ulfr/recipe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06e5eaf94e91dafd154da95dacb43dfdfbf2f2e0
recipe/.planning/phases/02-authentication-foundation/02-04-SUMMARY.md
ulfrxdev 8d1c34c2f6 docs(02-04): complete Android auth actuals plan 
- Add execution summary with verification results
- Document Android expect/actual ordering deviation and token mapping fix
2026-04-28 16:01:57 +02:00

160 lines
8.7 KiB
Markdown
Raw Blame History

---
phase: 02-authentication-foundation
plan: 04
subsystem: auth
tags: [android, oidc, appauth, encryptedsharedpreferences, authstate]
requires:
- phase: 02-authentication-foundation
provides: 02-01 Phase 2 Android AppAuth/Security Crypto dependencies and OIDC constants
- phase: 02-authentication-foundation
provides: 02-03 common OidcClient, OidcResult, and SecureAuthStateStore expect contracts
provides:
- Android AppAuth authorization-code + PKCE login through the system browser
- Android AppAuth AuthState JSON serialization for login and fresh-token refresh
- Android RP-initiated logout through AppAuth EndSessionRequest when discovery metadata exposes end-session
- Android EncryptedSharedPreferences-backed SecureAuthStateStore for opaque AuthState JSON
- Android manifest registration for recipe://callback via RedirectUriReceiverActivity
affects: [02-06-auth-session-ui, 02-07-auth-integration-verification]
tech-stack:
added: []
patterns:
- "Android OIDC actual resolves Context from Koin's Android context while preserving the no-arg common expect constructor."
- "AppAuth callback bridge uses private dynamic broadcast PendingIntents and suspendCancellableCoroutine."
- "AuthState JSON remains opaque; storage and refresh paths never log token-bearing values."
key-files:
created:
- composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt
- composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.android.kt
modified:
- composeApp/src/androidMain/AndroidManifest.xml
key-decisions:
- "Use Koin's registered Android Context from the no-arg Android actuals instead of changing common constructor contracts from 02-03."
- "Task 1 included the Android SecureAuthStateStore actual because Android target compilation cannot pass with only one of the auth expect actuals present."
- "Treat missing access tokens from token exchange/refresh as AuthError, not Success with an empty token."
patterns-established:
- "Android AppAuth login/request scopes are pinned exactly to openid profile email offline_access."
- "Android token persistence is contained behind SecureAuthStateStore so the deprecated AndroidX Security Crypto implementation can be replaced later without touching AuthSession."
requirements-completed: [AUTH-01, AUTH-02, AUTH-04, AUTH-05]
duration: 8 min
completed: 2026-04-28
---
# Phase 02 Plan 04: Android OIDC Actuals Summary
**Android AppAuth login, refresh, logout, and encrypted AuthState persistence wired behind the Phase 2 common auth contracts.**
## Performance
- **Duration:** 8 min
- **Started:** 2026-04-28T13:52:41Z
- **Completed:** 2026-04-28T14:00:47Z
- **Tasks:** 2
- **Files modified:** 3
## Accomplishments
- Added Android `OidcClient` actual using AppAuth discovery, authorization-code flow, exact `openid profile email offline_access` scopes, token exchange, `AuthState.jsonSerializeString()`, `AuthState.jsonDeserialize(...)`, and `performActionWithFreshTokens`.
- Added Android `SecureAuthStateStore` actual backed by `EncryptedSharedPreferences`.
- Registered `net.openid.appauth.RedirectUriReceiverActivity` for `recipe://callback` in the Android manifest.
- Kept auth diagnostics token-safe: no logging of AuthState JSON, access tokens, refresh tokens, ID tokens, bearer headers, or authorization headers.
## Task Commits
1. **Task 1: Implement Android AppAuth OidcClient actual** - `fa78ee3` (feat)
2. **Task 2: Implement Android secure AuthState store and callback manifest** - `6385453` (feat)
3. **Rule 1 fix: Harden Android OIDC token result mapping** - `11a5eeb` (fix)
## Files Created/Modified
- `composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - Android AppAuth actual for login, refresh, logout, AuthState JSON serialization/deserialization, and OidcResult mapping.
- `composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.android.kt` - Android encrypted storage actual for one opaque AuthState JSON blob per install.
- `composeApp/src/androidMain/AndroidManifest.xml` - Explicit AppAuth redirect receiver registration for `recipe://callback`.
## Decisions Made
See frontmatter `key-decisions`.
## Deviations from Plan
### Auto-fixed Issues
**1. [Rule 3 - Blocking] Added Android SecureAuthStateStore actual during Task 1**
- **Found during:** Task 1 verification
- **Issue:** `./gradlew :composeApp:compileDebugKotlinAndroid` failed because `SecureAuthStateStore` had a common `expect` declaration but no Android `actual`. The plan listed the store in Task 2, but the Android target cannot compile any auth expect declarations until both Android actuals exist.
- **Fix:** Implemented `SecureAuthStateStore.android.kt` with `EncryptedSharedPreferences` during Task 1 so the required Task 1 Android compile gate could pass.
- **Files modified:** `composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.android.kt`
- **Verification:** `./gradlew :composeApp:compileDebugKotlinAndroid`
- **Committed in:** `fa78ee3`
**2. [Rule 1 - Bug] Hardened token result mapping**
- **Found during:** Final correctness pass
- **Issue:** The initial token exchange path could report success if AppAuth returned a `TokenResponse` with a missing access token.
- **Fix:** Added explicit missing-token guards and preserved AppAuth discovery exceptions so network failures and auth failures map cleanly.
- **Files modified:** `composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt`
- **Verification:** `./gradlew :composeApp:compileDebugKotlinAndroid`; all Task 1 and Task 2 grep gates re-run.
- **Committed in:** `11a5eeb`
---
**Total deviations:** 2 auto-fixed (1 x Rule 3 blocking, 1 x Rule 1 bug).
**Impact on plan:** No scope expansion beyond Android auth ownership. The Rule 3 change only corrected task ordering required by Kotlin expect/actual compilation.
## Known Stubs
None.
## Threat Flags
None - all new trust-boundary surfaces were already listed in the plan threat model.
## Issues Encountered
- Concurrent iOS plan work appeared as untracked `composeApp/src/iosMain/kotlin/dev/ulfrx/recipe/auth/` and `iosApp/Podfile`. These files were not read, staged, modified, or committed by this plan.
- Pre-existing untracked `.claude/` and `AGENTS.md` were left untouched.
- STATE.md/ROADMAP.md updates were intentionally not performed by this spawned Android executor because the user constrained writes to Android-owned files plus this summary; central planning state remains orchestrator-owned.
## User Setup Required
None.
## Verification
- `./gradlew :composeApp:compileDebugKotlinAndroid` - PASS
- `grep -q 'AuthorizationServiceConfiguration.fetchFromIssuer' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - PASS
- `grep -q 'setScopes("openid", "profile", "email", "offline_access")' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - PASS
- `grep -q 'suspendCancellableCoroutine' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - PASS
- `grep -q 'performActionWithFreshTokens' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - PASS
- `grep -q 'EndSessionRequest' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.android.kt` - PASS
- `grep -q 'EncryptedSharedPreferences' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.android.kt` - PASS
- `! grep -R 'Settings()' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth` - PASS
- `! grep -R 'getSharedPreferences' composeApp/src/androidMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.android.kt` - PASS
- `grep -q 'RedirectUriReceiverActivity' composeApp/src/androidMain/AndroidManifest.xml` - PASS
- `grep -q 'android:scheme="recipe"' composeApp/src/androidMain/AndroidManifest.xml` - PASS
- `grep -q 'android:host="callback"' composeApp/src/androidMain/AndroidManifest.xml` - PASS
- Token/log scan for `Logger`, `println`, `printStackTrace`, `Authorization:`, and `Bearer` under Android auth files - PASS
## Next Phase Readiness
Android auth actuals now compile behind the common contracts. AuthSession/UI integration in 02-06 can call login, refresh, logout, and the secure store without Android-specific APIs.
## Self-Check: PASSED
- Created files exist: `OidcClient.android.kt`, `SecureAuthStateStore.android.kt`, and this summary were found.
- Modified files exist: `AndroidManifest.xml` contains `RedirectUriReceiverActivity`, `android:scheme="recipe"`, and `android:host="callback"`.
- Commits exist: `fa78ee3`, `6385453`, and `11a5eeb` were found in git history.
- Acceptance criteria: all required grep checks passed.
- Plan-level verification: `./gradlew :composeApp:compileDebugKotlinAndroid` passed.
---
*Phase: 02-authentication-foundation*
*Completed: 2026-04-28*
Reference in New Issue View Git Blame Copy Permalink