Finch-API
diff --git a/‎README.md‎
Lines changed: 14 additions & 0 deletions b/‎README.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClient.kt‎
Lines changed: 23 additions & 0 deletions b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClient.kt‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientAsync.kt‎
Lines changed: 24 additions & 0 deletions b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientAsync.kt‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientAsyncImpl.kt‎
Lines changed: 84 additions & 0 deletions b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientAsyncImpl.kt‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientImpl.kt‎
Lines changed: 83 additions & 0 deletions b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/client/FinchClientImpl.kt‎
Lines changed: 83 additions & 0 deletions
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/services/async/AccessTokenServiceAsyncImpl.kt‎
Lines changed: 24 additions & 1 deletion b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/services/async/AccessTokenServiceAsyncImpl.kt‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎finch-java-core/src/main/kotlin/com/tryfinch/api/services/async/WebhookServiceAsync.kt‎
Lines changed: 13 additions & 1 deletion b/‎finch-java-core/src/main/kotlin/com/tryfinch/api/services/async/WebhookServiceAsync.kt‎
Lines changed: 13 additions & 1 deletion
@@ -217,6 +217,20 @@ while (page != null) {
 
 ---
 
+---
+
+## Webhook Verification
+
+We provide helper methods for verifying that a webhook request came from Finch, and not a malicious third party.
+
+You can use `finch.webhooks().verifySignature(body, headers, secret?)` or `finch.webhooks().unwrap(body, headers, secret?)`,
+both of which will raise an error if the signature is invalid.
+
+Note that the "body" parameter must be the raw JSON string sent from the server (do not parse it first).
+The `.unwrap()` method can parse this JSON for you.
+
+---
+
 ## Error handling
 
 This library throws exceptions in a single hierarchy for easy handling:
 
@@ -4,6 +4,7 @@
 
 package com.tryfinch.api.client
 
+import com.fasterxml.jackson.annotation.JsonProperty
 import com.tryfinch.api.models.*
 import com.tryfinch.api.services.blocking.*
 
@@ -26,4 +27,26 @@ interface FinchClient {
     fun jobs(): JobService
 
     fun sandbox(): SandboxService
+
+    fun getAccessToken(
+        clientId: String,
+        clientSecret: String,
+        code: String,
+        redirectUri: String
+    ): String
+
+    fun getAuthUrl(products: String, redirectUri: String, sandbox: Boolean): String
+
+    fun withAccessToken(accessToken: String): FinchClient
+
+    private data class GetAccessTokenParams(
+        @JsonProperty("client_id") val clientId: String,
+        @JsonProperty("client_secret") val clientSecret: String,
+        @JsonProperty("code") val code: String,
+        @JsonProperty("redirect_uri") val redirectUri: String,
+    )
+
+    private data class GetAccessTokenResponse(
+        @JsonProperty("accessToken") val accessToken: String,
+    )
 }
@@ -4,8 +4,10 @@
 
 package com.tryfinch.api.client
 
+import com.fasterxml.jackson.annotation.JsonProperty
 import com.tryfinch.api.models.*
 import com.tryfinch.api.services.async.*
+import java.util.concurrent.CompletableFuture
 
 interface FinchClientAsync {
 
@@ -26,4 +28,26 @@ interface FinchClientAsync {
     fun jobs(): JobServiceAsync
 
     fun sandbox(): SandboxServiceAsync
+
+    fun getAccessToken(
+        clientId: String,
+        clientSecret: String,
+        code: String,
+        redirectUri: String
+    ): CompletableFuture<String>
+
+    fun getAuthUrl(products: String, redirectUri: String, sandbox: Boolean): String
+
+    fun withAccessToken(accessToken: String): FinchClientAsync
+
+    private data class GetAccessTokenParams(
+        @JsonProperty("client_id") val clientId: String,
+        @JsonProperty("client_secret") val clientSecret: String,
+        @JsonProperty("code") val code: String,
+        @JsonProperty("redirect_uri") val redirectUri: String,
+    )
+
+    private data class GetAccessTokenResponse(
+        @JsonProperty("accessToken") val accessToken: String,
+    )
 }
@@ -2,12 +2,21 @@
 
 package com.tryfinch.api.client
 
+import com.fasterxml.jackson.annotation.JsonProperty
 import com.tryfinch.api.core.ClientOptions
+import com.tryfinch.api.core.http.HttpMethod
+import com.tryfinch.api.core.http.HttpRequest
 import com.tryfinch.api.core.http.HttpResponse.Handler
 import com.tryfinch.api.errors.FinchError
+import com.tryfinch.api.errors.FinchException
 import com.tryfinch.api.models.*
 import com.tryfinch.api.services.async.*
 import com.tryfinch.api.services.errorHandler
+import com.tryfinch.api.services.json
+import com.tryfinch.api.services.jsonHandler
+import com.tryfinch.api.services.withErrorHandler
+import java.net.URLEncoder
+import java.util.concurrent.CompletableFuture
 
 class FinchClientAsyncImpl
 constructor(
@@ -38,6 +47,9 @@ constructor(
 
     private val sandbox: SandboxServiceAsync by lazy { SandboxServiceAsyncImpl(clientOptions) }
 
+    private val getAccessTokenHandler: Handler<GetAccessTokenResponse> =
+        jsonHandler<GetAccessTokenResponse>(clientOptions.jsonMapper).withErrorHandler(errorHandler)
+
     override fun sync(): FinchClient = sync
 
     override fun accessTokens(): AccessTokenServiceAsync = accessTokens
@@ -55,4 +67,76 @@ constructor(
     override fun jobs(): JobServiceAsync = jobs
 
     override fun sandbox(): SandboxServiceAsync = sandbox
+
+    override fun getAccessToken(
+        clientId: String,
+        clientSecret: String,
+        code: String,
+        redirectUri: String
+    ): CompletableFuture<String> {
+        if (clientOptions.clientId == null) {
+            throw FinchException("clientId must be set in order to call getAccessToken")
+        }
+        if (clientOptions.clientSecret == null) {
+            throw FinchException("clientSecret must be set in order to call getAccessToken")
+        }
+        val request =
+            HttpRequest.builder()
+                .method(HttpMethod.POST)
+                .addPathSegments("auth", "token")
+                .body(
+                    json(
+                        clientOptions.jsonMapper,
+                        GetAccessTokenParams(
+                            clientId,
+                            clientSecret,
+                            code,
+                            redirectUri,
+                        )
+                    )
+                )
+                .build()
+        return clientOptions.httpClient.executeAsync(request).thenApply {
+            getAccessTokenHandler.handle(it).accessToken
+        }
+    }
+
+    override fun getAuthUrl(products: String, redirectUri: String, sandbox: Boolean): String {
+        if (clientOptions.clientId == null) {
+            throw FinchException("Expected the clientId to be set in order to call getAuthUrl")
+        }
+        return "https://connect.tryfinch.com/authorize" +
+            "?client_id=${URLEncoder.encode(clientOptions.clientId, Charsets.UTF_8.name())}" +
+            "&products=${URLEncoder.encode(products, Charsets.UTF_8.name())}" +
+            "&redirect_uri=${URLEncoder.encode(redirectUri, Charsets.UTF_8.name())}" +
+            "&sandbox=${if (sandbox) "true" else "false"}"
+    }
+
+    override fun withAccessToken(accessToken: String): FinchClientAsync {
+        return FinchClientAsyncImpl(
+            ClientOptions.builder()
+                .httpClient(clientOptions.httpClient)
+                .jsonMapper(clientOptions.jsonMapper)
+                .clock(clientOptions.clock)
+                .baseUrl(clientOptions.baseUrl)
+                .accessToken(accessToken)
+                .clientId(clientOptions.clientId)
+                .clientSecret(clientOptions.clientSecret)
+                .webhookSecret(clientOptions.webhookSecret)
+                .headers(clientOptions.headers.asMap())
+                .responseValidation(clientOptions.responseValidation)
+                .build()
+        )
+    }
+
+    private data class GetAccessTokenParams(
+        @JsonProperty("client_id") val clientId: String,
+        @JsonProperty("client_secret") val clientSecret: String,
+        @JsonProperty("code") val code: String,
+        @JsonProperty("redirect_uri") val redirectUri: String,
+    )
+
+    private data class GetAccessTokenResponse(
+        @JsonProperty("accessToken") val accessToken: String,
+    )
 }
@@ -2,12 +2,20 @@
 
 package com.tryfinch.api.client
 
+import com.fasterxml.jackson.annotation.JsonProperty
 import com.tryfinch.api.core.ClientOptions
+import com.tryfinch.api.core.http.HttpMethod
+import com.tryfinch.api.core.http.HttpRequest
 import com.tryfinch.api.core.http.HttpResponse.Handler
 import com.tryfinch.api.errors.FinchError
+import com.tryfinch.api.errors.FinchException
 import com.tryfinch.api.models.*
 import com.tryfinch.api.services.blocking.*
 import com.tryfinch.api.services.errorHandler
+import com.tryfinch.api.services.json
+import com.tryfinch.api.services.jsonHandler
+import com.tryfinch.api.services.withErrorHandler
+import java.net.URLEncoder
 
 class FinchClientImpl
 constructor(
@@ -36,6 +44,9 @@ constructor(
 
     private val sandbox: SandboxService by lazy { SandboxServiceImpl(clientOptions) }
 
+    private val getAccessTokenHandler: Handler<GetAccessTokenResponse> =
+        jsonHandler<GetAccessTokenResponse>(clientOptions.jsonMapper).withErrorHandler(errorHandler)
+
     override fun async(): FinchClientAsync = async
 
     override fun accessTokens(): AccessTokenService = accessTokens
@@ -53,4 +64,76 @@ constructor(
     override fun jobs(): JobService = jobs
 
     override fun sandbox(): SandboxService = sandbox
+
+    override fun getAccessToken(
+        clientId: String,
+        clientSecret: String,
+        code: String,
+        redirectUri: String
+    ): String {
+        if (clientOptions.clientId == null) {
+            throw FinchException("clientId must be set in order to call getAccessToken")
+        }
+        if (clientOptions.clientSecret == null) {
+            throw FinchException("clientSecret must be set in order to call getAccessToken")
+        }
+        val request =
+            HttpRequest.builder()
+                .method(HttpMethod.POST)
+                .addPathSegments("auth", "token")
+                .body(
+                    json(
+                        clientOptions.jsonMapper,
+                        GetAccessTokenParams(
+                            clientId,
+                            clientSecret,
+                            code,
+                            redirectUri,
+                        )
+                    )
+                )
+                .build()
+        return clientOptions.httpClient.execute(request).let {
+            getAccessTokenHandler.handle(it).accessToken
+        }
+    }
+
+    override fun getAuthUrl(products: String, redirectUri: String, sandbox: Boolean): String {
+        if (clientOptions.clientId == null) {
+            throw FinchException("Expected the clientId to be set in order to call getAuthUrl")
+        }
+        return "https://connect.tryfinch.com/authorize" +
+            "?client_id=${URLEncoder.encode(clientOptions.clientId, Charsets.UTF_8.name())}" +
+            "&products=${URLEncoder.encode(products, Charsets.UTF_8.name())}" +
+            "&redirect_uri=${URLEncoder.encode(redirectUri, Charsets.UTF_8.name())}" +
+            "&sandbox=${if (sandbox) "true" else "false"}"
+    }
+
+    override fun withAccessToken(accessToken: String): FinchClient {
+        return FinchClientImpl(
+            ClientOptions.builder()
+                .httpClient(clientOptions.httpClient)
+                .jsonMapper(clientOptions.jsonMapper)
+                .clock(clientOptions.clock)
+                .baseUrl(clientOptions.baseUrl)
+                .accessToken(accessToken)
+                .clientId(clientOptions.clientId)
+                .clientSecret(clientOptions.clientSecret)
+                .webhookSecret(clientOptions.webhookSecret)
+                .headers(clientOptions.headers.asMap())
+                .responseValidation(clientOptions.responseValidation)
+                .build()
+        )
+    }
+
+    private data class GetAccessTokenParams(
+        @JsonProperty("client_id") val clientId: String,
+        @JsonProperty("client_secret") val clientSecret: String,
+        @JsonProperty("code") val code: String,
+        @JsonProperty("redirect_uri") val redirectUri: String,
+    )
+
+    private data class GetAccessTokenResponse(
+        @JsonProperty("accessToken") val accessToken: String,
+    )
 }
@@ -8,6 +8,7 @@ import com.tryfinch.api.core.http.HttpMethod
 import com.tryfinch.api.core.http.HttpRequest
 import com.tryfinch.api.core.http.HttpResponse.Handler
 import com.tryfinch.api.errors.FinchError
+import com.tryfinch.api.errors.FinchException
 import com.tryfinch.api.models.AccessTokenCreateParams
 import com.tryfinch.api.models.CreateAccessTokenResponse
 import com.tryfinch.api.services.errorHandler
@@ -32,14 +33,36 @@ constructor(
         params: AccessTokenCreateParams,
         requestOptions: RequestOptions
     ): CompletableFuture<CreateAccessTokenResponse> {
+        val builder = params.toBuilder()
+
+        if (!params.clientSecret().isPresent) {
+            if (clientOptions.clientSecret == null || clientOptions.clientSecret.isEmpty()) {
+                throw FinchException(
+                    "client_secret must be provided as an argument or with the FINCH_CLIENT_SECRET environment variable"
+                )
+            }
+            builder.clientSecret(clientOptions.clientSecret)
+        }
+
+        if (!params.clientId().isPresent) {
+            if (clientOptions.clientId == null || clientOptions.clientId.isEmpty()) {
+                throw FinchException(
+                    "client_id must be provided as an argument or with the FINCH_CLIENT_ID environment variable"
+                )
+            }
+            builder.clientId(clientOptions.clientId)
+        }
+
+        val modifiedParams = builder.build()
+
         val request =
             HttpRequest.builder()
                 .method(HttpMethod.POST)
                 .addPathSegments("auth", "token")
                 .putAllQueryParams(params.getQueryParams())
                 .putAllHeaders(clientOptions.headers)
                 .putAllHeaders(params.getHeaders())
-                .body(json(clientOptions.jsonMapper, params.getBody()))
+                .body(json(clientOptions.jsonMapper, modifiedParams.getBody()))
                 .build()
         return clientOptions.httpClient.executeAsync(request, requestOptions).thenApply { response
             ->
 
@@ -4,4 +4,16 @@
 
 package com.tryfinch.api.services.async
 
-interface WebhookServiceAsync
+import com.google.common.collect.ListMultimap
+import com.tryfinch.api.models.WebhookEvent
+
+interface WebhookServiceAsync {
+
+    fun unwrap(
+        payload: String,
+        headers: ListMultimap<String, String>,
+        secret: String?
+    ): WebhookEvent
+
+    fun verifySignature(payload: String, headers: ListMultimap<String, String>, secret: String?)
+}