Implement device token and device name update from mobile feature

[VihangaMunasinghe]

Purpose

Add support for editing/updating device properties (device name and device token) from mobile devices. Currently, once a device is registered for push notifications, there is no way to update its name or FCM token from the mobile side.

Related Issue

• API endpoint to renew FCM token in Push Notifications wso2/product-is#26207

Related PRs

• Add endpoint to update push device from mobile wso2/identity-api-user#289
• Add push device update endpoints to allowed endpoints wso2/carbon-identity-framework#8086

Goals

• Allow mobile devices to update their device name and/or device token after registration.
• Validate the edit request using JWT token verification to ensure the request originates from the legitimate device.
• Expose the edit functionality through the DeviceHandlerService interface.

Approach

• Added a new editDeviceMobile(String deviceId, String token) method to DeviceHandlerService interface and its implementation in DeviceHandlerServiceImpl.
• The method retrieves the device by ID, validates the incoming JWT token against the device's stored public key using PushChallengeValidator.getValidatedClaims(), extracts the updated device token and/or device name from the validated claims, and persists the changes.
• Added a new getValidatedClaims() method to PushChallengeValidator that returns JWT claims as a Map<String, Object for easier consumption.
• Added the EDIT_DEVICE SQL query constant and related claim constants (DEVICE_EDIT_REQUEST_DEVICE_TOKEN, DEVICE_EDIT_REQUEST_DEVICE_NAME) to PushDeviceHandlerConstants.
• The device provider is also updated via handleUpdateDeviceForProvider() to keep the push provider (e.g., FCM) in sync.

User stories

As a mobile app user, I want to be able to update my device's push notification token or device name so that push notifications continue to work correctly after token rotation or when I rename my device.

Release note

Added support for editing device name and device token from mobile devices in the push notification device handler. Edit requests are validated using JWT token verification.

Documentation

N/A - This is an internal API change for the push notification component. API documentation should be updated when the consuming REST API layer exposes this functionality.

Training

N/A

Certification

N/A - Internal component change with no direct impact on certification content.

Marketing

N/A

Automation tests

• Unit tests
  • Added 6 new unit tests for PushChallengeValidator.getValidatedClaims() covering valid token, blank token, invalid JWT, expired token, invalid signature, and claim value verification scenarios.
  • Added unit tests for DeviceHandlerServiceImpl.editDeviceMobile() covering successful device update, device not found, token validation failure, missing edit fields, and class cast exception scenarios.
• Integration tests
  N/A

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes
• Ran FindSecurityBugs plugin and verified report? yes
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes

Samples

N/A

Migrations (if applicable)

No migrations required. The EDIT_DEVICE SQL operation uses existing database columns.

Learning

Leveraged the existing PushChallengeValidator JWT validation pattern and extended it to support returning claims as a Map for more flexible claim extraction in the device edit flow.