SDKS-3684 Handle push device token updates (#471)

* SDKS-3684 Handle push device token updates

* SDKS-3684 Handle push device token updates

* Addressing comments from Andy

* Updating copyright, enhancing unit tests

* Minor change to align behavior with iOS implementation

* SDKS-3961 Update logic to handle push device token updates

* Fixing issue with unit tests

Author: rodrigoareis

forgerock-authenticator/src/main/java/org/forgerock/android/auth/AuthenticatorManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 - 2025 Ping Identity. All rights reserved.
+ * Copyright (c) 2020 - 2025 Ping Identity Corporation. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -21,18 +21,20 @@
 import org.forgerock.android.auth.exception.MechanismCreationException;
 import org.forgerock.android.auth.exception.MechanismParsingException;
 import org.forgerock.android.auth.exception.MechanismPolicyViolationException;
+import org.forgerock.android.auth.exception.MechanismUpdatePushTokenException;
+import org.forgerock.android.auth.exception.PushMechanismException;
 import org.forgerock.android.auth.policy.FRAPolicy;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.atomic.AtomicInteger;
 
 class AuthenticatorManager {
 
     /** The Storage client. */
     private StorageClient storageClient;
-    /** The FCM Device token. */
-    private String deviceToken;
     /** The Application Context. */
     private Context context;
     /** The Oath Factory responsible to build Oath mechanisms. */
@@ -43,17 +45,19 @@ class AuthenticatorManager {
     private NotificationFactory notificationFactory;
     /** The Policy Evaluator is used to enforce policy compliance. */
     private FRAPolicyEvaluator policyEvaluator;
+    /** The Device token manager is used to manage the device token. **/
+    private PushDeviceTokenManager pushDeviceTokenManager;
 
     private static final String TAG = AuthenticatorManager.class.getSimpleName();
 
     AuthenticatorManager(Context context, StorageClient storageClient, FRAPolicyEvaluator policyEvaluator,
                          String deviceToken) {
         this.context = context;
         this.storageClient = storageClient;
-        this.deviceToken = deviceToken;
         this.policyEvaluator = policyEvaluator;
         this.oathFactory = new OathFactory(context, storageClient);
-        this.pushFactory = new PushFactory(context, storageClient, deviceToken);
+        this.pushDeviceTokenManager = new PushDeviceTokenManager(context, storageClient, deviceToken);
+        this.pushFactory = new PushFactory(context, storageClient, pushDeviceTokenManager);
         this.notificationFactory = new NotificationFactory(storageClient);
 
         OathCodeGenerator.getInstance(storageClient);
@@ -63,7 +67,7 @@ class AuthenticatorManager {
     void createMechanismFromUri(String uri, FRAListener<Mechanism> listener) {
         Logger.debug(TAG, "Creating new mechanism from URI: %s", uri);
         if(uri.startsWith(Mechanism.PUSH)) {
-            if(deviceToken != null) {
+            if(pushDeviceTokenManager.getDeviceTokenId() != null) {
                 pushFactory.createFromUri(uri, listener);
             } else {
                 Logger.warn(TAG, "Attempt to add a Push mechanism has failed. " +
@@ -251,25 +255,81 @@ PushNotification getNotificationByMessageId(String messageId) {
         return storageClient.getNotificationByMessageId(messageId);
     }
 
-    void registerForRemoteNotifications(String newDeviceToken) throws AuthenticatorException {
-        if(this.deviceToken == null) {
-            this.deviceToken = newDeviceToken;
-            this.pushFactory = new PushFactory(context, storageClient, newDeviceToken);
-            this.notificationFactory = new NotificationFactory(storageClient);
-            PushResponder.getInstance(storageClient);
+    void registerForRemoteNotifications(String deviceToken) throws AuthenticatorException {
+        if(this.pushDeviceTokenManager.getDeviceTokenId() == null) {
+            this.pushDeviceTokenManager.setDeviceToken(deviceToken);
         } else {
-            if(this.deviceToken.equals(newDeviceToken)) {
+            if(this.pushDeviceTokenManager.getDeviceTokenId().equals(deviceToken)) {
                 Logger.warn(TAG, "The SDK was already initialized with this device token: %s",
-                        newDeviceToken);
+                        deviceToken);
                 throw new AuthenticatorException("The SDK was already initialized with the FCM device token.");
             } else {
                 Logger.warn(TAG, "The SDK was initialized with a different deviceToken: %s, however a new " +
-                        "device token (%s) was received.", this.deviceToken, newDeviceToken);
-                throw new AuthenticatorException("The SDK was initialized with a different deviceToken.");
+                        "device token (%s) was received.", this.pushDeviceTokenManager.getDeviceTokenId(), deviceToken);
+                throw new AuthenticatorException("The SDK was initialized with a different deviceToken. " +
+                        "Use FRAClient#updateDeviceToken method to update the device token.");
             }
         }
     }
 
+    void updateDeviceToken(String newDeviceToken, FRAListener<Void> listener) {
+        Logger.debug(TAG, "Updating FCM device token for all Push mechanisms. New token: %s", newDeviceToken);
+
+        // Get all push mechanisms
+        List<PushMechanism> pushMechanismList = getAllPushMechanisms();
+
+        // If no push mechanisms found, return success
+        if (pushMechanismList.isEmpty()) {
+            Logger.debug(TAG, "No push mechanisms found. Skipping device token update.");
+            listener.onException(new PushMechanismException("Failed to retrieve PushMechanism objects."));
+            return;
+        }
+
+        // Update device token for each push mechanism
+        final int totalMechanisms = pushMechanismList.size();
+        final AtomicInteger completedMechanisms = new AtomicInteger(0);
+        final List<PushMechanism> failedMechanisms = new ArrayList<>();
+        for (PushMechanism pushMechanism : pushMechanismList) {
+            pushDeviceTokenManager.updateDeviceToken(newDeviceToken, pushMechanism, new FRAListener<Void>() {
+                @Override
+                public void onSuccess(Void result) {
+                    Logger.debug(TAG, "FCM device token for mechanism %s updated successfully.", pushMechanism.getMechanismUID());
+                    if (completedMechanisms.incrementAndGet() == totalMechanisms) {
+                        if (failedMechanisms.isEmpty()) {
+                            // All mechanisms have completed successfully
+                            listener.onSuccess(null);
+                        } else {
+                            // If any mechanism failed, we report the list of failed mechanisms.
+                            listener.onException(new MechanismUpdatePushTokenException(
+                                    "Error updating FCM device token for some mechanisms.", failedMechanisms));
+                        }
+                    }
+                }
+
+                @Override
+                public void onException(Exception e) {
+                    Logger.warn(TAG, "Error updating FCM device token for mechanism %s.", pushMechanism.getMechanismUID(), e);
+                    failedMechanisms.add(pushMechanism);
+                    if (completedMechanisms.incrementAndGet() == totalMechanisms) {
+                        // All mechanisms have completed, but some failed
+                        listener.onException(new MechanismUpdatePushTokenException(
+                                "Error updating FCM device token for some mechanisms.", failedMechanisms));
+                    }
+                }
+            });
+        }
+    }
+
+    void updateDeviceTokenForMechanism(String newDeviceToken, PushMechanism pushMechanism, FRAListener<Void> listener) {
+        Logger.debug(TAG, "Updating FCM device token for mechanism %s. New token: %s", pushMechanism.getMechanismUID(), newDeviceToken);
+        pushDeviceTokenManager.updateDeviceToken(newDeviceToken, pushMechanism, listener);
+    }
+
+    PushDeviceToken getPushDeviceToken() {
+        Logger.debug(TAG, "Retrieving FCM device token from StorageClient.");
+        return pushDeviceTokenManager.getPushDeviceToken();
+    }
+
     PushNotification handleMessage(RemoteMessage message)
             throws InvalidNotificationException {
         Logger.debug(TAG, "Processing FCM remote message.");
@@ -407,5 +467,20 @@ void setNotificationFactory(NotificationFactory notificationFactory) {
         this.notificationFactory = notificationFactory;
     }
 
+    @VisibleForTesting
+    List<PushMechanism> getAllPushMechanisms() {
+        List<PushMechanism> pushMechanismList = new ArrayList<>();
+        List<Account> accountList = getAllAccounts();
+        for (Account account : accountList) {
+            List<Mechanism> mechanismList = account.getMechanisms();
+            for (Mechanism mechanism : mechanismList) {
+                if(mechanism.getType().equals(Mechanism.PUSH)) {
+                    pushMechanismList.add((PushMechanism) mechanism);
+                }
+            }
+        }
+        return pushMechanismList;
+    }
+
 }
 

forgerock-authenticator/src/main/java/org/forgerock/android/auth/DefaultStorageClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 - 2025 Ping Identity. All rights reserved.
+ * Copyright (c) 2020 - 2025 Ping Identity Corporation. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -23,18 +23,22 @@
  */
 class DefaultStorageClient implements StorageClient {
 
+    private static final String DEVICE_TOKEN_ID = "deviceToken";
+
     //Alias to store keys
     private static final String ORG_FORGEROCK_SHARED_PREFERENCES_KEYS = "org.forgerock.android.authenticator.KEYS";
 
     //Settings to store the data
     private static final String ORG_FORGEROCK_SHARED_PREFERENCES_DATA_ACCOUNT = "org.forgerock.android.authenticator.DATA.ACCOUNT";
     private static final String ORG_FORGEROCK_SHARED_PREFERENCES_DATA_MECHANISM = "org.forgerock.android.authenticator.DATA.MECHANISM";
     private static final String ORG_FORGEROCK_SHARED_PREFERENCES_DATA_NOTIFICATIONS = "org.forgerock.android.authenticator.DATA.NOTIFICATIONS";
+    private static final String ORG_FORGEROCK_SHARED_PREFERENCES_DATA_DEVICE_TOKEN = "org.forgerock.android.authenticator.DATA.DEVICE_TOKEN";
 
     //The SharedPreferences to store the data
     private SharedPreferences accountData;
     private SharedPreferences mechanismData;
     private SharedPreferences notificationData;
+    private SharedPreferences deviceTokenData;
 
     private static final String TAG = DefaultStorageClient.class.getSimpleName();
 
@@ -45,6 +49,8 @@ public DefaultStorageClient(Context context) {
                 ORG_FORGEROCK_SHARED_PREFERENCES_DATA_MECHANISM, ORG_FORGEROCK_SHARED_PREFERENCES_KEYS);
         this.notificationData = new SecuredSharedPreferences(context,
                 ORG_FORGEROCK_SHARED_PREFERENCES_DATA_NOTIFICATIONS, ORG_FORGEROCK_SHARED_PREFERENCES_KEYS);
+        this.deviceTokenData = new SecuredSharedPreferences(context,
+                ORG_FORGEROCK_SHARED_PREFERENCES_DATA_DEVICE_TOKEN, ORG_FORGEROCK_SHARED_PREFERENCES_KEYS);
     }
 
     @Override
@@ -220,11 +226,26 @@ public PushNotification getNotificationByMessageId(String messageId) {
         return null;
     }
 
+    @Override
+    public boolean setPushDeviceToken(PushDeviceToken pushDeviceToken) {
+        String pushDeviceTokenJson = pushDeviceToken.serialize();
+        return deviceTokenData.edit()
+                .putString(DEVICE_TOKEN_ID, pushDeviceTokenJson)
+                .commit();
+    }
+
+    @Override
+    public PushDeviceToken getPushDeviceToken() {
+        String json = deviceTokenData.getString(DEVICE_TOKEN_ID, null);
+        return PushDeviceToken.deserialize(json);
+    }
+
     @Override
     public boolean isEmpty() {
         return accountData.getAll().isEmpty() &&
                 mechanismData.getAll().isEmpty() &&
-                notificationData.getAll().isEmpty();
+                notificationData.getAll().isEmpty() &&
+                deviceTokenData.getAll().isEmpty();
     }
 
     /**
@@ -241,6 +262,9 @@ public void removeAll() {
         notificationData.edit()
                 .clear()
                 .commit();
+        deviceTokenData.edit()
+                .clear()
+                .commit();
     }
 
     @VisibleForTesting
@@ -257,5 +281,9 @@ void setMechanismData(SharedPreferences sharedPreferences) {
     void setNotificationData(SharedPreferences sharedPreferences) {
         this.notificationData = sharedPreferences;
     }
-    
+
+    @VisibleForTesting
+    void setDeviceTokenData(SharedPreferences sharedPreferences) {
+        this.deviceTokenData = sharedPreferences;
+    }
 }

forgerock-authenticator/src/main/java/org/forgerock/android/auth/FRAClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 - 2025 Ping Identity. All rights reserved.
+ * Copyright (c) 2020 - 2025 Ping Identity Corporation. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -129,7 +129,7 @@ public FRAClient start() throws AuthenticatorException {
             }
 
             if (fcmToken == null) {
-                Logger.warn(TAG, "A FCM token must be provided to handle Push Registrations. The method" +
+                Logger.info(TAG, "A FCM token must be provided to handle Push Registrations. The method" +
                         " FRAClient#registerForRemoteNotifications can also be used to register the device token.");
             }
 
@@ -329,17 +329,50 @@ public PushNotification handleMessage(@NonNull String messageId, @NonNull String
     /**
      * This method allows to register the FCM device token to handle Push mechanisms after the
      * SDK initialization.
-     * Note: This method cannot be used to handle FCM device token updates received on
-     * {@link FirebaseMessagingService#onNewToken}. Currently, AM does not accept deviceToken updates
-     * from the SDK. If any {@link PushMechanism} was registered with the previous token, this
-     * mechanism needs to be removed and registered again using this new deviceToken.
+     * Note: This method cannot be used to handle FCM device token updates. Instead, use the
+     * method {@link #updateDeviceToken}
      * @param deviceToken the FCM device token
      * @throws AuthenticatorException if the SDK was already initialized with a device token
      */
     public void registerForRemoteNotifications(@NonNull String deviceToken) throws AuthenticatorException {
         this.authenticatorManager.registerForRemoteNotifications(deviceToken);
     }
 
+    /**
+     * This method allows to update the FCM device token for all registered Push mechanisms.
+     * Use this method to handle device token updates received on {@link FirebaseMessagingService#onNewToken}.
+     * Overall Success/Failure Logic:
+     * If all mechanisms succeed, listener.onSuccess() is called.
+     * If any mechanism fails, listener.onException() is called. The exception contains the list of
+     * all failed mechanisms.
+     * If there are no Push mechanisms found, listener.onSuccess() is called.
+     * @param deviceToken the new FCM device token
+     * @param listener Callback for receiving the result of device token update
+     */
+    public void updateDeviceToken(@NonNull String deviceToken, @NonNull FRAListener<Void> listener) {
+        this.authenticatorManager.updateDeviceToken(deviceToken, listener);
+    }
+
+    /**
+     * This method allows to update the FCM device token for a specific Push mechanism.
+     * @param deviceToken the new FCM device token
+     * @param pushMechanism the PushMechanism object
+     * @param listener Callback for receiving the result of device token update
+     */
+    public void updateDeviceTokenForMechanism(@NonNull String deviceToken, @NonNull PushMechanism pushMechanism,
+                                              @NonNull FRAListener<Void> listener) {
+        this.authenticatorManager.updateDeviceTokenForMechanism(deviceToken, pushMechanism, listener);
+    }
+
+    /**
+     * Get the PushDeviceToken object containing the FCM device token and its issued date time.
+     * If no PushDeviceToken was found in the storage, returns {@code null}.
+     * @return PushDeviceToken The PushDeviceToken object
+     */
+    public PushDeviceToken getPushDeviceToken() {
+        return this.authenticatorManager.getPushDeviceToken();
+    }
+
     /** No Public methods **/
 
     @VisibleForTesting

forgerock-authenticator/src/main/java/org/forgerock/android/auth/HOTPMechanism.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 - 2023 ForgeRock. All rights reserved.
+ * Copyright (c) 2020 - 2025 Ping Identity Corporation. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -23,10 +23,11 @@ public class HOTPMechanism extends OathMechanism {
     /** Counter as in Int for number of OTP credentials generated */
     protected long counter;
 
-    private HOTPMechanism(String mechanismUID, String issuer, String accountName, String type, TokenType oathType,
-                          String algorithm, String secret, int digits, long counter, Calendar timeAdded) {
-        super(mechanismUID, issuer, accountName, type, oathType, algorithm,
-                secret, digits, timeAdded);
+    private HOTPMechanism(String mechanismUID, String issuer, String accountName, String type,
+                          TokenType oathType, String algorithm, String secret, String uid,
+                          String resourceId, int digits, long counter, Calendar timeAdded) {
+        super(mechanismUID, issuer, accountName, type, oathType, algorithm, secret, uid,
+                resourceId, digits, timeAdded);
         this.counter = counter;
     }
 
@@ -56,6 +57,8 @@ public String toJson() {
             jsonObject.put("accountName", getAccountName());
             jsonObject.put("mechanismUID", getMechanismUID());
             jsonObject.put("secret", getSecret());
+            jsonObject.put("uid", getUid());
+            jsonObject.put("resourceId", getResourceId());
             jsonObject.put("type", getType());
             jsonObject.put("oathType", getOathType());
             jsonObject.put("algorithm", getAlgorithm());
@@ -80,7 +83,7 @@ String serialize() {
      * if {@code jsonString} is empty or not able to parse it.
      */
     public static HOTPMechanism deserialize(String jsonString) {
-        if (jsonString == null || jsonString.length() == 0) {
+        if (jsonString == null || jsonString.isEmpty()) {
             return null;
         }
         try {
@@ -90,6 +93,8 @@ public static HOTPMechanism deserialize(String jsonString) {
                     .setAccountName(jsonObject.getString("accountName"))
                     .setMechanismUID(jsonObject.getString("mechanismUID"))
                     .setSecret(jsonObject.getString("secret"))
+                    .setUid(jsonObject.has("uid") ? jsonObject.getString("uid") : null)
+                    .setResourceId(jsonObject.has("resourceId") ? jsonObject.getString("resourceId") : null)
                     .setAlgorithm(jsonObject.getString("algorithm"))
                     .setDigits(jsonObject.getInt("digits"))
                     .setCounter(jsonObject.getLong("counter"))
@@ -137,8 +142,8 @@ public HOTPBuilder setCounter(long counter) {
          */
         @Override
         HOTPMechanism buildOath() {
-            return new HOTPMechanism(mechanismUID, issuer, accountName, Mechanism.OATH, TokenType.HOTP, algorithm,
-                    secret, digits, counter, timeAdded);
+            return new HOTPMechanism(mechanismUID, issuer, accountName, Mechanism.OATH,
+                    TokenType.HOTP, algorithm, secret, uid, resourceId, digits, counter, timeAdded);
         }
 
     }