NFC-118 Switch request/response JSON fields to camelCase and unify mobile auth error layout

.github/workflows/coverity-analysis.yml

@@ -20,14 +20,14 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
-          java-version: 11
+          java-version: 21
 
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v8
+          key: ${{ runner.os }}-m2-v21-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v21
 
       - name: Download Coverity Build Tool
         run: |

.github/workflows/maven-build-example.yml

@@ -20,14 +20,14 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
-          java-version: 17
+          java-version: 21
 
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }}
+          key: ${{ runner.os }}-m2-v21-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v21-${{ secrets.CACHE_VERSION }}
 
       - name: Install library
         run: mvn -B -ntp install

.github/workflows/maven-build.yml

@@ -20,14 +20,14 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
-          java-version: 11
+          java-version: 21
 
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v8
+          key: ${{ runner.os }}-m2-v21-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v21
 
       - name: Build
         run: mvn --batch-mode compile

.github/workflows/maven-deploy.yml

@@ -14,14 +14,14 @@ jobs:
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
-          java-version: 11
+          java-version: 21
 
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v8
+          key: ${{ runner.os }}-m2-v21-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v21
 
       - name: Deploy to GitLab Package Repository # GitHub Packages
         env:

.github/workflows/sonarcloud-analysis.yml

@@ -20,11 +20,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 17
+      - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
           distribution: zulu
-          java-version: 17
+          java-version: 21
       - name: Cache SonarCloud packages
         uses: actions/cache@v4
         with:
@@ -35,8 +35,8 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v11-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v17
+          key: ${{ runner.os }}-m2-v21-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v21
       - name: Build and analyze
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any

example/README.md

@@ -51,7 +51,7 @@ You can specify the profile as a command-line argument to the Maven wrapper comm
 
 ### 5. Run the application
 
-Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 17 installed for building the application package and running the application.
+Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 21 installed for building the application package and running the application.
 
 Build and run the application with the following command in a terminal window:
 

example/pom.xml

@@ -17,7 +17,7 @@
 	</description>
 
 	<properties>
-		<java.version>17</java.version>
+		<java.version>21</java.version>
 		<maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
 		<webeid.version>4.0.0-SNAPSHOT</webeid.version>
 		<digidoc4j.version>6.0.1</digidoc4j.version>

example/src/main/java/eu/webeid/example/security/WebEidAuthenticationProvider.java

@@ -76,10 +76,11 @@ public Authentication authenticate(Authentication auth) throws AuthenticationExc
         try {
             final String nonce = challengeNonceStore.getAndRemove().getBase64EncodedNonce();
             final X509Certificate userCertificate = tokenValidator.validate(authToken, nonce);
-            final String signingCertificate = requireSigningCert
+            boolean isV11 = authToken.getFormat() != null && authToken.getFormat().startsWith("web-eid:1.1");
+            final String signingCertificate = (requireSigningCert && isV11)
                 ? authToken.getUnverifiedSigningCertificate()
                 : null;
-            final List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms = requireSigningCert
+            final List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms = (requireSigningCert && isV11)
                 ? authToken.getSupportedSignatureAlgorithms()
                 : null;
 

example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java

@@ -23,11 +23,8 @@
 package eu.webeid.example.security;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
-import com.fasterxml.jackson.databind.PropertyNamingStrategies;
-import com.fasterxml.jackson.databind.annotation.JsonNaming;
 import eu.webeid.example.config.WebEidMobileProperties;
 import eu.webeid.security.challenge.ChallengeNonceGenerator;
 import jakarta.servlet.FilterChain;
@@ -97,15 +94,13 @@ private String getAuthUri(String encodedPayload) {
         return builder.fragment(encodedPayload).toUriString();
     }
 
-    @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
     @JsonInclude(JsonInclude.Include.NON_NULL)
     record AuthPayload(
         String challenge,
         String loginUri,
         Boolean getSigningCertificate) {
     }
 
-    @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
-    record AuthUri(@JsonProperty("auth_uri") String authUri) {
+    record AuthUri(String authUri) {
     }
 }

example/src/main/java/eu/webeid/example/service/MobileSigningService.java

@@ -25,8 +25,6 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
-import com.fasterxml.jackson.databind.PropertyNamingStrategies;
-import com.fasterxml.jackson.databind.annotation.JsonNaming;
 import eu.webeid.example.config.WebEidMobileProperties;
 import eu.webeid.example.security.WebEidAuthentication;
 import eu.webeid.example.service.dto.CertificateDTO;
@@ -131,13 +129,11 @@ private List<SignatureAlgorithmDTO> mapSupportedAlgorithms(List<SupportedSignatu
         }).toList();
     }
 
-    @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
     public record MobileInitRequest(
         String requestUri
     ) {
     }
 
-    @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
     @JsonInclude(JsonInclude.Include.NON_NULL)
     record RequestObject(
         String responseUri,

example/src/main/resources/templates/index.html

@@ -527,8 +527,8 @@ <h4 class="accordion-header" id="headingDocumentationMobile">
                     });
 
                     await checkHttpError(resp);
-                    const { auth_uri } = await resp.json();
-                    window.location.href = auth_uri;
+                    const { authUri } = await resp.json();
+                    window.location.href = authUri;
                 } catch (error) {
                     showErrorMessage(error);
                     throw error;

example/src/main/resources/templates/webeid-callback.html

@@ -57,8 +57,8 @@ <h2>Completing signing…</h2>
 
                 const result = await response.json();
                 if (endpoint.endsWith("/certificate")) {
-                    const { request_uri } = result;
-                    window.location.replace(request_uri);
+                    const { requestUri } = result;
+                    window.location.replace(requestUri);
                     return;
                 }
 

example/src/main/resources/templates/webeid-login.html

@@ -2,16 +2,26 @@
 <html lang="en">
     <head>
         <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
         <title>Signing you in…</title>
         <link rel="stylesheet" href="/css/bootstrap.min.css" />
         <link rel="stylesheet" href="/css/main.css" />
     </head>
-    <body>
+    <body class="loading-page">
+        <div id="spinner-message">
+            <h2>Signing you in…</h2>
+            <div class="spinner"></div>
+        </div>
+
         <div id="error-message" class="alert alert-danger" style="display: none" role="alert">
             <div class="message"></div>
             <pre class="details"></pre>
         </div>
 
+        <p class="text-center p-4" style="display: none" id="error-actions">
+            <button id="back-button" class="btn btn-primary">Back</button>
+        </p>
+
         <script type="module" th:inline="javascript">
             import { showErrorMessage, checkHttpError } from "/js/errors.js";
             import { parsePayload } from "/js/payload.js";
@@ -20,7 +30,7 @@
             // top-level await is not supported in some mobile browsers/WebViews.
             (async function () {
                 const payload = parsePayload("Authentication");
-                const authToken = payload["auth_token"];
+                const authToken = payload["authToken"];
                 const response = await fetch(/*[[${loginProcessingPath}]]*/, {
                     method: "POST",
                     headers: {
@@ -36,6 +46,14 @@
             })().catch((error) => {
                 console.error(error);
                 showErrorMessage(error);
+                document.getElementById("spinner-message").style.display = "none";
+
+                const actions = document.getElementById("error-actions");
+                actions.style.display = "block";
+
+                document.getElementById("back-button").addEventListener("click", () => {
+                    window.location.replace("/");
+                });
             });
         </script>
     </body>

example/src/main/resources/templates/welcome.html

@@ -95,8 +95,8 @@ <h2 class="adding-signature">Digital signing</h2>
                         });
 
                         await checkHttpError(initMobileSignResponse);
-                        const { request_uri } = await initMobileSignResponse.json();
-                        window.location.href = request_uri;
+                        const { requestUri } = await initMobileSignResponse.json();
+                        window.location.href = requestUri;
                     } else {
                         const { certificate, supportedSignatureAlgorithms } = await webeid.getSigningCertificate({
                             lang

example/src/test/java/eu/webeid/example/security/WebEidMobileAuthInitFilterTest.java

@@ -67,7 +67,7 @@ void mobileInitBuildsDeepLinkWithEmbeddedChallenge() throws Exception {
             .andReturn();
 
         JsonNode json = mapper.readTree(result.getResponse().getContentAsByteArray());
-        String eidAuthUri = json.get("auth_uri").asText();
+        String eidAuthUri = json.get("authUri").asText();
 
         assertThat(eidAuthUri).startsWith("web-eid-mobile://auth#");
 
@@ -78,6 +78,6 @@ void mobileInitBuildsDeepLinkWithEmbeddedChallenge() throws Exception {
         String challengeInSession = ((ChallengeNonce) Objects.requireNonNull(session.getAttribute("challenge-nonce"))).getBase64EncodedNonce();
 
         assertThat(challengeInPayload).isEqualTo(challengeInSession);
-        assertThat(payload.get("login_uri").asText()).endsWith("/auth/mobile/login");
+        assertThat(payload.get("loginUri").asText()).endsWith("/auth/mobile/login");
     }
 }

pom.xml

@@ -11,7 +11,7 @@
     <description>Web eID authentication token validation library for Java</description>
 
     <properties>
-        <java.version>11</java.version>
+        <java.version>21</java.version>
         <jjwt.version>0.12.6</jjwt.version>
         <bouncycastle.version>1.81</bouncycastle.version>
         <jackson.version>2.19.1</jackson.version>