fix: Update OAuth implementation 7

Author: reeshika-h

src/main/java/com/contentstack/cms/models/OAuthConfig.java

@@ -38,7 +38,6 @@ public void validate() {
             throw new IllegalArgumentException("redirectUri is required");
         }
 
-        // Validate redirectUri is a valid URL
         try {
             new URL(redirectUri);
         } catch (MalformedURLException e) {
@@ -63,10 +62,8 @@ public String getFormattedAuthorizationEndpoint() {
             return authEndpoint;
         }
 
-        // Transform hostname similar to JS SDK
         String hostname = "app.contentstack.com";
 
-        // Handle environment-specific transformations
         if (hostname.endsWith("io")) {
             hostname = hostname.replace("io", "com");
         }
@@ -86,12 +83,9 @@ public String getTokenEndpoint() {
             return tokenEndpoint;
         }
 
-        // Transform for developer hub
         String hostname = "developerhub-api.contentstack.com";
-        
-        // Handle environment-specific transformations
         hostname = hostname
-            .replaceAll("^dev\\d+", "dev")  // Replace dev1, dev2, etc. with dev
+            .replaceAll("^dev\\d+", "dev")
             .replace("io", "com");
 
         return "https://" + hostname + "/token";

src/main/java/com/contentstack/cms/oauth/OAuthHandler.java

@@ -28,7 +28,7 @@
  */
 @Getter
 public class OAuthHandler {
-    private final OkHttpClient httpClient;
+    private OkHttpClient httpClient;
     private final OAuthConfig config;
     private final Gson gson;
 
@@ -55,14 +55,11 @@ public OAuthHandler(OkHttpClient httpClient, OAuthConfig config) {
         // Only generate PKCE codeVerifier if clientSecret is not provided
         if (config.getClientSecret() == null || config.getClientSecret().trim().isEmpty()) {
             this.codeVerifier = generateCodeVerifier();
-            // codeChallenge will be generated during authorize()
             this.codeChallenge = null;
         }
     }
 
-    /**
-     * Returns common headers for OAuth requests
-     */
+
     private Request.Builder _getHeaders() {
         return new Request.Builder()
             .header("Content-Type", "application/x-www-form-urlencoded")
@@ -74,10 +71,11 @@ private Request.Builder _getHeaders() {
      * @return A random URL-safe string between 43-128 characters
      */
     private String generateCodeVerifier() {
+        final int CODE_VERIFIER_LENGTH = 96;  
         final String charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
         SecureRandom random = new SecureRandom();
         StringBuilder verifier = new StringBuilder();
-        for (int i = 0; i < 128; i++) {
+        for (int i = 0; i < CODE_VERIFIER_LENGTH; i++) {
             verifier.append(charset.charAt(random.nextInt(charset.length())));
         }
         return verifier.toString();
@@ -103,14 +101,6 @@ private String generateCodeChallenge(String verifier) {
         }
     }
 
-    /**
-     * Generates PKCE parameters (code verifier and challenge)
-     */
-    private void generatePkceParameters() {
-        this.codeVerifier = generateCodeVerifier();
-        this.codeChallenge = generateCodeChallenge(this.codeVerifier);
-     
-    }
 
     /**
      * Starts the OAuth authorization flow
@@ -124,6 +114,11 @@ public String authorize() {
             urlBuilder.append("?response_type=").append(config.getResponseType())
                      .append("&client_id=").append(URLEncoder.encode(config.getClientId(), "UTF-8"))
                      .append("&redirect_uri=").append(URLEncoder.encode(config.getRedirectUri(), "UTF-8"));
+            
+            // Add scope if provided
+            if (config.getScope() != null && !config.getScope().trim().isEmpty()) {
+                urlBuilder.append("&scope=").append(URLEncoder.encode(config.getScope(), "UTF-8"));
+            }
 
             if (config.getClientSecret() != null && !config.getClientSecret().trim().isEmpty()) {
                 return urlBuilder.toString();
@@ -179,17 +174,6 @@ public CompletableFuture<OAuthTokens> exchangeCodeForToken(String code) {
      */
     private void _saveTokens(OAuthTokens tokens) {
         this.tokens = tokens;
-        // Update the client's auth state
-        if (tokens != null && tokens.hasAccessToken()) {
-            this.httpClient = this.httpClient.newBuilder()
-                .addInterceptor(chain -> {
-                    Request request = chain.request().newBuilder()
-                        .header("Authorization", "Bearer " + tokens.getAccessToken())
-                        .build();
-                    return chain.proceed(request);
-                })
-                .build();
-        }
     }
 
     /**
@@ -248,7 +232,14 @@ private OAuthTokens executeTokenRequest(Request request) throws IOException {
             if (!response.isSuccessful()) {
                 String error = responseBody != null ? responseBody.string() : "Unknown error";
                 System.err.println("Error Response Body: " + error);
-                throw new RuntimeException("Token request failed with status " + response.code() + ": " + error);
+                
+                // Parse error response if possible
+                try {
+                    throw new RuntimeException("Token request failed: " + error);
+                } catch (JsonParseException e) {
+                    throw new RuntimeException("Token request failed with status " + 
+                        response.code() + ": " + error);
+                }
             }
 
             String body = responseBody != null ? responseBody.string() : "{}";

src/main/java/com/contentstack/cms/oauth/OAuthInterceptor.java

@@ -11,9 +11,7 @@
 import java.util.concurrent.TimeoutException;
 import java.util.logging.Logger;
 
-/**
- * OkHttp interceptor that handles OAuth token injection and refresh
- */
+
 public class OAuthInterceptor implements Interceptor {
     private static final Logger logger = Logger.getLogger(OAuthInterceptor.class.getName());
     private final OAuthHandler oauthHandler;
@@ -23,26 +21,17 @@ public OAuthInterceptor(OAuthHandler oauthHandler) {
         this.oauthHandler = oauthHandler;
     }
 
-    /**
-     * Sets early access features
-     * @param earlyAccess Array of early access feature names
-     */
+
     public void setEarlyAccess(String[] earlyAccess) {
         this.earlyAccess = earlyAccess;
     }
 
-    /**
-     * Checks if OAuth is configured
-     * @return true if OAuth is configured
-     */
+
     public boolean isOAuthConfigured() {
         return oauthHandler != null && oauthHandler.getConfig() != null;
     }
 
-    /**
-     * Checks if we have valid tokens
-     * @return true if we have valid tokens
-     */
+
     public boolean hasValidTokens() {
         return oauthHandler != null && 
                oauthHandler.getTokens() != null && 
@@ -52,41 +41,30 @@ public boolean hasValidTokens() {
     @Override
     public Response intercept(Chain chain) throws IOException {
         Request originalRequest = chain.request();
-
-        // Add standard headers
         Request.Builder requestBuilder = originalRequest.newBuilder()
             .header("X-User-Agent", Util.defaultUserAgent())
             .header("User-Agent", Util.defaultUserAgent())
             .header("Content-Type", originalRequest.url().toString().contains("/token") ? "application/x-www-form-urlencoded" : "application/json")
             .header("X-Header-EA", earlyAccess != null ? String.join(",", earlyAccess) : "true");
-
-        // Get current tokens
         if (oauthHandler.getTokens() != null) {
-            // Check if token is expired and refresh if needed
             if (oauthHandler.getTokens().isExpired() && oauthHandler.getTokens().hasRefreshToken()) {
                 try {
                     oauthHandler.refreshAccessToken().get(30, TimeUnit.SECONDS);
                 } catch (InterruptedException | ExecutionException | TimeoutException e) {
                     throw new IOException("Failed to refresh access token", e);
                 }
             }
-
-            // Add token to request if available
             if (oauthHandler.getTokens().hasAccessToken()) {
                 requestBuilder.header("Authorization", "Bearer " + oauthHandler.getAccessToken());
             }
         }
 
         Request request = requestBuilder.build();
         Response response = chain.proceed(request);
-
-        // Handle 401 by refreshing token and retrying once
         if (response.code() == 401 && oauthHandler.getTokens() != null && oauthHandler.getTokens().hasRefreshToken()) {
             response.close();
             try {
                 oauthHandler.refreshAccessToken().get(30, TimeUnit.SECONDS);
-                
-                // Retry with new token
                 request = request.newBuilder()
                     .header("Authorization", "Bearer " + oauthHandler.getAccessToken())
                     .build();