FIS getAuthToken implementation.

firebase-installations-interop/src/main/java/com/google/firebase/installations/FirebaseInstallationsApi.java

@@ -14,7 +14,11 @@
 
 package com.google.firebase.installations;
 
+import static java.lang.annotation.RetentionPolicy.SOURCE;
+
+import androidx.annotation.IntDef;
 import com.google.android.gms.tasks.Task;
+import java.lang.annotation.Retention;
 
 /**
  * This is an interface of {@code FirebaseInstallations} that is only exposed to 2p via component
@@ -24,14 +28,35 @@
  */
 public interface FirebaseInstallationsApi {
 
+  /** Specifies the refresh options to get a FIS AuthToken. */
+  @IntDef({FORCE_REFRESH, DO_NOT_FORCE_REFRESH})
+  @Retention(SOURCE)
+  @interface RefreshAuthTokenOption {}
+  /**
+   * AuthToken is forcefully refreshed on calling the {@link
+   * FirebaseInstallationsApi#getAuthToken()}.
+   */
+  int FORCE_REFRESH = 0;
+
+  /**
+   * AuthToken is not refreshed until requested by the developer or if one doesn't exist, is expired
+   * or about to expire.
+   */
+  int DO_NOT_FORCE_REFRESH = 1;
+
+  void setRefreshAuthTokenOption(@RefreshAuthTokenOption int refreshAuthTokenOption);
+
+  @RefreshAuthTokenOption
+  int getRefreshAuthTokenOption();
+
   /**
    * Async function that returns a globally unique identifier of this Firebase app installation.
    * This is a url-safe base64 string of a 128-bit integer.
    */
   Task<String> getId();
 
   /** Async function that returns a auth token(public key) of this Firebase app installation. */
-  Task<InstallationTokenResult> getAuthToken(boolean forceRefresh);
+  Task<String> getAuthToken();
 
   /**
    * Async function that deletes this Firebase app installation from Firebase backend. This call

firebase-installations/src/androidTest/java/com/google/firebase/installations/FirebaseInstallationsInstrumentedTest.java

@@ -38,6 +38,7 @@
 import com.google.firebase.installations.remote.FirebaseInstallationServiceClient;
 import com.google.firebase.installations.remote.FirebaseInstallationServiceException;
 import com.google.firebase.installations.remote.InstallationResponse;
+import com.google.firebase.installations.remote.InstallationTokenResult;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.SynchronousQueue;
@@ -92,9 +93,16 @@ public void setUp() throws FirebaseInstallationServiceException {
                 .setAuthToken(
                     InstallationTokenResult.builder()
                         .setToken(TEST_AUTH_TOKEN)
-                        .setTokenExpirationTimestampMillis(TEST_TOKEN_EXPIRATION_TIMESTAMP)
+                        .setTokenExpirationInSecs(TEST_TOKEN_EXPIRATION_TIMESTAMP)
                         .build())
                 .build());
+    when(backendClientReturnsOk.generateAuthToken(
+            anyString(), anyString(), anyString(), anyString()))
+        .thenReturn(
+            InstallationTokenResult.builder()
+                .setToken(TEST_AUTH_TOKEN)
+                .setTokenExpirationInSecs(TEST_TOKEN_EXPIRATION_TIMESTAMP)
+                .build());
     when(backendClientReturnsError.createFirebaseInstallation(
             anyString(), anyString(), anyString(), anyString()))
         .thenThrow(
@@ -217,4 +225,22 @@ public void testGetId_PersistedFidError_BackendOk() throws InterruptedException
           .isEqualTo(FirebaseInstallationsException.Status.CLIENT_ERROR);
     }
   }
+
+  @Test
+  public void testGetAuthToken_registeredFid_successful() throws Exception {
+    FirebaseInstallations firebaseInstallations =
+        new FirebaseInstallations(
+            mockClock, executor, firebaseApp, backendClientReturnsOk, persistedFid, mockUtils);
+    firebaseInstallations.setRefreshAuthTokenOption(FirebaseInstallationsApi.DO_NOT_FORCE_REFRESH);
+
+    Tasks.await(firebaseInstallations.getAuthToken());
+
+    // Waiting for Task that registers FID on the FIS Servers
+    executor.awaitTermination(1000, TimeUnit.MILLISECONDS);
+
+    PersistedFidEntry entryValue = persistedFid.readPersistedFidEntryValue();
+    assertWithMessage("Persisted Auth Token doesn't match")
+        .that(entryValue.getAuthToken())
+        .isEqualTo(TEST_AUTH_TOKEN);
+  }
 }

firebase-installations/src/main/java/com/google/firebase/installations/FirebaseInstallations.java

@@ -29,7 +29,8 @@
 import com.google.firebase.installations.remote.FirebaseInstallationServiceClient;
 import com.google.firebase.installations.remote.FirebaseInstallationServiceException;
 import com.google.firebase.installations.remote.InstallationResponse;
-import java.util.concurrent.Executor;
+import com.google.firebase.installations.remote.InstallationTokenResult;
+import java.util.concurrent.ExecutorService;
 import java.util.concurrent.SynchronousQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
@@ -47,13 +48,28 @@
  */
 public class FirebaseInstallations implements FirebaseInstallationsApi {
 
+  @RefreshAuthTokenOption int refreshAuthTokenOption;
+
+  @Override
+  public void setRefreshAuthTokenOption(@RefreshAuthTokenOption int mode) {
+    refreshAuthTokenOption = mode;
+  }
+
+  @Override
+  @RefreshAuthTokenOption
+  public int getRefreshAuthTokenOption() {
+    return refreshAuthTokenOption;
+  }
+
   private final FirebaseApp firebaseApp;
   private final FirebaseInstallationServiceClient serviceClient;
   private final PersistedFid persistedFid;
-  private final Executor executor;
+  private final ExecutorService executor;
   private final Clock clock;
   private final Utils utils;
 
+  private static final long AUTH_TOKEN_EXPIRATION_BUFFER = 3600L; // 1 hour
+
   /** package private constructor. */
   FirebaseInstallations(FirebaseApp firebaseApp) {
     this(
@@ -67,7 +83,7 @@ public class FirebaseInstallations implements FirebaseInstallationsApi {
 
   FirebaseInstallations(
       Clock clock,
-      Executor executor,
+      ExecutorService executor,
       FirebaseApp firebaseApp,
       FirebaseInstallationServiceClient serviceClient,
       PersistedFid persistedFid,
@@ -115,11 +131,17 @@ public Task<String> getId() {
         .onSuccessTask(this::registerFidIfNecessary);
   }
 
-  /** Returns a auth token(public key) of this Firebase app installation. */
+  /**
+   * Returns a valid authentication token for the Firebase installation. Generates a new token if
+   * one doesn't exist, is expired or about to expire.
+   *
+   * <p>Should only be called if the Firebase Installation is registered.
+   */
   @NonNull
   @Override
-  public Task<InstallationTokenResult> getAuthToken(boolean forceRefresh) {
-    return Tasks.forResult(InstallationTokenResult.builder().build());
+  public Task<String> getAuthToken() {
+    return getId()
+        .continueWith(executor, call(() -> refreshAuthTokenIfNecessary(refreshAuthTokenOption)));
   }
 
   /**
@@ -169,6 +191,15 @@ private static <F, T> Continuation<F, T> orElse(@NonNull Supplier<T> supplier) {
     };
   }
 
+  @NonNull
+  private <F, T> Continuation<F, T> call(@NonNull Supplier<T> supplier) {
+    return t -> {
+      // Waiting for Task that registers FID on the FIS Servers
+      executor.awaitTermination(1000, TimeUnit.MILLISECONDS);
+      return supplier.get();
+    };
+  }
+
   private PersistedFidEntry createAndPersistNewFid() throws FirebaseInstallationsException {
     String fid = utils.createRandomFid();
     persistFid(fid);
@@ -214,7 +245,7 @@ private void updatePersistedFidWithPendingStatus(String fid) {
   private Void registerAndSaveFid(PersistedFidEntry persistedFidEntry)
       throws FirebaseInstallationsException {
     try {
-      long creationTime = TimeUnit.MILLISECONDS.toSeconds(clock.currentTimeMillis());
+      long creationTime = currentTime();
 
       InstallationResponse installationResponse =
           serviceClient.createFirebaseInstallation(
@@ -228,8 +259,7 @@ private Void registerAndSaveFid(PersistedFidEntry persistedFidEntry)
               .setRegistrationStatus(RegistrationStatus.REGISTERED)
               .setAuthToken(installationResponse.getAuthToken().getToken())
               .setRefreshToken(installationResponse.getRefreshToken())
-              .setExpiresInSecs(
-                  installationResponse.getAuthToken().getTokenExpirationTimestampMillis())
+              .setExpiresInSecs(installationResponse.getAuthToken().getTokenExpirationInSecs())
               .setTokenCreationEpochInSecs(creationTime)
               .build());
 
@@ -244,6 +274,86 @@ private Void registerAndSaveFid(PersistedFidEntry persistedFidEntry)
     }
     return null;
   }
+
+  private String refreshAuthTokenIfNecessary(int refreshAuthTokenOption)
+      throws FirebaseInstallationsException {
+
+    PersistedFidEntry persistedFidEntry = persistedFid.readPersistedFidEntryValue();
+
+    if (persistedFidEntry == null) {
+      throw new FirebaseInstallationsException(
+          "Failed to create Firebase Installation.",
+          FirebaseInstallationsException.Status.SDK_INTERNAL_ERROR);
+    }
+
+    switch (refreshAuthTokenOption) {
+      case FORCE_REFRESH:
+        return fetchAuthTokenFromServer(persistedFidEntry);
+      case DO_NOT_FORCE_REFRESH:
+        return getPersistedAuthToken(persistedFidEntry);
+      default:
+        throw new FirebaseInstallationsException(
+            "Incorrect refreshAuthTokenOption.",
+            FirebaseInstallationsException.Status.SDK_INTERNAL_ERROR);
+    }
+  }
+
+  private String getPersistedAuthToken(PersistedFidEntry persistedFidEntry)
+      throws FirebaseInstallationsException {
+    if (!isPersistedFidRegistered(persistedFidEntry)) {
+      throw new FirebaseInstallationsException(
+          "Firebase Installation is not registered.",
+          FirebaseInstallationsException.Status.SDK_INTERNAL_ERROR);
+    }
+
+    return isAuthTokenExpired(persistedFidEntry)
+        ? fetchAuthTokenFromServer(persistedFidEntry)
+        : persistedFidEntry.getAuthToken();
+  }
+
+  private boolean isPersistedFidRegistered(PersistedFidEntry persistedFidEntry) {
+    return persistedFidEntry != null
+        && persistedFidEntry.getRegistrationStatus() == RegistrationStatus.REGISTERED;
+  }
+
+  /** Calls the FIS servers to generate an auth token for this Firebase installation. */
+  private String fetchAuthTokenFromServer(PersistedFidEntry persistedFidEntry)
+      throws FirebaseInstallationsException {
+    try {
+      long creationTime = currentTime();
+      InstallationTokenResult tokenResult =
+          serviceClient.generateAuthToken(
+              /*apiKey= */ firebaseApp.getOptions().getApiKey(),
+              /*fid= */ persistedFidEntry.getFirebaseInstallationId(),
+              /*projectID= */ firebaseApp.getOptions().getProjectId(),
+              /*refreshToken= */ persistedFidEntry.getRefreshToken());
+
+      persistedFid.insertOrUpdatePersistedFidEntry(
+          PersistedFidEntry.builder()
+              .setFirebaseInstallationId(persistedFidEntry.getFirebaseInstallationId())
+              .setRegistrationStatus(RegistrationStatus.REGISTERED)
+              .setAuthToken(tokenResult.getToken())
+              .setRefreshToken(persistedFidEntry.getRefreshToken())
+              .setExpiresInSecs(tokenResult.getTokenExpirationInSecs())
+              .setTokenCreationEpochInSecs(creationTime)
+              .build());
+
+      return tokenResult.getToken();
+    } catch (FirebaseInstallationServiceException exception) {
+      throw new FirebaseInstallationsException(
+          "Failed to generate auth token for a Firebase Installation.",
+          FirebaseInstallationsException.Status.SDK_INTERNAL_ERROR);
+    }
+  }
+
+  private boolean isAuthTokenExpired(PersistedFidEntry persistedFidEntry) {
+    return (persistedFidEntry.getTokenCreationEpochInSecs() + persistedFidEntry.getExpiresInSecs()
+        > currentTime() + AUTH_TOKEN_EXPIRATION_BUFFER);
+  }
+
+  private long currentTime() {
+    return TimeUnit.MILLISECONDS.toSeconds(clock.currentTimeMillis());
+  }
 }
 
 interface Supplier<T> {

firebase-installations/src/main/java/com/google/firebase/installations/remote/FirebaseInstallationServiceClient.java

@@ -16,11 +16,11 @@
 
 import android.util.JsonReader;
 import androidx.annotation.NonNull;
-import com.google.firebase.installations.InstallationTokenResult;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.URL;
 import java.nio.charset.Charset;
+import java.util.concurrent.TimeUnit;
 import java.util.zip.GZIPOutputStream;
 import javax.net.ssl.HttpsURLConnection;
 import org.json.JSONException;
@@ -243,7 +243,8 @@ private InstallationResponse readCreateResponse(HttpsURLConnection conn) throws
           if (key.equals("token")) {
             installationTokenResult.setToken(reader.nextString());
           } else if (key.equals("expiresIn")) {
-            installationTokenResult.setTokenExpirationTimestampMillis(reader.nextLong());
+            installationTokenResult.setTokenExpirationInSecs(
+                TimeUnit.MILLISECONDS.toSeconds(reader.nextLong()));
           } else {
             reader.skipValue();
           }
@@ -271,7 +272,7 @@ private InstallationTokenResult readGenerateAuthTokenResponse(HttpsURLConnection
       if (name.equals("token")) {
         builder.setToken(reader.nextString());
       } else if (name.equals("expiresIn")) {
-        builder.setTokenExpirationTimestampMillis(reader.nextLong());
+        builder.setTokenExpirationInSecs(TimeUnit.MILLISECONDS.toSeconds(reader.nextLong()));
       } else {
         reader.skipValue();
       }

firebase-installations/src/main/java/com/google/firebase/installations/remote/InstallationResponse.java

@@ -16,7 +16,6 @@
 
 import androidx.annotation.NonNull;
 import com.google.auto.value.AutoValue;
-import com.google.firebase.installations.InstallationTokenResult;
 
 @AutoValue
 public abstract class InstallationResponse {

firebase-installations/src/main/java/com/google/firebase/installations/remote/InstallationTokenResult.java

@@ -0,0 +1,54 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.installations.remote;
+
+import androidx.annotation.NonNull;
+import com.google.auto.value.AutoValue;
+
+/** This class represents a set of values describing a FIS Auth Token Result. */
+@AutoValue
+public abstract class InstallationTokenResult {
+
+  /** A new FIS Auth-Token, created for this Firebase Installation. */
+  @NonNull
+  public abstract String getToken();
+  /**
+   * The amount of time, in milliseconds, before the auth-token expires for this Firebase
+   * Installation.
+   */
+  @NonNull
+  public abstract long getTokenExpirationInSecs();
+
+  @NonNull
+  public abstract Builder toBuilder();
+
+  /** Returns a default Builder object to create an InstallationResponse object */
+  @NonNull
+  public static InstallationTokenResult.Builder builder() {
+    return new AutoValue_InstallationTokenResult.Builder();
+  }
+
+  @AutoValue.Builder
+  public abstract static class Builder {
+    @NonNull
+    public abstract Builder setToken(@NonNull String value);
+
+    @NonNull
+    public abstract Builder setTokenExpirationInSecs(@NonNull long value);
+
+    @NonNull
+    public abstract InstallationTokenResult build();
+  }
+}