme in id token (#4)

Uri.getScheme() may return null if no scheme is contained in the given
string. This could cause a crash during id token validation when this
was the case for the contained "iss" claim.

Co-authored-by: Florian Märkl <[email protected]>

* Add methods to request access token synchronous (#5)

Co-authored-by: Luca Figoli <[email protected]>

* fix configHash in app configuration (#6)

Co-authored-by: Maksim <[email protected]>

* fix the build

* cleanup

* add link to Jitpack for install details

* updated agp version

* upgraded gradle wrapper

---------

Co-authored-by: Tim Klingeleers <[email protected]>
Co-authored-by: Florian Märkl <[email protected]>
Co-authored-by: Luca Figoli <[email protected]>
Co-authored-by: Maksim <[email protected]>

Author: 5 people

README.md

@@ -1,7 +1,7 @@
 ![AppAuth for Android](https://rawgit.com/openid/AppAuth-Android/master/appauth_lockup.svg)
 
-[![Download](https://img.shields.io/maven-central/v/net.openid/appauth)](https://search.maven.org/search?q=g:net.openid%20appauth)
-[![Javadocs](http://javadoc.io/badge/net.openid/appauth.svg)](http://javadoc.io/doc/net.openid/appauth)
+[Download from Jitpack](https://www.jitpack.io/#nisrulz/AppAuth-Android/update~sdk-to-support-jitpack-SNAPSHOT)
+
 [![Build Status](https://github.com/openid/AppAuth-Android/actions/workflows/build.yml/badge.svg)](https://github.com/openid/AppAuth-Android/actions/workflows/build.yml)
 [![codecov.io](https://codecov.io/github/openid/AppAuth-Android/coverage.svg?branch=master)](https://codecov.io/github/openid/AppAuth-Android?branch=master)
 
@@ -619,7 +619,7 @@ AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
 
 ID Token validation was introduced in `0.8.0` but not all authorization servers or configurations support it correctly.
 
-- For testing environments [setSkipIssuerHttpsCheck](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java#L129) can be used to bypass the fact the issuer needs to be HTTPS.
+- For testing environments [setSkipIssuerHttpsCheck](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java#L143) can be used to bypass the fact the issuer needs to be HTTPS.
 
 ```java
 AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
@@ -635,6 +635,22 @@ AuthorizationRequest authRequest = authRequestBuilder
     .build();
 ```
 
+- To change the default allowed time skew of 10 minutes for the issue time, [setAllowedIssueTimeSkew](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java#L159) can be used.
+
+```java
+AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
+    .setAllowedIssueTimeSkew(THIRTY_MINUTES_IN_SECONDS)
+    .build()
+```
+
+- For testing environments [setSkipIssueTimeValidation](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java#L151) can be used to bypass the issue time validation.
+
+```java
+AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
+    .setSkipIssueTimeValidation(true)
+    .build()
+```
+
 ## Dynamic client registration
 
 AppAuth supports the

app/java/net/openid/appauthdemo/Configuration.java

@@ -192,6 +192,7 @@ private void readConfiguration() throws InvalidConfigurationException {
         Buffer configData = new Buffer();
         try {
             configSource.readAll(configData);
+            mConfigHash = configData.sha256().base64();
             mConfigJson = new JSONObject(configData.readString(Charset.forName("UTF-8")));
         } catch (IOException ex) {
             throw new InvalidConfigurationException(
@@ -201,7 +202,6 @@ private void readConfiguration() throws InvalidConfigurationException {
                     "Unable to parse configuration: " + ex.getMessage());
         }
 
-        mConfigHash = configData.sha256().base64();
         mClientId = getConfigString("client_id");
         mScope = getRequiredConfigString("authorization_scope");
         mRedirectUri = getRequiredConfigUri("redirect_uri");

build.gradle

@@ -4,13 +4,14 @@ apply from: 'config/keystore.gradle'
 
 buildscript {
     repositories {
-        gradlePluginPortal()
         google()
+        mavenCentral()
+        gradlePluginPortal()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.0.1'
+        classpath 'com.android.tools.build:gradle:8.9.0'
         classpath 'org.ajoberstar.grgit:grgit-gradle:4.1.1'
-        classpath 'org.jacoco:org.jacoco.core:0.8.7'
+        classpath 'org.jacoco:org.jacoco.core:0.8.10'
     }
 }
 
@@ -19,6 +20,12 @@ subprojects {
         google()
         mavenCentral()
     }
+
+    tasks.configureEach { task ->
+        if (task.name.contains("androidJavadoc")) {
+            task.enabled = false
+        }
+    }
 }
 
 ext.verifyKeystore()
@@ -40,11 +47,11 @@ try {
 }
 
 project.ext {
-    minSdkVersion = 16
-    compileSdkVersion = 33
+    minSdkVersion = 21
+    compileSdkVersion = 34
 
     googleVersions = [
-        glide                 : '4.12.0',
+        glide                 : '4.16.0',
         material              : '1.3.0',
     ]
 
@@ -58,7 +65,7 @@ project.ext {
     jodaVersion = '2.10.10'
 }
 
-task showVersion {
+tasks.register('showVersion') {
     doLast {
         logger.lifecycle("Version ID: " + project.versionNum)
         logger.lifecycle("Version Name: " + project.versionName)

config/android-common.gradle

@@ -4,8 +4,6 @@ android {
     defaultConfig {
         minSdkVersion rootProject.minSdkVersion
         targetSdkVersion rootProject.compileSdkVersion
-        versionCode rootProject.versionNum
-        versionName rootProject.versionName
     }
     sourceSets {
         main.manifest.srcFile 'AndroidManifest.xml'
@@ -21,14 +19,6 @@ android {
         sourceCompatibility JavaVersion.VERSION_1_8
         targetCompatibility JavaVersion.VERSION_1_8
     }
-    lintOptions {
-        warningsAsErrors true
-        disable 'InvalidPackage', 'TrulyRandom', 'UseCompoundDrawables', 'GradleDependency'
-    }
-    packagingOptions {
-        exclude 'META-INF/LICENSE.txt'
-        exclude 'META-INF/NOTICE.txt'
-    }
 }
 
 // produces just the classes JAR

gradle/wrapper/gradle-wrapper.jar

@@ -1,4 +1,7 @@
-#Sat Jun 13 20:20:21 CEST 2020
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-all.zip