Add Signal API implementation (RP Side) (#175)

* Cherry Pick Signal API implementation from  branch

* Fix conflicts and suggestions

* Extract common code from CredentialManagerUtils

Author: neelanshsahai

Shrine/app/src/main/java/com/authentication/shrine/CredentialManagerUtils.kt

@@ -17,6 +17,7 @@ package com.authentication.shrine
 
 import android.annotation.SuppressLint
 import android.content.Context
+import android.util.Log
 import androidx.credentials.ClearCredentialStateRequest
 import androidx.credentials.ClearCredentialStateRequest.Companion.TYPE_CLEAR_RESTORE_CREDENTIAL
 import androidx.credentials.CreateCredentialRequest
@@ -33,11 +34,20 @@ import androidx.credentials.GetCredentialResponse
 import androidx.credentials.GetPasswordOption
 import androidx.credentials.GetPublicKeyCredentialOption
 import androidx.credentials.GetRestoreCredentialOption
+import androidx.credentials.SignalAllAcceptedCredentialIdsRequest
+import androidx.credentials.SignalCurrentUserDetailsRequest
+import androidx.credentials.SignalUnknownCredentialRequest
 import androidx.credentials.exceptions.CreateCredentialException
 import androidx.credentials.exceptions.GetCredentialCancellationException
 import androidx.credentials.exceptions.publickeycredential.GetPublicKeyCredentialDomException
+import androidx.datastore.core.DataStore
+import androidx.datastore.preferences.core.Preferences
+import com.authentication.shrine.repository.AuthRepository.Companion.RP_ID_KEY
+import com.authentication.shrine.repository.AuthRepository.Companion.USER_ID_KEY
+import com.authentication.shrine.repository.AuthRepository.Companion.read
 import com.authentication.shrine.repository.SERVER_CLIENT_ID
 import com.google.android.libraries.identity.googleid.GetGoogleIdOption
+import org.json.JSONArray
 import org.json.JSONObject
 import javax.inject.Inject
 
@@ -48,8 +58,20 @@ import javax.inject.Inject
  */
 class CredentialManagerUtils @Inject constructor(
     private val credentialManager: CredentialManager,
+    private val dataStore: DataStore<Preferences>,
 ) {
 
+    private val TAG = "CredentialManagerUtils"
+
+    private object JSON_KEYS {
+        const val RP_ID = "rpId"
+        const val CREDENTIAL_ID = "credentialId"
+        const val USER_ID = "userId"
+        const val ALL_ACCEPTED_CREDENTIAL_IDS = "allAcceptedCredentialIds"
+        const val NAME = "name"
+        const val DISPLAY_NAME = "displayName"
+    }
+
     /**
      * Retrieves a passkey or password credential from the credential manager.
      *
@@ -108,7 +130,7 @@ class CredentialManagerUtils @Inject constructor(
                         .setServerClientId(SERVER_CLIENT_ID)
                         .setFilterByAuthorizedAccounts(false)
                         .build(),
-                )
+                ),
             )
             result = credentialManager.getCredential(context, credentialRequest)
         } catch (e: GetCredentialCancellationException) {
@@ -249,6 +271,73 @@ class CredentialManagerUtils @Inject constructor(
         val clearRequest = ClearCredentialStateRequest(requestType = TYPE_CLEAR_RESTORE_CREDENTIAL)
         credentialManager.clearCredentialState(clearRequest)
     }
+
+    @SuppressLint("RestrictedApi")
+    suspend fun signalUnknown(
+        credentialId: String,
+    ) {
+        dataStore.read(RP_ID_KEY)?.let { rpId ->
+            credentialManager.signalCredentialState(
+                request = SignalUnknownCredentialRequest(
+                    requestJson = JSONObject().apply {
+                        put(JSON_KEYS.RP_ID, rpId)
+                        put(JSON_KEYS.CREDENTIAL_ID, credentialId)
+                    }.toString()
+                ),
+            )
+        } ?: Log.e(TAG, "RP ID not present")
+    }
+
+    @SuppressLint("RestrictedApi")
+    suspend fun signalAcceptedIds(
+        credentialIds: List<String>,
+    ) {
+        fetchDataAndPerformAction { rpId, userId ->
+            credentialManager.signalCredentialState(
+                request = SignalAllAcceptedCredentialIdsRequest(
+                    requestJson = JSONObject().apply {
+                        put(JSON_KEYS.RP_ID, rpId)
+                        put(JSON_KEYS.USER_ID, userId)
+                        put(JSON_KEYS.ALL_ACCEPTED_CREDENTIAL_IDS, JSONArray(credentialIds))
+                    }.toString()
+                ),
+            )
+        }
+    }
+
+    @SuppressLint("RestrictedApi")
+    suspend fun signalUserDetails(
+        newName: String,
+        newDisplayName: String,
+    ) {
+        fetchDataAndPerformAction { rpId, userId ->
+            credentialManager.signalCredentialState(
+                request = SignalCurrentUserDetailsRequest(
+                    requestJson = JSONObject().apply {
+                        put(JSON_KEYS.RP_ID, rpId)
+                        put(JSON_KEYS.USER_ID, userId)
+                        put(JSON_KEYS.NAME, newName)
+                        put(JSON_KEYS.DISPLAY_NAME, newDisplayName)
+                    }.toString()
+                ),
+            )
+        }
+    }
+
+    suspend fun fetchDataAndPerformAction(
+        credentialManagerAction: suspend (rpId: String, userId: String) -> Unit
+    ) {
+        val rpId = dataStore.read(RP_ID_KEY)
+        val userId = dataStore.read(USER_ID_KEY)
+
+        if (rpId.isNullOrBlank()) {
+            Log.e(TAG, "RP ID not present")
+        } else if (userId.isNullOrBlank()) {
+            Log.e(TAG, "User ID not present")
+        } else {
+            credentialManagerAction(rpId, userId)
+        }
+    }
 }
 
 sealed class GenericCredentialManagerResponse {

Shrine/app/src/main/java/com/authentication/shrine/ShrineApplication.kt

@@ -109,8 +109,12 @@ object AppModule {
     @Provides
     fun providesCredentialManagerUtils(
         credentialManager: CredentialManager,
+        dataStore: DataStore<Preferences>,
     ): CredentialManagerUtils {
-        return CredentialManagerUtils(credentialManager)
+        return CredentialManagerUtils(
+            credentialManager = credentialManager,
+            dataStore = dataStore,
+        )
     }
 
     @Singleton

Shrine/app/src/main/java/com/authentication/shrine/api/AuthApiService.kt

@@ -166,7 +166,7 @@ interface AuthApiService {
      */
     @POST("federation/options")
     suspend fun getFederationOptions(
-        @Body urls: FederationOptionsRequest
+        @Body urls: FederationOptionsRequest,
     ): Response<GenericAuthResponse>
 
     /**

Shrine/app/src/main/java/com/authentication/shrine/model/FederationOptionsRequest.kt

@@ -1,9 +1,24 @@
+/*
+ * Copyright 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package com.authentication.shrine.model
 
 /**
  * Represents the request body for getting federation options from the server.
  * @param urls a list of urls to send for federated requests.
  */
 data class FederationOptionsRequest(
-    val urls: List<String> = listOf("https://accounts.google.com")
-)
+    val urls: List<String> = listOf("https://accounts.google.com"),
+)

Shrine/app/src/main/java/com/authentication/shrine/model/PasskeysList.kt

@@ -47,4 +47,5 @@ data class PasskeyCredential(
     val aaguid: String,
     val registeredAt: Long,
     val providerIcon: String,
+    val isSelected: Boolean = false,
 )

Shrine/app/src/main/java/com/authentication/shrine/model/SignInWithGoogleRequest.kt

@@ -1,3 +1,18 @@
+/*
+ * Copyright 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package com.authentication.shrine.model
 
 /**
@@ -7,5 +22,5 @@ package com.authentication.shrine.model
  */
 data class SignInWithGoogleRequest(
     val token: String,
-    val url: String = "https://accounts.google.com"
-)
+    val url: String = "https://accounts.google.com",
+)

Shrine/app/src/main/java/com/authentication/shrine/repository/AuthRepository.kt

@@ -81,6 +81,9 @@ class AuthRepository @Inject constructor(
         val DISPLAYNAME = stringPreferencesKey("displayname")
         val IS_SIGNED_IN_THROUGH_PASSKEYS = booleanPreferencesKey("is_signed_passkeys")
         val SESSION_ID = stringPreferencesKey("session_id")
+        val RP_ID_KEY = stringPreferencesKey("rp_id_key")
+        val USER_ID_KEY = stringPreferencesKey("user_id_key")
+        val CRED_ID = stringPreferencesKey("cred_id")
         val RESTORE_KEY_CREDENTIAL_ID = stringPreferencesKey("restore_key_credential_id")
 
         // Value for restore credential AuthApiService parameter
@@ -163,7 +166,6 @@ class AuthRepository @Inject constructor(
         }
     }
 
-
     /**
      * Signs in with a password.
      *
@@ -231,6 +233,7 @@ class AuthRepository @Inject constructor(
                 )
                 if (response.isSuccessful) {
                     dataStore.edit { prefs ->
+                        prefs[RP_ID_KEY] = response.body()?.rp?.id ?: ""
                         response.getSessionId()?.also {
                             prefs[SESSION_ID] = it
                         }
@@ -304,6 +307,7 @@ class AuthRepository @Inject constructor(
                 )
                 if (apiResult.isSuccessful) {
                     dataStore.edit { prefs ->
+                        prefs[CRED_ID] = rawId
                         if (credentialResponse is CreateRestoreCredentialResponse) {
                             prefs[RESTORE_KEY_CREDENTIAL_ID] = rawId
                         }
@@ -338,6 +342,7 @@ class AuthRepository @Inject constructor(
             val response = authApiService.signInRequest()
             if (response.isSuccessful) {
                 dataStore.edit { prefs ->
+                    prefs[RP_ID_KEY] = response.body()?.rpId ?: ""
                     response.getSessionId()?.also {
                         prefs[SESSION_ID] = it
                     }
@@ -401,6 +406,7 @@ class AuthRepository @Inject constructor(
                         )
                         return if (apiResult.isSuccessful) {
                             dataStore.edit { prefs ->
+                                prefs[CRED_ID] = credentialId
                                 apiResult.getSessionId()?.also {
                                     prefs[SESSION_ID] = it
                                 }
@@ -453,7 +459,7 @@ class AuthRepository @Inject constructor(
                 val isSuccess = verifyIdToken(
                     sessionId,
                     GoogleIdTokenCredential
-                        .createFrom(credential.data).idToken
+                        .createFrom(credential.data).idToken,
                 )
                 if (isSuccess) {
                     AuthResult.Success(Unit)
@@ -581,6 +587,9 @@ class AuthRepository @Inject constructor(
                 cookie = sessionId.createCookieHeader(),
             )
             if (apiResult.isSuccessful) {
+                dataStore.edit { prefs ->
+                    prefs[USER_ID_KEY] = apiResult.body()?.userId ?: ""
+                }
                 return apiResult.body()
             } else if (apiResult.code() == 401) {
                 signOut()
@@ -673,7 +682,7 @@ class AuthRepository @Inject constructor(
     suspend fun verifyIdToken(sessionId: String, token: String): Boolean {
         val apiResult = authApiService.verifyIdToken(
             cookie = sessionId.createCookieHeader(),
-            requestParams = SignInWithGoogleRequest(token = token)
+            requestParams = SignInWithGoogleRequest(token = token),
         )
 
         if (apiResult.isSuccessful) {

Shrine/app/src/main/java/com/authentication/shrine/ui/AuthenticationScreen.kt

@@ -69,6 +69,7 @@ fun AuthenticationScreen(
     credentialManagerUtils: CredentialManagerUtils,
 ) {
     val uiState = viewModel.uiState.collectAsState().value
+    var isFirstCheckForRestoreKey by remember { mutableStateOf(true) }
 
     // Passing in the lambda / context to the VM
     val context = LocalContext.current
@@ -113,6 +114,18 @@ fun AuthenticationScreen(
         )
     }
 
+    if (isFirstCheckForRestoreKey) {
+        isFirstCheckForRestoreKey = false
+        viewModel.checkForStoredRestoreKey(
+            getRestoreKey = { requestResult ->
+                credentialManagerUtils.getRestoreKey(requestResult, context)
+            },
+            onSuccess = {
+                navigateToHome(true)
+            },
+        )
+    }
+
     AuthenticationScreen(
         onSignInWithPasskeyOrPasswordRequest = onSignInWithPasskeyOrPasswordRequest,
         onSignInWithSignInWithGoogleRequest = onSignInWithSignInWithGoogleRequest,
@@ -185,7 +198,8 @@ fun AuthenticationScreen(
                         .height(dimensionResource(R.dimen.siwg_button_height))
                         .clickable(
                             enabled = !uiState.isLoading,
-                            onClick = onSignInWithSignInWithGoogleRequest)
+                            onClick = onSignInWithSignInWithGoogleRequest
+                        )
                 )
             }
         }
@@ -201,6 +215,7 @@ fun AuthenticationScreen(
             !uiState.isSignInWithPasskeysSuccess && stringResource(uiState.passkeyResponseMessageResourceId).isNotBlank() -> {
                 stringResource(uiState.passkeyResponseMessageResourceId)
             }
+
             else -> null
         }
         LaunchedEffect(uiState) {