Skip to content

feat: Add partial support for PAR auth flow#999

Open
pmathew92 wants to merge 1 commit into
v4_developmentfrom
port/967-par
Open

feat: Add partial support for PAR auth flow#999
pmathew92 wants to merge 1 commit into
v4_developmentfrom
port/967-par

Conversation

@pmathew92

@pmathew92 pmathew92 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Changes

Ports the Pushed Authorization Request (PAR) flow from main (3.x) to v4_development. In this flow the backend-for-frontend (BFF) handles the /oauth/par and /oauth/token endpoints while the SDK manages the browser-based authorization and returns the authorization code.

  • New WebAuthProvider.authorizeWithRequestUri(account) entry point returning a PARBuilder (start / await / withCustomTabsOptions / withSessionTransferToken).
  • New PARCodeManager, PARCodeManagerState, PARUtils, AuthorizeResultParser, and AuthorizationCode result type.
  • WebAuthProvider save/restore instance state extended to cover the PAR manager.

Usage

// Callback style
WebAuthProvider.authorizeWithRequestUri(account)
    .start(context, requestUri, object : Callback<AuthorizationCode, AuthenticationException> {
        override fun onSuccess(result: AuthorizationCode) {
            // Exchange result.code for tokens via BFF
        }
        override fun onFailure(error: AuthenticationException) {
            // Handle error
        }
    })

// Coroutines
val authCode = WebAuthProvider.authorizeWithRequestUri(account)
    .await(context, requestUri)
// Exchange authCode.code for tokens via BFF

v4 adaptations

  • Test imports converted from com.nhaarman.mockitokotlin2.* to org.mockito.kotlin.* (v4 convention).
  • EXAMPLES.md PAR section uses ## headings to match v4's sibling sections (## Native to Web SSO login, ## DPoP).

Testing

  • This change adds unit test coverage (PARCodeManagerTest, plus 5 PAR cases in WebAuthProviderTest).

@pmathew92 pmathew92 requested a review from a team as a code owner July 2, 2026 08:54
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b0383136-d872-49ec-93d9-eb2b8ff04a42

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch port/967-par

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant