feat(auth): add support for cognito oidc parameters in managed login

Author: thisisabhash

aws-auth-cognito/api/aws-auth-cognito.api

@@ -611,6 +611,11 @@ public final class com/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUI
 	public fun equals (Ljava/lang/Object;)Z
 	public fun getBrowserPackage ()Ljava/lang/String;
 	public fun getIdpIdentifier ()Ljava/lang/String;
+	public fun getLanguage ()Ljava/lang/String;
+	public fun getLoginHint ()Ljava/lang/String;
+	public fun getNonce ()Ljava/lang/String;
+	public fun getPrompt ()Ljava/util/List;
+	public fun getResource ()Ljava/lang/String;
 	public fun hashCode ()I
 	public fun toString ()Ljava/lang/String;
 }
@@ -623,6 +628,11 @@ public final class com/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUI
 	public fun getThis ()Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
 	public synthetic fun getThis ()Lcom/amplifyframework/auth/options/AuthWebUISignInOptions$Builder;
 	public fun idpIdentifier (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
+	public fun language (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
+	public fun loginHint (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
+	public fun nonce (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
+	public fun prompt ([Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
+	public fun resource (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions$CognitoBuilder;
 }
 
 public final class com/amplifyframework/auth/cognito/options/AuthFlowType : java/lang/Enum {
@@ -636,6 +646,17 @@ public final class com/amplifyframework/auth/cognito/options/AuthFlowType : java
 	public static fun values ()[Lcom/amplifyframework/auth/cognito/options/AuthFlowType;
 }
 
+public final class com/amplifyframework/auth/cognito/options/AuthWebUIPrompt : java/lang/Enum {
+	public static final field CONSENT Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+	public static final field LOGIN Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+	public static final field NONE Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+	public static final field SELECT_ACCOUNT Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+	public static fun getEntries ()Lkotlin/enums/EnumEntries;
+	public final fun getValue ()Ljava/lang/String;
+	public static fun valueOf (Ljava/lang/String;)Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+	public static fun values ()[Lcom/amplifyframework/auth/cognito/options/AuthWebUIPrompt;
+}
+
 public final class com/amplifyframework/auth/cognito/options/FederateToIdentityPoolOptions {
 	public static final field Companion Lcom/amplifyframework/auth/cognito/options/FederateToIdentityPoolOptions$Companion;
 	public static final fun builder ()Lcom/amplifyframework/auth/cognito/options/FederateToIdentityPoolOptions$CognitoBuilder;

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/HostedUIClient.kt

@@ -164,6 +164,31 @@ internal class HostedUIClient private constructor(
             builder.appendQueryParameter("scope", it)
         }
 
+        // check if nonce is set as param.
+        hostedUIOptions.nonce?.takeIf { it.isNotEmpty() }?.let {
+            builder.appendQueryParameter("nonce", it)
+        }
+
+        // check if language is set as param.
+        hostedUIOptions.language?.takeIf { it.isNotEmpty() }?.let {
+            builder.appendQueryParameter("lang", it)
+        }
+
+        // check if loginHint is set as param.
+        hostedUIOptions.loginHint?.takeIf { it.isNotEmpty() }?.let {
+            builder.appendQueryParameter("login_hint", it)
+        }
+
+        // check if prompt is set as param.
+        hostedUIOptions.prompt?.joinToString(" ") { it.value }.let {
+            builder.appendQueryParameter("prompt", it)
+        }
+
+        // check if resource is set as param.
+        hostedUIOptions.resource?.takeIf { it.isNotEmpty() }?.let {
+            builder.appendQueryParameter("resource", it)
+        }
+
         return builder.build()
     }
 

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/helpers/HostedUIHelper.kt

@@ -36,7 +36,12 @@ internal object HostedUIHelper {
             idpIdentifier = (options as? AWSCognitoAuthWebUISignInOptions)?.idpIdentifier
         ),
         browserPackage = (options as? AWSCognitoAuthWebUISignInOptions)?.browserPackage,
-        preferPrivateSession = options.preferPrivateSession
+        preferPrivateSession = options.preferPrivateSession,
+        nonce = (options as? AWSCognitoAuthWebUISignInOptions)?.nonce,
+        language = (options as? AWSCognitoAuthWebUISignInOptions)?.language,
+        loginHint = (options as? AWSCognitoAuthWebUISignInOptions)?.loginHint,
+        prompt = (options as? AWSCognitoAuthWebUISignInOptions)?.prompt,
+        resource = (options as? AWSCognitoAuthWebUISignInOptions)?.resource
     )
 
     /**

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/options/AWSCognitoAuthWebUISignInOptions.java

@@ -22,6 +22,7 @@
 import com.amplifyframework.auth.options.AuthWebUISignInOptions;
 import com.amplifyframework.util.Immutable;
 
+import java.util.ArrayList;
 import java.util.List;
 
 /**
@@ -30,7 +31,11 @@
 public final class AWSCognitoAuthWebUISignInOptions extends AuthWebUISignInOptions {
     private final String idpIdentifier;
     private final String browserPackage;
-
+    private final String nonce;
+    private final String language;
+    private final String loginHint;
+    private final List<AuthWebUIPrompt> prompt;
+    private final String resource;
     /**
      * Advanced options for signing in via a hosted web ui.
      * @param scopes specify OAUTH scopes
@@ -43,11 +48,21 @@ protected AWSCognitoAuthWebUISignInOptions(
             List<String> scopes,
             String idpIdentifier,
             String browserPackage,
-            Boolean preferPrivateSession
+            Boolean preferPrivateSession,
+            String nonce,
+            String language,
+            String loginHint,
+            List<AuthWebUIPrompt> prompt,
+            String resource
     ) {
         super(scopes, preferPrivateSession);
         this.idpIdentifier = idpIdentifier;
         this.browserPackage = browserPackage;
+        this.nonce = nonce;
+        this.language = language;
+        this.loginHint = loginHint;
+        this.prompt = prompt;
+        this.resource = resource;
     }
 
     /**
@@ -68,6 +83,31 @@ public String getBrowserPackage() {
         return browserPackage;
     }
 
+    @Nullable
+    public String getNonce() {
+        return nonce;
+    }
+
+    @Nullable
+    public String getLanguage() {
+        return language;
+    }
+
+    @Nullable
+    public String getLoginHint() {
+        return loginHint;
+    }
+
+    @Nullable
+    public List<AuthWebUIPrompt> getPrompt() {
+        return prompt;
+    }
+
+    @Nullable
+    public String getResource() {
+        return resource;
+    }
+
     /**
      * Returns a builder for this object.
      * @return a builder for this object.
@@ -83,7 +123,12 @@ public int hashCode() {
                 getScopes(),
                 getIdpIdentifier(),
                 getBrowserPackage(),
-                getPreferPrivateSession()
+                getPreferPrivateSession(),
+                getNonce(),
+                getLanguage(),
+                getLoginHint(),
+                getPrompt(),
+                getResource()
         );
     }
 
@@ -98,7 +143,12 @@ public boolean equals(Object obj) {
             return ObjectsCompat.equals(getScopes(), webUISignInOptions.getScopes()) &&
                     ObjectsCompat.equals(getIdpIdentifier(), webUISignInOptions.getIdpIdentifier()) &&
                     ObjectsCompat.equals(getBrowserPackage(), webUISignInOptions.getBrowserPackage()) &&
-                    ObjectsCompat.equals(getPreferPrivateSession(), webUISignInOptions.getPreferPrivateSession());
+                    ObjectsCompat.equals(getPreferPrivateSession(), webUISignInOptions.getPreferPrivateSession()) &&
+                    ObjectsCompat.equals(getNonce(), webUISignInOptions.getNonce()) &&
+                    ObjectsCompat.equals(getLanguage(), webUISignInOptions.getLanguage()) &&
+                    ObjectsCompat.equals(getLoginHint(), webUISignInOptions.getLoginHint()) &&
+                    ObjectsCompat.equals(getPrompt(), webUISignInOptions.getPrompt()) &&
+                    ObjectsCompat.equals(getResource(), webUISignInOptions.getResource());
         }
     }
 
@@ -108,7 +158,12 @@ public String toString() {
                 "scopes=" + getScopes() +
                 ", idpIdentifier=" + getIdpIdentifier() +
                 ", browserPackage=" + getBrowserPackage() +
-                ", preferPrivateSession=" + getPreferPrivateSession() +
+                ", preferPrivateSession=" + getPreferPrivateSession()  +
+                ", nonce=" + getNonce() +
+                ", language=" + getLanguage() +
+                ", loginHint=" + getLoginHint() +
+                ", prompt=" + getPrompt() +
+                ", resource=" + getResource() +
                 '}';
     }
 
@@ -118,6 +173,11 @@ public String toString() {
     public static final class CognitoBuilder extends Builder<CognitoBuilder> {
         private String idpIdentifier;
         private String browserPackage;
+        private String nonce;
+        private String language;
+        private String loginHint;
+        private List<AuthWebUIPrompt> prompt;
+        private String resource;
 
         /**
          * Constructs the builder.
@@ -146,6 +206,39 @@ public CognitoBuilder idpIdentifier(@NonNull String idpIdentifier) {
             return getThis();
         }
 
+        @NonNull
+        public CognitoBuilder nonce(@NonNull String nonce) {
+            this.nonce = nonce;
+            return getThis();
+        }
+
+        @NonNull
+        public CognitoBuilder language(@NonNull String language) {
+            this.language = language;
+            return getThis();
+        }
+
+        @NonNull
+        public CognitoBuilder loginHint(@NonNull String loginHint) {
+            this.loginHint = loginHint;
+            return getThis();
+        }
+
+        @NonNull
+        public CognitoBuilder prompt(AuthWebUIPrompt... prompt) {
+            this.prompt = new ArrayList<>();
+            for (AuthWebUIPrompt value: prompt) {
+                this.prompt.add(value);
+            }
+            return getThis();
+        }
+
+        @NonNull
+        public CognitoBuilder resource(@NonNull String resource) {
+            this.resource = resource;
+            return getThis();
+        }
+
         /**
          * This can optionally be set to specify which browser package should perform the sign in action
          * (e.g. "org.mozilla.firefox"). Defaults to the Chrome package if not set.
@@ -168,7 +261,12 @@ public AWSCognitoAuthWebUISignInOptions build() {
                     Immutable.of(super.getScopes()),
                     idpIdentifier,
                     browserPackage,
-                    super.getPreferPrivateSession()
+                    super.getPreferPrivateSession(),
+                    nonce,
+                    language,
+                    loginHint,
+                    prompt,
+                    resource
             );
         }
     }

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/options/AuthWebUIPrompt.kt

@@ -0,0 +1,11 @@
+package com.amplifyframework.auth.cognito.options
+
+public enum class AuthWebUIPrompt(val value: String) {
+    NONE(value = "none"),
+
+    LOGIN(value = "login"),
+
+    SELECT_ACCOUNT(value = "select_account"),
+
+    CONSENT(value = "consent")
+}

aws-auth-cognito/src/main/java/com/amplifyframework/statemachine/codegen/data/HostedUIOptions.kt

@@ -16,11 +16,17 @@
 package com.amplifyframework.statemachine.codegen.data
 
 import android.app.Activity
+import com.amplifyframework.auth.cognito.options.AuthWebUIPrompt
 
 internal data class HostedUIOptions(
     val callingActivity: Activity,
     val scopes: List<String>?,
     val providerInfo: HostedUIProviderInfo,
     val browserPackage: String?,
-    val preferPrivateSession: Boolean?
+    val preferPrivateSession: Boolean?,
+    val nonce: String?,
+    val language: String?,
+    val loginHint: String?,
+    val prompt: List<AuthWebUIPrompt>?,
+    val resource: String?
 )

aws-auth-cognito/src/test/java/com/amplifyframework/auth/cognito/helpers/HostedUIHelperTest.kt

@@ -18,6 +18,7 @@ package com.amplifyframework.auth.cognito.helpers
 import android.app.Activity
 import com.amplifyframework.auth.AuthProvider
 import com.amplifyframework.auth.cognito.options.AWSCognitoAuthWebUISignInOptions
+import com.amplifyframework.auth.cognito.options.AuthWebUIPrompt
 import io.kotest.matchers.shouldBe
 import io.mockk.mockk
 import org.junit.Test
@@ -88,6 +89,30 @@ class HostedUIHelperTest {
         hostedUIOptions.preferPrivateSession shouldBe null
     }
 
+    @Test
+    fun `createHostedUIOptions with Cognito OIDC parameters`() {
+        val options = AWSCognitoAuthWebUISignInOptions.builder()
+            .nonce("nonce")
+            .language("en")
+            .loginHint("username")
+            .prompt(AuthWebUIPrompt.LOGIN, AuthWebUIPrompt.CONSENT)
+            .resource("myapp://")
+            .build()
+
+        val hostedUIOptions = HostedUIHelper.createHostedUIOptions(
+            callingActivity = mockActivity,
+            authProvider = null,
+            options = options
+        )
+
+        hostedUIOptions.callingActivity shouldBe mockActivity
+        hostedUIOptions.nonce shouldBe "nonce"
+        hostedUIOptions.language shouldBe "en"
+        hostedUIOptions.loginHint shouldBe "username"
+        hostedUIOptions.prompt shouldBe listOf(AuthWebUIPrompt.LOGIN, AuthWebUIPrompt.CONSENT)
+        hostedUIOptions.resource shouldBe "myapp://"
+    }
+
     @Test
     fun `selectRedirectUri prefers non-HTTP scheme`() {
         val redirectUris = listOf(

aws-auth-cognito/src/test/java/com/amplifyframework/auth/cognito/options/APIOptionsContractTest.java

@@ -127,4 +127,22 @@ public void testCognitoOptions() {
         Assert.assertEquals("test-idp", federateToIdentityPoolOptions
                 .getDeveloperProvidedIdentityId());
     }
+
+    @Test
+    public void testCognitoAuthWebUISignInOIDCParameters() {
+        List<AuthWebUIPrompt> prompt = Arrays.asList(AuthWebUIPrompt.LOGIN, AuthWebUIPrompt.CONSENT);
+        AWSCognitoAuthWebUISignInOptions webUISignInOptionsWithOIDCParameters =
+                AWSCognitoAuthWebUISignInOptions.builder()
+                        .nonce("nonce")
+                        .language("en")
+                        .loginHint("username")
+                        .prompt(AuthWebUIPrompt.LOGIN, AuthWebUIPrompt.CONSENT)
+                        .resource("myapp://")
+                        .build();
+        Assert.assertEquals("nonce", webUISignInOptionsWithOIDCParameters.getNonce());
+        Assert.assertEquals("en", webUISignInOptionsWithOIDCParameters.getLanguage());
+        Assert.assertEquals("username", webUISignInOptionsWithOIDCParameters.getLoginHint());
+        Assert.assertEquals(prompt, webUISignInOptionsWithOIDCParameters.getPrompt());
+        Assert.assertEquals("myapp://", webUISignInOptionsWithOIDCParameters.getResource());
+    }
 }