create account

SteemConnect4j - Security Improvement and Bug Fixes by bxute

View this thread on: hive.blogpeakd.comecency.com
utopian-io · @bxute ·
$85.56
SteemConnect4j - Security Improvement and Bug Fixes
#### Repository
https://github.com/hapramp/steemconnect4j

## 1. Introduction

https://ipfs.busy.org/ipfs/QmXVGoj2vx4ojo98kLXxVeUioeJUjsEpCcBdUGWSyn3PHB

SteemConnect4j is a Java SDK for SteemConnect v2. To read more about it, check out the introduction blog - [Introducing SteemConnect4j](https://busy.org/@hapramp/introducing-steemconnect4j).

In this blog post, I will be discussing about the following improvements made in the project - 

- Improved Security using Refresh Tokens
- Increased coverage
- Other bug fixes

## 2. Improved Security using `Refresh Tokens`

`Refresh Tokens` are used to grant headless operations the access to carry out operations on behalf of the user. These tokens do not expire (in contrast; access tokens expire in 7 days) and can be used to generate new access tokens for the user.

It is required to have the `offline` `scope` in order to retrieve the refresh token.

### 2.1 Code Changes to Introduce `Refresh Tokens`

The route to get the access token is defined as a constant in the application - 

![carbon1.png](https://ipfs.busy.org/ipfs/QmXjeKwRz2D7QuWJKyoKRVKsv4MvvuptBhzaSQQJ9mn7Rz)

Now the `getLoginUrl(boolean wantCode)` is refactored to contain a boolean parameter.
This parameter decides whether the returing url after successfull login will contain 
a `UserCode` or `AccessToken`.
So, developer now can decide the user security through this parameter.

![carbon2.png](https://ipfs.busy.org/ipfs/QmZRZg617o1SMwXv9BQPmwyjZxRmtePG733V8iQPBetwV9)

Getting an `AccessToken` is a three step process

`Get Code` -> `Get RefreshToken` -> `Get AccessToken`

> Note:Code is returned when user logs in if `getLoginUrl(true)` is used for logging in.


Methods to get/set client secret were added to [`SteemConnectOptions`](https://github.com/hapramp/steemconnect4j/blob/master/steemconnect4j/src/main/java/com/hapramp/steemconnect4j/SteemConnectOptions.java) class - 

![carbon3.png](https://ipfs.busy.org/ipfs/QmeCwpfqCmq6WLk6yRjQgPpurfvTw4AjZa688CBzjHX1zG)

Finally, methods to get refresh token and get access token from refresh token were added to complete the integration - 

![carbon4.png](https://ipfs.busy.org/ipfs/QmQgpNqHixT3EFVCoN8FNTUdF3dBD8FtuxgNyg5Wz7EGQi)

### 3. Increased Coverage

We have been working on improving the coverage for the SDK and we're happy to inform that the coverage is now at a decent level.

#### 3.1. Coverage Chart

![coverage-chart.png](https://ipfs.busy.org/ipfs/QmRBGcoqcAZHvZLrJcfEYk3DweHzuSzXSZAFLLvNYnevhp)

#### 3.2. Sunburst

Here is the sunburst from [Codecov](https://codecov.io/) - 

![Screenshot from 2018-07-03 15-22-39.png](https://ipfs.busy.org/ipfs/QmXsGUfrbs8ZAUF4CVGsLoQvamBBsie63fVQBaADD17SyY)

You can see the detailed coverage report at https://codecov.io/gh/hapramp/steemconnect4j.

## 4. Other Bug Fixes

Several bugs were fixed for the SDK and it is now being tested in the HapRamp Android application. As we move forward with integrating more parts of the SDK into the application, we will be discovering and resolving more bugs that pop up.

#### Pull Requests

| Link | Description |
|----------|---- |
| [hapramp/steemconnect4j#18](https://github.com/hapramp/steemconnect4j/pull/18) | Adding support for refresh tokens |
| [hapramp/steemconnect4j#20](https://github.com/hapramp/steemconnect4j/pull/20) | Adding usage documentation for refresh tokens |
| [hapramp/steemconnect4j#21](https://github.com/hapramp/steemconnect4j/pull/21) and [hapramp/steemconnect4j#16](https://github.com/hapramp/steemconnect4j/pull/16) | Adding test cases |

#### Github Account

https://github.com/bxute

----

###### Join the conversation on Discord - https://discord.gg/r9vwcHe.
πŸ‘  , , , , , , , , , , , , , , , , , , , , , ,
properties (23)
authorbxute
permlinksteemconnect4j-security-improvement-and-bug-fixes
categoryutopian-io
json_metadata{"tags":["utopian-io","development","hapramp","steemconnect","steemit"],"image":["https://ipfs.busy.org/ipfs/QmXVGoj2vx4ojo98kLXxVeUioeJUjsEpCcBdUGWSyn3PHB","https://ipfs.busy.org/ipfs/QmXjeKwRz2D7QuWJKyoKRVKsv4MvvuptBhzaSQQJ9mn7Rz","https://ipfs.busy.org/ipfs/QmZRZg617o1SMwXv9BQPmwyjZxRmtePG733V8iQPBetwV9","https://ipfs.busy.org/ipfs/QmeCwpfqCmq6WLk6yRjQgPpurfvTw4AjZa688CBzjHX1zG","https://ipfs.busy.org/ipfs/QmQgpNqHixT3EFVCoN8FNTUdF3dBD8FtuxgNyg5Wz7EGQi","https://ipfs.busy.org/ipfs/QmRBGcoqcAZHvZLrJcfEYk3DweHzuSzXSZAFLLvNYnevhp","https://ipfs.busy.org/ipfs/QmXsGUfrbs8ZAUF4CVGsLoQvamBBsie63fVQBaADD17SyY"],"links":["https://github.com/hapramp/steemconnect4j","https://busy.org/@hapramp/introducing-steemconnect4j","https://github.com/hapramp/steemconnect4j/blob/master/steemconnect4j/src/main/java/com/hapramp/steemconnect4j/SteemConnectOptions.java","https://codecov.io/","https://codecov.io/gh/hapramp/steemconnect4j","https://github.com/hapramp/steemconnect4j/pull/18","https://github.com/hapramp/steemconnect4j/pull/20","https://github.com/hapramp/steemconnect4j/pull/21","https://github.com/hapramp/steemconnect4j/pull/16","https://github.com/bxute","https://discord.gg/r9vwcHe"],"app":"steemit/0.1","format":"markdown"}
created2018-07-05 06:08:24
last_update2018-07-05 06:08:24
depth0
children3
last_payout2018-07-12 06:08:24
cashout_time1969-12-31 23:59:59
total_payout_value64.395 HBD
curator_payout_value21.164 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,668
author_reputation7,043,008,489,088
root_title"SteemConnect4j - Security Improvement and Bug Fixes"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id63,481,453
net_rshares41,161,736,095,035
author_curate_reward""
vote details (23)
@emrebeyler · 
Reviewing projects with a good test coverage always makes me happy. One side note:

![Screen Shot 2018-07-05 at 12.48.35 PM.png](https://cdn.steemitimages.com/DQmeyAL2UxR8vdDBEFJWmtcMNngCBBaB6UU5Z3JVqETLgxc/Screen%20Shot%202018-07-05%20at%2012.48.35%20PM.png)

This kind of code comments are not really needed. I know code commenting has a place on review mechanics, we will work on that to make it better. See [gregory's](https://steemit.com/utopian-io/@jaysermendez/knacksteem-api-more-security-and-features#@gregory.latinier/re-jaysermendez-knacksteem-api-more-security-and-features-20180705t094231460z) comment on this.

Thanks!

***


Your contribution has been evaluated according to [Utopian policies and guidelines](https://join.utopian.io/guidelines), as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, [click here](https://review.utopian.io/result/3/2322211).

---- 
Need help? Write a ticket on https://support.utopian.io/. 
Chat with us on [Discord](https://discord.gg/uTyJkNm). 
[[utopian-moderator]](https://join.utopian.io/)
πŸ‘  , ,
πŸ‘Ž  
properties (23)
authoremrebeyler
permlinkre-bxute-steemconnect4j-security-improvement-and-bug-fixes-20180705t095850015z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"image":["https://cdn.steemitimages.com/DQmeyAL2UxR8vdDBEFJWmtcMNngCBBaB6UU5Z3JVqETLgxc/Screen%20Shot%202018-07-05%20at%2012.48.35%20PM.png"],"links":["https://steemit.com/utopian-io/@jaysermendez/knacksteem-api-more-security-and-features#@gregory.latinier/re-jaysermendez-knacksteem-api-more-security-and-features-20180705t094231460z","https://join.utopian.io/guidelines","https://review.utopian.io/result/3/2322211","https://support.utopian.io/","https://discord.gg/uTyJkNm","https://join.utopian.io/"],"app":"steemit/0.1"}
created2018-07-05 09:58:48
last_update2018-07-05 09:58:48
depth1
children1
last_payout2018-07-12 09:58:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,129
author_reputation448,535,049,068,622
root_title"SteemConnect4j - Security Improvement and Bug Fixes"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id63,503,403
net_rshares4,930,911,048
author_curate_reward""
vote details (4)
@jaysermendez · 
I am famous hahaaah
properties (22)
authorjaysermendez
permlinkre-re-bxute-steemconnect4j-security-improvement-and-bug-fixes-20180708t025125808z
categoryutopian-io
json_metadata{"community":"steemia","app":"steemia/0.0.1"}
created2018-07-08 02:51:27
last_update2018-07-08 02:51:27
depth2
children0
last_payout2018-07-15 02:51:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length19
author_reputation20,790,862,502,465
root_title"SteemConnect4j - Security Improvement and Bug Fixes"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id63,846,617
net_rshares0
@utopian-io · 
Hey @bxute
**Thanks for contributing on Utopian**.
We’re already looking forward to your next contribution!

**Want to chat? Join us on Discord https://discord.gg/h52nFrV.**

<a href='https://v2.steemconnect.com/sign/account-witness-vote?witness=utopian-io&approve=1'>Vote for Utopian Witness!</a>
properties (22)
authorutopian-io
permlinkre-steemconnect4j-security-improvement-and-bug-fixes-20180708t043508z
categoryutopian-io
json_metadata"{"app": "beem/0.19.42"}"
created2018-07-08 04:35:09
last_update2018-07-08 04:35:09
depth1
children0
last_payout2018-07-15 04:35:09
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length297
author_reputation152,955,367,999,756
root_title"SteemConnect4j - Security Improvement and Bug Fixes"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id63,853,419
net_rshares0
Help/Feedback