LoginActivity: Extract preferred_username

This is to show a nice username "username" instead of "long-uuid@server"
in the web form.

Author: guruz

opencloudApp/src/main/java/eu/opencloud/android/presentation/authentication/LoginActivity.kt

@@ -48,6 +48,7 @@ import androidx.core.widget.doAfterTextChanged
 import eu.opencloud.android.BuildConfig
 import eu.opencloud.android.MainApp.Companion.accountType
 import eu.opencloud.android.R
+import eu.opencloud.android.data.authentication.KEY_PREFERRED_USERNAME
 import eu.opencloud.android.data.authentication.KEY_USER_ID
 import eu.opencloud.android.databinding.AccountSetupBinding
 import eu.opencloud.android.domain.authentication.oauth.model.ClientRegistrationInfo
@@ -117,6 +118,7 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
     private lateinit var serverBaseUrl: String
 
     private var oidcSupported = false
+    private var preferredUsername: String? = null
 
     private lateinit var binding: AccountSetupBinding
 
@@ -177,10 +179,12 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         if (loginAction != ACTION_CREATE) {
             binding.accountUsername.isEnabled = false
             binding.accountUsername.isFocusable = false
-            userAccount?.name?.let {
-                username = getUsernameOfAccount(it)
+            userAccount?.let { account ->
+                // Prefer preferred_username from id_token (stored in AccountManager) for login_hint,
+                // fall back to the account name part (which may be a UUID)
+                username = AccountManager.get(this).getUserData(account, KEY_PREFERRED_USERNAME)
+                    ?: getUsernameOfAccount(account.name)
             }
-
         }
 
         if (savedInstanceState == null) {
@@ -555,6 +559,12 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         resultBundle = intent.extras
         setResult(Activity.RESULT_OK, intent)
 
+        // Store preferred_username from id_token for login_hint on re-login
+        preferredUsername?.let { prefUsername ->
+            val account = Account(accountName, contextProvider.getString(R.string.account_type))
+            AccountManager.get(this).setUserData(account, KEY_PREFERRED_USERNAME, prefUsername)
+        }
+
         authenticationViewModel.discoverAccount(accountName = accountName, discoveryNeeded = loginAction == ACTION_CREATE)
         clearAuthState()
     }
@@ -777,6 +787,10 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
                     Timber.d("Tokens received ${uiResult.data}, trying to login, creating account and adding it to account manager")
                     val tokenResponse = uiResult.data ?: return@observe
 
+                    // Extract preferred_username from id_token for login_hint on re-login
+                    preferredUsername = extractPreferredUsernameFromIdToken(tokenResponse.idToken)
+                    Timber.d("Preferred username from id_token: $preferredUsername")
+
                     // When webfinger provides a client_id without dynamic registration,
                     // store it so AccountAuthenticator can use it for token refresh
                     val effectiveClientRegistrationInfo = clientRegistrationInfo
@@ -1071,4 +1085,24 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         val prefs = getSharedPreferences("auth_state", android.content.Context.MODE_PRIVATE)
         prefs.edit().clear().apply()
     }
+
+    /**
+     * Extract preferred_username from an OIDC id_token JWT.
+     * Fallback chain: preferred_username -> email -> sub
+     */
+    private fun extractPreferredUsernameFromIdToken(idToken: String?): String? {
+        if (idToken == null) return null
+        return try {
+            val parts = idToken.split(".")
+            if (parts.size != 3) return null
+            val payload = String(android.util.Base64.decode(parts[1], android.util.Base64.URL_SAFE))
+            val json = org.json.JSONObject(payload)
+            json.optString("preferred_username").ifBlank { null }
+                ?: json.optString("email").ifBlank { null }
+                ?: json.optString("sub").ifBlank { null }
+        } catch (e: Exception) {
+            Timber.e(e, "Failed to extract preferred_username from id_token")
+            null
+        }
+    }
 }

opencloudComLibrary/src/main/java/eu/opencloud/android/lib/resources/oauth/responses/TokenResponse.kt

@@ -40,6 +40,8 @@ data class TokenResponse(
     @Json(name = "user_id")
     val userId: String?,
     val scope: String?,
+    @Json(name = "id_token")
+    val idToken: String? = null,
     @Json(name = "additional_parameters")
     val additionalParameters: Map<String, String>?
 )

opencloudData/src/main/java/eu/opencloud/android/data/authentication/AuthenticationConstants.kt

@@ -47,6 +47,11 @@ const val KEY_FEATURE_SPACES = "KEY_FEATURE_SPACES"
 /**
  * OIDC Client Registration
  */
+/**
+ * Preferred username from OIDC id_token, used for login_hint
+ */
+const val KEY_PREFERRED_USERNAME = "oc_preferred_username"
+
 const val KEY_CLIENT_REGISTRATION_CLIENT_ID = "client_id"
 const val KEY_CLIENT_REGISTRATION_CLIENT_SECRET = "client_secret"
 const val KEY_CLIENT_REGISTRATION_CLIENT_EXPIRATION_DATE = "client_secret_expires_at"

opencloudData/src/main/java/eu/opencloud/android/data/oauth/datasources/implementation/OCRemoteOAuthDataSource.kt

@@ -131,6 +131,7 @@ class OCRemoteOAuthDataSource(
             tokenType = this.tokenType,
             userId = this.userId,
             scope = this.scope,
+            idToken = this.idToken,
             additionalParameters = this.additionalParameters
         )
 

opencloudDomain/src/main/java/eu/opencloud/android/domain/authentication/oauth/model/TokenResponse.kt

@@ -26,5 +26,6 @@ data class TokenResponse(
     val tokenType: String,
     val userId: String?,
     val scope: String?,
+    val idToken: String? = null,
     val additionalParameters: Map<String, String>?
 )