SteemConnect4j - Security Improvement and Bug Fixes
Repository
https://github.com/hapramp/steemconnect4j
1. Introduction
SteemConnect4j is a Java SDK for SteemConnect v2. To read more about it, check out the introduction blog - Introducing SteemConnect4j.
In this blog post, I will be discussing about the following improvements made in the project -
- Improved Security using Refresh Tokens
- Increased coverage
- Other bug fixes
2. Improved Security using Refresh Tokens
Refresh Tokens are used to grant headless operations the access to carry out operations on behalf of the user. These tokens do not expire (in contrast; access tokens expire in 7 days) and can be used to generate new access tokens for the user.
It is required to have the offline scope in order to retrieve the refresh token.
2.1 Code Changes to Introduce Refresh Tokens
The route to get the access token is defined as a constant in the application -
Now the getLoginUrl(boolean wantCode) is refactored to contain a boolean parameter.
This parameter decides whether the returing url after successfull login will contain
a UserCode or AccessToken.
So, developer now can decide the user security through this parameter.
Getting an AccessToken is a three step process
Get Code -> Get RefreshToken -> Get AccessToken
Note:Code is returned when user logs in if
getLoginUrl(true)is used for logging in.
Methods to get/set client secret were added to SteemConnectOptions class -
Finally, methods to get refresh token and get access token from refresh token were added to complete the integration -
3. Increased Coverage
We have been working on improving the coverage for the SDK and we're happy to inform that the coverage is now at a decent level.
3.1. Coverage Chart
3.2. Sunburst
Here is the sunburst from Codecov -
You can see the detailed coverage report at https://codecov.io/gh/hapramp/steemconnect4j.
4. Other Bug Fixes
Several bugs were fixed for the SDK and it is now being tested in the HapRamp Android application. As we move forward with integrating more parts of the SDK into the application, we will be discovering and resolving more bugs that pop up.
Pull Requests
| Link | Description |
|---|---|
| hapramp/steemconnect4j#18 | Adding support for refresh tokens |
| hapramp/steemconnect4j#20 | Adding usage documentation for refresh tokens |
| hapramp/steemconnect4j#21 and hapramp/steemconnect4j#16 | Adding test cases |
Reviewing projects with a good test coverage always makes me happy. One side note:
This kind of code comments are not really needed. I know code commenting has a place on review mechanics, we will work on that to make it better. See gregory's comment on this.
Thanks!
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
I am famous hahaaah
Hey @bxute
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!