Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JCON2024: Java Diary of an Uber Driver

JCON2024: Java Diary of an Uber Driver

The Uber API lets you request Uber products for riders. You can enter your location, where you want to go, and which Uber product you would like to use. You can request a ride with a few simple API endpoints. There's an Uber API sandbox providing development endpoints for testing the functionality of your application without making calls to the production system. Avoiding costs while developing, debugging or testing your apps.
Among other languages, Uber SDK is available for Java and Android. Both synchronous and asynchronous calls can be made with the Uber rides Java SDK.

This session provides an overview of the Uber rides Java SDK, how to use it with Desktop or Cloud/Server apps, as well as on Android, in a synchronous, or asynchronous programming style. Followed by hands-on examples and integration with other Java frameworks like Units of Measurement (JSR 385) since the Uber Java SDK only shows distances in miles, or JavaMoney (JSR 354), offering a more convenient presentation of the ride costs or currency conversion for riders who travel abroad, like tourists.

Avatar for Werner Keil

Werner Keil

May 26, 2024
Tweet

More Decks by Werner Keil

Other Decks in Programming

Transcript

  1. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Agenda 1. Introduction 2. Standards & Specifications 3. Uber Rides SDKs 4. Demos 5. Links & Resources 6. Q&A
  2. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Who am I? Werner Keil • Consultant – Coach • Creative Cosmopolitan • Open Source Evangelist • Software Architect • Author, Speaker • Maintenance Lead – JSR 354, 385 • Jakarta EE Specification Committee Member [www.linkedin.com/in/catmedia]
  3. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Open Source Motivation • Uber has contributed to open source projects from its early days onward • Many foundations of Uber’s technology stack are based on open source projects • Some areas of contribution ̶ Machine Learning / AI ̶ Infrastructure ̶ Visualization
  4. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Open Source Principles • Support vs. Direct • Facilitate vs. Govern • Enable vs. Block • Adapt vs. Enforce • Distributed vs. Centralized
  5. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Open Source Selection of Projects • Apache Hundi • AresDB • AutoDispose • AVS • Base Web • Cadence • Casual ML • Deck.gl, kepler.gl, vis.gl
  6. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Open Source Selection of Projects (2) • Fusion.js • H3 • Horovod • Jaeger Tracing • Kraken • Ludwig • M3 • Makisu
  7. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Open Source Selection of Projects (3) • Marmaray • NullAway • Orbit • Peleton • Petastorm • Pyro • RIBs • Uber Poet
  8. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook OAuth OAuth is a protocol to delegate rights for an application to act on behalf of a user who granted its rights without giving away their login / password Developed by Twitter, Magnolia and Google, it was made standard by IETF in April 2010 under RFC 5849 Version 2.0, simpler to use but often criticized by its too many implementations was standardized in October 2012 under RFC 6749 and 6750. It’s already used by many actors (Social Networks like Facebook, Google, Microsoft as well as most API providers ) History
  9. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook OAuth Overview • An Authorization/Delegation Framework • Standardized by RFC6749 ̶ RFC 6750 using bearer tokens ̶ RFC 6819 Security considerations • On a foundation of Token standards ̶ JSON Object Signing Encryption (JOSE) ̶ JWT (RFC7519), JWS (RFC7515), JWE (RFC7516), JWA (RFC7518), JWK (RFC7517)
  10. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook OAuth Concepts • Actors ̶ Resource Owner ̶ Client ̶ Resource, Resource server ̶ Authorization Server • Authorizations represented as ‘scopes’
  11. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook OAuth Dance Creating an application in the OAuth service Initialization: the right granting phase also called the OAuth Dance. At the end of the dance we obtain an access token (formed by a public and secret part) for the next step Signature: each request is signed with access token and token identifying the OAuth application that was granted the rights OAuth has 3 steps
  12. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook OpenID Connect (OIDC) Overview • Authentication Protocol built on OAuth2 • Session Management – Single Sign on, Out • An additional Token Type – ID Token • UserInfo, Discovery, Client Self-registration Endpoints • Specs : OpenID core, Discovery, Client Registration
  13. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Jakarta Security Creating Secure Applications • Standardize Terminology • API for Authentication mechanism • API for Identity Store • API for Security Context • API for Role/Permission Assignment
  14. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Security – Identity Store Overview • Abstract the Identity Store used by an application • Simple configuration • Support a variety of Identity stores ̶ Lightweight k-v development stores ̶ Traditional stores – LDAP, DB ̶ Cloud-specific stores e.g. Social Logins, 3rd-party Cloud Identity providers
  15. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Security – Identity Store Features • Orderable to support multiple identity stores • Abstraction to support variety of credential types like ̶ Username/Password ̶ OAuth Client ID & Secret or JWT Tokens • Consistent API regardless of container • Enables Application to determine ̶ User’s identity ̶ Identity Provider that was used to establish identity ̶ Which groups or roles the user belongs to
  16. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Security – Context Definition // Security Context public interface SecurityContext{ Principal getCallerPrincipal(); <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType); boolean isCallerInRole(String role); boolean hasAccessToWebResource(String resource, String... methods); AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters); }
  17. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Security – Context Testing for Access // Consider the following Servlet definition @WebServlet("/protectedServlet") @ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) public class ProtectedServlet extends HttpServlet { ... } // And the following call to hasAccessToWebResource() securityContext.hasAccessToWebResource("/protectedServlet", GET) Returns true only if the caller is in role "foo".
  18. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides The Uber Rides API allows you to request Uber products from your own (Enterprise) application. If you know where a user is, where they want to go, and which Uber product they want to use for their journey. The Uber Rides SDKs (for Java, Android, Python or iOS) wrap these API endpoints into a rich domain model. The Uber API sandbox provides development endpoints for testing the functionality of an application without making calls to the production environment. All requests made to the sandbox environment will be volatile and cause no cost. Overview
  19. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides Features • Reserve an upfront fare for a Ride Request • Make a Ride Request • Get a Ride Request Status • Request Details • Get a Map for a Ride Request • Cancel a Ride Request Both synchronous and asynchronous calls work due to the networking stack of the Uber SDK powered by Retrofit 2, offering the same model of threading.
  20. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides SDK Synchronous // Sync Response<UserProfile> response = service.getUserProfile().execute(); if (response.isSuccessful()) { //Success UserProfile profile = response.body(); } else { //Failure ApiError error = ErrorParser.parseError(response); }
  21. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides SDK Asynchronous // Async service.getUserProfile().enqueue(new Callback<UserProfile>() { @Override public void onResponse(Call<UserProfile> call, Response<UserProfile> response) { if (response.isSuccessful()) { //Success UserProfile profile = response.body(); } else { //Api Failure ApiError error = ErrorParser.parseError(response); } } …
  22. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides SDK Asynchronous … @Override public void onFailure(Call<UserProfile> call, Throwable t) { //Network Failure } });
  23. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Uber Rides Unlike many other API providers like Google, Meta, etc. which offer a largely self-service app definition, at least in their “sandbox” environments, Uber does not offer any working scopes for your apps, until a detailed and somewhat lengthy vetting process has finished. It seems, potential API consumers have to undergo background-check much like drivers, where the safety of users justifies those measure, while it stifles the possible adoption of Uber APIs and also goes against its own open source principles, especially “Enable vs. Block”. Word of Caution
  24. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Demo Time @ivar_grimstad @wernerkeil
  25. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Java Enterprise Social Book I wrote a book “Enterprise Social for the Java Platform” (Apress, 2024) link.springer.com/book/10.1007/978-1-4842-9571-7 Examples on GitHub: github.com/Apress/enterprise-social-java-platform Mastodon Account: @[email protected]
  26. © 2023-2024 Werner Keil. All rights reserved. #JCON2024 #EnterpriseSocial #Java

    jvm.social/@enterprisebook Resources • github.com/Apress/enterprise-social-java-platform • https://jakarta.ee/ • Uber Developers • github.com/uber/rides-java-sdk • github.com/uber/rides-android-sdk
  27. Q&A