privacyidea / java-client Goto Github PK

Add the token rollout functionality

Check that threads terminate properly.
Possibly make the PrivacyIDEA autoclosable.

if a field is missing, an exception is thrown.
Instead there should be a default value and the name of the field that is missing but was expected should be logged.

HttpURLConnection does not allow to set the Origin header which is required for Webauthn (#14), therefore replace it with the okhttp3 client.

privacyIDEA v3.8 allow enrolling a new token via validate/check request.

Update the java-client to use it.

• Check if in PI Response exists an img and add it to the PIResponse object.
• Update tests.

NOTE: Don't remove the old token enrollment method.

QUESTION: Should the old method generate a debug message, that there is a new, better, and safer method that is now recommended? And we recommend updating the PI server to >=3.8 to use it?
@nilsbehlen

the service account might be in a realm other than the user logging in.
So either assume the service account to be in the default realm or add a parameter for a service acc realm.

Add the capability to get info about the tokens that a user has.
A service account is required for this using the /token endpoint

privacyIDEA v3.8 will allow setting a preferred client mode: https://github.com/privacyidea/privacyidea/issues/3044#issuecomment-1302103651. This will be attached to the PI response as in the following example:

{
    "detail": {
        "preferred_client_mode": "webauthn",
        "multi_challenge": [
            {
                "client_mode": "webauthn",
                "image": "",
                "message": "Please confirm with your WebAuthn token (Generic WebAuthn Token)",
                "serial": "WAN00023132",
                "transaction_id": "09250011178417540855",
                "type": "webauthn"
            }
        ],

• Valid modes: interactive(default), poll, webauthn, u2f.

• Preferred client mode will be changed to non-default only if >=1 of the challenges contains a similar client_mode value. No need to compare it again here.

• Update java-client to make use of this enhancement.

• Update tests.

send the language of the plugin to pi to get errors etc in that language. (Probably by Language-Accept header).

• Return the data required for webauthn when using validateCheck or triggerChallenge
• Add a validateCheck function that uses webauthn params

Plugins using the sdk should have to specify their name to be used as user agent.

Introducing Webauthn (#14) adds new requirements to the requests that are made to privacyIDEA:

• Being able to set the Origin header for requests to /validate/check
• Exclude certain request parameter values (the webauthn ones) from URL encoding as it will make them unusable.

Run all unit tests by PR.

Add the parameter "client" to requests which contains the IP from which the login was initated.
The paramter can be processed by privacyidea if configured.

Translate the preferred_client_mode names to these, which are used as a mode in the plugins.

"poll" to "push"
"interactive" to "otp"
The rest stays unchanged.

Update tests.

add async methods for the endpoints.

Add capability to use validate/check with serial instead of username