fix: address OAuth review findings (redirect_uri, binding, timeout, CRLF, DRY)

This commit is contained in:
2026-07-08 17:46:40 +02:00
parent 5dc206ae72
commit 00e7a7456f
4 changed files with 97 additions and 69 deletions
@@ -4,6 +4,8 @@ import android.content.Context
import android.content.Intent
import android.net.Uri
import kotlinx.coroutines.CompletableDeferred
import kotlinx.coroutines.TimeoutCancellationException
import kotlinx.coroutines.withTimeout
class AndroidOAuthClient(private val context: Context) : OAuthClient {
@@ -17,15 +19,20 @@ class AndroidOAuthClient(private val context: Context) : OAuthClient {
}
context.startActivity(intent)
val callbackUri = OAuthCallbackHolder.deferred?.await() ?: return null
val fragment = callbackUri.fragment ?: return null
val params = fragment.split("&").associate { pair ->
val idx = pair.indexOf("=")
if (idx >= 0) pair.substring(0, idx) to pair.substring(idx + 1)
else pair to ""
return try {
withTimeout(TIMEOUT_MS) {
val callbackUri = OAuthCallbackHolder.deferred?.await() ?: return@withTimeout null
parseAccessTokenFromFragment(callbackUri.fragment ?: "")
}
} catch (e: TimeoutCancellationException) {
null
} finally {
OAuthCallbackHolder.deferred = null
}
return params["access_token"]
}
companion object {
private const val TIMEOUT_MS = 5L * 60 * 1000
}
}