fix: Update OAuth implementation 9

Author: reeshika-h

src/main/java/com/contentstack/cms/Contentstack.java

@@ -295,6 +295,15 @@ public Organization organization() {
         if (!isOAuthConfigured() && this.authtoken == null) {
             throw new IllegalStateException("Please login or configure OAuth to access organization");
         }
+        
+        // If using OAuth, get organization from tokens
+        if (isOAuthConfigured() && oauthHandler.getTokens() != null) {
+            String orgUid = oauthHandler.getTokens().getOrganizationUid();
+            if (orgUid != null && !orgUid.isEmpty()) {
+                return organization(orgUid);
+            }
+        }
+        
         return new Organization(this.instance);
     }
 
@@ -810,13 +819,15 @@ private OkHttpClient httpClient(Contentstack contentstack, Boolean retryOnFailur
 
             // Add either OAuth or traditional auth interceptor
             if (this.oauthConfig != null) {
-                if (this.oauthInterceptor == null) {
-                    this.oauthHandler = new OAuthHandler(builder.build(), this.oauthConfig);
-                    this.oauthInterceptor = new OAuthInterceptor(this.oauthHandler);
-                    if (this.earlyAccess != null) {
-                        this.oauthInterceptor.setEarlyAccess(this.earlyAccess);
-                    }
+                // Create OAuth handler and interceptor first
+                OkHttpClient tempClient = builder.build();
+                this.oauthHandler = new OAuthHandler(tempClient, this.oauthConfig);
+                this.oauthInterceptor = new OAuthInterceptor(this.oauthHandler);
+                if (this.earlyAccess != null) {
+                    this.oauthInterceptor.setEarlyAccess(this.earlyAccess);
                 }
+                
+                // Add interceptor to final client
                 builder.addInterceptor(this.oauthInterceptor);
             } else {
                 this.authInterceptor = contentstack.interceptor = new AuthInterceptor();

src/main/java/com/contentstack/cms/models/OAuthConfig.java

@@ -64,11 +64,11 @@ public String getFormattedAuthorizationEndpoint() {
 
         String hostname = "app.contentstack.com";
 
-        if (hostname.endsWith("io")) {
-            hostname = hostname.replace("io", "com");
-        }
-        if (hostname.startsWith("api")) {
-            hostname = hostname.replace("api", "app");
+        // Transform hostname if needed
+        if (hostname.contains("contentstack")) {
+            hostname = hostname
+                .replaceAll("^api\\.", "app.")  // api.contentstack -> app.contentstack
+                .replaceAll("\\.io$", ".com");  // *.io -> *.com
         }
 
         return "https://" + hostname + "/#!/apps/" + appId + "/authorize";
@@ -84,9 +84,13 @@ public String getTokenEndpoint() {
         }
 
         String hostname = "developerhub-api.contentstack.com";
-        hostname = hostname
-            .replaceAll("^dev\\d+", "dev")
-            .replace("io", "com");
+        
+        // Transform hostname if needed
+        if (hostname.contains("contentstack")) {
+            hostname = hostname
+                .replaceAll("^dev\\d+\\.", "dev.")  // dev1.* -> dev.*
+                .replaceAll("\\.io$", ".com");      // *.io -> *.com
+        }
 
         return "https://" + hostname + "/token";
     }

src/main/java/com/contentstack/cms/models/OAuthTokens.java

@@ -35,6 +35,9 @@ public class OAuthTokens {
     @SerializedName("user_uid")
     private String userUid;
 
+    @SerializedName("stack_api_key")
+    private String stackApiKey;
+
     private Date issuedAt;
     private Date expiresAt;
 
@@ -147,11 +150,20 @@ public OAuthTokens copy() {
         copy.scope = this.scope;
         copy.organizationUid = this.organizationUid;
         copy.userUid = this.userUid;
+        copy.stackApiKey = this.stackApiKey;
         copy.issuedAt = this.issuedAt != null ? new Date(this.issuedAt.getTime()) : null;
         copy.expiresAt = this.expiresAt != null ? new Date(this.expiresAt.getTime()) : null;
         return copy;
     }
 
+    /**
+     * Gets the stack API key if available
+     * @return The stack API key or null if not available
+     */
+    public String getStackApiKey() {
+        return stackApiKey != null && !stackApiKey.trim().isEmpty() ? stackApiKey : null;
+    }
+
     @Override
     public String toString() {
         return "OAuthTokens{" +
@@ -162,6 +174,7 @@ public String toString() {
                 ", scope='" + scope + '\'' +
                 ", organizationUid='" + organizationUid + '\'' +
                 ", userUid='" + userUid + '\'' +
+                ", stackApiKey='" + stackApiKey + '\'' +
                 ", issuedAt=" + issuedAt +
                 ", expiresAt=" + expiresAt +
                 '}';

src/main/java/com/contentstack/cms/oauth/OAuthHandler.java

@@ -61,9 +61,14 @@ public OAuthHandler(OkHttpClient httpClient, OAuthConfig config) {
 
 
     private Request.Builder _getHeaders() {
-        return new Request.Builder()
-            .header("Content-Type", "application/x-www-form-urlencoded")
-            .header("authorization", "Bearer " + (tokens != null ? tokens.getAccessToken() : ""));
+        Request.Builder builder = new Request.Builder()
+            .header("Content-Type", "application/x-www-form-urlencoded");
+            
+        // Only add authorization header for non-token endpoints
+        if (tokens != null && tokens.getAccessToken() != null) {
+            builder.header("authorization", "Bearer " + tokens.getAccessToken());
+        }
+        return builder;
     }
 
     /**
@@ -194,8 +199,11 @@ public CompletableFuture<OAuthTokens> refreshAccessToken() {
                     .add("refresh_token", tokens.getRefreshToken())
                     .add("client_id", config.getClientId());
 
-                if (!config.isPkceEnabled()) {
+                // Add client_secret if available, otherwise add code_verifier
+                if (config.getClientSecret() != null && !config.getClientSecret().trim().isEmpty()) {
                     formBuilder.add("client_secret", config.getClientSecret());
+                } else if (this.codeVerifier != null) {
+                    formBuilder.add("code_verifier", this.codeVerifier);
                 }
 
                 Request request = _getHeaders()
@@ -233,10 +241,13 @@ private OAuthTokens executeTokenRequest(Request request) throws IOException {
                 String error = responseBody != null ? responseBody.string() : "Unknown error";
                 System.err.println("Error Response Body: " + error);
 
-                // Parse error response if possible
+                // Try to parse error as JSON for better error message
                 try {
-                    throw new RuntimeException("Token request failed: " + error);
+                    com.contentstack.cms.models.Error errorObj = gson.fromJson(error, com.contentstack.cms.models.Error.class);
+                    throw new RuntimeException("Token request failed: " + 
+                        (errorObj != null ? errorObj.getErrorMessage() : error));
                 } catch (JsonParseException e) {
+                    // If not JSON, use raw error string
                     throw new RuntimeException("Token request failed with status " + 
                         response.code() + ": " + error);
                 }
@@ -364,4 +375,12 @@ public CompletableFuture<Void> revokeOauthAppAuthorization() {
     public String getOrganizationUID() { return tokens != null ? tokens.getOrganizationUid() : null; }
     public String getUserUID() { return tokens != null ? tokens.getUserUid() : null; }
     public Long getTokenExpiryTime() { return tokens != null ? tokens.getExpiresIn() : null; }
+    
+    /**
+     * Checks if we have a valid access token
+     * @return true if we have a non-expired access token
+     */
+    public boolean hasValidAccessToken() {
+        return tokens != null && tokens.hasAccessToken() && !tokens.isExpired();
+    }
 }

src/main/java/com/contentstack/cms/oauth/OAuthInterceptor.java

@@ -41,21 +41,35 @@ public boolean hasValidTokens() {
     @Override
     public Response intercept(Chain chain) throws IOException {
         Request originalRequest = chain.request();
+        
+        System.out.println("\nOAuth Interceptor - Request Details:");
+        System.out.println("URL: " + originalRequest.url());
+        System.out.println("Method: " + originalRequest.method());
+        System.out.println("Has Tokens: " + (oauthHandler.getTokens() != null));
+        if (oauthHandler.getTokens() != null) {
+            System.out.println("Access Token: " + oauthHandler.getTokens().getAccessToken());
+            System.out.println("Token Expired: " + oauthHandler.getTokens().isExpired());
+        }
+        
         Request.Builder requestBuilder = originalRequest.newBuilder()
             .header("X-User-Agent", Util.defaultUserAgent())
             .header("User-Agent", Util.defaultUserAgent())
             .header("Content-Type", originalRequest.url().toString().contains("/token") ? "application/x-www-form-urlencoded" : "application/json")
             .header("X-Header-EA", earlyAccess != null ? String.join(",", earlyAccess) : "true");
-        if (oauthHandler.getTokens() != null) {
-            if (oauthHandler.getTokens().isExpired() && oauthHandler.getTokens().hasRefreshToken()) {
-                try {
-                    oauthHandler.refreshAccessToken().get(30, TimeUnit.SECONDS);
-                } catch (InterruptedException | ExecutionException | TimeoutException e) {
-                    throw new IOException("Failed to refresh access token", e);
+        // Skip auth header for token endpoints
+        if (!originalRequest.url().toString().contains("/token")) {
+            if (oauthHandler.getTokens() != null) {
+                if (oauthHandler.getTokens().isExpired() && oauthHandler.getTokens().hasRefreshToken()) {
+                    try {
+                        oauthHandler.refreshAccessToken().get(30, TimeUnit.SECONDS);
+                    } catch (InterruptedException | ExecutionException | TimeoutException e) {
+                        throw new IOException("Failed to refresh access token", e);
+                    }
+                }
+                if (oauthHandler.getTokens().hasAccessToken()) {
+                    requestBuilder.header("Authorization", "Bearer " + oauthHandler.getAccessToken());
+                    System.out.println("Added Authorization header: Bearer " + oauthHandler.getAccessToken());
                 }
-            }
-            if (oauthHandler.getTokens().hasAccessToken()) {
-                requestBuilder.header("Authorization", "Bearer " + oauthHandler.getAccessToken());
             }
         }