Merge branch 'master' into unchecked-warnings

README.md

@@ -5,7 +5,6 @@
 [![Maven][maven-badge]][maven-url]
 [![JCenter][jcenter-badge]][jcenter-url]
 [![codecov][codecov-badge]][codecov-url]
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fauth0-java.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fauth0-java?ref=badge_shield)
 
 Java client library for the [Auth0](https://auth0.com) platform.
 
@@ -716,6 +715,3 @@ This project is licensed under the MIT license. See the [LICENSE](LICENSE) file
 [jcenter-url]: https://bintray.com/auth0/java/auth0/_latestVersion
 [codecov-badge]: https://codecov.io/gh/auth0/auth0-java/branch/master/graph/badge.svg
 [codecov-url]: https://codecov.io/gh/auth0/auth0-java
-
-
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fauth0-java.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fauth0-java?ref=badge_large)

src/main/java/com/auth0/client/auth/AuthAPI.java

@@ -452,7 +452,7 @@ public SignUpRequest signUp(String email, char[] password, String connection) {
      * @deprecated Use {@linkplain #login(String, char[])} instead.
      */
     @Deprecated
-    public AuthRequest login(String emailOrUsername, String password) {
+    public TokenRequest login(String emailOrUsername, String password) {
         return this.login(emailOrUsername, password != null ? password.toCharArray() : null);
     }
 
@@ -476,7 +476,7 @@ public AuthRequest login(String emailOrUsername, String password) {
      * @param password        the password of the user.
      * @return a Request to configure and execute.
      */
-    public AuthRequest login(String emailOrUsername, char[] password) {
+    public TokenRequest login(String emailOrUsername, char[] password) {
         Asserts.assertNotNull(emailOrUsername, "email or username");
         Asserts.assertNotNull(password, "password");
 
@@ -518,7 +518,7 @@ public AuthRequest login(String emailOrUsername, char[] password) {
      * @deprecated Use {@linkplain #login(String, char[], String)} instead.
      */
     @Deprecated
-    public AuthRequest login(String emailOrUsername, String password, String realm) {
+    public TokenRequest login(String emailOrUsername, String password, String realm) {
         return this.login(emailOrUsername, password != null ? password.toCharArray() : null, realm);
     }
 
@@ -543,7 +543,7 @@ public AuthRequest login(String emailOrUsername, String password, String realm)
      * @param realm           the realm to use.
      * @return a Request to configure and execute.
      */
-    public AuthRequest login(String emailOrUsername, char[] password, String realm) {
+    public TokenRequest login(String emailOrUsername, char[] password, String realm) {
         Asserts.assertNotNull(emailOrUsername, "email or username");
         Asserts.assertNotNull(password, "password");
         Asserts.assertNotNull(realm, "realm");
@@ -589,7 +589,7 @@ public AuthRequest login(String emailOrUsername, char[] password, String realm)
      * @see com.auth0.client.auth.AuthAPI#startPasswordlessEmailFlow(String, PasswordlessEmailType)
      * @see com.auth0.client.auth.AuthAPI#startPasswordlessSmsFlow(String)
      */
-    public AuthRequest exchangePasswordlessOtp(String emailOrPhone, String realm, char[] otp) {
+    public TokenRequest exchangePasswordlessOtp(String emailOrPhone, String realm, char[] otp) {
         Asserts.assertNotNull(emailOrPhone, "emailOrPhone");
         Asserts.assertNotNull(realm, "realm");
         Asserts.assertNotNull(otp, "otp");
@@ -629,7 +629,7 @@ public AuthRequest exchangePasswordlessOtp(String emailOrPhone, String realm, ch
      * @param audience the audience of the API to request access to.
      * @return a Request to configure and execute.
      */
-    public AuthRequest requestToken(String audience) {
+    public TokenRequest requestToken(String audience) {
         Asserts.assertNotNull(audience, "audience");
 
         String url = baseUrl
@@ -697,7 +697,7 @@ public Request<Void> revokeToken(String refreshToken) {
      * @param refreshToken the refresh token to use to get fresh new credentials.
      * @return a Request to configure and execute.
      */
-    public AuthRequest renewAuth(String refreshToken) {
+    public TokenRequest renewAuth(String refreshToken) {
         Asserts.assertNotNull(refreshToken, "refresh token");
 
         String url = baseUrl
@@ -733,7 +733,7 @@ public AuthRequest renewAuth(String refreshToken) {
      * @param redirectUri the redirect uri sent on the /authorize call.
      * @return a Request to configure and execute.
      */
-    public AuthRequest exchangeCode(String code, String redirectUri) {
+    public TokenRequest exchangeCode(String code, String redirectUri) {
         Asserts.assertNotNull(code, "code");
         Asserts.assertNotNull(redirectUri, "redirect uri");
 
@@ -859,7 +859,7 @@ public CustomRequest<PasswordlessSmsResponse> startPasswordlessSmsFlow(String ph
      *
      * @see <a href="https://auth0.com/docs/api/authentication#verify-with-one-time-password-otp-">Verify with one-time password (OTP) API documentation</a>
      */
-    public AuthRequest exchangeMfaOtp(String mfaToken, char[] otp) {
+    public TokenRequest exchangeMfaOtp(String mfaToken, char[] otp) {
         Asserts.assertNotNull(mfaToken, "mfa token");
         Asserts.assertNotNull(otp, "otp");
 

src/test/java/com/auth0/client/auth/AuthAPITest.java

@@ -828,6 +828,33 @@ public void shouldCreateLogInWithPasswordGrantRequestWithCustomParameters() thro
         assertThat(response.getExpiresIn(), is(notNullValue()));
     }
 
+    @Test
+    public void shouldSetCustomHeaderWithPasswordlessRealmRequest() throws Exception {
+        TokenRequest request = api.login("me", new char[]{'p','a','s','s','w','o','r','d'});
+        request.addHeader("some-header", "some-value");
+
+        server.jsonResponse(AUTH_TOKENS, 200);
+        TokenHolder response = request.execute();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath("POST", "/oauth/token"));
+        assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
+        assertThat(recordedRequest, hasHeader("some-header", "some-value"));
+
+        Map<String, Object> body = bodyFromRequest(recordedRequest);
+        assertThat(body, hasEntry("grant_type", (Object) "password"));
+        assertThat(body, hasEntry("client_id", (Object) CLIENT_ID));
+        assertThat(body, hasEntry("client_secret", (Object) CLIENT_SECRET));
+        assertThat(body, hasEntry("username", (Object) "me"));
+        assertThat(body, hasEntry("password", (Object) "password"));
+
+        assertThat(response, is(notNullValue()));
+        assertThat(response.getAccessToken(), not(isEmptyOrNullString()));
+        assertThat(response.getIdToken(), not(isEmptyOrNullString()));
+        assertThat(response.getRefreshToken(), not(isEmptyOrNullString()));
+        assertThat(response.getTokenType(), not(isEmptyOrNullString()));
+        assertThat(response.getExpiresIn(), is(notNullValue()));
+    }
 
     //Log In with PasswordRealm grant