feat(guardian): rich consent supports authorization details (#126)

* feat(rich-consents): support authorization details

Add support to `authorization_details` property in the Rich Consent
record.

* feat(rich-consents): authz details typed overload

* fix(rich-consents): get authz details by type

* feat(app): consent fragments

* feat(app): payment initiation consent

* doc: document rich consent authorizadion details

* refactor(guardian): guardian rich consent static gson

* fix: return empty list instead of null

* refactor: avoid serializing/deserializing using JsonObject

* refactor(guardian): authorization details type annotation

* refactor: filter authorization details by type

* feat: payment initiation actions and locations

* feat: render dynamic authorization details item

* refactor: improve code

* doc: improve authz details docs in README

* refactor: fix payment details object definition

* fix: do not render regular authentication consent if linkingid

* fix: improve resources organization

* refactor: improve code readability

* fix: invalid display theme

Author: cgcladeraokta

README.md

@@ -122,17 +122,17 @@ The `deviceName` and `fcmToken` are data that you must provide:
 #### A note about key generation
 
 The Guardian SDK does not provide methods for generating and storing cryptographic keys used for enrollment
-as this is an application specific concern and could vary between targeted versions of Android and 
-OEM-specific builds. The example given above and that used in the sample application is a naive implementation 
+as this is an application specific concern and could vary between targeted versions of Android and
+OEM-specific builds. The example given above and that used in the sample application is a naive implementation
 which may not be suitable for production applications. It is recommended that you follow [OWASP guidelines
 for Android Cryptographic APIs](https://mas.owasp.org/MASTG/0x05e-Testing-Cryptography/) for your implementation.
 
 As of version 0.9.0 the public key used for enrollment was added to the Enrollment Interface as it is
 required for [fetching rich-consent details](#fetch-rich-consent-details). For new installs,
-this is not a a concern. For enrollments created prior to this version, depending on implementation, 
-this key may or may not have been stored with the enrollment information. If this key was discarded, 
-it may be possible to reconstruct from the stored signing key. The sample app provides 
-[an example](app/src/main/java/com/auth0/guardian/sample/ParcelableEnrollment.java#L188) of this. If 
+this is not a a concern. For enrollments created prior to this version, depending on implementation,
+this key may or may not have been stored with the enrollment information. If this key was discarded,
+it may be possible to reconstruct from the stored signing key. The sample app provides
+[an example](app/src/main/java/com/auth0/guardian/sample/ParcelableEnrollment.java#L188) of this. If
 this is not possible, devices will require re-enrollment to make use of this functionality.
 
 ### Unenroll
@@ -208,7 +208,7 @@ if (notification.getTransctionLinkingId() != null) {
       .start(new Callback<Enrollment> {
         @Override
         void onSuccess(RichConsent consentDetails) {
-          // we have the consent details 
+          // we have the consent details
         }
 
         @Override
@@ -219,12 +219,72 @@ if (notification.getTransctionLinkingId() != null) {
               // there is no consent associated with the transaction
             }
           }
-          // something went wrong 
+          // something went wrong
         }
       });
 }
 ```
 
+#### Authorization Details
+
+If Rich Authorization Rich Authorization Requests are being used, the consent record will contains the `authorization_details` values from the initial authenication request ([RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396)) for rendering to the user for consent. You can access them in the `getAuthorizationDetails()` method of the requested details object which returns an array of objects containing each of the types. `authorization_details` values are essentially arbitary JSON objects but are guaranteed to have a `type` property which must be pre-registered with the Authorization Server. As such the can be queried in a dynamic manor like you might with JSON.
+
+```java
+void onSuccess(RichConsent consentDetails) {
+    List<Map<String, Object>> authorizationDetails = consentDetails
+        .getRequestedDetails()
+        .getAuthorizationDetails();
+
+    String type = (String) authorizationDetails.get(0).get("type");
+    int amount = (int) authorizationDetails.get(0).get("amount");
+}
+```
+Typically the shape and type of `authorization_details` will be known at compile time. In such a case, `authorization_details` can be queried in a strongly-typed manor by first defining a class decorated with `@AuthorizationDetailsType("<type>")` to represent your object and making use of the `filterAuthorizationDetailsByType` helper function, which will return all authorization details that match this type. 
+
+Guardian SDK uses Gson for desiariliazing JSON API responses. Although, your app is not required to depend on Gson directly, the Authorization Details Type classes you define must be compatible with Gson's [Objects deserialization rules](https://github.com/google/gson/blob/main/UserGuide.md#object-examples).
+
+```java
+@AuthorizationDetailsType("payment")
+class PaymentDetails {
+    private final String type;
+    private final int amount;
+    private final String currency;
+
+    public MyAuthorizationDetails(String type, int amount, Strinc currencty) {
+        this.type = type;
+        this.amount = amount;
+        this.currency = currency;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public int getAmount() {
+        return amount;
+    }
+
+    public String getCurrency() {
+        return currency;
+    }
+}
+
+
+void onSuccess(RichConsent consentDetails) {
+    List<PaymentDetails> authorizationDetails = consentDetails
+        .getRequestedDetails()
+        .filterAuthorizationDetailsByType(PaymentDetails.class);
+
+    PaymentDetails firstPaymentDetails = authorizationDetails.get(0);
+
+    int amount = firstPaymentDetails.getAmount();
+    String currencty = firstPaymentDetails.getCurrency();
+}
+```
+
+> [!WARNING]
+> When using the filter helper, you still need to check if there are other authorization details in the rich consent record to prevent the user giving consent to something they didn't see rendered. 
+
 ## What is Auth0?
 
 Auth0 helps you to:

app/src/main/java/com/auth0/guardian/sample/MainActivity.java

@@ -227,41 +227,7 @@ private void updateEnrollment(ParcelableEnrollment enrollment) {
     }
 
     private void onPushNotificationReceived(ParcelableNotification notification) {
-        Context context = this;
-        Intent standardNotificationActivityIntent = NotificationActivity.getStartIntent(context, notification, enrollment);
-
-        if (notification.getTransactionLinkingId() == null) {
-            startActivity(standardNotificationActivityIntent);
-        } else {
-            try {
-                guardian.fetchConsent(notification, enrollment).start(new Callback<RichConsent>() {
-                    @Override
-                    public void onSuccess(RichConsent consent) {
-                        Intent intent = NotificationWithConsentDetailsActivity.getStartIntent(
-                                context,
-                                notification,
-                                enrollment,
-                                new ParcelableRichConsent(consent)
-                        );
-                        startActivity(intent);
-                    }
-
-                    @Override
-                    public void onFailure(Throwable exception) {
-                        if (exception instanceof  GuardianException) {
-                            GuardianException guardianException = (GuardianException) exception;
-                            if (guardianException.isResourceNotFound()) {
-                                startActivity(standardNotificationActivityIntent);
-                            }
-                        }
-                        Log.e(TAG, "Error obtaining consent details", exception);
-
-                    }
-                });
-            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-                Log.e(TAG, "Error requesting consent details", e);
-            }
-        }
+        startActivity(NotificationActivity.getStartIntent(this, notification, enrollment));
     }
 
     @Override

app/src/main/java/com/auth0/guardian/sample/NotificationActivity.java

@@ -26,28 +26,39 @@
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Bundle;
-import androidx.annotation.NonNull;
-import androidx.appcompat.app.AppCompatActivity;
+import android.util.Log;
 import android.view.View;
 import android.widget.Button;
-import android.widget.TextView;
+
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.fragment.app.Fragment;
 
 import com.auth0.android.guardian.sdk.Guardian;
+import com.auth0.android.guardian.sdk.GuardianException;
 import com.auth0.android.guardian.sdk.ParcelableNotification;
+import com.auth0.android.guardian.sdk.RichConsent;
 import com.auth0.android.guardian.sdk.networking.Callback;
+import com.auth0.guardian.sample.fragments.AuthenticationRequestDetailsFragment;
+import com.auth0.guardian.sample.fragments.consent.ConsentBasicDetailsFragment;
+import com.auth0.guardian.sample.fragments.consent.ConsentPaymentInitiationFragment;
+import com.auth0.guardian.sample.fragments.consent.DynamicAuthorizationDetailsFragment;
+import com.auth0.guardian.sample.consent.authorization.details.payments.PaymentInitiationDetails;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.List;
 
 public class NotificationActivity extends AppCompatActivity {
 
-    private TextView userText;
-    private TextView browserText;
-    private TextView osText;
-    private TextView locationText;
-    private TextView dateText;
+    private static final String TAG = NotificationActivity.class.getName();
 
     private Guardian guardian;
     private ParcelableEnrollment enrollment;
     private ParcelableNotification notification;
 
+    private RichConsent richConsent;
+
     static Intent getStartIntent(@NonNull Context context,
                                  @NonNull ParcelableNotification notification,
                                  @NonNull ParcelableEnrollment enrollment) {
@@ -79,16 +90,39 @@ protected void onCreate(Bundle savedInstanceState) {
 
         setupUI();
 
-        updateUI();
+        if (notification.getTransactionLinkingId() != null) {
+            try {
+                guardian.fetchConsent(notification, enrollment).start(new Callback<RichConsent>() {
+                    @Override
+                    public void onSuccess(RichConsent response) {
+                        richConsent = response;
+                        updateUI();
+                    }
+
+                    @Override
+                    public void onFailure(Throwable exception) {
+                        if (exception instanceof GuardianException) {
+                            GuardianException guardianException = (GuardianException) exception;
+                            if (guardianException.isResourceNotFound()) {
+                                // Render regular authentication request details
+                                updateUI();
+                            }
+                        } else {
+                            Log.e(TAG, "Error requesting consent details", exception);
+                            throw new RuntimeException(exception);
+                        }
+                    }
+                });
+            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+                throw new RuntimeException(e);
+            }
+        } else {
+            updateUI();
+        }
     }
 
     private void setupUI() {
-        userText = (TextView) findViewById(R.id.userText);
-        browserText = (TextView) findViewById(R.id.browserText);
-        osText = (TextView) findViewById(R.id.osText);
-        locationText = (TextView) findViewById(R.id.locationText);
-        dateText = (TextView) findViewById(R.id.dateText);
-
+        // TODO: spinner fragment
         Button rejectButton = (Button) findViewById(R.id.rejectButton);
         assert rejectButton != null;
         rejectButton.setOnClickListener(new View.OnClickListener() {
@@ -109,17 +143,75 @@ public void onClick(View v) {
     }
 
     private void updateUI() {
-        userText.setText(enrollment.getUserId());
-        browserText.setText(
+        Fragment fragment;
+        if (richConsent == null) {
+            fragment = getStandardAuthenticationFragment();
+        } else if (richConsent.getRequestedDetails().getAuthorizationDetails().isEmpty()) {
+            fragment = getBasicConsentFragment();
+        } else {
+            List<PaymentInitiationDetails> paymentInitiationDetailsList = richConsent
+                    .getRequestedDetails()
+                    .filterAuthorizationDetailsByType(PaymentInitiationDetails.class);
+            if (!paymentInitiationDetailsList.isEmpty()) {
+                // For simplicity, in this example we render one single type
+                fragment = getPaymentInitiationConsentFragment(paymentInitiationDetailsList.get(0));
+            } else {
+                fragment = getDynamicAuthorizationDetailsConsentFragment();
+            }
+
+        }
+
+        getSupportFragmentManager().beginTransaction()
+                .replace(R.id.authenticationDetailsFragmentContainer, fragment)
+                .commit();
+
+    }
+
+    @NonNull
+    private DynamicAuthorizationDetailsFragment getDynamicAuthorizationDetailsConsentFragment() {
+        return DynamicAuthorizationDetailsFragment.newInstance(
+                richConsent.getRequestedDetails().getBindingMessage(),
+                notification.getDate().toString(),
+                // For simplicity, in this example we render one single type
+                richConsent.getRequestedDetails().getAuthorizationDetails().get(0)
+        );
+    }
+
+    @NonNull
+    private ConsentPaymentInitiationFragment getPaymentInitiationConsentFragment(PaymentInitiationDetails paymentDetails) {
+        return ConsentPaymentInitiationFragment.newInstance(
+                richConsent.getRequestedDetails().getBindingMessage(),
+                paymentDetails.getRemittanceInformation(),
+                paymentDetails.getCreditorAccount().getAccountNumber(),
+                paymentDetails.getInstructedAmount().getCurrency(),
+                paymentDetails.getInstructedAmount().getAmount()
+        );
+    }
+
+    @NonNull
+    private ConsentBasicDetailsFragment getBasicConsentFragment() {
+        return ConsentBasicDetailsFragment.newInstance(
+                richConsent.getRequestedDetails().getBindingMessage(),
+                richConsent.getRequestedDetails().getScope(),
+                notification.getDate().toString()
+        );
+    }
+
+    @NonNull
+    private AuthenticationRequestDetailsFragment getStandardAuthenticationFragment() {
+        return AuthenticationRequestDetailsFragment.newInstance(
+                enrollment.getUserId(),
+
                 String.format("%s, %s",
                         notification.getBrowserName(),
-                        notification.getBrowserVersion()));
-        osText.setText(
+                        notification.getBrowserVersion()),
                 String.format("%s, %s",
                         notification.getOsName(),
-                        notification.getOsVersion()));
-        locationText.setText(notification.getLocation());
-        dateText.setText(notification.getDate().toString());
+                        notification.getOsVersion()),
+
+                notification.getLocation(),
+                notification.getDate().toString()
+        );
     }
 
     private void rejectRequested() {