Sh-To-ERP-SYS
/
Sh-To-ERP-SYS-APP
Watch 4
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Sh-To-ERP-SYS-APP/Assets/UniWebView/Script/UniWebViewAuthentication/UniWebViewAuthenticationCom...

UniWebViewAuthenticationCommonFlow.cs 4.5KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. //

  2. //  UniWebViewAuthenticationCommonFlow.cs

  3. //  Created by Wang Wei (@onevcat) on 2022-06-25.

  4. //

  5. //  This file is a part of UniWebView Project (https://uniwebview.com)

  6. //  By purchasing the asset, you are allowed to use this code in as many as projects 

  7. //  you want, only if you publish the final products under the name of the same account

  8. //  used for the purchase. 

  9. //

  10. //  This asset and all corresponding files (such as source code) are provided on an 

  11. //  “as is” basis, without warranty of any kind, express of implied, including but not

  12. //  limited to the warranties of merchantability, fitness for a particular purpose, and 

  13. //  noninfringement. In no event shall the authors or copyright holders be liable for any 

  14. //  claim, damages or other liability, whether in action of contract, tort or otherwise, 

  15. //  arising from, out of or in connection with the software or the use of other dealing in the software.

  16. //

  17. 

  18. using System.Collections.Generic;

  19. using UnityEngine;

  20. 

  21. /// <summary>

  22. /// Abstract class and general control for other authentication flows. This class determines the global behaviors of the 

  23. /// authentication flow, such as whether to start authentication as soon as the script `Start`s, and whether to use private

  24. /// mode to authenticate the user.

  25. 

  26. /// This is a super and abstract class for all concrete auth flow. You are not expected to use this class directly.

  27. /// Instead, to start a customized auth flow, you can use the `UniWebViewAuthenticationFlowCustomize` class.

  28. /// </summary>

  29. public abstract class UniWebViewAuthenticationCommonFlow: MonoBehaviour {

  30.     /// <summary>

  31.     /// Whether to start authentication as soon as the script `Start`s.

  32.     /// </summary>

  33.     public bool authorizeOnStart;

  34.     /// <summary>

  35.     /// Whether to use private mode to authenticate the user. If `true` and the device supports, the authentication

  36.     /// will begin under the incognito mode.

  37.     ///

  38.     /// On iOS, this works on iOS 13 and later.

  39.     ///

  40.     /// On Android, it depends on the Chrome version and might require users to enable the incognito mode (and support

  41.     /// for third-party use) in Chrome's settings. Check settings with `chrome://flags/#cct-incognito` and

  42.     /// `chrome://flags/#cct-incognito-available-to-third-party` in Chrome to see the current status.

  43.     /// </summary>

  44.     public bool privateMode;

  45.     

  46.     // Security. Store the state.

  47.     private string state;

  48.     // Security. Store the code challenge verifier. 

  49.     private string codeVerify;

  50.     

  51.     protected string CodeVerify => codeVerify;

  52.     

  53.     public void Start() {

  54.         if (authorizeOnStart) {

  55.             StartAuthenticationFlow();

  56.         }

  57.     }

  58.     

  59.     /// <summary>

  60.     /// Subclass should override this method to start the authentication flow. Usually it starts

  61.     /// a `UniWebViewAuthenticationFlow`. But you can also choose whatever you need to do. 

  62.     /// </summary>

  63.     public abstract void StartAuthenticationFlow();

  64. 

  65.     /// <summary>

  66.     /// Subclass should override this method to start the authentication flow. Usually it starts

  67.     /// a Unity Web Request against the authentication flow's token entry point to refresh the token.

  68.     /// </summary>

  69.     /// <param name="refreshToken">The refresh token.</param>

  70.     public abstract void StartRefreshTokenFlow(string refreshToken);

  71. 

  72.     // Child classes are expected to call this method to request a `state` (and store it for later check) if the 

  73.     // `state` verification is enabled.

  74.     protected string GenerateAndStoreState() {

  75.         state = UniWebViewAuthenticationUtils.GenerateRandomBase64URLString();

  76.         return state;

  77.     }

  78. 

  79.     // Child classes are expected to call this method to request a `code_challenge`. Later when exchanging the access

  80.     // token, the `code_verifier` will be used to verify the `code_challenge`. Subclass can read it from `CodeVerify`.

  81.     protected string GenerateCodeChallengeAndStoreCodeVerify(UniWebViewAuthenticationPKCE method) {

  82.         codeVerify = UniWebViewAuthenticationUtils.GenerateCodeVerifier();

  83.         return UniWebViewAuthenticationUtils.CalculateCodeChallenge(codeVerify, method);

  84.     }

  85.     

  86.     // Perform verifying for `state`.

  87.     protected void VerifyState(Dictionary<string, string> parameters, string key = "state") {

  88.         if (state == null) {

  89.             throw AuthenticationResponseException.InvalidState;

  90.         }

  91.         if (!parameters.TryGetValue(key, out var stateInResponse) || state != stateInResponse) {

  92.             throw AuthenticationResponseException.InvalidState;

  93.         }

  94.     }

  95. }