feat: Add password enrollment to MyAccount API#1003
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
🚧 Files skipped from review as they are similar to previous changes (3)
📝 WalkthroughWalkthroughThis PR adds password enrollment and verification support to ChangesPassword Enrollment Feature
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant App
participant MyAccountAPIClient
participant Auth0API
App->>MyAccountAPIClient: enrollPassword(userIdentity, connection)
MyAccountAPIClient->>Auth0API: POST /authentication-methods (type=password)
Auth0API-->>MyAccountAPIClient: PasswordEnrollmentChallenge (id, authSession, policy)
MyAccountAPIClient-->>App: PasswordEnrollmentChallenge
App->>MyAccountAPIClient: verifyPassword(authenticationMethodId, authSession, newPassword)
MyAccountAPIClient->>Auth0API: POST /authentication-methods/{id}/verify
Auth0API-->>MyAccountAPIClient: PasswordAuthenticationMethod
MyAccountAPIClient-->>App: PasswordAuthenticationMethod
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
auth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.kt (1)
776-793: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winDuplicates
buildEnrollmentRequest's URL/POST construction.
enrollPasswordreconstructs the same URL-building andfactory.post(...).addParameters(...).addHeader(...)pattern used bybuildEnrollmentRequest(Line 898), only differing in the response adapter type. Consider parameterizingbuildEnrollmentRequest(or adding an overload) to accept the target class/adapter so this andpasskeyEnrollmentChallenge-style methods share one code path.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@auth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.kt` around lines 776 - 793, The enrollPassword method is duplicating the same URL construction and POST request setup already handled by buildEnrollmentRequest, with only the response adapter type differing. Refactor buildEnrollmentRequest in MyAccountAPIClient to accept the target response class or adapter so it can build the shared request path and headers once, then update enrollPassword to call that shared helper instead of rebuilding the request inline. Use the existing buildEnrollmentRequest and enrollPassword symbols to keep this and similar methods like passkeyEnrollmentChallenge on a single code path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@auth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.kt`:
- Around line 795-821: The KDoc usage example for
MyAccountAPIClient.verifyPassword shows the arguments in the wrong order, which
does not match the method signature. Update the example to pass
authenticationMethodId, authSession, and then newPassword in the same order used
by verifyPassword and the test call so the documentation reflects the public API
accurately.
In `@auth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.kt`:
- Around line 616-627: The `verifyPassword` test is calling
`client.verifyPassword(...)` with `authSession` and `newPassword` swapped, which
makes the intent misleading. Update the argument order in
`MyAccountAPIClientTest` to match the `verifyPassword(authenticationMethodId,
authSession, newPassword)` signature, using `AUTH_SESSION` for the auth session
slot and `"S3cr3tP@ssw0rd"` for the new password slot. Keep the existing
assertions and request flow intact.
In `@EXAMPLES.md`:
- Around line 2636-2658: The `verifyPassword` examples in `EXAMPLES.md` use the
wrong argument order and should be updated to match the new flow. In both the
Kotlin and Java snippets, swap the session token and new password values in the
`myAccountClient.verifyPassword(...)` call so the auth session comes before the
new password, keeping the rest of the callback examples unchanged.
---
Nitpick comments:
In `@auth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.kt`:
- Around line 776-793: The enrollPassword method is duplicating the same URL
construction and POST request setup already handled by buildEnrollmentRequest,
with only the response adapter type differing. Refactor buildEnrollmentRequest
in MyAccountAPIClient to accept the target response class or adapter so it can
build the shared request path and headers once, then update enrollPassword to
call that shared helper instead of rebuilding the request inline. Use the
existing buildEnrollmentRequest and enrollPassword symbols to keep this and
similar methods like passkeyEnrollmentChallenge on a single code path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: db18f62d-d690-4234-9c6f-0aad0cfa9072
📒 Files selected for processing (6)
EXAMPLES.mdauth0/src/main/java/com/auth0/android/myaccount/MyAccountAPIClient.ktauth0/src/main/java/com/auth0/android/result/EnrollmentChallenge.ktauth0/src/main/java/com/auth0/android/result/PasswordPolicy.ktauth0/src/test/java/com/auth0/android/myaccount/MyAccountAPIClientTest.ktauth0/src/test/java/com/auth0/android/util/MyAccountAPIMockServer.kt
Summary
MyAccountAPIClientvia a two-step flow:enrollPassword()—POST /me/v1/authentication-methods(type=password), returns a newPasswordEnrollmentChallenge(id,auth_session,policy).verifyPassword(authenticationId, authSession, newPassword)—POST /me/v1/authentication-methods/{id}/verify, returns aPasswordAuthenticationMethod.PasswordPolicymodel (complexity, profile-data, history, dictionary) so apps can build a compliant password UI.MyAccountAPIClientTest,MyAccountAPIMockServer) covering payloads, deserialization, and DPoP.Summary by CodeRabbit
New Features
Documentation
Bug Fixes
Tests