twilio / authy-java Goto Github PK

View Code? Open in Web Editor NEW

65.0 65.0 46.0 344 KB

Java Client for Twilio Authy Two-Factor Authentication (2FA) API

Home Page: https://www.twilio.com/docs/authy/api

License: MIT License

Java 99.79% Shell 0.21%

authy-java's People

Contributors

Stargazers

Watchers

authy-java's Issues

Get same code in JAVA, like I receive code in Authy application on phone.

Hello, really need help, I am novice in programming, also my English is bad and I have big problem in understanding (in russian language no information about it).
But I need receive same code (SoftToken), like I receive in my application Authy on phone.
Is authy-java for me? If so, where I should find this your-api-key?
I want solve this: http://stackoverflow.com/questions/39151880/get-same-two-factor-code-like-i-received-in-my-app-authy-in-java

Also, when I try use authy-java with code:

AuthyApiClient client = new AuthyApiClient("INVALID_API_KEY", "https://api.authy.com/");
System.out.println(client.getUsers().toString());

I haven't error, but my api_key is invalid, why?

Maven dependency available?

Can the binary artifact be published to Maven's public repositories? Would rather not have the JAR directly be inside the app's config.

Details for 401?

Hey,

I'm in the middle of integrating Authy into our system. One thing that irritates me is how I am supposed to distinguish the various error types that hide under a 401.

Currently it could be

wrong API keys
wrong token (for verification)
wrong user

So how am I supposed to know in the code what the root cause was. We wouldn't want to show the user a message straight from your API (e.g. "User doesn't exist."), but show a customized one.

Currently I do this:

if (errMsg.contains("api key"))
    throw new ServiceException("wrong API key");
else if (errMsg.contains("token"))
    throw new TokenException();
else if (errMsg.contains("user"))
    throw new UserException("user not found");
else
    throw new ServiceException(errMsg);

... and this can't be the best way, can it?

Support for /protected/json/verify/ in Tokens.java

Dear Authy Team!
Does it possible to add a support for json format in /protected/json/verify/

Error Codes support

Hello,

I'm attempting to align what's in the Authy Users API docs for a sample error response:

{
    "errors": {
        "email":"is invalid",
        "cellphone":"must be a valid cellphone number."
    }
}

as well as with this https://www.twilio.com/docs/authy/return-and-error-codes, with this java client. What is supposed to be returned from Error::getMessage?

No method Phone Verification check verification status

PhoneVerification doesn't have a convenience method for the GET https://api.authy.com/protected/json/phones/verification/status call

Docs: https://www.twilio.com/docs/verify/api/verification?code-sample=code-check-verification-status-using-phone-number-4&code-language=curl&code-sdk-version=default

Custom Message for Request SMS

How do I set custom message to send SMS, I found something here https://docs.authy.com/phone_verification.html#phone-verification-api to setup custom message.

Spring BeanInstantiationException for AuthyApiClient

Adding AuthyApiClient causes an exception to be thrown during startup for my Spring Boot application. Is my project set up incorrectly?

Context: I only need to use the Verify API.

build.gradle uses:

    compile 'com.twilio.sdk:twilio:7.38.0' # Tried with and without this artifact
    compile 'com.authy:authy-java:1.5.0'

Spring configuration:

    @Bean
    public AuthyApiClient getAuthyApiClient() {
        return new AuthyApiClient("<valid-api-key-here>");
    }

Stack trace during startup:

 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getAuthyApiClient' defined in class path resource [com/zillow/identity/verification/config/TwilioConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.authy.AuthyApiClient]: Factory method 'getAuthyApiClient' threw exception; nested exception is java.lang.VerifyError: Stack map does not match the one at exception handler 80
Exception Details:
  Location:
    com/authy/api/Resource.errorFromJson(Ljava/lang/String;)Lcom/authy/api/Error; @80: astore_2
  Reason:
    Type 'org/json/JSONException' (current frame, stack[0]) is not assignable to 'java/lang/RuntimeException' (stack map, stack[0])
  Current Frame:
    bci: @0
    flags: { }
    locals: { 'com/authy/api/Resource', 'java/lang/String' }
    stack: { 'org/json/JSONException' }
  Stackmap Frame:
    bci: @80
    flags: { }
    locals: { 'com/authy/api/Resource', 'java/lang/String' }
    stack: { 'java/lang/RuntimeException' }
  Bytecode:
    0x0000000: bb00 3259 2bb7 0033 4dbb 0034 59b7 0035
    0x0000010: 4e2d 2c12 36b6 0037 b600 382c 1239 b600
    0x0000020: 37b8 003a 3604 b800 3bb8 003c 1504 ba00
    0x0000030: 3d00 00b9 003e 0200 b900 3f01 00b2 0040
    0x0000040: b600 41c0 0042 3a05 2d19 05b6 0043 2db0
    0x0000050: 4dbb 002b 5912 462c b700 2dbf          
  Exception Handler Table:
    bci [0, 79] => handler: 80
    bci [0, 79] => handler: 80
  Stackmap Table:
    same_locals_1_stack_item_extended(@80,Object[#218])

        at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:732)
        at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:197)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1276)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1133)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:503)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140)
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759)
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:327)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:155)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:135)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:87)
        at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5196)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'getPhoneVerificationHandler' defined in class path resource [com/zillow/identity/verification/config/IdentityVerificationConfiguration.class]: Unsatisfied dependency expressed through method 'getPhoneVerificationHandler' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'getTwilioApiAdapter' defined in class path resource [com/zillow/identity/verification/config/TwilioConfiguration.class]: Unsatisfied dependency expressed through method 'getTwilioApiAdapter' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getAuthyApiClient' defined in class path resource [com/zillow/identity/verification/config/TwilioConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.authy.AuthyApiClient]: Factory method 'getAuthyApiClient' threw exception; nested exception is java.lang.VerifyError: Stack map does not match the one at exception handler 80
Exception Details:
  Location:
    com/authy/api/Resource.errorFromJson(Ljava/lang/String;)Lcom/authy/api/Error; @80: astore_2
  Reason:
    Type 'org/json/JSONException' (current frame, stack[0]) is not assignable to 'java/lang/RuntimeException' (stack map, stack[0])
May 30, 2019 3:50:42 PM org.apache.catalina.core.ContainerBase startInternal
  Current Frame:
    bci: @0
    flags: { }
SEVERE: A child container failed during start
    locals: { 'com/authy/api/Resource', 'java/lang/String' }
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].StandardContext[]]
        at java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at java.util.concurrent.FutureTask.get(FutureTask.java:192)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:939)
    stack: { 'org/json/JSONException' }
  Stackmap Frame:
    bci: @80
    flags: { }
    locals: { 'com/authy/api/Resource', 'java/lang/String' }
    stack: { 'java/lang/RuntimeException' }
  Bytecode:
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
    0x0000000: bb00 3259 2bb7 0033 4dbb 0034 59b7 0035
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    0x0000010: 4e2d 2c12 36b6 0037 b600 382c 1239 b600
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419)
    0x0000020: 37b8 003a 3604 b800 3bb8 003c 1504 ba00
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
    0x0000030: 3d00 00b9 003e 0200 b900 3f01 00b2 0040
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    0x0000040: b600 41c0 0042 3a05 2d19 05b6 0043 2db0
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    0x0000050: 4dbb 002b 5912 462c b700 2dbf          
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
  Exception Handler Table:
    bci [0, 79] => handler: 80
    bci [0, 79] => handler: 80
  Stackmap Table:
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].StandardContext[]]
    same_locals_1_stack_item_extended(  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        ... 6 more
@80,Object[#218])

Getting UnmarshalException when getting user.getError()

Whenever I try to create a user, it always returns false.
When it returns false, I call user.getError(); but that returns a javax.xml.bind.UnmarshalException

javax.xml.bind.UnmarshalException with linked exception: [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.] at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalException(Unknown Source) at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.createUnmarshalException(Unknown Source) at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(Unknown Source) at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(Unknown Source) at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(Unknown Source) at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(Unknown Source) at com.authy.api.Users.userFromXml(Users.java:123) at com.authy.api.Users.createUser(Users.java:48) at me.lapinolapidus.authytester.Main.main(Main.java:23) Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ... 7 more

My code is

	User user = users.createUser("XXX", "XXX-XX-XXXX", "XX");
	
	if(user.isOk()) {
		System.out.println(user.getId());
	} else {
		user.getError();
	}

Disable the Installation SMS

How to disable the installation SMS when we create the User in Java API?

Unable to integrate the jar file into my Android application

I am getting the following error when I copy the jar file in the dist/ directory and past it into my libs folder in my android project.
I am building my android project using java 1.8
Please help

Error:PARSE ERROR:
Error:unsupported class file version 52.0
Error:...while parsing org/json/CDL.class
Error:1 error; aborting
:app:transformClassesWithDexForDebug FAILED
Error:Execution failed for task ':app:transformClassesWithDexForDebug'.

com.android.build.api.transform.TransformException: java.lang.RuntimeException: com.android.ide.common.process.ProcessException: java.util.concurrent.ExecutionException: com.android.ide.common.process.ProcessException: org.gradle.process.internal.ExecException: Process 'command 'C:\Program Files\Java\jdk1.8.0_101\bin\java.exe'' finished with non-zero exit value 1

Maven dependency update

Current version in Maven repository is 1.2.0 and it doesn't have call request capabilities. Can someone please update the artifact on maven?

Tests?

I don't see any unit / integration tests. Do you expect to add some?

Regards
Stephan

Tokens.verify returns an AuthyException rather than a Token if non-numeric or wrong length

Verifying a token returns:

Token object if the entered token is:
- correct OR
- incorrect AND is 6-10 numeric digits
AuthyException if the entered token is:
- non-numeric
- has <6 or >10 digits

This behavior is inconsistent for the following reasons:

Suppose an Authy app has the OTP set as the default 7 digits. It does not make sense for the response for entering an incorrect 9 digit code to be different from entering an incorrect 5 digit code. The client should also not be expected to hardcode a 6-10 digit validation.
AuthyException is hard to handle because it does not have a status or error code like the Token does, and does not match the responses in the Authy API documentation (https://www.twilio.com/docs/authy/api/one-time-passwords#verify-a-one-time-password).

Since the library cannot access what the expected number of digits in the OTP is for an Authy app, one potential solution is to create a Token object that has the same status code as the normal "incorrect token" response and add the current message in the AuthyException as the message.

Jaxb is removed in Java 11+

Jaxb is no longer included in Java 11+. As a result it has to be included manually as a dependency otherwise users get the following error:

Caused by: java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
at com.authy.api.Users.createUser(Users.java:47) ~[?:?]

I don't believe this is intentional and though there are workarounds, I believe this should be fixed.

requestSMS isOk always false

After Hash sms = users.requestSms(), sms.isOk() is always false whether the sms was sent successfully or not. sms.success seems to be set correctly.

Update user mobile no or email.

Hi Authy Team!
How to update mobile no or email for existing user?

NullPointerException in version 1.2.0 (com.authy.api.Resource.java)

`
StringBuilder e = new StringBuilder();
if(method.equals("GET")) {
e.append(this.prepareGet(data));
}

        URL url = new URL(this.apiUri + path + e.toString());
        HttpURLConnection connection = this.createConnection(url, method, options);
        connection.setRequestProperty("X-Authy-API-Key", this.apiKey);
        if(data.toMap().containsKey("api_key")) {//THROWS A NULL POINTER EXCEPTION
            LOGGER.log(Level.WARNING, "Found \'api_key\' as a parameter, please remove it, Authy-Java already handles the\'api_key\' for you.");
        }

        if(method.equals("POST") || method.equals("PUT")) {
            if(this.isJSON) {
                this.writeJson(connection, data);
            } else {
                this.writeXml(connection, data);
            }
        }

        this.status = connection.getResponseCode();
        answer = this.getResponse(connection);
    } catch (SSLHandshakeException var9) {
        System.err.println("SSL verification is failing. This might be because of an attack. Contact [email protected]");
    } catch (Exception var10) {
        var10.printStackTrace();
    }

    return answer;
}

This line of code is throwing a NPE when trying to create a user, using your documented process (the createUser line below works fine in version 1.1.0):

`
User user = users.createUser("[email protected]", "405-342-5699", "57");

//eventually calls this which is what blows up as data = null
if(data.toMap().containsKey("api_key")) {
`

Android Support

I want implement authy verification on my android apps, but after add .jar library, i cant run my apps, here are my error log

:app:transformClassesWithDexForDevDebug
UNEXPECTED TOP-LEVEL EXCEPTION:
java.lang.RuntimeException: Exception parsing classes
    at com.android.dx.command.dexer.Main.processClass(Main.java:752)
    at com.android.dx.command.dexer.Main.processFileBytes(Main.java:718)
    at com.android.dx.command.dexer.Main.access$1200(Main.java:85)
    at com.android.dx.command.dexer.Main$FileBytesConsumer.processFileBytes(Main.java:1645)
    at com.android.dx.cf.direct.ClassPathOpener.processArchive(ClassPathOpener.java:284)
    at com.android.dx.cf.direct.ClassPathOpener.processOne(ClassPathOpener.java:166)
    at com.android.dx.cf.direct.ClassPathOpener.process(ClassPathOpener.java:144)
    at com.android.dx.command.dexer.Main.processOne(Main.java:672)
    at com.android.dx.command.dexer.Main.processAllFiles(Main.java:542)
    at com.android.dx.command.dexer.Main.runMultiDex(Main.java:366)
    at com.android.dx.command.dexer.Main.run(Main.java:275)
    at com.android.dx.command.dexer.Main.main(Main.java:245)
    at com.android.dx.command.Main.main(Main.java:106)
Caused by: com.android.dx.cf.iface.ParseException: bad class file magic (cafebabe) or version (0034.0000)
    at com.android.dx.cf.direct.DirectClassFile.parse0(DirectClassFile.java:472)
    at com.android.dx.cf.direct.DirectClassFile.parse(DirectClassFile.java:406)
    at com.android.dx.cf.direct.DirectClassFile.parseToInterfacesIfNecessary(DirectClassFile.java:388)
    at com.android.dx.cf.direct.DirectClassFile.getMagic(DirectClassFile.java:251)
    at com.android.dx.command.dexer.Main.parseClass(Main.java:764)
    at com.android.dx.command.dexer.Main.access$1500(Main.java:85)
    at com.android.dx.command.dexer.Main$ClassParserTask.call(Main.java:1684)
    at com.android.dx.command.dexer.Main.processClass(Main.java:749)
    ... 12 more

UNEXPECTED TOP-LEVEL EXCEPTION:
java.lang.RuntimeException: Exception parsing classes
    at com.android.dx.command.dexer.Main.processClass(Main.java:752)
    at com.android.dx.command.dexer.Main.processFileBytes(Main.java:718)
    at com.android.dx.command.dexer.Main.access$1200(Main.java:85)
    at com.android.dx.command.dexer.Main$FileBytesConsumer.processFileBytes(Main.java:1645)
    at com.android.dx.cf.direct.ClassPathOpener.processArchive(ClassPathOpener.java:284)
    at com.android.dx.cf.direct.ClassPathOpener.processOne(ClassPathOpener.java:166)
    at com.android.dx.cf.direct.ClassPathOpener.process(ClassPathOpener.java:144)
    at com.android.dx.command.dexer.Main.processOne(Main.java:672)
    at com.android.dx.command.dexer.Main.processAllFiles(Main.java:569)
    at com.android.dx.command.dexer.Main.runMultiDex(Main.java:366)
    at com.android.dx.command.dexer.Main.run(Main.java:275)
    at com.android.dx.command.dexer.Main.main(Main.java:245)
    at com.android.dx.command.Main.main(Main.java:106)
Caused by: com.android.dx.cf.iface.ParseException: bad class file magic (cafebabe) or version (0034.0000)
    at com.android.dx.cf.direct.DirectClassFile.parse0(DirectClassFile.java:472)
    at com.android.dx.cf.direct.DirectClassFile.parse(DirectClassFile.java:406)
    at com.android.dx.cf.direct.DirectClassFile.parseToInterfacesIfNecessary(DirectClassFile.java:388)
    at com.android.dx.cf.direct.DirectClassFile.getMagic(DirectClassFile.java:251)
    at com.android.dx.command.dexer.Main.parseClass(Main.java:764)
    at com.android.dx.command.dexer.Main.access$1500(Main.java:85)
    at com.android.dx.command.dexer.Main$ClassParserTask.call(Main.java:1684)
    at com.android.dx.command.dexer.Main.processClass(Main.java:749)
    ... 12 more
2 errors; aborting


 FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:transformClassesWithDexForDevDebug'.
> com.android.build.api.transform.TransformException: com.android.ide.common.process.ProcessException: org.gradle.process.internal.ExecException: Process 'command '/Library/Java/JavaVirtualMachines/jdk1.8.0_31.jdk/Contents/Home/bin/java'' finished with non-zero exit value 1

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 16.763 secs

my java version 1.8.0_31

Error class is missing 'statusCode'

We're implementing the Java client into our app and feel that the Error object should have a getStatusCode() method.

The reason is that the 'message' might not be suitable for display in the UI as is and we don't have any way to distinguish server, client and user errors without the status code.

Recent modifications to code

I noticed that my recent pull request #19 is no longer merge-able because of extensive refactoring of the code base. It looks like some of the things I added in my pull request were added to master, but in incompatible ways (eg: Formattable* vs Request; and the way alternate serializations/content-types are handled). The master branch also apparently underwent a massive whitespace change, which makes diffs even harder to apply.

It would be nice if there was discussion about how new features were going to be implemented. Also, if the code lags behind so far behind that users are having to go out of their way to implement the missing features, and they share their modifications back with the community, it would be nice if some deference were given to these initial implementations.

*doubly frustrating since Formattable is already a standard java interface

AuthyUtil.validateSignatureForPost fails with lower case headers

We use this method to verify incoming Authy webhooks, and found out it failed with no apparent reason.

After investigation, we found out the Authy headers were arriving in lower case, which isn't supported by the method as shown by:

        if (!headers.containsKey(HEADER_AUTHY_SIGNATURE))
            throw new OneTouchException("'SIGNATURE' is missing.");

        if (!headers.containsKey(HEADER_AUTHY_SIGNATURE_NONCE))
            throw new OneTouchException("'NONCE' is missing.");

This seems to happen because the Authy server that sends the requests uses HTTP/2 since it is supported by the AWS ALBs (thus the lower case headers).

Deactivating HTTP/2 for this reason is not a solution we could apply. For now we "fix" the headers map before sending it to the library.

Example webapp broken

Hi,

I'm following the guide here https://www.twilio.com/docs/tutorials/two-factor-authentication-java-servlets. First are these projects related? I'm trying to find a sample wbapp to try first.

However, in the README I do mvn compile jetty:run but nothing happens, and I see no listener socket set up on 8080.

Thanks, Jason

"force=true" wording incorrect

The language around what "force=true" doesn't line up with the Authy documentation, which claims this parameter forces an SMS code even if the user has a device registered.

Update version of org.json dependency

authy-java currently uses a very old version of org.json (2015-07-29). Please bump to latest version (2021-03-07)

https://mvnrepository.com/artifact/org.json/json/20210307

OneTouch support

It looks like the library is missing support for OneTouch.

TODO List

Make it possible to pass force=false but default is true.

Modify sms force request to use just a Map

Make sure we are checking the https cert

TestPhoneInfo and TestPhoneVerification are failing

In TestPhoneInfo, the 'provider' name for the test phone number appears to have changed:
expected:<Pinger[]> but was:<Pinger[ - Bandwidth.com - Sybase365]>

TestPhoneVerification is also failing:
expected:<[Verification code is incorrect]> but was:<[No pending verifications for +1 775-461-5609 found.]>

expose Verification response

currently,
`try {
path.append("start");
response = this.post(path.toString(), params);

  verification.setStatus(this.getStatus());
  verification.setResponse(response);
}

catch(Exception e) {
  e.printStackTrace();
}`

wraps all the exception, even for network errors, but for us, we want to be able to catch the network issues by ourself, so we can notice the problems. One suggestion is to stop catching all Exceptions, but if it's too much, we would like to at least have the access to the response message, so we can somehow figure out it's a network error or not.

Invalid Token. Only digits accepted.

The following exception is thrown when I attempted to verify the token that was sent via SMS.

com.authy.AuthyException: Invalid Token. Only digits accepted.

Take note that validating the token that was given by the application works fine.

I have double checked the inputs and the String inputs should be "convertible" to a number.

twilio / authy-java Goto Github PK

authy-java's People

Contributors

Stargazers

Watchers

Forkers

authy-java's Issues

Recommend Projects

Recommend Topics

Recommend Org